This site is about layered tcp ip networks. You will not only learn tcp utp protocol, LAN WAN architects, as well as ssh, ssl, ipsec, vlan, vpn, ip routing etc, you will also expect to hands on hub, switch, router, ethernet cable and serial WAN cable.
EtherChannel is a port link aggregation technology or port-channel architecture used primarily on Cisco switches. It allows grouping of several physical Ethernet links to create one logical Ethernet link for the purpose of providing fault-tolerance and high-speed links between switches, routers and servers. An EtherChannel can be created from between two and eight active Fast, Gigabit or 10-Gigabit Ethernet ports, with an additional one to eight inactive (failover) ports which become active as the other active ports fail. EtherChannel is primarily used in the backbone network, but can also be used to connect end user machines.
Using an EtherChannel has many advantages
Larger bandwidth. By using the maximum of 8 active ports, a total bandwidth is increased 8 fold comparing to a single port.
Scalable. Because EtherChannel takes advantage of existing wiring it makes it very scalable. It can be used at all levels of the network to create higher bandwidth links as the traffic needs of the network increase. All Cisco switches have the ability to support EtherChannel.
transparent to network applications. When an EtherChannel is configured, all adapters that are part of the channel share the same Layer 2 (MAC) address. This makes the EtherChannel transparent to network applications and users because they only see the one logical connection; they have no knowledge of the individual links.
Fault-tolerance. Should a link fail, the EtherChannel technology will automatically redistribute traffic across the remaining links. This automatic recovery takes less than one second and is transparent to network applications and the end user. This makes it very resilient and desirable for mission-critical applications.
Spanning tree protocol (STP) can be used with an EtherChannel. STP treats all the links as a single one and BPDUs are only sent down one of the links.
EtherChannels can be also configured as VLAN trunks. If any single link of an EtherChannel is configured as a VLAN trunk, the entire EtherChannel will act as a VLAN trunk.
EtherChannel is made up of the following key elements:
Ethernet links — EtherChannel works over links defined by the IEEE 802.3 standard, including all sub-standards. All links in a single EtherChannel must be the same speed.
Compatible hardware — the entire line of Cisco Catalyst switches as well as Cisco IOS software-based routers support EtherChannel. Multiple EtherChannels per device are supported (Catalyst 6500 and 6000 switches support a maximum of 64 EtherChannels).
Configuration — an EtherChannel must be configured using the Cisco IOS on switches and router, and using specific drivers when connecting a server. There are two main ways an EtherChannel can be set up. The first is by manually issuing a command on each port of the device that is part of the EtherChannel. This must be done for the corresponding ports on both sides of the EtherChannel. The second way is using Cisco Port Aggregation Protocol (PAgP) for the automated aggregation of Ethernet ports.
EtherChannel vs. 802.3ad
EtherChannel and IEEE 802.3ad standards are very similar and accomplish the same goal. There are a few differences between the two, other than the fact that EtherChannel is Cisco proprietary and 802.3ad is an open standard, listed below:
Both technologies are capable of automatically configuring this logical link. EtherChannel supports both LACP and Cisco's PAgP, whereas 802.3ad uses LACP.
LACP allows for up to 8 active and 8 standby links, whereas PAgP only allows for 8 active links.
So far we have been exposed to "Router on a Stick" configuration twice. One is the second video in CCENT Virtual LANs, another time is in CCNA VLANs and Trunking.
Router-on-a-stick is a term frequently used to describe a setup up that consists of a router and switch connected using one Ethernet link configured as an 802.1q trunk link.
router on a stick
As the picture shows, a router is used to allow inter-VLAN communication. There is only a single cable connecting the switch and the router, so the router is sitting on a stick (instead of 2 sticks).
the switch config involves:
configuring the VLANs
configure a port as trunk mode in order to connect to router
In last section VLANs and trunking, we have talked about access link and trunk link, here is a recap:
trunk link - frames entering trunk link will be sent with VLAN tag.
access link - frames entering access link will be sent untagged.
The switch ports of a trunk link are trunk ports, the switch ports of the access link are access ports.
A frame received on an access port (i.e., sent from a host) is not VLAN tagged. It is the switch that tags the frame (with the VLAN number that is assigned to the receiving access port). If it needs to send that frame out on the trunk port. If the frame is destined for another access port, the frame is not tagged.
If a frame comes in on a trunk port it should already be tagged with a VLAN number (unless it is in the native VLAN which is not tagged). The switch then strips the VLAN tag and sends it out on the appropriate access port (or ports if broadcast) to its destination.
