Archive for the ‘CATALYST’ Category

802.1q tunneling scenario 3

Posted by Peter Kurdziel on March 9, 2012

Configs:

custsw1

vlan 555
!
vlan 1700
name custvlan
!vlan 555
!
interface FastEthernet0/4
switchport access vlan 555
switchport mode access
!
interface FastEthernet0/5
switchport access vlan 1700
switchport mode access
!
interface FastEthernet0/22
des TRUNK to SPSW1
switchport trunk encapsulation dot1q
switchport mode trunk
!
interface Vlan555
ip address 5.5.5.1 255.255.255.0
!
interface Vlan1700
ip address 10.1.1.1 255.255.255.252
!

custsw2

vlan 555
!
vlan 1700
name custvlan
!vlan 555
!
interface FastEthernet0/6
switchport access vlan 555
switchport mode access
!
interface FastEthernet0/7
switchport access vlan 1700
switchport mode access
!
interface FastEthernet0/22
des TRUNK TO SPSW2
switchport trunk encapsulation dot1q
switchport mode trunk
!
interface Vlan555
ip address 5.5.5.2 255.255.255.0
!
interface Vlan1700
ip address 10.1.1.2 255.255.255.252

spsw1#
vlan dot1q tag native
!
vlan 104
name qinq
!
vlan 555
name SPpro555
!
vlan 1700
name SPpro1700
!

interface FastEthernet0/1
switchport access vlan 555
switchport mode access

interface FastEthernet0/22
des TO CUSTOMER SW 1
switchport access vlan 104
switchport trunk encapsulation dot1q
switchport mode dot1q-tunnel
l2protocol-tunnel cdp
no cdp enable
!
interface FastEthernet0/23
des TRUNK to SPSW2
switchport trunk encapsulation dot1q
switchport trunk allowed vlan 104,555,1700
switchport mode trunk

interface GigabitEthernet0/1
switchport access vlan 1700
switchport mode access
interface Vlan555
ip address 5.5.5.1 255.255.255.0
!
interface Vlan1700
ip address 10.1.1.1 255.255.255.252
!

spsw2#

vlan dot1q tag native
!
vlan 104
name qinq
!
vlan 555
name SPpro555
!
vlan 1700
name SPpro1700
!
interface FastEthernet0/1
switchport access vlan 555
switchport mode access

switchport trunk encapsulation dot1q
switchport trunk allowed vlan 104
switchport mode trunk

interface FastEthernet0/22
des TO CUSTOMER SW 2
switchport access vlan 104
switchport trunk encapsulation dot1q
switchport mode dot1q-tunnel
l2protocol-tunnel cdp
no cdp enable
!
interface FastEthernet0/23
des TRUNK TO SPSW1
switchport trunk encapsulation dot1q
switchport trunk allowed vlan 104,555,1700
switchport mode trunk

interface GigabitEthernet0/1
switchport access vlan 1700
switchport mode access

interface Vlan555
ip address 5.5.5.2 255.255.255.0
!
interface Vlan1700
ip address 10.1.1.2 255.255.255.252

Service Provider Verification
spsw1#sh ip int b | ex una
Interface              IP-Address      OK? Method Status                Protocol
Vlan555                5.5.5.1    YES manual up                    up
Vlan1700               10.1.1.1    YES manual up                    up

spsw1#sh dot1q-t int f0/22

dot1q-tunnel mode LAN Port(s)
—————————–
Fa0/22
spsw1#

spsw1#sh int trunk

Port Mode Encapsulation Status Native vlan
Fa0/23 on 802.1q trunking 1

Port Vlans allowed on trunk
Fa0/23 104,555,1700

Port Vlans allowed and active in management domain
Fa0/23 104,555,1700

Port Vlans in spanning tree forwarding state and not pruned
Fa0/23 104,555,1700

spsw1#sh int | in is up|address is|In
Vlan555 is up, line protocol is up
Hardware is EtherSVI, address is 0012.0183.3b00 (bia 0012.0183.3b00)
Internet address is 5.5.5.1/24

Vlan1700 is up, line protocol is up
Hardware is EtherSVI, address is 0012.0183.3b00 (bia 0012.0183.3b00)
Internet address is 10.1.1.1/30

clear arp

spsw1#sh ip arp
Protocol Address          Age (min) Hardware Addr   Type   Interface
Internet 5.5.5.1                 -   0012.0183.3b00 ARPA   Vlan555
Internet 10.1.1.1                -   0012.0183.3b00 ARPA   Vlan1700

Internet 10.1.1.1 - 0012.0183.3b00 ARPA Vlan1700
spsw1#ping 5.5.5.2

Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 5.5.5.2, timeout is 2 seconds:
.!!!!
Success rate is 80 percent (4/5), round-trip min/avg/max = 1/2/4 ms
spsw1#ping 10.1.1.2

Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 10.1.1.2, timeout is 2 seconds:
.!!!!
Success rate is 80 percent (4/5), round-trip min/avg/max = 1/3/4 ms

spsw1#sh ip arp
Protocol Address          Age (min) Hardware Addr   Type   Interface
Internet 5.5.5.1                 -   0012.0183.3b00 ARPA   Vlan555
Internet 5.5.5.2                 0   0018.b9ff.c7c2 ARPA   Vlan555
Internet 10.1.1.2                0   0018.b9ff.c7c1 ARPA   Vlan1700
Internet 10.1.1.1                -   0012.0183.3b00 ARPA   Vlan1700

0012.0183.3b00 is SPSW1
0018.b9ff.c7c1 is SPSW2
0018.b9ff.c7c2 is SPSW2

The customer switches do not see the arp requests from the service provider switches.

custsw1# sh ip arp
Protocol Address          Age (min) Hardware Addr   Type   Interface
Internet 5.5.5.1                 -   0018.b974.3fc2 ARPA   Vlan555
Internet 10.1.1.1                -   0018.b974.3fc1 ARPA   Vlan1700

custsw2# sh ip arp
Protocol Address          Age (min) Hardware Addr   Type   Interface
Internet 5.5.5.2                 -   0018.b9ff.adc2 ARPA   Vlan555
Internet 10.1.1.2                -   0018.b9ff.adc1 ARPA   Vlan1700
custsw2#

SPSW1 can ping SPpro555 and SPpro1700 but it can not ping CUST555 or CUST1700.

