Tag - Lan Segments

What is Spanning Tree Protocol (STP) and how does it work?

The Spanning Tree Protocol (STP):

The Spanning Tree Protocol (STP) is a network protocol that ensures a loop-free topology for any bridged Ethernet local area network. The basic function of STP is to prevent bridge loops and ensuing broadcast radiation. Spanning tree also allows a network design to include spare (redundant) links to provide automatic backup paths if an active link fails, without the danger of bridge loops, or the need for manual enabling/disabling of these backup links.

Spanning Tree Protocol (STP) is standardized as IEEE 802.1D. As the name suggests, it creates a spanning tree within a mesh network of connected layer-2 bridges (typically Ethernet switches), and disables those links that are not part of the spanning tree, leaving a single active path between any two network nodes.

STP is based on an algorithm invented by Radia Perlman while working for Digital Equipment Corporation.

STP-Spanning Tree Protocol

Protocol operation

The collection of bridges in a local area network (LAN) can be considered a graph whose nodes are bridges and LAN segments (or cables), and whose edges are the interfaces connecting the bridges to the segments. To break loops in the LAN while maintaining access to all LAN segments, the bridges collectively compute a spanning tree. The spanning tree is not necessarily a minimum cost spanning tree. A network administrator can reduce the cost of a spanning tree, if necessary, by altering some of the configuration parameters in such a way as to affect the choice of the root of the spanning tree. The spanning tree that the bridges compute using the Spanning Tree Protocol can be determined using the following rules. The example network at the right, below, will be used to illustrate the rules.

1. An example network. The numbered boxes represent bridges (the number represents the bridge ID). The lettered clouds represent network segments.

2. The smallest bridge ID is 3. Therefore, bridge 3 is the root bridge.

3. Assuming that the cost of traversing any network segment is 1, the least cost path from bridge 4 to the root bridge goes through network segment c. Therefore, the root port for bridge 4 is the one on network segment c.

4. The least cost path to the root from network segment e goes through bridge 92. Therefore the designated port for network segment e is the port that connects bridge 92 to network segment e.

5. This diagram illustrates all port states as computed by the spanning tree algorithm. Any active port that is not a root port or a designated port is a blocked port.

6. After link failure the spanning tree algorithm computes and spans new least-cost tree.

Select a root bridge. The root bridge of the spanning tree is the bridge with the smallest (lowest) bridge ID. Each bridge has a unique identifier (ID) and a configurable priority number; the bridge ID contains both numbers. To compare two bridge IDs, the priority is compared first. If two bridges have equal priority, then the MAC addresses are compared. For example, if switches A (MAC=0200.0000.1111) and B (MAC=0200.0000.2222) both have a priority of 10, then switch A will be selected as the root bridge. If the network administrators would like switch B to become the root bridge, they must set its priority to be less than 10.

Determine the least cost paths to the root bridge. The computed spanning tree has the property that messages from any connected device to the root bridge traverse a least cost path, i.e., a path from the device to the root that has minimum cost among all paths from the device to the root. The cost of traversing a path is the sum of the costs of the segments on the path. Different technologies have different default costs for network segments. An administrator can configure the cost of traversing a particular network segment. The property that messages always traverse least-cost paths to the root is guaranteed by the following two rules.

Least cost path from each bridge. After the root bridge has been chosen, each bridge determines the cost of each possible path from itself to the root. From these, it picks one with the smallest cost (a least-cost path). The port connecting to that path becomes the root port (RP) of the bridge.

Least cost path from each network segment. The bridges on a network segment collectively determine which bridge has the least-cost path from the network segment to the root. The port connecting this bridge to the network segment is then the designated port (DP) for the segment.

Disable all other root paths. Any active port that is not a root port or a designated port is a blocked port (BP).

Modifications in case of ties. The above rules over-simplify the situation slightly, because it is possible that there are ties, for example, two or more ports on a single bridge are attached to least-cost paths to the root or two or more bridges on the same network segment have equal least-cost paths to the root. To break such ties:

Breaking ties for root ports. When multiple paths from a bridge are least-cost paths, the chosen path uses the neighbor bridge with the lower bridge ID. The root port is thus the one connecting to the bridge with the lowest bridge ID. For example, in figure 3, if switch 4 were connected to network segment d, there would be two paths of length 2 to the root, one path going through bridge 24 and the other through bridge 92. Because there are two least cost paths, the lower bridge ID (24) would be used as the tie-breaker in choosing which path to use.

