(CCNA) Switching Fundamentals – Part One
CCNA Networking Concepts – Part Two
Exercises
Introduction
Lab Topology
Exercise 1 – Examining the Functionality of the MAC Address Table and Address Aging
Exercise 2 – Frame Switching and Frame Flooding Methods
Exercise 3 – Configuring and Understanding CDP and LLDP
Exercise 4 – Configuring Static, PAgP, LACP, and Layer 3 EtherChannels
Learning Outcomes
In this module, you will complete the following exercises:
- Exercise 1 – Examining the Functionality of the MAC Address Table and Address Aging
- Exercise 2 – Frame Switching and Frame Flooding Methods
- Exercise 3 – Configuring and Understanding CDP and LLDP
- Exercise 4 – Configuring Static, PAgP, LACP, and Layer 3 EtherChannels
After completing this lab, you will be able to:
- Know about MAC Address Learning
- Adjust the Aging Timer
- Perform Frame Switching
- Perform Frame Flooding
- Configure Cisco Discovery Protocol
- Configure Link Layer Discovery Protocol
- Configure Static EtherChannel
- Configure Port Aggregation Protocol (PAgP)
- Configure Link Aggregation Control Protocol (LACP)
- Configure Layer 3 EtherChannel
Exam Objectives
The following exam objective is covered in this lab:
- 1.13 Describe switching concepts
- 2.3 Configure and verify Layer 2 discovery protocols (Cisco Discovery Protocol and LLDP)
- 2.4 Configure and verify (Layer 2/Layer 3) EtherChannel (LACP)
Lab Topology
During your session, you will have access to the following lab configuration.
Depending on the exercises, you may or may not use all of the devices, but they are shown here in the layout to get an overall understanding of the topology of the lab.
- NYEDGE1 – (Cisco 2911 – Internet Edge Router 1)
- NYEDGE2 – (Cisco 2911 – Internet Edge Router 2)
- NYWAN1 – (Cisco 2911 – WAN Router)
- NYCORE1 – (Cisco 3750v2 – 24PS – Core Switch 1)
- NYCORE2 – (Cisco 3750v2 – 24PS – Core Switch 2)
- NYACCESS1 – (Cisco 2960-24 – Access Switch 1)
- PLABCSCO01 – (Windows Server 2012 R2 – Cisco Tools Server)
Exercise 1 – Examining the Functionality of the MAC Address Table and Address Aging
The MAC Address Table, also known as the Content Addressable Memory table, or CAM table, is a data structure that is created and maintained by a switch to keep track of which end-device MAC addresses are associated with which switch port.
The purpose of the MAC table is to allow the switch to perform the most fundamental function that distinguishes it from a hub: to create one collision domain per interface.
In this exercise, you will examine how the MAC table functions in order to understand its purpose more fully.
Learning Outcomes
After completing this exercise, you will be able to:
- Know about MAC Address Learning
Your Devices
You will be using the following devices in this lab. Please power these on now.
- NYEDGE1 – (Cisco 2911 – Internet Edge Router 1)
- NYWAN1 – (Cisco 2911 – WAN Router)
- NYCORE1 – (Cisco 3750v2 – 24PS – Core Switch 1)
- NYCORE2 – (Cisco 3750v2 – 24PS – Core Switch 2)
- NYACCESS1 – (Cisco 2960-24 – Access Switch 1)
- PLABCSCO01 – (Windows Server 2012 R2 – Cisco Tools Server)
Task 1 – MAC Address Learning
In this task, you will learn about MAC address learning.
Step 1
Take a look at the lab diagram and examine which devices are directly connected to the NYCORE1 switch and to which ports they are connected. Examine the following list and confirm that these devices are connected to the ports in the list:
- FastEthernet 1/0/1 – NYEDGE1
- FastEthernet 1/0/2 – NYWAN1
- FastEthernet 1/0/22 – NYACCESS1
- FastEthernet 1/0/23 – NYCORE2
- FastEthernet 1/0/24 – NYCORE2
Determine the states of these ports on the NYCORE1 switch by issuing the following command:
NYCORE1#
show interface status
Press Enter.
You will see the following output:
NYCORE1#show interface status
Port Name Status Vlan Duplex Speed Type
Fa1/0/1 connected 1 a-full a-100 10/100BaseTX
Fa1/0/2 notconnect 1 auto auto 10/100BaseTX
Fa1/0/3 notconnect 1 auto auto 10/100BaseTX
Fa1/0/4 notconnect 1 auto auto 10/100BaseTX
Fa1/0/5 notconnect 1 auto auto 10/100BaseTX
Fa1/0/6 notconnect 1 auto auto 10/100BaseTX
!<-- Output Omitted -->
Port Name Status Vlan Duplex Speed Type
Fa1/0/22 connected 1 a-full a-100 10/100BaseTX
Fa1/0/23 connected 1 a-full a-100 10/100BaseTX
Fa1/0/24 connected 1 a-full a-100 10/100BaseTX
Gi1/0/1 notconnect 1 auto auto Not Present
Gi1/0/2 notconnect 1 auto auto Not Present
NYCORE1#
You will notice that of the above-listed ports, all are connected except for FastEthernet 1/0/2, which is the interface connected to NYWAN1. When you examine the MAC address table in the next step, you should not see any entries for this port.
Step 2
To display and examine the MAC address table on the NYCORE1 switch, type the following command:
NYCORE1#
show mac address-table
Press Enter.
You will see the following output:
NYCORE1#show mac address-table
Mac Address Table
-------------------------------------------
Vlan Mac Address Type Ports
---- ----------- -------- -----
All 0100.0ccc.cccc STATIC CPU
All 0100.0ccc.cccd STATIC CPU
!<-- Output Omitted -->
All 0180.c200.0010 STATIC CPU
All ffff.ffff.ffff STATIC CPU
1 0015.6227.8b8a DYNAMIC Fa1/0/22
1 0050.56a3.353d DYNAMIC Fa1/0/22
1 04da.d2b6.0418 DYNAMIC Fa1/0/22
1 7426.ac67.0c70 DYNAMIC Fa1/0/1
Total Mac Addresses for this criterion: 24
NYCORE1#
Note: The MAC addresses you will see in your output may be different.
You will notice a list of MAC addresses that have the designation CPU in the Ports column. You can safely ignore these for now.Note: MAC addresses with the designation of CPU in the Ports column that has been created and is statically assigned by the system to allow for the functioning of various processes and protocols such as CDP, VTP, and DTP to name a few. Use your favorite search engine to research these protocols further if you wish.
At the bottom of the MAC table, you will see several entries with a Type designation of DYNAMIC. Each of these addresses corresponds to a physical port on the switch, which is indicated in the Ports column. Note the following:
- The DYNAMIC designation indicates that this MAC address has been learned dynamically by the switch based on the source MAC address of incoming frames on these ports.
- Whenever the switch receives a frame that has a destination MAC address of, say, 7426.ac67.0c70, it will not send the frame out to all ports like a hub, but it will look this address up in the MAC table and determine that the corresponding port is FastEthernet 1/0/1. It will send the frame out to only this port to reach its destination.
- There are three MAC addresses that correspond to the FastEthernet 1/0/22 port. This is because there are multiple devices connected to this port. Not directly, but indirectly via the NYACCESS1 switch. Specifically, these devices are the PLABCSCO01 server, the NYACCESS1 switch, and the NYCORE2 switch, via its FastEthernet 1/0/22 interface.
Step 3
In this step, you will determine where one of the three MAC addresses that correspond to port FastEthernet 1/0/22 comes from.
Connect to the PLABCSCO01 server. Right-click on the start Windows charm and select Command Prompt(Admin).
Step 4
In the Administrator: Command Prompt window, issue the following command to determine the MAC address:
ipconfig /all
Press Enter.
The output shows several network interface devices. Search for the Ethernet adapter Lab_nic. It should be the interface with an IP address of 192.168.16.10. You may need to scroll up in order to find it.
Look at the value of the Physical Address. This is the MAC address of the NIC. In the above example, the MAC address of the NIC is 00-50-56-A3-35-3D. Looking back at the output of the MAC table, this MAC address can be seen as one of the three addresses that correspond to the FastEthernet 1/0/22 interface of the NYCORE1 switch, albeit with a different notation.
Compare these two addresses in your output and confirm that they are the same.Note: The MAC address may vary from the one shown in the output.
Step 5
Another of these three addresses should come from the NYACCESS1 switch, which is directly connected to the interface in question. On a switch, each interface has its own MAC address. The interface on the NYACCESS1 switch that you will examine will be FastEthernet 0/24. Connect to NYACCESS1 and issue the following command:Note: If the NYACCESS1 switch appears with the “>” prompt, use the enable command to enter the privileged EXEC mode (#).
NYACCESS1#
show interface fastethernet 0/24
Press Enter.
