Pete's Packet

Limitless

  • Catagories

  • Global visitors

    free counters

  • RSS CCIE Jobs – Metro NY area

Archive for the ‘CATALYST’ Category

« Previous Entries

How to enable EIGRP and OSPF for NSF (non stop forwarding) on the Cisco Catalyst 6500 Virtual Switching System 1440

Posted by Peter Kurdziel on January 17, 2012


Non Stop Forwarding

Catalyst 6500 series switches support fault resistance, because it allows a redundant supervisor engine to take over if the primary supervisor engine fails. Cisco Non Stop Forwarding (NSF) works with Stateful SwitchOver (SSO) in order to minimize the amount of time a network is unavailable to its users after a switchover while IP packets continue to be forwarded.

Recommendations

  • Non Stop Forwarding is required for supervisor switchover convergence at sub-second time.

  • Use default Hello and Dead timers for EIGRP / OSPF protocols when you run in a VSS environment.

  • If you run the system with modular Cisco IOS software, it is recommended to go for larger value OSPF Dead timer.

EIGRP

Switch(config)# <b>router eigrp 100</b>
Switch(config-router)# <b>nsf</b>
Switch# <b>show ip protocols</b><br />*** IP Routing is NSF aware ***<br /><br />Routing Protocol is "eigrp 100"<br /><i><font color="#0000ff">!--- part of the output truncated</font><br /></i><b>EIGRP NSF-aware</b> route hold timer is 240s<br /><i><font color="#0000ff">!--- indicates that EIGRP is configured to be NSF aware</font><br /></i><i><font color="#0000ff">!--- part of the output truncated</font><br /></i><br /><b>EIGRP NSF enabled</b><br /><i><font color="#0000ff">!--- indicates that EIGRP is configured to be NSF capable</font><br /></i><i><font color="#0000ff">!--- rest of the output truncated</font><br /></i>

OSPF

Switch(config)# <b>router ospf 100</b><br />Switch(config-router)# <b>nsf</b>
Switch# <b>show ip ospf</b><br />Routing Process "ospf 100" with ID 10.120.250.4<br />Start time: 00:01:37:484, Time elapsed: 3w2d<br /><i><font color="#0000ff">!--- part of the output truncated</font><br /></i><b>Supports Link-local Signalling (LLS)</b><br /><i><font color="#0000ff">!--- indicates that OSPF is configured to be NSF aware</font><br /></i><i><font color="#0000ff">!--- part of the output truncated</font><br /></i><b>Non-Stop Forwarding enabled, last NSF restart 3w2d ago (took 31 secs)</b><br /><i><font color="#0000ff">!--- indicates that OSPF is configured to be NSF capable</font><br /></i><i><font color="#0000ff">!--- rest of the output truncated</font><br /></i><br />

Posted in CATALYST | Leave a Comment »

Autonegotiation Valid Configuration

Posted by Peter Kurdziel on January 17, 2010

There is a lot of confusion about auto negotiation. Here is a chart that will help bring things into perspective.

Autonegotiation Valid Configuration



Configuration NIC (Speed/Duplex)

Configuration Switch (Speed/Duplex)

Resulting NIC Speed/Duplex

Resulting Catalyst Speed/Duplex

Comments

AUTO

AUTO

1000 Mbps, Full-duplex

1000 Mbps, Full-duplex

Assuming maximum capability of Catalyst switch, and NIC is 1000
Mbps, full-duplex.

1000 Mbps, Full-duplex

AUTO

1000 Mbps, Full-duplex

1000 Mbps, Full-duplex

Link is established, but the switch does not see any
autonegotiation information from NIC. Since Catalyst switches support only
full-duplex operation with 1000 Mbps, they default to full-duplex, and this
happens only when operating at 1000 Mbps.

AUTO

1000 Mbps, Full-duplex

1000 Mbps, Full-duplex

1000 Mbps, Full-duplex

Assuming maximum capability of NIC is 1000 Mbps,
full-duplex.

1000 Mbps, Full-duplex

1000 Mbps, Full-duplex

1000 Mbps, Full-duplex

1000 Mbps, Full-duplex

Correct Manual Configuration

100 Mbps, Full-duplex

1000 Mbps, Full-duplex

No Link

No Link

Neither side establishes link, due to speed
mismatch

100 Mbps, Full-duplex

AUTO

100 Mbps, Full-duplex

100 Mbps, Half-duplex

Duplex Mismatch
1

AUTO

100 Mbps, Full-duplex

100 Mbps, Half-duplex

100 Mbps, Full-duplex

Duplex Mismatch
1

100 Mbps, Full-duplex

100 Mbps, Full-duplex

100 Mbps, Full-duplex

100 Mbps, Full-duplex

Correct Manual
Configuration2

100 Mbps, Half-duplex

AUTO

100 Mbps, Half-duplex

100 Mbps, Half-duplex

Link is established, but switch does not see any
autonegotiation information from NIC and defaults to half-duplex when operating
at 10/100 Mbps.

10 Mbps, Half-duplex

AUTO

10 Mbps, Half-duplex

10 Mbps, Half-duplex

Link is established, but switch does not see Fast Link Pulse
(FLP) and defaults to 10 Mbps half-duplex.

10 Mbps, Half-duplex

100 Mbps, Half-duplex

No Link

No Link

Neither side establishes link, due to speed
mismatch.

AUTO

100 Mbps, Half-duplex

100 Mbps, Half-duplex

100 Mbps, Half-duplex

Link is established, but NIC does not see any autonegotiation
information and defaults to 100 Mbps, half-duplex.

AUTO

10 Mbps, Half-duplex

10 Mbps, Half-duplex

10 Mbps, Half-duplex

Link is established, but NIC does not see FLP and defaults to
10 Mbps, half-duplex.

Posted in Best practices, CATALYST, Real World, Troubleshooting | 1 Comment »

Troubleshooting the Catalyst 6500

Posted by Peter Kurdziel on January 12, 2010

Troubleshooting Hardware and Common Issues on Catalyst 6500/6000 Series Switches Running Cisco IOS System Software


Troubleshoot Error Messages in the Syslog or Console



The show diagnostic sanity Command



Supervisor Engine or Module Problems


     
Supervisor Engine LED in Red/Amber or Status Indicates faulty

     
Switch Is in Continuous Booting Loop, in ROMmon mode, or Missing the System Image

     
Standby Supervisor Engine Module Is Not On Line or Status Indicates unknown

     
Show Module Output Gives “not applicable” for SPA Module

     
Standby Supervisor Engine Reloads Unexpectedly

     
Even After You Remove the Modules, the show run Command Still Shows Information About the Removed Module Interfaces

     
Switch Has Reset/Rebooted on Its Own

     
DFC-Equipped Module Has Reset on Its Own

     
Troubleshoot a Module That Does Not Come On Line or Indicates faulty or other Status

     
Inband Communication Failure

     
Error “System returned to ROM by power-on (SP by abort)”

     
Error: NVRAM: nv->magic != NVMAGIC, invalid nvram

     
Error: Switching Bus FIFO counter stuck

     
SYSTEM INIT: INSUFFICIENT MEMORY TO BOOT THE IMAGE!


Troubleshoot CatOS to Cisco IOS Software or Cisco IOS Software to CatOS Conversion


     
Problem when User Attempts to Access the NVRAM After Cisco IOS to CatOS Conversion

     
Unable to Boot with Cisco IOS Software when User Converts from CatOS to Cisco IOS


Interface/Module Connectivity Problems


     
Connectivity Problem or Packet Loss with WS-X6548-GE-TX and WS-X6148-GE-TX Modules used in a Server Farm

     
Workstation Is Unable to Log In to Network During Startup/Unable to Obtain DHCP Address

     
Troubleshoot NIC Compatibility Issues

     
Interface Is in errdisable Status

     
Troubleshoot Interface Errors

     
You Receive %PM_SCP-SP-3-GBIC_BAD: GBIC integrity check on port x failed: bad key Error Messages

     
You Get COIL Error Messages on WS-X6x48 Module Interfaces

     
Troubleshoot WS-X6x48 Module Connectivity Problems

     
Troubleshoot STP Issues

     
Unable to Use Telnet Command to Connect to Switch

     
Giant Packet Counters on VSL Interfaces


Power Supply and Fan Problems


     
Power Supply INPUT OK LED Does Not Light Up

     
Troubleshoot
C6KPWR-4-POWRDENIED: insufficient power, module in slot [dec] power
denied or %C6KPWR-SP-4-POWRDENIED: insufficient power, module in slot
[dec] power denied Error Messages

     
FAN LED Is Red or Shows failed in the show environment status Command Output

     
“Diagnostic level complete” causes a crash on 6500


Cisco Support Community – Featured Conversations



Related Information

Catalyst 6500/6000 Switches ARP or CAM Table Issues Troubleshooting


Troubleshoot ARP or CAM Related Issues


     
Loss of Dynamic MAC Addresses with Distributed Switching

     
CEF Drops Packets at Regular Intervals

     
Switch Filter All-Zero MAC Addresses from the CAM Table

     
Unicast Flooding in the Network Every 5 Minutes

     
ARP Issues in Hybrid CatOS

     
Error EARL-2-EARL4LOOKUPRAMERROR During the CAM Table Lookup

     
Static CAM Entries Lost After Supervisor Switchover

     
%ACL-5-TCAMFULL: acl engine TCAM table is full

     
Ping Issues Occur when the MSFC Does Not Respond to the ARP Request in Catalyst 6500 Series Switches

     
Multiple Entries in MAC Address Table

     
Virtual IP Address Used by Microsoft Load Balancing is Not Reachable


Troubleshooting Input Queue Drops and Output Queue Drops


Processing and Switching



Input Queue Drops


     
Troubleshoot Input Queue Drops


Output Queue Drops


     
Troubleshoot Output Queue Drops


Commands to Obtain More Information


     
show interfaces switching

     
show interfaces stats

     
ip accounting mac-address

     
show interfaces mac-accounting

More info here: http://www.cisco.com/en/US/products/hw/switches/ps708/prod_tech_notes_list.html

Posted in CATALYST, Real World, Troubleshooting | Leave a Comment »

Supervisor Engine 720 Front Panel Status LEDs

Posted by Peter Kurdziel on December 9, 2009


Table 2-16 Supervisor Engine 720 Front Panel Status LEDs

http://www.cisco.com/en/US/docs/switches/lan/catalyst6500/hardware/Module_Installation/Sup_Eng_Guide/02superv.html#wp1081940
LED
Color and Meaning

STATUS

The STATUS LED indicates the status of the supervisor engine.

Green—All diagnostics pass. The supervisor engine is operational (normal initialization sequence).

Orange—The supervisor engine is booting or running diagnostics (normal initialization sequence) or an overtemperature condition has occurred. (A minor temperature threshold has been exceeded during environmental monitoring.)

Red—The diagnostic test failed. The supervisor engine is not operational because a fault occurred during the initialization sequence or an overtemperature condition has occurred. (A major temperature threshold has been exceeded during environmental monitoring.)

SYSTEM

The SYSTEM LED indicates the status of the system components.

Green—All chassis environmental monitors are reporting OK.

Orange—A minor hardware problem has been detected.

Red—A major hardware problem has occurred

ACTIVE

The ACTIVE LED indicates whether the supervisor engine is operating in active mode or is in standby mode.

Green—The supervisor engine is operational and active.

Orange—The supervisor engine is in standby mode.

PWR MGMT

The supervisor engine monitors each module’s power requirements and status relative to the system’s overall power capacity before fully powering up each module in the chassis.

Orange—Power-up mode; running self-diagnostics.

Green—Power management is functioning normally and sufficient power is available for all modules.

Orange—A minor power management problem has been detected. There is insufficient power for all modules to power up.

Red—A major power failure has occurred.

DISK 0 and DISK 1 LEDs

These LEDs are illuminated green when the installed Flash PC card is being accessed and is performing either a read operation or a write operation.

Posted in CATALYST, Troubleshooting | 1 Comment »

Operational Best Practices for the Cisco Catalyst 6500 Series

Posted by Peter Kurdziel on October 22, 2009

Operational Best Practices for the Cisco Catalyst 6500 Series

INTRODUCTION

Companies today place high demands on network infrastructure. The ability to maintain performance, availability, security, and manageability of those network devices is of paramount importance to the successful operation of their data center. With the wide-scale deployment of the Cisco® Catalyst® 6500 Series in networks worldwide, Cisco Systems® has been able to better understand the demands placed on the switching infrastructure. More importantly, Cisco Systems has been able to direct the development of the Catalyst 6500 family of switches to meet the challenges corporate networks place on these devices.

This document will attempt to present a best practices guide for operations management for features that customers can implement on the Catalyst 6500 to meet these challenges. It will focus on the areas of performance, scalability, security, availability, and manageability. Examples of the command-line interface (CLI) will be used in strategic places to show how commands can be used to deploy the proper best practice guidelines. This document will predominantly use command examples from the Cisco IOS® Software CLI, although references to the Catalyst OS commands will be made where appropriate.

