120
CCNP 3 Guía SWITCH v1.0 Topología.................................................... 2 DTP.......................................................... 3 Creación y Administración de VLANs...........................9 Asignación VLANs TRUNK...................................... 11 Agregar VLANS adicionales al TRUNK..........................16 Suprimir VLANs al TRUNK..................................... 18 Remover todas las VLANs de un enlace TRUNK..................20 VTP I....................................................... 22 Private VLANs único Switch.................................. 24 Private-VLANs pruebas de conectividad.......................28 Private VLANs Multiples Switchs.............................30 Private-VLANs pruebas de conectividad.......................35 Port Protected.............................................. 39 Etherchannel................................................ 42 Load-Shared Etherchannel.................................... 47 Etherchannel L3............................................. 52 VTP II...................................................... 53 STP Comportamiento por defecto..............................57 STP Configuración........................................... 63 STP BPDU Guard.............................................. 71 FLEX Link................................................... 72 STP Multiple Spanning Tree MST 802.1s.......................77 @ NMT 2012 1

Guia Switch

Embed Size (px)

Citation preview

Page 1: Guia Switch

CCNP 3 Guía SWITCH v1.0

Topología...................................................................................................................................2DTP............................................................................................................................................3Creación y Administración de VLANs......................................................................................9Asignación VLANs TRUNK...................................................................................................11Agregar VLANS adicionales al TRUNK................................................................................16Suprimir VLANs al TRUNK...................................................................................................18Remover todas las VLANs de un enlace TRUNK...................................................................20VTP I........................................................................................................................................22Private VLANs único Switch...................................................................................................24Private-VLANs pruebas de conectividad.................................................................................28Private VLANs Multiples Switchs...........................................................................................30Private-VLANs pruebas de conectividad.................................................................................35Port Protected...........................................................................................................................39Etherchannel............................................................................................................................42Load-Shared Etherchannel.......................................................................................................47Etherchannel L3.......................................................................................................................52VTP II......................................................................................................................................53STP Comportamiento por defecto...........................................................................................57STP Configuración...................................................................................................................63STP BPDU Guard....................................................................................................................71FLEX Link...............................................................................................................................72STP Multiple Spanning Tree MST 802.1s...............................................................................77

@ NMT 2012 1

Page 2: Guia Switch

CCNP 3 Guía SWITCH v1.0

Topología

@ NMT 2012 2

Page 3: Guia Switch

CCNP 3 Guía SWITCH v1.0

DTP

Configure ISL trunk entre DLS1 y DLS2 cumpliendo las siguientes políticas: DLS1 FastEthernet0/11 modo trunk: negociación de trunk con puerto Fastethernet0/11 de DLS2 DLS1 FastEthernet0/11 modo dynamic auto: puerto pasivo que negocia siempre que puerto extremo

FastEthernet0/11 de DLS1 sea trunk o dynamic desirable.Bajo este escenario no es necesario configurar la interface f0/11 de DSL2 puesto que por defecto tiene el modo dynamic auto.

DLS1 interface FastEthernet0/11 switchport trunk encapsulation isl switchport mode trunk

DLS1#show interfaces fastEthernet 0/11 switchportName: Fa0/11Switchport: EnabledAdministrative Mode: trunkOperational Mode: trunkAdministrative Trunking Encapsulation: islOperational Trunking Encapsulation: isl

DLS2#show interfaces fastEthernet 0/11 switchportName: Fa0/11Switchport: EnabledAdministrative Mode: dynamic autoOperational Mode: trunkAdministrative Trunking Encapsulation: negotiateOperational Trunking Encapsulation: islDLS1#sh interfaces fastEthernet 0/11 trunkPort Mode Encapsulation Status Native vlanFa0/11 on isl trunking 1Port Vlans allowed on trunkFa0/11 1-4094Port Vlans allowed and active in management domainFa0/11 1Port Vlans in spanning tree forwarding state and not prunedFa0/11 1

DLS2#show interfaces fastEthernet 0/11 trunkPort Mode Encapsulation Status Native vlanFa0/11 auto n-isl trunking 1Port Vlans allowed on trunkFa0/11 1-4094Port Vlans allowed and active in management domainFa0/11 1Port Vlans in spanning tree forwarding state and not prunedFa0/11 1

@ NMT 2012

isl = config. Estatican-isl= negociación

3

Page 4: Guia Switch

CCNP 3 Guía SWITCH v1.0

Configure ISL trunk entre DLS1 y DLS2 cumpliendo las siguientes políticas: DLS1 FastEthernet0/12 modo dynamic desirable: negocia activamente la formación del trunk con

Fastethernet0/12 de DLS2 DLS1 FastEthernet0/11 modo dynamic auto: puerto pasivo que negocia siempre que puerto extremo

FastEthernet0/11 de DLS1 sea trunk o dynamic desirable.

DLS1interface FastEthernet0/12 switchport mode dynamic desirable

DLS1#sh interfaces fastEthernet 0/12 switchportName: Fa0/12Switchport: EnabledAdministrative Mode: dynamic desirableOperational Mode: trunkAdministrative Trunking Encapsulation: negotiateOperational Trunking Encapsulation: isl

DLS1#show interfaces fastEthernet 0/12 trunkPort Mode Encapsulation Status Native vlanFa0/12 desirable n-isl trunking 1Port Vlans allowed on trunkFa0/12 1-4094Port Vlans allowed and active in management domainFa0/12 1Port Vlans in spanning tree forwarding state and not prunedFa0/12 none

DLS2#show interfaces fastEthernet 0/12 switchportName: Fa0/12Switchport: EnabledAdministrative Mode: dynamic autoOperational Mode: trunkAdministrative Trunking Encapsulation: negotiateOperational Trunking Encapsulation: islNegotiation of Trunking: On

DLS2#show interfaces fastEthernet 0/12 trunkPort Mode Encapsulation Status Native vlanFa0/12 auto n-isl trunking 1Port Vlans allowed on trunkFa0/12 1-4094Port Vlans allowed and active in management domainFa0/12 1Port Vlans in spanning tree forwarding state and not prunedFa0/12 1

@ NMT 2012 4

Page 5: Guia Switch

CCNP 3 Guía SWITCH v1.0

DLS2#show interfaces fastEthernet 0/12 switchportName: Fa0/12Switchport: EnabledAdministrative Mode: dynamic autoOperational Mode: trunkAdministrative Trunking Encapsulation: negotiateOperational Trunking Encapsulation: islNegotiation of Trunking: On

Configurar DLS1 y DLS2 en los distintos modos DTP de acuerdo a la siguiente tabla. Y comprobar resultados.

Modos DTP

Deshabilite DTP entre DLS1 y DLS2

Nota Con el comando switchport nonegotiate se logra este comportamiento.

DLS2default interface range fastEthernet 0/11-12

interface FastEthernet0/11 switchport trunk encapsulation isl switchport mode trunk switchport nonegotiate

interface FastEthernet0/12 switchport trunk encapsulation isl switchport mode trunk switchport nonegotiate

DLS2#show interfaces trunkPort Mode Encapsulation Status Native vlanFa0/11 on isl trunking 1Fa0/12 on isl trunking 1Port Vlans allowed on trunkFa0/11 1-4094Fa0/12 1-4094Port Vlans allowed and active in management domainFa0/11 1Fa0/12 1Port Vlans in spanning tree forwarding state and not prunedFa0/11 1Fa0/12 1

DLS1

@ NMT 2012 5

Page 6: Guia Switch

CCNP 3 Guía SWITCH v1.0

default interface range fastEthernet 0/11-12

interface FastEthernet0/11 switchport trunk encapsulation isl switchport mode trunk switchport nonegotiate

interface FastEthernet0/12 switchport trunk encapsulation isl switchport mode trunk switchport nonegotiate

DLS1#sh interfaces fastEthernet 0/11 switchportName: Fa0/11Switchport: EnabledAdministrative Mode: trunkOperational Mode: trunkAdministrative Trunking Encapsulation: islOperational Trunking Encapsulation: islNegotiation of Trunking: Off

DLS1#show interfaces trunkPort Mode Encapsulation Status Native vlanFa0/11 on isl trunking 1Fa0/12 on isl trunking 1Port Vlans allowed on trunkFa0/11 1-4094Fa0/12 1-4094Port Vlans allowed and active in management domainFa0/11 1Fa0/12 1Port Vlans in spanning tree forwarding state and not prunedFa0/11 1Fa0/12 none

Configurar 802.1q entre los enlaces DLS1-ALS1, DLS1-ALS2, DLS2-ALS1, y DLS2-ALS2. Los switchs de acceso deben aprender dinámicamente el trunk.

DLS1default interface range fastEthernet 0/7-10

interface FastEthernet0/7 switchport trunk encapsulation dot1q switchport mode trunk

@ NMT 2012 6

Page 7: Guia Switch

CCNP 3 Guía SWITCH v1.0

interface FastEthernet0/8 switchport trunk encapsulation dot1q switchport mode trunk

interface FastEthernet0/9 switchport trunk encapsulation dot1q switchport mode trunk

interface FastEthernet0/10 switchport trunk encapsulation dot1q switchport mode trunk

DLS1#sh interfaces fastEthernet 0/7 trunkPort Mode Encapsulation Status Native vlanFa0/7 on 802.1q trunking 1Port Vlans allowed on trunkFa0/7 1-4094Port Vlans allowed and active in management domainFa0/7 1Port Vlans in spanning tree forwarding state and not prunedFa0/7 1

DLS2default interface range fastEthernet 0/7-10

interface range fastEthernet 0/7-10switchport trunk encapsulation dot1q switchport mode trunkdefault interface range fastEthernet 0/11-12

DLS2#show interfaces fastEthernet 0/10 trunkPort Mode Encapsulation Status Native vlanFa0/10 on 802.1q trunking 1Port Vlans allowed on trunkFa0/10 1-4094Port Vlans allowed and active in management domainFa0/10 1Port Vlans in spanning tree forwarding state and not prunedFa0/10 none

ALS1 y ALS2 deben formar trunk utilizando 802.1q. No se permite DTP entre estos Switches.

Nota: Los 2960 no permiten trunk ISL, únicamente dot1.q

ALS1default interface range fastEthernet 0/11-12

interface FastEthernet0/11 switchport mode trunk switchport nonegotiate

interface FastEthernet0/12 switchport mode trunk

@ NMT 2012 7

Page 8: Guia Switch

CCNP 3 Guía SWITCH v1.0

switchport nonegotiate

ALS1#show interfaces trunkPort Mode Encapsulation Status Native vlanFa0/7 auto 802.1q trunking 1Fa0/8 auto 802.1q trunking 1Fa0/9 auto 802.1q trunking 1Fa0/10 auto 802.1q trunking 1Fa0/11 on 802.1q trunking 1Fa0/12 on 802.1q trunking 1Port Vlans allowed on trunkFa0/7 1-4094Fa0/8 1-4094Fa0/9 1-4094Fa0/10 1-4094Fa0/11 1-4094Fa0/12 1-4094Port Vlans allowed and active in management domainFa0/7 1Fa0/8 1Fa0/9 1Fa0/10 1Fa0/11 1Port Vlans allowed and active in management domainFa0/12 1Port Vlans in spanning tree forwarding state and not prunedFa0/7 1Fa0/8 1Fa0/9 1Fa0/10 1Fa0/11 1Fa0/12 none

ALS1#show interfaces fastEthernet 0/11 switchportName: Fa0/11Switchport: EnabledAdministrative Mode: trunkOperational Mode: trunkAdministrative Trunking Encapsulation: dot1qOperational Trunking Encapsulation: dot1qNegotiation of Trunking: Off

ALS2interface FastEthernet0/11 switchport mode trunk switchport nonegotiate

interface FastEthernet0/12 switchport mode trunk switchport nonegotiate

@ NMT 2012 8

Page 9: Guia Switch

CCNP 3 Guía SWITCH v1.0

ALS2#show interfaces fastEthernet 0/11 trunkPort Mode Encapsulation Status Native vlanFa0/11 on 802.1q trunking 1Port Vlans allowed on trunkFa0/11 1-4094Port Vlans allowed and active in management domainFa0/11 1Port Vlans in spanning tree forwarding state and not prunedFa0/11 1

ALS2#show interfaces fastEthernet 0/11 switchportName: Fa0/11Switchport: EnabledAdministrative Mode: trunkOperational Mode: trunkAdministrative Trunking Encapsulation: dot1qOperational Trunking Encapsulation: dot1qNegotiation of Trunking: Off

Creación y Administración de VLANs Cree las siguientes vlans en DLS1 y verifique que se propagan en todo el dominio.

2, 3, 4, 5, 6, 7, 8, 9, 10, 100, 120, 130, 140, 200, 230, 240, 340 y400Nota, no debe existir espacio entre las comas y los números.

DLS1vlan 2-10,100,12,100,120,130,140,200,230,240,340,400

DLS1#sh vlan brief | exclude unsupVLAN Name Status Ports---- -------------------------------- --------- -------------------------------1 default active Fa0/1, Fa0/2, Fa0/3, Fa0/4 Fa0/5, Fa0/6, Fa0/13, Fa0/14 Fa0/15, Fa0/16, Fa0/17, Fa0/18 Fa0/19, Fa0/20, Fa0/21, Fa0/22 Fa0/23, Fa0/24, Gi0/1, Gi0/22 VLAN0002 active3 VLAN0003 active4 VLAN0004 active5 VLAN0005 active6 VLAN0006 active7 VLAN0007 active8 VLAN0008 active9 VLAN0009 active10 VLAN0010 active12 VLAN0012 active100 VLAN0100 active120 VLAN0120 active130 VLAN0130 active140 VLAN0140 active200 VLAN0200 active

@ NMT 2012 9

Page 10: Guia Switch

CCNP 3 Guía SWITCH v1.0

VLAN Name Status Ports---- -------------------------------- --------- -------------------------------230 VLAN0230 active240 VLAN0240 active340 VLAN0340 active400 VLAN0400 active

DLS2#show vlan brief | exclude unsupVLAN Name Status Ports---- -------------------------------- --------- -------------------------------1 default active Fa0/1, Fa0/2, Fa0/3, Fa0/4 Fa0/5, Fa0/6, Fa0/13, Fa0/14 Fa0/15, Fa0/16, Fa0/17, Fa0/18 Fa0/19, Fa0/20, Fa0/21, Fa0/22 Fa0/23, Fa0/24, Gi0/1, Gi0/22 VLAN0002 active3 VLAN0003 active4 VLAN0004 active5 VLAN0005 active6 VLAN0006 active7 VLAN0007 active8 VLAN0008 active9 VLAN0009 active10 VLAN0010 active12 VLAN0012 active100 VLAN0100 active120 VLAN0120 active130 VLAN0130 active140 VLAN0140 active200 VLAN0200 active

VLAN Name Status Ports---- -------------------------------- --------- -------------------------------230 VLAN0230 active240 VLAN0240 active340 VLAN0340 active400 VLAN0400 active

DLS2#show vlan summaryNumber of existing VLANs : 24 Number of existing VTP VLANs : 24 Number of existing extended VLANs : 0

DLS1#sh vlan summaryNumber of existing VLANs : 24 Number of existing VTP VLANs : 24 Number of existing extended VLANs : 0

ALS1#show vlan summaryNumber of existing VLANs : 5 Number of existing VTP VLANs : 5 Number of existing extended VLANs : 0

@ NMT 2012 10

Page 11: Guia Switch

CCNP 3 Guía SWITCH v1.0

ALS1#show vtp statusVTP Version : 2Configuration Revision : 0Maximum VLANs supported locally : 255Number of existing VLANs : 5VTP Operating Mode : TransparentVTP Domain Name :VTP Pruning Mode : DisabledVTP V2 Mode : DisabledVTP Traps Generation : DisabledMD5 digest : 0x57 0xCD 0x40 0x65 0x63 0x59 0x47 0xBDConfiguration last modified by 0.0.0.0 at 0-0-00 00:00:00

Si nos fijamos en la salida anterior notaremos que hay un problema ya que el modo de operar de ALS1 es transparent por tanto no es capaz de instalar las vlan (solo existen vlans locales y no las las 24 vlans) que publica DLS1. Para evitar este problema cambiamos el VTP Operating Mode a Server.

ALS1(config)#vtp mode serverSetting device to VTP SERVER mode

ALS1#show vlan summaryNumber of existing VLANs : 24 Number of existing VTP VLANs : 24 Number of existing extended VLANs : 0

ALS2#show vlan summaryNumber of existing VLANs : 24 Number of existing VTP VLANs : 24 Number of existing extended VLANs : 0

Asignación VLANs TRUNK En el trunk asigne (permita) VLANs según la siguiente tabla:

Antes de comenzar con el laboratorio es importante conocer que VLANs está asociadas a los trunks utilizando el comando show interface trunk.

@ NMT 2012 11

Page 12: Guia Switch

CCNP 3 Guía SWITCH v1.0

DLS1#sh interfaces fastEthernet 0/7 trunkPort Mode Encapsulation Status Native vlanFa0/7 on 802.1q trunking 1Port Vlans allowed on trunkFa0/7 1-4094Port Vlans allowed and active in management domainFa0/7 1-10,12,100,120,130,140,200,230,240,340,400Port Vlans in spanning tree forwarding state and not prunedFa0/7 1-10,12,100,120,130,140,200,230,240,340,400

La primera tarea consiste en permitir únicamente la VLAN 120 en la interfaces FastEthernet 0/11 de DLS1 y DLS2.Utilizando el comando switchport trunk allowed vlan 120 solo permitiremos la vla 120, incluso dejamos fuera la VLAN 1. Notemos que la interface FastEthernet 0/12 permite aun todo el rango de VLANs.

