Two great sites that I personally to follow to keep current with the Data Center Industry.
http://www.datacenterknowledge.com/
http://blogs.cisco.com/tag/datacenterdeconstructed/
Wednesday, November 28, 2012
Tuesday, November 27, 2012
PIM Sparse-Mode: Register via one link and SPT cutover via another link.
 |
| Figure 1 |
Lets enable multicast routing on all the devices, sparse-mode on the interfaces and configure RP details.
R1 - R2 - R3
ip multicast-routing
!
interface range fa0/0 - 1
ip pim sparse-mode
!
ip pim rp-address 1.1.1.1 multicast_groups override
!
ip access-list standard multicast_groups
permit 233.54.1.1
Now lets assign some ip addresses to the interfaces and setup static routes.
R3:
interface FastEthernet0/0
ip address 192.168.100.1 255.255.255.0
ip pim sparse-mode
speed 100
full-duplex
!
interface FastEthernet0/1
ip address 192.168.101.1 255.255.255.0
ip pim sparse-mode
speed 100
full-duplex
!
ip route 1.1.1.1 255.255.255.255 FastEthernet0/0 192.168.100.2 name RP
ip route 2.2.2.2 255.255.255.255 FastEthernet0/1 192.168.101.2 name 233_54_1_1_Source
R2:
interface FastEthernet0/0
ip address 192.168.103.2 255.255.255.0
ip pim sparse-mode
speed 100
full-duplex
!
interface FastEthernet0/1
ip address 192.168.101.2 255.255.255.0
ip pim sparse-mode
speed 100
full-duplex
ip route 1.1.1.1 255.255.255.255 FastEthernet0/0 192.168.103.1 name RP
ip route 2.2.2.2 255.255.255.255 FastEthernet0/0 192.168.103.1 name 233_54_1_1_Source
R1:
interface FastEthernet0/0
ip address 192.168.103.1 255.255.255.0
ip pim sparse-mode
speed 100
full-duplex
!
interface FastEthernet0/1
ip address 192.168.100.2 255.255.255.0
ip pim sparse-mode
speed 100
full-duplex
Now we need to configure our loopback interfaces on R1 for the RP address and Source address. Also enable sparse-mode on the loopback interfaces as well. If not, it wont work.
R1:
interface Loopback1
ip address 1.1.1.1 255.255.255.255
ip pim sparse-mode
!
interface Loopback2
ip address 2.2.2.2 255.255.255.255
ip pim sparse-mode
Lets setup a dummy loopback interface on R3 and we will statically configure our multicast group to it since I don't have an actual host to use to join the group. This will take the place of that.
R3:
interface Loopback0
ip address 3.3.3.3 255.255.255.255ip pim sparse-mode
ip igmp static-group 233.54.1.1
Now lets issue this command from R1. "ping 233.54.1.1 source loopback 2 repeat 3" I am just going to show you how R2 looks after we issue the command.
Currently R2 has no mcast state until the ping command is issued on R1 because R3 is sending a Join only to R1 and not R2 because of how routing is setup by design. When we added the static join to the R3 loopback interface, it let R1 know that it was interested in joinng this group and wanted to also know the source of the group. Since no data was being published from the host at that time, it never sent anything to R2. Once we issue the above command R3 will learn the source(2.2.2.2) and see that it has to go through R2 to reach that source and in turn tell R2 that it was to Join 233.54.1.1
R2#
*Mar 1 01:42:52.495: PIM(0): Check RP 1.1.1.1 into the (*, 233.54.1.1) entry
*Mar 1 01:42:52.551: PIM(0): Received v2 Join/Prune on FastEthernet0/1 from 192.168.101.1, to us
*Mar 1 01:42:52.551: PIM(0): Join-list: (2.2.2.2/32, 233.54.1.1), S-bit set
*Mar 1 01:42:52.555: PIM(0): Add FastEthernet0/1/192.168.101.1 to (2.2.2.2, 233.54.1.1), Forward state, by PI M SG Join
*Mar 1 01:42:52.555: PIM(0): Insert (2.2.2.2,233.54.1.1) join in nbr 192.168.103.1's queue
*Mar 1 01:42:52.559: PIM(0): Building Join/Prune packet for nbr 192.168.103.1
*Mar 1 01:42:52.559: PIM(0): Adding v2 (2.2.2.2/32, 233.54.1.1), S-bit Join
R2#
*Mar 1 01:42:52.559: PIM(0): Send v2 join/prune to 192.168.103.1 (FastEthernet0/0)
R2#
On R3 we can see the *,G and S,G have two different incoming interfaces. This is by design and expected because of how we have this setup.