More here: http://www.cisco.com/en/US/prod/collateral/switches/ps5718/ps708/prod_white_paper0900aecd805457cc.html

Posted in Best practices, CATALYST, Real World | Leave a Comment »

VTPv3 differences

Posted by Peter Kurdziel on October 22, 2009

One of the major differences between VTPv3 implementation and the earlier version is the introduction of a VTP primary server. Ideally, there must be only one primary server in a VTPv3 domain, if the domain is not partitioned. Any changes that you make to the VTP domain must be executed on the VTP primary server in order to be propagated to the VTP domain. There can be multiple servers within a VTPv3 domain, which are also known as secondary servers. When a switch is configured to be a server, the switch becomes a secondary server by default. The secondary server can store the configuration of the domain but cannot modify the configuration. A secondary server can become the primary server with a successful takeover from the switch.

Switches that run VTPv3 only accept a VTP database with a higher revision number than the current primary server. This process differs significantly from VTPv1 and VTPv2, in which a switch always accepts a superior configuration from a neighbor in the same domain. This change with VTPv3 provides protection. A new switch that is introduced into the network with a higher VTP revision number cannot overwrite the VLAN configuration of the entire domain.

The VTPv3 also introduces an enhancement to how the VTP handles passwords. If you use the hidden password configuration option in order to configure a password as “hidden”, these items occur:

  • The password does not appear in plain text in the configuration. The secret hexadecimal format of the password is saved in the configuration.

  • If you try to configure the switch as a primary server, you are prompted for the password. If your password matches the secret password, the switch becomes a primary server, which allows you to configure the domain.

Note: It is important to note that the primary server is only necessary when you need to modify the VTP configuration for any instance. A VTP domain can operate with no active primary server because the secondary servers ensure persistence of the configuration over reloads. The primary server state is exited for these reasons:

  • A switch reload

  • A high-availability switchover between the active and redundant supervisor engines

  • A takeover from another server

  • A change in the mode configuration

  • Any VTP domain configuration change, such as a change in:

    • Version

    • Domain name

    • Domain password

VTPv3 also allows the switches to participate in multiple instances of VTP. In this case, the same switch can be the VTP server for one instance and a client for another instance because the VTP modes are specific to different VTP instances. For example, a switch can operate in transparent mode for an MST instance while the switch is configured in server mode for a VLAN instance.

In terms of interaction with VTPv1 and VTPv2, the default behavior in all versions of VTP has been that the earlier versions of VTP simply drop the new version updates. Unless the VTPv1 and VTPv2 switches are in transparent mode, all VTPv3 updates are dropped. On the other hand, after VTPv3 switches receive a legacy VTPv1 or VTPv2 frame on a trunk, the switches pass a scaled-down version of their database update to the VTPv1 and VTPv2 switches. However, this information exchange is unidirectional in that no updates from VTPv1 and VTPv2 switches are accepted by the VTPv3 switches. On trunk connections, VTPv3 switches continue to send out scaled-down updates as well as full-fledged VTPv3 updates in order to cater to the existence of VTPv2 and VTPv3 neighbors across the trunk ports.

In order to provide VTPv3 support for extended VLANs, the format of the VLAN database, in which the VTP assigns 70 bytes per VLAN, is changed. The change allows for the coding of non-default values only, instead of the carrying of unmodified fields for the legacy protocols. Because of this change, 4K VLAN support is the size of the resulting VLAN database.

Posted in CATALYST | Leave a Comment »

MST

Posted by Peter Kurdziel on January 24, 2009

spanning-tree mode mst
!
spanning-tree mst configuration
name CCIE
revision 1
instance 1 vlan 12, 34
instance 2 vlan 56
!
spanning-tree mst 1 priority 24576

sw1(config)#do sho spann mst con
Name      [CCIE]
Revision  1     Instances configured 3

Instance  Vlans mapped
——–  ———————————————————————
0         1-11,13-33,35-55,57-4094
1         12,34
2         56
——————————————————————————-

sw1(config)#do sho spann mst

##### MST0    vlans mapped:   1-11,13-33,35-55,57-4094
Bridge        address 0019.aa6f.2700  priority      32768 (32768 sysid 0)
Root          address 0019.554a.3b80  priority      32768 (32768 sysid 0)
port    Fa0/13          path cost     0
Regional Root address 0019.554a.3b80  priority      32768 (32768 sysid 0)
internal cost 200000    rem hops 19
Operational   hello time 2 , forward delay 15, max age 20, txholdcount 6
Configured    hello time 2 , forward delay 15, max age 20, max hops    20

Interface        Role Sts Cost      Prio.Nbr Type
—————- —- — ——— ——– ——————————–
Fa0/13           Root FWD 200000    128.15   P2p
Fa0/14           Altn BLK 200000    128.16   P2p

##### MST1    vlans mapped:   12,34
Bridge        address 0019.aa6f.2700  priority      24577 (24576 sysid 1)
Root          this switch for MST1

Interface        Role Sts Cost      Prio.Nbr Type
—————- —- — ——— ——– ——————————–
Fa0/13           Desg FWD 200000    128.15   P2p
Fa0/14           Desg FWD 200000    128.16   P2p

##### MST2    vlans mapped:   56
Bridge        address 0019.aa6f.2700  priority      32770 (32768 sysid 2)
Root          address 0019.554a.3b80  priority      24578 (24576 sysid 2)
port    Fa0/13          cost          200000    rem hops 19

Interface        Role Sts Cost      Prio.Nbr Type
—————- —- — ——— ——– ——————————–
Fa0/13           Root FWD 200000    128.15   P2p
Fa0/14           Altn BLK 200000    128.16   P2p

sw1(config)#do sho spann brid

Hello  Max  Fwd
MST Instance                 Bridge ID              Time  Age  Dly  Protocol
—————- ——————————— —–  —  —  ——–
MST0             32768 (32768,   0) 0019.aa6f.2700    2    20   15  mstp
MST1             24577 (24576,   1) 0019.aa6f.2700    2    20   15  mstp
MST2             32770 (32768,   2) 0019.aa6f.2700    2    20   15  mstp
==========================================================================

interface FastEthernet0/13
switchport trunk encapsulation isl
switchport mode trunk
spanning-tree mst 1 port-priority 0
end

sw1(config-if)#do sh run int f0/14
Building configuration…

Current configuration : 130 bytes
!
interface FastEthernet0/14
switchport trunk encapsulation isl
switchport mode trunk
spanning-tree mst 2 port-priority 0
end