DLS1interface FastEthernet0/11 switchport trunk allowed vlan 120

DLS1#sh interfaces fastEthernet 0/11 trunkPort Mode Encapsulation Status Native vlanFa0/11 on isl trunking 1Port Vlans allowed on trunkFa0/11 120Port Vlans allowed and active in management domainFa0/11 120Port Vlans in spanning tree forwarding state and not prunedFa0/11 none

DLS1#sh interfaces fastEthernet 0/12 trunkPort Mode Encapsulation Status Native vlanFa0/12 on isl trunking 1Port Vlans allowed on trunkFa0/12 1-4094Port Vlans allowed and active in management domainFa0/12 1-10,12,100,120,130,140,200,230,240,340,400Port Vlans in spanning tree forwarding state and not prunedFa0/12 none

DLS1interface FastEthernet0/11 switchport trunk allowed vlan 120

DLS2#show interfaces fastEthernet 0/11 trunkPort Mode Encapsulation Status Native vlanFa0/11 on isl trunking 1Port Vlans allowed on trunkFa0/11 120Port Vlans allowed and active in management domainFa0/11 120Port Vlans in spanning tree forwarding state and not prunedFa0/11 120

@ NMT 2012 12

Page 13: Guia Switch

CCNP 3 Guía SWITCH v1.0

DLS2 y ALS2 (FatEthernet 0/7) deben permitir únicamente la VLAN 240

DLS2interface FastEthernet0/7 switchport trunk allowed vlan 240

ALS2interface FastEthernet0/7 switchport trunk allowed vlan 240

DLS2#show interfaces fastEthernet 0/7 trunkPort Mode Encapsulation Status Native vlanFa0/7 on 802.1q trunking 1Port Vlans allowed on trunkFa0/7 240Port Vlans allowed and active in management domainFa0/7 240Port Vlans in spanning tree forwarding state and not prunedFa0/7 none

ALS2#show interfaces fastEthernet 0/7 trunkPort Mode Encapsulation Status Native vlanFa0/7 auto 802.1q trunking 1Port Vlans allowed on trunkFa0/7 240Port Vlans allowed and active in management domainFa0/7 240Port Vlans in spanning tree forwarding state and not prunedFa0/7 240

La tercera tarea consiste en permitir la VLAN 340 entre ALS1 y ALS2 FastEthernet0/7

ALS1interface FastEthernet0/11 switchport trunk allowed vlan 340

ALS2interface FastEthernet0/11 switchport trunk allowed vlan 340

ALS2#show interfaces fastEthernet 0/11 trunkPort Mode Encapsulation Status Native vlanFa0/11 on 802.1q trunking 1Port Vlans allowed on trunkFa0/11 340Port Vlans allowed and active in management domainFa0/11 340Port Vlans in spanning tree forwarding state and not prunedFa0/11 340

@ NMT 2012 13

Page 14: Guia Switch

CCNP 3 Guía SWITCH v1.0

ALS1#show interfaces fastEthernet 0/11 trunkPort Mode Encapsulation Status Native vlanFa0/11 on 802.1q trunking 1Port Vlans allowed on trunkFa0/11 340Port Vlans allowed and active in management domainFa0/11 340Port Vlans in spanning tree forwarding state and not prunedFa0/11 340

La cuarta tarea consiste en permitir la VLAN 130 entre DLS1 y ALS1 FastEthernet0/7

ALS1interface FastEthernet0/7 switchport trunk allowed vlan 130

DLS1interface FastEthernet0/7 switchport trunk allowed vlan 130

DLS1#sh interfaces fastEthernet 0/7 trunkPort Mode Encapsulation Status Native vlanFa0/7 on 802.1q trunking 1Port Vlans allowed on trunkFa0/7 130Port Vlans allowed and active in management domainFa0/7 130Port Vlans in spanning tree forwarding state and not prunedFa0/7 130

ALS1#sh interfaces fastEthernet 0/7 trunkPort Mode Encapsulation Status Native vlanFa0/7 auto 802.1q trunking 1Port Vlans allowed on trunkFa0/7 130Port Vlans allowed and active in management domainFa0/7 130Port Vlans in spanning tree forwarding state and not prunedFa0/7 130ALS1#

Finalmente configuramos tareas 4 y 5.

DLS1interface FastEthernet0/9 switchport trunk allowed vlan 140

ALS2interface FastEthernet0/9 switchport trunk allowed vlan 140

@ NMT 2012 14

Page 15: Guia Switch

CCNP 3 Guía SWITCH v1.0

DLS1#sh interfaces fastEthernet 0/9 trunkPort Mode Encapsulation Status Native vlanFa0/9 on 802.1q trunking 1Port Vlans allowed on trunkFa0/9 140Port Vlans allowed and active in management domainFa0/9 140Port Vlans in spanning tree forwarding state and not prunedFa0/9 none

ALS2#show interfaces fastEthernet 0/9 trunkPort Mode Encapsulation Status Native vlanFa0/9 auto 802.1q trunking 1Port Vlans allowed on trunkFa0/9 140Port Vlans allowed and active in management domainFa0/9 140Port Vlans in spanning tree forwarding state and not prunedFa0/9 140

DLS2interface FastEthernet0/9 switchport trunk allowed vlan 230

ALS1interface FastEthernet0/9 switchport trunk allowed vlan 230

DLS2#show interfaces fastEthernet 0/9 trunkPort Mode Encapsulation Status Native vlanFa0/9 on 802.1q trunking 1Port Vlans allowed on trunkFa0/9 230Port Vlans allowed and active in management domainFa0/9 230Port Vlans in spanning tree forwarding state and not prunedFa0/9 230

ALS1#show interfaces fastEthernet 0/9 trunkPort Mode Encapsulation Status Native vlanFa0/9 auto 802.1q trunking 1Port Vlans allowed on trunkFa0/9 230Port Vlans allowed and active in management domainFa0/9 230Port Vlans in spanning tree forwarding state and not prunedFa0/9 230

@ NMT 2012 15

Page 16: Guia Switch

CCNP 3 Guía SWITCH v1.0

Agregar VLANS adicionales al TRUNKAgregue VLANs con la disposición que muestra la siguiente tabla:

DLS1interface FastEthernet0/11switchport trunk allowed vlan add 100

DLS1#show running-config interface fastEthernet 0/11Building configuration...

interface FastEthernet0/11 switchport trunk encapsulation isl switchport trunk allowed vlan 100,120 switchport mode trunk switchport nonegotiate

DLS2interface FastEthernet0/11switchport trunk allowed vlan add 100

DLS2#show running-config interface fastEthernet 0/11Building configuration...

interface FastEthernet0/11 switchport trunk encapsulation isl switchport trunk allowed vlan 100,120 switchport mode trunk switchport nonegotiate

DLS2#show interfaces fastEthernet 0/11 trunkPort Mode Encapsulation Status Native vlanFa0/11 on isl trunking 1Port Vlans allowed on trunkFa0/11 100,120Port Vlans allowed and active in management domainFa0/11 100,120Port Vlans in spanning tree forwarding state and not prunedFa0/11 100,120

DLS2interface FastEthernet0/7switchport trunk allowed vlan add 200

@ NMT 2012 16

Page 17: Guia Switch

CCNP 3 Guía SWITCH v1.0

@ NMT 2012 17

Page 18: Guia Switch

CCNP 3 Guía SWITCH v1.0

ALS2interface FastEthernet0/7switchport trunk allowed vlan add 200

DLS2#show interfaces fastEthernet 0/7 trunkPort Mode Encapsulation Status Native vlanFa0/7 on 802.1q trunking 1Port Vlans allowed on trunkFa0/7 200,240Port Vlans allowed and active in management domainFa0/7 200,240Port Vlans in spanning tree forwarding state and not prunedFa0/7 200,240

ALS1interface fastEthernet 0/11switchport trunk allowed vlan add 300

ALS2interface fastEthernet 0/11switchport trunk allowed vlan add 300

ALS1#show interfaces fastEthernet 0/11 trunkPort Mode Encapsulation Status Native vlanFa0/11 on 802.1q trunking 1Port Vlans allowed on trunkFa0/11 300,340Port Vlans allowed and active in management domainFa0/11 340Port Vlans in spanning tree forwarding state and not prunedFa0/11 340

DLS1interface fastEthernet 0/9 switchport trunk allowed vlan 400

ALS2interface fastEthernet 0/9 switchport trunk allowed vlan 400

DLS1#sh interfaces fastEthernet 0/9 trunkPort Mode Encapsulation Status Native vlanFa0/9 on 802.1q trunking 1Port Vlans allowed on trunkFa0/9 400Port Vlans allowed and active in management domainFa0/9 400Port Vlans in spanning tree forwarding state and not prunedFa0/9 400ALS2#sh interfaces fastEthernet 0/9 trunkPort Mode Encapsulation Status Native vlanFa0/9 auto 802.1q trunking 1Port Vlans allowed on trunk

@ NMT 2012 18

Page 19: Guia Switch

CCNP 3 Guía SWITCH v1.0

Fa0/9 140,400Port Vlans allowed and active in management domainFa0/9 140,400Port Vlans in spanning tree forwarding state and not prunedFa0/9 140,400

Suprimir VLANs al TRUNK Suprimir VLANs de acuerdo a la siguiente tabla:

Antes de configurar los puertos debemos verificar que VLANs está transportando en el trunk.

DLS1#sh interfaces fastEthernet 0/8 trunkPort Mode Encapsulation Status Native vlanFa0/8 on 802.1q trunking 1Port Vlans allowed on trunkFa0/8 1-4094Port Vlans allowed and active in management domainFa0/8 1-10,12,100,120,130,140,200,230,240,340,400Port Vlans in spanning tree forwarding state and not prunedFa0/8 1-10,12,100,120,130,140,200,230,240,340,400

DLS1interface fastEthernet 0/8 switchport trunk allowed vlan remove 1,4-10

DLS1#sh interfaces fastEthernet 0/8 trunkPort Mode Encapsulation Status Native vlanFa0/8 on 802.1q trunking 1Port Vlans allowed on trunkFa0/8 2-3,11-4094Port Vlans allowed and active in management domainFa0/8 2-3,12,100,120,130,140,200,230,240,340,400Port Vlans in spanning tree forwarding state and not prunedFa0/8 2-3,12,100,120,130,140,200,230,240,340,400

ALS1#show interfaces fastEthernet 0/8 trunkPort Mode Encapsulation Status Native vlanFa0/8 auto 802.1q trunking 1Port Vlans allowed on trunkFa0/8 1-4094Port Vlans allowed and active in management domainFa0/8 1-10,12,100,120,130,140,200,230,240,340,400Port Vlans in spanning tree forwarding state and not prunedFa0/8 1-10,12,100,120,130,140,200,230,240,340,400

@ NMT 2012 19

Page 20: Guia Switch

CCNP 3 Guía SWITCH v1.0

ALS1interface fastEthernet 0/8 switchport trunk allowed vlan remove 1,4-10

ALS1#show interfaces fastEthernet 0/8 trunkPort Mode Encapsulation Status Native vlanFa0/8 auto 802.1q trunking 1Port Vlans allowed on trunkFa0/8 2-3,11-4094Port Vlans allowed and active in management domainFa0/8 2-3,12,100,120,130,140,200,230,240,340,400Port Vlans in spanning tree forwarding state and not prunedFa0/8 2-3,12,100,120,130,140,200,230,240,340,400

DLS2interface fastEthernet 0/8switchport trunk allowed vlan remove 2,4-10

DLS2#show interfaces fastEthernet 0/8 trunkPort Mode Encapsulation Status Native vlanFa0/8 on 802.1q trunking 1Port Vlans allowed on trunkFa0/8 1,3,11-4094Port Vlans allowed and active in management domainFa0/8 1,3,12,100,120,130,140,200,230,240,340,400Port Vlans in spanning tree forwarding state and not prunedFa0/8 1

ALS2interface fastEthernet 0/8switchport trunk allowed vlan remove 2,4-10

ALS2#show running-config interface fastEthernet 0/8Building configuration...

interface FastEthernet0/8 switchport trunk allowed vlan 1,3,11-4094

ALS2#show interfaces fastEthernet 0/8 trunkPort Mode Encapsulation Status Native vlanFa0/8 auto 802.1q trunking 1Port Vlans allowed on trunkFa0/8 1,3,11-4094Port Vlans allowed and active in management domainFa0/8 1,3,12,100,120,130,140,200,230,240,340,400Port Vlans in spanning tree forwarding state and not prunedFa0/8 1,3,12,100,120,130,140,200,230,240,340,400

@ NMT 2012 20

Page 21: Guia Switch

CCNP 3 Guía SWITCH v1.0

Remover todas las VLANs de un enlace TRUNK

DLS1interface FastEthernet0/12 switchport trunk allowed vlan none

DLS2interface FastEthernet0/12 switchport trunk allowed vlan none

DLS2#show interfaces fastEthernet 0/12 trunkPort Mode Encapsulation Status Native vlanFa0/12 on isl trunking 1Port Vlans allowed on trunkFa0/12 nonePort Vlans allowed and active in management domainFa0/12 nonePrt Vlans in spanning tree forwarding state and not prunedFa0/12 none

DLS1#sh interfaces fastEthernet 0/10 trunkPort Mode Encapsulation Status Native vlanFa0/10 on 802.1q trunking 1Port Vlans allowed on trunkFa0/10 1-4094Port Vlans allowed and active in management domainFa0/10 1-10,12,100,120,130,140,200,230,240,340,400Port Vlans in spanning tree forwarding state and not prunedFa0/10 1-2,4-10

DLS1interface FastEthernet0/10 switchport trunk allowed vlan none

ALS2interface FastEthernet0/10 switchport trunk allowed vlan none

DLS1#sh interfaces fastEthernet 0/10 trunkPort Mode Encapsulation Status Native vlanFa0/10 on 802.1q trunking 1Port Vlans allowed on trunkFa0/10 nonePort Vlans allowed and active in management domainFa0/10 nonePort Vlans in spanning tree forwarding state and not prunedFa0/10 none

@ NMT 2012 21

Page 22: Guia Switch

CCNP 3 Guía SWITCH v1.0

ALS2#show interfaces trunkPort Mode Encapsulation Status Native vlanFa0/7 auto 802.1q trunking 1Fa0/8 auto 802.1q trunking 1Fa0/9 auto 802.1q trunking 1Fa0/10 auto 802.1q trunking 1Fa0/11 on 802.1q trunking 1Fa0/12 on 802.1q trunking 1Port Vlans allowed on trunkFa0/7 1,200,240Fa0/8 1,3,11-4094Fa0/9 1,140,400Fa0/10 noneFa0/11 1,300,340Fa0/12 1-4094Port Vlans allowed and active in management domainFa0/7 1,200,240Fa0/8 1,3,12,100,120,130,140,200,230,240,340,400Fa0/9 1,140,400Fa0/10 noneFa0/11 1,340Port Vlans allowed and active in management domainFa0/12 1-10,12,100,120,130,140,200,230,240,340,400Port Vlans in spanning tree forwarding state and not prunedFa0/7 1,200,240Fa0/8 1,3,12,100,120,130,140,200,230,240,340,400Fa0/9 1,140,400Fa0/10 noneFa0/11 1,340Fa0/12 1-10,12,100,120,130,140,200,230,240,340,400

@ NMT 2012 22

Page 23: Guia Switch

CCNP 3 Guía SWITCH v1.0

VTP I

Este laboratorio requiere que se borre toda la información de configuración (vlan.dat y configuración) Configurar trunk 802.1q entre DLS1 y DLS2 a través de la interface fastethernet 0/11. Configure VTP usando dominio DUOC entre DLS1 y DLS2, versión 2, modo server, password duoc

DLS1interface FastEthernet0/11 switchport trunk encapsulation dot1q switchport mode trunk

DLS2interface FastEthernet0/11 switchport trunk encapsulation dot1q switchport mode trunk

DLS2#show interfaces fastEthernet 0/11 trunkPort Mode Encapsulation Status Native vlanFa0/11 on 802.1q trunking 1Port Vlans allowed on trunkFa0/11 1-4094Port Vlans allowed and active in management domainFa0/11 1Port Vlans in spanning tree forwarding state and not prunedFa0/11 1

DLS1vtp domain DUOCvtp version 2vtp mode servervtp password duoc

DLS2vtp domain DUOCvtp version 2vtp mode servervtp password duoc

@ NMT 2012 23

Page 24: Guia Switch

CCNP 3 Guía SWITCH v1.0

@ NMT 2012 24

Page 25: Guia Switch

CCNP 3 Guía SWITCH v1.0

DLS1#sh vtp statusVTP Version : running VTP2Configuration Revision : 0Maximum VLANs supported locally : 1005Number of existing VLANs : 5VTP Operating Mode : ServerVTP Domain Name : DUOCVTP Pruning Mode : DisabledVTP V2 Mode : EnabledVTP Traps Generation : DisabledMD5 digest : 0x80 0x23 0xA4 0xBF 0x1F 0x8F 0x18 0xA3Configuration last modified by 10.1.1.1 at 0-0-00 00:00:00Local updater ID is 10.1.1.1 on interface Vl1 (lowest numbered VLAN interface found)

DLS2#show vtp statusVTP Version : 2Configuration Revision : 0Maximum VLANs supported locally : 1005Number of existing VLANs : 5VTP Operating Mode : ServerVTP Domain Name : DUOCVTP Pruning Mode : DisabledVTP V2 Mode : EnabledVTP Traps Generation : DisabledMD5 digest : 0xBA 0xF2 0xCD 0xF0 0xD5 0x54 0x67 0xC9Configuration last modified by 10.1.1.2 at 0-0-00 00:00:00Local updater ID is 10.1.1.2 on interface Vl1 (lowest numbered VLAN interface found)

Crear la VLAN 10 y asígnela a la interface fastethernet 0/1 del DLS2. Asignarle el nombre ADMIN.