IP Multicast Routing Table
Flags: D - Dense, S - Sparse, B - Bidir Group, s - SSM Group, C - Connected,
L - Local, P - Pruned, R - RP-bit set, F - Register flag,
T - SPT-bit set, J - Join SPT, M - MSDP created entry,
X - Proxy Join Timer Running, A - Candidate for MSDP Advertisement,
U - URD, I - Received Source Specific Host Report,
Z - Multicast Tunnel, z - MDT-data group sender,
Y - Joined MDT-data group, y - Sending to MDT-data group
Outgoing interface flags: H - Hardware switched, A - Assert winner
Timers: Uptime/Expires
Interface state: Interface, Next-Hop or VCD, State/Mode
(*, 233.54.1.1), 00:51:56/stopped, RP 1.1.1.1, flags: SJC
Incoming interface: FastEthernet0/0, RPF nbr 192.168.100.2
Outgoing interface list:
Loopback0, Forward/Sparse, 00:51:56/00:01:44
(2.2.2.2, 233.54.1.1), 00:00:03/00:02:56, flags: J
Incoming interface: FastEthernet0/1, RPF nbr 192.168.101.2
Outgoing interface list:
Loopback0, Forward/Sparse, 00:00:03/00:02:56
R3#
Sunday, November 25, 2012
Spanning-Tree Customization - Port Cost & Port Priority
We are going to review how to modify STA(Spanning Tree Algorithm) selection. We are going to use figure 1 for this.
Keep the following STP Rules in mind that will be used to choose a path:
Based on the below output we can see that the root port for vlan 25 is Gi1/47. Let supposed we wanted to use Gi1/48 instead of Gi1/47. How would we do this? We would need to modify the port cost on Switch 02 or modify the port priority that we are receiving from 01. In our case we will modify the port cost on Switch 02 for Gi1/48. The port cost is related to the port bandwidth. If you have a 10Mbit port then the port cost will be higher. Its an inverse affect.
Cisco_4948E_02#show spanning-tree vlan 25
VLAN0025
Spanning tree enabled protocol rstp
Root ID Priority 32793
Address 4055.39a7.bb80
Cost 4
Port 47 (GigabitEthernet1/47)
Hello Time 2 sec Max Age 20 sec Forward Delay 15 sec
Bridge ID Priority 32793 (priority 32768 sys-id-ext 25)
Address 4055.39a8.1000
Hello Time 2 sec Max Age 20 sec Forward Delay 15 sec
Aging Time 300 sec
Interface Role Sts Cost Prio.Nbr Type
------------------- ---- --- --------- -------- --------------------------------
Gi1/47 Root FWD 4 128.47 P2p
Gi1/48 Altn BLK 4 128.48 P2p
Lets make our changes and confirm Gi1/48 is now being used as the root port.
Cisco_4948E_02(config)#int gi 1/48
Cisco_4948E_02(config-if)#spanning-tree vlan 25 cost 2
Cisco_4948E_02(config-if)#end
Cisco_4948E_02#show spanning-tree vlan 25
VLAN0025
Spanning tree enabled protocol rstp
Root ID Priority 32793
Address 4055.39a7.bb80
Cost 2
Port 48 (GigabitEthernet1/48)
Hello Time 2 sec Max Age 20 sec Forward Delay 15 sec
Bridge ID Priority 32793 (priority 32768 sys-id-ext 25)
Address 4055.39a8.1000
Hello Time 2 sec Max Age 20 sec Forward Delay 15 sec
Aging Time 300 sec
Interface Role Sts Cost Prio.Nbr Type
------------------- ---- --- --------- -------- --------------------------------
Gi1/47 Altn BLK 4 128.47 P2p
Gi1/48 Root FWD 2 128.48 P2p
Now lets put everything back to default and we will modify the port-priority on Switch 01 and see how it affects the decision Switch 02 makes. Based on the below output all is back to Normal.
Cisco_4948E_02#show spanning-tree vlan 25
VLAN0025
Spanning tree enabled protocol rstp
Root ID Priority 32793
Address 4055.39a7.bb80
Cost 4
Port 47 (GigabitEthernet1/47)
Hello Time 2 sec Max Age 20 sec Forward Delay 15 sec
Bridge ID Priority 32793 (priority 32768 sys-id-ext 25)
Address 4055.39a8.1000
Hello Time 2 sec Max Age 20 sec Forward Delay 15 sec
Aging Time 300 sec
Interface Role Sts Cost Prio.Nbr Type
------------------- ---- --- --------- -------- --------------------------------
Gi1/47 Root FWD 4 128.47 P2p
Gi1/48 Altn BLK 4 128.48 P2p
Lets make some changes on Switch 01, but before we do this lets verify some details to compare afterwards. We can see the port id being received from Switch 01 is 128.47 for Gi1/47 and 128.48 for Gi1/48. We will modify this on Switch 01 and by changing this we will prefer Gi1/48. This will keep us inline with the original goal of using Gi1/48.
Cisco_4948E_02#show spanning-tree vlan 25 detail
VLAN0025 is executing the rstp compatible Spanning Tree protocol
Bridge Identifier has priority 32768, sysid 25, address 4055.39a8.1000
Configured hello time 2, max age 20, forward delay 15, transmit hold-count 6
Current root has priority 32793, address 4055.39a7.bb80
Root port is 47 (GigabitEthernet1/47), cost of root path is 4
Topology change flag not set, detected flag not set
Number of topology changes 10 last change occurred 00:32:15 ago
from GigabitEthernet1/47
Times: hold 1, topology change 35, notification 2
hello 2, max age 20, forward delay 15
Timers: hello 0, topology change 0, notification 0, aging 300
Port 47 (GigabitEthernet1/47) of VLAN0025 is root forwarding
Port path cost 4, Port priority 128, Port Identifier 128.47.
