CCIE Pursuit Blog

March 17, 2008

Internetwork Expert Volume II: Lab 8 – Section 1

Bridging and Switching – 20 Points

“There are no faults in the initial configurations.”
“Do not alter the commands in the initial configurations.”

1.1 Trunking

First things first, CCOnlinelabs does not use fa0/24 to connect to the bbs

On sw2 they use fa0/10:

sw2#sh run int fa0/24
interface FastEthernet0/24
 switchport access vlan 52
end

sw2#sh run int fa0/10
interface FastEthernet0/10
end

That means I need to move the config from fa0/24 to fa0/10.  After altering the configuration to match the CCOnlinelabs topology, I finished the easy trunking tasks.

I did notice something odd though:

sw1(config-if-range)#do sh vtp status
VTP Version                     : running VTP1 (VTP2 capable)
Configuration Revision          : 0
Maximum VLANs supported locally : 1005
Number of existing VLANs        : 15
VTP Operating Mode              : Transparent
VTP Domain Name                 : CCIELAB
VTP Pruning Mode                : Disabled
VTP V2 Mode                     : Disabled
VTP Traps Generation            : Disabled
MD5 digest                      : 0x99 0x68 0x38 0x79 0xE4 0x3B 0x99 0xFF
Configuration last modified by 0.0.0.0 at 0-0-00 00:00:00

All of the switches are configured this way.

sw2(config)#vtp version ?
  <1-2>  Set the adminstrative domain VTP version number

I looked through the initial configs and I don’t see anything that sets these to VTP version 1.  This may be something leftover on the rental switches.  It should not matter as all switches are in VTP Transparent mode.  Transparent mode in VTP version 1 drops all VTP advertisments.  In VTP version 2 the Transparent switches pass the advertisement on but do not install them.

Weird:

r5#sh vlan 52
% Ambiguous command:  “sh vlan 52”

r5#sh vlans 52

Virtual LAN ID:  52 (IEEE 802.1Q Encapsulation)

   vLAN Trunk Interface:   FastEthernet0/1.52

   Protocols Configured:   Address:              Received:        Transmitted:
           IP              192.10.1.5                 905                  88
        Other                                           0                   1

   913 packets, 60196 bytes input
   89 packets, 5450 bytes output

r5#sh vlan?
vlan-range  vlan-switch  vlans

“show vlans”????

show vlans

To view virtual LAN (VLAN) subinterfaces, use the show vlans command in privileged EXEC mode.

1.2 Trunking

This task required that you configure trunks between sw3 and sw1  (both are 3560s in this rack) by using DTP.  Should I set ‘dyn des’ on both sides or just one?

I did both sides.  IE only did it on one side.

1.3 Trunking

“use minimal conf poss on sw1 to accomplish this task”

sw1 = 3560 – switchport mode dynamic auto
sw4 = 3550 – switchport mode dynamic desirable

sw4(config)#do sh run | b 0/13
interface FastEthernet0/13
 switchport mode dynamic desirable
 shutdown
!
interface FastEthernet0/14
 switchport mode dynamic desirable
 shutdown
!
interface FastEthernet0/15
 switchport mode dynamic desirable
 shutdown

I should be able to just no shut both sides to dynamically create 3 ISL trunks:

sw4(config)#int range fa0/13 – 15
sw4(config-if-range)#no sh

sw1(config-if-range)#int range fa0/19 – 21
sw1(config-if-range)#no sh

sw1:
sw1(config-if-range)#do sh int trun | i 0/19|0/20|0/21
Fa0/19      auto             n-isl          trunking      1
Fa0/20      auto             n-isl          trunking      1
Fa0/21      auto             n-isl          trunking      1

sw4:
sw4(config-if-range)#do sh int trunk | i 0/13|0/14|0/15
Fa0/13      desirable        n-isl          trunking      1
Fa0/14      desirable        n-isl          trunking      1
Fa0/15      desirable        n-isl          trunking      1

1.4 Spanning-Tree Protocol

Create root switches for batches of VLANs.

“Use the fewest commands needed to accomplish this task.”

This is where reading ahead pays off.  Task 1.7 is going to require that we use MST.  I need to set up MST before I start making root switches.  Hop ahead to task 1.7

*IE even combines these tasks in the solution guide.