Depends on the model, the switch port is by default dynamic auto.
we can change the switch port mode to trunk to allows all vlans(pretagged) traffic to flow to and from it. It is most common to use 802.1q as vlan tagging method.
int fa0/0 switchport mode trunk switchport trunk encapsulation dot1q
We can also change the switch port mode to access then assign a VLAN ID to this port.
int f0/1 switchport mode access switchport access vlan 10
Here is an cisco lab configuring both access port and trunk port.
When a new switch port joins STP network, it starts at blocking state, stays as blocking for 20 seconds, then transition to listening state, stay there for 15 seconds, then transition to learning state, stay there for 15 seconds, finally transition to forwarding state and start to forwarding frame.
Portfast is a cisco preparatory feature which allows a port participating STP to skip the first 3 states, namely blocking, listen, learning, and directly go to forwarding state. This allow the port start to work 50 seconds earlier than usual, thus the name portfast.
You can use PortFast to connect a single end station or a switch port to a switch port. If you enable PortFast on a port that is connected to another Layer 2 device, such as a switch, you might create network loops.
The cisco commands for enable portfast on a switch port is as the follows.
Console> (enable) set spantree portfast 4/1 enable
Warning:Connecting Layer 2 devices to a fast start port can cause
temporary spanning tree loops. Use with caution.
Spantree port 4/1 fast start enabled.
Console> (enable) show spantree 4/1
Port Vlan Port-State Cost Priority Fast-Start Group-method
There are other portfast command variations, such as enable/disable them in a bulk or set portfast globally, these variations can be retrieved from cisco command line help.
In a large LAN, topology changes can happen such as a new switch port is brought up or down. When a switch port transitions directly from inactive to active, temporary data loops can be created. Therefore STP introduced timers -- ports must wait for new topology information to spread through out the LAN before frames can be forwarded. Switches must also allow the frame lifetime to expire for frames that have been forwarded using the old topology.
There are 3 STP timers:
hello—The hello time is the time interval before a port sends another BPDUs. This time is equal to 2 seconds by default, but can be tuned from 1 to 10 sec.
forward delay—The forward delay is the time that is spent in the listening and learning state. This time ranges from 4 to 30 sec, is equal to 15 sec by default.
max age—The max age timer controls the maximum length of time that passes before a bridge port saves its configuration BPDU information. This time ranges from 6 to 40 sec, is 20 sec by default.
Each configuration BPDU contains these three parameters. In addition, each BPDU configuration contains another time-related parameter that is known as the message age. The message age is not a fixed value. The message age contains the length of time that has passed since the root bridge initially originated the BPDU. The root bridge sends all its BPDUs with a message age value of 0, and all subsequent switches add 1 to this value. Effectively, this value contains the information on how far you are from the root bridge when you receive a BPDU.
Port States
Each port on a switch using STP is in one of the five states:
Blocking: when a witch running STP is powered on, all ports are in blocking state after initialization. These ports will not send or receive any message across the network segment, but will listen to STP BPDU messages from other switches in the STP network. The ports remain in blocking state for 20 seconds, then transition to the listening state.
Listening: in this state, the port is listening BPDUs and STP uses it to determine which port should participate in frame forwarding and which ports should not, thus determined the network topology. While in the listening state, the port is not forwarding frames. The port stays in listening state for 15 seconds, then transition to the learning state.
Learning: the port continue studying BPDUs -- adding MAC addresses of learned LAN hosts to its MAC address table. In this state, the port is still not forwarding frames. The learning state lasts for 15 seconds before transitioning into the forwarding state.
Forwarding: so far 50 seconds has passed since the switch port is brought up, now the port finally reaches the end goal: frame forwarding. The port is sending and receiving data across the network segment as normal. After the network converges, not all ports are in forwarding state, those ports not selected for frame forwarding return back to blocking state. A port in forwarding state forwards frames directly received from the attached network segment, forwards frames switched from another port for forwarding, continue to update the MAC table about the LAN hosts, receives and processes BPDUs, receives and responds to network management messages such as disabling the port.
Disabled: A switch didn't enter or exit this state automatically, a network administrator has to manually disable the port. This could happen anytime regardless of the the switches state. A disabled port is out of picture from the STP's point of view, it does not participate in frame forwarding or the operation of STP.
In this tutorial, we will learn how to configure a router as DHCP server.
