CCIE Pursuit Blog

August 8, 2007

CCIE Blogs

Filed under: CCIE Blogs,Cisco,Cisco Certification,Home Lab,Training Materials — cciepursuit @ 1:16 pm

When I first decided to make a run at the CCIE Routing and Switching lab, I looked for CCIE blogs.  I figured that with the thousands of existing CCIEs and countless number of candidates there would be a plethora of CCIE blogs.  Maybe I didn’t search hard enough, but I did not find any.  This was one of the reasons that I decided that I should start my own CCIE R&S blog.  Since that time, I’ve discovered CCIE Candidate as well as two new blogs: bitbucketblog and CCIE Journey.  Between these three blogs (and yours truly) there should be a wealth of CCIE Routing and Switching information for candidates and potential candidates to follow.  Here’s a breakdown of these three CCIE blogs:

CCIE Candidate

Ethan Banks’ blog began in January of this year.  Up until recently, it has concentrated heavily on the CCIE Routing and Switching written exam.  Ethan passed that exam at Networkers this year.  Now he has assembled a home/work lab and is preparing to begin his lab preparation using the NetMasterClass DoIT labs.  Ethan’s blog is very well written and very detailed.  Anyone that is looking at taking the CCIE R&S written exam will benefit greatly from his study notes.

bitbucketblog

The blogger at bitbucketblog is currently working on his second attempt at the CCIE R&S lab.  As such, he’s further along in his studies than the other three bloggers.  He is using Internetwork Expert material as well as the IPexpert workbook.  It looks like he has quite a bit on his plate right now with a new house (as someone who has been in his new home for about 2 weeks – I feel you) and a new wife.  I loved his posting about looking for open APs.  I just moved from a neighborhood that had about 6 APs (all LinkSys – all unprotected -  all on channel 6) that I could leech off of if my cable connection went down to a much smaller town (less than 2000 people – but on a lake!) where I was surprised to find zero APs.  Couple that with waiting for the cable company to hook up my new connection and I was in serious withdrawal.  But I digress…..welcome aboard bitbucketblog.

CCIE Journey

This is the newest of the CCIE blogs (the first postings are from yesterday).  The blogger at CCIE Journey is currently working on the CCIE written exam along with studying for the lab.  He bought the Internetwork Expert End-to-End package.  We’re both at about the same point on our path.  I have not completed the written test yet (planning on September) and am also using the IE products.  He has Dynamips humming along on a Linux box(judging by his URL, he knows a thing or two about Linux), something that I need to get around to doing as well.  Welcome to the fold CCIE Journey.

I think that CCIE candidates will be well served by checking out each of these blogs.  The bloggers present a group of candidates that are at different points in their paths to the CCIE as well as different vendor materials.  I think that between the 4 blogs (and hopefully more will emerge) there should be a lot of good information.

Disabling DTP

Filed under: Cisco,Cisco Certification,IOS,Switching — cciepursuit @ 11:18 am

Task:  Configure an ISL trunk between two 3560s without using DTP.

My first instinct is that this can be accomplished by hardsetting both side of the link to trunk with ISL encapsulation. 

This is a GREAT question because you need to explicitly disable DTP. The following solution will NOT work:

sw1#sh run int fa0/13
Building configuration…

Current configuration : 93 bytes
!
interface FastEthernet0/13
 switchport trunk encapsulation isl
 switchport mode trunk
end

sw2#sh run int fa0/13
Building configuration…

Current configuration : 93 bytes
!
interface FastEthernet0/13
 switchport trunk encapsulation isl
 switchport mode trunk

end

Even though trunking is not negotiated:
sw1#sh int fa0/13 trunk

Port        Mode         Encapsulation  Status        Native vlan
Fa0/13      on           isl            trunking      1

sw2#sh int fa0/13 trunk

Port        Mode         Encapsulation  Status        Native vlan
Fa0/13      on           isl            trunking      1

DTP is still ON:

sw1#sh int fa0/13 switch
Name: Fa0/13
Switchport: Enabled
Administrative Mode: trunk
Operational Mode: trunk
Administrative Trunking Encapsulation: isl
Operational Trunking Encapsulation: isl
Negotiation of Trunking: On <-NOTE!!!
Access Mode VLAN: 1 (default)
Trunking Native Mode VLAN: 1 (default)

sw2#sh int fa0/13 switch
Name: Fa0/13
Switchport: Enabled
Administrative Mode: trunk
Operational Mode: trunk
Administrative Trunking Encapsulation: isl
Operational Trunking Encapsulation: isl
Negotiation of Trunking: On  <-NOTE!!!
Access Mode VLAN: 1 (default)
Trunking Native Mode VLAN: 1 (default)