Designated root has priority 32793, address 4055.39a7.bb80
Designated bridge has priority 32793, address 4055.39a7.bb80
Designated port id is 128.47, designated path cost 0
Timers: message age 16, forward delay 0, hold 0
Number of transitions to forwarding state: 3
Link type is point-to-point by default
BPDU: sent 10, received 1362
Port 48 (GigabitEthernet1/48) of VLAN0025 is alternate blocking
Port path cost 4, Port priority 128, Port Identifier 128.48.
Designated root has priority 32793, address 4055.39a7.bb80
Designated bridge has priority 32793, address 4055.39a7.bb80
Designated port id is 128.48, designated path cost 0
Timers: message age 16, forward delay 0, hold 0
Number of transitions to forwarding state: 4
Link type is point-to-point by default
BPDU: sent 14, received 88569
Cisco_4948E_01(config)#int gi 1/47
Cisco_4948E_01(config-if)#spanning-tree port-priority 32
Cisco_4948E_01(config-if)#int gi 1/48
Cisco_4948E_01(config-if)#spanning-tree port-priority 16
Cisco_4948E_01(config-if)#endCisco_4948E_02#show spanning-tree vlan 25 detail
VLAN0025 is executing the rstp compatible Spanning Tree protocol
Bridge Identifier has priority 32768, sysid 25, address 4055.39a8.1000
Configured hello time 2, max age 20, forward delay 15, transmit hold-count 6
Current root has priority 32793, address 4055.39a7.bb80
Root port is 48 (GigabitEthernet1/48), cost of root path is 4
Topology change flag set, detected flag not set
Number of topology changes 11 last change occurred 00:00:02 ago
from GigabitEthernet1/48
Times: hold 1, topology change 35, notification 2
hello 2, max age 20, forward delay 15
Timers: hello 0, topology change 32, notification 0, aging 300
Port 47 (GigabitEthernet1/47) of VLAN0025 is alternate blocking
Port path cost 4, Port priority 128, Port Identifier 128.47.
Designated root has priority 32793, address 4055.39a7.bb80
Designated bridge has priority 32793, address 4055.39a7.bb80
Designated port id is 32.47, designated path cost 0
Timers: message age 15, forward delay 0, hold 0
Number of transitions to forwarding state: 3
Link type is point-to-point by default
BPDU: sent 10, received 1400
Port 48 (GigabitEthernet1/48) of VLAN0025 is root forwarding
Port path cost 4, Port priority 128, Port Identifier 128.48.
Designated root has priority 32793, address 4055.39a7.bb80
Designated bridge has priority 32793, address 4055.39a7.bb80
Designated port id is 16.48, designated path cost 0
Timers: message age 15, forward delay 0, hold 0
Number of transitions to forwarding state: 5
Link type is point-to-point by default
BPDU: sent 16, received 88606
Cisco_4948E_02#
Cisco_4948E_02#show spanning-tree vlan 25
VLAN0025
Spanning tree enabled protocol rstp
Root ID Priority 32793
Address 4055.39a7.bb80
Cost 4
Port 48 (GigabitEthernet1/48)
Hello Time 2 sec Max Age 20 sec Forward Delay 15 sec
Bridge ID Priority 32793 (priority 32768 sys-id-ext 25)
Address 4055.39a8.1000
Hello Time 2 sec Max Age 20 sec Forward Delay 15 sec
Aging Time 300 sec
Interface Role Sts Cost Prio.Nbr Type
------------------- ---- --- --------- -------- --------------------------------
Gi1/47 Altn BLK 4 128.47 P2p
Gi1/48 Root FWD 4 128.48 P2p
 |
| Figure 1 |
Keep the following STP Rules in mind that will be used to choose a path:
- Lowest Bridge ID -
- Lowest root path cost
- Lowest sender bridge ID
- Lowest sender port ID
Based on the below output we can see that the root port for vlan 25 is Gi1/47. Let supposed we wanted to use Gi1/48 instead of Gi1/47. How would we do this? We would need to modify the port cost on Switch 02 or modify the port priority that we are receiving from 01. In our case we will modify the port cost on Switch 02 for Gi1/48. The port cost is related to the port bandwidth. If you have a 10Mbit port then the port cost will be higher. Its an inverse affect.
Cisco_4948E_02#show spanning-tree vlan 25
VLAN0025
Spanning tree enabled protocol rstp
Root ID Priority 32793
Address 4055.39a7.bb80
Cost 4
Port 47 (GigabitEthernet1/47)
Hello Time 2 sec Max Age 20 sec Forward Delay 15 sec
Bridge ID Priority 32793 (priority 32768 sys-id-ext 25)
Address 4055.39a8.1000
Hello Time 2 sec Max Age 20 sec Forward Delay 15 sec
Aging Time 300 sec
Interface Role Sts Cost Prio.Nbr Type
------------------- ---- --- --------- -------- --------------------------------
Gi1/47 Root FWD 4 128.47 P2p
Gi1/48 Altn BLK 4 128.48 P2p
Lets make our changes and confirm Gi1/48 is now being used as the root port.