You will see the following output:
NYACCESS1#show interface fastethernet 0/24
FastEthernet0/24 is up, line protocol is up (connected)
Hardware is Fast Ethernet, address is 04da.d2b6.0418 (bia 04da.d2b6.0418)
MTU 1500 bytes, BW 100000 Kbit/sec, DLY 100 usec,
reliability 255/255, txload 1/255, rxload 1/255
Encapsulation ARPA, loopback not set
!<-- Output Omitted -->
NYACCESS1#
You will notice on the third line the address of 04da.d2b6.0418.Note: The address may vary from the one shown above.
This is the same address as that found in the MAC address table that corresponds to the FastEthernet 1/0/22 interface of the NYCORE1 switch.Note: See if you can find the source of the third MAC address on your own.
Step 6
Next, you will activate the NYWAN1 router interface that connects to the NYCORE1 switch. Look at the lab diagram and determine which interface on NYWAN1 must be brought up in order to successfully connect to the NYCORE1 switch. This interface should be GigabitEthernet 0/0.
Connect to NYWAN1 and examine the states of all the interfaces, by typing the following command:Note: If the NYWAN1 router appears with the “>” prompt, use the enable command to enter the privileged EXEC mode (#).
NYWAN1#
show ip interface brief
Press Enter.
The output will be as follows:
NYWAN1#show ip interface brief
Interface IP-Address OK? Method Status Protocol
Embedded-Service-Engine0/0 unassigned YES unset administratively down down
GigabitEthernet0/0 unassigned YES unset administratively down down
GigabitEthernet0/1 unassigned YES unset administratively down down
GigabitEthernet0/2 unassigned YES unset administratively down down
Serial0/0/0 unassigned YES unset administratively down down
Serial0/0/1 unassigned YES unset administratively down down
Serial0/1/0 unassigned YES unset administratively down down
Serial0/1/1 unassigned YES unset administratively down down
Serial0/2/0 unassigned YES unset administratively down down
NYWAN1#
You can see that all interfaces are down, and none have been configured with an IP address.
Step 7
Activate the GigabitEthernet 0/0 interface by typing the following commands (press Enter after each command). Do not configure an IP address.
NYWAN1#
configure terminal
NYWAN1(config)#
interface gigabitethernet 0/0
NYWAN1(config-if)#
no shutdown
NYWAN1(config-if)#
exit
NYWAN1(config)#
exit
You will see the following output:
NYWAN1#configure terminal
Enter configuration commands, one per line. End with CNTL/Z.
NYWAN1(config)#interface gigabitethernet 0/0
NYWAN1(config-if)#no shutdown
NYWAN1(config-if)#exit
NYWAN1(config)#
*Sep 14 08:21:16.643: %LINK-3-UPDOWN: Interface GigabitEthernet0/0, changed state to up
*Sep 14 08:21:17.643: %LINEPROTO-5-UPDOWN: Line protocol on Interface GigabitEthernet0/0, changed state to up
NYWAN1(config)#exit
NYWAN1#
Notice the syslog messages indicated the change of state of the interface.
Step 8
Go back to the NYCORE1 switch and examine the MAC address table once again, by issuing the following command:
NYCORE1#
show mac address-table
Press Enter.
You will see the following output:
NYCORE1#show mac address-table
Mac Address Table
-------------------------------------------
Vlan Mac Address Type Ports
---- ----------- -------- -----
All 0100.0ccc.cccc STATIC CPU
!<-- Output Omitted -->
All ffff.ffff.ffff STATIC CPU
1 0015.6227.8b8a DYNAMIC Fa1/0/22
1 0050.56a3.353d DYNAMIC Fa1/0/22
1 04da.d2b6.0418 DYNAMIC Fa1/0/22
1 18e7.28e8.c950 DYNAMIC Fa1/0/2
1 7426.ac67.0c70 DYNAMIC Fa1/0/1
Total Mac Addresses for this criterion: 25
NYCORE1#
A new table entry has been added that corresponds to the FastEthernet 1/0/2 interface, the interface that is connected to NYWAN1.Note: Notice that even though you didn’t configure an IP address on the NYWAN1 interface, the MAC address was still learned, and the table was populated. This is a very clear example of how network communications are separated into discrete layers. The Data Link layer is functioning fully between the NYWAN1 router and the NYCORE1 switch, and all layer two functionality is in operation. However, layer 3, or the Network layer functionality, is not, since no IP address has been configured.
Step 9
Connect once again to the NYWAN1 router and examine the MAC address of the GigabitEthernet 0/0 interface. To do this, type the following command:
NYWAN1#
show interface gigabitethernet 0/0
Press Enter.
You will see the following output:
NYWAN1#show interface gigabitethernet 0/0
GigabitEthernet0/0 is up, line protocol is up
Hardware is CN Gigabit Ethernet, address is 18e7.28e8.c950 (bia 18e7.28e8.c950)
MTU 1500 bytes, BW 100000 Kbit/sec, DLY 100 usec,
reliability 255/255, txload 1/255, rxload 1/255
Encapsulation ARPA, loopback not set
!<-- Output Omitted -->
NYWAN1#
You will notice on the third line the address of 18e7.28e8.c950. Looking back at the MAC address table of NYCORE1 examined in the previous step, you will see that this is the address that was added to the MAC address table.Note: Remember that your MAC addresses will be different from those displayed above.
Step 10
Up to this point, you have examined dynamically learned MAC addresses. It is also possible to configure a static MAC address entry in the MAC table.Note: Static MAC address entries in a MAC table will always take precedence over dynamically learned MAC addresses. To find out more about why you would configure a static MAC address table entry, use your favorite search engine to research this topic further.
Connect to the NYCORE1 switch and configure a static MAC address table entry for the MAC address of the GigabitEthernet 0/0 interface of the NYWAN1 router. This is the MAC address you examined in the previous step. Configure this address to correspond to the FastEthernet 1/0/2 interface of the NYCORE1 switch. The MAC address used here will be 18e7.28e8.c950. Use the MAC address of your device for your command.
Type the following commands (press Enter after each command):
NYCORE1#
configure terminal
Alert: The Mac address in the command below will differ depending on the lab that you are accessing please refer back to the previous step to find the MAC address of your lab.
NYCORE1(config)#
mac address-table static 18e7.28e8.c950 vlan 1 interface fastEthernet 1/0/2
NYCORE1(config)#
exit
The output will be as follows:
NYCORE1#configure terminal
Enter configuration commands, one per line. End with CNTL/Z.
NYCORE1(config)#mac address-table static 18e7.28e8.c950 vlan 1 interface fastEthernet 1/0/2
NYCORE1(config)#exit
NYCORE1#
Step 11
Now examine the MAC Address table of the NYCORE1 switch once again, by typing the following command:
NYCORE1#
show mac address-table
Press Enter.
You will see the following output:
NYCORE1#show mac address-table
Mac Address Table
-------------------------------------------
Vlan Mac Address Type Ports
---- ----------- -------- -----
!<-- Output Omitted -->
1 0015.6227.8b8a DYNAMIC Fa1/0/22
1 0050.56a3.353d DYNAMIC Fa1/0/22
1 04da.d2b6.0418 DYNAMIC Fa1/0/22
1 18e7.28e8.c950 STATIC Fa1/0/2
1 7426.ac67.0c70 DYNAMIC Fa1/0/1
Total Mac Addresses for this criterion: 25
NYCORE1#
The dynamic entry of this MAC address has been replaced with a static entry. The functionality is the same. However, the NYWAN1 device can now only be connected to the FastEthernet 1/0/2 interface of the NYCORE1 switch to gain layer 2 connectivity.Leave the devices in their current state and continue on to the next task.
Task 2 – Adjusting the Aging Timer
Dynamically learned MAC addresses remain in the MAC address table for a specific period of time. If there is no activity from the specific MAC address after this specified period of time, the address is removed from the switch. It is possible to adjust this aging time according to your network needs.
In this task, you will examine MAC address aging. You will adjust this aging timer and observe the results of your changes.Note: MAC address aging occurs only for dynamically learned MAC addresses. Static entries are never aged out.
Step 1
By default, the MAC address aging timer is set to 300 seconds or five minutes. Change this default to 10 seconds in order to observe the MAC address learning and aging out process.
Connect to NYCORE1 switch and type the following commands (press Enter after each command):
NYCORE1#
configure terminal
Press Enter.
NYCORE1(config)#
mac address-table aging-time 10
Press Enter.
NYCORE1(config)#
exit
Press Enter.
You will see the following output:
NYCORE1#configure terminal
Enter configuration commands, one per line. End with CNTL/Z.
NYCORE1(config)#mac address-table aging-time 10
NYCORE1(config)#exit
NYCORE1#
Step 2
Using the following command, you can view only the dynamic entries in the back table:
NYCORE1#
show mac address-table dynamic
Press Enter.