Mst Instance     Role Sts Cost      Prio.Nbr Type
—————- —- — ——— ——– ——————————–
MST0             Root FWD 200000    128.15   P2p
MST1             Desg FWD 200000      0.15   P2p
MST2             Altn BLK 200000    128.15   P2p

sw1(config-if)#do sho span int f0/14

Mst Instance     Role Sts Cost      Prio.Nbr Type
—————- —- — ——— ——– ——————————–
MST0             Altn BLK 200000    128.16   P2p
MST1             Desg FWD 200000    128.16   P2p
MST2             Root FWD 200000      0.16   P2p

=============================

Posted in CATALYST, Routing & Switching Lab | Leave a Comment »

QOS – switching

Posted by Peter Kurdziel on January 24, 2009

sw1#sh mls qos maps dscp-input-q
Dscp-inputq-threshold map:
d1 :d2    0     1     2     3     4     5     6     7     8     9
————————————————————
0 :    01-01 01-01 01-01 01-01 01-01 01-01 01-01 01-01 01-01 01-01
1 :    01-01 01-01 01-01 01-01 01-01 01-01 01-01 01-01 01-01 01-01
2 :    01-01 01-01 01-01 01-01 01-01 01-01 01-01 01-01 01-01 01-01
3 :    01-01 01-01 01-01 01-01 01-01 01-01 01-01 01-01 01-01 01-01
4 :    02-01 02-01 02-01 02-01 02-01 02-01 02-01 02-01 01-01 01-01
5 :    01-01 01-01 01-01 01-01 01-01 01-01 01-01 01-01 01-01 01-01
6 :    01-01 01-01 01-01 01-01

sw1(config)#$-queue input dscp-map queue 1 threshold 2 0 1 2 3 4 5 6 7
sw1(config)#$-queue input dscp-map queue 1 threshold ?
<1-3>  enter dscp-map threshold id

sw1(config)#mls qos srr-queue input dscp-map queue 1 threshold 2 ?
<0-63>  dscp values separated by spaces (up to 8 values total)

sw1(config)#$ut dscp-map queue 1 threshold 2  8 9 10 11 12 13 14 15
sw1(config)#$ut dscp-map queue 1 threshold 2  16 17 18 19 20
sw1(config)#$ut dscp-map queue 1 threshold 1 21 22 23 24 25 26 27 28
sw1(config)#$ut dscp-map queue 1 threshold 1 29 30 31 32 33 34 35 36
sw1(config)#$ut dscp-map queue 1 threshold 1 37 38 39 40 41 42 43 44
sw1(config)#$ut dscp-map queue 1 threshold 1 45 46 47 48 49 50

sw1(config)#$ut dscp-map queue 1 threshold 1 51 52 53 54 55 56 57 58
sw1(config)#$ut dscp-map queue 1 threshold 1 59
sw1(config)#mls qos srr-queue input dscp-map queue 1 threshold 2 60 61 62 63
sw1(config)#do sho mls qos maps dscp-i
sw1(config)#do sho mls qos maps dscp-input-q
Dscp-inputq-threshold map:
d1 :d2    0     1     2     3     4     5     6     7     8     9
————————————————————
0 :    01-02 01-02 01-02 01-02 01-02 01-02 01-02 01-02 01-02 01-02
1 :    01-02 01-02 01-02 01-02 01-02 01-02 01-02 01-02 01-02 01-02
2 :    01-02 01-01 01-01 01-01 01-01 01-01 01-01 01-01 01-01 01-01
3 :    01-01 01-01 01-01 01-01 01-01 01-01 01-01 01-01 01-01 01-01
4 :    01-01 01-01 01-01 01-01 01-01 01-01 01-01 01-01 01-01 01-01
5 :    01-01 01-01 01-01 01-01 01-01 01-01 01-01 01-01 01-01 01-01
6 :    01-02 01-02 01-02 01-02

sw1(config)#do sho mls qos input-q
Queue     :       1       2
———————————————-
buffers   :      90      10
bandwidth :       4       4
priority  :       0      10
threshold1:     100     100
threshold2:     100     100
sw1(config)#

sw1(config)#do sho mls qos in
sw1(config)#do sho mls qos inpu
sw1(config)#do sho mls qos input-q
Queue     :       1       2
———————————————-
buffers   :      90      10
bandwidth :       4       4
priority  :       0      10
threshold1:     100     100
threshold2:     100     100
sw1(config)#mls qos srr
sw1(config)#mls qos srr-queue in
sw1(config)#mls qos srr-queue input thre
sw1(config)#mls qos srr-queue input threshold 1 50 75
sw1(config)#mls qos srr-queue input threshold 2 30 75
sw1(config)#do sho mls qos input-q
Queue     :       1       2
———————————————-
buffers   :      90      10
bandwidth :       4       4
priority  :       0      10
threshold1:      50      30
threshold2:      75      75
sw1(config)#

sw1(config)#mls qos srr-queue input bandwidth 35 45

sw1(config)#mls qos srr-queue input priority-queue 1 band 20

sw1#sh mls qos inp
Queue     :       1       2
———————————————-
buffers   :      60      40
bandwidth :      35      45
priority  :      20       0
threshold1:      50      30
threshold2:      75      75

=======================================================================

sw2(config)#mls qos srr-q out dscp-map queue 1 threshold 1 0 1 2 3 4 5 6 7
sw2(config)#$-q out dscp-map queue 1 threshold 2 8 9 10 11 12 13 14 15
sw2(config)#$-q out dscp-map queue 2 thre 1 16 17 18 19 20 21 22 23
sw2(config)#mls qos srr-q out dscp-map queue 2 thre 2 24 25 26 27 28 29 30 31
sw2(config)#mls qos srr-q out dscp-map queue 3 thres
sw2(config)#$-q out dscp-map queue 3 threshold 1 32 33 34 35 36 37 38 39
sw2(config)#$-q out dscp-map queue 3 threshold 2 40 41 42 43 44 45 46 47
sw2(config)#$-q out dscp-map queue 4 thre
sw2(config)#$-q out dscp-map queue 4 threshold 1 48 49 50 51 52 53 54 55
sw2(config)#$-q out dscp-map queue 4 threshold 2 56 57 58 59 60 61 62 63
sw2(config)#
sw2(config)#
sw2(config)#do sho mls qos maps dscp-output-q
Dscp-outputq-threshold map:
d1 :d2    0     1     2     3     4     5     6     7     8     9
————————————————————
0 :    01-01 01-01 01-01 01-01 01-01 01-01 01-01 01-01 01-02 01-02
1 :    01-02 01-02 01-02 01-02 01-02 01-02 02-01 02-01 02-01 02-01
2 :    02-01 02-01 02-01 02-01 02-02 02-02 02-02 02-02 02-02 02-02
3 :    02-02 02-02 03-01 03-01 03-01 03-01 03-01 03-01 03-01 03-01
4 :    03-02 03-02 03-02 03-02 03-02 03-02 03-02 03-02 04-01 04-01
5 :    04-01 04-01 04-01 04-01 04-01 04-01 04-02 04-02 04-02 04-02
6 :    04-02 04-02 04-02 04-02

