Maintaining and Troubleshooting Campus Switched Networks

CIS 188 CCNP TSHOOT (Troubleshooting)
Ch. 4 Maintaining and Troubleshooting

Campus Switched Networks
Rick Graziani
Cabrillo College
graziani@cabrillo.edu
Fall 2014
Materials
Book:
Troubleshooting and Maintaining
Cisco IP Networks (TSHOOT)
Foundation Learning Guide:
Foundation learning for the CCNP
TSHOOT 642-832
By Amir Ranjbar
Book
ISBN-10: 1-58705-876-6
ISBN-13: 978-1-58705-876-9
eBook
ISBN-10: 1-58714-170-1
ISBN-13: 978-1-58714-170-6
Chapter 4 Objectives
Diagnose VLAN, VTP, and trunking problems using the IOS

command line interface.
Diagnose spanning tree and EtherChannel problems using the IOS
command line interface.
Diagnose and resolve problems with SVIs and inter-VLAN routing.
Diagnose and resolve problems related to first hop redundancy
protocols such as HSRP, VRRP, and GLBP.
Troubleshooting VLANs
LAN Switch Operation
A good understanding of the processes involved in Layer 2 switching is

essential to any engineer that is involved in network troubleshooting.
Many times we try to memorize situations instead of understanding and
analyzing network operations.
To focus just on Layer 2 switching, assume that the two hosts reside on a
common subnet (VLAN).
Host A pings Host B
5
Host A Needs to determine if 10.1.1.2 is on its subnet or another subnet.

How does Host A knows its own network address?
IP Address AND Subnet Mask
How does Host A know Host Bs network address?
Host Bs IP Address AND Host As Subnet Mask
Why does Host A use its own Subnet Mask and not that of Host B?
Does not know Host Bs Subnet Mask
If Host B is in same subnet as Host A they will have the same mask
Host A compares the network address from both AND operations
Same network address: Need MAC Address of 10.1.1.2
Different network addresses: Need MAC Address of Default Gateway
LAN Switch Operation
Host A and Host B are on the same subnet

Host A will examine its Address Resolution Protocol (ARP) cache to find the
MAC address of Host B.
If there is an entry for 10.1.1.2 and its MAC Address:
No ARP process needed
Encapsulate the IP packet in an Ethernet frame with Destination
MAC address of Host B
7
If Host A does not have an ARP cache entry for 10.1.1.2:

Sends out ARP Request (broadcast)
ARP Request: Contains IP address of 10.1.1.2 but no MAC Address
Switch C:
Learns
Checks the VLAN of the incoming port (VLAN 10)
Records (or resets 5 minute timer) for Source MAC address and
Port Number
8
Switch C:
Forward
The MAC address table never contains an entry for the broadcast
MAC address (FFFF:FFFF:FFFF).
Switch C will flood the frame on all ports:
All access ports in that VLAN (VLAN 10)
All trunks that this VLAN is allowed, active, and not pruned on
Except the port it came in from
Switches D and E repeat this process as they receive the frame
Host B receives the ARP request:

Records the Host As IP address and MAC address in its own ARP
cache
Sends an ARP Reply (unicast) back to Host A
10
Because all switches now have an entry in their MAC address table for the
MAC address of Host A they will:
Learns
Record Host Bs MAC address and corresponding interface and VLAN
in their MAC address table (if they did not already have that entry)
Forwards
Forward the frame containing the ARP reply on the path to Host A only
No flooding
11
Host A receives the ARP reply:

Records the IP and MAC address of Host B in its ARP cache
Now it is ready to send the original IP packet.
Host A encapsulates the IP packet (ICMP echo request) in a unicast frame
destined for Host B and sends it out.
Note that the Ethernet type field of 0x0800 (IP packet)
The switches examine their MAC address tables:
Learn: Resets 5 minute timer Host As source MAC address
Forward: Finds Host Bs MAC address and forward it towards Host B
(no flooding)
12
Host B receives the packet

Responds to Host A (sends an ICMP echo reply packet)
The switches examine their MAC address tables:
Learn: Resets 5 minute timer Host Bs source MAC address
Forward: Finds Host As MAC address and forward it towards Host A (no
flooding)
13
Host A receives the packet

Ping program displays output
The end.
Question: If everything works as shown why might this first ping fail?
Sometimes the very first ICMP echo request times out due to the
requirement for an ARP Request
Although this process might seem trivial, listing the steps clearly shows that even
for the simplest communication, an elaborate chain of events take place.
If at any point this chain is broken due to faulty cabling, failing devices, or
misconfiguration, the communication will fail.
Important to leverage your knowledge of these processes to diagnose and solve
14
problems in a switched environment.
Some possible issues that could cause the communication to fail
Firewall (host or switch)

Physical problems
Bad, missing, or miswired cables
Bad ports
Power failure
Device problems
Software bugs
Performance problems
Misconfiguration
Missing or wrong VLANs
Misconfigured VTP settings
Wrong VLAN setting on access
ports
Missing or misconfigured trunks
Native VLAN mismatch
VLANs not allowed on trunk
15
Verifying Layer 2 Forwarding
A common method to troubleshoot Layer 2 switching problems is to follow

the path of the frames through the switches.
Takes time and effort
Objective: To confirm that frames have passed through the switches and to
verify how each switch made its forwarding decisions.
Find the point where the trail stops.
Possible to start at the endpoints.
16
MAC Address Table key data structure

Find the entry for a particular MAC address in this table it proves:
Proves within the last five minutes this switch received frames from that
source
But nothing about a particular frame.
Useful command:
clearmacaddresstable- Verify that the MAC address is
learned again when you reinitiate the connection
17
Many possible findings and conclusions :

Frames are not received on the correct VLAN:
Possible VLAN or trunk misconfiguration.
Frames are received on a different port than you expected:
Possible physical problem, spanning tree issues or duplicate MAC
addresses.
The MAC address is not registered in the MAC address table:
Most likely problem is upstream from this switch.
18
show vlan:
Verifies VLAN existence and port-to-VLAN associations.
Lists all VLANS that were created on the switch (either manually or
through the VLAN Trunking Protocol [VTP]).
Note: Trunks are not listed because they do not belong to any VLAN, in
particular.
19
show interfaces trunk:

Displays all interfaces that are configured as trunks.
Displays for each trunk which VLANs are allowed and what the native VLAN
is.
20
show interfaces switchport:

Gives a quick summary of all VLAN related information for a single
interface.
21
traceroute mac:
You specify a source and destination MAC address
Shows a list of switch hops that a frame from that source MAC address to
that destination MAC address.
Discovers the Layer 2.
This command requires that Cisco Discovery Protocol (CDP) is enabled on
all the switches in the network (or at least within the path).
22
Troubleshooting STP
23
Spanning Tree Protocol (STP)

STP often accounts for more
than 50 % of the configuration,
troubleshooting, and
maintenance headaches in realworld campus networks
(especially if they are poorly
designed).
Complex protocol that is
generally poorly understood.
Radia Perlman Developer of
STP
24
L2 Loops
Switch (Bridge) loops can occur
any time there is a redundant
path or loop in the bridge
network.
The switches will flip flop the
MAC address table entries
(creating extremely high CPU
utilization).
Unicasts, unknown unicasts and
broadcasts are all problems.
25
Spanning Tree Algorithm

STP executes an algorithm
called Spanning Tree Algorithm
(STA).
STA chooses a reference
point, called a root bridge.
Then determines the
available paths to that
reference point.
If more than two paths
exists, STA picks the best
path and blocks the rest
26
Two-key STP Concepts

STP calculations make extensive use of two key concepts in creating a
loop-free topology:
Bridge ID
Path Cost
Link Speed
Cost (Revised IEEE

Spec)
Cost (Previous IEEE

Spec)
10 Gbps
1 Gbps
100 Mbps
19
10
10 Mbps
100
100
27
Five-Step STP Decision Sequence