To get the points for this question, you will need to completely disable DTP with the “nonegotiate” command:

sw1#sh run int fa0/13
Building configuration…

Current configuration : 117 bytes
!
interface FastEthernet0/13
 switchport trunk encapsulation isl
 switchport mode trunk
 switchport nonegotiate
end

sw2#sh run int fa0/13
Building configuration…

Current configuration : 117 bytes
!
interface FastEthernet0/13
 switchport trunk encapsulation isl
 switchport mode trunk
 switchport nonegotiate
end

sw1#sh int fa0/13 trunk

Port        Mode         Encapsulation  Status        Native vlan
Fa0/13      on           isl            trunking      1

sw1#sh int fa0/13 switch
Name: Fa0/13
Switchport: Enabled
Administrative Mode: trunk
Operational Mode: trunk
Administrative Trunking Encapsulation: isl
Operational Trunking Encapsulation: isl
Negotiation of Trunking: Off <-note
Access Mode VLAN: 1 (default)
Trunking Native Mode VLAN: 1 (default)
sw2#sh int fa0/13 trunk

Port        Mode         Encapsulation  Status        Native vlan
Fa0/13      on           isl            trunking      1

sw2#sh int fa0/13 switch
Name: Fa0/13
Switchport: Enabled
Administrative Mode: trunk
Operational Mode: trunk
Administrative Trunking Encapsulation: isl
Operational Trunking Encapsulation: isl
Negotiation of Trunking: Off <-note
Access Mode VLAN: 1 (default)
Trunking Native Mode VLAN: 1 (default)

Further note that you must configure”switchport nonegotiate” on BOTH sides of the link to get the points (or ask the proctor to clarify).

Native VLAN Can Be Configured For Nonexistent VLAN

Filed under: Cisco,Cisco Certification,IOS,Switching,Tech Tips — cciepursuit @ 11:07 am

Interesting….you  can set the native vlan without having created the vlan first and IOS will not automatically create it for you:

sw1(config)#do sh run int fa0/13
Building configuration…

Current configuration : 128 bytes
!
interface FastEthernet0/13
 switchport trunk encapsulation dot1q
 switchport trunk native vlan 10
 switchport mode trunk
end

sw1(config)#do sh vlan br [Note: VLAN 10 does not exist on this switch]

VLAN Name                             Status    Ports
—- ——————————– ——— ——————————-
1    default                          active    Fa0/1, Fa0/2, Fa0/3, Fa0/4
                                                Fa0/5, Fa0/6, Fa0/7, Fa0/8
                                                Fa0/9, Fa0/10, Fa0/11, Fa0/12
                                                Fa0/14, Fa0/15, Fa0/22, Fa0/23
                                                Fa0/24, Gi0/1, Gi0/2
1002 fddi-default                     act/unsup
1003 token-ring-default               act/unsup
1004 fddinet-default                  act/unsup
1005 trnet-default                    act/unsup

A good way to verify whether or not the native VLAN exists on the switch is to view the switchport details for the interface:

When the vlan is not configured:
sw1#sh int fa0/13 switch
Name: Fa0/13
Switchport: Enabled
Administrative Mode: trunk
Operational Mode: trunk
Administrative Trunking Encapsulation: dot1q
Operational Trunking Encapsulation: dot1q
Negotiation of Trunking: On
Access Mode VLAN: 1 (default)
Trunking Native Mode VLAN: 10 (Inactive)
—–output truncated—–
sw1#sh span vlan 10

Spanning tree instance(s) for vlan 10 does not exist.
After configuring the vlan:
sw1#sh int fa0/13 switch
Name: Fa0/13
Switchport: Enabled
Administrative Mode: trunk
Operational Mode: trunk
Administrative Trunking Encapsulation: dot1q
Operational Trunking Encapsulation: dot1q
Negotiation of Trunking: On
Access Mode VLAN: 1 (default)
Trunking Native Mode VLAN: 10 (VLAN0010)
—-output truncated—-
sw1#sh span vlan 10

VLAN0010
  Spanning tree enabled protocol ieee
  Root ID    Priority    32778
             Address     0018.ba55.5b00
             This bridge is the root
             Hello Time   2 sec  Max Age 20 sec  Forward Delay 15 sec

  Bridge ID  Priority    32778  (priority 32768 sys-id-ext 10)
             Address     0018.ba55.5b00
             Hello Time   2 sec  Max Age 20 sec  Forward Delay 15 sec
             Aging Time 300
—-output truncated—-

*Note: in the case above adding the vlan to one side of the link does NOT bring the other side out of inactive (VTP notwithstanding):

 sw2#sh int fa0/13 switch | i Native
 Trunking Native Mode VLAN: 10 (Inactive)

Unless you are running vtp, you will need to configure the vlan on both sides of the link.

This is another good point to clarify with the lab proctor.  The task may not specify that the native VLAN be created and it may not have already been created in another task.  You will want to ask the proctor whether or not the VLAN needs to be created to get credit for the task.  You may also want to read the rest of the exam closely to see if there are other tasks that depend on the existence of that VLAN.