==============================================================================

sw2(config)#do show mls qos int f0/14 buff
FastEthernet0/14
QoS is disabled. When QoS is enabled, following settings will be applied
The port is mapped to qset : 1
The allocations between the queues are : 25 25 25 25

sw2(config)#mls qos
sw2(config)#
sw2(config)#
sw2(config)#do show mls qos int f0/14 buff
FastEthernet0/14
The port is mapped to qset : 1
The allocations between the queues are : 25 25 25 25

port specific

sw2(config)#mls qos queue-set output 2 buffers 40 20 20 20
sw2(config)#int f0/14
sw2(config-if)#queue-set 2
sw2(config-if)#do show mls qos int f0/14 buff
FastEthernet0/14
The port is mapped to qset : 2
The allocations between the queues are : 40 20 20 20

all ports – no int f0/x queue-set 1 is needed

sw2(config-if)#mls qos queue-set output 1 buffers 40 20 20 20
sw2(config)#do show mls qos int f0/1 buff
FastEthernet0/1
The port is mapped to qset : 1
The allocations between the queues are : 40 20 20 20

sw2(config)#do show mls qos int f0/24 buff
FastEthernet0/24
The port is mapped to qset : 1
The allocations between the queues are : 40 20 20 20
=========================================================

sw2(config)#mls qos queue-set out 2 thres 1 40 60 100 200
sw2(config)#mls qos queue-set out 2 thres 2 30 70 100 300

sw2(config)#do sho mls qos queue-set 2
Queueset: 2
Queue     :       1       2       3       4
———————————————-
buffers   :      40      20      20      20
threshold1:      40      30     100     100
threshold2:      60      70     100     100
reserved  :     100     100      50      50
maximum   :     200     300     400     400
=================================================

sw2(config)#do sho mls qos inter f0/16 queueing
FastEthernet0/16
Egress Priority Queue : disabled
Shaped queue weights (absolute) :  25 0 0 0
Shared queue weights  :  25 25 25 25
The port bandwidth limit : 100  (Operational Bandwidth:100.0)
The port is mapped to qset : 1

sw2(config)#int f0/16
sw2(config-if)#srr-queue band limit 80

sw2(config-if)#do sho mls qos inter f0/16 queueing
FastEthernet0/16
Egress Priority Queue : disabled
Shaped queue weights (absolute) :  25 0 0 0
Shared queue weights  :  25 25 25 25
The port bandwidth limit : 80  (Operational Bandwidth:80.0)
The port is mapped to qset : 1

=================================================

sw2(config-if)#do sho mls qos inter f0/16 queueing
FastEthernet0/16
Egress Priority Queue : disabled
Shaped queue weights (absolute) :  25 0 0 0
Shared queue weights  :  25 25 25 25
The port bandwidth limit : 80  (Operational Bandwidth:80.0)
The port is mapped to qset : 1

sw2(config-if)#
sw2(config-if)#
sw2(config-if)#int f0/16
sw2(config-if)#pri
sw2(config-if)#priority-queue out
sw2(config-if)#do sho mls qos inter f0/16 queueing
FastEthernet0/16
Egress Priority Queue : enabled
Shaped queue weights (absolute) :  25 0 0 0
Shared queue weights  :  25 25 25 25
The port bandwidth limit : 80  (Operational Bandwidth:80.0)
The port is mapped to qset : 1

====================================================

sw2(config-if)#  storm-control broadcast  level 50.00
sw2(config-if)#do sho storm f0/14 broa
Interface  Filter State   Upper        Lower        Current
———  ————-  ———–  ———–  ———-
Fa0/14     Forwarding      50.00%       50.00%        0.00%

===========================================================

sw3(config)#ml qos map cos-dscp 10 10 10 10 20 20 30 30
sw3(config)#do sho mls qos map cos-ds
Cos-dscp map:
cos:   0  1  2  3  4  5  6  7
——————————–
dscp:  10 10 10 10 20 20 30 30

===================================================

sw4(config)#mls qos map dscp-mutation TST 0 1 2 3 4 5 6 7 to 10
sw4(config)#mls qos map dscp-mutation TST 8 9 10 11 12 13 14 15 to 10
sw4(config)#mls qos map dscp-mutation TST 16 17 18 19 20 to 10

sw4(config)#mls qos map dscp-mutation TST 21 22 23 24 25 26 27 28 to 20
sw4(config)#mls qos map dscp-mutation TST 29 30 to 20

sw4(config)#mls qos map dscp-mutat TST 31 32 33 34 35 36 37 38 to 30
sw4(config)#mls qos map dscp-mutat TST 39 40 to 30

sw4(config)#mls qos map dscp-mutat TST  41 42 43 44 45 46 47 48 to 40
sw4(config)#mls qos map dscp-mutat TST  49 50 to 40
sw4(config)#
sw4(config)#mls qos map dscp-mutat TST 51 52 53 54 55 56 57 58 to 50
sw4(config)#mls qos map dscp-mutat TST 59 60 t 50
sw4(config)#mls qos map dscp-mutat TST 61 62 63 to 60

sw4(config)#int f0/23
sw4(config-if)#mls qos dsc
sw4(config-if)#mls qos dscp-mutation TST
sw4(config-if)#do sho mls qos map dscp-m

Dscp-dscp mutation map:
TST:
d1 :  d2 0  1  2  3  4  5  6  7  8  9
—————————————
0 :    10 10 10 10 10 10 10 10 10 10
1 :    10 10 10 10 10 10 10 10 10 10
2 :    10 20 20 20 20 20 20 20 20 20
3 :    20 30 30 30 30 30 30 30 30 30
4 :    30 40 40 40 40 40 40 40 40 40
5 :    40 50 50 50 50 50 50 50 50 50
6 :    50 60 60 60

Dscp-dscp mutation map:
Default DSCP Mutation Map:
d1 :  d2 0  1  2  3  4  5  6  7  8  9
—————————————
0 :    00 01 02 03 04 05 06 07 08 09
1 :    10 11 12 13 14 15 16 17 18 19
2 :    20 21 22 23 24 25 26 27 28 29
3 :    30 31 32 33 34 35 36 37 38 39
4 :    40 41 42 43 44 45 46 47 48 49
5 :    50 51 52 53 54 55 56 57 58 59
6 :    60 61 62 63