1.7 Spanning-Tree Protocol

Set up a single instance of spanning-tree for 4 sets of VLANs.  Time for MST.

Specifying the MST Region Configuration and Enabling MSTP (required)

You need to remember that you’ll have to cut and paste this configuration on each switch.

sw1(config)#spanning-tree mst config
sw1(config-mst)#instance 1 vlan 3-7
sw1(config-mst)#instance 2 vlan 13-45
sw1(config-mst)#instance 3 vlan 52-67
sw1(config-mst)#instance 4 vlan 1,1001
sw1(config-mst)#name MYMST
sw1(config-mst)#revision 1
sw1(config-mst)#exit
sw1(config)#spanning-tree mode mst

Very cool/odd command.  A show command from within MST configuration mode:

sw1(config-mst)#show pending
Pending MST configuration
Name      [MYMST]
Revision  1     Instances configured 5

Instance  Vlans mapped
——–  ———————————————————————
0         2,8-12,46-51,68-1000,1002-4094
1         3-7
2         13-45
3         52-67
4         1,1001
——————————————————————————-

Remember that instance 0 is created by default and includes any VLANs not explicitly assigned to other instances.

Tip:  If you do “do show history” in configuration mode, this will show your last x configuration entries.  I use this if I need to cut and paste a configuration on a bunch of devices.

sw1(config)#do sh hist
  do sh run int fa0/18
  do sh int trunk
  int range fa0/19 – 21
  no sh
  do sh int trun | i 0/19|0/20|0/21
  do wr
  exit
  spanning-tree mst con
  instance 1 vlan 3-7
  instance 2 vlan 13-45
  instance 3 vlan 52-67
  instance 4 vlan 1,1001
  name MYMST
  revision 1

  do sh pending
  show pending
  exit
  spanning-tree mode mst

I can now paste this on the rest of the switches:

  spanning-tree mst con
  instance 1 vlan 3-7
  instance 2 vlan 13-45
  instance 3 vlan 52-67
  instance 4 vlan 1,1001
  name MYMST
  revision 1
  exit
  spanning-tree mode mst

sw2(config)#  spanning-tree mst con
sw2(config-mst)#  instance 1 vlan 3-7
sw2(config-mst)#  instance 2 vlan 13-45
sw2(config-mst)#  instance 3 vlan 52-67
sw2(config-mst)#  instance 4 vlan 1,1001
sw2(config-mst)#  name MYMST
sw2(config-mst)#  revision 1
sw2(config-mst)#  exit
sw2(config)#  spanning-tree mode mst
sw2(config)#^Z

Nice command to get a quick look at MST:

sw4#sh spann mst | i MST
##### MST0    vlans mapped:   2,8-12,46-51,68-1000,1002-4094
##### MST1    vlans mapped:   3-7
Root          this switch for MST1
##### MST2    vlans mapped:   13-45
Root          this switch for MST2
##### MST3    vlans mapped:   52-67
Root          this switch for MST3
##### MST4    vlans mapped:   1,1001
Root          this switch for MST4
sw4#

This will show you the vlans mapped for each instance and whether or not you’re the root for the instance [if you’re not on the root switch, the “Root” output will not show up, only the VLAN mappings]

Back to 1.4

1.4 Spanning-Tree Protocol

Okay.  NOW we can start setting roots (copy tasks from above).

Configuring the MST Root Switch

sw1#sh span mst 1

##### MST1    vlans mapped:   3-7
Bridge        address 0019.56db.aa80  priority      32769 (32768 sysid 1)
Root          address 000d.65a3.bf00  priority      32769 (32768 sysid 1)  <-sw4
              port    Fa0/19          cost          200000    rem hops 19