Service Provider Verification

spsw2#sh ip int b | ex una
Interface              IP-Address      OK? Method Status                Protocol
Vlan555                5.5.5.2    YES manual up                    up
Vlan1700               10.1.1.2    YES manual up                    up

spsw2#sh dot1q-t int f0/22

dot1q-tunnel mode LAN Port(s)
—————————–
Fa0/22

spsw2#sh int trunk

Port Mode Encapsulation Status Native vlan
Fa0/23 on 802.1q trunking 1

Port Vlans allowed on trunk
Fa0/23 104,555,1700

Port Vlans allowed and active in management domain
Fa0/23 104,555,1700

Port Vlans in spanning tree forwarding state and not pruned
Fa0/23 104,555

spsw2#sh int | in is up|address is|In
Vlan555 is up, line protocol is up
Hardware is EtherSVI, address is 0018.b9ff.c7c2 (bia 0018.b9ff.c7c2)
Internet address is 5.5.5.2/24

Vlan1700 is up, line protocol is up
Hardware is EtherSVI, address is 0018.b9ff.c7c1 (bia 0018.b9ff.c7c1)
Internet address is 10.1.1.2/30

clear arp

spsw2#sh arp
Protocol Address          Age (min) Hardware Addr   Type   Interface
Internet 5.5.5.2                 -   0018.b9ff.c7c2 ARPA   Vlan555
Internet 10.1.1.2                -   0018.b9ff.c7c1 ARPA   Vlan1700

spsw2#ping 5.5.5.1

Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 5.5.5.1, timeout is 2 seconds:
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 1/205/1007 ms
spsw2#ping 10.1.1.1

Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 10.1.1.1, timeout is 2 seconds:
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 1/205/1006 ms
spsw2#sh ip arp
Protocol Address          Age (min) Hardware Addr   Type   Interface
Internet 5.5.5.1                 0   0012.0183.3b00 ARPA   Vlan555
Internet 5.5.5.2                 -   0018.b9ff.c7c2 ARPA   Vlan555
Internet 10.1.1.2                -   0018.b9ff.c7c1 ARPA   Vlan1700
Internet 10.1.1.1                0   0012.0183.3b00 ARPA   Vlan1700

0012.0183.3b00 is SPSW1
0018.b9ff.c7c1 is SPSW2
0018.b9ff.c7c2 is SPSW2

The customer switches do not see the arp requests from the service provider switches.

SPSW2 can ping SPpro555 and SPpro1700 but it can not ping CUST555 or CUST1700.

Customer SW1 Verification
custsw1#sh ip int b | ex una
Interface              IP-Address      OK? Method Status                Protocol
Vlan555                5.5.5.1         YES manual up                    up
Vlan1700               10.1.1.1        YES manual up                    up
custsw1#sh int trunk

Port Mode Encapsulation Status Native vlan
Fa0/22 on 802.1q trunking 1

Port Vlans allowed on trunk
Fa0/22 1-4094

Port Vlans allowed and active in management domain
Fa0/22 1,555,1700

Port Vlans in spanning tree forwarding state and not pruned
Fa0/22 1,555,1700

custsw1#sh cdp nei
Capability Codes: R – Router, T – Trans Bridge, B – Source Route Bridge
S – Switch, H – Host, I – IGMP, r – Repeater, P – Phone

Device ID Local Intrfce Holdtme Capability Platform Port ID
custsw2 Fas 0/22 157 S I WS-C3560- Fas 0/22

custsw1#sh int | in is up|address is|In
Vlan555 is up, line protocol is up
Hardware is EtherSVI, address is 0018.b974.3fc2 (bia 0018.b974.3fc2)
Internet address is 5.5.5.1/24

Vlan1700 is up, line protocol is up
Hardware is EtherSVI, address is 0018.b974.3fc1 (bia 0018.b974.3fc1)
Internet address is 10.1.1.1/30

clear arp

custsw1#sh ip arp
Protocol Address          Age (min) Hardware Addr   Type   Interface
Internet 5.5.5.1                 -   0018.b974.3fc2 ARPA   Vlan555
Internet 10.1.1.1                -   0018.b974.3fc1 ARPA   Vlan1700

custsw1#ping 5.5.5.2

Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 5.5.5.2, timeout is 2 seconds:
.!!!!
Success rate is 80 percent (4/5), round-trip min/avg/max = 1/2/8 ms
custsw1#ping 10.1.1.2

Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 10.1.1.2, timeout is 2 seconds:
.!!!!
Success rate is 80 percent (4/5), round-trip min/avg/max = 1/2/8 ms

custsw1#sh ip arp
Protocol Address          Age (min) Hardware Addr   Type   Interface
Internet 5.5.5.1                 -   0018.b974.3fc2 ARPA   Vlan555
Internet 5.5.5.2                 1   0018.b9ff.adc2 ARPA   Vlan555
Internet 10.1.1.2                1   0018.b9ff.adc1 ARPA   Vlan1700
Internet 10.1.1.1                -   0018.b974.3fc1 ARPA   Vlan1700

0018.b974.3fc2 is custsw1
0018.b9ff.adc1 is custsw2
0018.b9ff.adc2 is custsw2

The service provider switches do not see the arp requests from the customer switches.

spsw2#sh ip arp
Protocol Address          Age (min) Hardware Addr   Type   Interface
Internet 5.5.5.2                 -   0018.b9ff.c7c2 ARPA   Vlan555
Internet 10.1.1.2                -   0018.b9ff.c7c1 ARPA   Vlan1700

CUSTSW1 can ping CUST555 and CUST1700 but it can not ping SPpro555 or SPpro1700.