When creating a loop-free topology, STP always uses the same fivestep decision sequence:
Five-Step decision Sequence
Step 1 - Lowest BID
Step 2 - Lowest Path Cost to Root Bridge
Step 3 - Lowest Sender BID
Step 4 Lowest Port Priority
Step 5 - Lowest Port ID
Bridges use Configuration BPDUs during this five-step process.
We will assume all BPDUs are configuration BPDUs
28
The following STP slides are for your review of STP.
29
Elect one Root Bridge

Lowest BID wins!
Who wins?
30
Elect one Root Bridge

Lowest BID wins!
My BID is
32768.0001.C945.A573
Who wins?
My BID is
32768.0005.5E0D.9315
My BID is
32768.0060.47B0.5850
My BID is
32768.0003.E461.46EC
My BID is
32768.0001.964E.7EBB
I win!
Root Bridge
31
Elect Root Ports

I will select
STP Convergence
one Root
Port that is
Step 1 Elect one Root Bridge
closest, best
Step 2 Elect Root Ports
Step 3 Elect Designated Ports path to the
root bridge.
Next, each switch determines its Root Port:

Its port closest to the Root Bridge
Bridges use the cost to determine closeness.
Every non-Root Bridge will select one Root Port!
Specifically, bridges track the Root Path Cost, the cumulative
cost of all links to the Root Bridge.
32
Root Bridge, Access2 sends out BPDUs, containing a Root Path Cost of 0.
Switches receive these BPDUs and adds the Path Cost of the FastEthernet interface to the
Root Path Cost contained in the BPDU.
This value is used internally and used in BPDUs to other switches.
Path Cost
BPDU
BPDU
Cost=0+19=19
Cost=0+19=19
19
19
0
BPDU
Cost=0+19=19
19
0
BPDU
Cost=0
Root Bridge
33
Difference b/t Path Cost and Root Path Cost

Path Cost:
The value assigned to each port.
Added to BPDUs received on that port to
calculate Root Path Cost.
Root Path Cost

Cumulative cost to the Root Bridge.
This is the value transmitted in the BPDU.
Calculated by adding the receiving ports
Path Cost to the valued contained in the
BPDU.
Path Cost
BPDU
BPDU
Cost=0+19=19
Cost=0+19=19
19
19
0
BPDU
Cost=0+19=19
19
0
BPDU
Cost=0
Root Bridge
34
Switches now send BPDUs with their Root Path Cost out other interfaces.
Switches receive BPDU and add their path cost.
Path Cost
BPDU
BPDU
Cost=4+19=23
Cost=4+19=23
19
19
BPDU
BPDU
Cost=19
Cost=19
0
19
Root Bridge
35
This process continues
BPDU
BPDU
Cost=4+19=23
Cost=4+19=23
19
19
BPDU
BPDU
Cost=19
Cost=19
0
19
Root Bridge
36
This process continues
Path Cost
BPDU
Cost=4+19=23
BPDU
BPDU
Cost=19+19=38
Cost=19
19
23
23
19
0
19
BPDU
Cost=4+19=23
19
0
0
Root Bridge
37
Final Results
Ports show BPDU Received Root Path Cost + Path Cost = Root Path Cost of Interface,
after the best BPDU is received on that port from the neighboring switch.
This is the cost of reaching the Root Bridge from this interface towards the neighboring
switch.
Now lets see how this is used!
Path Cost
19+4=23
23+4=27
19+19=38
19
19+4=23
23+4=27
19+19=38
19+4=23
19
19+4=23
19+4=23
19+4=23
0
0
19
0
Root Bridge
38
Next:
Elect Root Ports
Elect Root Ports
Every non-Root bridge must select one Root Port.
A bridges Root Port is the port closest to the Root
Elect Designated Ports
Bridge.
Non-Designated Ports: All other ports
Bridges use the cost to determine closeness.
Path Cost
These values
would be the
Root Path Cost
if this interface
was used to
reach the Root
Bridge.
23
27
38
19
23
27
38
23
19
23
23
23
0
19
0
Root Bridge
39
Elect Root Ports: (Review)

Ports show Root Path Cost of Interface, after the best BPDU is received on
that port from the neighboring switch.
This is the cost of reaching the Root Bridge from this interface towards the
neighboring switch.
Distribution 1 thought process
Path Cost
If I go
through
Core it costs
27.
If I go
through D2
it costs 38.
If I go
through A1 it
costs 23.
If I go through
A2 it costs 19.
This is the best
path to the
Root!
40
Elect Root Ports

Every non-Root bridge must select one Root Port.
A bridges Root Port is the port closest to the Root Bridge.
Bridges use the Root Path Cost to determine closeness.
19
23
23
19
23
23
38
23
38
RP
27
27
23
19
RP
0
0
RP
0
Root Bridge
41
Elect Root Ports

Step 1 - Lowest BID
Step 4 - Lowest Port Priority
Core switch has two equal Root Path Costs to the

Root Bridge.
Five-step decision process.
Dist 1 switch has a lower Sender BID than Dist 2.
Core chooses the Root Port of G 0/1.
RP
My BID is
32768.0005.5E0D.9315
Lower BID
19
23
23
19
23
23
My BID is
32768.0060.47B0.5850
38
23
38
RP
27
27
23
19
RP
0
0
RP
0
Root Bridge
42
Elect Designated Ports
STP Convergence
Step 3 Elect Designated Ports
A Designated Port functions as the single bridge port that both sends and
receives traffic to and from that segment and the Root Bridge.
Each segment in a bridged network has one Designated Port, chosen
based on cumulative Root Path Cost to the Root Bridge.
The switch containing the Designated Port is referred to as the Designated
Bridge for that segment.
To locate Designated Ports, lets take a look at each segment.
Segments perspective: From a device on this segment, Which switch
should I go through to reach the Root Bridge?
43
A Designated Port is elected for every segment.

Segments perspective: From a device on this segment, Which switch should I go through
to reach the Root Bridge?
Ill decide using the advertised Root Path Cost from each switch!
RP
23
23
?
19
19
19
19
?
19
? ?
RP
19
19
RP
19
19
19
19
RP
?
0
0
0
Root Bridge
44
Because Access 2 has the lower Root Path Cost it becomes the Designated Port for that
segment.
RP 23
23
19
19
19
19
My19designated
What is my
portbest
will be
path
019
via Access
to the2 Root
(Fa0/5).
Bridge,
Its the
19
19
19
best path,
via lowest
AccessRoot
1 or Path,
0 via
Access
Bridge.
2?
RP to the Root
19
19 RP
19 RP
0
DP 0
0
Root Bridge
45
Because Access 2 has the lower Root Path Cost it becomes the Designated Port for those
segments.
RP 23
19
19
19
19
19
RP
19
19
19 RP
23
19
19
19 RP
?
DP
DP 0
0
0 DP
Root Bridge
46
Segment between Distribution 1 and Access

1 has two equal Root Path Costs of 19.
Using the Lowest Sender ID (first two steps
are equal), Access 1 becomes the best path
and the Designated Port.
RP 23

Step 1 - Lowest BID
23
32768.0005.5E0D.9315
19
19
19
19
RP
?
DP 19
32768.0003.E461.46EC
Lower BID
19
19 RP
19
What is my best path

to the Root Bridge,
19
19
via Distribution
1 or
19
19 via Access 1?
They are the same! 19 RP
Who has the lowest
BID?
DP
DP 0
0
0 DP
Root Bridge
47
After this process is finished

All other ports, those ports that are not Root Ports or Designated Ports, become NonDesignated Ports.
Non-Designated Ports are put in blocking mode.
This is the loop prevention part of STP.
RP 23
23
NDP
DP
19
DP
NDP
19
19
DP
19
19
RP
19
19 RP
19
NDP
DP
X
X
19
19
NDP
19 RP
DP
0 DP
DP 0
0
Root Bridge
48
Path Cost
show spanning-tree
Core# show spanning-tree