Configure the Native VLAN on Both Sides of The Trunk

Filed under: Cisco,Cisco Certification,IOS,Switching — cciepursuit @ 10:51 am

Be sure to remember to configure the native VLAN on both sides of the trunk link or you will get this error until you do so (or disable CDP):

*Mar  1 01:35:01: %CDP-4-NATIVE_VLAN_MISMATCH: Native VLAN mismatch discovered on FastEthernet0/13 (1), with sw1 FastEthernet0/13 (10).

They come in once every minute (CDP updates go every 60 seconds by default):

*Mar  1 01:38:01: %CDP-4-NATIVE_VLAN_MISMATCH: Native VLAN mismatch discovered on FastEthernet0/13 (1), with sw1 FastEthernet0/13 (10).
*Mar  1 01:39:01: %CDP-4-NATIVE_VLAN_MISMATCH: Native VLAN mismatch discovered on FastEthernet0/13 (1), with sw1 FastEthernet0/13 (10).
*Mar  1 01:40:01: %CDP-4-NATIVE_VLAN_MISMATCH: Native VLAN mismatch discovered on FastEthernet0/13 (1), with sw1 FastEthernet0/13 (10).

sw2(config-if)#do sh cdp
Global CDP information:
        Sending CDP packets every 60 seconds
        Sending a holdtime value of 180 seconds
        Sending CDPv2 advertisements is  enabled

What happens if you disable CDP?  Will you still get the error?

sw1:
sw1(config)#do sh run int fa0/13
Building configuration…

Current configuration : 128 bytes
!
interface FastEthernet0/13
 switchport trunk encapsulation dot1q
 switchport trunk native vlan 10
 switchport mode trunk
end

sw2:
sw2(config-if)#do sh run int fa0/13
Building configuration…

Current configuration : 110 bytes
!
interface FastEthernet0/13
 switchport trunk encapsulation dot1q
 switchport mode trunk
 no cdp enable
end

***
sw1#sh int fa0/13 trunk

Port        Mode         Encapsulation  Status        Native vlan
Fa0/13      on           802.1q         trunking      10

sw1#sh int fa0/13 switch | i Native VLAN
Administrative Native VLAN tagging: enabled

sw1#sh cdp int fa0/13
FastEthernet0/13 is up, line protocol is up
  Encapsulation ARPA
  Sending CDP packets every 60 seconds
  Holdtime is 180 seconds

sw2#sh int fa0/13 trunk

Port        Mode         Encapsulation  Status        Native vlan
Fa0/13      on           802.1q         trunking      1

sw2#sh int fa0/13 switch | i Native VLAN
Administrative Native VLAN tagging: enabled

sw2#sh cdp int fa0/13
[Note: No output because we've disabled CDP]
sw2#

It’s been a few minutes and no alarms(on either switch):

*Mar  1 01:42:14: %SYS-5-CONFIG_I: Configured from console by console
sw1#sh clo
*01:48:09.468 UTC Mon Mar 1 1993

*Mar  1 01:41:51: %SYS-5-CONFIG_I: Configured from console by console
sw2#sh clo
*01:45:09.826 UTC Mon Mar 1 1993

Another good reason to run CDP.  :-)

Minimum Configuration For 802.1q Trunk

Filed under: Cisco,Cisco Certification,IOS,Switching — cciepursuit @ 10:28 am

Building on this post, let’s explore a favorite type of lab task -  the dreaded ”minimum configuration”” 

Task: Configure an802.1q trunk between sw1 and sw2 on using the minimum configuration.

sw1 (3560) fa0/13—————–fa0/13 sw2 (3560)

Our options are as follows:

1) Hardset both switchports to trunk
2) Hardset one switchport to trunk and set the other to use DTP dynamic auto(default)
3) Hardset one switchport to trunk and set the other to use DTP dynamic desirable
4) Configure one switch to use DTP dynamic auto with dot1q encapsulation and set the other to use DTP dynamic desirable.
5) Configure one switch to use DTP dynamic desirable with dot1q encapsulation and set the other to use DTP dynamic desirable.
6) Configure one switch to use DTP dynamic desirable with dot1q encapsulation and set the other to use DTP dynamic auto(default).

Looking at our configuration options, we should focus on solutions that use default settings (zero configuation):

1) Hardset one switchport to trunk and set the other to use DTP dynamic auto(default)
2) Configure one switch to use DTP dynamic desirable with dot1q encapsulation and set the other to use DTP dynamic auto(default).

The problem is that both configs require two lines of config on one side of the trunk:

option 1:
interface FastEthernet0/13
 switchport trunk encapsulation dot1q
 switchport mode trunk

option 2:
interface FastEthernet0/13
 switchport trunk encapsulation dot1q
 switchport mode dynamic desirable

You could count characters and choose option 2 :-) or you could present both choices to the proctor and get guidance from him.

This gets very easy if one or more of the switches is a 3550.  Since the default DTP config for a 3550 is dynanmic desirable, you simply need to configure “swithport trunk encapsulation dot1q” on one of the 3550s and leave the other alone(configure the 3550 and leave the 3560 alone in the case of trunking between a 3550 and a 3560).