Interface        Role Sts Cost      Prio.Nbr Type
—————- —- — ——— ——– ——————————–
Fa0/1            Desg FWD 200000    128.3    P2p
Fa0/3            Desg FWD 200000    128.5    P2p
Fa0/9            Desg FWD 2000000   128.11   Shr
Fa0/11           Desg FWD 2000000   128.13   Shr
Fa0/13           Desg FWD 200000    128.15   P2p
Fa0/14           Desg FWD 200000    128.16   P2p
Fa0/15           Desg FWD 200000    128.17   P2p
Fa0/16           Desg FWD 200000    128.18   P2p
Fa0/17           Desg FWD 200000    128.19   P2p
Fa0/18           Desg FWD 200000    128.20   P2p
Fa0/19           Root FWD 200000    128.21   P2p
Fa0/20           Altn BLK 200000    128.22   P2p
Fa0/21           Altn BLK 200000    128.23   P2p

sw1(config)#spanning-tree mst 1 root primary

sw1(config)#do sh span mst | i MST
##### MST0    vlans mapped:   2,8-12,46-51,68-1000,1002-4094
##### MST1    vlans mapped:   3-7
Root          this switch for MST1
##### MST2    vlans mapped:   13-45
##### MST3    vlans mapped:   52-67
##### MST4    vlans mapped:   1,1001

sw1(config)#do sh spann mst 1

##### MST1    vlans mapped:   3-7
Bridge        address 0019.56db.aa80  priority      24577 (24576 sysid 1)
Root          this switch for MST1
—output truncated—

NOTE:  Here’s where the “minimal command” issue needs clarification.  Since sw4 is ALREADY the root for MST instance 4 (vlans 1 and 1001), then I shouldn’t need to do any configuration to make it the root. 

sw4(config)#do sh span mst | i MST
##### MST0    vlans mapped:   2,8-12,46-51,68-1000,1002-4094
##### MST1    vlans mapped:   3-7
##### MST2    vlans mapped:   13-45
##### MST3    vlans mapped:   52-67
##### MST4    vlans mapped:   1,1001
Root          this switch for MST4

BUT there is another requirement:

“No switch should be the elected root based upon a lower MAC address.”

sw4 is elected based on the lowest MAC address (priorities are the same on all switches in MST instance 4) so we DO need to explicitly configure sw4 as the root bridge.

1.5 Layer 2 Tunneling

r2 fa0/0 -> sw2 fa0/2
r6 fa0/1 -> sw4 fa0/6

I have to tunnel sw2 fa0/2 to sw4 fa0/6.  That way the router can trunk directly to each other?

Configuring IEEE 802.1Q Tunneling

vlan dot tag native
!
int fa0/6
 swit mode dot1
 l2protocol-tunnel stp
 l2protocol-tunnel cdp

[sw2 and sw4 already had their MTU set to 1504]

r2#sh cdp neigh fa0/0 | b Dev
Device ID        Local Intrfce     Holdtme    Capability  Platform  Port ID
r6               Fas 0/0            127        R S I      2811      Fas 0/1

r2#ping 174.1.26.6

Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 174.1.26.6, timeout is 2 seconds:
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 1/2/4 ms

1.6 Spanning-Tree Protocol

The task requires you to force MST instance 1 VLANs (3-7) to prefer to forward traffic to sw1 (the root) over the highest numbered DIRECTLY connected port.  If a port fails, prefer the next highest numbered port.  Complete this configuration on sw1.

The switches are currently using the lowest numbered directly connected port as the root port:

sw2#sh spann mst 1

##### MST1    vlans mapped:   3-7
Bridge        address 0019.56db.d900  priority      32769 (32768 sysid 1)
Root          address 0019.56db.aa80  priority      24577 (24576 sysid 1)
              port    Fa0/13          cost          200000    rem hops 19

Interface        Role Sts Cost      Prio.Nbr Type
—————- —- — ——— ——– ——————————–
Fa0/4            Desg FWD 200000    128.6    P2p
Fa0/13           Root FWD 200000    128.15   P2p
Fa0/14           Altn BLK 200000    128.16   P2p
Fa0/15           Altn BLK 200000    128.17   P2p
Fa0/19           Altn BLK 200000    128.21   P2p

I can change this two ways on the root switch (sw1) by lowering the port-priority to prefer different ports.

sw2 fa0/15 is connected to sw1 fa0/15
sw2 fa0/14 is connected to sw1 fa0/14
sw2 fa0/13 is connected to sw1 fa0/13