Issue this command over and over every couple of seconds using the up arrow and observe how the number of dynamically learned MAC addresses changes over time. If you do it enough times, you will see anywhere from zero to four dynamically learned MAC addresses. Below you can see several of the results of the repeated command as addresses are timed out and are relearned:
NYCORE1#show mac address-table dynamic
Mac Address Table
-------------------------------------------
Vlan Mac Address Type Ports
---- ----------- -------- -----
1 04da.d2b6.0418 DYNAMIC Fa1/0/22
1 7426.ac67.0c70 DYNAMIC Fa1/0/1
Total Mac Addresses for this criterion: 2
NYCORE1#show mac address-table dynamic
Mac Address Table
-------------------------------------------
Vlan Mac Address Type Ports
---- ----------- -------- -----
1 0015.6227.8b8a DYNAMIC Fa1/0/22
1 04da.d2b6.0418 DYNAMIC Fa1/0/22
1 7426.ac67.0c70 DYNAMIC Fa1/0/1
Total Mac Addresses for this criterion: 3
NYCORE1#show mac address-table dynamic
Mac Address Table
-------------------------------------------
Vlan Mac Address Type Ports
---- ----------- -------- -----
1 0015.6227.8b8a DYNAMIC Fa1/0/22
1 0050.56a3.353d DYNAMIC Fa1/0/22
1 04da.d2b6.0418 DYNAMIC Fa1/0/22
1 7426.ac67.0c70 DYNAMIC Fa1/0/1
Total Mac Addresses for this criterion: 4
NYCORE1#
Exercise 2 – Frame Switching and Frame Flooding Methods
Frame Switching
Frame switching refers to the method by which a frame is switched, or transferred from the ingress interface to the egress interface. There are two main methods by which this is accomplished: Store-and-Forward and Cut-Through Ethernet switching.
All frames have a certain size in bytes. The maximum size is usually around 1500, although this can be adjusted. It takes a finite amount of time for a frame to enter a switch port. Depending on the method of switching, this amount of time can add latency to network communications.
Store-and-Forward switching does what its name suggests. It receives a frame and stores it in its entirety in the switch buffer before it begins sending it out of its egress port. This allows the switch to read and calculate the Frame Check Sequence, which is in the trailer of the frame, to verify that there were no errors in transmission before it sends it out of the egress port. In this scenario, both latency and reliability are increased.
Cut-Through switching begins sending a frame out the egress port before it has been received in its entirety. Switching begins once the destination MAC address has been read from the header of the frame, and the egress port has been determined. Here, latency is decreased as is reliability.Note: To find out more about these switching methods and under what circumstances each is beneficial, use your favorite search engine to research this topic further.
The default method of switching for the switches used in these labs is Store-and Forward. In fact, it is the only method of switching that is supported by these switches. Cisco Nexus switches support Cut-Through switching by default and can be configured for either switching method.
Frame Flooding
Frame flooding occurs when a frame enters a switch that doesn’t have the destination MAC address within the MAC table. If this is the case, the switch does not know where to send the frame, so it sends it out all ports except the port from which the frame entered the switch.
This is frame flooding. If the device with the destination MAC address in question is connected to one of the switch’s ports, it will answer, and its MAC address will be added to the MAC table.
In this exercise, you will learn about frame switching and frame flooding.
Learning Outcomes
After completing this exercise, you will be able to:
- Perform Frame Switching
- Perform Frame Flooding
Your Devices
You will be using the following devices in this lab. Please power these on now.
- NYCORE1 – (Cisco 3750v2 – 24PS – Core Switch 1)
Task 1 – Frame Switching
In this task, you will examine the buffers that are used to store frames as they are switched from ingress to egress ports on a switch. Frame switching refers to the concept where packets are transferred from the incoming (ingress) port to the egress (outgoing) port.
Step 1
Connect to the NYCORE1 switch.
You will examine the interface parameters of the FastEthernet 1/0/22 interface. To do so, issue the following command:
NYCORE1#
show inter fa 1/0/22
Press Enter.
You will see the following output:
NYCORE1#show inter fa 1/0/22
FastEthernet1/0/22 is up, line protocol is up (connected)
Hardware is Fast Ethernet, address is 08cc.68f2.af98 (bia 08cc.68f2.af98)
MTU 1500 bytes, BW 100000 Kbit/sec, DLY 100 usec,
reliability 255/255, txload 1/255, rxload 1/255
Encapsulation ARPA, loopback not set
Keepalive set (10 sec)
Full-duplex, 100Mb/s, media type is 10/100BaseTX
input flow-control is off, output flow-control is unsupported
ARP type: ARPA, ARP Timeout 04:00:00
Last input 00:00:01, output 00:00:02, output hang never
Last clearing of "show interface" counters never
Input queue: 0/75/0/0 (size/max/drops/flushes); Total output drops: 0
Queueing strategy: fifo
Output queue: 0/40 (size/max)
5 minute input rate 0 bits/sec, 0 packets/sec
5 minute output rate 0 bits/sec, 0 packets/sec
8665 packets input, 917007 bytes, 0 no buffer
Received 7537 broadcasts (6313 multicasts)
0 runts, 0 giants, 0 throttles
0 input errors, 0 CRC, 0 frame, 0 overrun, 0 ignored
0 watchdog, 6313 multicast, 0 pause input
0 input packets with dribble condition detected
2080 packets output, 279187 bytes, 0 underruns
0 output errors, 0 collisions, 1 interface resets
0 unknown protocol drops
0 babbles, 0 late collision, 0 deferred
0 lost carrier, 0 no carrier, 0 pause output
0 output buffer failures, 0 output buffers swapped out
NYCORE1#
The output of interest is indicated by bold type font.
Examining those parameters that involve the buffers and the memory where frames are stored, you can observe the following:
- Input queue – indicates the number of frames in the input queue and its maximum size. Currently, the queue is empty. However, when Store-and-Forward is functioning, the incoming frames are stored in their entirety in this queue.
- Total output drops – this is the number of drops that have been measured due to the queue being full.
- Queueing strategy – this is the method by which frames will be queued. The method is First In First Out or fifo.
- Output queue – the size of the output queue and the number of frames currently in it.
As is quite apparent, the Store-and-Forward method will require more memory usage than the Cut-Through method of switching. It is possible to tweak the sizes of the buffers as needed, but this is beyond the scope of this lab.Leave the devices in their current state and continue on to the next task.
Task 2 – Frame Flooding
Frame flooding is when packets are sent to all ports on the switch except the port that is receiving the packets. When frame flooding occurs, it may cause the switch to malfunction due to many MAC addresses that need to be stored on the switch. In this task, you will see frame flooding functions and also how it can contribute to a security vulnerability.
Step 1
Connect to the NYCORE1 switch.
To view the dynamically added MAC addresses in the MAC table, issue the following command:
NYCORE1#
show mac address-table dynamic
Press Enter.
You will see the following output:Note: Remember, your output will differ slightly.
NYCORE1#show mac address-table dynamic
Mac Address Table
-------------------------------------------
Vlan Mac Address Type Ports
---- ----------- -------- -----
1 0015.6227.8b8a DYNAMIC Fa1/0/22
1 04da.d2b6.0418 DYNAMIC Fa1/0/22
1 7426.ac67.0c70 DYNAMIC Fa1/0/1
Total Mac Addresses for this criterion: 3
NYCORE1#
Imagine that the PLABCSCO01 device chooses to send a frame to a device with a MAC address of 0745.abab.475c. This MAC address is not in the MAC address table, so the switch will flood this frame out of all its ports except port FastEthernet 1/0/22.
Step 2
Every time a new MAC address is learned, it is added to the MAC table. The MAC table resides in the memory of the switch, which is finite, so there is a limited number of entries it can hold. If the aging time is too large and the number of MAC addresses is also large, this memory may become exhausted.
To determine the maximum size of the MAC address table, issue the following command:
NYCORE1#
show mac address-table count
Press Enter.
You will see the following output:
NYCORE1#show mac address-table count
Mac Entries for Vlan 1:
---------------------------
Dynamic Address Count : 3
Static Address Count : 1
Total Mac Addresses : 4
Total Mac Address Space Available: 5995
NYCORE1#
In this particular instance, four MAC address entries exist, and there are 5995 spaces available, so the total number of entries available in the MAC address table is 5999.
Step 3
MAC flooding is a security risk because this functionality can be used to cause the network to malfunction. Imagine that the user of the PLABSCSO01 server is a hacker. He can initiate what is called a MAC Flooding Attack. Essentially, PLABSCSO01 would send a multitude of frames, each with a different source MAC address. The switch would then learn all of these fake MAC addresses and associate them with the port on which they are coming in.Note: You may wonder how a computer could send frames with many different source MAC addresses since a MAC address is “burned in” to the NIC of the computer and cannot be changed. It is true that the MAC assigned to a NIC cannot be changed, however, when sending frames, the MAC address is read into RAM and then placed in the Source MAC Address field of the header of the frame. Once the MAC address resides in the RAM, with the appropriate software, it can be manipulated and changed before it is placed in the header of the frame.