VLAN0001
Spanning tree enabled protocol ieee
Root ID
Priority
32769
Address
0001.964E.7EBB
Cost
4
Port
25(GigabitEthernet0/1)
Hello Time 2 sec Max Age 20 sec Forward Delay 15 sec
Bridge ID
Priority
Address
Hello Time
Aging Time
Interface
---------------Gi0/1
Gi0/2
Role
---Root
Altn
32769 (priority 32768 sys-id-ext 1)

0001.C945.A573
2 sec Max Age 20 sec Forward Delay 15 sec
20
Sts
--FWD
BLK
Cost
--------4
4
Prio.Nbr
-------128.25
128.26
Type
-------------------------------P2p
P2p
49
show spanning-tree detail
Path Cost
Core# show spanning-tree detail

VLAN0001 is executing the ieee compatible Spanning Tree Protocol
Bridge Identifier has priority of 32768, sysid 1, 0001.C945.A573
Configured hello time 2, max age 20, forward delay 15
Current root has priority 32769
Root port is 25 (GigabitEthernet0/1), cost of root path is 4
Topology change flag not set, detected flag not set
Number of topology changes 0 last change occurred 00:00:00 ago
from FastEthernet0/1
Times: hold 1, topology change 35, notification 2
hello 2, max age 20, forward delay 15
Timers: hello 0, topology change 0, notification 0, aging 300
50
Port Cost/Port ID

Step 1 - Lowest BID
0/2
0/1
Assume path cost and port priorities

are default (32). Port ID used in this
case. Port 0/1 would forward because
its the lowest.
If the path cost and bridge IDs are equal (as in the case of parallel links), the
switch goes to the port priority as a tiebreaker.
Lowest port priority wins (all ports set to 32).
You can set the priority from 0 63.
If all ports have the same priority, the port with the lowest port number forwards
frames.
51
Port Cost/Port ID
Fa 0/3 has a lower Port ID than Fa 04.
More later (Fast EtherChannel)

Step 1 - Lowest BID
RP
19
NDP
19
DP
DP
52
STP Convergence: Summary

Recall that switches go through three steps for their initial
convergence:
STP Convergence
Step 3 Elect Designated Ports
Also, all STP decisions are based on a the following predetermined
sequence:
Step 1 - Lowest BID
Step 4 Lowest Port Priority
53
STP Port States

MAC Address
Table
Updating
Disabled
Blocking
Listening
Learning
Forwarding
BPDUs
Data
Port State
BPDU
MAC-Add Table
Data frames
Duration
Disabled
None sent/received
No update
None sent/received
Until no shutdown
Administratively shutdown; Not an STP port state

Blocking
Receive only
No update
None sent/received
Continuous if loop
detected
None sent/received
Forward delay 15 sec
Port initializes; receives BPDUs only

Listening
Receive and send
No update
Building active topology. Thinks port can be selected root or designated port.
Returns to blocking (NDP) if cannot become root or designated port.
Learning
Receive and send
Updating Table
None sent/received
Forward delay 15 sec
Building bridging table. Switch can now learn source MAC Addresses but is not
formally receiving frames in order to forward them.
Forwarding Receive and send
Updating Table
Sent and received
Continuous if up and no
loop detected
Sending/Receiving data, no loops detected. Port is either a root or designated port.

54
STP and RSTP

802.1D
802.1w
vs
Up to this point no distinction has been made between the classical

(802.1D) and Rapid (802.1w) versions of the Spanning Tree Protocol.
Similarities: Both versions execute the same algorithm when it comes to
the decision making process.
Differences: Classical 802.1D can take up to 50 seconds to transition a port
to forwarding, whereas Rapid Spanning Tree can leverage additional
mechanisms to transition a port in Blocking state to the Forwarding state in
less than a second.
55
RSTP (Reminder)
Root Bridge: Same election process as 802.1D (lowest BID)
Ports
Root Port (802.1D Root Port)
The one switch port on each switch that has the best
root path cost to the root.
Designated Port (802.1D Designated Port)
The switch port on a network segment that has the
best root path cost to the root.
Alternate Port (802.1D Blocking Port)
A port with an alternate path the root.
An alternate port receives more useful BPDUs from
another switch and is a port blocked.
Similar to how Cisco UplinkFast works.
Backup Port (802.1D Blocking Port)
A port that provides a redundant (but less desirable)
connection to a segment where another switch port
already connects.
A backup port receives more useful BPDUs from the
same switch it is on and is a port blocked.
Rick Graziani
RSTP Port States (Reminder)

Operational
Port State
STP Port State
RSTP Port State
Disabled
Disabled
Discarding
Enabled
Blocking
Discarding
Enabled
Listening
Discarding
Enabled
Learning
Learning
Enabled
Forwarding
Forwarding
RSTP defines port states based on what it does with incoming data frames.
Discarding
Incoming frames are dropped
No MAC Addresses learned
Combination of 802.1D (Disabled), Blocking and Listening
Learning
Incoming frames are dropped
MAC Addresses learned
Forwarding
Incoming frames are forward.
57
RSTP BPDUs (Reminder)

STP Port State
STP BPDUs
RSTP Port State
RSTP BPDUs
Disabled
Not Sent/Received
Discarding
Not Sent/Received
Blocking
Receive only
Discarding
Sent/Received
Listening
Sent/Received
Discarding
Sent/Received
Learning
Sent/Received
Learning
Sent/Received
Forwarding
Sent/Received
Forwarding
Sent/Received
RSTP uses same 802.1D BPDU format for backward compatibility.

802.1D and 802.1w switches can coexist.
BPDUs sent out every switch port at Hello Time intervals regardless if
BPDUs are sent on the port.
When three BPDUs in a row (6 seconds) are missed:
the neighbor switch is presumed down
All MAC address information pointing to that switch (out that port) is
immediately aged out (flushed)
Switch can detect a neighbor down in 6 seconds instead of MaxAge
of 20 seconds.
58
Analyzing the STP Topology
Know where the root bridge is.

This may need to be changed if the network grows
The selection of the Root bridge may never have been determined
Typically near the central point of your network, near severs, core or
distribution points.
Remember, different VLANs can have different Root bridges (PVST+) to
maximize the use of redundant links.
The original STP timers (forward delay, max age) are based on the
assumption that the network diameter is up to seven switches long.
59
Show spanning tree detail
Distribution1# show spanning-tree detail

Port 26 (GigabitEthernet0/2) of VLAN0030 is designated blocking
Port path cost 4, Port priority 128, Port Identifier 128.26
Designated root has priority 128, address 000C.CF0B.1503
Designated bridge has priority 32798, address 0003.E461.46EC
Designated port id is 128.26, designated path cost 4
Timers: message age 16, forward delay 0, hold 0
Number of transitions to forwarding state: 1
Link type is point-to-point by default
Port Cost/Port ID
Distribution1# show spanning-tree
VLAN0001
Spanning tree enabled protocol ieee
Root ID
Priority
32769
Address
0009.7c0b.e7c0
Cost
19
Port
3 (FastEthernet0/3)
Hello Time
Bridge ID Priority
32769 (priority 32768 sys-id-ext 1)
Address
000b.fd13.9080
Hello Time
Aging Time 300
Interface
Port ID
Designated
Name
Prio.Nbr
Cost Sts
Cost Bridge ID
---------------- -------- --------- --- --------- -------------------Fa0/1
128.1
19 BLK
19 32769 000b.befa.eec0
Fa0/2
128.2
19 BLK
19 32769 000b.befa.eec0
Fa0/3
128.3
19 FWD
0 32769 0009.7c0b.e7c0
Fa0/4
128.4
19 BLK
0 32769 0009.7c0b.e7c0
Fa0/5
128.5
19 FWD
19 32769 000b.fd13.9080
Gi0/1
128.25
4 FWD
19 32769 000b.fd13.9080
Port ID
Prio.Nbr
-------128.1
128.2
128.1
128.2
128.5
128.25
61
Return here. Spanning Tree Failures
Biggest problem is NOT with STP.