DLS2#show vlan brief | exclude unsupVLAN Name Status Ports---- -------------------------------- --------- -------------------------------1 default active Fa0/1, Fa0/2, Fa0/3, Fa0/4 Fa0/5, Fa0/6, Fa0/7, Fa0/8 Fa0/9, Fa0/10, Fa0/12, Fa0/13 Fa0/14, Fa0/15, Fa0/16, Fa0/17 Fa0/18, Fa0/19, Fa0/20, Fa0/21 Fa0/22, Fa0/23, Fa0/24, Gi0/1 Gi0/2

DLS2vlan 10 name ADMIN

interface FastEthernet0/1 switchport access vlan 10 switchport mode access spanning-tree portfast

@ NMT 2012 25

Page 26: Guia Switch

CCNP 3 Guía SWITCH v1.0

DLS2#show vlan brief | exclude unsupVLAN Name Status Ports---- -------------------------------- --------- -------------------------------1 default active Fa0/2, Fa0/3, Fa0/4, Fa0/5 Fa0/6, Fa0/7, Fa0/8, Fa0/9 Fa0/10, Fa0/12, Fa0/13, Fa0/14 Fa0/15, Fa0/16, Fa0/17, Fa0/18 Fa0/19, Fa0/20, Fa0/21, Fa0/22 Fa0/23, Fa0/24, Gi0/1, Gi0/210 ADMIN active Fa0/1

Private VLANs único Switch

Arme la siguiente topología:

Asígneles el siguiente direccionamiento:PC IP

PC1 10.1.1.1/24PC2 10.1.1.2/24PC3 10.1.1.3/24

Comprueba que exista comunicación entre todos los PCs. Nota: puesto que los switches se encuentran si configuración anterior utilizarán la VLAN 1 como dominio de broadcast. Desactivar el FW en los PCs.

PC3C:\>ping 10.1.1.1Haciendo ping a 10.1.1.1 con 32 bytes de datos:Respuesta desde 10.1.1.1: bytes=32 tiempo<1m TTL=255Respuesta desde 10.1.1.1: bytes=32 tiempo=2ms TTL=255Respuesta desde 10.1.1.1: bytes=32 tiempo=1ms TTL=255Respuesta desde 10.1.1.1: bytes=32 tiempo=1ms TTL=255

@ NMT 2012 26

Page 27: Guia Switch

CCNP 3 Guía SWITCH v1.0

Estadísticas de ping para 10.1.1.1: Paquetes: enviados = 4, recibidos = 4, perdidos = 0 (0% perdidos),Tiempos aproximados de ida y vuelta en milisegundos: Mínimo = 0ms, Máximo = 2ms, Media = 1ms

C:\>ping 10.1.1.2Haciendo ping a 10.1.1.2 con 32 bytes de datos:Respuesta desde 10.1.1.2: bytes=32 tiempo<1m TTL=128Respuesta desde 10.1.1.2: bytes=32 tiempo<1m TTL=128Respuesta desde 10.1.1.2: bytes=32 tiempo<1m TTL=128Respuesta desde 10.1.1.2: bytes=32 tiempo<1m TTL=128Estadísticas de ping para 10.1.1.2: Paquetes: enviados = 4, recibidos = 4, perdidos = 0 (0% perdidos),Tiempos aproximados de ida y vuelta en milisegundos: Mínimo = 0ms, Máximo = 0ms, Media = 0ms

DLS1#ping 10.1.1.2Type escape sequence to abort.Sending 5, 100-byte ICMP Echos to 10.1.1.2, timeout is 2 seconds:!!!!!Success rate is 100 percent (5/5), round-trip min/avg/max = 1/2/9 ms

DLS1#ping 10.1.1.1Type escape sequence to abort.Sending 5, 100-byte ICMP Echos to 10.1.1.1, timeout is 2 seconds:!!!!!Success rate is 100 percent (5/5), round-trip min/avg/max = 1/1/1 ms

DLS1#ping 10.1.1.3Type escape sequence to abort.Sending 5, 100-byte ICMP Echos to 10.1.1.2, timeout is 2 seconds:!!!!!Success rate is 100 percent (5/5), round-trip min/avg/max = 1/2/9 ms

Configure Private VLANs basándose en la siguiente tabla:Dispositivo VLAN-Type VLAN-IDRouter Primary 100PC1 Community 200PC2 Community 200PC3 Isolated 300

Private VLANs requieren una serie de pasos. Configure el switch en modo vtp transparent Cree la Primary VLAN Defina las Secondary VLANs Asocie la Secondary VLANs la Primary VLAN.

DLS1

@ NMT 2012 27

Page 28: Guia Switch

CCNP 3 Guía SWITCH v1.0

vtp mode transparent

DLS1#sh vtp statusVTP Version : running VTP1 (VTP2 capable)Configuration Revision : 0Maximum VLANs supported locally : 1005Number of existing VLANs : 5VTP Operating Mode : TransparentVTP Domain Name :VTP Pruning Mode : DisabledVTP V2 Mode : DisabledVTP Traps Generation : DisabledMD5 digest : 0x57 0xCD 0x40 0x65 0x63 0x59 0x47 0xBDConfiguration last modified by 0.0.0.0 at 0-0-00 00:00:00

DLS1vlan 100 name VLAN_PRIMARIA private-vlan primary private-vlan association 411,421,431

vlan 200 private-vlan communityvlan 300 private-vlan isolated

DLS1#sh vlan private-vlanPrimary Secondary Type Ports------- --------- ----------------- ------------------------------------------100 primary 200 community 300 isolated

DLS1vlan 100 private-vlan association add 200,300

DLS1#sh vlan private-vlanPrimary Secondary Type Ports------- --------- ----------------- ------------------------------------------100 200 community100 300 isolated

El siguiente paso consiste en configurar la interface fastethernet 0/4 (que se conecta con el Router) en modo promiscuo y hacer mapeo de VLAN Primaria con Secundarias.

DLS1interface FastEthernet0/4 switchport private-vlan mapping 100 200,300 switchport mode private-vlan promiscuous

DLS1#sh vlan private-vlan

@ NMT 2012 28

Page 29: Guia Switch

CCNP 3 Guía SWITCH v1.0

Primary Secondary Type Ports------- --------- ----------------- ------------------------------------------100 200 community Fa0/4100 300 isolated Fa0/4

En los puertos que conectan los hosts crear la asociación y definirlos en modo host.

DLS1interface FastEthernet0/1 switchport private-vlan host-association 100 200 switchport mode private-vlan host spanning-tree portfast

interface FastEthernet0/2 switchport private-vlan host-association 100 200 switchport mode private-vlan host spanning-tree portfast

interface FastEthernet0/3 switchport private-vlan host-association 100 300 switchport mode private-vlan host spanning-tree portfast

DLS1#sh interfaces fastEthernet 0/4 switchportName: Fa0/4Switchport: EnabledAdministrative Mode: private-vlan promiscuousOperational Mode: downAdministrative Trunking Encapsulation: negotiateNegotiation of Trunking: OffAccess Mode VLAN: 1 (default)Trunking Native Mode VLAN: 1 (default)Administrative Native VLAN tagging: enabledVoice VLAN: noneAdministrative private-vlan host-association: noneAdministrative private-vlan mapping: 100 (VLAN_PRIMARIA) 200 (VLAN0200) 300 (VLAN0300)Administrative private-vlan trunk native VLAN: noneAdministrative private-vlan trunk Native VLAN tagging: enabledAdministrative private-vlan trunk encapsulation: dot1qAdministrative private-vlan trunk normal VLANs: noneAdministrative private-vlan trunk associations: noneAdministrative private-vlan trunk mappings: noneOperational private-vlan: noneTrunking VLANs Enabled: ALLPruning VLANs Enabled: 2-1001Capture Mode DisabledCapture VLANs Allowed: ALLProtected: falseUnknown unicast blocked: disabledUnknown multicast blocked: disabledAppliance trust: none

@ NMT 2012 29

Page 30: Guia Switch

CCNP 3 Guía SWITCH v1.0

DLS1#sh vlan private-vlanPrimary Secondary Type Ports------- --------- ----------------- ------------------------------------------100 200 community Fa0/1, Fa0/2, Fa0/4100 300 isolated Fa0/3, Fa0/4

Private-VLANs pruebas de conectividad.Según lo que hemos estudiado PC1 y PC2 deben tener conectividad junto con el Router que se encuentra en modo promiscuo.

PC2C:\>ping 10.1.1.1Haciendo ping a 10.1.1.1 con 32 bytes de datos:Respuesta desde 10.1.1.1: bytes=32 tiempo<1m TTL=128Respuesta desde 10.1.1.1: bytes=32 tiempo<1m TTL=128Respuesta desde 10.1.1.1: bytes=32 tiempo<1m TTL=128Respuesta desde 10.1.1.1: bytes=32 tiempo<1m TTL=128Estadísticas de ping para 10.1.1.1: Paquetes: enviados = 4, recibidos = 4, perdidos = 0 (0% perdidos),Tiempos aproximados de ida y vuelta en milisegundos: Mínimo = 0ms, Máximo = 0ms, Media = 0ms

C:\>ping 10.1.1.100Haciendo ping a 10.1.1.100 con 32 bytes de datos:Respuesta desde 10.1.1.100: bytes=32 tiempo=38ms TTL=255Respuesta desde 10.1.1.100: bytes=32 tiempo=15ms TTL=255Respuesta desde 10.1.1.100: bytes=32 tiempo=16ms TTL=255Respuesta desde 10.1.1.100: bytes=32 tiempo=31ms TTL=255Estadísticas de ping para 10.1.1.100: Paquetes: enviados = 4, recibidos = 4, perdidos = 0 (0% perdidos),Tiempos aproximados de ida y vuelta en milisegundos: Mínimo = 15ms, Máximo = 38ms, Media = 25ms

PC3C:\>ping 10.1.1.1Haciendo ping a 10.1.1.1 con 32 bytes de datos:Tiempo de espera agotado para esta solicitud.Tiempo de espera agotado para esta solicitud.Tiempo de espera agotado para esta solicitud.Tiempo de espera agotado para esta solicitud.Estadísticas de ping para 10.1.1.1: Paquetes: enviados = 4, recibidos = 0, perdidos = 4 (100% perdidos),

C:\>ping 10.1.1.100Haciendo ping a 10.1.1.100 con 32 bytes de datos:Respuesta desde 10.1.1.100: bytes=32 tiempo=23ms TTL=255Respuesta desde 10.1.1.100: bytes=32 tiempo=16ms TTL=255

@ NMT 2012

Asociación entre puertos hosts y promiscuous

30

Page 31: Guia Switch

CCNP 3 Guía SWITCH v1.0

Respuesta desde 10.1.1.100: bytes=32 tiempo=31ms TTL=255Respuesta desde 10.1.1.100: bytes=32 tiempo=15ms TTL=255Estadísticas de ping para 10.1.1.100: Paquetes: enviados = 4, recibidos = 4, perdidos = 0 (0% perdidos),Tiempos aproximados de ida y vuelta en milisegundos: Mínimo = 15ms, Máximo = 31ms, Media = 21ms

Mientras el Router que se encuentra en estado promiscuo tiene conectividad con todos los hosts como podemos observar en las siguientes pruebas:

R1#ping 10.1.1.1Type escape sequence to abort.Sending 5, 100-byte ICMP Echos to 10.1.1.1, timeout is 2 seconds:!!!!!Success rate is 100 percent (5/5), round-trip min/avg/max = 8/19/32 ms

R1#ping 10.1.1.2Type escape sequence to abort.Sending 5, 100-byte ICMP Echos to 10.1.1.2, timeout is 2 seconds:!!!!!Success rate is 100 percent (5/5), round-trip min/avg/max = 4/20/44 ms

R1#ping 10.1.1.3Type escape sequence to abort.Sending 5, 100-byte ICMP Echos to 10.1.1.3, timeout is 2 seconds:!!!!!Success rate is 100 percent (5/5), round-trip min/avg/max = 4/17/36 ms

@ NMT 2012 31

Page 32: Guia Switch

CCNP 3 Guía SWITCH v1.0

Private VLANs Multiples Switchs

Arme la siguiente topología:

Prelab: Borre toda configuración anterior (config.text + vlan.dat) Asígneles el siguiente direccionamiento:

PC IPPC1 10.1.1.1/24PC2 10.1.1.2/24PC3 10.1.1.3/24PC4 10.1.1.4/24

Nota: Antes de configigurar algo compruebe que exista comunicación entre todos los PCs de DLS1. Nota: puesto que los switches se encuentran sin configuración anterior utilizarán la VLAN 1. Desactivar el FW en los PCs.

PC3C:\>ping 10.1.1.1Haciendo ping a 10.1.1.1 con 32 bytes de datos:Respuesta desde 10.1.1.1: bytes=32 tiempo<1m TTL=255Respuesta desde 10.1.1.1: bytes=32 tiempo=2ms TTL=255Respuesta desde 10.1.1.1: bytes=32 tiempo=1ms TTL=255Respuesta desde 10.1.1.1: bytes=32 tiempo=1ms TTL=255

Estadísticas de ping para 10.1.1.1: Paquetes: enviados = 4, recibidos = 4, perdidos = 0 (0% perdidos),Tiempos aproximados de ida y vuelta en milisegundos: Mínimo = 0ms, Máximo = 2ms, Media = 1ms

C:\>ping 10.1.1.2

@ NMT 2012 32

Page 33: Guia Switch

CCNP 3 Guía SWITCH v1.0

Haciendo ping a 10.1.1.2 con 32 bytes de datos:Respuesta desde 10.1.1.2: bytes=32 tiempo<1m TTL=128Respuesta desde 10.1.1.2: bytes=32 tiempo<1m TTL=128Respuesta desde 10.1.1.2: bytes=32 tiempo<1m TTL=128Respuesta desde 10.1.1.2: bytes=32 tiempo<1m TTL=128Estadísticas de ping para 10.1.1.2: Paquetes: enviados = 4, recibidos = 4, perdidos = 0 (0% perdidos),Tiempos aproximados de ida y vuelta en milisegundos: Mínimo = 0ms, Máximo = 0ms, Media = 0ms

DLS1#ping 10.1.1.2Type escape sequence to abort.Sending 5, 100-byte ICMP Echos to 10.1.1.2, timeout is 2 seconds:!!!!!Success rate is 100 percent (5/5), round-trip min/avg/max = 1/2/9 ms

DLS1#ping 10.1.1.1Type escape sequence to abort.Sending 5, 100-byte ICMP Echos to 10.1.1.1, timeout is 2 seconds:!!!!!Success rate is 100 percent (5/5), round-trip min/avg/max = 1/1/1 ms

DLS1#ping 10.1.1.3Type escape sequence to abort.Sending 5, 100-byte ICMP Echos to 10.1.1.2, timeout is 2 seconds:!!!!!Success rate is 100 percent (5/5), round-trip min/avg/max = 1/2/9 ms

Configure Private VLANs basándose en la siguiente tabla:Dispositivo VLAN-Type VLAN-IDRouter Primary 100PC1 Community 200PC2 Community 200PC3 Isolated 300PC3 Community 200

Private VLANs requieren una serie de pasos. Configure el switch en modo vtp transparent Cree la Primary VLAN Defina las Secondary VLANs

DLS1vtp mode transparentvtp versión 2

DLS1#sh vtp statusVTP Version : running VTP2Configuration Revision : 0Maximum VLANs supported locally : 1005Number of existing VLANs : 8

@ NMT 2012 33

Page 34: Guia Switch

CCNP 3 Guía SWITCH v1.0

VTP Operating Mode : TransparentVTP Domain Name :VTP Pruning Mode : DisabledVTP V2 Mode : EnabledVTP Traps Generation : DisabledMD5 digest : 0xB2 0x8A 0x1C 0x89 0x3E 0xD3 0xB4 0xF7Configuration last modified by 10.1.1.1 at 0-0-00 00:00:00

DLS1vlan 100 name PRIMARIA private-vlan primary

vlan 200 name PC1-PC2-PC4 private-vlan community

vlan 300 name PC3 private-vlan isolated

DLS1#sh vlan private-vlanPrimary Secondary Type Ports------- --------- ----------------- ------------------------------------------100 primary 200 community 300 isolated

Definir Secondary VLANs la Primary VLAN.

DLS1vlan 100 private-vlan association add 200,300

DLS1#sh vlan private-vlanPrimary Secondary Type Ports------- --------- ----------------- ------------------------------------------100 200 community100 300 isolated

En los puertos que conectan los hosts crear la asociación y definirlos en modo host. Evitar que los puertos transiten de blocking->Listening->Learning... en STP.