Posted in CATALYST, QOS, Routing & Switching Lab | Leave a Comment »

switch security

Posted by Peter Kurdziel on January 24, 2009

interface FastEthernet0/1
switchport mode access
switchport port-security
switchport port-security aging time 60
switchport port-security aging static
switchport port-security mac-address 0000.1111.1111

sw1(config-if)#do sho port-s

Secure Port  MaxSecureAddr  CurrentAddr  SecurityViolation  Security Action
(Count)       (Count)          (Count)
—————————————————————————
Fa0/1              1            1                  0         Shutdown
—————————————————————————
Total Addresses in System (excluding one mac per port)     : 0
Max Addresses limit in System (excluding one mac per port) : 6144

sw1(config-if)#do  sho port-s addres
Secure Mac Address Table
————————————————————————
Vlan    Mac Address       Type                     Ports   Remaining Age
(mins)
—-    ———–       —-                     —–   ————-
1    0000.1111.1111    SecureConfigured         Fa0/1       59
————————————————————————
Total Addresses in System (excluding one mac per port)     : 0
Max Addresses limit in System (excluding one mac per port) : 6144

to test
r1
int f0/0
no mac 0000.1111.1111

sw1(config-if)#
06:57:59: %PM-4-ERR_DISABLE: psecure-violation error detected on Fa0/1, putting Fa0/1 in err-disable state

sw1(config-if)#
06:57:59: %PORT_SECURITY-2-PSECURE_VIOLATION: Security violation occurred, caused by MAC address 0017.5925.f8d0 on port FastEthernet0/1.

06:58:00: %LINEPROTO-5-UPDOWN: Line protocol on Interface FastEthernet0/1, changed state to down

sw1(config-if)#
06:58:01: %LINK-3-UPDOWN: Interface FastEthernet0/1, changed state to down

sw1(config-if)#do sho inter status | inc err-dis
Fa0/1                        err-disabled 1            auto   auto 10/100BaseTX

sw1(config-if)#do sho inter status  err-dis

Port      Name               Status       Reason               Err-disabled Vlans
Fa0/1                        err-disabled psecure-violation

sw1(config-if)#do sho port-se
Secure Port  MaxSecureAddr  CurrentAddr  SecurityViolation  Security Action
(Count)       (Count)          (Count)
—————————————————————————
Fa0/1              1            1                  1         Shutdown
—————————————————————————
Total Addresses in System (excluding one mac per port)     : 0
Max Addresses limit in System (excluding one mac per port) : 6144

=====================================================

macro name Port-Secur
sw mo acc
sw port-s
sw port-s mac-address stick
sw port-s max 1
sw port-s vio pro
@

interface FastEthernet0/1
switchport mode access
switchport port-security
switchport port-security violation protect
switchport port-security mac-address sticky
switchport port-security mac-address sticky 0017.5925.f8d1
macro description Port-Secur | Port-Secur
end

sw2(config-if-range)#  do sho run int f0/2
Building configuration…

Current configuration : 275 bytes
!
interface FastEthernet0/2
switchport mode access
switchport port-security
switchport port-security violation protect
switchport port-security mac-address sticky
switchport port-security mac-address sticky 0017.5902.9ce9
macro description Port-Secur | Port-Secur
end

etc………

====================================

to prevent two server from talking to each other in the same vlan

int range f0/15 – 16
sw mo acc
sw acc v 18
sw protected

sw2(config-if-range)#do sho int f0/15 sw
Name: Fa0/15
Switchport: Enabled
Administrative Mode: static access
Operational Mode: static access
Administrative Trunking Encapsulation: negotiate
Operational Trunking Encapsulation: native
Negotiation of Trunking: Off
Access Mode VLAN: 88 (VLAN0088)
Trunking Native Mode VLAN: 1 (default)
Administrative Native VLAN tagging: enabled
Voice VLAN: none
Administrative private-vlan host-association: none
Administrative private-vlan mapping: none
Administrative private-vlan trunk native VLAN: none
Administrative private-vlan trunk Native VLAN tagging: enabled
Administrative private-vlan trunk encapsulation: dot1q
Administrative private-vlan trunk normal VLANs: none
Administrative private-vlan trunk associations: none
Administrative private-vlan trunk mappings: none
Operational private-vlan: none
Trunking VLANs Enabled: ALL
Pruning VLANs Enabled: 2-1001
Capture Mode Disabled
Capture VLANs Allowed: ALL

Protected: true <—————————<<<<
Unknown unicast blocked: disabled
Unknown multicast blocked: disabled
Appliance trust: none
===========================

prevent UNKNOWN uni and mulitcast between the ports

int range f0/15 – 16
sw2(config-if-range)#switchport block unicast
sw2(config-if-range)#switchport block multicast

=======================================================

sw1(config)#do sho dot1x
Sysauthcontrol             Disabled
Dot1x Protocol Version            2
Critical Recovery Delay         100
Critical EAPOL             Disabled

aaa new-model
aaa authent login default none <–no radius srv– used so I’m not locked out
aaa authentication dot1x default group radius

radius-server host 192.168.1.2 key cisco

sw1(config-if)#do sh dot1x int f0/16

interface FastEthernet0/16
switchport mode access
dot1x pae authenticator
dot1x port-control auto
end

sw1(config-if)#do sh dot1x int f0/16
Dot1x Info for FastEthernet0/16
———————————–
PAE                       = AUTHENTICATOR
PortControl               = AUTO
ControlDirection          = Both
HostMode                  = SINGLE_HOST
ReAuthentication          = Disabled
QuietPeriod               = 60
ServerTimeout             = 30
SuppTimeout               = 30
ReAuthPeriod              = 3600 (Locally configured)
ReAuthMax                 = 2
MaxReq                    = 2
TxPeriod                  = 30
RateLimitPeriod           = 0