Main concern is when a problem related to STP exists.
Two different types of failures.
STP erroneously blocks certain ports that should have gone to the
forwarding state.
Cause problems that are similar to the OSPF problem: you might
lose connectivity to certain parts of your network, but the rest of the
network is unaffected.
STP erroneously moves one or more ports to the Forwarding state
(more disruptive)
An Ethernet frame header does not include a Time To Live (TTL)
field, forwarded by the switches indefinitely.
Traffic will increase exponentially
Load on links and high CPU utilization
Frequent MAC address table changes
Routers become unreachable
62
Spanning Tree Failures
Troubleshooting STP
Remove all redundancy
Find the root cause of the problem.
STP disabled on a switch
Cabling problem (unidirectional link)
63
Troubleshooting Etherchannel
64
Spanning Tree and EtherChannel
Etherchannel Bundle
Spanning Tree only allows a single link between switches to prevent

bridging loops.
Ciscos EtherChannel technology allows for the scaling of link
bandwidth by aggregating or bundling parallel links.
Treated as a single, logical link.
Access or Trunk link
Allows you to expand the links capacity without having to
purchase new hardware (modules, devices).
65
DLS1(config)# interface range fa 0/11 - 12

DLS1(config-if-range)# switchport trunk encapsulation dot1q
DLS1(config-if-range)# switchport mode trunk
DLS1(config-if-range)# switchport trunk native vlan 2
DLS1(config-if-range)# switchport trunk allowed vlan 1, 10-99
DLS1(config-if-range)# channel-protocol pagp
DLS1(config-if-range)# channel-group 1 mode desirable
There are three common EtherChannel problems

Inconsistencies between the physical ports that are members of the channel
The physical links in an EtherChannel must have the same operational
characteristics.
Same:
speed
duplex
trunk or access port status
native VLAN when trunking
same access VLAN when they are access ports
Recommended that the configuration of all physical links in the channel be
identical.
Otherwise this port will be suspended and removed from the EtherChannel bundle
66
until consistency is restored: %EC-5-CANNOT_BUNDLE2 log message

DLS1(config-if-range)# switchport trunk native vlan 2
DLS1(config-if-range)# switchport trunk allowed vlan 1, 10-99
Inconsistencies between the ports on the opposite sides of the

EtherChannel link
If the switch is configured to bundle these links into an EtherChannel and
the switch on the other side is not
Use EtherChannel negotiation protocol (802.3ad Link Aggregation Control
Protocol (LACP) or the Port Aggregation Protocol (PAgP))
Both sides must first agree to form the channel
67
Forming EtherChannels
EtherChannel
on
on
PAgP Negotiated EtherChannel

desirable
desirable
auto
LACP Negotiated EtherChannel

active
active
passive
68
Configuring PAgP
DLS1(config)# port-channel load-balance dst-ip
DLS2(config)# port-channel load-balance src-dst-ip
DLS2(config-if-range)# channel-group 1 mode auto
Notice:
Load balancing does not have to match but usually it does.
DTP on DLS2 is dyanmic auto (result is trunk with DLS1)
PAgP configured on both ends
69
Verifying
DLS1# show etherchannel protocol
Group: 1
---------Protocol: PAgP
DLS1# show etherchannel load-balance

EtherChannel Load-Balancing Operational State (dst-ip):
Non-IP: Destination MAC address
IPv4: Destination IP address
IPv6: Destination IP address
DLS1#

70
DLS1# show etherchannel summary

Flags: D - down
P - in port-channel
I - stand-alone s - suspended
H - Hot-standby (LACP only)
R - Layer3
S - Layer2
U - in use
f - failed to allocate aggregator
u - unsuitable for bundling
w - waiting to be aggregated
d - default port
Number of channel-groups in use: 1
Number of aggregators:
1
Group Port-channel Protocol
Ports
------+-------------+-----------+------------------------------1
Po1(SU)
PAgP
Fa0/11(P)
Fa0/12(P)
DLS1#

71
DLS1# show etherchannel port

Group: 1
---------Port: Fa0/11
-----------Port state
Channel group
Port-channel
Port index
=
=
=
=

Up Mstr In-Bndl
1
Mode = Desirable-Sl
Po1
GC
= 0x00010001
0
Load = 0x00
Gcchange = 0
Pseudo port-channel = Po1
Protocol =
PAgP
Flags:
S - Device is sending Slow hello. C - Device is in Consistent state.

<output omitted>
Timers: H - Hello timer is running.
Q - Quit timer is running.
<output omitted>
Can help determine if the load balancing is being
distributed equally across the links
Local information:
Port
Fa0/11
Flags State
SC
Timers
Hello
Partner PAgP
Interval Count
Priority
Learning Group
Method Ifindex
Partner's information:
Port
Fa0/11
Partner
Name
DLS2
Partner
Device ID
001b.8fc8.0080
Partner
Port
Age
Partner Group
Flags
Cap.
Age of the port in the current state: 00d:00h:35m:29s

Port: Fa0/12
-----------...
72
Verifying (only showing DLS1)

DLS1#show run
!
port-channel load-balance dst-ip
!
interface Port-channel1
switchport trunk encapsulation dot1q
switchport mode trunk
!
interface FastEthernet0/11
lacp port-priority 99
channel-group 1 mode active
!
lacp port-priority 99
!
!
We will discuss the significance

of the Port-channel interface
with MLS.
73
Uneven distribution of traffic between EtherChannel bundle members

EtherChannel traffic is not equally balanced across all physical links in the
bundle.
Hash of a combination of fields in the Ethernet and IP headers of a frame
Distribution of traffic depends on two things:
The distribution of hash values over the physical links
The header fields that are used as a key into the hash calculation.
74
The distribution of hash values over the physical links

The Cisco EtherChannel hash algorithm results in a value between 0 and 7.
Assuming a random mix of traffic
Using an eight port EtherChannel:
Distribution of traffic will be equally balanced across all eight links.
Using a six port EtherChannel:
Distribution of traffic will be 2:2:1:1:1:1 instead
The first two links in the channel will each handle twice as much traffic as
the other links.
75
Switch(config)# port-channel load-balance ?

dst-ip
Dst IP Addr
bits
dst-mac
Dst Mac Addr
bits
src-dst-ip
Src XOR Dst IP Addr
XOR
src-dst-mac Src XOR Dst Mac Addr
XOR
src-ip
Src IP Addr
bits
src-mac
Src Mac Addr
bits
Default
29xx 36xx
Default non-IP
traffic
The header fields that are used as a key into the hash calculation.
The choice of header fields to be hashed does affect the distribution.
Example:
Only the destination MAC address is used
If 90% of all frames are destined for a single MAC address (for instance,
the MAC address of the default gateway)
All of that traffic would end up on the same physical link.
If you see an uneven distribution of traffic over the links in the channel, you
should examine the hashing method and the traffic mix to determine the
cause.
76
Troubleshooting Switched
Virtual Interfaces and InterVLAN Routing
77
Multilayer Switch Interfaces

Layer 2: Access or Trunk Ports
Logical Interface (SVI)
Physical Interface
Performs both Layer 2 switching and interVLAN routing.

Layer 2 Interface: Access or Trunk ports
Layer 3 Interface
Has an IP address assigned to it.
The Default Gateway for any hosts connected to that interface or VLAN.
Physical interface
Same as a router
Aka Routed Port
Example: interface gigabit 0/1
Logical Interface
Represents an entire VLAN
Switched Virtual Interface (SVI)
Example: interface vlan 10
78

Layer 2: Access or Trunk Ports
Logical Interface (SVI L3)
Physical Interface (L3)
DLS1# show interface gig 0/2 switchport

Name: Gig0/2
Switchport: Enabled
<output omitted>
Layer 2 or Layer 3 Interface?

Default on most Catalyst switches: Layer 2
Default on Catalyst 6500: Layer 3
Verify mode:
Switch# show interface type mod/num switchport
Switchport: Think Layer 2
Enabled: Layer 2
Disabled: Layer 3
79

Name: Gig0/2
Switchport: Disabled
Layer 3
<output omitted>
DLS1# config t
DLS1(config)# interface gig 0/2
DLS1(config-if)# switchport
Converts interface to Layer 2
DLS1(config-if)# end
Name: Gig0/2
Layer 2
Switchport: Enabled
<output omitted>
If in Layer 3 mode switchport interface command puts the port into

Layer 2 mode.
80
Layer 3 Port Configuration

Physical Interfaces

DLS1(config-if)# no switchport
DLS1(config-if)# ip address 192.168.1.1 255.255.255.252
DLS2(config-if)# no switchport
The port no longer belongs to any VLAN

Physical switch ports can operate as Layer 3 interfaces using the interface
command:
Switch(config)# interface type mod/num
Switch(config-if)# no switchport
Switch(config-if)# ip address ip-address mask
81
SVI Interfaces
- Logical Interfaces
Switch(config)# vlan vlan-number

Switch(config-vlan)# name vlan-name
SwitchA(config)# interface vlan vlan-number
SwitchA(config-if)# ip address ip-address mask
SwitchA(config-if)# no shutdown
Layer 3 functionality can also be enabled for an entire VLAN.

The IP address is assigned to the logical interface the VLAN.
This is needed when routing is required between VLANs.
SVI (Switched Virtual Interface)
No physical connection
VLANs must be created before the SVI can be used.
The IP address associated of the VLAN interface is the default gateway of
the workstation.
82
An SVI is not a physical interface so it generally doesnt fail

Its status is directly dependent on the status of the VLAN with which it is
associated.
The SVI stays up as long as there is at least one port associated to the
corresponding VLAN.
Access port or trunk port (in allowed list)
That port has to be up and in the Spanning Tree forwarding state.
When the SVI is down the corresponding connected subnet will be
removed from the routing table
83
Creating VLANs
DLS1: Create and name the user VLANs: 10, 11,
20 and 21.
DLS1: Create and name a Management VLAN
(used to telnet into switches)
DLS1: Create and name a NATIVE VLAN other
than VLAN 1 (default)
DLS1: Create and name a Garbage VLAN
(assigned to all unused ports.)
All ports that are not used (trunks and
access) will be assigned as an access port
to this VLAN.
DLS1
vlan 2
name NATIVE
vlan 10
name Engineering
vlan 11
name IT
vlan 20
name Sales
vlan 21
name Administration
vlan 99
name ManagementVLAN
vlan 222
name GarbageVLAN
84
Management VLAN
For each device in the network
we configured it to be a member
of the management VLAN.
On each switch
Switch(config)# inter vlan 99
Switch(config-if)# description Management VLAN
Switch(config-if)# ip address 172.16.99.x 255.255.255.0
Switch(config-if)# no shutdown
85
Default Gateway
Configure DLS1 to be the
default gateway for VLANs 10
and 11.
All hosts on these VLANs will
use these addresses as their
default gateway addresses.
DLS1(config)# inter vlan 10
DLS1(config-if)# description Engineering VLAN
DLS1(config-if)# no shutdown
DLS1(config-if)# description IT VLAN
DLS1(config-if)# no shutdown
86
Default Gateway
Configure DLS2 to be the
default gateway for VLANs 20
and 21.
All hosts on these VLANs will
use these addresses as their
default gateway addresses.
DLS2(config-if)# description Sales VLAN
DLS2(config-if)# no shut
DLS2(config-if)# description Administration VLAN
DLS2(config-if)# no shut
87
Verifying
Verify IP addresses
DLS1#show ip inter brief

Interface
IP-Address
OK? Method Status
Protocol
FastEthernet0/1
192.168.4.6
YES manual up
up
GigabitEthernet0/1
192.168.1.1
YES manual up
up
Vlan10
172.16.10.1
YES manual up
up
Vlan11
172.16.11.1
YES manual up
up
Port-channel 1
DLS1#
unassigned
YES manual up
up
88
Differences between Routers and Multilayer Switches

Media and Interfaces
Routers connect heterogeneous networks and support a wide variety of
media and interfaces.
Multilayer switches typically connect homogenous networks.
LAN switches are mostly Ethernet only.
Multilayer switches utilize specialized hardware (ASICs) to achieve wirespeed Ethernet-to-Ethernet packet switching.
Routers usually support a wider range of features, mainly because switches
need specialized hardware to be able to support certain data plane features
or protocols.
89
CEF
Routers and Multilayer Switches use Cisco Express Forwarding (CEF) as

the main packet switching mechanism.
Forwarding Information Base (FIB) and adjacency table are both stored
in the routers main memory and are consulted by the router to forward
packets using the CEF switching method.
The router builds the CEF data structures by combining information from a
number of control plane data structures like the routing table and Address
Resolution Protocol (ARP) cache.
90
The information in the CEF data structures should accurately reflect the
information in the control plane data structures.
When troubleshooting IP routing under normal circumstances:
Check the control plane data structures
If the control plane information is correct, but packets are not being
forwarded as expected:
Check the CEF data structures and verify that they are in line with the
control plane information.
91
DLS1#show ip cef
Prefix
0.0.0.0/0
0.0.0.0/32
1.1.1.0/24
172.16.10.0/24
172.16.10.0/32
172.16.10.1/32
172.16.10.255/32
172.16.11.0/24
172.16.11.0/32
172.16.11.1/32
172.16.11.255/32
172.16.20.0/24
172.16.21.0/24
172.16.99.0/24
172.16.99.0/32
172.16.99.1/32
172.16.99.255/32
192.168.1.0/30
192.168.1.0/32
192.168.1.1/32
192.168.1.2/32
192.168.1.3/32
192.168.1.4/30
192.168.1.4/32
192.168.1.5/32
192.168.1.6/32
192.168.1.7/32
192.168.1.8/30
224.0.0.0/4
224.0.0.0/24
255.255.255.255/32
DLS1#
Next Hop
no route
receive
192.168.1.5
attached
receive
receive
receive
attached
receive
receive
receive
192.168.1.2
192.168.1.2
attached
receive
receive
receive
attached
receive
receive
192.168.1.2
receive
attached
receive
192.168.1.5
receive
receive
192.168.1.2
drop
receive
receive
Interface
FastEthernet0/1
Vlan10
Vlan10
Vlan10
Vlan10
Vlan11
Vlan11
Vlan11
Vlan11
GigabitEthernet0/1
GigabitEthernet0/1
Vlan99
Vlan99
Vlan99
Vlan99
GigabitEthernet0/1
GigabitEthernet0/1
GigabitEthernet0/1
GigabitEthernet0/1
GigabitEthernet0/1
FastEthernet0/1
FastEthernet0/1
FastEthernet0/1
FastEthernet0/1
FastEthernet0/1
GigabitEthernet0/1
show ip cef:
This command displays the content of the CEF FIB.
The FIB reflects the content of the routing table with all the recursive
lookups already resolved already, and the output interface determined for
each destination prefix.
The FIB also holds additional entries for:
directly connected hosts
the routers own IP addresses
multicast and broadcast addresses
92
DLS1# show adjacency detail

Protocol Interface
IP
Vlan99
IP
GigabitEthernet0/1
IP
FastEthernet0/1
Address
172.16.99.2
0 packets, 0 bytes
epoch 0
sourced in sev-epoch 3
Encap length 14
0000603E24584400055E6D393C0800
ARP
192.168.1.2
0 packets, 0 bytes
epoch 0
Encap length 14
0000902B293019000C85B044190800
ARP
192.168.1.5
0 packets, 0 bytes
epoch 0
Encap length 14
0000024A0A4301000C85B044010800
ARP
show adjacency:
This commandDLS1#
displays the content of the CEF adjacency table.
This table contains the Layer 2 frame information, such as the destination
MAC address.
93
Troubleshooting First-Hop
Redundancy Protocols (FHRP)
94
FHRPs such as HSRP, VRRP, and GLBP all serve the same purpose.
These protocols provide services which are entirely transparent to the hosts:
Redundant default gateway on a subnet
Failover
Load balancing
They do it by:
Electing a single router that controls the virtual IP address
Tracking availability of the active router
Determining if control of the virtual IP address should be handed over to
another router
95
Hello
Hello
Every 3 seconds (default) both the active and the standby router send hello
packets.
If hellos are not received for 10 seconds (the default hold time), the standby
takes on the active role.
This means that for a period of 10 seconds hosts will lose connectivity due to lack
of an active router to forward packets.
If the failure is caused by administrative actions such as a shutdown of an
interface the active HSRP router sends a resign message
Standby router to assume the active role immediately.
96
The10-second hold time does not come into play.
priority value (100 by default) - The router with the higher priority is elected
as the active HSRP router
Tie is broken using the IP address of the contenders.
preempt option Router will take over the active role immediately.
Sends out a coup message, telling the current active router that it will
take over the active role due to its higher priority.
97
Verifying FHRP
98
Useful to know the virtual MAC address used for the standby group
Verifies the correct operation of ARP and the Layer 2 connectivity between
the end host and the active HSRP router.
HSRP is usually not at the root of the problem
Usually the underlying switched network.
Example: A broadcast storm and you notice very frequent HSRP state
changes on the Layer 3 switches that are connected to the affected
VLANs.
99
Look at configs to spot the problem
100
debugstandbyterse
R1 comes up on the segment
Has a higher priority than the current active router
preempt option so it sends out a coup message to take over the active role.
R2 loses its active role, causing it to step back to the role of a non-active, non-standby
HSRP router.
There is no standby router on the segment, R2 moves to the speak state to
announce its eligibility for the standby role.
R2 does not see another (better) candidate for the role of standby router for 10 seconds
and, thus, promotes itself to the standby role.
101
Alternatives to HSRP
Like HSRP, VRRP is a default gateway redundancy method.

RFC 2338
Similar in functionality to HSRP
The virtual router, representing a group of routers, is known as a VRRP
group.
102
Ciscos GLBP (Gateway Load Balancing Protocol) allows automatic

selection and simultaneous use of multiple available gateways without
configuring multiple groups and managing multiple default gateway
configurations.
103
For VRRP and GLBP troubleshooting commands, you have to

simply replace the keyword standby with vrrp or glbp.
104
Understanding and
Troubleshooting Common VTP
Issues (EXTRA)
Both switches are VTP Servers and in the same Domain, but different VLAN
information. Lets see what happens when trunking is enabled between the
switches
VTP Domain = West
VTP Mode = Server
Config Rev = 34
VLANs = 1, 10, 11, 12 , 30
We both have the same

Config Rev number so no
changes
VTP Domain = West

VTP Mode = Server
Config Rev = 34
VLANs = 1, 20, 21, 22
10, 11, 12, 30
We both have the same

Config Rev number so no
changes
When two switches with same Domain Name and same Configuration
Revision Numbers exchange VTP information:
No change
If Switch A adds a new VLAN, VLAN 30, Config Rev is increased by 1.
Switch A will send VTP information to Switch B who will synchronize its
VLAN information with Switch A, losing current local VLANs
106
Example: Using DLS1 (Switch A) and DLS2 (Switch B)

DLS1(config)# inter range fa 0/1 - 24
DLS1(config-if-range)# switchport mode dynamic auto
DLS2(config-if-range)# switchport mode dynamic auto
DLS1# show inter trunk
DLS1#
Note: Because Pod2 2690s and 3560s are incorrectly defaulting to dynamic
desirable they will trunk by default, which we do not want in this example.
This was also done on ALS1 and ALS2 to prevent any trunking.
107
When DLS1 gets a higher Config Rev Number

DLS1# show vlan
VLAN Name
Status
Ports
---- -------------------------------- --------- ------------------------------1
default
active
Fa0/1, Fa0/2, Fa0/3, Fa0/4
Fa0/5, Fa0/6, Fa0/9, Fa0/13
Fa0/14, Fa0/15, Fa0/16, Fa0/17
Fa0/18, Fa0/19, Fa0/20, Fa0/21
Fa0/22, Fa0/23, Fa0/24, Gi0/1
Gi0/2
1002 fddi-default
active
1003 token-ring-default
active
1004 fddinet-default
active
1005 trnet-default
active
Default VLANs
108

DLS1#show vtp status
VTP Version
: 2
Configuration Revision
: 0
Maximum VLANs supported locally : 1005
Number of existing VLANs
: 5
VTP Operating Mode
: Server
VTP Domain Name
:
VTP Pruning Mode
: Disabled
VTP V2 Mode
: Disabled
VTP Traps Generation
: Disabled
MD5 digest
: 0x57 0xCD 0x40 0x65 0x63 0x59 0x47 0xBD
Configuration last modified by 0.0.0.0 at 0-0-00 00:00:00
Local updater ID is 0.0.0.0 (no valid interface found)
DLS1#
Default VTP information:

Configuration Revision Number = 0
Increased by 1 whenever VLAN is added or deleted
VTP Mode = Server
VTP Domain Name = <blank> (null)
109

DLS2# show vlan
VLAN Name
Status
Ports
---- -------------------------------- --------- ------------------------------1
default
active
Fa0/1, Fa0/2, Fa0/3, Fa0/4
<output omitted>
Gi0/1, Gi0/2
1002 fddi-default
active
1003 token-ring-default
active
1004 fddinet-default
active
1005 trnet-default
active
DLS2# show vtp status
VTP Version
Maximum VLANs supported locally
VTP Operating Mode
VTP Domain Name
<output omitted>
Same on DLS2.
:
:
:
:
:
:
2
0
1005
5
Server
110

DLS1(config)# vtp domain West
DLS1(config)# vlan 10
DLS1(config-vlan)# name WestSales
DLS1(config-vlan)# vlan 11
DLS1(config-vlan)# name WestEng
DLS1(config-vlan)# name WestAdmin
VTP Version
VTP Operating Mode
VTP Domain Name
<output omitted>
:
:
:
:
:
:
2
3
1005
8
Server
West
Add VTP Domain Name and configure VLANs

Configuration Revision changed to 3 (one for each VLAN)
Remember, no trunking (yet)
111

DLS1# show vlan
VLAN Name
Status
Ports
---- -------------------------------- --------- ------------------------------1
default
active
Fa0/1, Fa0/2, Fa0/3, Fa0/4
<output omitted>
Gi0/1, Gi0/2
10
WestSales
active
11
WestEng
active
12
WestAdmin
active
Verified.
112

DLS2(config-vlan)# name WestAcct
DLS2(config-vlan)# WestMngt
DLS2(config-vlan)# name WestMngt
DLS2(config-vlan)# name WestManuf
VTP Version
VTP Operating Mode
VTP Domain Name
<output omitted>
:
:
:
:
:
:
2
3
1005
8
Server
West
Now on DLS2: Add VTP Domain Name and configure different VLANs
Configuration Revision changed to 3
Still no trunking
113
DLS2# show vlan

VLAN Name
Status
Ports
---- -------------------------------- --------- ------------------------------1
default
active
Fa0/1, Fa0/2, Fa0/3, Fa0/4
<output omitted>
Gi0/1, Gi0/2
20
WestAcct
active
21
WestMngt
active
22
WestManuf
active
Verified.
114

DLS1(config-if-range)# switchport trunk encap dot1q
DLS1# show inter trunk

Port
Fa0/11
Fa0/12
Mode
on
on
Encapsulation
802.1q
802.1q
Status
trunking
trunking
Native vlan
1
1
Trunking configured between DLS1 and DLS2.

VTP messages can now be sent but no changes because
Configuration Revision numbers are the same.
115

VTP Version
VTP Operating Mode
VTP Domain Name
<output omitted>
:
:
:
:
:
:
2
3
1005
8
Server
West

VTP Version
VTP Operating Mode
VTP Domain Name
<output omitted>
:
:
:
:
:
:
2
3
1005
8
Server
West
Configuration Revision still 3

Number of existing VLANs (known by each switch) still 8
116

DLS1# show vlan
VLAN Name
Status
Ports
---- -------------------------------- --------- ------------------------------1
default
active
Fa0/1, Fa0/2, Fa0/3, Fa0/4
<output omitted>
Fa0/23, Fa0/24, Gi0/1, Gi0/2
10
WestSales
active
11
WestEng
active
12
WestAdmin
active
DLS2# show vlan
VLAN Name
Status
Ports
---- -------------------------------- --------- ------------------------------1
default
active
Fa0/1, Fa0/2, Fa0/3, Fa0/4
<output omitted>
Fa0/23, Fa0/24, Gi0/1, Gi0/2
20
WestAcct
active
21
WestMngt
active
22
WestManuf
active
Verify that there are no DLS2 VLANs on DLS1.

Verify that there are no DLS1 VLANs on DLS2.
117

DLS1(config-vlan)# name Guest
VTP Version
VTP Operating Mode
VTP Domain Name
<output omitted>
:
:
:
:
:
:
2
4
1005
9
Server
West
VLAN 30 added on DLS1.

Configuration Revision increased by 1 to 4.
DLS1 now has the higher Configuration Revision number between the
two servers (the highest in the Domain).
118
DLS1# show vlan

VLAN Name
Status
Ports
---- -------------------------------- --------- ------------------------------1
default
active
Fa0/1, Fa0/2, Fa0/3, Fa0/4
<output omitted>
Fa0/23, Fa0/24, Gi0/1, Gi0/2
10
WestSales
active
11
WestEng
active
12
WestAdmin
active
30
Guest
active
Verified.
119

VTP Version
VTP Operating Mode
VTP Domain Name
<output omitted>
:
:
:
:
:
:
2
4
1005
9
Server
West
DLS2 receives VTP update from DLS1 with higher Configuration

Revision Number.
DLS2 synchronizes its VLAN database with DLS1s information
including Configuration Revision Number and VLAN information.
120

DLS2# show vlan
VLAN Name
Status
Ports
---- -------------------------------- --------- ------------------------------1
default
active
Fa0/1, Fa0/2, Fa0/3, Fa0/4
<output omitted>
Fa0/23, Fa0/24, Gi0/1, Gi0/2
20
WestAcct
active
21
WestMngt
active
Previous VLANS
22
WestManuf
active
DLS2# show vlan
VLAN Name
Status
Ports
---- -------------------------------- --------- ------------------------------1
default
active
Fa0/1, Fa0/2, Fa0/3, Fa0/4
<output omitted>
Fa0/23, Fa0/24, Gi0/1, Gi0/2
10
WestSales
active
Current VLANS
11
WestEng
active
syncd with DLS1
12
WestAdmin
active
30
Guest
active
DLS2 lost previous VLANs 20, 21, and 22.

DLS2s VLAN database overwritten with DLS1s information.
Good news: Both Servers both in sync (identical) so any changes will mean the VLAN
121

DLS2(config)# vlan
DLS2(config-vlan)#
DLS2(config-vlan)#
DLS2(config-vlan)#
DLS2(config-vlan)#
DLS2(config-vlan)#
20
name
vlan
name
vlan
name
WestAcct
21
WestMngt
22
WestManuf

VTP Version
VTP Operating Mode
VTP Domain Name
:
:
:
:
:
:
2
7
1005
12
Server
West
To correct this we need to add the VLANs back to DLS2.

DLS2 will send VTP update to DLS1 so VLAN information will be the
same.
122

DLS2# show vlan
VLAN Name
Status
Ports
---- -------------------------------- --------- ------------------------------1
default
active
Fa0/1, Fa0/2, Fa0/3, Fa0/4
<output omitted>
Fa0/23, Fa0/24, Gi0/1, Gi0/2
10
WestSales
active
11
WestEng
active
12
WestAdmin
active
20
WestAcct
active
21
WestMngt
active
22
WestManuf
active
30
Guest
active
Verified.
123

VTP Version
VTP Operating Mode
VTP Domain Name
<output omittd>
:
:
:
:
:
:
2
7
1005
12
Server
West
DLS1 receives VTP update

and updates VLAN
information including
number.
Domain is still in sync.
DLS1# show vlan

VLAN Name
Status
Ports
---- -------------------------------- --------- ------------------------------1
default
active
Fa0/1, Fa0/2, Fa0/3, Fa0/4
<output omitted>
Fa0/23, Fa0/24, Gi0/1, Gi0/2
10
WestSales
active
11
WestEng
active
12
WestAdmin
active
20
WestAcct
active
21
WestMngt
active
22
WestManuf
active
124
30
Guest
active
What happens when Client/Server enters with

higher Configuration Revision number?
VTP Domain = West
VTP Mode = Server
Config Rev = 10
13
VLANs = 1, 10, 11, 12, 20, 21, 22, 30
VTP Domain = West

VTP Mode = Client (or Server)
Config Rev = 13
VLANs = 1, 20, 21, 22, 30
Both switches are in the same domain.

Switch C can be Client OR Server
Switch C has Higher Configuration Revision number
Even if Switch C is a Client when enters VTP domain it will overwrite
DLS1s VLAN information because it has higher Configuration Revision
number.
125
Client/Server enters with Higher Revision

DLS1(config)# inter fa 0/1
DLS1(config-if)# switchport mode access
DLS1(config-if)# switchport access vlan 10
DLS1(config-if)# exit
DLS1(config)# inter fa 0/2
DLS1(config-if)# switchport mode access
DLS1(config-if)# switchport access vlan 11
DLS1# show vlan
VLAN Name
Status
Ports
---- -------------------------------- --------- ------------------------------1
default
active
Fa0/3, Fa0/4, Fa0/5, Fa0/6
<output omitted>
Gi0/1, Gi0/2
10
WestSales
active
Fa0/1
11
WestEng
active
Fa0/2
12
WestAdmin
active
20
WestAcct
active
21
WestMngt
active
22
WestManuf
active
30
Guest
active
Assign VLANs to interfaces. (no specific reason)
126
DLS1(config)# inter range fa 0/11 -12

DLS1(config-if-range)# shutdown
Shutdown interface so we can modify DLS2 (Switch B)

We will adding the trunk back to simulate a switch being entered into
the network.
127

VTP Version
VTP Operating Mode
VTP Domain Name
<output omitted>
DLS2#show vtp status

VTP Version
VTP Operating Mode
VTP Domain Name
:
:
:
:
:
:
2
10
1005
12
Server
West
:
:
:
:
:
:
2
10
1005
12
Server
West
Right now both switches have same Configuration Revision number,

lets change that.
Note: Configuration Revision numbers not necessarily the same as
previous example due to this was done in a different session.
128

DLS2#show vlan
VLAN Name
Status
Ports
---- -------------------------------- --------- ------------------------------1
default
active
Fa0/1, Fa0/2, Fa0/3, Fa0/4
<output omitted>
Gi0/1, Gi0/2
10
WestSales
active
11
WestEng
active
12
WestAdmin
active
20
WestAcct
active
21
WestMngt
active
22
WestManuf
active
30
Guest
active
We are going to remove these three VLANs on DLS2 so it has different

VLANs and a higher Configuration Revision Number.
Remember, DLS1 has same VLAN information and also has:
Fa0/1 in VLAN 10
129
Fa0/2 in VLAN 11

DLS2(config)# no vlan 10
DLS2(config)# vtp mode client
Setting device to VTP CLIENT mode.
VTP Version
VTP Operating Mode
VTP Domain Name
<output omitted>
:
:
:
:
:
:
2
13
1005
9
Client
West
Three VLANs deleted.

Change VTP mode to Client
Configuration Revision updated from 10 to 13
130
DLS2# show vlan

VLAN Name
Status
Ports
---- -------------------------------- --------- ------------------------------1
default
active
Fa0/1, Fa0/2, Fa0/3, Fa0/4
<output omitted>
Gi0/1, Gi0/2
20
WestAcct
active
21
WestMngt
active
22
WestManuf
active
30
Guest
active
Verify VLANs 10, 11, and 12 were deleted.
131

VTP Version
VTP Operating Mode
VTP Domain Name
<output omitted>
:
:
:
:
:
:
2
10
1005
12
Server
West
DLS1 has a lower Configuration Revision number 10.

DLS2s Configuration Revision number is 13.
132
DLS1(config)# inter range fa 0/11 -12

DLS1(config-if-range)# no shutdown
VTP Version
VTP Operating Mode
VTP Domain Name
<output omitted>
:
:
:
:
:
:
2
13
1005
9
Server
West

VTP Version
VTP Operating Mode
VTP Domain Name
<output omitted>
:
:
:
:
:
:
2
13
1005
9
Client
West
DLS2 (Switch B) is
brought online (no
shutdown on DLS1).
DLS2 (Client) has
higher Configuration
Revision number 13.
DLS1 (Switch A) with
lower revision
number (10) updates
its VLAN information
to be in sync with
DLS2 including its
Configuration
Revision number to
13.
133
VTP Revision Number

DLS1# show vlan
VLAN Name
Status
Ports
---- -------------------------------- --------- ------------------------------1
default
active
Fa0/3, Fa0/4, Fa0/5, Fa0/6
<output omitted>
Gi0/1, Gi0/2
10
WestSales
active
Fa0/1
11
WestEng
active
Fa0/2
12
WestAdmin
active
Previous VLANS
20
WestAcct
active
21
WestMngt
active
22
WestManuf
active
30
Guest
active
DLS1# show vlan
VLAN Name
Status
Ports
---- -------------------------------- --------- ------------------------------1
default
active
Fa0/3, Fa0/4, Fa0/5, Fa0/6
<output omitted>
Gi0/1, Gi0/2
20
WestAcct
active
Current VLANS
21
WestMngt
active
syncd with DLS2
22
WestManuf
active
30
Guest
active
134
Missing VLANs 10, 11, and 12.
Fix it
DLS1(config)# vlan
DLS1(config-vlan)#
DLS1(config-vlan)#
DLS1(config-vlan)#
DLS1(config-vlan)#
DLS1(config-vlan)#
10
name
vlan
name
vlan
name
WestSales
11
WestEng
12
WestAdmin
DLS1# show vlan

VLAN Name
Status
Ports
---- -------------------------------- --------- ------------------------------1
default
active
Fa0/3, Fa0/4, Fa0/5, Fa0/6
<output omitted>
Gi0/1, Gi0/2
10
WestSales
active
Fa0/1
11
WestEng
active
Fa0/2
12
WestAdmin
active
20
WestAcct
active
21
WestMngt
active
22
WestManuf
active
30
Guest
active
To fix it must reconfigure VLANs on DLS1.

Interfaces Fa0/1 and Fa0/2 brought from inactive to active
135
DLS2# show vlan

VLAN Name
Status
Ports
---- -------------------------------- --------- ------------------------------1
default
active
Fa0/1, Fa0/2, Fa0/3, Fa0/4
<output omitted>
Fa0/23, Fa0/24, Gi0/1, Gi0/2
10
WestSales
active
11
WestEng
active
12
WestAdmin
active
20
WestAcct
active
21
WestMngt
active
22
WestManuf
active
30
Guest
active
VTP VLAN configuration not allowed when device is in CLIENT mode.
DLS2(config)#
DLS2 gets VLANS 10, 11, 12 in VTP update from DLS1.

DLS2 is a Client and can no longer delete (or add) VLANs.
136
VTP Domain = West

VTP Mode = Server
Config Rev = 16
VLANs = 1, 10, 11, 12, 20, 21, 22, 30
VTP Domain = West

VTP Mode = Client (or Server)
Config Rev = 16
VLANs = 1, 10, 11, 12, 20, 21, 22, 30

VTP Version
VTP Operating Mode
VTP Domain Name
:
:
:
:
:
:
2
16
1005
12
Server
West

VTP Version
VTP Operating Mode
VTP Domain Name
:
:
:
:
:
:
2
16
1005
12
Client
West
Still in sync!
137
How to make sure switch has Lower Config Rev: VTP Mode
VTP Domain = West
VTP Mode = Server
Config Rev = 10
VLANs = 1, 10, 11, 12, 20, 21, 22, 30
VTP Domain = West

VTP Mode = Client
Transparent
Client
Config Rev = 16
010
VLANs = 11, 10, 11, 12, 20, 21, 22, 30
Not all VTP Messages shown
Setting a switch to Transparent mode reset the configuration to 0.

Then set it back to Client or Server.
DLS2(config)# vtp mode
client
Set the
server
Set the
transparent Set the
DLS2(config)#
?
device to client mode.
device to server mode.
device to transparent mode.
138
How to make sure switch has Lower Config Rev: VTP Domain
VTP Domain = West
VTP Mode = Server
Config Rev = 16
VLANs = 1, 10, 11, 12, 20, 21, 22, 30
VTP Domain = West

West
East
VTP Mode = Client
Config Rev = 16
016
VLANs = 11, 10, 11, 12, 20, 21, 22, 30
Not all VTP Messages shown
Changing the Domain Name on a switch will reset the configuration to 0.

Then set it back to the correct Domain Name.
Changing VTP domain name from East to West
139
CIS 188 CCNP TSHOOT (Troubleshooting)
Ch. 4 Maintaining and Troubleshooting

Campus Switched Networks
Rick Graziani
Cabrillo College

Maintaining and Troubleshooting Campus Switched Networks

Uploaded by

Document Information

Original Description:

Original Title

Copyright

Available Formats

Share this document

Share or Embed Document

Sharing Options

Did you find this document useful?

Is this content inappropriate?

Copyright:

Available Formats

Maintaining and Troubleshooting Campus Switched Networks

Uploaded by

Copyright:

Available Formats

CIS 188 CCNP TSHOOT (Troubleshooting)

Ch. 4 Maintaining and Troubleshooting

Diagnose VLAN, VTP, and trunking problems using the IOS

LAN Switch Operation

A good understanding of the processes involved in Layer 2 switching is

Host A Needs to determine if 10.1.1.2 is on its subnet or another subnet.

LAN Switch Operation

Host A and Host B are on the same subnet

If Host A does not have an ARP cache entry for 10.1.1.2:

Host B receives the ARP request:

Host A receives the ARP reply:

Host B receives the packet

Host A receives the packet

Some possible issues that could cause the communication to fail

Firewall (host or switch)

Verifying Layer 2 Forwarding

A common method to troubleshoot Layer 2 switching problems is to follow

MAC Address Table key data structure

Many possible findings and conclusions :

show interfaces trunk:

show interfaces switchport:

Spanning Tree Protocol (STP)

Spanning Tree Algorithm

Two-key STP Concepts

Cost (Revised IEEE

Cost (Previous IEEE

Five-Step STP Decision Sequence

The following STP slides are for your review of STP.

Elect one Root Bridge

Elect one Root Bridge

Elect Root Ports

Next, each switch determines its Root Port:

Difference b/t Path Cost and Root Path Cost

Root Path Cost

This process continues

This process continues

Elect Root Ports: (Review)

Elect Root Ports

Elect Root Ports

Five-Step decision Sequence

Core switch has two equal Root Path Costs to the

Dist 1 switch has a lower Sender BID than Dist 2.

Core chooses the Root Port of G 0/1.

Elect Designated Ports

A Designated Port is elected for every segment.

Segment between Distribution 1 and Access

Five-Step decision Sequence

What is my best path

After this process is finished

Core# show spanning-tree

32769 (priority 32768 sys-id-ext 1)

show spanning-tree detail

Core# show spanning-tree detail

Five-Step decision Sequence

Assume path cost and port priorities

Five-Step decision Sequence

STP Convergence: Summary

STP Port States

Administratively shutdown; Not an STP port state

Forward delay 15 sec

Port initializes; receives BPDUs only

Receive and send