Breaking ties for designated ports. When more than one bridge on a segment leads to a least-cost path to the root, the bridge with the lower bridge ID is used to forward messages to the root. The port attaching that bridge to the network segment is the designated port for the segment. In figure 4, there are two least cost paths from network segment d to the root, one going through bridge 24 and the other through bridge 92. The lower bridge ID is 24, so the tie breaker dictates that the designated port is the port through which network segment d is connected to bridge 24. If bridge IDs were equal, then the bridge with the lowest MAC address would have the designated port. In either case, the loser sets the port as being blocked.

The final tie-breaker. In some cases, there may still be a tie, as when two bridges are connected by multiple cables. In this case, multiple ports on a single bridge are candidates for root port. In this case, the path which passes through the port on the neighbor bridge that has the lowest port priority is used.

Data rate and STP path cost

The table below shows the default cost of an interface for a given data rate.

Data rate STP Cost (802.1D-1998) STP Cost (802.1t-2001)
4 Mbit/s 250 5,000,000
10 Mbit/s 100 2,000,000
16 Mbit/s 62 1,250,000
100 Mbit/s 19 200,000
1 Gbit/s 4 20,000
2 Gbit/s 3 10,000
10 Gbit/s 2 2,000

Bridge Protocol Data Units (BPDUs)

The above rules describe one way of determining what spanning tree will be computed by the algorithm, but the rules as written require knowledge of the entire network. The bridges have to determine the root bridge and compute the port roles (root, designated, or blocked) with only the information that they have. To ensure that each bridge has enough information, the bridges use special data frames called Bridge Protocol Data Units (BPDUs) to exchange information about bridge IDs and root path costs.

A bridge sends a BPDU frame using the unique MAC address of the port itself as a source address, and a destination address of the STP multicast address 01:80:C2:00:00:00.

There are three types of BPDUs:

  • Configuration BPDU (CBPDU), used for Spanning Tree computation
  • Topology Change Notification (TCN) BPDU, used to announce changes in the network topology
  • Topology Change Notification Acknowledgment (TCA)

BPDUs are exchanged regularly (every 2 seconds by default) and enable switches to keep track of network changes and to start and stop forwarding at ports as required.

When a device is first attached to a switch port, it will not immediately start to forward data. It will instead go through a number of states while it processes BPDUs and determines the topology of the network. When a host is attached such as a computer, printer or server the port will always go into the forwarding state, albeit after a delay of about 30 seconds while it goes through the listening and learning states (see below). The time spent in the listening and learning states is determined by a value known as the forward delay (default 15 seconds and set by the root bridge). However, if instead another switch is connected, the port may remain in blocking mode if it is determined that it would cause a loop in the network. Topology Change Notification (TCN) BPDUs are used to inform other switches of port changes. TCNs are injected into the network by a non-root switch and propagated to the root. Upon receipt of the TCN, the root switch will set a Topology Change flag in its normal BPDUs. This flag is propagated to all other switches to instruct them to rapidly age out their forwarding table entries.

STP switch port states:

  • Blocking – A port that would cause a switching loop, no user data is sent or received but it may go into forwarding mode if the other links in use were to fail and the spanning tree algorithm determines the port may transition to the forwarding state. BPDU data is still received in blocking state.
  • Listening – The switch processes BPDUs and awaits possible new information that would cause it to return to the blocking state.
  • Learning – While the port does not yet forward frames (packets) it does learn source addresses from frames received and adds them to the filtering database (switching database)
  • Forwarding – A port receiving and sending data, normal operation. STP still monitors incoming BPDUs that would indicate it should return to the blocking state to prevent a loop.
  • Disabled – Not strictly part of STP, a network administrator can manually disable a port

To prevent the delay when connecting hosts to a switch and during some topology changes, Rapid STP was developed and standardized by IEEE 802.1w, which allows a switch port to rapidly transition into the forwarding state during these situations.

BPDU fields

The bridge ID, or BID, is a field inside a BPDU packet. It is eight bytes in length. The first two bytes are the Bridge Priority, an unsigned integer of 0-65,535. The last six bytes are a MAC address supplied by the switch. In the event that MAC Address Reduction is used, the first two bytes are used differently. The first four bits are a configurable priority, and the last twelve bits carry either the VLAN ID or MSTP instance number.

Evolutions and extensions

The first spanning tree protocol was invented in 1985 at the Digital Equipment Corporation by Radia Perlman.[1] In 1990, the IEEE published the first standard for the protocol as 802.1D,[3] based on the algorithm designed by Perlman. Subsequent versions were published in 1998[4] and 2004,[5] incorporating various extensions.