Cisco_4948E_02(config)#int gi 1/48
Cisco_4948E_02(config-if)#spanning-tree vlan 25 cost 2
Cisco_4948E_02(config-if)#end
Cisco_4948E_02#show spanning-tree vlan 25
VLAN0025
Spanning tree enabled protocol rstp
Root ID Priority 32793
Address 4055.39a7.bb80
Cost 2
Port 48 (GigabitEthernet1/48)
Hello Time 2 sec Max Age 20 sec Forward Delay 15 sec
Bridge ID Priority 32793 (priority 32768 sys-id-ext 25)
Address 4055.39a8.1000
Hello Time 2 sec Max Age 20 sec Forward Delay 15 sec
Aging Time 300 sec
Interface Role Sts Cost Prio.Nbr Type
------------------- ---- --- --------- -------- --------------------------------
Gi1/47 Altn BLK 4 128.47 P2p
Gi1/48 Root FWD 2 128.48 P2p
Now lets put everything back to default and we will modify the port-priority on Switch 01 and see how it affects the decision Switch 02 makes. Based on the below output all is back to Normal.
Cisco_4948E_02#show spanning-tree vlan 25
VLAN0025
Spanning tree enabled protocol rstp
Root ID Priority 32793
Address 4055.39a7.bb80
Cost 4
Port 47 (GigabitEthernet1/47)
Hello Time 2 sec Max Age 20 sec Forward Delay 15 sec
Bridge ID Priority 32793 (priority 32768 sys-id-ext 25)
Address 4055.39a8.1000
Hello Time 2 sec Max Age 20 sec Forward Delay 15 sec
Aging Time 300 sec
Interface Role Sts Cost Prio.Nbr Type
------------------- ---- --- --------- -------- --------------------------------
Gi1/47 Root FWD 4 128.47 P2p
Gi1/48 Altn BLK 4 128.48 P2p
Lets make some changes on Switch 01, but before we do this lets verify some details to compare afterwards. We can see the port id being received from Switch 01 is 128.47 for Gi1/47 and 128.48 for Gi1/48. We will modify this on Switch 01 and by changing this we will prefer Gi1/48. This will keep us inline with the original goal of using Gi1/48.
Cisco_4948E_02#show spanning-tree vlan 25 detail
VLAN0025 is executing the rstp compatible Spanning Tree protocol
Bridge Identifier has priority 32768, sysid 25, address 4055.39a8.1000
Configured hello time 2, max age 20, forward delay 15, transmit hold-count 6
Current root has priority 32793, address 4055.39a7.bb80
Root port is 47 (GigabitEthernet1/47), cost of root path is 4
Topology change flag not set, detected flag not set
Number of topology changes 10 last change occurred 00:32:15 ago
from GigabitEthernet1/47
Times: hold 1, topology change 35, notification 2
hello 2, max age 20, forward delay 15
Timers: hello 0, topology change 0, notification 0, aging 300
Port 47 (GigabitEthernet1/47) of VLAN0025 is root forwarding
Port path cost 4, Port priority 128, Port Identifier 128.47.
Designated root has priority 32793, address 4055.39a7.bb80
Designated bridge has priority 32793, address 4055.39a7.bb80
Designated port id is 128.47, designated path cost 0
Timers: message age 16, forward delay 0, hold 0
Number of transitions to forwarding state: 3
Link type is point-to-point by default
BPDU: sent 10, received 1362
Port 48 (GigabitEthernet1/48) of VLAN0025 is alternate blocking
Port path cost 4, Port priority 128, Port Identifier 128.48.
Designated root has priority 32793, address 4055.39a7.bb80
Designated bridge has priority 32793, address 4055.39a7.bb80
Designated port id is 128.48, designated path cost 0
Timers: message age 16, forward delay 0, hold 0
Number of transitions to forwarding state: 4
Link type is point-to-point by default
BPDU: sent 14, received 88569
Cisco_4948E_01(config)#int gi 1/47
Cisco_4948E_01(config-if)#spanning-tree port-priority 32
Cisco_4948E_01(config-if)#int gi 1/48
Cisco_4948E_01(config-if)#spanning-tree port-priority 16
Cisco_4948E_01(config-if)#endCisco_4948E_02#show spanning-tree vlan 25 detail
VLAN0025 is executing the rstp compatible Spanning Tree protocol
Bridge Identifier has priority 32768, sysid 25, address 4055.39a8.1000
Configured hello time 2, max age 20, forward delay 15, transmit hold-count 6
Current root has priority 32793, address 4055.39a7.bb80
Root port is 48 (GigabitEthernet1/48), cost of root path is 4
Topology change flag set, detected flag not set
Number of topology changes 11 last change occurred 00:00:02 ago
from GigabitEthernet1/48
Times: hold 1, topology change 35, notification 2
hello 2, max age 20, forward delay 15
Timers: hello 0, topology change 32, notification 0, aging 300
Port 47 (GigabitEthernet1/47) of VLAN0025 is alternate blocking
Port path cost 4, Port priority 128, Port Identifier 128.47.