Customer SW2 Verification
custsw2#sh ip int b | ex una
Interface              IP-Address      OK? Method Status                Protocol
Vlan555                5.5.5.2         YES manual up                    up
Vlan1700               10.1.1.2        YES manual up                    up
custsw2#sh int trunk

Port Mode Encapsulation Status Native vlan
Fa0/22 on 802.1q trunking 1

Port Vlans allowed on trunk
Fa0/22 1-4094

Port Vlans allowed and active in management domain
Fa0/22 1,555,1700

Port Vlans in spanning tree forwarding state and not pruned
Fa0/22 1,555,1700

custsw2#sh cdp nei
Capability Codes: R – Router, T – Trans Bridge, B – Source Route Bridge
S – Switch, H – Host, I – IGMP, r – Repeater, P – Phone

Device ID Local Intrfce Holdtme Capability Platform Port ID
custsw1 Fas 0/22 150 S I WS-C3560- Fas 0/22

custsw2#sh int | in is up|address is|In
Vlan555 is up, line protocol is up
Hardware is EtherSVI, address is 0018.b9ff.adc2 (bia 0018.b9ff.adc2)
Internet address is 5.5.5.2/24

Vlan1700 is up, line protocol is up
Hardware is EtherSVI, address is 0018.b9ff.adc1 (bia 0018.b9ff.adc1)
Internet address is 10.1.1.2/30

clear arp

custsw2# sh ip arp
Protocol Address          Age (min) Hardware Addr   Type   Interface
Internet 5.5.5.2                 -   0018.b9ff.adc2 ARPA   Vlan555
Internet 10.1.1.2                -   0018.b9ff.adc1 ARPA   Vlan1700

custsw2#ping 5.5.5

Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 5.5.5.1, timeout is 2 seconds:
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 1/4/9 ms
custsw2#ping 10.1.1.1

Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 10.1.1.1, timeout is 2 seconds:
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 1/4/9 ms

custsw2#sh ip arp
Protocol Address          Age (min) Hardware Addr   Type   Interface
Internet 5.5.5.1                 7   0018.b974.3fc2 ARPA   Vlan555
Internet 5.5.5.2                 -   0018.b9ff.adc2 ARPA   Vlan555
Internet 10.1.1.2                -   0018.b9ff.adc1 ARPA   Vlan1700
Internet 10.1.1.1                7   0018.b974.3fc1 ARPA   Vlan1700

0018.b974.3fc1 is custsw1
0018.b974.3fc2 is custsw1
0018.b9ff.adc1 is custsw2
0018.b9ff.adc2 is custsw2

The service provider switches do not see the arp requests from the customer switches.

CUSTSW1 can ping CUST555 and CUST1700 but it can not ping SPpro555 or SPpro1700.

Posted in CATALYST, Routing & Switching Lab | Tagged: 802.1q tunneling, q-in-q, qinq | Leave a Comment »

802.1q tunneling scenario 2

Posted by Peter Kurdziel on March 9, 2012

Configs

custsw1

custsw2

spsw1#
vlan dot1q tag native
!
vlan 104
name qinq
!
vlan 555
name SPpro555
!
vlan 1700
name SPpro1700
!

interface FastEthernet0/1
switchport access vlan 555
switchport mode access

interface GigabitEthernet0/1
switchport access vlan 1700
switchport mode access
interface Vlan555
ip address 192.168.55.1 255.255.255.252
!
interface Vlan1700
ip address 192.168.17.1 255.255.255.252
!

spsw2#

vlan dot1q tag native
!
vlan 104
name qinq
!
vlan 555
name SPpro555
!
vlan 1700
name SPpro1700
!
interface FastEthernet0/1
switchport access vlan 555
switchport mode access

switchport trunk encapsulation dot1q
switchport trunk allowed vlan 104
switchport mode trunk

interface GigabitEthernet0/1
switchport access vlan 1700
switchport mode access

interface Vlan555
ip address 192.168.55.2 255.255.255.252
!
interface Vlan1700
ip address 192.168.17.2 255.255.255.252

Service Provider Verification
spsw1#sh ip int b | ex una
Interface              IP-Address      OK? Method Status                Protocol
Vlan555                192.168.55.1    YES manual up                    up
Vlan1700               192.168.17.1    YES manual up                    up

spsw1#sh dot1q-t int f0/22

dot1q-tunnel mode LAN Port(s)
—————————–
Fa0/22
spsw1#

spsw1#sh int trunk
Port        Mode             Encapsulation Status        Native vlan
Fa0/23      on               802.1q         trunking      1
Port        Vlans allowed on trunk
Fa0/23      104,555,1700
Port        Vlans allowed and active in management domain
Fa0/23      104,555,1700
Port        Vlans in spanning tree forwarding state and not pruned
Fa0/23      104,555,1700

spsw1#ping 192.168.55.2
Sending 5, 100-byte ICMP Echos to 192.168.55.2, timeout is 2 seconds:
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 4/4/4 ms

spsw1#ping 192.168.17.2
Sending 5, 100-byte ICMP Echos to 192.168.17.2, timeout is 2 seconds:
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 1/3/4 ms

spsw1#ping 5.5.5.1
Sending 5, 100-byte ICMP Echos to 5.5.5.1, timeout is 2 seconds:
…..
Success rate is 0 percent (0/5)

spsw1#ping 5.5.5.2
Sending 5, 100-byte ICMP Echos to 5.5.5.2, timeout is 2 seconds:
…..
Success rate is 0 percent (0/5)
spsw1#ping 10.1.1.1

Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 10.1.1.1, timeout is 2 seconds:
…..
Success rate is 0 percent (0/5)

spsw1#ping 10.1.1.2
Sending 5, 100-byte ICMP Echos to 10.1.1.2, timeout is 2 seconds:
…..
Success rate is 0 percent (0/5)

SWSP1 can ping SPpro555 and SPpro1700 but it can not ping CUST555 or CUST1700.