Although the purpose of a standard is to promote interworking of equipment from different vendors, different implementations of a standard are not guaranteed to work, due for example to differences in default timer settings. The IEEE encourages vendors to provide a “Protocol Implementation Conformance Statement”, declaring which capabilities and options have been implemented,to help users determine whether different implementations will interwork correctly.

Also, the original Perlman-inspired Spanning Tree Protocol, called DEC STP, is not a standard and differs from the IEEE version in message format as well as timer settings. Some bridges implement both the IEEE and the DEC versions of the Spanning Tree Protocol, but their interworking can create issues for the network administrator, as illustrated by the problem discussed in an on-line Cisco document.

Rapid Spanning Tree Protocol (RSTP)

In 2001, the IEEE introduced Rapid Spanning Tree Protocol(RSTP) as 802.1w. RSTP provides significantly faster spanning tree convergence after a topology change, introducing new convergence behaviors and bridge port roles to do this. RSTP was designed to be backwards-compatible with standard STP.

While STP can take 30 to 50 seconds to respond to a topology change, RSTP is typically able to respond to changes within 3*Hello times (default: 6 seconds) or within a few milliseconds of a physical link failure. The so-called Hello time is an important and configurable time interval that is used by RSTP for several purposes; its default value is 2 seconds.Standard IEEE 802.1D-2004 now incorporates RSTP and obsoletes the original STP standard.

RSTP Operation

RSTP adds new bridge port roles in order to speed convergence following a link failure.

RSTP bridge port roles:

  • Root – A forwarding port that is the best port from Nonroot-bridge to Rootbridge
  • Designated – A forwarding port for every LAN segment
  • Alternate – An alternate path to the root bridge. This path is different than using the root port.
  • Backup – A backup/redundant path to a segment where another bridge port already connects.
  • Disabled – Not strictly part of STP, a network administrator can manually disable a port

Additional RSTP Operation Details:

  • Detection of root switch failure is done in 3 hello times, which is 6 seconds if default hello times have not been changed.
  • Ports may be configured as edge ports if they are attached to a LAN that has no other bridges attached. These edge ports transition directly to the forwarding state. RSTP still continues to monitor the port for BPDUs in case a bridge is connected. RSTP can also be configured to automatically detect edge ports. As soon as the bridge detects a BPDU coming to an edge port, the port becomes a non-edge port.
  • Unlike in STP, RSTP will respond to BPDUs sent from the direction of the root bridge. An RSTP bridge will “propose” its spanning tree information to its designated ports. If another RSTP bridge receives this information and determines this is the superior root information, it sets all its other ports to discarding. The bridge may send an “agreement” to the first bridge confirming its superior spanning tree information. The first bridge, upon receiving this agreement, knows it can rapidly transition that port to the forwarding state bypassing the traditional listening/learning state transition. This essentially creates a cascading effect away from the root bridge where each designated bridge proposes to its neighbors to determine if it can make a rapid transition. This is one of the major elements that allows RSTP to achieve faster convergence times than STP.
  • As discussed in the port role details above, RSTP maintains backup details regarding the discarding status of ports. This avoids timeouts if the current forwarding ports were to fail or BPDUs were not received on the root port in a certain interval.
  • RSTP will revert to legacy STP on an interface if a legacy version of an STP BPDU is detected on that port.

Per-VLAN Spanning Tree (PVST)

In Ethernet switched environments where multiple Virtual LANs exist, spanning tree can be deployed per Virtual LAN. Cisco’s name for this is per VLAN spanning tree (PVST and PVST+, which is the default protocol used by Cisco switches). Both PVST and PVST+ protocols are Cisco proprietary protocols and they cannot be used on most 3rd party switches. Some equipment from Force10 Networks, Extreme Networks, and Blade Network Technologies support PVST+Extreme Networks does so with two limitations (lack of support on ports where the VLAN is untagged/native and also on the VLAN with ID 1). PVST works only with ISL (Cisco’s proprietary protocol for VLAN encapsulation) due to its embedded Spanning tree ID. Due to high penetration of the IEEE 802.1Q VLAN trunking standard and PVST’s dependence on ISL, Cisco defined a different PVST+ standard for 802.1Q encapsulation. PVST+ can tunnel across an MSTP Region.[12]

Multiple Spanning Tree Protocol (MSTP)

The Multiple Spanning Tree Protocol (MSTP), originally defined in IEEE 802.1s and later merged into IEEE 802.1Q-2005, defines an extension to RSTP to further develop the usefulness of virtual LANs (VLANs). This “Per-VLAN” Multiple Spanning Tree Protocol configures a separate Spanning Tree for each VLAN group and blocks all but one of the possible alternate paths within each Spanning Tree.