Configuring 802.1q Trunks Between 3560s

Filed under: Cisco,Cisco Certification,IOS,Switching — cciepursuit @ 10:17 am

Task: Configure an ISL trunk link between sw1 and sw2.  (Both switches are 3560s)

sw1 (3560) fa0/13—————–fa0/13 sw2 (3560)

I can think of 6 different ways to accomplish this task:

1) Hardset both switchports to trunk
2) Hardset one switchport to trunk and set the other to use DTP dynamic auto(default)
3) Hardset one switchport to trunk and set the other to use DTP dynamic desirable
4) Configure one switch to use DTP dynamic auto with dot1q encapsulation and set the other to use DTP dynamic desirable.
5) Configure one switch to use DTP dynamic desirable with dot1q encapsulation and set the other to use DTP dynamic desirable.
6) Configure one switch to use DTP dynamic desirable with dot1q encapsulation and set the other to use DTP dynamic auto(default).

Note: Trivial solutions can be achieved with “switch nonegotiate” and I’m not touching dot1q tunneling in this post.  :-)


1) Hardset both switchports to trunk:

sw1:
sw1#sh run int fa0/1
Building configuration…

Current configuration : 33 bytes
!
interface FastEthernet0/1
end

sw1#sh int fa0/13 trunk

Port        Mode         Encapsulation  Status        Native vlan
Fa0/13      on           802.1q         trunking      1
—-output truncated—-

sw1#sh int fa0/13 switch
Name: Fa0/13
Switchport: Enabled
Administrative Mode: trunk
Operational Mode: trunk
Administrative Trunking Encapsulation: dot1q
Operational Trunking Encapsulation: dot1q
Negotiation of Trunking: On
Access Mode VLAN: 1 (default)
Trunking Native Mode VLAN: 1 (default)
—-output truncated—-

sw2:
sw2#sh run int fa0/13
Building configuration…

Current configuration : 95 bytes
!
interface FastEthernet0/13
 switchport trunk encapsulation dot1q
 switchport mode trunk
end

sw2#sh int fa0/13 trunk

Port        Mode         Encapsulation  Status        Native vlan
Fa0/13      on           802.1q         trunking      1
—-output truncated—-

sw2#sh int fa0/13 switch
Name: Fa0/13
Switchport: Enabled
Administrative Mode: trunk
Operational Mode: trunk
Administrative Trunking Encapsulation: dot1q
Operational Trunking Encapsulation: dot1q
Negotiation of Trunking: On
Access Mode VLAN: 1 (default)
Trunking Native Mode VLAN: 1 (default)
—-output truncated—-

2) Hardset one switchport to trunk and set the other to use DTP dynamic auto(default):

sw1:
sw1#sh run int fa0/13
Building configuration…

Current configuration : 95 bytes
!
interface FastEthernet0/13
 switchport trunk encapsulation dot1q
 switchport mode trunk
end

sw1#sh int fa0/13 trunk

Port        Mode         Encapsulation  Status        Native vlan
Fa0/13      on           802.1q         trunking      1
—-output truncated—-

sw1#sh int fa0/13 switch
Name: Fa0/13
Switchport: Enabled
Administrative Mode: trunk
Operational Mode: trunk
Administrative Trunking Encapsulation: dot1q
Operational Trunking Encapsulation: dot1q
Negotiation of Trunking: On
Access Mode VLAN: 1 (default)
Trunking Native Mode VLAN: 1 (default)
—-output truncated—-

sw2:
sw2#sh run int fa0/13
Building configuration…

Current configuration : 34 bytes
!
interface FastEthernet0/13
end

sw2#sh int fa0/13 trunk

Port        Mode         Encapsulation  Status        Native vlan
Fa0/13      auto         n-802.1q       trunking      1
—-output truncated—-

sw2#sh int fa0/13 switch
Name: Fa0/13
Switchport: Enabled
Administrative Mode: dynamic auto
Operational Mode: trunk
Administrative Trunking Encapsulation: negotiate
Operational Trunking Encapsulation: dot1q
Negotiation of Trunking: On
Access Mode VLAN: 1 (default)
Trunking Native Mode VLAN: 1 (default)
—-output truncated—-