Service Provider Verification

spsw2#sh ip int b | ex una
Interface              IP-Address      OK? Method Status                Protocol
Vlan555                192.168.55.2    YES manual up                    up
Vlan1700               192.168.17.2    YES manual up                    up

spsw2#sh dot1q-t int f0/22

dot1q-tunnel mode LAN Port(s)
—————————–
Fa0/22

spsw2#sh int trunk

Port Mode Encapsulation Status Native vlan
Fa0/23 on 802.1q trunking 1

Port Vlans allowed on trunk
Fa0/23 104,555,1700

Port Vlans allowed and active in management domain
Fa0/23 104,555,1700

Port Vlans in spanning tree forwarding state and not pruned
Fa0/23 104,555

spsw2#ping 192.168.55.1
Sending 5, 100-byte ICMP Echos to 192.168.55.1, timeout is 2 seconds:
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 1/3/8 ms

spsw2#ping 192.168.17.1
Sending 5, 100-byte ICMP Echos to 192.168.17.1, timeout is 2 seconds:
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 1/2/8 ms

spsw2#ping 5.5.5.1
Sending 5, 100-byte ICMP Echos to 5.5.5.1, timeout is 2 seconds:
…..
Success rate is 0 percent (0/5)

spsw2#ping 5.5.5.2
Sending 5, 100-byte ICMP Echos to 5.5.5.2, timeout is 2 seconds:
…..
Success rate is 0 percent (0/5)

spsw2#ping 10.1.1.1
Sending 5, 100-byte ICMP Echos to 10.1.1.1, timeout is 2 seconds:
…..
Success rate is 0 percent (0/5)

spsw2#ping 10.1.1.2
Sending 5, 100-byte ICMP Echos to 10.1.1.2, timeout is 2 seconds:
…..
Success rate is 0 percent (0/5)

SWSP2 can ping SPpro555 and SPpro1700 but it can not ping CUST555 or CUST1700.

Port Mode Encapsulation Status Native vlan
Fa0/22 on 802.1q trunking 1

Port Vlans allowed on trunk
Fa0/22 1-4094

Port Vlans allowed and active in management domain
Fa0/22 1,555,1700

Port Vlans in spanning tree forwarding state and not pruned
Fa0/22 1,555,1700

custsw1#sh cdp nei
Capability Codes: R – Router, T – Trans Bridge, B – Source Route Bridge
S – Switch, H – Host, I – IGMP, r – Repeater, P – Phone

Device ID Local Intrfce Holdtme Capability Platform Port ID
custsw2 Fas 0/22 157 S I WS-C3560- Fas 0/22

custsw1#ping 5.5.5.2
Sending 5, 100-byte ICMP Echos to 5.5.5.2, timeout is 2 seconds:
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 1/5/9 ms

custsw1#ping 10.1.1.2
Sending 5, 100-byte ICMP Echos to 10.1.1.2, timeout is 2 seconds:
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 1/1/1 ms

custsw1#ping 192.168.55.1
Sending 5, 100-byte ICMP Echos to 192.168.55.1, timeout is 2 seconds:
…..
Success rate is 0 percent (0/5)

custsw1#ping 192.168.55.2
Sending 5, 100-byte ICMP Echos to 192.168.55.2, timeout is 2 seconds:
…..
Success rate is 0 percent (0/5)

custsw1#ping 192.168.17.1
Sending 5, 100-byte ICMP Echos to 192.168.17.1, timeout is 2 seconds:
…..
Success rate is 0 percent (0/5)

custsw1#ping 192.168.17.2
Sending 5, 100-byte ICMP Echos to 192.168.17.2, timeout is 2 seconds:
…..
Success rate is 0 percent (0/5)

Port Mode Encapsulation Status Native vlan
Fa0/22 on 802.1q trunking 1

Port Vlans allowed on trunk
Fa0/22 1-4094

Port Vlans allowed and active in management domain
Fa0/22 1,555,1700

Port Vlans in spanning tree forwarding state and not pruned
Fa0/22 1,555,1700

custsw2#sh cdp nei
Capability Codes: R – Router, T – Trans Bridge, B – Source Route Bridge
S – Switch, H – Host, I – IGMP, r – Repeater, P – Phone

Device ID Local Intrfce Holdtme Capability Platform Port ID
custsw1 Fas 0/22 150 S I WS-C3560- Fas 0/22

custsw2#ping 5.5.5.1
Sending 5, 100-byte ICMP Echos to 5.5.5.1, timeout is 2 seconds:
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 1/2/9 ms

custsw2#ping 10.1.1.1
Sending 5, 100-byte ICMP Echos to 10.1.1.1, timeout is 2 seconds:
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 1/2/8 ms

custsw2#ping 192.168.17.1
Sending 5, 100-byte ICMP Echos to 192.168.17.1, timeout is 2 seconds:
…..
Success rate is 0 percent (0/5)

custsw2#ping 192.168.17.2
Sending 5, 100-byte ICMP Echos to 192.168.17.2, timeout is 2 seconds:
…..
Success rate is 0 percent (0/5)

custsw2#ping 192.168.55.1
Sending 5, 100-byte ICMP Echos to 192.168.55.1, timeout is 2 seconds:
…..
Success rate is 0 percent (0/5)

custsw2#ping 192.168.55.2
Sending 5, 100-byte ICMP Echos to 192.168.55.2, timeout is 2 seconds:
…..
Success rate is 0 percent (0/5)

Posted in CATALYST, Routing & Switching Lab | Leave a Comment »

802.1q tunneling scenario 1

Posted by Peter Kurdziel on March 8, 2012

How 802.1q tunneling works.

802.1Q tunneling enables service providers to use a single VLAN to support customers who have multiple VLANs, while preserving customer VLAN IDs and keeping traffic in different customer VLANs segregated.

A port configured to support 802.1Q tunneling is called a tunnel port. When you configure tunneling, you assign a tunnel port to a VLAN that you dedicate to tunneling, which then becomes a tunnel VLAN. To keep customer traffic segregated, each customer requires a separate tunnel VLAN, but that one tunnel VLAN supports all of the customer’s VLANs.

802.1Q tunneling is not restricted to point-to-point tunnel configurations. Any tunnel port in a tunnel VLAN is a tunnel entry and exit point. An 802.1Q tunnel can have as many tunnel ports as are needed to connect customer switches.

The customer switches are trunk connected, but with 802.1Q tunneling, the service provider switches only use one service provider VLAN to carry all the customer VLANs, instead of directly carrying all the customer VLANs.

With 802.1Q tunneling, tagged customer traffic comes from an 802.1Q trunk port on a customer device and enters the service-provider edge switch through a tunnel port. The link between the 802.1Q trunk port on a customer device and the tunnel port is called an asymmetrical link because one end is configured as an 802.1Q trunk port and the other end is configured as a tunnel port. You assign the tunnel port to an access VLAN ID unique to each customer.

Configs

custsw1

custsw2

spsw1#

vlan dot1q tag native
!
vlan 104
name qinq

interface FastEthernet0/22
des to CUSTOMER SW 1
switchport access vlan 104
switchport trunk encapsulation dot1q
switchport mode dot1q-tunnel
l2protocol-tunnel cdp
no cdp enable
!
interface FastEthernet0/23
des to SPSW2
switchport trunk encapsulation dot1q
switchport trunk allowed vlan 104
switchport mode trunk

spsw2#

vlan dot1q tag native
!
vlan 104
name qinq

interface FastEthernet0/22
des to CUSTOMER SW 2
switchport access vlan 104
switchport trunk encapsulation dot1q
switchport mode dot1q-tunnel
l2protocol-tunnel cdp
no cdp enable
!
interface FastEthernet0/23
des to SPSW1
switchport trunk encapsulation dot1q
switchport trunk allowed vlan 104
switchport mode trunk

Posted in CATALYST, Routing & Switching Lab | Tagged: 802.1q tunneling, q-in-q, qinq, qinq q-in-q 802.1q tunneling | Leave a Comment »

How to enable EIGRP and OSPF for NSF (non stop forwarding) on the Cisco Catalyst 6500 Virtual Switching System 1440

Posted by Peter Kurdziel on January 17, 2012

Non Stop Forwarding

Catalyst 6500 series switches support fault resistance, because it allows a redundant supervisor engine to take over if the primary supervisor engine fails. Cisco Non Stop Forwarding (NSF) works with Stateful SwitchOver (SSO) in order to minimize the amount of time a network is unavailable to its users after a switchover while IP packets continue to be forwarded.

Recommendations

Non Stop Forwarding is required for supervisor switchover convergence at sub-second time.
Use default Hello and Dead timers for EIGRP / OSPF protocols when you run in a VSS environment.
If you run the system with modular Cisco IOS software, it is recommended to go for larger value OSPF Dead timer.

EIGRP

Switch(config)# <b>router eigrp 100</b>
Switch(config-router)# <b>nsf</b>

Switch# <b>show ip protocols</b><br />*** IP Routing is NSF aware ***<br /><br />Routing Protocol is "eigrp 100"<br /><i><font color="#0000ff">!--- part of the output truncated</font><br /></i><b>EIGRP NSF-aware</b> route hold timer is 240s<br /><i><font color="#0000ff">!--- indicates that EIGRP is configured to be NSF aware</font><br /></i><i><font color="#0000ff">!--- part of the output truncated</font><br /></i><br /><b>EIGRP NSF enabled</b><br /><i><font color="#0000ff">!--- indicates that EIGRP is configured to be NSF capable</font><br /></i><i><font color="#0000ff">!--- rest of the output truncated</font><br /></i>

OSPF

Switch(config)# <b>router ospf 100</b><br />Switch(config-router)# <b>nsf</b>

Switch# <b>show ip ospf</b><br />Routing Process "ospf 100" with ID 10.120.250.4<br />Start time: 00:01:37:484, Time elapsed: 3w2d<br /><i><font color="#0000ff">!--- part of the output truncated</font><br /></i><b>Supports Link-local Signalling (LLS)</b><br /><i><font color="#0000ff">!--- indicates that OSPF is configured to be NSF aware</font><br /></i><i><font color="#0000ff">!--- part of the output truncated</font><br /></i><b>Non-Stop Forwarding enabled, last NSF restart 3w2d ago (took 31 secs)</b><br /><i><font color="#0000ff">!--- indicates that OSPF is configured to be NSF capable</font><br /></i><i><font color="#0000ff">!--- rest of the output truncated</font><br /></i><br />

Posted in CATALYST | Leave a Comment »

Autonegotiation Valid Configuration

Posted by Peter Kurdziel on January 17, 2010

There is a lot of confusion about auto negotiation. Here is a chart that will help bring things into perspective.

Autonegotiation Valid Configuration

Configuration NIC (Speed/Duplex)	Configuration Switch (Speed/Duplex)	Resulting NIC Speed/Duplex	Resulting Catalyst Speed/Duplex	Comments
AUTO	AUTO	1000 Mbps, Full-duplex	1000 Mbps, Full-duplex	Assuming maximum capability of Catalyst switch, and NIC is 1000 Mbps, full-duplex.
1000 Mbps, Full-duplex	AUTO	1000 Mbps, Full-duplex	1000 Mbps, Full-duplex	Link is established, but the switch does not see any autonegotiation information from NIC. Since Catalyst switches support only full-duplex operation with 1000 Mbps, they default to full-duplex, and this happens only when operating at 1000 Mbps.
AUTO	1000 Mbps, Full-duplex	1000 Mbps, Full-duplex	1000 Mbps, Full-duplex	Assuming maximum capability of NIC is 1000 Mbps, full-duplex.
1000 Mbps, Full-duplex	1000 Mbps, Full-duplex	1000 Mbps, Full-duplex	1000 Mbps, Full-duplex	Correct Manual Configuration
100 Mbps, Full-duplex	1000 Mbps, Full-duplex	No Link	No Link	Neither side establishes link, due to speed mismatch
100 Mbps, Full-duplex	AUTO	100 Mbps, Full-duplex	100 Mbps, Half-duplex	Duplex Mismatch ¹
AUTO	100 Mbps, Full-duplex	100 Mbps, Half-duplex	100 Mbps, Full-duplex	Duplex Mismatch ¹
100 Mbps, Full-duplex	100 Mbps, Full-duplex	100 Mbps, Full-duplex	100 Mbps, Full-duplex	Correct Manual Configuration²
100 Mbps, Half-duplex	AUTO	100 Mbps, Half-duplex	100 Mbps, Half-duplex	Link is established, but switch does not see any autonegotiation information from NIC and defaults to half-duplex when operating at 10/100 Mbps.
10 Mbps, Half-duplex	AUTO	10 Mbps, Half-duplex	10 Mbps, Half-duplex	Link is established, but switch does not see Fast Link Pulse (FLP) and defaults to 10 Mbps half-duplex.
10 Mbps, Half-duplex	100 Mbps, Half-duplex	No Link	No Link	Neither side establishes link, due to speed mismatch.
AUTO	100 Mbps, Half-duplex	100 Mbps, Half-duplex	100 Mbps, Half-duplex	Link is established, but NIC does not see any autonegotiation information and defaults to 100 Mbps, half-duplex.
AUTO	10 Mbps, Half-duplex	10 Mbps, Half-duplex	10 Mbps, Half-duplex	Link is established, but NIC does not see FLP and defaults to 10 Mbps, half-duplex.

Posted in Best practices, CATALYST, Real World, Troubleshooting | 1 Comment »

Troubleshooting the Catalyst 6500

Posted by Peter Kurdziel on January 12, 2010

Troubleshooting Hardware and Common Issues on Catalyst 6500/6000 Series Switches Running Cisco IOS System Software

Troubleshoot Error Messages in the Syslog or Console

The show diagnostic sanity Command

Supervisor Engine or Module Problems


Supervisor Engine LED in Red/Amber or Status Indicates faulty


Switch Is in Continuous Booting Loop, in ROMmon mode, or Missing the System Image


Standby Supervisor Engine Module Is Not On Line or Status Indicates unknown


Show Module Output Gives “not applicable” for SPA Module


Standby Supervisor Engine Reloads Unexpectedly


Even After You Remove the Modules, the show run Command Still Shows Information About the Removed Module Interfaces


Switch Has Reset/Rebooted on Its Own


DFC-Equipped Module Has Reset on Its Own


Troubleshoot a Module That Does Not Come On Line or Indicates faulty or other Status


Inband Communication Failure


Error “System returned to ROM by power-on (SP by abort)”


Error: NVRAM: nv->magic != NVMAGIC, invalid nvram


Error: Switching Bus FIFO counter stuck


SYSTEM INIT: INSUFFICIENT MEMORY TO BOOT THE IMAGE!

Troubleshoot CatOS to Cisco IOS Software or Cisco IOS Software to CatOS Conversion


Problem when User Attempts to Access the NVRAM After Cisco IOS to CatOS Conversion


Unable to Boot with Cisco IOS Software when User Converts from CatOS to Cisco IOS

Interface/Module Connectivity Problems


Connectivity Problem or Packet Loss with WS-X6548-GE-TX and WS-X6148-GE-TX Modules used in a Server Farm


Workstation Is Unable to Log In to Network During Startup/Unable to Obtain DHCP Address


Troubleshoot NIC Compatibility Issues


Interface Is in errdisable Status


Troubleshoot Interface Errors


You Receive %PM_SCP-SP-3-GBIC_BAD: GBIC integrity check on port x failed: bad key Error Messages


You Get COIL Error Messages on WS-X6x48 Module Interfaces


Troubleshoot WS-X6x48 Module Connectivity Problems


Troubleshoot STP Issues


Unable to Use Telnet Command to Connect to Switch


Giant Packet Counters on VSL Interfaces

Power Supply and Fan Problems


Power Supply INPUT OK LED Does Not Light Up


Troubleshoot
C6KPWR-4-POWRDENIED: insufficient power, module in slot [dec] power
denied or %C6KPWR-SP-4-POWRDENIED: insufficient power, module in slot
[dec] power denied Error Messages


FAN LED Is Red or Shows failed in the show environment status Command Output


“Diagnostic level complete” causes a crash on 6500

Cisco Support Community – Featured Conversations

Related Information

Catalyst 6500/6000 Switches ARP or CAM Table Issues Troubleshooting

Troubleshoot ARP or CAM Related Issues


Loss of Dynamic MAC Addresses with Distributed Switching


CEF Drops Packets at Regular Intervals


Switch Filter All-Zero MAC Addresses from the CAM Table


Unicast Flooding in the Network Every 5 Minutes


ARP Issues in Hybrid CatOS


Error EARL-2-EARL4LOOKUPRAMERROR During the CAM Table Lookup


Static CAM Entries Lost After Supervisor Switchover


%ACL-5-TCAMFULL: acl engine TCAM table is full


Ping Issues Occur when the MSFC Does Not Respond to the ARP Request in Catalyst 6500 Series Switches


Multiple Entries in MAC Address Table


Virtual IP Address Used by Microsoft Load Balancing is Not Reachable

Troubleshooting Input Queue Drops and Output Queue Drops

Processing and Switching

Input Queue Drops


Troubleshoot Input Queue Drops

Output Queue Drops


Troubleshoot Output Queue Drops

Commands to Obtain More Information


show interfaces switching


show interfaces stats


ip accounting mac-address


show interfaces mac-accounting

More info here: http://www.cisco.com/en/US/products/hw/switches/ps708/prod_tech_notes_list.html

Posted in CATALYST, Real World, Troubleshooting | Leave a Comment »

Supervisor Engine 720 Front Panel Status LEDs

Posted by Peter Kurdziel on December 9, 2009

Table 2-16 Supervisor Engine 720 Front Panel Status LEDs

http://www.cisco.com/en/US/docs/switches/lan/catalyst6500/hardware/Module_Installation/Sup_Eng_Guide/02superv.html#wp1081940
LED	Color and Meaning
STATUS	The STATUS LED indicates the status of the supervisor engine. •Green—All diagnostics pass. The supervisor engine is operational (normal initialization sequence). •Orange—The supervisor engine is booting or running diagnostics (normal initialization sequence) or an overtemperature condition has occurred. (A minor temperature threshold has been exceeded during environmental monitoring.) •Red—The diagnostic test failed. The supervisor engine is not operational because a fault occurred during the initialization sequence or an overtemperature condition has occurred. (A major temperature threshold has been exceeded during environmental monitoring.)
SYSTEM	The SYSTEM LED indicates the status of the system components. •Green—All chassis environmental monitors are reporting OK. •Orange—A minor hardware problem has been detected. •Red—A major hardware problem has occurred
ACTIVE	The ACTIVE LED indicates whether the supervisor engine is operating in active mode or is in standby mode. •Green—The supervisor engine is operational and active. •Orange—The supervisor engine is in standby mode.
PWR MGMT	The supervisor engine monitors each module’s power requirements and status relative to the system’s overall power capacity before fully powering up each module in the chassis. •Orange—Power-up mode; running self-diagnostics. •Green—Power management is functioning normally and sufficient power is available for all modules. •Orange—A minor power management problem has been detected. There is insufficient power for all modules to power up. •Red—A major power failure has occurred.
DISK 0 and DISK 1 LEDs	These LEDs are illuminated green when the installed Flash PC card is being accessed and is performing either a read operation or a write operation.

Posted in CATALYST, Troubleshooting | 1 Comment »

Operational Best Practices for the Cisco Catalyst 6500 Series

Posted by Peter Kurdziel on October 22, 2009

Operational Best Practices for the Cisco Catalyst 6500 Series

INTRODUCTION

Companies today place high demands on network infrastructure. The ability to maintain performance, availability, security, and manageability of those network devices is of paramount importance to the successful operation of their data center. With the wide-scale deployment of the Cisco® Catalyst® 6500 Series in networks worldwide, Cisco Systems® has been able to better understand the demands placed on the switching infrastructure. More importantly, Cisco Systems has been able to direct the development of the Catalyst 6500 family of switches to meet the challenges corporate networks place on these devices.

This document will attempt to present a best practices guide for operations management for features that customers can implement on the Catalyst 6500 to meet these challenges. It will focus on the areas of performance, scalability, security, availability, and manageability. Examples of the command-line interface (CLI) will be used in strategic places to show how commands can be used to deploy the proper best practice guidelines. This document will predominantly use command examples from the Cisco IOS® Software CLI, although references to the Catalyst OS commands will be made where appropriate.

More here: http://www.cisco.com/en/US/prod/collateral/switches/ps5718/ps708/prod_white_paper0900aecd805457cc.html

Posted in Best practices, CATALYST, Real World | Leave a Comment »

VTPv3 differences

Posted by Peter Kurdziel on October 22, 2009

One of the major differences between VTPv3 implementation and the earlier version is the introduction of a VTP primary server. Ideally, there must be only one primary server in a VTPv3 domain, if the domain is not partitioned. Any changes that you make to the VTP domain must be executed on the VTP primary server in order to be propagated to the VTP domain. There can be multiple servers within a VTPv3 domain, which are also known as secondary servers. When a switch is configured to be a server, the switch becomes a secondary server by default. The secondary server can store the configuration of the domain but cannot modify the configuration. A secondary server can become the primary server with a successful takeover from the switch.

Switches that run VTPv3 only accept a VTP database with a higher revision number than the current primary server. This process differs significantly from VTPv1 and VTPv2, in which a switch always accepts a superior configuration from a neighbor in the same domain. This change with VTPv3 provides protection. A new switch that is introduced into the network with a higher VTP revision number cannot overwrite the VLAN configuration of the entire domain.

The VTPv3 also introduces an enhancement to how the VTP handles passwords. If you use the hidden password configuration option in order to configure a password as “hidden”, these items occur:

The password does not appear in plain text in the configuration. The secret hexadecimal format of the password is saved in the configuration.
If you try to configure the switch as a primary server, you are prompted for the password. If your password matches the secret password, the switch becomes a primary server, which allows you to configure the domain.

Note: It is important to note that the primary server is only necessary when you need to modify the VTP configuration for any instance. A VTP domain can operate with no active primary server because the secondary servers ensure persistence of the configuration over reloads. The primary server state is exited for these reasons:

A switch reload
A high-availability switchover between the active and redundant supervisor engines
A takeover from another server
A change in the mode configuration
Any VTP domain configuration change, such as a change in:
- Version
- Domain name
- Domain password

VTPv3 also allows the switches to participate in multiple instances of VTP. In this case, the same switch can be the VTP server for one instance and a client for another instance because the VTP modes are specific to different VTP instances. For example, a switch can operate in transparent mode for an MST instance while the switch is configured in server mode for a VLAN instance.

In terms of interaction with VTPv1 and VTPv2, the default behavior in all versions of VTP has been that the earlier versions of VTP simply drop the new version updates. Unless the VTPv1 and VTPv2 switches are in transparent mode, all VTPv3 updates are dropped. On the other hand, after VTPv3 switches receive a legacy VTPv1 or VTPv2 frame on a trunk, the switches pass a scaled-down version of their database update to the VTPv1 and VTPv2 switches. However, this information exchange is unidirectional in that no updates from VTPv1 and VTPv2 switches are accepted by the VTPv3 switches. On trunk connections, VTPv3 switches continue to send out scaled-down updates as well as full-fledged VTPv3 updates in order to cater to the existence of VTPv2 and VTPv3 neighbors across the trunk ports.