If there is only one Virtual LAN (VLAN) in the network, single (traditional) STP works appropriately. If the network contains more than one VLAN, the logical network configured by single STP would work, but it is possible to make better use of the alternate paths available by using an alternate spanning tree for different VLANs or groups of VLANs.

MSTP allows formation of MST regions that can run multiple MST instances (MSTI). Multiple regions and other STP bridges are interconnected using one single common spanning tree (CST).

MSTP is similar to Cisco Systems’ Multiple Instances Spanning Tree Protocol (MISTP), and is an evolution of the Spanning Tree Protocol and the Rapid Spanning Tree Protocol. It was introduced in IEEE 802.1s as an amendment to 802.1Q, 1998 edition. Standard IEEE 802.1Q-2005 now includes MSTP.

Unlike some proprietary per-VLAN spanning tree implementations,MSTP includes all of its spanning tree information in a single BPDU format. Not only does this reduce the number of BPDUs required on a LAN to communicate spanning tree information for each VLAN, but it also ensures backward compatibility with RSTP (and in effect, classic STP too). MSTP does this by encoding additional region information after the standard RSTP BPDU as well as a number of MSTI messages (from 0 to 64 instances, although in practice many bridges support fewer). Each of these MSTI configuration messages conveys the spanning tree information for each instance. Each instance can be assigned a number of configured VLANs and frames (packets) assigned to these VLANs operate in this spanning tree instance whenever they are inside the MST region. In order to avoid conveying their entire VLAN to spanning tree mapping in each BPDU, bridges encode an MD5 digest of their VLAN to instance table in the MSTP BPDU. This digest is then used by other MSTP bridges, along with other administratively configured values, to determine if the neighboring bridge is in the same MST region as itself.

MSTP is fully compatible with RSTP bridges, in that an MSTP BPDU can be interpreted by an RSTP bridge as an RSTP BPDU. This not only allows compatibility with RSTP bridges without configuration changes, but also causes any RSTP bridges outside of an MSTP region to see the region as a single RSTP bridge, regardless of the number of MSTP bridges inside the region itself. In order to further facilitate this view of an MST region as a single RSTP bridge, the MSTP protocol uses a variable known as remaining hops as a time to live counter instead of the message age timer used by RSTP. The message age time is only incremented once when spanning tree information enters an MST region, and therefore RSTP bridges will see a region as only one “hop” in the spanning tree. Ports at the edge of an MST region connected to either an RSTP or STP bridge or an endpoint are known as boundary ports. As in RSTP, these ports can be configured as edge ports to facilitate rapid changes to the forwarding state when connected to endpoints.

Rapid Per-VLAN Spanning Tree (R-PVST)

Cisco’s proprietary protocol that combines the functionalities of RSTP and PVST. It is based on a per VLAN instance that creates a tree for each VLAN.

VLAN

The Basic Definition

The acronym VLAN expands to Virtual Local Area Network. A VLAN is a logical local area network (or LAN) that extends beyond a single traditional LAN to a group of LAN segments, given specific configurations. Because a VLAN is a logical entity, its creation and configuration is done completely in software.

How Is a VLAN Identified

Since a VLAN is a software concept, identifiers and configurations for a VLAN must be properly prepared for it to function as expected. Frame coloring is the process used to ensure that VLAN members or groups are properly identified and handled. With frame coloring, packets are given the proper VLAN ID at their origin so that they may be properly processed as they pass through the network. The VLAN ID is then used to enable switching and routing engines to make the appropriate decisions as defined in the VLAN configuration.

Why Use VLANs

Traditional network designs use routers to create broadcast domains and limit broadcasts between multiple subnets. This prevents broadcast floods in larger networks from consuming resources, or causing unintentional denials of service unnecessarily. Unfortunately, the traditional network design methodology has some flaws in design

  • Geographic Focus – Traditional network designs focus on physical locations of equipment and personnel for addressing and LAN segment placement. Because of this there are a few significant drawbacks:
  • Network segments for physically disjointed organizations cannot be part of the same address space. Each physical location must be addressed independently, and be part of its own broadcast domain. This can force personnel to be located in a central location, or to have additional latency or connectivity shortfalls.
  • Relocations of personnel and departments can become difficult, especially if the original location retains its network segments. Relocated equipment will have to be reconfigured based on the new network configuration.