Designated root has priority 32793, address 4055.39a7.bb80
Designated bridge has priority 32793, address 4055.39a7.bb80
Designated port id is 32.47, designated path cost 0
Timers: message age 15, forward delay 0, hold 0
Number of transitions to forwarding state: 3
Link type is point-to-point by default
BPDU: sent 10, received 1400
Port 48 (GigabitEthernet1/48) of VLAN0025 is root forwarding
Port path cost 4, Port priority 128, Port Identifier 128.48.
Designated root has priority 32793, address 4055.39a7.bb80
Designated bridge has priority 32793, address 4055.39a7.bb80
Designated port id is 16.48, designated path cost 0
Timers: message age 15, forward delay 0, hold 0
Number of transitions to forwarding state: 5
Link type is point-to-point by default
BPDU: sent 16, received 88606
Cisco_4948E_02#
Cisco_4948E_02#show spanning-tree vlan 25
VLAN0025
Spanning tree enabled protocol rstp
Root ID Priority 32793
Address 4055.39a7.bb80
Cost 4
Port 48 (GigabitEthernet1/48)
Hello Time 2 sec Max Age 20 sec Forward Delay 15 sec
Bridge ID Priority 32793 (priority 32768 sys-id-ext 25)
Address 4055.39a8.1000
Hello Time 2 sec Max Age 20 sec Forward Delay 15 sec
Aging Time 300 sec
Interface Role Sts Cost Prio.Nbr Type
------------------- ---- --- --------- -------- --------------------------------
Gi1/47 Altn BLK 4 128.47 P2p
Gi1/48 Root FWD 4 128.48 P2p
Friday, November 23, 2012
Spanning Tree (STP 802.1d and RSTP 802.1w) Debug & Notes
I am going to simulate a failure scenario while running 802.1d and then while running 802.1w. Currently Port Gi1/47(Green) and Gi1/48(Red) are configured as trunk ports and are allowing all vlans through. Gi1/48 is in a blocking(ALTN) state for Vlan 25 . I am going to admin down Gi1/47 and Enable debugging so we can see the events that occur. At the same time I will ping from SW01 to SW02 to see how long it takes to converge.
Verifications:
Cisco_4948E_02#show spanning-tree root
Root Hello Max Fwd
Vlan Root ID Cost Time Age Dly Root Port
---------------- -------------------- --------- ----- --- --- ------------
VLAN0001 20481 4055.39a8.1000 0 2 20 15
VLAN0025 32793 4055.39a7.bb80 4 2 20 15 Gi1/47
VLAN0026 32794 4055.39a8.1000 0 2 20 15
VLAN0052 32820 4055.39a8.1000 0 2 20 15
Cisco_4948E_02#show spanning-tree vlan 25
VLAN0025
Spanning tree enabled protocol ieee
Root ID Priority 32793
Address 4055.39a7.bb80
Cost 4
Port 47 (GigabitEthernet1/47)
Hello Time 2 sec Max Age 20 sec Forward Delay 15 sec
Bridge ID Priority 32793 (priority 32768 sys-id-ext 25)
Address 4055.39a8.1000
Hello Time 2 sec Max Age 20 sec Forward Delay 15 sec
Aging Time 300 sec
Interface Role Sts Cost Prio.Nbr Type
------------------- ---- --- --------- -------- --------------------------------
Gi1/47 Root FWD 4 128.47 P2p
Gi1/48 Altn BLK 4 128.48 P2p
Cisco_4948E_02#
Enable Debugging & Setup Ping:
Cisco_4948E_02#debug spanning-tree events
Spanning Tree event debugging is on
!
Cisco_4948E_02#terminal monitor
Cisco_4948E_02#
Cisco_4948E_01#ping 192.168.25.2 repeat 100000 timeout 5
Fail Over:
Now we shutdown Gi1/47 while running 802.1d.
Cisco_4948E_02(config)#int gi 1/47
Cisco_4948E_02(config-if)#shut
Cisco_4948E_02(config-if)#
*Nov 23 11:51:10.423: STP: VLAN0025 new root port Gi1/48, cost 4
*Nov 23 11:51:10.423: STP: VLAN0025 Gi1/48 -> listening
*Nov 23 11:51:12.419: %HSRP-5-STATECHANGE: Vlan25 Grp 25 state Standby -> Init
*Nov 23 11:51:12.423: STP: VLAN0025 sent Topology Change Notice on Gi1/48
*Nov 23 11:51:13.331: STP: VLAN0001 Topology Change rcvd on Gi1/48
*Nov 23 11:51:13.331: STP: VLAN0026 Topology Change rcvd on Gi1/48
*Nov 23 11:51:25.423: STP: VLAN0025 Gi1/48 -> learning
*Nov 23 11:51:40.423: STP: VLAN0025 Gi1/48 -> forwarding
*Nov 23 11:52:05.347: %HSRP-5-STATECHANGE: Vlan25 Grp 25 state Speak -> Standby
Results:
It took forty seconds for spanning tree to converge. This can be seen from the below ping output which was set with a time out of 5 seconds. By default it can take up to 50 seconds plus any additional time it takes your first hop redundancy protocols.
!!!!!!!........!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
!!!!!!!!!!!!!!
Success rate is 99 percent (9246/9254), round-trip min/avg/max = 1/1/28 ms
Cisco_4948E_01#
Lets do the same test while running 802.1w and all timers are default.
Cisco_4948E_02#show spanning-tree root
Root Hello Max Fwd
Vlan Root ID Cost Time Age Dly Root Port
---------------- -------------------- --------- ----- --- --- ------------
VLAN0001 20481 4055.39a8.1000 0 2 20 15
VLAN0025 32793 4055.39a7.bb80 4 2 20 15 Gi1/47
VLAN0026 32794 4055.39a8.1000 0 2 20 15
VLAN0052 32820 4055.39a8.1000 0 2 20 15
Cisco_4948E_02#show spanning-tree vlan 25
VLAN0025
Spanning tree enabled protocol rstp
Root ID Priority 32793
Address 4055.39a7.bb80
Cost 4
Port 47 (GigabitEthernet1/47)
Hello Time 2 sec Max Age 20 sec Forward Delay 15 sec
Bridge ID Priority 32793 (priority 32768 sys-id-ext 25)
Address 4055.39a8.1000
Hello Time 2 sec Max Age 20 sec Forward Delay 15 sec
Aging Time 300 sec
Interface Role Sts Cost Prio.Nbr Type
------------------- ---- --- --------- -------- --------------------------------
Gi1/47 Root FWD 4 128.47 P2p
Gi1/48 Altn BLK 4 128.48 P2p
Cisco_4948E_02(config-if)#
*Nov 23 14:13:30.643: RSTP(25): updt roles, root port Gi1/47 going down
*Nov 23 14:13:30.643: RSTP(25): Gi1/48 is now root port
Cisco_4948E_01#ping 192.168.25.2 repeat 100000 timeout 2
Type escape sequence to abort.
Sending 100000, 100-byte ICMP Echos to 192.168.25.2, timeout is 2 seconds:
!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!.!!!!!!!!!!
!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
!!!!!
Success rate is 99 percent (984/985), round-trip min/avg/max = 1/1/16 ms
Cisco_4948E_01#
Since RSTP is much faster then legacy STP I set the timeout for 2 seconds. We can see that it converges well within 2 seconds. Compare that to the 40 seconds we waited for legacy STP.
Notes:
Default 802.1d Timers and States:
Disabled: Port is admin down.
Blocking: Port is up but not building the cam table or forwarding any frames via this interface.
Max Age: 20 Seconds - How long the bridge(Switch) should wait before it stops hearings hellos.
Listening: 15 Seconds - Receiving BPDU's but not building the cam(MAC) table.
Learning: 15 Seconds -Starts building the cam (MAC) table.
Forwarding: Processing Frames.
Legacy Spanning Tree - The root bridge controls the forwarding delay as it is responsible for sending out BPDU.
 |
| Figure 1 |
Verifications:
Cisco_4948E_02#show spanning-tree root
Root Hello Max Fwd
Vlan Root ID Cost Time Age Dly Root Port
---------------- -------------------- --------- ----- --- --- ------------
VLAN0001 20481 4055.39a8.1000 0 2 20 15
VLAN0025 32793 4055.39a7.bb80 4 2 20 15 Gi1/47
VLAN0026 32794 4055.39a8.1000 0 2 20 15
VLAN0052 32820 4055.39a8.1000 0 2 20 15
Cisco_4948E_02#show spanning-tree vlan 25
VLAN0025
Spanning tree enabled protocol ieee
Root ID Priority 32793
Address 4055.39a7.bb80
Cost 4
Port 47 (GigabitEthernet1/47)
Hello Time 2 sec Max Age 20 sec Forward Delay 15 sec
Bridge ID Priority 32793 (priority 32768 sys-id-ext 25)
Address 4055.39a8.1000
Hello Time 2 sec Max Age 20 sec Forward Delay 15 sec
Aging Time 300 sec
Interface Role Sts Cost Prio.Nbr Type
------------------- ---- --- --------- -------- --------------------------------
Gi1/47 Root FWD 4 128.47 P2p
Gi1/48 Altn BLK 4 128.48 P2p
Cisco_4948E_02#
Enable Debugging & Setup Ping:
Cisco_4948E_02#debug spanning-tree events
Spanning Tree event debugging is on
!
Cisco_4948E_02#terminal monitor
Cisco_4948E_02#
Cisco_4948E_01#ping 192.168.25.2 repeat 100000 timeout 5
Fail Over:
Now we shutdown Gi1/47 while running 802.1d.
Cisco_4948E_02(config)#int gi 1/47
Cisco_4948E_02(config-if)#shut
Cisco_4948E_02(config-if)#
*Nov 23 11:51:10.423: STP: VLAN0025 new root port Gi1/48, cost 4
*Nov 23 11:51:10.423: STP: VLAN0025 Gi1/48 -> listening
*Nov 23 11:51:12.419: %HSRP-5-STATECHANGE: Vlan25 Grp 25 state Standby -> Init
*Nov 23 11:51:12.423: STP: VLAN0025 sent Topology Change Notice on Gi1/48
*Nov 23 11:51:13.331: STP: VLAN0001 Topology Change rcvd on Gi1/48
*Nov 23 11:51:13.331: STP: VLAN0026 Topology Change rcvd on Gi1/48
*Nov 23 11:51:25.423: STP: VLAN0025 Gi1/48 -> learning
*Nov 23 11:51:40.423: STP: VLAN0025 Gi1/48 -> forwarding
*Nov 23 11:52:05.347: %HSRP-5-STATECHANGE: Vlan25 Grp 25 state Speak -> Standby
Results:
It took forty seconds for spanning tree to converge. This can be seen from the below ping output which was set with a time out of 5 seconds. By default it can take up to 50 seconds plus any additional time it takes your first hop redundancy protocols.
!!!!!!!........!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
!!!!!!!!!!!!!!
Success rate is 99 percent (9246/9254), round-trip min/avg/max = 1/1/28 ms
Cisco_4948E_01#
Lets do the same test while running 802.1w and all timers are default.
Cisco_4948E_02#show spanning-tree root
Root Hello Max Fwd
Vlan Root ID Cost Time Age Dly Root Port
---------------- -------------------- --------- ----- --- --- ------------
VLAN0001 20481 4055.39a8.1000 0 2 20 15
VLAN0025 32793 4055.39a7.bb80 4 2 20 15 Gi1/47
VLAN0026 32794 4055.39a8.1000 0 2 20 15
VLAN0052 32820 4055.39a8.1000 0 2 20 15
Cisco_4948E_02#show spanning-tree vlan 25
VLAN0025
Spanning tree enabled protocol rstp
Root ID Priority 32793
Address 4055.39a7.bb80
Cost 4
Port 47 (GigabitEthernet1/47)
Hello Time 2 sec Max Age 20 sec Forward Delay 15 sec
Bridge ID Priority 32793 (priority 32768 sys-id-ext 25)
Address 4055.39a8.1000
Hello Time 2 sec Max Age 20 sec Forward Delay 15 sec
Aging Time 300 sec
Interface Role Sts Cost Prio.Nbr Type
------------------- ---- --- --------- -------- --------------------------------
Gi1/47 Root FWD 4 128.47 P2p
Gi1/48 Altn BLK 4 128.48 P2p
Cisco_4948E_02(config-if)#
*Nov 23 14:13:30.643: RSTP(25): updt roles, root port Gi1/47 going down
*Nov 23 14:13:30.643: RSTP(25): Gi1/48 is now root port
Cisco_4948E_01#ping 192.168.25.2 repeat 100000 timeout 2
Type escape sequence to abort.
Sending 100000, 100-byte ICMP Echos to 192.168.25.2, timeout is 2 seconds:
!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!.!!!!!!!!!!
!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
!!!!!
Success rate is 99 percent (984/985), round-trip min/avg/max = 1/1/16 ms
Cisco_4948E_01#
Since RSTP is much faster then legacy STP I set the timeout for 2 seconds. We can see that it converges well within 2 seconds. Compare that to the 40 seconds we waited for legacy STP.
Notes:
Default 802.1d Timers and States:
Disabled: Port is admin down.
Blocking: Port is up but not building the cam table or forwarding any frames via this interface.
Max Age: 20 Seconds - How long the bridge(Switch) should wait before it stops hearings hellos.
Listening: 15 Seconds - Receiving BPDU's but not building the cam(MAC) table.
Learning: 15 Seconds -Starts building the cam (MAC) table.
Forwarding: Processing Frames.
Legacy Spanning Tree - The root bridge controls the forwarding delay as it is responsible for sending out BPDU.
| Data rate | STP Cost (802.1D-1998) |
| 4 Mbit/s | 250 |
| 10 Mbit/s | 100 |
| 16 Mbit/s | 62 |
| 100 Mbit/s | 19 |
| 1 Gbit/s | 4 |
| 2 Gbit/s | 3 |
| 10 Gbit/s | 2 |
| Data rate | RSTP Cost (802.1D-2004 / 802.1w)[3] |
| 4 Mbit/s | 5,000,000 |
| 10 Mbit/s | 2,000,000 |
| 16 Mbit/s | 1,250,000 |
| 100 Mbit/s | 200,000 |
| 1 Gbit/s | 20,000 |
| 2 Gbit/s | 10,000 |
| 10 Gbit/s | 2,000 |
Tuesday, November 20, 2012
Installing a new Cisco ASA-5520 & Creating Secure Networks
I decided to add a Cisco ASA 5520 to my lab. We will use figure 1 to
visualize this. I am going to Guide you on how to this and actually
route some packets through it. I have only done minor configurations on
an ASA before hand, never to this extent. I created two networks,
10.50.51.0/24 and 10.50.52.0/24 for this lab. These are what I will call
secure networks. All communication between these two networks must
traverse the Firewall.
On 4948_01 I created VLAN 51 (10.50.51.0/24) and on 4948_02, I created VLAN 52. All communication between these two networks must traverse the Firewall. I have seen this used in networks as it was a security requirement by the infosec guys. I also could of created both vlans on one switch and still routed the traffic via the firewall. Some people might use Vlan ACLS to secure communications between two vlans, but lets say that for this we had a requirement to use a Firewall. Additionally, the networks had two live on two separate switches.