In order to provide VTPv3 support for extended VLANs, the format of the VLAN database, in which the VTP assigns 70 bytes per VLAN, is changed. The change allows for the coding of non-default values only, instead of the carrying of unmodified fields for the legacy protocols. Because of this change, 4K VLAN support is the size of the resulting VLAN database.

Posted in CATALYST | Leave a Comment »

MST

Posted by Peter Kurdziel on January 24, 2009

spanning-tree mode mst
!
spanning-tree mst configuration
name CCIE
revision 1
instance 1 vlan 12, 34
instance 2 vlan 56
!
spanning-tree mst 1 priority 24576

sw1(config)#do sho spann mst con
Name [CCIE]
Revision 1 Instances configured 3

Instance Vlans mapped
——– ———————————————————————
0         1-11,13-33,35-55,57-4094
1         12,34
2         56
——————————————————————————-

sw1(config)#do sho spann mst

##### MST0    vlans mapped:   1-11,13-33,35-55,57-4094
Bridge        address 0019.aa6f.2700 priority      32768 (32768 sysid 0)
Root          address 0019.554a.3b80 priority      32768 (32768 sysid 0)
port    Fa0/13          path cost     0
Regional Root address 0019.554a.3b80 priority      32768 (32768 sysid 0)
internal cost 200000    rem hops 19
Operational   hello time 2 , forward delay 15, max age 20, txholdcount 6
Configured    hello time 2 , forward delay 15, max age 20, max hops    20

Interface        Role Sts Cost      Prio.Nbr Type
—————- —- — ——— ——– ——————————–
Fa0/13           Root FWD 200000    128.15   P2p
Fa0/14           Altn BLK 200000    128.16   P2p

##### MST1    vlans mapped:   12,34
Bridge        address 0019.aa6f.2700 priority      24577 (24576 sysid 1)
Root          this switch for MST1

Interface        Role Sts Cost      Prio.Nbr Type
—————- —- — ——— ——– ——————————–
Fa0/13           Desg FWD 200000    128.15   P2p
Fa0/14           Desg FWD 200000    128.16   P2p

##### MST2    vlans mapped:   56
Bridge        address 0019.aa6f.2700 priority      32770 (32768 sysid 2)
Root          address 0019.554a.3b80 priority      24578 (24576 sysid 2)
port    Fa0/13          cost          200000    rem hops 19

sw1(config)#do sho spann brid

Hello Max Fwd
MST Instance                 Bridge ID              Time Age Dly Protocol
—————- ——————————— —– — — ——–
MST0             32768 (32768,   0) 0019.aa6f.2700    2    20   15 mstp
MST1             24577 (24576,   1) 0019.aa6f.2700    2    20   15 mstp
MST2             32770 (32768,   2) 0019.aa6f.2700    2    20   15 mstp
==========================================================================

interface FastEthernet0/13
switchport trunk encapsulation isl
switchport mode trunk
spanning-tree mst 1 port-priority 0
end

sw1(config-if)#do sh run int f0/14
Building configuration…

Current configuration : 130 bytes
!
interface FastEthernet0/14
switchport trunk encapsulation isl
switchport mode trunk
spanning-tree mst 2 port-priority 0
end

Mst Instance     Role Sts Cost      Prio.Nbr Type
—————- —- — ——— ——– ——————————–
MST0             Root FWD 200000    128.15   P2p
MST1             Desg FWD 200000      0.15   P2p
MST2             Altn BLK 200000    128.15   P2p

sw1(config-if)#do sho span int f0/14

Mst Instance     Role Sts Cost      Prio.Nbr Type
—————- —- — ——— ——– ——————————–
MST0             Altn BLK 200000    128.16   P2p
MST1             Desg FWD 200000    128.16   P2p
MST2             Root FWD 200000      0.16   P2p

=============================

Posted in CATALYST, Routing & Switching Lab | Leave a Comment »

« Previous Entries

Pete's Packet

Limitless

Catagories

Global visitors

CCIE Jobs – Metro NY area

US visitors

Blogroll

CCIE lab sudy links

Tools

Meta

CCIE jobs – US

Archive for the ‘CATALYST’ Category

802.1q tunneling scenario 3

802.1q tunneling scenario 2

802.1q tunneling scenario 1

How to enable EIGRP and OSPF for NSF (non stop forwarding) on the Cisco Catalyst 6500 Virtual Switching System 1440

Non Stop Forwarding

Autonegotiation Valid Configuration

Troubleshooting the Catalyst 6500

Troubleshooting Hardware and Common Issues on Catalyst 6500/6000 Series Switches Running Cisco IOS System Software

Catalyst 6500/6000 Switches ARP or CAM Table Issues Troubleshooting

Troubleshooting Input Queue Drops and Output Queue Drops

Supervisor Engine 720 Front Panel Status LEDs

Operational Best Practices for the Cisco Catalyst 6500 Series

Operational Best Practices for the Cisco Catalyst 6500 Series

VTPv3 differences

MST

Follow “Pete's Packet”

Limitless

Catagories

Global visitors

US visitors

Blogroll

CCIE lab sudy links

Tools

Meta

Cloud

Archive for the ‘CATALYST’ Category

Troubleshooting Hardware and Common Issues on Catalyst 6500/6000 Series Switches Running Cisco IOS System Software

Catalyst 6500/6000 Switches ARP or CAM Table Issues Troubleshooting

Troubleshooting Input Queue Drops and Output Queue Drops

Operational Best Practices for the Cisco Catalyst 6500 Series

Follow “Pete's Packet”