A VLAN solution can alleviate both of these drawbacks by permitting the same broadcast domain to extend beyond a single segment.

  • Additional Bandwidth Usage – Traditional network designs require additional bandwidth because packets have to pass through multiple levels of network connectivity because the network is segmented.

A proper VLAN design can ensure that only devices that have that VLAN defined on it will receive and forward packets intended as source or destination of the network flow.

Types of VLAN

There are only two types of VLAN possible today, cell-based VLANs and frame-based VLANs.

  • Cell-based VLANs are used in ATM switched networks with LAN Emulation (or LANE). LANE is used to allow hosts on legacy LAN segments to communicate using ATM networks without having to use special hardware or software modification.
  • Frame-based VLANs are used in ethernet networks with frame tagging. The two primary types of frame tagging are IEEE 802.10 and ISL (Inter Switch Link is a Cisco proprietary frame-tagging). Keep in mind that the 802.10 standard makes it possible to deploy VLANs with 802.3 (Ethernet), 802.5 (Token-Ring), and FDDI, but ethernet is most common.

VLAN modes

There are three different modes in which a VLAN can be configured. These modes are covered below:

  • VLAN Switching Mode – The VLAN forms a switching bridge in which frames are forwarded unmodified.
  • VLAN Translation Mode – VLAN translation mode is used when the frame tagging method is changed in the network path, or if the frame traverses from a VLAN group to a legacy or native interface which is not configured in a VLAN. When the packet is to pass into a native interface, the VLAN tag is removed so that the packet can properly enter the native interface.
  • VLAN Routing Mode – When a packet is routed from one VLAN to a different VLAN, you use VLAN routing mode. The packet is modified, usually by a router, which places its own MAC address as the source, and then changes the VLAN ID of the packet.

vlan-modes

VLAN configurations

Different terminology is used between different hardware manufacturers when it comes to VLANs. Because of this there is often confusion at implementation time. Following are a few details, and some examples to assist you in defining your VLANs so confusion is not an issue.

Cisco VLAN terminology

You need a few details to define a VLAN on most Cisco equipment. Unfortunately, because Cisco sometimes acquires the technologies they use to fill their switching, routing and security product lines, naming conventions are not always consistent. For this article, we are focusing only one Cisco switching and routing product lines running Cisco IOS.

  • VLAN ID – The VLAN ID is a unique value you assign to each VLAN on a single device. With a Cisco routing or switching device running IOS, your range is from 1-4096. When you define a VLAN you usually use the syntax “vlan x” where x is the number you would like to assign to the VLAN ID. VLAN 1 is reserved as an administrative VLAN. If VLAN technologies are enabled, all ports are a member of VLAN 1 by default.
  • VLAN Name – The VLAN name is an text based name you use to identify your VLAN, perhaps to help technical staff in understanding its function. The string you use can be between 1 and 32 characters in length.
  • Private VLAN – You also define if the VLAN is to be a private vlan in the VLAN definition, and what other VLAN might be associated with it in the definition section. When you configure a Cisco VLAN as a private-vlan, this means that ports that are members of the VLAN cannot communicate directly with each other by default. Normally all ports which are members of a VLAN can communicate directly with each other just as they would be able to would they have been a member of a standard network segment. Private vlans are created to enhance the security on a network where hosts coexisting on the network cannot or should not trust each other. This is a common practice to use on web farms or in other high risk environments where communication between hosts on the same subnet are not necessary. Check your Cisco documentation if you have questions about how to configure and deploy private VLANs.
  • VLAN modes – in Cisco IOS, there are only two modes an interface can operate in, “mode access” and “mode trunk”. Access mode is for end devices or devices that will not require multiple VLANs. Trunk mode is used for passing multiple VLANs to other network devices, or for end devices that need to have membership to multiple VLANs at once. If you are wondering what mode to use, the mode is probably “mode access”.

Cisco VLAN implementations

VLAN Definition

To define a VLAN on a cisco device, you need a VLAN ID, a VLAN name, ports you would like to participate in the VLAN, and the type of membership the port will have with the VLAN.

  • Step 1 – Log into the router or switch in question and get into enable mode.
  • Step 2 – Get into configuration mode using “conf t”.
  • Step 3 – Create your VLAN by entering “vlan X” where X is the ID you would like to assign the VLAN.
  • Step 4 – Name your VLAN by entering “name “. Replace with the string you would like to identify your VLAN by.
  • Step 5 – If you want your new VLAN to be a private-vlan, you now enter “private-vlan primary” and “private-vlan association Y” where Y is the secondary VLAN you want to associate with the primary vlan. If you would like the private VLAN to be community based, you enter “private-vlan community” instead.
  • Step 6 – Exit configuration mode by entering “end”.
  • Step 7 – Save your configuration to memory by entering “wr mem” and to the network if you have need using “wr net”. You may have to supply additional information to write configurations to the network depending on your device configuration.

You have now created a vlan by assigning it an ID, and giving it a name. At this point, the VLAN has no special configuration to handle IP traffic, nor are there any ports that are members of the VLAN. The next section describes how you complete your vlan configuration.

VLAN Configuration

A VLAN isn’t much use if you haven’t assigned it an IP Address, the subnet netmask, and port membership. In normal network segment configurations on routers, individual interfaces or groups of interfaces (called channels) are assigned IP addresses. When you use VLANs, individual interfaces are members of VLANs and do not have individual IP addresses, and generally don’t have access lists applied to them. Those features are usually reserved for the VLAN interfaces. The following steps detail one method of creating and configuring your VLAN interface. NOTE: These steps have already assumed that you have logged into the router, gotten into enable mode, and entered configuration mode. These specific examples are based on the Cisco 6500 series devices.

  • Step 1 – Enter “Interface VlanX” where X is the VLAN ID you used in the VLAN definition above.
  • Step 2 – This step is optional. Enter “description VLAN” where VLAN description details what the VLAN is going to be used for. You can just simply re-use the VLAN name you used above if you like.
  • Step 3 – Enter “ip address
    ” where
    is the address you want to assign this device in the VLAN, and is the network mask for the subnet you have assigned the VLAN.
  • Step 4 – The step is optional. Create and apply an access list to the VLAN for inbound and outbound access controls. For a standard access list enter “access-group XXX in” and “access-group YYY out” where XXX and YYY corresponds to access-lists you have previously configured. Remember that the terms are taken in respect to the specific subnet or interface, so “in” means from the VLAN INTO the router, and “out” means from the router OUT to the VLAN.
  • Step 5 – This step is optional. Enter the private VLAN mapping you would like to use if the port is part of a private VLAN. This should be the same secondary VLAN you associated with the primary VLAN in VLAN definition above. Enter “private-vlan mapping XX” where XX is the VLAN ID of the secondary VLAN you would like to associate with this VLAN.
  • Step 6 – This step is optional. Configure HSRP and any other basic interface configurations you would normally use for your Cisco device.
  • Step 7 – Exit configuration mode by entering “end”.
  • Step 8 – Save your configuration to memory by entering “wr mem” and to the network if you have need using “wr net”. You may have to supply additional information to write configurations to the network depending on your device configuration.

Now you have your vlan defined and configured, but no physical ports are a member of the VLAN, so the VLAN still isn’t of much use. Next port membership in the VLAN is described. IOS devices describe interfaces based on a technology and a port number, as with “FastEthernet3/1” or “GigabitEthernet8/16”. Once you have determined which physical ports you want to be members of the VLAN you can use the following steps to configure it. NOTE: These steps have already assumed that you have logged into the router, gotten into enable mode, and entered configuration mode.

For access ports

  • Step 1 – Enter “Interface ” where is the name Cisco has assigned the interface you would like to associate with the VLAN.
  • Step 2 – This step is optional. Enter “description ” where is text describing the system connected to the interface in question. It is usually helpful to provide DNS hostname, IP Address, which port on the remote system is connected, and its function.
  • Step 3 – This step depends on your equipment and IOS version, and requirements. Enter “switchport” if you need the interface to act as a switch port. Some hardware does not support switchport mode, and can only be used as a router port. Check your documentation if you don’t know the difference between a router port and a switch port.
  • Step 4 – Only use this step if you used step 3 above. Enter “switchport access vlan X” where X is the VLAN ID of the VLAN you want the port to be a member of.
  • Step 5 – Only use this step if you used step 3 above. Enter “switchport mode access” to tell the port that you want it to be used as an access port.
  • Step 6 – Exit configuration mode by entering “end”.
  • Step 7 – Save your configuration to memory by entering “wr mem” and to the network if you have need using “wr net”. You may have to supply additional information to write configurations to the network depending on your device configuration.

