Chapter 6 - Aggregating Switch Links - Notes

Etherchannel bundles can have up to 8 ports - same Ethernet type. Only similarly configured links can be bundles into an Etherchannel link and should belong to the same VLAN.

If the Etherchannel link will be used as a trunk, the bundled ports must be configured to trunk with the same native VLAN and the same allowed VLAN configuration on each.

Speed and duplex should be configured identical on all ports in the link and spanning tree should be the same.

• Distributing traffic across the Etherchannel links:
• Exclusive-OR (XOR) on last two bits (assuming a four port Etherchannel) thats 2 to the power of X where X = number of ports. E.g. 8 port Etherchannel, X = 3.
• EtherChannel Load balancing methods:
• src-ip
• dst-ip
• src-dst-ip
• src-mac
• dst-mac
• src-dst-mac
• src-port
• dst-port
• src-dst-port

The default EtherChannel load balancing option is destination IP address but the default for Catalyst 2970 & 3560 is src-mac for layer 2 switching. src-dest-up is always used with Layer 3 switching and can't be changed (based on my research, I need to confirm this in lab later this week - Comments welcome on this one!).


PAgP - Port Aggregation Protocol ( Cisco Proprietary)
LACP - Link Aggregation Control Protocol (Open Standards Based)

Configuring PAgP Etherchannel Examples:

interface fa0/1
channel-protocol pagp
channel-group 1 mode desirable



port-channel load-balance src-dst-port
interface range gig 3/1 - 4
channel protocol pagep
channel-group 2 mode desirable non-silent


LACP Etherchannel configuration:

lacp system-priority 100 (the switch with lower priority makes decisions on the Etherchannel makeup)
interface gig 3/2
channel-protocol lacp
channel-gorup 22 mode on
lacp port-priority 1 (default is 32,768 and possible ranges are 1 - 65,535)

Things to look out for with EtherChannel problems:

• Ensure both ends of a channel are set to on mode if you notice no channel is being initiated
• If both ends are desirable (PAgP) or active (LACP) the depend on the far end of the link to attempt bringing the channel up - which of course means neither will bring up the channel.


show etherchannel summary
show etherchannel port


Chapter 5 - VLAN Trunking Protocol - Notes

VTP Domains - managment domain. An area with common VLAN requirements.


VTP Modes

• Server Mode - Can update VLANs, propogates VLANs throughout VTP domain.

• Client Mode - Listen to VTP advertisments, update themselves, forward the advertisements. You cannot create, change or delete VLANs here for the VTP domain.

• Transparent Mode - Do not participate in VTP. Does not advertise its VLAN aconfiguration & does not syncronize its VLAN database with received advertisements. In VTP V1, it will relay VTP information only if VTP domain name and version numbers match. In VTP V2 relays everything.

VLAN Advertisements

• Switches advertise VLANs 1 to 1005 only.
• Revision numbers are advertised.
• VTP advertisements are multicast.

Famous VLAN synchronization issue - ALWAYS check revision number and take necessary steps before bringing a new switch online in a VTP domain.

• Summary Adverisetments

• Servers send every 300 seconds and every time VLAN database is changed. Includes the following:
• VTP Version
• Management domain info
• Domain name
• Revision number
• Time stamp
• MD5 Hash
• Number of subset advertisements to follow

• Subset Advertisements
• List specific changes
• Creating, deletion, changes to VLANs
• MTU changes
• Security Association Identifier (SAID).

Advertisements requests (from VTP clients) - request VLAN information that it doesn't have yet.

Useful VTP commands/configs:

show vtp status
show vtp counters

vtp mode {server | client | transparent}
vtp password MyPasswordHere

vtp domain mydomain
vtp mode server
vtp password my password




Useful VTP Pruning Commands:

vtp pruning
interface fa0/2
switchport trunk pruning vlan {{{add | except | remove} vlan-list} none}
show inteface fa0/1 pruning



Chapter 4 - VLANs and Trunks - Notes

I'm surprised that I've gone this far into the book and its still stuff that I've seen before (and in more detail than this book). Anyway, here's some rough notes for chapter four for reference.

VLAN's 1, 1002-1005 are used for specific purposes e.g. default vlan, Token Ring, FDDI etc.

VLANs

• Static VLANs
• Port Based Membership

vlan 2
name shane
vlan 3
name killian
vlan 100
name test

interface fa0/1
switchport
switchport mode access
switchport access vlan 100

show vlan

• Dynamic VLANs
• Based on mac address of end user device.
• Network management tools (Cisco Works)
• More administrative overhead.

• End-to-End VLANs
• These VLANs span across the entire campus network and include the core.
• Local VLANs
• These VLANs are usually one switch / closet or geographical location and do NOT span into the core. 

VLAN Trunks

• VLAN Frames

• 802.1Q Frame - address 4 byte inside original frame after source address.
• ISL Frame - address 26 byte header and 4 byte CRC (trailer). Also known as "double tagging.

Dynamic Trunking Protocol
Can be configured the negotiate trunking protocol between switches. If both switches support ISL, this protocol is preferred. "Negotiate" is default.


Trunk Configuration Example



interface fa0/2
switchport
switchport trunk encapsulation dot1q
switchport trunk native vlan 100
switchport trunk allowd vlan all
switchport mode trunk



Trunk - Static trunk configuration.
Dynamic Desirble (default) - asks far end to bring up a trunk.
Dynamic Auto - Port can be converted to trunk link. Far end switch MUST request.

DTP frames are sent out every 30 seconds in all modes.
Best practice is to configure DTP mode manually on critical network links.
Disable DTP on links to routers and firewalls.

Determine trunk status:
show interface fa0/0 trunk
 

Chapter 3 - Switch Port Configuration - Notes

Short notes on Chapter 3.
I didn't notice, I ran my previous notes from Chapter 2 into Chapter 3.

Again, nothing new here, just basic switch port configuration commands.


GBIC - Gigabit Interface Converter.
SFP - Small form factor pluggable module.
SC Fibre Optic Connector



Fibre based connectors ALWAYS have the receive fiber on teh left connector and the transmit fiber on the right connector (if you are standing in front of and facing the connectors). Don't look directly into connectors! :-D #FAIL

Useful Links:
Packetlife.net Physical Terminations Cheat Sheet (PDF)

Switch Operation - Mind Map

I've been messing about with open source mind mapping software, FreeMind and so far I think its pretty good. I'm new to the whole mind mapping thing so I created a small mind map for the switch operation topics in chapter two of the SWITCH Official Certification Guide.

Download here , I've included a PDF version and the original file for modification.
If anyone can improve on this, please do!

Chapter 2 - Switch Operation - Notes

Just some quick notes on Chapter 1 covering Layer 2 switching and basic switch commands. Mostly CCNA level stuff, nothing special here!

Before switches, the common standard to connect devices to a LAN was to use a hub.
Using a hub means that all devices use shared bandwidth and are in a shared collision domain. With hubs, all traffic is sent to all devices which wastes bandwidth.

A switch can fix the above problems be segregating the collision domain. Devices connected to a switch send traffic direct to the receiver. The switch manages this by using the CAM table.

Key differences between switches and hubs:

• Switches are layer 2 devices whereas, hubs are layer 1 devices.
• Switches switch Ethernet frames.
• Switches keep a table of all MAC addresses received on each port including the VLAN associated.
• Each device connected to a switch can send at full duplex, there are no collisions assuming there is one device per switchport.

If a switch receives a frame with an unknown unicast destination address (a mac address not found in the CAM table), the switch will flood the frame out all ports except the port on which is received the frame.

• Ethernet 10Mbps - IEEE 802.3 standard.
• Shared medium - both collision and broadcast domain.
• Users transmit at the same time = collision.
• Half-Duplex operation

•  Fast Ethernet 100Mbps - IEEE 802.3u Standard.
• Uses CSMA/CD - Carrier sense multiple access with collision detection.
• Access and Distribution Layer switches.
• Most commonly used to connect end user workstation to access switch.
• Full-Duplex operation - send and receive simultaneously.
• 100Mbps each way - 200Mbps total throughput.
• Backward compatible to 802.3 10Mbps.

• Gigabit Ethernet 1000Mbps/1Gbps - IEEE 802.3z Standard and 802.3ab (Gigabit over Copper)
• Frame format preserved.
• Supports several cabling standards (see page 46 cert guide).
• Fallback 10/100/1000 where available on device.
• Gigabit Ethernet port duplex ALWAYS FULL on Cisco switches (autonegotiation not possible!).

• 10 Gigabit Ethernet - IEEE 802.3ae Standard.
• Operates ONLY full duplex.
• Physical media dependant ineterfaces (PMD)
• LAN PHY - Core Layer, connects switches in campus design.
• WAN PHY - Interfaces with existing SONET, SDH typically in MAN's.
• 10-Gigabit Ethernet Transceiver Modules Compatibility Matrix

Switch Port configuration commands:

interface fa0/1
interface range fa0/1, fa0/5
interface range fa0/1-5


description
speed {10 | 100 | 1000 | auto}
duplex {auto | full | half}

errdisable detect cause {all | cause-name}
errdisable recovery cause {all | cause-name}
errdiable recovery interval {seconds}

shutdown
no shutdown
show interface
show interface status
show interface status err-disabled



Switchport Error Conditions:

• All - All causes
• arp-inspection - Errors with dynamic ARP inspection
• bdpu guard - Detects when spanning tree BPDU is received on a port configured with PortFast
• channel misconfig - Errors with etherchannel bundle
• dhcp-rate-limit - Errors with DHCP snooping
• dtp-flap - Trunking encapsulation changing from one form to another.
• gbic-invalid - There is an invalid GBIC or SFP module
• ilpower - Problems with inline Power
• l2ptguard - Errors with Layer 2 protocol tunneling
• link-flap - Port flapping up and down
• loopback - interface has been looped back
• pagp-flap - Etherchannel bundle ports don't have consistent config
• psecure-violation - Detects conditions that trigger port security on port
• rootguard - Detects when STP BPDU received from Root Bridge on unexpected port
• security violation - Errors in relation to port security
• storm-control - Storm control threshold has been exceeded
• udld - Detects unidirectional link.
• unicast-flood - Detects if unicast flood is being blocked
• vmps - Errors regarding dynamic port VLAN assignment.

CCNP SWITCH Exam Blueprint - Study Plan

I've been going through the SWITCH exam blueprint while waiting for some new books to arrive. I learned the hard way that not paying attention to exam blueprints can cost you time, money and a whole lot of study that doesn't make sense.

From next Tuesday I will be eating, sleeping, reading and writing switch exam topics until I pass.

Here's a breakdown of the SWITCH Blueprint

• Implement VLAN based solution, given a network design and a set of requirements.
• Determine network resources needed for implementing a VLAN based solution on a network
• Create a VLAN based implementation plan
• Create a VLAN based verification plan
• Configure switch-to-switch connectivity for the VLAN based solution
• Configure loop prevention for the VLAN based solution
• Configure Access Ports for the VLAN based solution
• Verify the VLAN based solution was implemented properly using show and debug commands
• Document results of VLAN implementation and verification

Study breakdown:
Read chapters 2-12 of Official Certification Guide noting all questions.
Take not of commands and understand technologies by implementing them on live equipment.
Reread chapters 2-12 while answering original questions noted.
Read PacketLife.com VLAN cheatsheet on a regular basis.

• Implement a Security Extension of a Layer 2 solution, given a network design and a set of requirements.

• Determine network resources needed for implementing a Security solution
• Create a implementation plan for the Security solution
• Create a verification plan for the Security solution
• Configure port security features
• Configure general switch security features
• Configure private VLANs Configure VACL and PACL
• Verify the Security based solution was implemented properly using show and debug commands
• Document results of Security implementation and verification 

Study Breakdown:
Read chapters 16-17 of Official Certification Guide noting all questions.
Take not of commands and understand technologies by implementing them on live equipment.
Reread chapters 2-12 while answering original questions noted.
Google as many of the topics as possible, read Wiki articles on each, forum posts at CLN.
Read RFC 5517 "Cisco Systems' Private VLANs: Scalable Security in a Multi-Client Environment".

•  Implement Switch based Layer 3 services, given a network design and a set of requirements
• Determine network resources needed for implementing a Switch based Layer 3 solution
• Create an implementation plan for the Switch based Layer 3 solution
• Create a verification plan for the Switch based Layer 3 solution
• Configure routing interfaces Configure Layer 3 Security
• Verify the Switch based Layer 3 solution was implemented properly using show and debug commands
• Document results of Switch based Layer 3 implementation and verification

Study Breakdown:
Read chapter 11 of Official Certification Guide noting all quesitons.
Take not of commands and understand technologies by implementing them on live equipment.
Reread chapters 11 while answering original questions noted.
Source Layer 3 switching (Cisco) documentation and read to build on answers to questions.

• Prepare infrastructure to support advanced services
• Implement a Wireless Extension of a Layer 2 solution
• Implement a VoIP support solution
• Implement video support solution

Study Breakdown: 
Read chapters 14 -15 of Official Certification Guide nothing all questions.
Take not of commands and understand technologies by implementing them on live equipment where possible.
Reread chapters 14-15 answering original questions.
Use Cisco docs to build on understanding of Voice/Video infrastructure requirements.

• Implement High Availability, given a network design and a set of requirements
• Determine network resources needed for implementing High Availability on a network
• Create a High Availability implementation plan
• Create a High Availability verification plan
• Implement first hop redundancy protocols
• Implement switch supervisor redundancy
• Verify High Availability solution was implemented properly using show and debug commands
• Document results of High Availability implementation and verification

Study Breakdown: 

Read chapters 12-13 of Official Certification Guide nothing all questions.

Take not of commands and understand technologies by implementing them on live equipment where relevant.
Reread chapters 12-13 answering original questions.
Read Cisco docs on technologies/protocols mentioned.



After going through all of the above I'll review the "SWITCH Quick Reference Guide" repeatedly, dealing with any technologies I have questions on. I'll also lab technologies daily using "mini" technology labs on home lab / rack rentals.


Hopefully the above is enough to pass the exam within one month. After having a scan through the material I feel pretty comfortable with everything and have seen 90% of the technologies in detail already. I definitely feel this is going to be easier than ROUTE but enjoyable :-)