The result would be a very large MAC Address Table similar to the following:
NYCORE1#show mac address-table dynamic
Mac Address Table
-------------------------------------------
Vlan Mac Address Type Ports
---- ----------- -------- -----
1 0015.6227.8b8a DYNAMIC Fa1/0/22
1 04da.d2b6.0418 DYNAMIC Fa1/0/22
1 04da.d2b6.0419 DYNAMIC Fa1/0/22
1 04da.d2b6.0420 DYNAMIC Fa1/0/22
1 04da.d2b6.0421 DYNAMIC Fa1/0/22
1 04da.d2b6.0422 DYNAMIC Fa1/0/22
1 04da.d2b6.0423 DYNAMIC Fa1/0/22
1 04da.d2b6.0424 DYNAMIC Fa1/0/22
1 04da.d2b6.0425 DYNAMIC Fa1/0/22
!<-- Output Omitted -->
1 04da.d2b6.BA4C DYNAMIC Fa1/0/22
1 04da.d2b6.BA4D DYNAMIC Fa1/0/22
Total Mac Addresses for this criterion: 5999
NYCORE1#
Exercise 3 - Configuring and Understanding CDP and LLDP
The Cisco Discovery Protocol or CDP is a device discovery protocol that runs over Layer 2 on all Cisco-manufactured devices. CDP allows network management applications to automatically discover and learn about other Cisco devices connected to the network.
To support non-Cisco devices and to allow for interoperability with other devices, the Link Layer Discovery Protocol or LLDP is used. It is an IEEE standard neighbor discovery protocol (802.1ab) for network devices to advertise information about themselves to other devices on the network. This protocol runs over Layer 2 as well and allows two systems running different network layer protocols to learn about each other.
In this exercise, you will learn about configuring CDP and LLDP.
Learning Outcomes
After completing this exercise, you will be able to:
Configure Cisco Discovery Protocol
Configure Link Layer Discovery Protocol
Your Devices
You will be using the following devices in this lab. Please power these on now.
NYEDGE1 - (Cisco 2911 - Internet Edge Router 1)
NYCORE1 - (Cisco 3750v2 - 24PS - Core Switch 1)
Practice Labs screenshot.
Task 1 - Configure Cisco Discovery Protocol
In this task, you will configure CDP and understand how they function. CDP is enabled on all Cisco devices by default.
Step 1
First of all, you will connect to NYCORE1 and issue the following command to view all of the connected CDP enabled devices:
NYCORE1#
show cdp neighbors
Press Enter.
The output will be as follows:
NYCORE1#show cdp neighbors
Capability Codes: R - Router, T - Trans Bridge, B - Source Route Bridge
S - Switch, H - Host, I - IGMP, r - Repeater, P - Phone,
D - Remote, C - CVTA, M - Two-port Mac Relay
Device ID Local Intrfce Holdtme Capability Platform Port ID
NYACCESS1 Fas 1/0/22 145 S I WS-C2960- Fas 0/24
NYEDGE1 Fas 1/0/1 169 R S I CISCO2911 Gig 0/0
NYCORE2 Fas 1/0/24 144 S I WS-C3750V Fas 1/0/24
NYCORE2 Fas 1/0/23 144 S I WS-C3750V Fas 1/0/23
NYCORE1#
The above output shows that there are four devices that have been detected that are physically connected to NYCORE1 that are running CDP. The following information is made available via this protocol:
The Device ID or hostname
The local interface on NYCORE1 on which this device is connected
The Holdtime which you will configure shortly
The Capability which is indicated by a Code for which a key is provided at the beginning of the output
The Platform of the device, including model number
The Port ID on the remote device via which it is connected to NYCORE1
Look at the lab diagram and confirm the ports via which you are connected to these devices.
Step 2
You can view detailed information about a device by indicating the specific device that you would like to examine using its Device ID, or hostname. View the detailed CDP information about the NYEDGE1 router from the NYCORE1 switch using the following command:
NYCORE1#
show cdp entry NYEDGE1
Press Enter.
You will see the following output:
NYCORE1#show cdp entry NYEDGE1
-------------------------
Device ID: NYEDGE1
Entry address(es):
IP address: 192.168.16.1
Platform: Cisco CISCO2911/K9, Capabilities: Router Switch IGMP
Interface: FastEthernet1/0/1, Port ID (outgoing port): GigabitEthernet0/0
Holdtime : 156 sec
Version :
Cisco IOS Software, C2900 Software (C2900-UNIVERSALK9-M), Version 15.2(4)M6, RELEASE SOFTWARE (fc2)
Technical Support: http://www.cisco.com/techsupport
Copyright (c) 1986-2014 by Cisco Systems, Inc.
Compiled Wed 19-Mar-14 19:23 by prod_rel_team
advertisement version: 2
VTP Management Domain: ''
Duplex: full
Power Available TLV:
Power request id: 0, Power management id: 0, Power available: 0, Power management level: 0
Management address(es):
NYCORE1#
Notice how detailed the information about the NYEDGE1 router is. It includes IP address, IOS version, VTP information, and even Power management information.
Step 3
CDP periodically sends CDP packets to update information between devices. It is possible to adjust the frequency with which these packets are sent. Examine the number of CDP advertisements that have been sent by the NYCORE1 device to gauge the amount of traffic that CDP adds to your network. To do this, issue the following command:
NYCORE1#
show cdp traffic
Press Enter.
You will see the following output:
NYCORE1#show cdp traffic
CDP counters :
Total packets output: 615, Input: 466
Hdr syntax: 0, Chksum error: 2, Encaps failed: 0
No memory: 0, Invalid packet: 0,
CDP version 1 advertisements output: 0, Input: 0
CDP version 2 advertisements output: 615, Input: 466
NYCORE1#
Step 4
You determine that there are too many CDP advertisements occurring, and this is disrupting your network communications. You can adjust the frequency with which these advertisements are sent.
When adjusting frequency, there are two values that must be defined: The timer, which is the frequency of the advertisements, and the holdtime, which defines the amount of time a receiving device should hold the information sent before discarding it.
The default timer value is 60 seconds, and the default holdtime value is 180 seconds. It is recommended that the holdtime always be 3 times the timer. For the purposes of this lab, you will configure the timer to be 70 seconds and the holdtime to be 210 seconds.
To configure both of these values, type the following commands (press Enter after each command):
NYCORE1#
configure terminal
Press Enter.
NYCORE1(config)#
cdp timer 70
Press Enter.
NYCORE1(config)#
cdp holdtime 210
Press Enter.
NYCORE1(config)#
exit
Press Enter.
You will see the following output:
NYCORE1#configure terminal
Enter configuration commands, one per line. End with CNTL/Z.
NYCORE1(config)#cdp timer 70
NYCORE1(config)#cdp holdtime 210
NYCORE1(config)#exit
NYCORE1#
Step 5
View the CDP neighbors once again, enter the following command:
NYCORE1#
show cdp neighbors
Press Enter.
You will see the following output:
NYCORE1#show cdp neighbors
Capability Codes: R - Router, T - Trans Bridge, B - Source Route Bridge
S - Switch, H - Host, I - IGMP, r - Repeater, P - Phone,
D - Remote, C - CVTA, M - Two-port Mac Relay
Device ID Local Intrfce Holdtme Capability Platform Port ID
NYACCESS1 Fas 1/0/22 124 S I WS-C2960- Fas 0/24
NYEDGE1 Fas 1/0/1 206 R S I CISCO2911 Gig 0/0
NYCORE2 Fas 1/0/24 169 S I WS-C3750V Fas 1/0/24
NYCORE2 Fas 1/0/23 169 S I WS-C3750V Fas 1/0/23
NYCORE1#
If you repeatedly issue this command, you will see that the Holdtime does reset to values up to 210 seconds, thus confirming the change in configuration.
Step 6
Issuing the following command will also display the timers that you configured:
NYCORE1#
show cdp
Press Enter.
You will see the following output:
NYCORE1#show cdp
Global CDP information:
Sending CDP packets every 70 seconds
Sending a holdtime value of 210 seconds
Sending CDPv2 advertisements is enabled
NYCORE1#
Notice that it also tells you the version of CDP that is being used. In this instance, it is CDPv2.
Step 7
If you choose to, CDP can be disabled on a device. This can be achieved as follows.
Type the following commands (press Enter after each command):
NYCORE1#
configure terminal
NYCORE1(config)#
no cdp run
NYCORE1(config)#
exit
You will see the following output:
NYCORE1#configure terminal
Enter configuration commands, one per line. End with CNTL/Z.