We need to remember that we’re running MST:

spanning-tree mst instance-id port-priority priority

sw1(config)#int fa0/15
sw1(config-if)#spanning-tree mst 1 port-priority 0
sw1(config-if)#int fa0/14
sw1(config-if)#spanning-tree mst 1 port-priority 16

sw1#sh spann mst 1 det | b net0/13
FastEthernet0/13 of MST1 is designated forwarding
Port info             port id         128.15  priority    128  cost      200000
Designated root       address 0019.56db.aa80  priority  24577  cost           0
Designated bridge     address 0019.56db.aa80  priority  24577  port id   128.15
Timers: message expires in 0 sec, forward delay 0, forward transitions 5
Bpdus (MRecords) sent 3196, received 861

FastEthernet0/14 of MST1 is designated forwarding
Port info             port id          16.16  priority     16 cost      200000
Designated root       address 0019.56db.aa80  priority  24577  cost           0
Designated bridge     address 0019.56db.aa80  priority  24577  port id    16.16
Timers: message expires in 0 sec, forward delay 0, forward transitions 5
Bpdus (MRecords) sent 4032, received 3364

FastEthernet0/15 of MST1 is designated forwarding
Port info             port id           0.17  priority      0  cost      200000
Designated root       address 0019.56db.aa80  priority  24577  cost           0
Designated bridge     address 0019.56db.aa80  priority  24577  port id     0.17
Timers: message expires in 0 sec, forward delay 0, forward transitions 5
Bpdus (MRecords) sent 4032, received 3364

sw2#sh spann mst 1

##### MST1    vlans mapped:   3-7
Bridge        address 0019.56db.d900  priority      32769 (32768 sysid 1)
Root          address 0019.56db.aa80  priority      24577 (24576 sysid 1)
              port    Fa0/15          cost          200000    rem hops 19

Interface        Role Sts Cost      Prio.Nbr Type
—————- —- — ——— ——– ——————————–
Fa0/4            Desg FWD 200000    128.6    P2p
Fa0/13           Altn BLK 200000    128.15   P2p
Fa0/14           Altn BLK 200000    128.16   P2p
Fa0/15           Root FWD 200000    128.17   P2p  <-booyah
Fa0/19           Altn BLK 200000    128.21   P2p

1.8 Etherchannel

Create a couple of L3 EtherChannels.

1.9 Interface Negotiation

Hard code all ports in vlan 3 to 100/Full

sw1#sh vlan br | i VLAN0003
3    VLAN0003                         active    Fa0/3, Fa0/9, Fa0/10, Fa0/11

sw1(config)#int range fa0/3, fa0/9 – 11
sw1(config-if-range)#speed 100
sw1(config-if-range)#duplex full

Remember that you need to hard-code BOTH sides of the link to avoid speed/duplex mismatches:

04:47:14: %CDP-4-DUPLEX_MISMATCH: duplex mismatch discovered on FastEthernet0/3(not half duplex), with r3 FastEthernet0/0 (half duplex).

sw1#sh cdp nei f0/3
Capability Codes: R – Router, T – Trans Bridge, B – Source Route Bridge
                  S – Switch, H – Host, I – IGMP, r – Repeater, P – Phone

Device ID        Local Intrfce     Holdtme    Capability  Platform  Port ID
r3               Fas 0/3           153          R S I     2811      Fas 0/0

r3(config)#int fa0/0
r3(config-if)#speed 100
r3(config-if)#duplex full

sw1#sh int status | i 3
Fa0/3                        connected    3            full    100 10/100BaseTX
Fa0/9                        notconnect   3            full    100 10/100BaseTX
Fa0/10                       notconnect   3            full    100 10/100BaseTX
Fa0/11                       notconnect   3            full    100 10/100BaseTX

Fa0/13                       connected    trunk      a-full  a-100 10/100BaseTX
Fa0/23                       notconnect   1            auto   auto 10/100BaseTX

DOH!!!!  The IE solution did not include fa0/3 on sw1 (connected to r3 fa0/0).  This is a matter of question interpretation.  The task states the Windows machines are getting network errors.  Then it states:

“In order to resolve this problem, ensure that all ports in VLAN 3 are hard coded to 100Mbps Full-Duplex.”

In order to meet the last requirement you would need to hard code fa0/3 to 100/Full.  BUT the problem is NOT with network devices, but with hosts.  Another “ask the proctor” moment.  🙂

Advertisements

Leave a Comment »

No comments yet.

RSS feed for comments on this post. TrackBack URI

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

Blog at WordPress.com.

%d bloggers like this: