How to re-enable an Errdisable port?
September 25, 2008 by CCIETalk
Filed under Bridging & Switching, Security
So you have configured port-security on one of your ports and we all know that by default if the violation occurs, the port will be put in shutdown-errdisable mode. One way to get the port back up is to do a manual shut-noshut on it. In today’s world, this might become an administrative nightmare.
PVST+ Explained
July 17, 2008 by CCIETalk
Filed under Bridging & Switching
Petr over at Internetwork Expert has been writing some great articles related to CCIE field. His Private VLANs post was a great source of information for me and I just saw his latest post on PVST+. I have not worked with spanning tree in great detail and have read a few cisco docs on it but Petr’s explaination beat all of those.
“Cisco switches run different types of STP protocol, depending on whether the connected port is access, ISL trunk or 802.1q trunk. Natively, a Cisco switch runs a separate STP instance for each configured and active VLAN (this is called Per-VLAN Spanning Tree or PVST) and standard IEEE compliant switches run just one instance of STP protocol shared by all VLANs. Due to that, a group of switches running IEEE compatible STP protocol is called MST (Mono Spanning Tree) region.” Read more
Private VLANs explained
July 15, 2008 by CCIETalk
Filed under Bridging & Switching
I was browsing through the different CCIE blogs and saw this great posting @ IE’s blog. I think many CCIE students have hard time understanding Private VLANs and Petr did a great job explaining them.
Switching & Bridging finished!
July 3, 2008 by CCIETalk
Filed under Bridging & Switching
I know I have not blogged since I came back from Narbik’s bootcamp. I have been thinking about how I “should have” always studied but there is no point of looking at the past. I have made up a great schedule now and will try my best to follow it. I am scheduled to go back to Pasadena on August 11th 2008 for another stint at Narbik’s bootcamp so I am HOPING that I will be close to ready before I get there.
Narbik’s Bootcamp - Day 1
June 23, 2008 by CCIETalk
Filed under Bootcamp, Bridging & Switching, Frame Relay
Finally, the day I have been waiting for has arrived. Its 830am and I am sitting here in the class room. Comfort Inn had a nice Breakfast so I am ready to roll. We have 8 people in the class with different levels of experience. One of the guys has attempted the R&S lab 4 times already. Another guy was in the class with Ethan and Keith so we started talking about the whole Network World fiasco. Narbik looks like a teacher, and I mean Old School teacher! No projector, no power point, no computer screen - Just him and white board and he can spit commands out like a router. Guy knows every single option from the back of his head.
Narbik’s Soup-to-Nuts Workbook Switching Lab 4
June 5, 2008 by CCIETalk
Filed under Bridging & Switching, Narbik WB
Lab 4 wraps up the Switching section of the Narbik’s Soup-to-Nuts workbook. I was expecting this to be a little more than 6 tasks but I think this lab was designed to get you going on Private VLANs. Trust me private vlan is a great topic and majority of the network engineers don’t feel comfortable with it. I had a hard time understanding the basic concept so ended up reading the explaination on the DocCD along with Cisco Press books and finally was able to make sense out of it. Read my brief description in the other post. Now with this I think I am pretty decent with the switching portion of CCIE and should be able to tackle related tasks. I think I need to come up with a progress page where I can track my progess. There are a total of 118 labs in this workbook and with the speed I am going, I don’t see myself finishing these before I head to Pasadena. Let’s see if I can finish these up by this weekend 
Private VLANs
June 5, 2008 by CCIETalk
Filed under Bridging & Switching
Ok I have spent about 2 hours working with private vlans on 3560s. Just wanted to clear one thing for everyone reading this. Private VLANs are NOT supported on the 3550s. I didn’t realize that first up but after searching in the configuration guide, I finally realized that duh - Its not supported. That’s another one of those differences between our beloved 3550s and 3560s. Back to the topic, it took me a while to grasp this concept and wanted to write about it so others can benefit from the explaination.
Private VLANs are best suited for a service provider network who can isolate customer VLANs rather than assigning a new VLAN to every customer. Keep in mind that two of the major issues faced by service providers were:
- If every client was assigned a new VLAN, they would only be able to support 4096 client Not a smart business move.
- Then our already depleted IPV4 space would be further wasted just to pass traffic between clients.
Concept of a private vlan is very basic, take a vlan and subdivide that into many vlans. Each private vlan consists of ONE primary vlan and many secondary vlans. There are two types of secondary vlans: Isolated or secondary. You can assign many community vlans to a primary VLAN but only ONE isolated VLAN can be assigned to each primary VLAN. Read more
VLAN Management Policy Server
June 3, 2008 by CCIETalk
Filed under Bridging & Switching
When the VMPS receives a VQP request from a client switch, it searches its database for a MAC-address-to-VLAN mapping. The server response is based on this mapping and whether or not the server is in secure mode. Secure mode determines whether the server shuts down the port when a VLAN is not allowed on it or just denies the port access to the VLAN.
In response to a request, the VMPS takes one of these actions:
-
If the assigned VLAN is restricted to a group of ports, the VMPS verifies the requesting port against this group and responds as follows:
-
If the VLAN is allowed on the port, the VMPS sends the VLAN name to the client in response.
-
If the VLAN is not allowed on the port and the VMPS is not in secure mode, the VMPS sends an access-denied response.
-
If the VLAN is not allowed on the port and the VMPS is in secure mode, the VMPS sends a port-shutdown response.
-
If the VLAN in the database does not match the current VLAN on the port and active hosts exist on the port, the VMPS sends an access-denied or a port-shutdown response, depending on the secure mode of the VMPS.
Configuring Extended-Range VLANs on a Catalyst Switch
June 3, 2008 by CCIETalk
Filed under Bridging & Switching
When the switch is in VTP transparent mode (VTP disabled), you can create extended-range VLANs (in the range 1006 to 4094 for any switch port commands that allow VLAN IDs). Enter the vlan vlan-id global configuration command to access config-vlan mode and to configure extended-range VLANs. The VLAN database configuration mode (that you access by entering the vlan database privileged EXEC command) does not support the extended range.
Extended-range VLAN configurations are not stored in the VLAN database. Because VTP mode is transparent, they are stored in the switch running configuration file. You can save the configuration in the startup configuration file by using the copy running-config startup-config privileged EXEC command. Read more
Optimizing System Resources on a Catalyst Switch via SDM
June 3, 2008 by CCIETalk
Filed under Bridging & Switching
By using Switch Database Management (SDM) templates, you can configure memory resources in the switch to optimize support for specific features, depending on how the switch is used in your network. You can select one of four templates to specify how system resources are allocated. You can then approximate the maximum number of unicast MAC addresses, Internet Group Management Protocol (IGMP) groups, quality of service (QoS) access control entries (ACEs), security ACEs, unicast routes, multicast routes, subnet VLANs (routed interfaces), and Layer 2 VLANs that can be configured on the switch.
The four templates prioritize system memory to optimize support for these types of features:
Loading ...