NYCORE1(config)#no cdp run
NYCORE1(config)#exit
NYCORE1#
Note: Although CDP is very useful, it can lead to network vulnerabilities and security issues. The easiest and most effective way of mitigating those vulnerabilities is to shut CDP down completely.
You have completed this section on Cisco Discovery Protocol.
Leave the devices in their current state and continue on to the next task.
Task 2 - Configure Link Layer Discovery Protocol
In this task, you will configure LLDP and understand how they function. LLDP is enabled on all Cisco devices by default.
Step 1
First of all, you will connect to NYCORE1 and enable LLDP globally on the device.
Type the following commands (press Enter after each command):
NYCORE1#
configure terminal
NYCORE1(config)#
lldp run
You will see the following output:
NYCORE1#configure terminal
Enter configuration commands, one per line. End with CNTL/Z.
NYCORE1(config)#lldp run
NYCORE1(config)#
Step 2
Connect to NYEDGE1 and enable LLDP on this device as well.
Type the following commands (press Enter after each command):
NYEDGE1#
configure terminal
NYEDGE1(config)#
lldp run
NYEDGE1(config)#
exit
You will see the following output:
NYEDGE1#configure terminal
Enter configuration commands, one per line. End with CNTL/Z.
NYEDGE1(config)#lldp run
NYEDGE1(config)#exit
NYEDGE1#
Step 3
Connect to NYEDGE1.
Examine the LLDP information on NYEDGE1 by issuing the following two commands (press Enter after each command)and observing the resulting output:
NYEDGE1#
show lldp
NYEDGE1#
show lldp neighbors
You will see the following output:
NYEDGE1#show lldp
Global LLDP Information:
Status: ACTIVE
LLDP advertisements are sent every 30 seconds
LLDP hold time advertised is 120 seconds
LLDP interface reinitialisation delay is 2 seconds
NYEDGE1#show lldp neighbors
Capability codes:
(R) Router, (B) Bridge, (T) Telephone, (C) DOCSIS Cable Device
(W) WLAN Access Point, (P) Repeater, (S) Station, (O) Other
Device ID Local Intf Hold-time Capability Port ID
NYCORE1 Gi0/0 120 B Fa1/0/1
Total entries displayed: 1
NYEDGE1#
Notice the similarities between LLDP and CDP. Notice also the advertisement and the hold time timers of 30 and 120 seconds, respectively. Notice here the ratio between these timers is 4 to 1 as opposed to 3 to 1 for CDP.
Note: LLDP has an additional timer called the Interface Reinitialisation Delay. This is the specific delay time in seconds for LLDP to initialize on any interface. The range is 2 to 5 seconds; the default is 2 seconds.
Step 4
To change the advertisement and hold time timers to 45 and 180 respectively on NYEDGE1 and verify your configuration, type the following commands (press Enter after each command):
NYEDGE1#
configure terminal
NYEDGE1(config)#
lldp timer 45
NYEDGE1(config)#
lldp holdtime 180
NYEDGE1(config)#
exit
NYEDGE1#
show lldp
You will see the following output:
NYEDGE1#configure terminal
Enter configuration commands, one per line. End with CNTL/Z.
NYEDGE1(config)#lldp timer 45
NYEDGE1(config)#lldp holdtime 180
NYEDGE1(config)#exit
NYEDGE1#show lldp
Global LLDP Information:
Status: ACTIVE
LLDP advertisements are sent every 45 seconds
LLDP hold time advertised is 180 seconds
LLDP interface reinitialisation delay is 2 seconds
NYEDGE1#
Notice from the output that the changes have been verified.
Step 5
Finally, to disable LLDP on NYEDGE1 and verify that it is no longer running, type the following commands (press Enter after each command):
NYEDGE1#
configure terminal
NYEDGE1(config)#
no lldp run
NYEDGE1(config)#
exit
NYEDGE1#
show lldp
You will see the following output:
NYEDGE1#configure terminal
Enter configuration commands, one per line. End with CNTL/Z.
NYEDGE1(config)#no lldp run
NYEDGE1(config)#exit
NYEDGE1#show lldp
% LLDP is not enabled
NYEDGE1#
Exercise 4 - Configuring Static, PAgP, LACP, and Layer 3 EtherChannels
EtherChannel is a port link aggregation technology that enables you to bundle multiple switch interfaces together to act as a single aggregate link, increasing bandwidth with the added advantage of resiliency.
You will configure an EtherChannel bundle statically. It is possible to have two switches negotiate an EtherChannel configuration using link aggregation protocols such as Port Aggregation Protocol or PAgP and Link Aggregation Control Protocol or LACP.
Once an EtherChannel Port-Channel has been created, it is possible, just like physical interfaces, to configure it as a routable port. That is, it can be configured to have an IP address and to function just like a router interface would.
In this exercise, you will learn how to configure static EtherChannel as well as configure both protocols to create an EtherChannel. Lastly, you will learn to configure layer 3 EtherChannel.
Learning Outcomes
After completing this exercise, you will be able to:
Configure Static EtherChannel
Configure Port Aggregation Protocol (PAgP)
Configure Link Aggregation Control Protocol (LACP)
Configure Layer 3 EtherChannel
Your Devices
You will be using the following devices in this lab. Please power these on now.
NYCORE1 - (Cisco 3750v2 - 24PS - Core Switch 1)
NYCORE2 - (Cisco 3750v2 - 24PS - Core Switch 2)
Practice Labs screenshot.
Task 1 - Configure Static EtherChannel
The purpose of EtherChannel is to bundle physical switch interfaces together to increase network performance. In this task, you will learn how to configure static EtherChannel.
Note: The term EtherChannel and Port-Channel can be used interchangeably to refer to the bundle of aggregated links, but Port-Channel or Po is the keyword used when configuring the interface.
Step 1
Connect to NYCORE2.
On NYCORE2, assign a channel group with an ID of 1 to each of the FastEthernet 1/0/23 and 1/0/24 interfaces. Make sure to configure a mode of on to configure the EtherChannel statically.
Type the following commands (press Enter after each command):
NYCORE2#
configure terminal
NYCORE2(config)#
Interface range fastethernet 1/0/23 - 24
NYCORE2(config-if-range)#
channel-group 1 mode on
NYCORE2(config-if-range)#
exit
NYCORE2(config)#
exit
You will see the following output:
NYCORE2#configure terminal
Enter configuration commands, one per line. End with CNTL/Z.
NYCORE2(config)#interface fastethernet 1/0/23 - 24
NYCORE2(config-if-range)#channel-group 1 mode on
Creating a port-channel interface Port-channel 1
NYCORE2(config-if-range)#exit
*Mar 1 00:06:10.214: %LINK-3-UPDOWN: Interface Port-channel1, changed state to up
*Mar 1 00:06:11.221: %LINEPROTO-5-UPDOWN: Line protocol on Interface Port-channel1, changed state to up
NYCORE2(config)#exit
NYCORE2#
Notice that interface Port-channel 1 changed state to up once you created it.
Step 2
Connect to NYCORE1 and configure the same settings as on NYCORE2.
Type the following commands (press Enter after each command):
NYCORE1#
configure terminal
NYCORE1(config)#
interface range fastethernet 1/0/23 - 24
NYCORE1(config-if-range)#
channel-group 1 mode on
NYCORE1(config-if-range)#
exit
NYCORE1(config)#
exit
You will see the following output:
NYCORE1#configure terminal
Enter configuration commands, one per line. End with CNTL/Z.
NYCORE1(config)#interface range fastethernet 1/0/23 - 24
NYCORE1(config-if-range)#channel-group 1 mode on
Creating a port-channel interface Port-channel 1
NYCORE1(config-if-range)#exit
NYCORE1(config)#exit
*Mar 1 00:09:56.388: %LINK-3-UPDOWN: Interface Port-channel1, changed state to up
*Mar 1 00:09:57.394: %LINEPROTO-5-UPDOWN: Line protocol on Interface Port-channel1, changed state to up
*Mar 1 00:10:17.326: %LINEPROTO-5-UPDOWN: Line protocol on Interface Vlan1, changed state to down
*Mar 1 00:10:19.993: %SYS-5-CONFIG_I: Configured from console by console
*Mar 1 00:10:24.414: %LINEPROTO-5-UPDOWN: Line protocol on Interface Vlan1, changed state to up
NYCORE1#
You will notice similar syslog messages here, including the change of state of interface VLAN 1 as well. This is normal behavior.
Step 3
To confirm your EtherChannel is operational, use the following command on the NYCORE1 switch:
NYCORE1#
show etherchannel summary
Press Enter.