3) Hardset one switchport to trunk and set the other to use DTP dynamic desirable:

sw1:
sw1#sh run int fa0/13
Building configuration…

Current configuration : 95 bytes
!
interface FastEthernet0/13
 switchport trunk encapsulation dot1q
 switchport mode trunk
end

sw1#sh int fa0/13 trunk

Port        Mode         Encapsulation  Status        Native vlan
Fa0/13      on           802.1q         trunking      1
—-output truncated—-

sw1#sh int fa0/13 switch
Name: Fa0/13
Switchport: Enabled
Administrative Mode: trunk
Operational Mode: trunk
Administrative Trunking Encapsulation: dot1q
Operational Trunking Encapsulation: dot1q
Negotiation of Trunking: On
Access Mode VLAN: 1 (default)
—-output truncated—-

sw2:
sw2#sh run int fa0/13
Building configuration…

Current configuration : 69 bytes
!
interface FastEthernet0/13
 switchport mode dynamic desirable
end

sw2#sh int fa0/13 trunk

Port        Mode         Encapsulation  Status        Native vlan
Fa0/13      desirable    n-802.1q       trunking      1
—-output truncated—-

sw2#sh int fa0/13 switch
Name: Fa0/13
Switchport: Enabled
Administrative Mode: dynamic desirable
Operational Mode: trunk
Administrative Trunking Encapsulation: negotiate
Operational Trunking Encapsulation: dot1q
Negotiation of Trunking: On
Access Mode VLAN: 1 (default)
Trunking Native Mode VLAN: 1 (default)
—-output truncated—-

4) Configure one switch to use DTP dynamic auto with dot1q encapsulation and set the other to use DTP dynamic desirable:

sw1:
sw1#sh run int fa0/13
Building configuration…

Current configuration : 72 bytes
!
interface FastEthernet0/13
 switchport trunk encapsulation dot1q
end

sw1#sh int fa0/13 trunk

Port        Mode         Encapsulation  Status        Native vlan
Fa0/13      auto         802.1q         trunking      1
—-output truncated—-

sw1#sh int fa0/13 switch
Name: Fa0/13
Switchport: Enabled
Administrative Mode: dynamic auto
Operational Mode: trunk
Administrative Trunking Encapsulation: dot1q
Operational Trunking Encapsulation: dot1q
Negotiation of Trunking: On
Access Mode VLAN: 1 (default)
Trunking Native Mode VLAN: 1 (default)

sw2:
sw2#sh run int fa0/13
Building configuration…

Current configuration : 69 bytes
!
interface FastEthernet0/13
 switchport mode dynamic desirable
end

sw2#sh int fa0/13 trunk

Port        Mode         Encapsulation  Status        Native vlan
Fa0/13      desirable    n-802.1q       trunking      1
—-output truncated—-

sw2#sh int fa0/13 switch
Name: Fa0/13
Switchport: Enabled
Administrative Mode: dynamic desirable
Operational Mode: trunk
Administrative Trunking Encapsulation: negotiate
Operational Trunking Encapsulation: dot1q
Negotiation of Trunking: On
Access Mode VLAN: 1 (default)
Trunking Native Mode VLAN: 1 (default)
—-output truncated—-

5) Configure one switch to use DTP dynamic desirable with dot1q encapsulation and set the other to use DTP dynamic desirable:

sw1:
sw1#sh run int fa0/13
Building configuration…

Current configuration : 107 bytes
!
interface FastEthernet0/13
 switchport trunk encapsulation dot1q
 switchport mode dynamic desirable
end

sw1#sh int fa0/13 trunk

Port        Mode         Encapsulation  Status        Native vlan
Fa0/13      desirable    802.1q         trunking      1
—-output truncated—-

sw1#sh int fa0/13 switch
Name: Fa0/13
Switchport: Enabled
Administrative Mode: dynamic desirable
Operational Mode: trunk
Administrative Trunking Encapsulation: dot1q
Operational Trunking Encapsulation: dot1q
Negotiation of Trunking: On
Access Mode VLAN: 1 (default)
Trunking Native Mode VLAN: 1 (default)
—-output truncated—-

sw2:
sw2#sh run int fa0/13
Building configuration…

Current configuration : 69 bytes
!
interface FastEthernet0/13
 switchport mode dynamic desirable
end

sw2#sh int fa0/13 trunk

Port        Mode         Encapsulation  Status        Native vlan
Fa0/13      desirable    n-802.1q       trunking      1
—-output truncated—-

sw2#sh int fa0/13 switch
Name: Fa0/13
Switchport: Enabled
Administrative Mode: dynamic desirable
Operational Mode: trunk
Administrative Trunking Encapsulation: negotiate
Operational Trunking Encapsulation: dot1q
Negotiation of Trunking: On
Access Mode VLAN: 1 (default)
Trunking Native Mode VLAN: 1 (default)
—-output truncated—-

6) Configure one switch to use DTP dynamic desirable with dot1q encapsulation and set the other to use DTP dynamic auto(default):

sw1:
sw1#sh run int fa0/13
Building configuration…

Current configuration : 107 bytes
!
interface FastEthernet0/13
 switchport trunk encapsulation dot1q
 switchport mode dynamic desirable
end

sw1#sh int fa0/13 trunk

Port        Mode         Encapsulation  Status        Native vlan
Fa0/13      desirable    802.1q         trunking      1
—-output truncated—-

sw1#sh int fa0/13 switch
Name: Fa0/13
Switchport: Enabled
Administrative Mode: dynamic desirable
Operational Mode: trunk
Administrative Trunking Encapsulation: dot1q
Operational Trunking Encapsulation: dot1q
Negotiation of Trunking: On
Access Mode VLAN: 1 (default)
Trunking Native Mode VLAN: 1 (default)
—-output truncated—-

sw2:
sw2#sh run int fa0/13
Building configuration…

Current configuration : 34 bytes
!
interface FastEthernet0/13
end

sw2#sh int fa0/13 trunk

Port        Mode         Encapsulation  Status        Native vlan
Fa0/13      auto         n-802.1q       trunking      1
—-output truncated—-

sw2#sh int fa0/13 switch
Name: Fa0/13
Switchport: Enabled
Administrative Mode: dynamic auto
Operational Mode: trunk
Administrative Trunking Encapsulation: negotiate
Operational Trunking Encapsulation: dot1q
Negotiation of Trunking: On
Access Mode VLAN: 1 (default)
Trunking Native Mode VLAN: 1 (default)
—-output truncated—-

Minimum Configuration For ISL Trunk

Filed under: Cisco,Cisco Certification,IOS,Switching,Tech Tips — cciepursuit @ 9:48 am

Building on this post, let’s explore a favorite type of lab task -  the dreaded “minimum configuration”” 

Task: Configure an ISL trunk between sw1 and sw2 on using the minimum configuration.

sw1 (3560) fa0/13—————–fa0/13 sw2 (3560)

Looking at our configuration options, we should focus on solutions that use default settings (zero configuation):

1) Hardset both switchports to trunk
2) Hardset one switchport to trunk and set the other to use DTP  dynamic auto(default)
3) Hardset one switchport to trunk and set the other to use DTP  dynamic desirable
4) Configure both switchports as DTP dynamic desirable
5) Configure one switchports as DTP dynamic desirable and the other as DTP  dynamic auto(default)

Since hardsetting the prot to trunk requires two lines (“switchport trunk encapsulation isl” and “switchport mode trunk”) while configuring an interface to use DTP dynamic desirable only requires one line (“switchport mode dynamic desirable”), we should use option 5 :

sw1:
sw1(config-if)#do sh run int fa0/13
Building configuration…

Current configuration : 69 bytes
!
interface FastEthernet0/13
 switchport mode dynamic desirable
end

sw1(config-if)#do sh int fa0/13 trunk

Port        Mode         Encapsulation  Status        Native vlan
Fa0/13      desirable    n-isl          trunking      1
—–output truncated—–

sw2:
sw2#sh run int fa0/13
Building configuration…

Current configuration : 34 bytes
!
interface FastEthernet0/13
end

sw2#sh int fa0/13 trunk

Port        Mode         Encapsulation  Status        Native vlan
Fa0/13      auto         n-isl          trunking      1
—–output truncated—–

This gets even easier when one or both of the switches are 3550s.  Since the DTP default on 3550s is “dynanmic desirable” you don’t need to configure anything at all in order bring up an ISL trunk.  DTP will actively attempt to establish a trunk when using “dynamic desirable” and will use ISL as the default trunking encapsulation.

Configuring ISL Trunks Between 3560s

Filed under: Cisco,Cisco Certification,IOS,Switching — cciepursuit @ 9:33 am

I’m making my final run through the Internetwork Expert Advanced Tech labs and this week I’m working on the switching labs.  My goal is to get a deep level understanding of the technologies before I go on to doing practice labs.  I am going through the labs very slowly and looking into the different ways to perform a task.  This means trying to explore all aspects of even the simplest tasks, such as this one:

“Configure an ISL trunk link between sw1 and sw2[on port fa0/13]“.  (Both switches are 3560s)

sw1 (3560) fa0/13—————–fa0/13 sw2 (3560)

I can think of 5 different ways to accomplish this task:

1) Hardset both switchports to trunk
2) Hardset one switchport to trunk and set the other to use DTP  dynamic auto(default)
3) Hardset one switchport to trunk and set the other to use DTP  dynamic desirable
4) Configure both switchports as DTP dynamic desirable
5) Configure one switchports as DTP dynamic desirable and the other as DTP  dynamic auto(default)

Note: Trivial solutions can be achieved with “switch nonegotiate” and “switch trunk encap isl”

By knowing the different methods to accomplish a simple task such as setting up an ISL trunk you can quickly zero in on a correct configuration when the lab gives you specific parameters.  For instance, if the task requires you to create an ISL trunk between two 3560s without using the default DTP settings and not to specify a trunking encapsulation, you would use option 4.