DLS1interface FastEthernet0/11 switchport private-vlan host-association 100 200 switchport mode private-vlan host spanning-tree portfast

@ NMT 2012 34

Page 35: Guia Switch

CCNP 3 Guía SWITCH v1.0

interface FastEthernet0/12 switchport private-vlan host-association 100 200 switchport mode private-vlan host spanning-tree portfast

interface FastEthernet0/13 switchport private-vlan host-association 100 300 switchport mode private-vlan host spanning-tree portfast

DLS1#sh interfaces fastEthernet 0/11 switchportName: Fa0/11Switchport: EnabledAdministrative Mode: private-vlan hostOperational Mode: downAdministrative Trunking Encapsulation: negotiateNegotiation of Trunking: OffAccess Mode VLAN: 1 (default)Trunking Native Mode VLAN: 1 (default)Administrative Native VLAN tagging: enabledVoice VLAN: noneAdministrative private-vlan host-association: 100 (PRIMARIA) 200 (PC1-PC2-PC4)Administrative private-vlan mapping: noneAdministrative private-vlan trunk native VLAN: noneAdministrative private-vlan trunk Native VLAN tagging: enabledAdministrative private-vlan trunk encapsulation: dot1qAdministrative private-vlan trunk normal VLANs: noneAdministrative private-vlan trunk associations: noneAdministrative private-vlan trunk mappings: noneOperational private-vlan: noneTrunking VLANs Enabled: ALLPruning VLANs Enabled: 2-1001Capture Mode DisabledCapture VLANs Allowed: ALL

Protected: falseUnknown unicast blocked: disabledUnknown multicast blocked: disabledAppliance trust: none

@ NMT 2012 35

Page 36: Guia Switch

CCNP 3 Guía SWITCH v1.0

Configure trunk 802.1q entre DLS1 F0/6 y DLS2 Fa0/6. Permita únicamente las VLANs que participan en la configuración. No se permite DTP. Permitir solo la VLAN 1.

DLS1 interface fastEthernet 0/6 switchport trunk encapsulation dot1q switchport mode trunk switchport trunk allowed vlan 1 switchport nonegotiate

DLS2 interface fastEthernet 0/6 switchport trunk encapsulation dot1q switchport mode trunk switchport trunk allowed vlan 1 switchport nonegotiate

DLS2#show interfaces trunkPort Mode Encapsulation Status Native vlanFa0/6 on 802.1q trunking 1Port Vlans allowed on trunkFa0/6 1Port Vlans allowed and active in management domainFa0/6 1Port Vlans in spanning tree forwarding state and not prunedFa0/6 1

Utilizar mismo proceso anterior para crear VLANs Primarias, Community, Isolated. En puerto f0/21 de DLS1 crear la asociación con VLAN primaria y definir modo host. Evitar que el puerto

transite de blocking->Listening->Learning... en STP. Configurar la interface fastethernet 0/22 (que se conecta con el Router) en modo promiscuo y hacer

mapeo de VLAN Primaria con Secundarias.

DLS2vtp mode transparentvtp version 2

vlan 100 name PRIMARIA private-vlan primary

vlan 200 name PC1-PC2-PC4 private-vlan community

vlan 300 name PC3 private-vlan isolated

@ NMT 2012 36

Page 37: Guia Switch

CCNP 3 Guía SWITCH v1.0

vlan 100 private-vlan association add 200,300

interface FastEthernet0/21 switchport private-vlan host-association 100 200 switchport mode private-vlan host spanning-tree portfast

DLS2#show vlan private-vlanPrimary Secondary Type Ports------- --------- ----------------- ------------------------------------------100 200 community Fa0/21100 300 isolated

DLS2interface FastEthernet0/22 switchport private-vlan mapping 100 200,300 switchport mode private-vlan promiscuous

DLS2#show interfaces fastEthernet 0/22 switchportName: Fa0/22Switchport: EnabledAdministrative Mode: private-vlan promiscuousOperational Mode: downAdministrative Trunking Encapsulation: negotiateNegotiation of Trunking: OffAccess Mode VLAN: 1 (default)Trunking Native Mode VLAN: 1 (default)Administrative Native VLAN tagging: enabledVoice VLAN: noneAdministrative private-vlan host-association: noneAdministrative private-vlan mapping: 100 (PRIMARIA) 200 (PC1-PC2-PC4) 300 (PC3)Administrative private-vlan trunk native VLAN: noneAdministrative private-vlan trunk Native VLAN tagging: enabledAdministrative private-vlan trunk encapsulation: dot1qAdministrative private-vlan trunk normal VLANs: noneAdministrative private-vlan trunk private VLANs: noneOperational private-vlan: noneTrunking VLANs Enabled: ALLPruning VLANs Enabled: 2-1001Capture Mode DisabledCapture VLANs Allowed: ALLProtected: falseUnknown unicast blocked: disabledUnknown multicast blocked: disabledAppliance trust: none

Private-VLANs pruebas de conectividad.PC1 y PC2 deben tener conectividad.

Nota: Desactivar el Firewall en cada PC.

@ NMT 2012 37

Page 38: Guia Switch

CCNP 3 Guía SWITCH v1.0

PC1C:\>ping 10.1.12.2

Haciendo ping a 10.1.12.2 con 32 bytes de datos:

Respuesta desde 10.1.12.2: bytes=32 tiempo<1m TTL=128Respuesta desde 10.1.12.2: bytes=32 tiempo<1m TTL=128Respuesta desde 10.1.12.2: bytes=32 tiempo<1m TTL=128Respuesta desde 10.1.12.2: bytes=32 tiempo<1m TTL=128

Estadísticas de ping para 10.1.12.2: Paquetes: enviados = 4, recibidos = 4, perdidos = 0 (0% perdidos),Tiempos aproximados de ida y vuelta en milisegundos: Mínimo = 0ms, Máximo = 0ms, Media = 0msC:\>

PC3C:\>ping 10.1.12.2Haciendo ping a 10.1.12.2 con 32 bytes de datos:Respuesta desde 10.1.12.2: bytes=32 tiempo<1m TTL=128Respuesta desde 10.1.12.2: bytes=32 tiempo<1m TTL=128Respuesta desde 10.1.12.2: bytes=32 tiempo<1m TTL=128Respuesta desde 10.1.12.2: bytes=32 tiempo<1m TTL=128Estadísticas de ping para 10.1.12.2: Paquetes: enviados = 4, recibidos = 4, perdidos = 0 (0% perdidos),Tiempos aproximados de ida y vuelta en milisegundos: Mínimo = 0ms, Máximo = 0ms, Media = 0ms

Para que podamos establecer conectividad entre los puertos asociados a la VLAN Community debemos establecer permisos en el trunk, anteriormente solo se permitía la VLAN1 sin embargo en este punto debemos permitir todas las VLANs que participan.

DLS1interface fastEthernet 0/6switchport trunk allowed vlan add 100,200,300

DLS2interface fastEthernet 0/6switchport trunk allowed vlan add 100,200,300

@ NMT 2012 38

Page 39: Guia Switch

CCNP 3 Guía SWITCH v1.0

DLS2#show interfaces trunkPort Mode Encapsulation Status Native vlanFa0/6 on 802.1q trunking 1Port Vlans allowed on trunkFa0/6 1,100,200,300Port Vlans allowed and active in management domainFa0/6 1,100,200,300Port Vlans in spanning tree forwarding state and not prunedFa0/6 1

Pruebas PINGPC2 → PC4 PC2 → RouterPC3 → RouterPC4 → Router

PC2C:\>ping 10.1.12.4 -t

Haciendo ping a 10.1.12.4 con 32 bytes de datos:

Respuesta desde 10.1.12.4: bytes=32 tiempo<1m TTL=128Respuesta desde 10.1.12.4: bytes=32 tiempo<1m TTL=128Respuesta desde 10.1.12.4: bytes=32 tiempo<1m TTL=128Respuesta desde 10.1.12.4: bytes=32 tiempo<1m TTL=128Respuesta desde 10.1.12.4: bytes=32 tiempo<1m TTL=128Respuesta desde 10.1.12.4: bytes=32 tiempo<1m TTL=128

Estadísticas de ping para 10.1.12.4: Paquetes: enviados = 6, recibidos = 6, perdidos = 0 (0% perdidos),Tiempos aproximados de ida y vuelta en milisegundos: Mínimo = 0ms, Máximo = 0ms, Media = 0ms

PC2C:\>ping 10.1.12.100 -t

Haciendo ping a 10.1.12.100 con 32 bytes de datos:

Respuesta desde 10.1.12.100: bytes=32 tiempo=28ms TTL=255Respuesta desde 10.1.12.100: bytes=32 tiempo=21ms TTL=255Respuesta desde 10.1.12.100: bytes=32 tiempo=21ms TTL=255Respuesta desde 10.1.12.100: bytes=32 tiempo=21ms TTL=255Respuesta desde 10.1.12.100: bytes=32 tiempo=21ms TTL=255Respuesta desde 10.1.12.100: bytes=32 tiempo=21ms TTL=255

Estadísticas de ping para 10.1.12.100: Paquetes: enviados = 6, recibidos = 6, perdidos = 0 (0% perdidos),Tiempos aproximados de ida y vuelta en milisegundos: Mínimo = 21ms, Máximo = 28ms, Media = 22ms

@ NMT 2012 39

Page 40: Guia Switch

CCNP 3 Guía SWITCH v1.0

PC4C:\>ping 10.1.12.100

Haciendo ping a 10.1.12.100 con 32 bytes de datos:

Respuesta desde 10.1.12.100: bytes=32 tiempo=30ms TTL=255Respuesta desde 10.1.12.100: bytes=32 tiempo=31ms TTL=255Respuesta desde 10.1.12.100: bytes=32 tiempo=15ms TTL=255Respuesta desde 10.1.12.100: bytes=32 tiempo=31ms TTL=255

Estadísticas de ping para 10.1.12.100: Paquetes: enviados = 4, recibidos = 4, perdidos = 0 (0% perdidos),Tiempos aproximados de ida y vuelta en milisegundos: Mínimo = 15ms, Máximo = 31ms, Media = 26ms

PC3C:\>ping 10.1.12.100

Haciendo ping a 10.1.12.100 con 32 bytes de datos:

Respuesta desde 10.1.12.100: bytes=32 tiempo=30ms TTL=255Respuesta desde 10.1.12.100: bytes=32 tiempo=31ms TTL=255Respuesta desde 10.1.12.100: bytes=32 tiempo=15ms TTL=255Respuesta desde 10.1.12.100: bytes=32 tiempo=31ms TTL=255

Estadísticas de ping para 10.1.12.100: Paquetes: enviados = 4, recibidos = 4, perdidos = 0 (0% perdidos),Tiempos aproximados de ida y vuelta en milisegundos: Mínimo = 15ms, Máximo = 31ms, Media = 26ms

R1#ping 10.1.12.3Type escape sequence to abort.Sending 5, 100-byte ICMP Echos to 10.1.12.3, timeout is 2 seconds:!!!!!Success rate is 100 percent (5/5), round-trip min/avg/max = 4/19/32 ms

@ NMT 2012 40

Page 41: Guia Switch

CCNP 3 Guía SWITCH v1.0

Port Protected

Crear la VLAN 10 en ALS1. Configurar como puertos de acceso las interfaces Fa0/10 y Fa0/11 como muestra la figura. Probar si existe

conectividad entre los PCs . Luego habilitar port protect. Comprobar que los PCs pueden comunicarse con el Router pero no entre ellos.

Nota: Ambos puertos deben estar en modo protected para que estém aislados el uno del otro.

ALS1vlan 111 name PORT-PROTECTED

interface FastEthernet0/10 switchport access vlan 111 switchport mode access spanning-tree portfast

interface FastEthernet0/11 switchport access vlan 111 switchport mode access spanning-tree portfast

PC1C:\>ping 10.1.12.2 -tHaciendo ping a 10.1.12.2 con 32 bytes de datos:Respuesta desde 10.1.12.2: bytes=32 tiempo<1m TTL=128Respuesta desde 10.1.12.2: bytes=32 tiempo<1m TTL=128Respuesta desde 10.1.12.2: bytes=32 tiempo<1m TTL=128Respuesta desde 10.1.12.2: bytes=32 tiempo<1m TTL=128Respuesta desde 10.1.12.2: bytes=32 tiempo<1m TTL=128

@ NMT 2012 41

Page 42: Guia Switch

CCNP 3 Guía SWITCH v1.0

Respuesta desde 10.1.12.2: bytes=32 tiempo<1m TTL=128Respuesta desde 10.1.12.2: bytes=32 tiempo<1m TTL=128Respuesta desde 10.1.12.2: bytes=32 tiempo<1m TTL=128Respuesta desde 10.1.12.2: bytes=32 tiempo<1m TTL=128Respuesta desde 10.1.12.2: bytes=32 tiempo<1m TTL=128Respuesta desde 10.1.12.2: bytes=32 tiempo<1m TTL=128Respuesta desde 10.1.12.2: bytes=32 tiempo<1m TTL=128Respuesta desde 10.1.12.2: bytes=32 tiempo<1m TTL=128Respuesta desde 10.1.12.2: bytes=32 tiempo<1m TTL=128Respuesta desde 10.1.12.2: bytes=32 tiempo<1m TTL=128Respuesta desde 10.1.12.2: bytes=32 tiempo<1m TTL=128Respuesta desde 10.1.12.2: bytes=32 tiempo<1m TTL=128Respuesta desde 10.1.12.2: bytes=32 tiempo<1m TTL=128Respuesta desde 10.1.12.2: bytes=32 tiempo<1m TTL=128Respuesta desde 10.1.12.2: bytes=32 tiempo<1m TTL=128Respuesta desde 10.1.12.2: bytes=32 tiempo<1m TTL=128Respuesta desde 10.1.12.2: bytes=32 tiempo<1m TTL=128Respuesta desde 10.1.12.2: bytes=32 tiempo<1m TTL=128Respuesta desde 10.1.12.2: bytes=32 tiempo<1m TTL=128Respuesta desde 10.1.12.2: bytes=32 tiempo<1m TTL=128Respuesta desde 10.1.12.2: bytes=32 tiempo<1m TTL=128Respuesta desde 10.1.12.2: bytes=32 tiempo<1m TTL=128

ALS1interface FastEthernet0/10 switchport protected

interface FastEthernet0/11 switchport protected

Tiempo de espera agotado para esta solicitud.Tiempo de espera agotado para esta solicitud.Tiempo de espera agotado para esta solicitud.Tiempo de espera agotado para esta solicitud.Tiempo de espera agotado para esta solicitud.Tiempo de espera agotado para esta solicitud.

Estadísticas de ping para 10.1.12.2: Paquetes: enviados = 33, recibidos = 27, perdidos = 6 (18% perdidos),Tiempos aproximados de ida y vuelta en milisegundos: Mínimo = 0ms, Máximo = 0ms, Media = 0msControl-C

La salida anterior nos muestra que existe conectividad entre los PCs hasta que se habilita port-protected

Configurar puerto de acceso para la VLAN 111 en Fa0/9 que conecta al Router. Habilitar la interfaces del Router con la IP 10.1.12.100/24.

R1interface FastEthernet0/0 ip address 10.1.12.100 255.255.255.0

@ NMT 2012 42

Page 43: Guia Switch

CCNP 3 Guía SWITCH v1.0

no shutALS1interface FastEthernet0/9 switchport access vlan 111 switchport mode access spanning-tree portfast

ALS1#show interfaces fastEthernet 0/10 switchportName: Fa0/10Switchport: EnabledAdministrative Mode: static accessOperational Mode: downAdministrative Trunking Encapsulation: dot1qNegotiation of Trunking: OffAccess Mode VLAN: 111 (PORT-PROTECTED)Trunking Native Mode VLAN: 1 (default)Administrative Native VLAN tagging: enabledVoice VLAN: noneAdministrative private-vlan host-association: noneAdministrative private-vlan mapping: noneAdministrative private-vlan trunk native VLAN: noneAdministrative private-vlan trunk Native VLAN tagging: enabledAdministrative private-vlan trunk encapsulation: dot1qAdministrative private-vlan trunk normal VLANs: noneAdministrative private-vlan trunk private VLANs: noneOperational private-vlan: noneTrunking VLANs Enabled: ALLPruning VLANs Enabled: 2-1001Capture Mode DisabledCapture VLANs Allowed: ALL

Protected: trueUnknown unicast blocked: disabledUnknown multicast blocked: disabledAppliance trust: none

R1#ping 10.1.12.2Type escape sequence to abort.Sending 5, 100-byte ICMP Echos to 10.1.12.2, timeout is 2 seconds:!!!!!Success rate is 100 percent (5/5), round-trip min/avg/max = 4/20/40 ms

@ NMT 2012 43

Page 44: Guia Switch

CCNP 3 Guía SWITCH v1.0

PC2

Etherchannel

Crear trunking configurando las interfaces f0/11 y f0/12 de DLS1 y DLS2 utilice protocolo standard de la industria. Como resultado deberíamos ver un solo enlace para STP. Si un enlace falla no debería haber interrupción del tráfico. DLS1 solo debe responder si se inicia una negociación desde el otro extremo, debe adoptar modo pasivo. DLS2 debe intentarformar un etherchannel en forma activa.

PortChannelSW1 Configurado con SW2 Configurado con Etherchannel?Desirable (PAgP Cisco) Desirable SíDesirable (PAgP Cisco) Auto SíAuto Auto No

Proceso recomendado:1. Utilice default interface para dejar la interface sin configuración (valores por defecto)2. Crear un channel-group en la interface física (asignar un número identificativo), se creará un portchannel

automáticamente.3. (Muy importante) definir el trunk dentro del portchannel (encapsulation, mode, …)

@ NMT 2012 44

Page 45: Guia Switch

CCNP 3 Guía SWITCH v1.0

------------------------------------------------------------------------------------------------------------------------Ejemplo de tipos de etherchannels PAgP

DLS1(config)#interface range fastEthernet 0/11-12DLS1(config-if-range)#channel-group 1 mode ? active Enable LACP unconditionally auto Enable PAgP only if a PAgP device is detected desirable Enable PAgP unconditionally on Enable Etherchannel only passive Enable LACP only if a LACP device is detected------------------------------------------------------------------------------------------------------------------------

DLS1default interface range fastEthernet 0/11-12

DLS1default interface range fastEthernet 0/11-12

interface FastEthernet0/11 channel-group 1 mode auto

interface FastEthernet0/12 channel-group 1 mode auto

interface Port-channel1 switchport trunk encapsulation dot1q switchport mode trunk

DLS2default interface range fastEthernet 0/11-12

interface FastEthernet0/11 channel-group 1 mode desirable

interface FastEthernet0/12 channel-group 1 mode desirable

interface Port-channel1 switchport trunk encapsulation dot1q switchport mode trunk

DLS2#show interfaces trunkPort Mode Encapsulation Status Native vlanPo1 on 802.1q trunking 1Port Vlans allowed on trunkPo1 1-4094Port Vlans allowed and active in management domainPo1 1Port Vlans in spanning tree forwarding state and not prunedPo1 1

DLS1#sh interfaces port-channel 1 trunkPort Mode Encapsulation Status Native vlan

@ NMT 2012 45

Page 46: Guia Switch

CCNP 3 Guía SWITCH v1.0

Po1 on 802.1q trunking 1Port Vlans allowed on trunkPo1 1-4094Port Vlans allowed and active in management domainPo1 1Port Vlans in spanning tree forwarding state and not prunedPo1 1

DLS2#show interfaces fastEthernet 0/11 switchport | include ModeAdministrative Mode: trunkOperational Mode: trunk (member of bundle Po1)Access Mode VLAN: 1 (default)Trunking Native Mode VLAN: 1 (default)Capture Mode Disabled

DLS1#sh interfaces fastEthernet 0/11 switchport | i ModeAdministrative Mode: trunkOperational Mode: trunk (member of bundle Po1)Access Mode VLAN: 1 (default)Trunking Native Mode VLAN: 1 (default)Capture Mode Disabled

DLS1#sh spanning-treeVLAN0001 Spanning tree enabled protocol ieee Root ID Priority 32769 Address 3037.a6eb.d580 Cost 12 Port 56 (Port-channel1) Hello Time 2 sec Max Age 20 sec Forward Delay 15 sec

Bridge ID Priority 32769 (priority 32768 sys-id-ext 1) Address e8ba.70cb.f600 Hello Time 2 sec Max Age 20 sec Forward Delay 15 sec Aging Time 300 sec

Interface Role Sts Cost Prio.Nbr Type------------------- ---- --- --------- -------- --------------------------------Po1 Root FWD 12 128.56 P2p

@ NMT 2012 46

Page 47: Guia Switch

CCNP 3 Guía SWITCH v1.0

Configure trunk entre DLS1 y ALS1 como muestra la figura. Como resultado deberíamos ver un solo enlace para STP. Si un enlace falla no debería haber interrupción del tráfico. No se permite el uso de ningún protocolo etherchannel de negociación.

PortChannelSW1 Configurado con SW2 Configurado con Etherchannel?On On Sí

Nota: No podemos utilizar PAgP ni LACP. Como buena práctica tener en cuenta el proceso recomendado de configuración.

DLS1default interface range fastEthernet 0/7-8

interface FastEthernet0/7 channel-group 2 mode on

interface FastEthernet0/8 channel-group 2 mode on

interface Port-channel2 switchport trunk encapsulation dot1q switchport mode trunk

ALS1default interface range fastEthernet 0/7-8

interface FastEthernet0/7 channel-group 2 mode on

interface FastEthernet0/8 channel-group 2 mode on

@ NMT 2012 47

Page 48: Guia Switch

CCNP 3 Guía SWITCH v1.0

interface Port-channel2 switchport mode trunk

ALS1#show interfaces trunkPort Mode Encapsulation Status Native vlanPo2 on 802.1q trunking 1Port Vlans allowed on trunkPo2 1-4094Port Vlans allowed and active in management domainPo2 1Port Vlans in spanning tree forwarding state and not prunedPo2 1

DLS1#sh interfaces trunkPort Mode Encapsulation Status Native vlanPo1 on 802.1q trunking 1Po2 on 802.1q trunking 1Port Vlans allowed on trunkPo1 1-4094Po2 1-4094Port Vlans allowed and active in management domainPo1 1Po2 1Port Vlans in spanning tree forwarding state and not prunedPo1 1Po2 1

DLS1#sh etherchannel protocol Channel-group listing: ----------------------Group: 1----------Protocol: PAgPGroup: 2----------Protocol: - (Mode ON)

ALS1#show etherchannel summaryFlags: D - down P - in port-channel I - stand-alone s - suspended H - Hot-standby (LACP only) R - Layer3 S - Layer2 U - in use f - failed to allocate aggregator u - unsuitable for bundling w - waiting to be aggregated d - default portNumber of channel-groups in use: 1Number of aggregators: 1Group Port-channel Protocol Ports------+-------------+-----------+-----------------------------------------------2 Po2(SU) - Fa0/7(P) Fa0/8(P)

@ NMT 2012 48

Page 49: Guia Switch

CCNP 3 Guía SWITCH v1.0

ALS1#show spanning-tree interface port-channel 2Vlan Role Sts Cost Prio.Nbr Type---------------- ---- --- --------- -------- --------------------------------VLAN0001 Desg FWD 12 128.64 P2p

Load-Shared Etherchannel Configure el switch DLS1 de manera que todo el tráfico generado localmente sea distribuido en el

Etherchannel en base a la dirección MAC destino.

Nota: Dependiendo del modelo los distintos criterios utilizados para distribuir la carga (load-shared) variarán. Comprobemos que tipo de load-sharing está activada por defecto (source-mac). Podemos verificar esto utilizando el comando show etherchannel load-balance.

DLS1#sh etherchannel load-balanceEtherChannel Load-Balancing Configuration: src-mac

EtherChannel Load-Balancing Addresses Used Per-Protocol:Non-IP: Source MAC address IPv4: Source MAC address IPv6: Source MAC address

DLS1port-channel load-balance dst-mac

DLS1#sh etherchannel load-balanceEtherChannel Load-Balancing Configuration: dst-mac

EtherChannel Load-Balancing Addresses Used Per-Protocol:Non-IP: Destination MAC address IPv4: Destination MAC address IPv6: Destination MAC address

Los Etherchannel creados en DLS2 deben distribuir la carga (load-shared) cumpliendo las siguientes políticas:

Para tráfico no IP, MAC destino Para tráfico IPv4, IP destino Para tráfico IPv6, IP destino Configurar todos los modos de load-sharing y comprobar resultados.

Nota: según la forma de configurar tendremos distintos resultados, en este punto podríamos probar las opciones de load-balanced que se nos presenta y comprobar los cambios con el comando etherchannel load-balance. Tiene sentido por el hecho que no podemos modificar el comportamiento directamente para el tráfico IPv6, este se ajusta en base a la configuración que hayamos efectuado para IPv4.

DLS2port-channel load-balance dst-ip

@ NMT 2012 49

Page 50: Guia Switch

CCNP 3 Guía SWITCH v1.0

DLS2#show etherchannel load-balanceEtherChannel Load-Balancing Configuration: dst-ipEtherChannel Load-Balancing Addresses Used Per-Protocol:Non-IP: Destination MAC address IPv4: Destination IP address IPv6: Destination IP address

Configure trunk entre DLS2 y ALS2 como muestra la figura. Como resultado deberíamos ver un solo enlace para STP. Si un enlace falla no debería haber interrupción del tráfico. En ambos switches utilizar negocioación PAgP constante.

PortChannel PAgPSW1 Configurado con SW2 Configurado con Etherchannel?Desirable (PAgP Cisco) Desirable SíDesirable (PAgP Cisco) Auto SíAuto Auto No

Este escenario requiere qque ambos extremos intenten formar un ehterchannel activamente. Esto nos da una pista importante si analizamos la tabla anterior, en modo desirable en ambos lados obtendremos el resultado esperado.

DLS2default interface range fastEthernet 0/7-8

interface FastEthernet0/7 channel-group 2 mode desirable

interface FastEthernet0/8 channel-group 2 mode desirable

interface Port-channel2 switchport trunk encapsulation dot1q switchport mode trunk

@ NMT 2012 50

Page 51: Guia Switch

CCNP 3 Guía SWITCH v1.0

ALS2default interface range fastEthernet 0/7-8

interface FastEthernet0/7 channel-group 2 mode desirable

interface FastEthernet0/8 channel-group 2 mode desirable

interface Port-channel2 switchport mode trunk

ALS2#show interfaces trunkPort Mode Encapsulation Status Native vlanPo2 on 802.1q trunking 1Port Vlans allowed on trunkPo2 1-4094Port Vlans allowed and active in management domainPo2 1Port Vlans in spanning tree forwarding state and not prunedPo2 1

DLS2#show interfaces trunkPort Mode Encapsulation Status Native vlanPo1 on 802.1q trunking 1Po2 on 802.1q trunking 1Port Vlans allowed on trunkPo1 1-4094Po2 1-4094Port Vlans allowed and active in management domainPo1 1Po2 1Port Vlans in spanning tree forwarding state and not prunedPo1 1Po2 1

DLS2#show etherchannel summaryFlags: D - down P - in port-channel I - stand-alone s - suspended H - Hot-standby (LACP only) R - Layer3 S - Layer2 U - in use f - failed to allocate aggregator u - unsuitable for bundling w - waiting to be aggregated d - default portNumber of channel-groups in use: 2Number of aggregators: 2Group Port-channel Protocol Ports------+-------------+-----------+-----------------------------------------------1 Po1(SU) PAgP Fa0/11(P) Fa0/12(P)2 Po2(SU) PAgP Fa0/7(P) Fa0/8(P)

@ NMT 2012 51

Page 52: Guia Switch

CCNP 3 Guía SWITCH v1.0

Configure trunk entre ALS1 y ALS2 como muestra la figura. Como resultado deberíamos ver un solo enlace para STP. Si un enlace falla no debería haber interrupción del tráfico. Configurar LACP. ALS1 debe estar en modo pasivo. ALS2 debe intentar activamente formar un etherchannel.

PortChannel LACPSW1 Configurado con SW2 Configurado con Etherchannel?Active Active SíActive Passive SíPassive Passive No

ALS1default interface range fastEthernet 0/11-12

interface range fastEthernet 0/11-12 channel-group 3 mode passive exit

interface Port-channel3 switchport mode trunk

ALS1default interface range fastEthernet 0/11-12

interface range fastEthernet 0/11-12 channel-group 3 mode active exit

interface Port-channel3 switchport mode trunk

@ NMT 2012 52

Page 53: Guia Switch

CCNP 3 Guía SWITCH v1.0

ALS2#show etherchannel protocol Channel-group listing: ----------------------Group: 2----------Protocol: PAgP

Group: 3----------Protocol: LACP

ALS2#show interfaces trunkPort Mode Encapsulation Status Native vlanPo2 on 802.1q trunking 1Po3 on 802.1q trunking 1Port Vlans allowed on trunkPo2 1-4094Po3 1-4094Port Vlans allowed and active in management domainPo2 1Po3 1Port Vlans in spanning tree forwarding state and not prunedPo2 1Po3 1

ALS1#show etherchannel summaryFlags: D - down P - in port-channel I - stand-alone s - suspended H - Hot-standby (LACP only) R - Layer3 S - Layer2 U - in use f - failed to allocate aggregator u - unsuitable for bundling w - waiting to be aggregated d - default port

Number of channel-groups in use: 2Number of aggregators: 2

Group Port-channel Protocol Ports------+-------------+-----------+-----------------------------------------------2 Po2(SU) - Fa0/7(P) Fa0/8(P)3 Po3(SU) LACP Fa0/11(P) Fa0/12(P)

@ NMT 2012 53

Page 54: Guia Switch

CCNP 3 Guía SWITCH v1.0

Etherchannel L3

Prelab: Borrar configuraciónes anteriores de ambos Switches.

Configurar los puertos FastEthernet0/11 al FastEthernet0/13 de DLS1 y DLS2 como muestra la figura. Estos tres enlaces deben verse como uno solo para STP. Configurar direccionamiento IP mostrado. En la creación del Portchannel no debe existir negociación. El tipo de trunk debe ser 802.1q.

DLS1default interface range fastEthernet 0/11-13

interface Port-channel12 no switchport ip address 10.1.12.1 255.255.255.0

interface range fastEthernet 0/11-13 no switchport channel-group 12 mode on

DLS2default interface range fastEthernet 0/11-13

interface Port-channel12 no switchport ip address 10.1.12.2 255.255.255.0

interface range fastEthernet 0/11-13 no switchport channel-group 12 mode on

DLS2#show etherchannel summaryFlags: D - down P - in port-channel I - stand-alone s - suspended H - Hot-standby (LACP only) R - Layer3 S - Layer2 U - in use f - failed to allocate aggregator u - unsuitable for bundling w - waiting to be aggregated d - default portNumber of channel-groups in use: 1Number of aggregators: 1Group Port-channel Protocol Ports------+-------------+-----------+-----------------------------------------------12 Po12(RU) - Fa0/11(P) Fa0/12(P) Fa0/13(P)

@ NMT 2012

R: Etherchannel Capa3U: Etherchannel Activo (en uso)

54

Page 55: Guia Switch

CCNP 3 Guía SWITCH v1.0

Pruebas Etherchanel L3

DLS2access-list 100 permit ip host 10.1.12.2 host 10.1.12.1

DLS2#debug ip packet 100IP packet debugging is on for access list 100

DLS2#ping 10.1.12.1 source 10.1.12.2 repeat 1Type escape sequence to abort.Sending 1, 100-byte ICMP Echos to 10.1.12.1, timeout is 2 seconds:Packet sent with a source address of 10.1.12.2!Success rate is 100 percent (1/1), round-trip min/avg/max = 8/8/8 ms00:59:41: IP: s=10.1.12.2 (local), d=10.1.12.1 (Port-channel12), len 100, sending00:59:41: IP: s=10.1.12.2 (local), d=10.1.12.1 (Port-channel12), len 100, sending full packet

VTP II Configure trunking entre todos los Switches de acuerdo al diagrama inicial. No se permite uso de DTP.

Nota: Configurar cada Switch en modo VTP transparent

DLS1vtp mode transparentdefault interface range fastEthernet 0/7-12

interface FastEthernet0/7 switchport trunk encapsulation dot1q switchport mode trunk switchport nonegotiate no shutdown

interface FastEthernet0/8 switchport trunk encapsulation dot1q switchport mode trunk switchport nonegotiate no shutdown

interface FastEthernet0/9 switchport trunk encapsulation dot1q switchport mode trunk switchport nonegotiateno shutdown

interface FastEthernet0/10 switchport trunk encapsulation dot1q switchport mode trunk switchport nonegotiateno shutdowninterface FastEthernet0/11 switchport trunk encapsulation dot1q

@ NMT 2012 55

Page 56: Guia Switch

CCNP 3 Guía SWITCH v1.0

switchport mode trunk switchport nonegotiateno shutdown

interface FastEthernet0/12 switchport trunk encapsulation dot1q switchport mode trunk switchport nonegotiateno shutdown

DLS1#sh interfaces fastEthernet 0/7 switchportName: Fa0/7Switchport: EnabledAdministrative Mode: trunkOperational Mode: trunkAdministrative Trunking Encapsulation: dot1qOperational Trunking Encapsulation: dot1qNegotiation of Trunking: Off

DLS2vtp mode transparentdefault interface range fastEthernet 0/7-12

interface range fastEthernet 0/7-12 switchport trunk encapsulation dot1q switchport mode trunk switchport nonegotiate no shutdown

ALS1vtp mode transparentdefault interface range fastEthernet 0/7-12

interface range fastEthernet 0/7-12 switchport mode trunk switchport nonegotiate

ALS2vtp mode transparentdefault interface range fastEthernet 0/7-12

interface range fastEthernet 0/7-12 switchport mode trunk switchport nonegotiate

ALS2#show interfaces fastEthernet 0/11 switchportName: Fa0/11Switchport: EnabledAdministrative Mode: trunkOperational Mode: trunkAdministrative Trunking Encapsulation: dot1qOperational Trunking Encapsulation: dot1qNegotiation of Trunking: Off

@ NMT 2012 56

Page 57: Guia Switch

CCNP 3 Guía SWITCH v1.0

Configure DLS1 y DLS2 de la siguiente forma: VTP domain: DUOC VTP versión: 2 VTP password: cisco VTP modo: server

Comprobar en ambos switchs la configuración.Nota: Por defecto el modo VTP es server. Recordar que en ejemplo anterior cambiamos a transparent.