You will see the following output:
NYCORE1#show etherchannel summary
Flags: D - down P - bundled in port-channel
I - stand-alone s - suspended
H - Hot-standby (LACP only)
R - Layer3 S - Layer2
U - in use f - failed to allocate aggregator
M - not in use, minimum links not met
u - unsuitable for bundling
w - waiting to be aggregated
d - default port
Number of channel-groups in use: 1
Number of aggregators: 1
Group Port-channel Protocol Ports
------+-------------+-----------+-----------------------------------------------
1 Po1(SU) - Fa1/0/23(P) Fa1/0/24(P)
NYCORE1#
You will notice from the output that the EtherChannel has been created, and is operational.
Step 4
You can view further details about this EtherChannel configuration with the following command:
NYCORE1#
show interfaces port-channel 1 etherchannel
Press Enter.
The output will be as follows:
NYCORE1#show interfaces port-channel 1 etherchannel
Age of the Port-channel = 0d:00h:06m:48s
Logical slot/port = 10/1 Number of ports = 2
GC = 0x00000000 HotStandBy port = null
Port state = Port-channel Ag-Inuse
Protocol = -
Port security = Disabled
Ports in the Port-channel:
Index Load Port EC state No of bits
------+------+------+------------------+-----------
0 00 Fa1/0/23 On 0
0 00 Fa1/0/24 On 0
Time since last port bundled: 0d:00h:06m:38s Fa1/0/24
Time since last port Un-bundled: 0d:00h:06m:48s Fa1/0/24
NYCORE1#
You have successfully configured a static EtherChannel configuration.
Please reset your devices before moving on to Task 2.
Task 2 - Configure Port Aggregation Protocol (PAgP)
PAgP is a Cisco proprietary protocol that negotiates link aggregation to create an EtherChannel bundle. In this task, you will configure NYCORE1 to use PAgP. You will configure the other end of the EtherChannel at NYCORE2 in various ways, and you will examine the resulting link.
Step 1
Connect to NYCORE1.
Examine the options available to you when configuring the channel-group on each of the bundled interfaces. To do this, use Cisco’s context sensitive help using the ? character, as shown below.
Type the following commands (press Enter after each command):
NYCORE1#
configure terminal
NYCORE1(config)#
interface fastethernet 1/0/23
NYCORE1(config-if)#
channel-group 1 mode ?
NYCORE1(config-if)#
channel-group 1 mode
NYCORE1(config-if)#
exit
NYCORE1(config)#
exit
You will see the following output:
NYCORE1#configure terminal
Enter configuration commands, one per line. End with CNTL/Z.
NYCORE1(config)#interface fastethernet 1/0/23
NYCORE1(config-if)#channel-group 1 mode ?
active Enable LACP unconditionally
auto Enable PAgP only if a PAgP device is detected
desirable Enable PAgP unconditionally
on Enable Etherchannel only
passive Enable LACP only if a LACP device is detected
NYCORE1(config-if)#channel-group 1 mode
NYCORE1(config-if)#exit
NYCORE1(config)#exit
NYCORE1#
Here you can see the various options for configuring EtherChannel. There are two options for PAgP: auto and desirable.
Note: Notice the on option. This was used in exercise 12 to configure static EtherChannel.
Step 2
Configure channel-group 1 on FastEthernet 1/0/23 and 1/0/24 using the auto keyword.
Note: It is best to configure this using the range keyword as configuring each interface separately will give you an error message similar to the following: Command rejected (Channel protocol mismatch for interface Fa1/0/23 in group 1): the interface can not be added to the channel group.
Type the following commands (press Enter after each command):
NYCORE1#
configure terminal
NYCORE1(config)#
interface range fastethernet 1/0/23 - 24
NYCORE1(config-if-range)#
channel-group 1 mode auto
NYCORE1(config-if-range)#
exit
NYCORE1(config)#
exit
You will see the following output:
NYCORE1#configure terminal
Enter configuration commands, one per line. End with CNTL/Z.
NYCORE1(config)#interface range fastethernet 1/0/23 - 24
NYCORE1(config-if-range)#channel-group 1 mode auto
NYCORE1(config-if-range)#exit
NYCORE1(config)#exit
NYCORE1#
*Mar 1 00:04:52.317: %LINEPROTO-5-UPDOWN: Line protocol on Interface FastEthernet1/0/24, changed state to down
*Mar 1 00:04:52.317: %LINEPROTO-5-UPDOWN: Line protocol on Interface Port-channel1, changed state to down
*Mar 1 00:04:53.324: %LINK-3-UPDOWN: Interface Port-channel1, changed state to down
NYCORE1#
*Mar 1 00:05:01.008: %LINEPROTO-5-UPDOWN: Line protocol on Interface FastEthernet1/0/24, changed state to up
*Mar 1 00:05:50.794: %LINK-3-UPDOWN: Interface Port-channel1, changed state to up
*Mar 1 00:05:51.801: %LINEPROTO-5-UPDOWN: Line protocol on Interface Port-channel1, changed state to up
You can see that the port channel, as well as the interfaces in the group, go down and up again. At this point, the EtherChannel is configured to be auto PAgP on the NYCORE1 end and on on the NYCORE2 end. The Etherchannel is not currently functioning, and additional syslog messages may show up on both switches.
Step 3
Connect to NYCORE2.
Configure channel-group 1 on FastEthernet 1/0/23 and 1/0/24 of the NYCORE2 switch using the desirable keyword.
Type the following commands (press Enter after each command):
NYCORE2#
configure terminal
NYCORE2(config)#
interface range fastethernet 1/0/23 - 24
NYCORE2(config-if-range)#
channel-group 1 mode desirable
NYCORE2(config-if-range)#
exit
NYCORE2(config)#
exit
You will see the following output:
NYCORE2#configure terminal
Enter configuration commands, one per line. End with CNTL/Z.
NYCORE2(config)#interface range fastethernet 1/0/23 - 24
NYCORE2(config-if-range)#channel-group 1 mode desirable
NYCORE2(config-if-range)#exit
NYCORE2(config)#exit
NYCORE2#
*Mar 1 00:05:47.053: %LINEPROTO-5-UPDOWN: Line protocol on Interface FastEthernet1/0/23, changed state to down
*Mar 1 00:05:47.053: %LINEPROTO-5-UPDOWN: Line protocol on Interface FastEthernet1/0/24, changed state to down
*Mar 1 00:05:47.061: %LINEPROTO-5-UPDOWN: Line protocol on Interface Port-channel1, changed state to down
*Mar 1 00:05:48.060: %LINK-3-UPDOWN: Interface Port-channel1, changed state to down
*Mar 1 00:05:49.863: %LINEPROTO-5-UPDOWN: Line protocol on Interface FastEthernet1/0/24, changed state to up
*Mar 1 00:05:49.863: %LINEPROTO-5-UPDOWN: Line protocol on Interface FastEthernet1/0/23, changed state to up
*Mar 1 00:05:50.853: %LINK-3-UPDOWN: Interface Port-channel1, changed state to up
*Mar 1 00:05:51.860: %LINEPROTO-5-UPDOWN: Line protocol on Interface Port-channel1, changed state to up
NYCORE2#
Again you can see the EtherChannel interface and the associated physical interfaces go down and up again.
Step 4
To confirm your EtherChannel configuration, use the following command on the NYCORE2 switch:
NYCORE2#
show etherchannel summary
Press Enter.
You will see the following output:
NYCORE2#show etherchannel summary
Flags: D - down P - bundled in port-channel
I - stand-alone s - suspended
H - Hot-standby (LACP only)
R - Layer3 S - Layer2
U - in use f - failed to allocate aggregator
M - not in use, minimum links not met
u - unsuitable for bundling
w - waiting to be aggregated
d - default port
Number of channel-groups in use: 1
Number of aggregators: 1
Group Port-channel Protocol Ports
------+-------------+-----------+-----------------------------------------------
1 Po1(SU) PAgP Fa1/0/23(P) Fa1/0/24(P)
NYCORE2#
It appears that the EtherChannel has been created, and it is operational. Notice that the Protocol used is PAgP.
Step 5
In this step, you will configure the NYCORE2 end of the EtherChannel as auto. In essence, this will make both ends of the EtherChannel auto.
Type the following commands (press Enter after each command):
NYCORE2#
configure terminal
NYCORE2(config)#
interface range fastethernet 1/0/23 - 24
NYCORE2(config-if-range)#
channel-group 1 mode auto
NYCORE2(config-if-range)#
exit
NYCORE2(config)#
exit
You will see the following output:
NYCORE2#configure terminal
Enter configuration commands, one per line. End with CNTL/Z.