1) Hardset both switchports to trunk(my preferred method):

sw1:
sw1#sh run int fa0/13
Building configuration…

Current configuration : 93 bytes
!
interface FastEthernet0/13
 switchport trunk encapsulation isl
 switchport mode trunk
end

sw1#sh int fa0/13 trunk

Port        Mode         Encapsulation  Status        Native vlan
Fa0/13      on           isl            trunking      1
—–output truncated—–

Fa0/13      1
sw1#sh int fa0/13 switch
Name: Fa0/13
Switchport: Enabled
Administrative Mode: trunk
Operational Mode: trunk
Administrative Trunking Encapsulation: isl
Operational Trunking Encapsulation: isl
Negotiation of Trunking: On
Access Mode VLAN: 1 (default)
Trunking Native Mode VLAN: 1 (default)
—–output truncated—–

sw2:
sw2#sh run int fa0/13
Building configuration…

Current configuration : 93 bytes
!
interface FastEthernet0/13
 switchport trunk encapsulation isl
 switchport mode trunk
end

sw2#sh int fa0/13 trunk

Port        Mode         Encapsulation  Status        Native vlan
Fa0/13      on           isl            trunking      1
—–output truncated—–

sw2#sh int fa0/13 switch
Name: Fa0/13
Switchport: Enabled
Administrative Mode: trunk
Operational Mode: trunk
Administrative Trunking Encapsulation: isl
Operational Trunking Encapsulation: isl
Negotiation of Trunking: On
Access Mode VLAN: 1 (default)
Trunking Native Mode VLAN: 1 (default)
—–output truncated—–

2) Hardset one switchport to trunk and set the other to use DTP  dynamic auto(default):

sw1:
sw1#sh run int fa0/13
Building configuration…

Current configuration : 93 bytes
!
interface FastEthernet0/13
 switchport trunk encapsulation isl
 switchport mode trunk
end

sw1#sh int fa0/13 trunk

Port        Mode         Encapsulation  Status        Native vlan
Fa0/13      on           isl            trunking      1
—–output truncated—–

sw1#sh int fa0/13 switch
Name: Fa0/13
Switchport: Enabled
Administrative Mode: trunk
Operational Mode: trunk
Administrative Trunking Encapsulation: isl
Operational Trunking Encapsulation: isl
Negotiation of Trunking: On
Access Mode VLAN: 1 (default)
Trunking Native Mode VLAN: 1 (default)
—–output truncated—–

sw2:
sw2#sh run int fa0/13
Building configuration…

Current configuration : 34 bytes
!
interface FastEthernet0/13
end

sw2#sh int fa0/13 trunk

Port        Mode         Encapsulation  Status        Native vlan
Fa0/13      auto         n-isl          trunking      1
—–output truncated—–

sw2#sh int fa0/13 switch
Name: Fa0/13
Switchport: Enabled
Administrative Mode: dynamic auto
Operational Mode: trunk
Administrative Trunking Encapsulation: negotiate
Operational Trunking Encapsulation: isl
Negotiation of Trunking: On
Access Mode VLAN: 1 (default)
Trunking Native Mode VLAN: 1 (default)
—–output truncated—–

3) Hardset one switchport to trunk and set the other to use DTP  dynamic desirable:

sw1:
sw1#sh run int fa0/13
Building configuration…

Current configuration : 93 bytes
!
interface FastEthernet0/13
 switchport trunk encapsulation isl
 switchport mode trunk

end

sw1#sh int fa0/13 trunk

Port        Mode         Encapsulation  Status        Native vlan
Fa0/13      on           isl            trunking      1
—–output truncated—–

sw1#sh int fa0/13 switch
Name: Fa0/13
Switchport: Enabled
Administrative Mode: trunk
Operational Mode: trunk
Administrative Trunking Encapsulation: isl
Operational Trunking Encapsulation: isl
Negotiation of Trunking: On
Access Mode VLAN: 1 (default)
Trunking Native Mode VLAN: 1 (default)
—–output truncated—–

sw2:
sw2#sh run int fa0/13
Building configuration…

Current configuration : 69 bytes
!
interface FastEthernet0/13
 switchport mode dynamic desirable
end

sw2#sh int fa0/13 trunk

Port        Mode         Encapsulation  Status        Native vlan
Fa0/13      desirable    n-isl          trunking      1
—–output truncated—–

sw2#sh int fa0/13 switch
Name: Fa0/13
Switchport: Enabled
Administrative Mode: dynamic desirable
Operational Mode: trunk
Administrative Trunking Encapsulation: negotiate
Operational Trunking Encapsulation: isl
Negotiation of Trunking: On
Access Mode VLAN: 1 (default)
Trunking Native Mode VLAN: 1 (default)
—–output truncated—-