===================================

sw1(config)#do sh mac-address-table aging-time
Global Aging Time:  300
Vlan    Aging Time
—-    ———-
1     300
88     300

sw1(config)#mac-address-table aging-time 600
sw1(config)#
sw1(config)#
sw1(config)#
sw1(config)#do sh mac-address-table aging-time
Global Aging Time:  600
Vlan    Aging Time
—-    ———-
1     600
88     600
==================================

to have the config.text and vlan.dat fiel deleted in password recoverty
no service password-recovery

sh ver
..(omitted for brevity)..
The password-recovery mechanism is disabled

========================================

sw1(config)# do sh dot1x int f0/16

Dot1x Info for FastEthernet0/16
———————————–
PAE                       = AUTHENTICATOR
PortControl               = AUTO
ControlDirection          = Both
HostMode                  = SINGLE_HOST
ReAuthentication          = Disabled
QuietPeriod               = 60
ServerTimeout             = 30
SuppTimeout               = 30
ReAuthPeriod              = 3600 (Locally configured)
ReAuthMax                 = 2
MaxReq                    = 2
TxPeriod                  = 30
RateLimitPeriod           = 0

sw1(config)#int f0/16
sw1(config-if)#dot1x host-mode multi-host

sw1(config-if)# do sh dot1x int f0/16

Dot1x Info for FastEthernet0/16
———————————–
PAE                       = AUTHENTICATOR
PortControl               = AUTO
ControlDirection          = Both
HostMode                  = MULTI_HOST
ReAuthentication          = Disabled
QuietPeriod               = 60
ServerTimeout             = 30
SuppTimeout               = 30
ReAuthPeriod              = 3600 (Locally configured)
ReAuthMax                 = 2
MaxReq                    = 2
TxPeriod                  = 30
RateLimitPeriod           = 0
=============================================================

sw1(config)#mac-address-table static 0000.6666.6666 vlan 56 int f0/6
sw1(config)#do sho mac-address-table stat int f0/6
Mac Address Table
——————————————-

Vlan    Mac Address       Type        Ports
—-    ———–       ——–    —–
56    0000.6666.6666    STATIC      Fa0/6
Total Mac Addresses for this criterion: 1

===================

sw1(config)#mac-address-table stat 0000.1111.2222 vlan 1 drop
sw1(config)#
sw1(config)#
sw1(config)#
sw1(config)#do sho mac-address-table stat add 0000.1111.2222
Mac Address Table
——————————————-

Vlan    Mac Address       Type        Ports
—-    ———–       ——–    —–
1    0000.1111.2222    STATIC      Drop
Total Mac Addresses for this criterion: 1

=======================

r1(config-if)#do sho ip arp
Protocol  Address          Age (min)  Hardware Addr   Type   Interface
Internet  10.1.1.2                0   0000.2222.2222  ARPA   FastEthernet0/0
Internet  10.1.1.1                -   0000.1111.1111  ARPA   FastEthernet0/0

cat1
ip arp inspection vlan 1
ip arp inspection filter TST vlan  1 static

arp access-list TST
permit ip host 10.1.1.2 mac host 0000.2222.2222
permit ip host 10.1.1.1 mac host 0000.1111.1111

testing

r2(config-if)#do pin 10.1.1.1

Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 10.1.1.1, timeout is 2 seconds:
.!!!!
Success rate is 80 percent (4/5), round-trip min/avg/max = 1/1/4 ms
r2(config-if)#do sho ip arp
Protocol  Address          Age (min)  Hardware Addr   Type   Interface
Internet  10.1.1.2                -   0000.2222.2222  ARPA   FastEthernet0/1
Internet  10.1.1.1                0   0000.1111.1111  ARPA   FastEthernet0/1
r2(config-if)#no mac-add 0000.2222.2222
r2(config-if)#do ping 10.1.1.1

Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 10.1.1.1, timeout is 2 seconds:
…..

cat1

08:20:58: %SW_DAI-4-ACL_DENY: 1 Invalid ARPs (Req) on Fa0/13, vlan 1.([0017.5902.9ce9/10.1.1.2/0000.0000.0000/10.1.1.1/08:20:58 UTC Mon Mar 1 1993])
sw1(config-arp-nacl)#
08:21:00: %SW_DAI-4-ACL_DENY: 1 Invalid ARPs (Req) on Fa0/13, vlan 1.([0017.5902.9ce9/10.1.1.2/0000.0000.0000/10.1.1.1/08:21:00 UTC Mon Mar 1 1993])
sw1(config-arp-nacl)#
08:21:02: %SW_DAI-4-ACL_DENY: 1 Invalid ARPs (Req) on Fa0/13, vlan 1.([0017.5902.9ce9/10.1.1.2/0000.0000.0000/10.1.1.1/08:21:02 UTC Mon Mar 1 1993])
sw1(config-arp-nacl)#
08:21:04: %SW_DAI-4-ACL_DENY: 1 Invalid ARPs (Req) on Fa0/13, vlan 1.([0017.5902.9ce9/10.1.1.2/0000.0000.0000/10.1.1.1/08:21:04 UTC Mon Mar 1 1993])
sw1(config-arp-nacl)#
08:21:06: %SW_DAI-4-ACL_DENY: 1 Invalid ARPs (Req) on Fa0/13, vlan 1.([0017.5902.9ce9/10.1.1.2/0000.0000.0000/10.1.1.1/08:21:06 UTC Mon Mar 1 1993])

=================

sw1(config-if)#ip arp inspection limit rate 10 burst interval 2
sw1(config-if)#
sw1(config-if)#
sw1(config-if)#
sw1(config-if)#do sho ip arp insp inter

Interface        Trust State     Rate (pps)    Burst Interval
—————  ———–     ———-    ————–
Fa0/1            Untrusted               10                 2
Fa0/2            Untrusted               15                 1
Fa0/3            Untrusted               15                 1

=================

mac access-list extended TEST
deny   any any decnet-iv
deny   any any etype-6000
deny   any any etype-8042
permit any any

sw1(config-if)#do sho mac access int f0/10
Interface FastEthernet0/10:
Inbound access-list is TEST
Outbound access-list is not set

===================================

mac access-list extended MAC-forward
permit host 0000.1111.2222 any
permit host 0000.1111.3333 any
mac access-list extended Protocol-forward
permit any any decnet-iv
permit any any vines-ip
mac access-list extended Protocol=forward
mac access-list extended TEST
deny   any any decnet-iv
deny   any any etype-6000
deny   any any etype-8042
permit any any

vlan access-map TST 10
action drop
match ip address R1-2
vlan access-map TST 20
action drop
match ip address UDP
vlan access-map TST 30
action drop
match ip address TCP
vlan access-map TST 40
action drop
match ip address IGMP
vlan access-map TST 50
action drop
match mac address MAC-forward
vlan access-map TST 60
action drop
match mac address Protocol-forward
vlan access-map TST 70
action forward
!
vlan filter TST vlan-list 2

ip access-list extended IGMP
permit igmp any any
ip access-list extended R1-2
permit ip host 10.1.1.1 host 10.1.1.2
permit ip host 10.1.1.2 host 10.1.1.1
ip access-list extended TCP
permit tcp host 10.1.1.3 host 10.1.1.4
permit tcp host 10.1.1.4 host 10.1.1.3
ip access-list extended UDP
permit udp any any
============================