The project setup includes one 2621XM Routers, one 2650-24 Switch and 3 Generic End Devices.
Router’s interface fa0/0 are connected with Switch’s interface fa0/1 via a Copper Straight Through cable. The switch is connected with the PCs via Copper Straight Through cables. The ip address of the router's FastEthernet0/0 (fa0/0 in short) interface will be configured as 192.168.10.1 with subnet mask 255.255.255.0.
DHCP
For this lab, you will enable the DHCP server for the 192.168.10.0/24 interface using a pool of addresses from 192.168.10.11 through 192.168.10.254 (by excluding addresses range from 192.168.10.1 through 192.168.10.10 from the pool). This router (with address 192.168.10.1/24) will be advertised as the default gateway to the clients.
We have walked through the dhcp configuration commands in tutorial 2 - dhcp, here I will explain the key steps.
To define the DHCP address pool, we need to firstly name it. we use the following command under global configuration mode:
R1(config)#ip dhcp pool POOLNAME
In our lab, the following command names the dhcp pool as "IP10", it also brings router to the dhcp configuration mode:
R1(config)#ip dhcp pool IP10
The IP address that the DHCP server assigns are drawn from a common pool that you configure by specifying a range of usable IP addresses. The range of the usable IP addresses is specified by firstly assign a chunk of addresses to the pool with command "net NETADDRESS NETMASK", then exclude some ip addresses from the pool with command "ip dhcp excluded-addressSTARTADDRESS ENDADRESS". Note that the address range that you specify must also be in the subnet as the IP address of the LAN interface (in our lab, the subnet is 192.168.10.0/24, where the FastEthernet 0/0 interface belongs to).
To set the IP addresses to be used by the address pool, use the following command under dhcp configuration mode:
R1(dhcp-config)#network NETADDRESS NETMASK
In this lab, the following command assigned all the 254 addresses of subnet 192.168.10.0/24 to the pool.
R1(dhcp-config)#net 192.168.10.0 255.255.255.0
To configurer the ip addresses to be excluded from the pool, use the following command under dhcp configuration mode:
In our lab, we excluded the addresses range from 192.168.10.1 through 192.168.10.10 from the dhcp pool:
R1(config)#ip dhcp exc 192.168.10.1 192.168.10.10
Optionally, we can also assign a default gateway to the clients. To provide the default gateway IP address, use the following command under dhcp configuration mode:
R1(dhcp-config)#default-router IPADDRESS
For example, the following command set 192.168.10.1 as the default gateway:
R1(dhcp-config)#default 192.168.10.1
Optionally, we can also assign dns servers to the clients. To provide a dns server's IP address, use the following command under dhcp configuration mode:
R1(dhcp-config)#dns-server IPADDRESS
In our lab, we set the dns-server address to 192.168.10.1:
R1(dhcp-config)#dns-server 192.168.10.1
On some cisco routers, you need to turn on the dhcp service with command:
R1(config)#service dhcp
To debug DHCP, use command:
R1(config)#debug ip dhcp server
To see if an address in the DHCP pool is already in use by another device, use command:
R1(config)#show ip dhcp conflict
To display address bindings on the cisco dhcp server, use command:
R1(config)#show ip dhcp binding
————————–the following is the CLI for this lab, some commands are slightly different from this video tutorial——————————
System Bootstrap, Version 12.1(3r)T2, RELEASE SOFTWARE (fc1)
Copyright (c) 2000 by cisco Systems, Inc.
cisco 2621 (MPC860) processor (revision 0x200) with 60416K/5120K bytes of memory
Self decompressing the image :
########################################################################## [OK]
Restricted Rights Legend
Use, duplication, or disclosure by the Government is
subject to restrictions as set forth in subparagraph
(c) of the Commercial Computer Software - Restricted
Rights clause at FAR sec. 52.227-19 and subparagraph
(c) (1) (ii) of the Rights in Technical Data and Computer
Software clause at DFARS sec. 252.227-7013.
cisco Systems, Inc.
170 West Tasman Drive
San Jose, California 95134-1706
Cisco Internetwork Operating System Software
IOS (tm) C2600 Software (C2600-I-M), Version 12.2(28), RELEASE SOFTWARE (fc5)
Technical Support: http://www.cisco.com/techsupport
Copyright (c) 1986-2005 by cisco Systems, Inc.
Compiled Wed 27-Apr-04 19:01 by miwang
cisco 2621 (MPC860) processor (revision 0x200) with 60416K/5120K bytes of memory
.