NYCORE2(config)#interface range fastethernet 1/0/23 - 24
NYCORE2(config-if-range)#channel-group 1 mode auto
NYCORE2(config-if-range)#
NYCORE2(config-if-range)#exit
NYCORE2(config)#exit
NYCORE2#
*Mar 1 00:31:35.145: %LINEPROTO-5-UPDOWN: Line protocol on Interface FastEthernet1/0/23, changed state to down
*Mar 1 00:31:35.171: %LINEPROTO-5-UPDOWN: Line protocol on Interface FastEthernet1/0/24, changed state to down
*Mar 1 00:31:35.171: %LINEPROTO-5-UPDOWN: Line protocol on Interface Port-channel1, changed state to down
*Mar 1 00:31:36.169: %LINK-3-UPDOWN: Interface Port-channel1, changed state to down
*Mar 1 00:31:44.801: %LINEPROTO-5-UPDOWN: Line protocol on Interface FastEthernet1/0/23, changed state to up
*Mar 1 00:31:45.187: %LINEPROTO-5-UPDOWN: Line protocol on Interface FastEthernet1/0/24, changed state to up
NYCORE2#
Notice that the physical interfaces and the Port-Channel interface go down. A few seconds later, the physical interfaces come up, but the Port-Channel remains down. This is because the auto keyword negotiates an EtherChannel link only if there is a PAgP enabled device on the other end in desirable mode.
Step 6
Verify the state of the Port-Channel interface on NYCORE2 by entering the following command:
NYCORE2#
show etherchannel summary
Press Enter.
You will see the following output:
NYCORE2#show etherchannel summary
Flags: D - down P - bundled in port-channel
I - stand-alone s - suspended
H - Hot-standby (LACP only)
R - Layer3 S - Layer2
U - in use f - failed to allocate aggregator
M - not in use, minimum links not met
u - unsuitable for bundling
w - waiting to be aggregated
d - default port
Number of channel-groups in use: 1
Number of aggregators: 1
Group Port-channel Protocol Ports
------+-------------+-----------+-----------------------------------------------
1 Po1(SD) PAgP Fa1/0/23(I) Fa1/0/24(I)
NYCORE2#
Under the Port-channel column, you can see a flag of (SD). According to the legend, S indicates Layer2, and D indicates down. So in order for an EtherChannel to function with PAgP, it is necessary to have at least one of the two ends configured as mode desirable.
Leave the devices in their current state and continue on to the next task.
Task 3 - Configure Link Aggregation Control Protocol (LACP)
LACP is an IEEE protocol that works much the same way as PAgP. With this protocol, Cisco devices can negotiate link aggregation with non-Cisco equipment.
In this task, you will configure NYCORE1 to use LACP. You will configure the other end of the EtherChannel at NYCORE2 in various ways, and you will examine the resulting link.
Step 1
On NYCORE1, once again, examine the options available to you when configuring the channel-group on each of the bundled interfaces. To do this, use Cisco’s context sensitive help using the ? character, as shown below.
Type the following commands (press Enter after each command):
NYCORE1#
configure terminal
NYCORE1(config)#
interface fastethernet 1/0/23
NYCORE1(config-if)#
channel-group 1 mode ?
NYCORE1(config-if)#
channel-group 1 mode
NYCORE1(config)#
exit
The output will be as follows:
NYCORE1#configure terminal
Enter configuration commands, one per line. End with CNTL/Z.
NYCORE1(config)#interface fastethernet 1/0/23
NYCORE1(config-if)#channel-group 1 mode ?
active Enable LACP unconditionally
auto Enable PAgP only if a PAgP device is detected
desirable Enable PAgP unconditionally
on Enable Etherchannel only
passive Enable LACP only if a LACP device is detected
NYCORE1(config-if)#channel-group 1 mode
NYCORE1(config)#exit
NYCORE1#
Here you can see the various options for configuring EtherChannel. There are two options for LACP: active and passive. These have much the same functionality as the desirable and auto keywords, respectively.
Step 2
Configure channel-group 1 on FastEthernet 1/0/23 and 1/0/24 using the passive keyword. This time, you will remove the original channel-group 1 configuration first and then implement the new configuration.
Type the following commands (press Enter after each command):
NYCORE1#
configure terminal
NYCORE1(config)#
interface range fastethernet 1/0/23 - 24
NYCORE1(config-if-range)#
no channel-group 1
NYCORE1(config-if-range)#
channel-group 1 mode passive
NYCORE1(config-if-range)#
exit
NYCORE1(config)#
exit
You will see the following output:
NYCORE1#configure terminal
Enter configuration commands, one per line. End with CNTL/Z.
NYCORE1(config)#interface range fastethernet 1/0/23 - 24
NYCORE1(config-if-range)#no channel-group 1
NYCORE1(config-if-range)#channel-group 1 mode passive
NYCORE1(config-if-range)#
NYCORE1(config-if-range)#exit
NYCORE1(config)#exit
NYCORE1#
*Mar 1 00:43:27.548: %LINEPROTO-5-UPDOWN: Line protocol on Interface FastEthernet1/0/23, changed state to down
*Mar 1 00:43:27.556: %LINEPROTO-5-UPDOWN: Line protocol on Interface FastEthernet1/0/24, changed state to down
*Mar 1 00:43:35.693: %LINEPROTO-5-UPDOWN: Line protocol on Interface FastEthernet1/0/24, changed state to up
*Mar 1 00:43:35.878: %LINEPROTO-5-UPDOWN: Line protocol on Interface FastEthernet1/0/23, changed state to up
NYCORE1#
Both physical interfaces have gone down and have come back up.
Step 3
Connect to NYCORE2. Implement the same configuration on NYCORE2 but this time use the active keyword.
Type the following commands (press Enter after each command):
NYCORE2#
configure terminal
NYCORE2(config)#
interface range fastethernet 1/0/23 - 24
NYCORE2(config-if-range)#
no channel-group 1
NYCORE2(config-if-range)#
channel-group 1 mode active
NYCORE2(config-if-range)#
exit
NYCORE2(config)#
exit
You will see the following output:
NYCORE2#configure terminal
Enter configuration commands, one per line. End with CNTL/Z.
NYCORE2(config)#interface range fastethernet 1/0/23 - 24
NYCORE2(config-if-range)#no channel-group 1
NYCORE2(config-if-range)#channel-group 1 mode active
NYCORE2(config-if-range)#exit
NYCORE2(config)#exit
NYCORE2#
*Mar 1 00:47:07.053: %LINEPROTO-5-UPDOWN: Line protocol on Interface FastEthernet1/0/23, changed state to down
*Mar 1 00:47:07.061: %LINEPROTO-5-UPDOWN: Line protocol on Interface FastEthernet1/0/24, changed state to down
*Mar 1 00:47:08.814: %SYS-5-CONFIG_I: Configured from console by console
*Mar 1 00:47:09.032: %LINEPROTO-5-UPDOWN: Line protocol on Interface FastEthernet1/0/23, changed state to up
*Mar 1 00:47:10.031: %LINK-3-UPDOWN: Interface Port-channel1, changed state to up
*Mar 1 00:47:11.037: %LINEPROTO-5-UPDOWN: Line protocol on Interface FastEthernet1/0/24, changed state to up
*Mar 1 00:47:11.037: %LINEPROTO-5-UPDOWN: Line protocol on Interface Port-channel1, changed state to up
NYCORE2#
Both physical interfaces have gone down and have come back up. Notice that the Port-Channel has also come up.
Step 4
Verify the status of the Port-Channel interface with the following command:
NYCORE2#
show etherchannel summary
Press Enter.
The output will be as follows:
NYCORE2#show etherchannel summary
Flags: D - down P - bundled in port-channel
I - stand-alone s - suspended
H - Hot-standby (LACP only)
R - Layer3 S - Layer2
U - in use f - failed to allocate aggregator
M - not in use, minimum links not met
u - unsuitable for bundling
w - waiting to be aggregated
d - default port
Number of channel-groups in use: 1
Number of aggregators: 1
Group Port-channel Protocol Ports
------+-------------+-----------+-----------------------------------------------
1 Po1(SU) LACP Fa1/0/23(P) Fa1/0/24(P)
NYCORE2#
It appears that the EtherChannel has been created, and it is operational. Notice that the Protocol used is now LACP.
Step 5
Now change the mode of the channel-group on NYCORE2 to passive and examine the results.
Type the following commands (press Enter after each command):
NYCORE2#
configure terminal
NYCORE2(config)#
interface range fastethernet 1/0/23 - 24
NYCORE2(config-if-range)#
channel-group 1 mode passive
NYCORE2(config-if-range)#
exit
NYCORE2(config)#
exit
You will see the following output:
NYCORE2#configure terminal
Enter configuration commands, one per line. End with CNTL/Z.