For trunk ports

  • Step 1 – Enter “Interface ” where is the name Cisco has assigned the interface you would like to associate with the VLAN.
  • Step 2 – This step is optional. Enter “description ” where is text describing the system connected to the interface in question. It is usually helpful to provide DNS hostname, IP Address, which port on the remote system is connected, and its function.
  • Step 3 – This step depends on your equipment and IOS version, and requirements. Enter “switchport” if you need the interface to act as a switch port. Some hardware does not support switchport mode, and can only be used as a router port. Check your documentation if you don’t know the difference between a router port and a switch port.
  • Step 4 – Only use this step if you used step 3 above. Enter “switchport trunk encapsulation dot1q”. This tells the VLAN to use dot1q encapsulation for the VLAN, which is the industry standard encapsulation for trunking. There are other encapsulation options, but your equipment may not operate with non Cisco equipment if you use them.
  • Step 5 – Only use this step if you used step 3 above. Enter “switchport trunk allowed vlan XX, YY, ZZ” where XX, YY, and ZZ are VLANs you want the trunk to include. You can define one or more VLANs to be allowed in the trunk.
  • Step 6 – Only use this step if you used step 3 above. Enter “switchport mode trunk” to tell the port to operate as a VLAN trunk, and not as an access port.
  • Step 7 – Exit configuration mode by entering “end”.
  • Step 8 – Save your configuration to memory by entering “wr mem” and to the network if you have need using “wr net”. You may have to supply additional information to write configurations to the network depending on your device configuration.

For private VLAN ports

  • Step 1 – Enter “Interface ” where is the name Cisco has assigned the interface you would like to associate with the VLAN.
  • Step 2 – This step is optional. Enter “description ” where is text describing the system connected to the interface in question. It is usually helpful to provide DNS hostname, IP Address, which port on the remote system is connected, and its function.
  • Step 3 – This step depends on your equipment and IOS version, and requirements. Enter “switchport” if you need the interface to act as a switch port. Some hardware does not support switchport mode, and can only be used as a router port. Check your documentation if you don’t know the difference between a router port and a switch port.
  • Step 4 – Enter “switchport private-vlan host association XX YY” where XX is the primary VLAN you want to assign, YY is the secondary VLAN you want to associate with it.
  • Step 5 – Enter “switchport mode private-vlan host” to force the port to operate as a private-vlan in host mode.
  • Step 6 – Exit configuration mode by entering “end”.
  • Step 7 – Save your configuration to memory by entering “wr mem” and to the network if you have need using “wr net”. You may have to supply additional information to write configurations to the network depending on your device configuration.

You should now have your VLAN properly implemented on a Cisco IOS device.

HP VLAN terminology

HP’s Procurve line of switchgear is becoming more and more prevalent in enterprise and other business environments. Because of this, it isn’t uncommon to have to get Cisco and Procurve hardware to integrate, and because of terminology this can be a challenge. Below some of the VLAN terminology is defined so there is less opportunity for confusion.

  • VLAN ID – Fortunately, VLAN id’s are pretty much the same everywhere, the only significant differences are the range of IDs that can be used. With Procurve devices, the number of VLANs is defined in the configuration. The default maximum VLANs supported on a Procurve device differs between models and firmware revisions, but is commonly set to 8. Newer Procurve hardware supports 4,096 VLAN ids, but only 256 concurrently defined VLANs on a single device. VLAN ID 1 is reserved for the “DEFAULT_VLAN” or the default administrative VLAN.
  • VLAN names – VLAN names are text fields that assist technicians to identify VLANs. Procurve allows names up to 32 characters, but if you want it to properly display in menu configuration mode, you should probably limit the name to 12 characters.
  • VLAN modes – Procurve has three modes of operation for VLANs on the chassis, Untagged, Tagged, and No. Untagged mode is cisco’s access mode. This mode is used for ports that connect to end nodes, or devices that will not be passing VLAN traffic forward. Tagged mode is the same as Cisco’s trunk mode. This mode is used for ports that are connecting to devices that will be passing VLAN traffic forward, or for trunking multiple VLANs. No mode means that the port in question has no association whatsoever with that VLAN.
  • Special note on “trunk” – Lots of confusion surrounds the word “trunk” when you go between vendor equipment. In Cisco’s case, trunking is only used with VLANs. If you want to group multiple ethernet ports into a single logical ethernet group, they call it a channel-group. This is regardless of whether FEC or LACP is used for the channel properties. Procurve uses “trunk” to define a group of ethernet ports when using the HP trunking protocol, and the term “Tagged” for what Cisco calls a VLAN trunk. Of course, these two technologies have nothing to do with each other, but because of naming conventions, confusion arises.