Posted in CATALYST, Routing & Switching Lab | Leave a Comment »

etherchannels

Posted by Peter Kurdziel on January 24, 2009

sw1

interface FastEthernet0/13
channel-group 12 mode auto

interface FastEthernet0/14
channel-group 12 mode auto

interface Port-channel12
switchport trunk encapsulation dot1q
switchport mode trunk

sw2
interface FastEthernet0/13
channel-group 21 mode auto

interface FastEthernet0/14
channel-group 21 mode auto

interface Port-channel 21
switchport trunk encapsulation dot1q
switchport mode trunk
===========================

interface FastEthernet0/16
channel-group 13 mode on

interface FastEthernet0/17
channel-group 13 mode on

interface Port-channel13
switchport trunk encapsulation dot1q
switchport mode trunk

sw1(config-if)#do sho etherc
Channel-group listing:
———————-

Group: 12
———-
Group state = L2
Ports: 2   Maxports = 8
Port-channels: 1 Max Port-channels = 1
Protocol:   PAgP

Group: 13
———-
Group state = L2
Ports: 2   Maxports = 8
Port-channels: 1 Max Port-channels = 1
Protocol:    -

sw1(config-if)#do sho etherc sum
Flags:  D – down        P – in port-channel
I – stand-alone s – suspended
H – Hot-standby (LACP only)
R – Layer3      S – Layer2
U – in use      f – failed to allocate aggregator
u – unsuitable for bundling
w – waiting to be aggregated
d – default port

Number of channel-groups in use: 2
Number of aggregators:           2

Group  Port-channel  Protocol    Ports
——+————-+———–+———————————————–
12     Po12(SU)        PAgP      Fa0/13(P)   Fa0/14(P)
13     Po13(SU)         -        Fa0/16(P)   Fa0/17(P)

==========

w1(config)#port-channel load-balance ?
dst-ip       Dst IP Addr
dst-mac      Dst Mac Addr
src-dst-ip   Src XOR Dst IP Addr
src-dst-mac  Src XOR Dst Mac Addr
src-ip       Src IP Addr
src-mac      Src Mac Addr

sw1(config)#port-channel load-balance ds
sw1(config)#port-channel load-balance dst-m
sw1(config)#port-channel load-balance dst-mac
sw1(config)#do sho ether load-bal
EtherChannel Load-Balancing Configuration:
dst-mac

EtherChannel Load-Balancing Addresses Used Per-Protocol:
Non-IP: Destination MAC address
IPv4: Destination MAC address
IPv6: Destination MAC address
===================

sw2(config)#port-channel load-balance src-dst-ip
sw2(config)#
sw2(config)#
sw2(config)#do sho etherc load-b
EtherChannel Load-Balancing Configuration:
src-dst-ip

EtherChannel Load-Balancing Addresses Used Per-Protocol:
Non-IP: Source XOR Destination MAC address
IPv4: Source XOR Destination IP address
IPv6: Source XOR Destination IP address
===============

interface FastEthernet0/19
channel-group 24 mode desirable

interface FastEthernet0/20
channel-group 24 mode desirable

interface Port-channel24
switchport trunk encapsulation isl
switchport mode trunk

sw4(config-if-range)#do sho etherc prot
Channel-group listing:
———————-

Group: 24
———-
Protocol:  PAgP

sw4(config-if-range)#do sho etherc sum
Flags:  D – down        P – in port-channel
I – stand-alone s – suspended
H – Hot-standby (LACP only)
R – Layer3      S – Layer2
U – in use      f – failed to allocate aggregator
u – unsuitable for bundling
w – waiting to be aggregated
d – default port

Number of channel-groups in use: 1
Number of aggregators:           1

Group  Port-channel  Protocol    Ports
——+————-+———–+———————————————–
24     Po24(SU)        PAgP      Fa0/16(P)   Fa0/17(P)

==================

sw3
interface Port-channel34
switchport trunk encapsulation isl
switchport mode trunk

interface FastEthernet0/19
channel-group 34 mode passive

interface FastEthernet0/20
channel-group 34 mode passive

sw4

interface Port-channel43
switchport trunk encapsulation isl
switchport mode trunk
!
interface FastEthernet0/19
channel-group 43 mode active
!
interface FastEthernet0/20
channel-group 43 mode active

sw3(config-if)#do sho ether
Channel-group listing:
———————-

Group: 31
———-
Group state = L2
Ports: 2   Maxports = 8
Port-channels: 1 Max Port-channels = 1
Protocol:    -

Group: 34
———-
Group state = L2
Ports: 2   Maxports = 16
Port-channels: 1 Max Port-channels = 16
Protocol:   LACP

sw3(config-if)#do sho ether sum
Flags:  D – down        P – in port-channel
I – stand-alone s – suspended
H – Hot-standby (LACP only)
R – Layer3      S – Layer2
U – in use      f – failed to allocate aggregator
u – unsuitable for bundling
w – waiting to be aggregated
d – default port

Number of channel-groups in use: 2
Number of aggregators:           2

Group  Port-channel  Protocol    Ports
——+————-+———–+———————————————–
31     Po31(SU)         -        Fa0/13(P)   Fa0/14(P)
34     Po34(SU)        LACP      Fa0/19(P)   Fa0/20(P)

=================================

interface Port-channel23
no switchport
ip address 10.1.23.2 255.255.255.0

interface FastEthernet0/16
no switchport
no ip address
channel-group 23 mode on

interface FastEthernet0/17
no switchport
no ip address
channel-group 23 mode on

sw2(config-if)#do sho ether sum
Flags:  D – down        P – in port-channel
I – stand-alone s – suspended
H – Hot-standby (LACP only)
R – Layer3      S – Layer2
U – in use      f – failed to allocate aggregator
u – unsuitable for bundling
w – waiting to be aggregated
d – default port

Number of channel-groups in use: 3
Number of aggregators:           3

Group  Port-channel  Protocol    Ports
——+————-+———–+———————————————–
21     Po21(SU)        PAgP      Fa0/13(P)   Fa0/14(P)
23     Po23(RU)         -        Fa0/16(P)   Fa0/17(P)
24     Po24(SU)        PAgP      Fa0/19(P)   Fa0/20(P)

Posted in CATALYST, Routing & Switching Lab | Leave a Comment »

« Previous Entries
 
Follow

Get every new post delivered to your Inbox.