NYCORE2(config)#interface range fastethernet 1/0/23 - 24
NYCORE2(config-if-range)#channel-group 1 mode passive
NYCORE2(config-if-range)#exit
NYCORE2(config)#exit
NYCORE2#
*Mar 1 00:51:41.729: %LINEPROTO-5-UPDOWN: Line protocol on Interface FastEthernet1/0/23, changed state to down
*Mar 1 00:51:41.746: %LINEPROTO-5-UPDOWN: Line protocol on Interface FastEthernet1/0/24, changed state to down
*Mar 1 00:51:41.754: %LINEPROTO-5-UPDOWN: Line protocol on Interface Port-channel1, changed state to down
*Mar 1 00:51:42.685: %SYS-5-CONFIG_I: Configured from console by console
*Mar 1 00:51:42.753: %LINK-3-UPDOWN: Interface Port-channel1, changed state to down
Mar 1 00:51:47.165: %LINEPROTO-5-UPDOWN: Line protocol on Interface FastEthernet1/0/24, changed state to up
*Mar 1 00:51:47.652: %LINEPROTO-5-UPDOWN: Line protocol on Interface FastEthernet1/0/23, changed state to up
NYCORE2#
Notice that the physical interfaces and the Port-Channel interface go down. A few seconds later, the physical interfaces come up, but the Port-Channel remains down. This is because the passive keyword negotiates an EtherChannel link only if there is an LACP enabled device on the other end in active mode.
Step 6
Examine the state of the EtherChannel configuration by entering the following command:
NYCORE2#
show etherchannel summary
Press Enter.
You will see the following output:
NYCORE2#show etherchannel summary
Flags: D - down P - bundled in port-channel
I - stand-alone s - suspended
H - Hot-standby (LACP only)
R - Layer3 S - Layer2
U - in use f - failed to allocate aggregator
M - not in use, minimum links not met
u - unsuitable for bundling
w - waiting to be aggregated
d - default port
Number of channel-groups in use: 1
Number of aggregators: 1
Group Port-channel Protocol Ports
------+-------------+-----------+-----------------------------------------------
1 Po1(SD) LACP Fa1/0/23(I) Fa1/0/24(I)
NYCORE2#
Notice once more that the EtherChannel is in a state of down.
Leave the devices in their current state and continue on to the next task.
Task 4 - Configure Layer 3 EtherChannel
Layer 3 EtherChannel on a Cisco switch is similar to an interface on a router. It will enable the switch to route traffic using the interface as it uses Layer 3 of the OSI model. In this task, you will configure the EtherChannel interfaces on both NYCORE1 and NYCORE2 as Layer 3 EtherChannel interfaces.
Note: It is important to first remove the current EtherChannel configuration in order to avoid Layer2 and Layer3 configuration mismatches.
Step 1
First, you will clear all of the EtherChannel configurations that you have created until now on both NYCORE1 and NYCORE2.
To do so, implement the following commands:
Connect to NYCORE1 and type the following commands (press Enter after each command):
NYCORE1#
configure terminal
NYCORE1(config)#
interface range fastethernet 1/0/23 - 24
NYCORE1(config-if-range)#
no channel-group 1
NYCORE1(config-if-range)#
exit
NYCORE1(config)#
no interface port-channel 1
NYCORE1(config)#
exit
You will see the following output:
NYCORE1#configure terminal
Enter configuration commands, one per line. End with CNTL/Z.
NYCORE1(config)#interface range fastethernet 1/0/23 - 24
NYCORE1(config-if-range)#no channel-group 1
NYCORE1(config-if-range)#exit
NYCORE1(config)#no interface port-channel 1
NYCORE1(config)#exit
NYCORE1#
Connect to NYCORE2 and type the following commands (press Enter after each command):
NYCORE2#
configure terminal
NYCORE2(config)#
interface range fastethernet 1/0/23 - 24
NYCORE2(config-if-range)#
no channel-group 1
NYCORE2(config-if-range)#
exit
NYCORE2(config)#
no interface port-channel 1
NYCORE2(config)#
exit
The output will be as follows:
NYCORE2#configure terminal
Enter configuration commands, one per line. End with CNTL/Z.
NYCORE2(config)#interface range fastethernet 1/0/23 - 24
NYCORE2(config-if-range)#no channel-group 1
NYCORE2(config-if-range)#exit
NYCORE2(config)#no interface port-channel 1
NYCORE2(config)#exit
NYCORE2#
You will see a series of syslog messages indicating that the interfaces have gone down.
Step 2
Connect to NYCORE1.
Configure both the FastEthernet 1/0/23 and 1/0/24 interfaces as routed interfaces and assign them to channel-group 1 with a mode of on.
Type the following commands (press Enter after each command):
NYCORE1#
configure terminal
NYCORE1(config)#
interface range fastethernet 1/0/23 - 24
NYCORE1(config-if-range)#
no switchport
NYCORE1(config-if-range)#
channel-group 1 mode on
NYCORE1(config-if-range)#
exit
You will see the following output:
NYCORE1#configure terminal
Enter configuration commands, one per line. End with CNTL/Z.
NYCORE1(config)#interface range fastethernet 1/0/23 - 24
NYCORE1(config-if-range)#no switchport
NYCORE1(config-if-range)#channel-group 1 mode on
Creating a port-channel interface Port-channel 1
NYCORE1(config-if-range)#
NYCORE1(config-if-range)#exit
NYCORE1(config)#
Although they are not shown above, the syslog message will indicate that ports are going down and coming back up. The most important syslog message should be the one indicating that the port-channel 1 has come up.
Note: Layer 3 EtherChannel can be configured using statically or dynamically configured EtherChannel. Static configuration is chosen here for simplicity.
Step 3
You have made the physical interfaces routed ports. This means the new port-channel 1 interface is also a routed port. Here you will assign an IP address of 192.168.18.1/24 to this routed port.
Note: A routed port, by definition, is one that can have an IP address assigned to it. This is also called a Layer3 port. If assigning an IP address is successful, then the EtherChannel created is indeed Layer3.
Type the following commands (press Enter after each command):
NYCORE1(config)#
interface port-channel 1
NYCORE1(config-if)#
ip address 192.168.18.1 255.255.255.0
NYCORE1(config-if)#
exit
NYCORE1(config)#
exit
You will see the following output:
NYCORE1(config)#interface port-channel 1
NYCORE1(config-if)#ip address 192.168.18.1 255.255.255.0
NYCORE1(config-if)#exit
NYCORE1(config)#exit
NYCORE1#
The assignment of the IP address is successful.
Step 4
Similarly, configure the other end of the Etherchannel connection on NYCORE2 with the following commands.
Connect to NYCORE2 and assign an address of 192.168.18.2/24 on this interface by typing the following commands (press Enter after each command):
NYCORE2#
configure terminal
NYCORE2(config)#
interface range fastethernet 1/0/23 - 24
NYCORE2(config-if-range)#
no switchport
NYCORE2(config-if-range)#
channel-group 1 mode on
NYCORE2(config-if-range)#
exit
NYCORE2(config)#
interface port-channel 1
NYCORE2(config-if)#
ip address 192.168.18.2 255.255.255.0
NYCORE2(config-if)#
exit
NYCORE2(config)#
exit
You will see the following output:
NYCORE2#configure terminal
Enter configuration commands, one per line. End with CNTL/Z.
NYCORE2(config)#interface range fastethernet 1/0/23 - 24
NYCORE2(config-if-range)#no switchport
NYCORE2(config-if-range)#channel-group 1 mode on
Creating a port-channel interface Port-channel 1
NYCORE2(config-if-range)#exit
NYCORE2(config)#interface port-channel 1
NYCORE2(config-if)#ip address 192.168.18.2 255.255.255.0
NYCORE2(config-if)#exit
NYCORE2(config)#exit
NYCORE2#
Syslog messages are generated once again but are omitted from the above output.
Step 5
Test the connectivity between the two ends of the EtherChannel link by pinging NYCORE1 from NYCORE2.
NYCORE2#
ping 192.168.18.1
Press Enter.
You will see the following output:
NYCORE2#ping 192.168.18.1
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 192.168.18.1, timeout is 2 seconds:
.!!!!
Success rate is 80 percent (4/5), round-trip min/avg/max = 1/4/8 ms
NYCORE2#
Notice the ping is successful.
Step 6
Examine the EtherChannel summary on NYCORE2 by entering the following command:
NYCORE2#
show etherchannel summary
Press Enter.
The output will be as follows:
NYCORE2#show etherchannel summary
Flags: D - down P - bundled in port-channel
I - stand-alone s - suspended
H - Hot-standby (LACP only)
R - Layer3 S - Layer2
U - in use f - failed to allocate aggregator
M - not in use, minimum links not met
u - unsuitable for bundling
w - waiting to be aggregated
d - default port
Number of channel-groups in use: 1
Number of aggregators: 1
Group Port-channel Protocol Ports
------+-------------+-----------+-----------------------------------------------
1 Po1(RU) - Fa1/0/23(P) Fa1/0/24(P)
NYCORE2#
In the Port-channel column, notice the flags (RU). R indicates a routed or Layer3 EtherChannel, and U indicates that the port-channel is up.
You have successfully configured a Layer3 EtherChannel link.
Comments