4) Configure both switchports as DTP dynamic desirable:

sw1:

sw1#sh run int fa0/13
Building configuration…

Current configuration : 69 bytes
!
interface FastEthernet0/13
 switchport mode dynamic desirable
end

sw1#sh int fa0/13 trunk

Port        Mode         Encapsulation  Status        Native vlan
Fa0/13      desirable    n-isl          trunking      1
—–output truncated—–

sw1#sh int fa0/13 switch
Name: Fa0/13
Switchport: Enabled
Administrative Mode: dynamic desirable
Operational Mode: trunk
Administrative Trunking Encapsulation: negotiate
Operational Trunking Encapsulation: isl
Negotiation of Trunking: On
Access Mode VLAN: 1 (default)
Trunking Native Mode VLAN: 1 (default)
—–output truncated—–

sw2:
sw2#sh run int fa0/13
Building configuration…

Current configuration : 69 bytes
!
interface FastEthernet0/13
 switchport mode dynamic desirable
end

sw2#sh int fa0/13 trunk

Port        Mode         Encapsulation  Status        Native vlan
Fa0/13      desirable    n-isl          trunking      1
—–output truncated—–

sw2#sh int fa0/13 switch
Name: Fa0/13
Switchport: Enabled
Administrative Mode: dynamic desirable
Operational Mode: trunk
Administrative Trunking Encapsulation: negotiate
Operational Trunking Encapsulation: isl
Negotiation of Trunking: On
Access Mode VLAN: 1 (default)
Trunking Native Mode VLAN: 1 (default)
—–output truncated—–

5) Configure one switchports as DTP dynamic desirable and the other as DTP  dynamic auto(default):

sw1:
Building configuration…

Current configuration : 69 bytes
!
interface FastEthernet0/13
 switchport mode dynamic desirable
end

sw1#sh int fa0/13 trunk

Port        Mode         Encapsulation  Status        Native vlan
Fa0/13      desirable    n-isl          trunking      1
—–output truncated—–

sw1#sh int fa0/13 switch
Name: Fa0/13
Switchport: Enabled
Administrative Mode: dynamic desirable
Operational Mode: trunk
Administrative Trunking Encapsulation: negotiate
Operational Trunking Encapsulation: isl
Negotiation of Trunking: On
Access Mode VLAN: 1 (default)
Trunking Native Mode VLAN: 1 (default)
—–output truncated—–

sw2:
sw2#sh run int fa0/13
Building configuration…

Current configuration : 34 bytes
!
interface FastEthernet0/13
end

sw2#sh int fa0/13 trunk

Port        Mode         Encapsulation  Status        Native vlan
Fa0/13      auto         n-isl          trunking      1
—–output truncated—–

sw2#sh int fa0/13 switch
Name: Fa0/13
Switchport: Enabled
Administrative Mode: dynamic auto
Operational Mode: trunk
Administrative Trunking Encapsulation: negotiate
Operational Trunking Encapsulation: isl
Negotiation of Trunking: On
Access Mode VLAN: 1 (default)
Trunking Native Mode VLAN: 1 (default)
—–output truncated—–

Changing DTP Settings Can Reset An Interface

Filed under: Cisco,Cisco Certification,IOS,Switching — cciepursuit @ 8:54 am

This is more of a real world issue than a lab issue.  There are a number of seemingly innocuous, small changes that you can make in IOS that can come back to bite you in the butt.  It only took one speed/duplex change on a trunk link briefly dropping connectivity to an IDF at my old job to ensure that ANY future speed/duplex changes would require a full-blown change control request.  I have found that there is a similar danger with changing the DTP mode of a trunk link.

Imagine the scenario: You have telnetted to a 3560 and decide to change the DTP settings on a trunk link from the default of “dynamic auto” to “dynamic desirable”:

sw1#conf t
Enter configuration commands, one per line.  End with CNTL/Z.
sw1(config)#int fa0/1
sw1(config-if)#switch mode dyn des

Before you can hit “control + z” you see the trunk drop and then restore:

*Mar  1 02:52:37: %LINEPROTO-5-UPDOWN: Line protocol on Interface FastEthernet0/1, changed state to down
*Mar  1 02:52:40: %LINEPROTO-5-UPDOWN: Line protocol on Interface FastEthernet0/1, changed state to up

Oh crap!  The traffic on that trunk link drops briefly.  Well, maybe no one will notice.  Then you get the call from the NOC, “We just saw the uplink to the Financial Services LAN go down.  When we looked at the log we saw that the last change was attributed to your TACACS ID.  What were you doing?”   From there your day just goes further down the toilet as your manager and the Financial Services manager take you to a dark conference room and make you cry like you haven’t cried since you were five years old.  :-)

While there are very few reasons for changing DTP settings on working trunks AND only doing DTP changes afterhours is probably the best strategy – you can make all but two types of DTP changes without dropping the trunk link. 

Huge Caveat: I tested these in a lab with two 3560s.  Your mileage may vary.  Again, it’s best to make DTP changes afterhours.  :-)

I labbed up the following scenarios and noted whether or not the link drops:

Switch 1 Switch 2 Link Drops?
Dynamic Auto Dynamic Desirable Yes
Dynamic Auto Access No
Dynamic Auto Dynamic Auto No
Dynamic Desirable Dynamic Auto No
Dynamic Desirable Access No
Dynamic Desirable Dynamic Desirable No
Access Dynamic Auto No
Access Dynamic Desirable Yes
Access Access No

The Rubric Theme. Blog at WordPress.com.

Follow

Get every new post delivered to your Inbox.

Join 109 other followers