DLS1#sh vtp statusVTP Version : running VTP1 (VTP2 capable)Configuration Revision : 0Maximum VLANs supported locally : 1005Number of existing VLANs : 5VTP Operating Mode : TransparentVTP Domain Name :VTP Pruning Mode : DisabledVTP V2 Mode : DisabledVTP Traps Generation : DisabledMD5 digest : 0x57 0xCD 0x40 0x65 0x63 0x59 0x47 0xBDConfiguration last modified by 0.0.0.0 at 0-0-00 00:00:00

DLS1vtp version 2vtp mode servervtp password ciscovtp domain DUOC

DLS2vtp version 2vtp mode servervtp password ciscovtp domain DUOC

DLS2#show vtp statusVTP Version : 2Configuration Revision : 1Maximum VLANs supported locally : 1005Number of existing VLANs : 5VTP Operating Mode : ServerVTP Domain Name : DUOCVTP Pruning Mode : DisabledVTP V2 Mode : Enabled

@ NMT 2012 57

Page 58: Guia Switch

CCNP 3 Guía SWITCH v1.0

Configure ALS1 y ALS2 de la siguiente forma: VTP domain: DUOC VTP versión: 2 VTP password: cisco VTP modo: client

Comprobar en ambos switchs la configuración.

ALS1vtp version 2vtp mode clientvtp password ciscovtp domain DUOC

ALS2vtp version 2vtp mode clientvtp password ciscovtp domain DUOC

ALS2#show vtp statusVTP Version : 2Configuration Revision : 1Maximum VLANs supported locally : 255Number of existing VLANs : 5VTP Operating Mode : ClientVTP Domain Name : DUOCVTP Pruning Mode : DisabledVTP V2 Mode : Enabled

@ NMT 2012 58

Page 59: Guia Switch

CCNP 3 Guía SWITCH v1.0

STP Comportamiento por defecto

Antes de continuar deshabilitemos los puertos que no participan en este laboratorio. El comando default interface range fastEthernet 0/7-12 nos permite dejar la interface con sus valores por defecto, es un método efectivo de “limpiar” la configuración existente en caso que la hubiera.

ALS2default interface range fastEthernet 0/7-12interface range fastEthernet 0/8 , fastEthernet 0/10 , fastEthernet 0/12 shutdown

ALS1default interface range fastEthernet 0/7-12interface range fastEthernet 0/8 , fastEthernet 0/10 , fastEthernet 0/12 shutdown

DLS2default interface range fastEthernet 0/7-12interface range fastEthernet 0/8 , fastEthernet 0/10 , fastEthernet 0/12 shutdown

DLS1default interface range fastEthernet 0/7-12interface range fastEthernet 0/8 , fastEthernet 0/10 , fastEthernet 0/12 shutdown

@ NMT 2012 59

Page 60: Guia Switch

CCNP 3 Guía SWITCH v1.0

¿Como podemos determinar el comportamiento de STP en este ejemplo? Iremos paso a paso explicando este problema. Utilizaremos la VLAN 1. El proceso más efectivo y sencillo para determinar los roles STP es el siguiente:

1. Determinar el costo de cada enlace. Para eso nos resultará útil la siguiente tabla (podemos verificar que los datos sean efectivamente los que aparecen utilizando show interface):

BW del enlace

Costo STP

4 Mbps 25010 Mbps 10016 Mbps 6245 Mbps 39100 Mbps 19155 Mbps 14622 Mbps 61 Gbps 410 Gbps 2

2. Identificar el Root BridgeEsto requiere que investiguemos que MAC está utilizando e l switch (suponiendo que la prioridad es la misma para todos los switches del dominio). Para esto determinamos la MAC con el comando show versión como veremos a continuación:

DLS1#sh version | include BaseBase ethernet MAC Address : E8:BA:70:CB:F6:00

DLS2#sh version | include BaseBase ethernet MAC Address : 30:37:A6:EB:D5:80

ALS1#sh version | include BaseBase ethernet MAC Address : 00:22:56:89:5D:80

@ NMT 2012 60

Page 61: Guia Switch

CCNP 3 Guía SWITCH v1.0

ALS2#sh version | include BaseBase ethernet MAC Address : 00:22:56:88:79:00

Si observamos las salidas anteriores podemos darnos cuenta que ningún switch L3 será elegido Root Bridge porque el valor menor es considerado, por tanto debemos determinar cuál de los dos switches ALS1 o ALS2 obtendrá el título de Root Bridge.El comando show spanning-tree nos mostrará quién es el Root Bridge. Nota: Obviamente estos resultados pueden variar entre distintos equipos puesto que tienen diferentes MACs.

ALS1 → 00:22:56:89:5D:80ALS1 → 0x002256895D80 (Hex)ALS1 → 147480731008 (decimal)

ALS2 → 00:22:56:88:79:00ALS2 → 0x002256887900 (Hex)ALS2 → 147480672512 (decimal) //Menor Valor por lo tanto debe ser el Root Bridge.

ALS2#show spanning-treeVLAN0001 Spanning tree enabled protocol ieee Root ID Priority 32769 Address 0022.5688.7900 This bridge is the root Hello Time 2 sec Max Age 20 sec Forward Delay 15 sec

DLS1#sh spanning-treeVLAN0001 Spanning tree enabled protocol ieee Root ID Priority 32769 Address 0022.5688.7900 Cost 19 Port 11 (FastEthernet0/9) Hello Time 2 sec Max Age 20 sec Forward Delay 15 sec

@ NMT 2012 61

Page 62: Guia Switch

CCNP 3 Guía SWITCH v1.0

3. Seleccionar el ROOT PORT (en cada noroot bridge)DLS1 el RP es la interface fastethernet 0/9 (menor costo 19)DLS2 el RP es la interface fastethernet 0/7 (menor costo 19)ALS1 el RP es la interface fastethernet 0/11 (menor costo 19)ALS2 es el ROOT BRIDGE. No aplica.

DLS1#sh spanning-tree root portVLAN0001 FastEthernet0/9

DLS2#sh spanning-tree root portVLAN0001 FastEthernet0/7

ALS1#sh spanning-tree root portVLAN0001 FastEthernet0/11

@ NMT 2012 62

Page 63: Guia Switch

CCNP 3 Guía SWITCH v1.0

4. Selección de Designated Port DP. Cada enlace debe seleccionar el puerto que tenga menor costo al Root Bridge. Este último también participa. En caso de que los valores sean los mismos debemos utilizar el método de desempate.- Menor root bridge ID- Menor costo hacia el root bridge- Menor ID del Sender Bridge- Menor ID de Sender por ID

Enlace DLS1 ↔ DLS2: A el costo de ambas interfaces es el mismo al Root Bridge. Debemos comprobar otros criterios. El valor de Root Bridge ID de DLS1 es mayor que el valor de DLS2. Esto lo podemos observar con el comando sh spanning-tree vlan 1. De este modo podemos determinar que el DP es la interface fastethernet 0/11 de DLS2,

DLS1#sh spanning-tree vlan 1 | begin Bridge Bridge ID Priority 32769 (priority 32768 sys-id-ext 1) Address e8ba.70cb.f600 Hello Time 2 sec Max Age 20 sec Forward Delay 15 sec Aging Time 300 sec

Interface Role Sts Cost Prio.Nbr Type------------------- ---- --- --------- -------- --------------------------------Fa0/7 Altn BLK 19 128.9 P2pFa0/9 Root FWD 19 128.11 P2pFa0/11 Altn BLK 19 128.13 P2p

DLS2#sh spanning-tree vlan 1 | begin Bridge Bridge ID Priority 32769 (priority 32768 sys-id-ext 1) Address 3037.a6eb.d580 Hello Time 2 sec Max Age 20 sec Forward Delay 15 sec Aging Time 300

Interface Role Sts Cost Prio.Nbr Type---------------- ---- --- --------- -------- --------------------------------Fa0/7 Root FWD 19 128.9 P2pFa0/9 Altn BLK 19 128.11 P2pFa0/11 Desg FWD 19 128.13 P2p

Enlace DLS1 ↔ ALS2. ALS2 es el Root, de manera que el mejor camino al Root es sencillamente el puerto de ALS2 fastethernet 0/9. Lo mismo aplica para DLS2 ↔ ALS2 y ALS1 ↔ ALS2.El resto de los enlaces se pueden deducir fácilmente siguiendo los pasos señalados, es decir, si existen dos posibles caminos hacia el root (igual costo) usar los criterios de selección.

@ NMT 2012 63

Page 64: Guia Switch

CCNP 3 Guía SWITCH v1.0

Tenemos la siguiente disposición.

5. Identificar los puertos bloqueados. Esta tarea es rápida, si un puerto no es RP o DP sencillamente es un puerto bloqueado. La imagen entonces debería quedar de la siguiente manera:

Comprobamos que la elección de STP corresponde con la determinada mediante el proceso teórico. Voilà!

DLS1#sh spanning-tree vlan 1 | begin InterfaceInterface Role Sts Cost Prio.Nbr Type------------------- ---- --- --------- -------- --------------------------------Fa0/7 Altn BLK 19 128.9 P2pFa0/9 Root FWD 19 128.11 P2pFa0/11 Altn BLK 19 128.13 P2p

@ NMT 2012 64

Page 65: Guia Switch

CCNP 3 Guía SWITCH v1.0

DLS2#sh spanning-tree vlan 1 | begin InterfaceInterface Role Sts Cost Prio.Nbr Type---------------- ---- --- --------- -------- --------------------------------Fa0/7 Root FWD 19 128.9 P2pFa0/9 Altn BLK 19 128.11 P2pFa0/11 Desg FWD 19 128.13 P2p

ALS1#sh spanning-tree vlan 1 | begin InterfaceInterface Role Sts Cost Prio.Nbr Type---------------- ---- --- --------- -------- --------------------------------Fa0/7 Desg FWD 19 128.7 P2pFa0/9 Desg FWD 19 128.9 P2pFa0/11 Root FWD 19 128.11 P2p

ALS2#show spanning-tree vlan 1 | begin InterfaceInterface Role Sts Cost Prio.Nbr Type---------------- ---- --- --------- -------- --------------------------------Fa0/7 Desg FWD 19 128.7 P2pFa0/9 Desg FWD 19 128.9 P2pFa0/11 Desg FWD 19 128.11 P2p

STP Configuración.

Prelab: Borrar configuraciónes anteriores.

Configurar Etherchannel entre DLS1 y DLS2 (Fa0/11 y Fa0/12). Utilizar LACP. Configurar ISL entre DLS1 y DLS2. No utilizar DTP.

@ NMT 2012 65

Page 66: Guia Switch

CCNP 3 Guía SWITCH v1.0

DLS1default interface range fastEthernet 0/11-12

interface FastEthernet0/11 channel-group 12 mode active

interface FastEthernet0/12 channel-group 12 mode active

interface Port-channel12 switchport trunk encapsulation dot1q switchport mode trunk switchport nonegotiate

DLS2default interface range fastEthernet 0/11-12

interface FastEthernet0/11 channel-group 12 mode active

interface FastEthernet0/12 channel-group 12 mode active

interface Port-channel12 switchport trunk encapsulation dot1q switchport mode trunk switchport nonegotiate

DLS1#show etherchannel protocol Channel-group listing: ----------------------Group: 12----------Protocol: LACP

DLS2#show interfaces trunkPort Mode Encapsulation Status Native vlanPo12 on 802.1q trunking 1Port Vlans allowed on trunkPo12 1-4094Port Vlans allowed and active in management domainPo12 1Port Vlans in spanning tree forwarding state and not prunedPo12 1

DLS1#sh interfaces port-channel 12 trunkPort Mode Encapsulation Status Native vlanPo12 on 802.1q trunking 1Port Vlans allowed on trunkPo12 1-4094Port Vlans allowed and active in management domainPo12 1Port Vlans in spanning tree forwarding state and not pruned

@ NMT 2012 66

Page 67: Guia Switch

CCNP 3 Guía SWITCH v1.0

Po12 none

DLS2#show spanning-tree interface port-channel 12Vlan Role Sts Cost Prio.Nbr Type---------------- ---- --- --------- -------- --------------------------------VLAN0001 Desg FWD 12 128.144 P2p

DLS1#show spanning-tree interface port-channel 12Vlan Role Sts Cost Prio.Nbr Type------------------- ---- --- --------- -------- --------------------------------VLAN0001 Altn BLK 12 128.144 P2p

Configurar 802.1q en el resto de enlaces como muestra la figura. Las interfaces que no participan en el laboratroio deben deshabilitarse.

DLS1interface FastEthernet0/7 switchport trunk encapsulation dot1q switchport mode trunk switchport nonegotiate

interface FastEthernet0/9 switchport trunk encapsulation dot1q switchport mode trunk switchport nonegotiate

interface range fastEthernet 0/8 , fastEthernet 0/10 , fastEthernet 0/12 shutdown

DLS2interface range fastEthernet 0/7 , fastEthernet 0/9 switchport trunk encapsulation dot1q switchport mode trunk switchport nonegotiate

interface range fastEthernet 0/8 , fastEthernet 0/10 , fastEthernet 0/12 shutdown

ALS1interface range fastEthernet 0/7 , fastEthernet 0/9 , fastEthernet 0/11 switchport mode trunk switchport nonegotiate

interface range fastEthernet 0/8 , fastEthernet 0/10 , fastEthernet 0/12 shutdown ALS2interface range fastEthernet 0/7 , fastEthernet 0/9 , fastEthernet 0/11 switchport mode trunk switchport nonegotiate

interface range fastEthernet 0/8 , fastEthernet 0/10 , fastEthernet 0/12

@ NMT 2012 67

Page 68: Guia Switch

CCNP 3 Guía SWITCH v1.0

shutdown

ALS2#show interfaces trunkPort Mode Encapsulation Status Native vlanFa0/7 on 802.1q trunking 1Fa0/9 on 802.1q trunking 1Fa0/11 on 802.1q trunking 1Port Vlans allowed on trunkFa0/7 1-4094Fa0/9 1-4094Fa0/11 1-4094Port Vlans allowed and active in management domainFa0/7 1Fa0/9 1Fa0/11 1Port Vlans in spanning tree forwarding state and not prunedFa0/7 1Fa0/9 1Fa0/11 1

Como observamos, ASL2 será siempre el Root Bridge, puesto que tiene la MAC menor. Esto provoca que todos los puertos de ALS2 se encuentren en estado FWD (Forwarding) como podemos ver en la siguiente salida.

ALS2#show spanning-treeVLAN0001 Spanning tree enabled protocol ieee Root ID Priority 32769 Address 0022.5688.7900 This bridge is the root Hello Time 2 sec Max Age 20 sec Forward Delay 15 sec

Bridge ID Priority 32769 (priority 32768 sys-id-ext 1) Address 0022.5688.7900 Hello Time 2 sec Max Age 20 sec Forward Delay 15 sec Aging Time 300

Interface Role Sts Cost Prio.Nbr Type---------------- ---- --- --------- -------- --------------------------------Fa0/7 Desg FWD 19 128.7 P2pFa0/9 Desg FWD 19 128.9 P2pFa0/11 Desg FWD 19 128.11 P2p

Comprobemos los estados STP de los demás switches.

DLS1#sh spanning-treeVLAN0001 Spanning tree enabled protocol ieee Root ID Priority 32769 Address 0022.5688.7900 Cost 19

@ NMT 2012

Este valor se deduce de 215 + número de la VLAN. 215 = 32768 + 1 = 32769

68

Page 69: Guia Switch

CCNP 3 Guía SWITCH v1.0

Port 11 (FastEthernet0/9) Hello Time 2 sec Max Age 20 sec Forward Delay 15 sec

Bridge ID Priority 32769 (priority 32768 sys-id-ext 1) Address e8ba.70cb.f600 Hello Time 2 sec Max Age 20 sec Forward Delay 15 sec Aging Time 300 sec

Interface Role Sts Cost Prio.Nbr Type------------------- ---- --- --------- -------- --------------------------------Fa0/7 Altn BLK 19 128.9 P2pFa0/9 Root FWD 19 128.11 P2pPo12 Altn BLK 19 128.144 P2p

DLS2#show spanning-treeVLAN0001 Spanning tree enabled protocol ieee Root ID Priority 32769 Address 0022.5688.7900 Cost 19 Port 9 (FastEthernet0/7) Hello Time 2 sec Max Age 20 sec Forward Delay 15 sec

Bridge ID Priority 32769 (priority 32768 sys-id-ext 1) Address 3037.a6eb.d580 Hello Time 2 sec Max Age 20 sec Forward Delay 15 sec Aging Time 300

Interface Role Sts Cost Prio.Nbr Type---------------- ---- --- --------- -------- --------------------------------Fa0/7 Root FWD 19 128.9 P2pFa0/9 Altn BLK 19 128.11 P2pPo12 Desg FWD 19 128.144 P2p

ALS1#show spanning-treeVLAN0001 Spanning tree enabled protocol ieee Root ID Priority 32769 Address 0022.5688.7900 Cost 19 Port 11 (FastEthernet0/11) Hello Time 2 sec Max Age 20 sec Forward Delay 15 sec Bridge ID Priority 32769 (priority 32768 sys-id-ext 1) Address 0022.5689.5d80 Hello Time 2 sec Max Age 20 sec Forward Delay 15 sec Aging Time 300Interface Role Sts Cost Prio.Nbr Type---------------- ---- --- --------- -------- --------------------------------Fa0/7 Desg FWD 19 128.7 P2pFa0/9 Desg FWD 19 128.9 P2pFa0/11 Root FWD 19 128.11 P2p

@ NMT 2012 69

Page 70: Guia Switch

CCNP 3 Guía SWITCH v1.0

Configure VTP con la siguiente disposición:DLS1 VTP Server, versión 2, domain DUOC, password ciscoDLS2 VTP Client, versión 2, domain DUOC, password ciscoALS1 VTP Client, versión 2, domain DUOC, password ciscoALS2 VTP Client, versión 2, domain DUOC, password cisco

DLS1vtp domain DUOCvtp password ciscovtp mode server

DLS2vtp domain DUOCvtp password ciscovtp mode client

ALS1vtp domain DUOCvtp password ciscovtp mode client

ALS2vtp domain DUOCvtp password ciscovtp mode client

En DLS1 crear la VLAN 2, 3, 4, 5, 6, 7, 8, 9, 10. Comprobar que sean conocidas estas VLANs en los switchs VTP client.

DLS1vlan 2-10

DLS1#sh vlan brief | exclude unsupVLAN Name Status Ports---- -------------------------------- --------- -------------------------------1 default active Fa0/1, Fa0/2, Fa0/3, Fa0/4 Fa0/5, Fa0/6, Fa0/8, Fa0/10 Fa0/12, Fa0/13, Fa0/14, Fa0/15 Fa0/16, Fa0/17, Fa0/18, Fa0/19 Fa0/20, Fa0/21, Fa0/22, Fa0/23 Fa0/24, Gi0/1, Gi0/22 VLAN0002 active3 VLAN0003 active4 VLAN0004 active5 VLAN0005 active6 VLAN0006 active7 VLAN0007 active8 VLAN0008 active9 VLAN0009 active10 VLAN0010 active

@ NMT 2012 70

Page 71: Guia Switch

CCNP 3 Guía SWITCH v1.0

DLS2#show vlan brief | exclude unsupVLAN Name Status Ports---- -------------------------------- --------- -------------------------------1 default active Fa0/1, Fa0/2, Fa0/3, Fa0/4 Fa0/5, Fa0/6, Fa0/8, Fa0/10 Fa0/12, Fa0/13, Fa0/14, Fa0/15 Fa0/16, Fa0/17, Fa0/18, Fa0/19 Fa0/20, Fa0/21, Fa0/22, Fa0/23 Fa0/24, Gi0/1, Gi0/22 VLAN0002 active3 VLAN0003 active4 VLAN0004 active5 VLAN0005 active6 VLAN0006 active7 VLAN0007 active8 VLAN0008 active9 VLAN0009 active10 VLAN0010 active

ALS1#show vlan brief | exclude unsupVLAN Name Status Ports---- -------------------------------- --------- -------------------------------1 default active Fa0/1, Fa0/2, Fa0/3, Fa0/4 Fa0/5, Fa0/6, Fa0/8, Fa0/10 Fa0/12, Fa0/13, Fa0/14, Fa0/15 Fa0/16, Fa0/17, Fa0/18, Fa0/19 Fa0/20, Fa0/21, Fa0/22, Fa0/23 Fa0/24, Gi0/1, Gi0/22 VLAN0002 active3 VLAN0003 active4 VLAN0004 active5 VLAN0005 active6 VLAN0006 active7 VLAN0007 active8 VLAN0008 active9 VLAN0009 active10 VLAN0010 active

ALS2#show vlan brief | exclude unsupVLAN Name Status Ports---- -------------------------------- --------- -------------------------------1 default active Fa0/1, Fa0/2, Fa0/3, Fa0/4 Fa0/5, Fa0/6, Fa0/8, Fa0/10 Fa0/12, Fa0/13, Fa0/14, Fa0/15 Fa0/16, Fa0/17, Fa0/18, Fa0/19 Fa0/20, Fa0/21, Fa0/22, Fa0/23 Fa0/24, Gi0/1, Gi0/22 VLAN0002 active3 VLAN0003 active4 VLAN0004 active5 VLAN0005 active6 VLAN0006 active7 VLAN0007 active8 VLAN0008 active

@ NMT 2012 71

Page 72: Guia Switch

CCNP 3 Guía SWITCH v1.0

9 VLAN0009 active10 VLAN0010 active

DLS1 debe ser Root Bridge para las VLANs 1, 2, 3, 4. DLS2 debe ser Root Bridge para las VLANs 5, 6, 7, 8, 9, 10

Fijemonos en algunos detalles. ALS2 (ojo, en estos equipos en particular, si verificamos lo switches del laboratorio tendrán BID distintos) es el Root Bridge para todas las VLANs

ALS2#show version | include BaseBase ethernet MAC Address : 00:22:56:88:79:00

ALS2#show spanning-tree bridge Hello Max FwdVlan Bridge ID Time Age Dly Protocol---------------- --------------------------------- ----- --- --- --------VLAN0001 32769 (32768, 1) 0022.5688.7900 2 20 15 ieeeVLAN0002 32770 (32768, 2) 0022.5688.7900 2 20 15 ieeeVLAN0003 32771 (32768, 3) 0022.5688.7900 2 20 15 ieeeVLAN0004 32772 (32768, 4) 0022.5688.7900 2 20 15 ieeeVLAN0005 32773 (32768, 5) 0022.5688.7900 2 20 15 ieeeVLAN0006 32774 (32768, 6) 0022.5688.7900 2 20 15 ieeeVLAN0007 32775 (32768, 7) 0022.5688.7900 2 20 15 ieeeVLAN0008 32776 (32768, 8) 0022.5688.7900 2 20 15 ieeeVLAN0009 32777 (32768, 9) 0022.5688.7900 2 20 15 ieeeVLAN0010 32778 (32768, 10) 0022.5688.7900 2 20 15 ieee

DLS1spanning-tree vlan 1,2,3,4 root primary

DLS1#sh spanning-tree root Root Hello Max FwdVlan Root ID Cost Time Age Dly Root Port---------------- -------------------- --------- ----- --- --- ------------VLAN0001 24577 e8ba.70cb.f600 0 2 20 15VLAN0002 24578 e8ba.70cb.f600 0 2 20 15VLAN0003 24579 e8ba.70cb.f600 0 2 20 15VLAN0004 24580 e8ba.70cb.f600 0 2 20 15VLAN0005 32773 0022.5688.7900 19 2 20 15 Fa0/9VLAN0006 32774 0022.5688.7900 19 2 20 15 Fa0/9VLAN0007 32775 0022.5688.7900 19 2 20 15 Fa0/9VLAN0008 32776 0022.5688.7900 19 2 20 15 Fa0/9VLAN0009 32777 0022.5688.7900 19 2 20 15 Fa0/9VLAN0010 32778 0022.5688.7900 19 2 20 15 Fa0/9

DLS2spanning-tree vlan 5,6,7,8,9,10 root primary

@ NMT 2012 72

Page 73: Guia Switch

CCNP 3 Guía SWITCH v1.0

DLS2#show spanning-tree root Root Hello Max FwdVlan Root ID Cost Time Age Dly Root Port---------------- -------------------- --------- ----- --- --- ------------VLAN0001 24577 e8ba.70cb.f600 19 2 20 15 Po12VLAN0002 24578 e8ba.70cb.f600 19 2 20 15 Po12VLAN0003 24579 e8ba.70cb.f600 19 2 20 15 Po12VLAN0004 24580 e8ba.70cb.f600 19 2 20 15 Po12VLAN0005 24581 3037.a6eb.d580 0 2 20 15VLAN0006 24582 3037.a6eb.d580 0 2 20 15VLAN0007 24583 3037.a6eb.d580 0 2 20 15VLAN0008 24584 3037.a6eb.d580 0 2 20 15VLAN0009 24585 3037.a6eb.d580 0 2 20 15VLAN0010 24586 3037.a6eb.d580 0 2 20 15

DLS2#show version | include BaseBase ethernet MAC Address : 30:37:A6:EB:D5:80

STP BPDU Guard La interface fastethernet0/2 de ALS2 debe pertenecer a la VLAN 10. Próximamente se conectará un PC.

Evitar que el proceso STP transite por los estados listening/learning. En caso que la interface reciba algún paquete BPDU deberá quedar en estado errdisable que tendrá una duración de 30 segundos.

ALS2interface FastEthernet0/2 switchport access vlan 10 switchport mode access spanning-tree portfast

ALS2#show interfaces fastEthernet 0/1 switchportName: Fa0/1Switchport: EnabledAdministrative Mode: static accessOperational Mode: downAdministrative Trunking Encapsulation: dot1qNegotiation of Trunking: OffAccess Mode VLAN: 10 (VLAN0010)

ALS2spanning-tree portfast bpduguard defaulterrdisable recovery interval 30

Si conectamos algún dispositivo que envíe BPDUs (ejemplo un Switch) obtendremos los siguientes resultados:

04:27:48: %LINEPROTO-5-UPDOWN: Line protocol on Interface FastEthernet0/7, changed state to down04:27:49: %LINK-3-UPDOWN: Interface FastEthernet0/7, changed state to down04:27:50: %SPANTREE-2-BLOCK_BPDUGUARD: Received BPDU on port FastEthernet0/2 with BPDU Guard enabled. Disabling port.ALS2#

@ NMT 2012 73

Page 74: Guia Switch

CCNP 3 Guía SWITCH v1.0

04:27:50: %PM-4-ERR_DISABLE: bpduguard error detected on Fa0/2, putting Fa0/2 in err-disable state

ALS2#show interfaces fastEthernet 0/2 status err-disabledPort Name Status ReasonFa0/2 err-disabled bpduguard

FLEX Link

Crear trunk utilizando Fa0/7 y Fa0/8 de ambos switches utilizando un protocolo estándar. DLS1 VTP Server ALS1 VTP Client DLS1 debe crear las VLANs 100, 200, 300 y 400. DLS1 debe ser root de todas las VLANs Comprueba que ALS1 posee las VLANs

El enlace Flex (Flex link) es una característica que se encuentra disponible en capa 2 y puede coexistir con STP. Esta mejora permite que el tiempo de convergencia sea menor a 50 milisegundos, en resumen este tiempo se mantiene constante independientemente del número de VLAN o dirección MAC configuradas en el switch. Este enlace consta de un par de interfaces de capa 2 que pueden estar configuradas como switchports o port channels, y funcionan como respaldo para otro enlace. También ofrece una solución alternativa al protocolo Spanning Tree (STP), permitiendo a los usuarios su desactivación y todavía proporcionar un enlace redundante.

@ NMT 2012 74

Page 75: Guia Switch

CCNP 3 Guía SWITCH v1.0

DLS1interface FastEthernet0/7 switchport trunk encapsulation dot1q switchport mode trunk

interface FastEthernet0/8 switchport trunk encapsulation dot1q switchport mode trunk

ALS1interface FastEthernet0/7 switchport mode trunk

interface FastEthernet0/8 switchport mode trunk

DLS1vtp mode servervtp domain duocvtp version 2vlan 100,200,300,400spanning-tree vlan 100,200,300,400 root primary

ALS1vtp mode clientvtp domain duocvtp version 2

ALS1#show vlan brief | exclude unsupVLAN Name Status Ports---- -------------------------------- --------- -------------------------------1 default active Fa0/1, Fa0/2, Fa0/3, Fa0/4 Fa0/5, Fa0/6, Fa0/9, Fa0/10 Fa0/11, Fa0/12, Fa0/13, Fa0/14 Fa0/15, Fa0/16, Fa0/17, Fa0/18 Fa0/19, Fa0/20, Fa0/21, Fa0/22 Fa0/23, Fa0/24, Gi0/1, Gi0/2100 VLAN0100 active200 VLAN0200 active300 VLAN0300 active400 VLAN0400 active

@ NMT 2012 75

Page 76: Guia Switch

CCNP 3 Guía SWITCH v1.0

DLS1#sh spanning-tree vlan 100VLAN0100 Spanning tree enabled protocol ieee Root ID Priority 24676 Address e8ba.70cb.f600 This bridge is the root Hello Time 2 sec Max Age 20 sec Forward Delay 15 sec

Bridge ID Priority 24676 (priority 24576 sys-id-ext 100) Address e8ba.70cb.f600 Hello Time 2 sec Max Age 20 sec Forward Delay 15 sec Aging Time 15 sec

Interface Role Sts Cost Prio.Nbr Type------------------- ---- --- --------- -------- --------------------------------Fa0/7 Desg FWD 19 128.9 P2pFa0/8 Desg FWD 19 128.10 P2p

ALS1#show spanning-tree vlan 100VLAN0100 Spanning tree enabled protocol ieee Root ID Priority 24676 Address e8ba.70cb.f600 Cost 19 Port 7 (FastEthernet0/7) Hello Time 2 sec Max Age 20 sec Forward Delay 15 sec

Bridge ID Priority 32868 (priority 32768 sys-id-ext 100) Address 0022.5689.5d80 Hello Time 2 sec Max Age 20 sec Forward Delay 15 sec Aging Time 300

Interface Role Sts Cost Prio.Nbr Type---------------- ---- --- --------- -------- --------------------------------Fa0/7 Root FWD 19 128.7 P2pFa0/8 Altn BLK 19 128.8 P2p

Configurar FlexLink con las siguientes políticas. ALS1 fa0/7 backup Conectar PCs a algún puerto de DLS1 y ALS1 (misma VLAN y probar conectividad entre ellos). Desactivar enlace activo y esperar comprobar el tiempo de activación.

Hacer balanceo de carga usandoel comando de interface switchport backup interface fastEthernet 0/3 prefer vlan 101…..

ALS1interface FastEthernet0/8 switchport mode trunk switchport backup interface Fa0/7

@ NMT 2012 76

Page 77: Guia Switch

CCNP 3 Guía SWITCH v1.0

ALS1#show interfaces switchport backupSwitch Backup Interface Pairs:Active Interface Backup Interface State------------------------------------------------------------------------FastEthernet0/8 FastEthernet0/7 Active Up/Backup Standby

DLS1interface FastEthernet0/1 switchport access vlan 100 switchport mode access spanning-tree portfast

ALS1interface FastEthernet0/1 switchport access vlan 100 switchport mode access spanning-tree portfast

Pruebas de conectividad Flex LinkPC1 → 10.1.1.1/24 conectado a la Fa0/1 de DLS1PC2 → 10.1.1.2/24 conectado a la Fa0/1 de ALS1Deberíamos tener conectividad a través de ping.Fa0/8 actúa activamente en el tráfico, si deshabilitamos la interface no existe interrumpción de tráfico.

ALS1(config)#interface fastEthernet 0/8ALS1(conig-if)#shutdown

ALS1#show interfaces switchport backupSwitch Backup Interface Pairs:Active Interface Backup Interface State------------------------------------------------------------------------FastEthernet0/8 FastEthernet0/7 Active Down/Backup Up

PC1 ping 10.1.1.2 -tRespuesta desde 10.1.1.2: bytes=32 tiempo<1m TTL=128Respuesta desde 10.1.1.2: bytes=32 tiempo<1m TTL=128Respuesta desde 10.1.1.2: bytes=32 tiempo<1m TTL=128Respuesta desde 10.1.1.2: bytes=32 tiempo<1m TTL=128Respuesta desde 10.1.1.2: bytes=32 tiempo<1m TTL=128Respuesta desde 10.1.1.2: bytes=32 tiempo<1m TTL=128Respuesta desde 10.1.1.2: bytes=32 tiempo<1m TTL=128Respuesta desde 10.1.1.2: bytes=32 tiempo<1m TTL=128Respuesta desde 10.1.1.2: bytes=32 tiempo<1m TTL=128Respuesta desde 10.1.1.2: bytes=32 tiempo<1m TTL=128Respuesta desde 10.1.1.2: bytes=32 tiempo<1m TTL=128Respuesta desde 10.1.1.2: bytes=32 tiempo<1m TTL=128Respuesta desde 10.1.1.2: bytes=32 tiempo<1m TTL=128Respuesta desde 10.1.1.2: bytes=32 tiempo<1m TTL=128Respuesta desde 10.1.1.2: bytes=32 tiempo<1m TTL=128

ALS1(config)#interface fastEthernet 0/8ALS1(config-if)#no shutdown

@ NMT 2012 77

Page 78: Guia Switch

CCNP 3 Guía SWITCH v1.0

ALS1#show interfaces switchport backupSwitch Backup Interface Pairs:Active Interface Backup Interface State------------------------------------------------------------------------FastEthernet0/8 FastEthernet0/7 Active Standby/Backup Up

Como vemos en la salida anterior la interface fa0/8 no vuelva al estado activo por defecto. En otras palabras no se apropia del puesto que dejó. Para esto debemos establecer explícitamente que lo haga.

Fastethernet 0/8 debe vovler a su estado UP en 4 segundos luego de restablecer el enlace.

ALS1interface FastEthernet0/8 switchport backup interface Fa0/7 preemption delay 4 switchport backup interface Fa0/7 preemption mode forced //Si no incluimos forced el proceso no lo considera

01:14:35: %BACKUP_INTERFACE-5-PREEMPT: Preempting interface Fa0/7 in backup pair (Fa0/8, Fa0/7), preemption mode is forced

ALS1#show interfaces switchport backup detailSwitch Backup Interface Pairs:Active Interface Backup Interface State------------------------------------------------------------------------FastEthernet0/8 FastEthernet0/7 Active Up/Backup Standby

Interface Pair : Fa0/8, Fa0/7Preemption Mode : forcedPreemption Delay : 4 secondsBandwidth : 100000 Kbit (Fa0/8), 100000 Kbit (Fa0/7)Mac Address Move Update Vlan : auto

@ NMT 2012 78

Page 79: Guia Switch

CCNP 3 Guía SWITCH v1.0

STP Multiple Spanning Tree MST 802.1s

Configure ambos switches en modo trunk. Utilice 802.1q.

DLS1interface range fastEthernet 0/11-12 switchport trunk encapsulation dot1q switchport mode trunk

DLS2interface range fastEthernet 0/11-12 switchport trunk encapsulation dot1q switchport mode trunk

DLS2#show interfaces trunkPort Mode Encapsulation Status Native vlanFa0/11 on 802.1q trunking 1Fa0/12 on 802.1q trunking 1Port Vlans allowed on trunkFa0/11 1-4094Fa0/12 1-4094Port Vlans allowed and active in management domainFa0/11 1Fa0/12 1Port Vlans in spanning tree forwarding state and not prunedFa0/11 1Fa0/12 1

VTP. DLS1 debe ser server VTP, DLS2 client VTP. Utilizar domain VTP DUOC, VTP versión 2. En DLS1 crear las VLANs 2-10. Comprobar que estas VLANs se propaguen a DLS2.

DLS1vtp mode servervtp domain DUOCvtp version 2DLS2vtp mode clientvtp domain DUOCvtp version 2

DLS1#sh vtp status

@ NMT 2012 79

Page 80: Guia Switch

CCNP 3 Guía SWITCH v1.0

VTP Version : running VTP2Configuration Revision : 1Maximum VLANs supported locally : 1005Number of existing VLANs : 5VTP Operating Mode : ServerVTP Domain Name : DUOCVTP Pruning Mode : DisabledVTP V2 Mode : EnabledVTP Traps Generation : DisabledMD5 digest : 0xDC 0x3F 0x3A 0xBD 0x10 0x27 0xB2 0xDDConfiguration last modified by 10.1.1.1 at 3-1-93 00:06:43Local updater ID is 10.1.1.1 on interface Vl1 (lowest numbered VLAN interface found)

DLS2#show vtp statusVTP Version : 2Configuration Revision : 1Maximum VLANs supported locally : 1005Number of existing VLANs : 5VTP Operating Mode : ClientVTP Domain Name : DUOCVTP Pruning Mode : DisabledVTP V2 Mode : EnabledVTP Traps Generation : DisabledMD5 digest : 0xDC 0x3F 0x3A 0xBD 0x10 0x27 0xB2 0xDDConfiguration last modified by 10.1.1.1 at 3-1-93 00:06:43

DLS1vlan 2-10

DLS1#sh vlan brief | exclude unsupVLAN Name Status Ports---- -------------------------------- --------- -------------------------------1 default active Fa0/1, Fa0/2, Fa0/3, Fa0/4 Fa0/5, Fa0/6, Fa0/7, Fa0/8 Fa0/9, Fa0/10, Fa0/13, Fa0/14 Fa0/15, Fa0/16, Fa0/17, Fa0/18 Fa0/19, Fa0/20, Fa0/21, Fa0/22 Fa0/23, Fa0/24, Gi0/1, Gi0/22 VLAN0002 active3 VLAN0003 active4 VLAN0004 active5 VLAN0005 active6 VLAN0006 active7 VLAN0007 active8 VLAN0008 active9 VLAN0009 active10 VLAN0010 active

@ NMT 2012 80

Page 81: Guia Switch

CCNP 3 Guía SWITCH v1.0

DLS2#show vlan briefVLAN Name Status Ports---- -------------------------------- --------- -------------------------------1 default active Fa0/1, Fa0/2, Fa0/3, Fa0/4 Fa0/5, Fa0/6, Fa0/7, Fa0/8 Fa0/9, Fa0/10, Fa0/13, Fa0/14 Fa0/15, Fa0/16, Fa0/17, Fa0/18 Fa0/19, Fa0/20, Fa0/21, Fa0/22 Fa0/23, Fa0/24, Gi0/1, Gi0/22 VLAN0002 active3 VLAN0003 active4 VLAN0004 active5 VLAN0005 active6 VLAN0006 active7 VLAN0007 active8 VLAN0008 active9 VLAN0009 active10 VLAN0010 active

Configure MST siguiendo las siguientes políticas: Crear dos instancias STP: instancia1, instancia2. El el numero de revisión (revision number) debe ser 1. El nombre MST debe ser DUOC A la instancia1 le corresponden las VLANs 1-5 A la instancia2 le corresponde la VLANs 6-8 Las siguientes VLANs serán parte de la instancia0. Instacia1 → fastethernet0/11 Instacia2 → fastethernet0/12 DLS1 debe ser Root Bridge para instancia1 DLS2 debe ser Root Bridge para instancia2

La ventaja de MST es que puede mapear multiples VLANs que tengan los mismos requerimientos (mismo tráfico) y generar una sola instancia de STP, lo que se traduce en una menor utilización de la CPU.

Verifiquemos cuantas instancias existen. Para eso utilizaremos el comando show spanning-tree. Podemos observar que tenemos 9 instancias más la VLAN 1. 10 Instancias en total.

DLS1#sh spanning-tree

VLAN0001 Spanning tree enabled protocol ieee Root ID Priority 32769 Address 3037.a6eb.d580 Cost 19 Port 13 (FastEthernet0/11) Hello Time 2 sec Max Age 20 sec Forward Delay 15 sec

Bridge ID Priority 32769 (priority 32768 sys-id-ext 1) Address e8ba.70cb.f600 Hello Time 2 sec Max Age 20 sec Forward Delay 15 sec Aging Time 300 sec

@ NMT 2012 81

Page 82: Guia Switch

CCNP 3 Guía SWITCH v1.0

Interface Role Sts Cost Prio.Nbr Type------------------- ---- --- --------- -------- --------------------------------Fa0/11 Root FWD 19 128.13 P2pFa0/12 Altn BLK 19 128.14 P2p

VLAN0002 Spanning tree enabled protocol ieee Root ID Priority 32770 Address 3037.a6eb.d580 Cost 19 Port 13 (FastEthernet0/11) Hello Time 2 sec Max Age 20 sec Forward Delay 15 sec

Bridge ID Priority 32770 (priority 32768 sys-id-ext 2) Address e8ba.70cb.f600 Hello Time 2 sec Max Age 20 sec Forward Delay 15 sec Aging Time 300 sec

Interface Role Sts Cost Prio.Nbr Type------------------- ---- --- --------- -------- --------------------------------Fa0/11 Root FWD 19 128.13 P2pFa0/12 Altn BLK 19 128.14 P2p

.

.

.

.

VLAN0010 Spanning tree enabled protocol ieee Root ID Priority 32778 Address 3037.a6eb.d580 Cost 19 Port 13 (FastEthernet0/11) Hello Time 2 sec Max Age 20 sec Forward Delay 15 sec

Bridge ID Priority 32778 (priority 32768 sys-id-ext 10) Address e8ba.70cb.f600 Hello Time 2 sec Max Age 20 sec Forward Delay 15 sec Aging Time 300 sec

Interface Role Sts Cost Prio.Nbr Type------------------- ---- --- --------- -------- --------------------------------Fa0/11 Root FWD 19 128.13 P2pFa0/12 Altn BLK 19 128.14 P2p

@ NMT 2012 82

Page 83: Guia Switch

CCNP 3 Guía SWITCH v1.0

Como vemos en la salida anterior STP está corriendo una instancia distinta para cada VLAN, asumiendo que cada instancia tiene un camino distinto o flujo distinto, aun cuando siguen misma topología física. DLS1 y DLS2 podrán utilizar MST si ambos tienen identica:

Región name Revision number VLAN-to-instance assignments

Para configuirar MST debemos seguir los siguientes pasos:1. Configurar MST globalmente:

DLS1spanning-tree mode mst

DLS2spanning-tree mode mst

DLS2#show spanning-treeMST0 Spanning tree enabled protocol mstp Root ID Priority 32768 Address 3037.a6eb.d580 This bridge is the root Hello Time 2 sec Max Age 20 sec Forward Delay 15 sec

Bridge ID Priority 32768 (priority 32768 sys-id-ext 0) Address 3037.a6eb.d580 Hello Time 2 sec Max Age 20 sec Forward Delay 15 sec

Interface Role Sts Cost Prio.Nbr Type---------------- ---- --- --------- -------- --------------------------------Fa0/11 Desg FWD 200000 128.13 P2pFa0/12 Desg FWD 200000 128.14 P2p

DLS1#sh spanning-treeMST0 Spanning tree enabled protocol mstp Root ID Priority 32768 Address 3037.a6eb.d580 Cost 0 Port 13 (FastEthernet0/11) Hello Time 2 sec Max Age 20 sec Forward Delay 15 sec

Bridge ID Priority 32768 (priority 32768 sys-id-ext 0) Address e8ba.70cb.f600 Hello Time 2 sec Max Age 20 sec Forward Delay 15 sec

Interface Role Sts Cost Prio.Nbr Type------------------- ---- --- --------- -------- --------------------------------Fa0/11 Root FWD 200000 128.13 P2pFa0/12 Altn BLK 200000 128.14 P2p

@ NMT 2012 83

Page 84: Guia Switch

CCNP 3 Guía SWITCH v1.0

Si no se define, todas las instancias quedan en instancia 0.

DLS1#sh spanning-tree mst configurationName []Revision 0 Instances configured 1

Instance Vlans mapped-------- ---------------------------------------------------------------------0 1-4094-------------------------------------------------------------------------------

2. Entrar en el modo de configuración MST con el comando spanning-tree mst configuration.3. Establecer el numero de revisión4. Nombre de región5. Crear las instancias y asignarles las VLANs

DLS1spanning-tree mst configuration revision 1 name DUOC instance 1 vlan 1-5 instance 2 vlan 6-8

DLS2spanning-tree mst configuration revision 1 name DUOC instance 1 vlan 1-5 instance 2 vlan 6-8

DLS2#show spanning-tree mst configurationName [DUOC]Revision 1 Instances configured 3

Instance Vlans mapped-------- ---------------------------------------------------------------------0 9-40941 1-52 6-8-------------------------------------------------------------------------------

@ NMT 2012 84

Page 85: Guia Switch

CCNP 3 Guía SWITCH v1.0

DLS1#sh spanning-tree mst configurationName [DUOC]Revision 1 Instances configured 3

Instance Vlans mapped-------- ---------------------------------------------------------------------0 9-40941 1-52 6-8-------------------------------------------------------------------------------

DLS1#sh spanning-treeMST0 Spanning tree enabled protocol mstp Root ID Priority 32768 Address 3037.a6eb.d580 Cost 0 Port 13 (FastEthernet0/11) Hello Time 2 sec Max Age 20 sec Forward Delay 15 sec

Bridge ID Priority 32768 (priority 32768 sys-id-ext 0) Address e8ba.70cb.f600 Hello Time 2 sec Max Age 20 sec Forward Delay 15 sec

Interface Role Sts Cost Prio.Nbr Type------------------- ---- --- --------- -------- --------------------------------Fa0/11 Root FWD 200000 128.13 P2pFa0/12 Altn BLK 200000 128.14 P2p

MST1 Spanning tree enabled protocol mstp Root ID Priority 32769 Address 3037.a6eb.d580 Cost 200000 Port 13 (FastEthernet0/11) Hello Time 2 sec Max Age 20 sec Forward Delay 15 sec

Bridge ID Priority 32769 (priority 32768 sys-id-ext 1) Address e8ba.70cb.f600 Hello Time 2 sec Max Age 20 sec Forward Delay 15 sec

Interface Role Sts Cost Prio.Nbr Type------------------- ---- --- --------- -------- --------------------------------Fa0/11 Root FWD 200000 128.13 P2pFa0/12 Altn BLK 200000 128.14 P2p

MST2 Spanning tree enabled protocol mstp Root ID Priority 32770 Address 3037.a6eb.d580 Cost 200000 Port 13 (FastEthernet0/11) Hello Time 2 sec Max Age 20 sec Forward Delay 15 sec

@ NMT 2012 85

Page 86: Guia Switch

CCNP 3 Guía SWITCH v1.0

Bridge ID Priority 32770 (priority 32768 sys-id-ext 2) Address e8ba.70cb.f600 Hello Time 2 sec Max Age 20 sec Forward Delay 15 sec

Interface Role Sts Cost Prio.Nbr Type------------------- ---- --- --------- -------- --------------------------------Fa0/11 Root FWD 200000 128.13 P2pFa0/12 Altn BLK 200000 128.14 P2p

Podemos notar que existe un BID por cada instancia, a 32768 se le suma el número de la instancia haciendo del BID único

DLS1#sh spanning-tree bridge Hello Max FwdMST Instance Bridge ID Time Age Dly Protocol---------------- --------------------------------- ----- --- --- --------MST0 32768 (32768, 0) e8ba.70cb.f600 2 20 15 mstpMST1 32769 (32768, 1) e8ba.70cb.f600 2 20 15 mstpMST2 32770 (32768, 2) e8ba.70cb.f600 2 20 15 mstp

DLS2#show spanning-tree root Root Hello Max FwdMST Instance Root ID Cost Time Age Dly Root Port---------------- -------------------- --------- ----- --- --- ------------MST0 32768 3037.a6eb.d580 0 2 20 15MST1 32769 3037.a6eb.d580 0 2 20 15MST2 32770 3037.a6eb.d580 0 2 20 15

DLS2#show version | include BaseBase ethernet MAC Address : 30:37:A6:EB:D5:80

DLS1 debe ser Root Bridge para instancia1 DLS2 debe ser Root Bridge para instancia2

Ya podemos establecer prioridades trabajando con VLANs empaquetadas, como una sola entidad, instancia 1 e instancia 2. Para esto debemos utilizar el comando

DLS1(config)#spanning-tree mst 1 priority ? <0-61440> bridge priority in increments of 4096

DLS1(config)#spanning-tree mst 1 priority 0DLS1(config)#spanning-tree mst 2 priority 4096

DLS2spanning-tree mst 1 priority 4096spanning-tree mst 2 priority 0

@ NMT 2012 86

Page 87: Guia Switch

CCNP 3 Guía SWITCH v1.0

DLS2#show version | include BaseBase ethernet MAC Address : 30:37:A6:EB:D5:80

DLS2#show spanning-tree root Root Hello Max FwdMST Instance Root ID Cost Time Age Dly Root Port---------------- -------------------- --------- ----- --- --- ------------MST0 32768 3037.a6eb.d580 0 2 20 15MST1 1 e8ba.70cb.f600 200000 2 20 15 Fa0/11MST2 2 3037.a6eb.d580 0 2 20 15

La salida anterior nos muestra que DLS2 es Root Bridge para instancia 0 y 1. Para instancia 1 tenemos otro BID (de DLS1) que podemos identificar porque tiene un Root Port (Fa0/11).

DLS1#sh version | include BaseBase ethernet MAC Address : E8:BA:70:CB:F6:00

DLS1#sh spanning-tree root Root Hello Max FwdMST Instance Root ID Cost Time Age Dly Root Port---------------- -------------------- --------- ----- --- --- ------------MST0 32768 3037.a6eb.d580 0 2 20 15 Fa0/11MST1 1 e8ba.70cb.f600 0 2 20 15MST2 2 3037.a6eb.d580 200000 2 20 15 Fa0/11

DLS1#sh spanning-tree interface fastEthernet 0/11Mst Instance Role Sts Cost Prio.Nbr Type------------------- ---- --- --------- -------- --------------------------------MST0 Root FWD 200000 128.13 P2pMST1 Desg FWD 200000 128.13 P2pMST2 Root FWD 200000 128.13 P2p

DLS1#sh spanning-tree interface fastEthernet 0/12Mst Instance Role Sts Cost Prio.Nbr Type------------------- ---- --- --------- -------- --------------------------------MST0 Altn BLK 200000 128.14 P2pMST1 Desg FWD 200000 128.14 P2pMST2 Altn BLK 200000 128.14 P2p

DLS2#show spanning-tree interface fastEthernet 0/11Mst Instance Role Sts Cost Prio.Nbr Type---------------- ---- --- --------- -------- --------------------------------MST0 Desg FWD 200000 128.13 P2pMST1 Root FWD 200000 128.13 P2pMST2 Desg FWD 200000 128.13 P2p

@ NMT 2012 87

Page 88: Guia Switch

CCNP 3 Guía SWITCH v1.0

DLS2#show spanning-tree interface fastEthernet 0/12Mst Instance Role Sts Cost Prio.Nbr Type---------------- ---- --- --------- -------- --------------------------------MST0 Desg FWD 200000 128.14 P2pMST1 Altn BLK 200000 128.14 P2pMST2 Desg FWD 200000 128.14 P2p

Queremos que el tráfico de la instancia 1 utilice la Fa0/11 y la instancia 2 la Fa0/12Nota: Menor valor mayor prioridad.

DLS1interface FastEthernet0/11 spanning-tree mst 1 port-priority 0 spanning-tree mst 2 port-priority 240

interface FastEthernet0/12 spanning-tree mst 1 port-priority 240 spanning-tree mst 2 port-priority 0

DLS2interface FastEthernet0/11 spanning-tree mst 1 port-priority 0 spanning-tree mst 2 port-priority 240

interface FastEthernet0/12 spanning-tree mst 1 port-priority 240 spanning-tree mst 2 port-priority 0

Notemos que instancia 1 utiliza la interface Fa0/11 y la instancia 2 la Fa0/12.

DLS2#show spanning-tree interface fastEthernet 0/11Mst Instance Role Sts Cost Prio.Nbr Type---------------- ---- --- --------- -------- --------------------------------MST0 Desg FWD 200000 128.13 P2pMST1 Root FWD 200000 0.13 P2pMST2 Desg FWD 200000 240.13 P2p

DLS2#show spanning-tree interface fastEthernet 0/12Mst Instance Role Sts Cost Prio.Nbr Type---------------- ---- --- --------- -------- --------------------------------MST0 Desg FWD 200000 128.14 P2pMST1 Altn BLK 200000 240.14 P2pMST2 Desg FWD 200000 0.14 P2p

@ NMT 2012 88