HP Procurve VLAN implementations

VLAN Definition

Most modern Procurve switches enable VLAN use by default, but if, for some reason, you have an older model, log into the switch, get into manager mode, go to the switch configuration menu (usually item 2), then the VLAN menu (usually item 8), then the VLAN support item (usually item 1), and make sure VLANs are enabled. If you change this setting, you will need to reboot the switch to get it to activate properly. The configuration menu is useful for these kinds of activities, troubleshooting, and other things, but is a little more difficult for configuring multiple switches or for using configuration templates, so the rest of the HP Procurve configuration details will be provided for the console configuration mode. Aside for enabling VLAN support as a whole, VLAN definitions and configuration are created in the same place, so the rest of the configuration examples will be provided under the VLAN configuration topic.

VLAN Configuration

Configuring VLANs on a modern Procurve is pretty simple, you must first define the VLAN, set its properties, and then set up membership for ports and the VLAN mode they will support. The following list should help you accomplish these tasks. NOTE: HP has defined its interface ports by using a module/port convention. If you have a non-modular chassis (such as the 3448cl) then ports are numbered only using numbers, such as 1 or 36. If the chassis is modular (such as the 5308) then the ports number is prepended with the module slot, such as A1 or H6. No reference to the type of switch port (ethernet, fast ethernet, gigabit ethernet) is used for port reference.

  • Step 1 – Log into the switch and get into manager mode. If, after logging in, you are in the configuration menu, exit the configuration menu by selecting item 5 (in most cases) or by using the arrow keys on your keyboard to highlight the “Command Line (CLI)” item.
  • Step 2 – Enter “conf t” to get into terminal configuration mode.
  • Step 3 – Enter “vlan X” where X is the VLAN id of the VLAN you would like to create.
  • Step 4 – Name your VLAN by entering “name “”” where is a text string from 1 to 32 characters (12 characters if you care about the configuration menu display). You should use quotes when naming the VLAN.
  • Step 5 – Give the VLAN an IP address by entering “ip address ” where is the IP address you want to assign this switch in that subnet, and is the network mask for the subnet assigned.
  • Step 6 – This step is optional. If you want to assign some end node ports to the VLAN enter “untagged ” where is a list of ports either comma delimited if they are non-sequential, or using a dash between list beginning and end if they are. An example of this is “untagged 1,3,5,7-16”. This would configure ports 1, 3, 5, and 7 through 16 to be untagged on that VLAN.
  • Step 7 – This step is optional. If you want to assign some VLAN trunk ports to the VLAN enter “tagged ” where is a list of ports either comma delimited if they are non-sequential, or using a dash between list beginning and end if they are. An example of this is “untagged 1,3,5,7-16”. This would configure ports 1, 3, 5, and 7 through 16 to be untagged on that VLAN.
  • Step 8 – Enter “exit” to leave VLAN configuration mode.
  • Step 9 – Exit configuration mode by entering “exit” again.
  • Step 10 – Save your configuration by entering “wr memory”.

You have now successfully configured your HP Procurve VLAN.

Vendor Summary

If you are going to integrate Cisco and HP Procurve hardware on the same network, and you intend to use VLANs there are only a few things you need to remember:

  • For end nodes – Cisco uses “mode access”, HP uses “untagged” mode.
  • For VLAN dot1q trunks – Cisco uses “mode trunk”, HP uses “tagged” mode.
  • For no VLAN association – Cisco uses no notation at all, HP uses “no” mode in the configuration menu, or you have VLAN support turned off.

The next time you have to integrate the two with VLANs, this simple list should help keep you out of trouble.

Copyright ©2010 - 2021 Ciscoforall.com | Privacy Policy | Terms & Conditions

Porno Gratuit Porno Français Adulte XXX Brazzers Porn College Girls Film érotique Hard Porn Inceste Famille Porno Japonais Asiatique Jeunes Filles Porno Latin Brown Femmes Porn Mobile Porn Russe Porn Stars Porno Arabe Turc Porno caché Porno de qualité HD Porno Gratuit Porno Mature de Milf Porno Noir Regarder Porn Relations Lesbiennes Secrétaire de Bureau Porn Sexe en Groupe Sexe Gay Sexe Oral Vidéo Amateur Vidéo Anal