Processor board ID JAD05190MTZ (4292891495)
M860 processor: part number 0, mask 49
Bridging software.
X.25 software, Version 3.0.0.
2 FastEthernet/IEEE 802.3 interface(s)
32K bytes of non-volatile configuration memory.
16384K bytes of processor board System flash (Read/Write)
--- System Configuration Dialog ---
Continue with configuration dialog? [yes/no]: n
Press RETURN to get started!
Router>enable
Router#config terminal
Enter configuration commands, one per line. End with CNTL/Z.
Router(config)#hostname R1 side note: step 1, configure interface fa0/0.
R1(config)#interface FastEthernet0/0
R1(config-if)#ip address 192.168.10.1 255.255.255.0
R1(config-if)#no shutdown
%LINK-5-CHANGED: Interface FastEthernet0/0, changed state to up
%LINEPROTO-5-UPDOWN: Line protocol on Interface FastEthernet0/0, changed state to up
side note: "no shutdown" brings up the fa0/0 interface, the red dots on the link between router and switch changed to green after about 30 seconds.
R1(config-if)#exit
side note: step 2, create a dhcp pool under global configuration mode.
R1(config)#ip dhcp ?
excluded-address Prevent DHCP from assigning certain addresses
pool Configure DHCP address pools
R1(config)#ip dhcp pool IP10
side note: step 3, configure the dhcp pool's range, default gateway, dns server under dhcp configuration mode.
R1(dhcp-config)#?
default-router Default routers
dns-server Set name server
exit Exit from DHCP pool configuration mode
network Network number and mask
no Negate a command or set its defaults
R1(dhcp-config)#network 192.168.10.1 255.255.255.0
R1(dhcp-config)#default-router 192.168.10.1
R1(dhcp-config)#dns-server 192.168.10.1
R1(dhcp-config)#exit
side note: step 4, configure excluded ip addresses from the dhcp pool.
R1(config)#ip dhcp excluded-address 192.168.10.1 192.168.10.10
R1(config)#exit
%SYS-5-CONFIG_I: Configured from console by console
side note: step 5, now check the running configurations and save them.
R1#show running-config
Building configuration...
Current configuration : 484 bytes
!
version 12.2
no service password-encryption
!
hostname R1
!
!
!
!
!
ip ssh version 1
!
!
interface FastEthernet0/0
ip address 192.168.10.1 255.255.255.0
duplex auto
speed auto
!
interface FastEthernet0/1
no ip address
duplex auto
speed auto
shutdown
!
ip classless
!
!
! ip dhcp excluded-address 192.168.10.1 192.168.10.10 ! ip dhcp pool IP10 network 192.168.10.0 255.255.255.0 default-router 192.168.10.1 dns-server 192.168.10.1
!
line con 0
line vty 0 4
login
!
!
end
R1#copy running-config startup-config
Destination filename [startup-config]?
Building configuration...
[OK]
side note: step 6, check what ip addresses have been assigned to the clients. Since no client requires ip address at this point, we got an empty table.
R1#show ip dhcp binding
IP address Client-ID/ Lease expiration Type
Hardware address side note: step 7, Now open the command line window in client PC0, make sure it has no ip address assigned to it with command "ipconfig /all". Require a new ip address for PC0 with command "ipconfig /renew".
Desktop commands
side note: step 8, Go back to the router's CLI, issue command "show ip dhcp binding" again. Note that the ip address 192.168.10.11 has been associated to PC0's MAC address 00E0.B027.2B35.
R1#show ip dhcp binding
IP address Client-ID/ Lease expiration Type
Hardware address
192.168.10.11 00E0.B027.2B35 -- Automatic
R1#
Router A’s interface serial0/0 are connected with Router B’s interface serial0/0 via a serial DCE cable (don’t forget to set clock rate for both Routers). Router A have a loopback interface 0, which can be created with command:
RouterA#config terminal
RouterA(config)#int loopback 0
In project 2, we will configure NAT overload/PAT on a Router. The project2's setup is the same as project1, except we have 2 loopback interface loopback0 and loopback1.
Configure static NAT:
To specify the global interface, go to the interface configuration mode and issue command,
RouterA(config-if)#ip nat outside
To specify the local interface, go to the interface configuration mode and issue command,
RouterA(config-if)#ip nat inside
To establish static translation between an inside local address and an inside global address, issue command,