Lets create the Vlan on the switches and SVI along with assigning IP addresses.
Cisco_4948E_01#
vlan 51
name secure_network_10.50.51.0
!
interface Vlan51
ip address 10.50.51.254 255.255.255.0
no shut
Cisco_4948E_02#
vlan 52
name secure_network_10.50.52.0
!
interface Vlan52
ip address 10.50.52.254 255.255.255.0
no shut
Now we need to add the firewall into the mix. For this I connected one cable from each 4948(Gi1/46) to the ASA_5520. I made the interfaces on the 4948's routed(L23). I also defined a static route to point to the opposite network. By the way, I used named static routes, a few weeks or months from now you might not remember why you put in that static route. When possible, use them..
Cisco_4948E_01
interface GigabitEthernet1/46
description ASA_GigabitEthernet0/3
no switchport
ip address 192.168.1.1 255.255.255.252
exit
!
ip route 10.50.52.0 255.255.255.0 GigabitEthernet1/46 192.168.1.2 name secure_network
!
Cisco_4948E_02
interface GigabitEthernet1/46
description ASA_GigabitEthernet0/2
no switchport
ip address 192.168.1.5 255.255.255.252
!
ip route 10.50.51.0 255.255.255.0 GigabitEthernet1/46 192.168.1.6 name secure_network
!
This takes care of the switching end of things. Now onto the firewall configuration. First you need to configure your interfaces because the static routes and ACLS will tie into them later. Under each interface you need to assign it a name and ip address. Then you need to assign it a security level. I chose 50 and 100 at random. Security Levels are exactly that. A higher level interface can talk to a lower level interface but not a lower level interface to a higher level interface unless an ACL is define.
Cisco-ASA5520-01#
interface GigabitEthernet0/2
description Cisco_4948E_02 Gi1/46
nameif Cisco_4948E_02
security-level 50
ip address 192.168.1.6 255.255.255.252
interface GigabitEthernet0/3
description Cisco_4948E_01 Gi1/46
nameif Cisco_4948E_01
security-level 100
ip address 192.168.1.2 255.255.255.252
Now we need to create an acl and in this case I created a ACL that will permit anything and applied it to the lower level interface per Cisco Rule. The permit any is just for this example, I will harden it later.
Cisco-ASA5520-01#
access-list any permit ip any any Cisco_4948E_02
!
access-group any in interface Cisco_4948E_02
Now we need to tell the ASA how to route the traffic and for this I created static routes. Now lets test.
Cisco-ASA5520-01#
route Cisco_4948E_01 10.50.51.0 255.255.255.0 192.168.1.1 1
route Cisco_4948E_02 10.50.52.0 255.255.255.0 192.168.1.5 1
Success!!!!!
Cisco_4948E_02#ping 10.50.51.254 source 10.50.52.254
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 10.50.51.254, timeout is 2 seconds:
Packet sent with a source address of 10.50.52.254
!!!!!
Cisco_4948E_01#ping 10.50.52.254 source 10.50.51.254
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 10.50.52.254, timeout is 2 seconds:
Packet sent with a source address of 10.50.51.254
!!!!!
 |
| Figure 1 |
Lets create the Vlan on the switches and SVI along with assigning IP addresses.
Cisco_4948E_01#
vlan 51
name secure_network_10.50.51.0
!
interface Vlan51
ip address 10.50.51.254 255.255.255.0
no shut
Cisco_4948E_02#
vlan 52
name secure_network_10.50.52.0
!
interface Vlan52
ip address 10.50.52.254 255.255.255.0
no shut
Now we need to add the firewall into the mix. For this I connected one cable from each 4948(Gi1/46) to the ASA_5520. I made the interfaces on the 4948's routed(L23). I also defined a static route to point to the opposite network. By the way, I used named static routes, a few weeks or months from now you might not remember why you put in that static route. When possible, use them..
Cisco_4948E_01
interface GigabitEthernet1/46
description ASA_GigabitEthernet0/3
no switchport
ip address 192.168.1.1 255.255.255.252
exit
!
ip route 10.50.52.0 255.255.255.0 GigabitEthernet1/46 192.168.1.2 name secure_network
!
Cisco_4948E_02
interface GigabitEthernet1/46
description ASA_GigabitEthernet0/2
no switchport
ip address 192.168.1.5 255.255.255.252
!
ip route 10.50.51.0 255.255.255.0 GigabitEthernet1/46 192.168.1.6 name secure_network
!
This takes care of the switching end of things. Now onto the firewall configuration. First you need to configure your interfaces because the static routes and ACLS will tie into them later. Under each interface you need to assign it a name and ip address. Then you need to assign it a security level. I chose 50 and 100 at random. Security Levels are exactly that. A higher level interface can talk to a lower level interface but not a lower level interface to a higher level interface unless an ACL is define.
Cisco-ASA5520-01#
interface GigabitEthernet0/2
description Cisco_4948E_02 Gi1/46
nameif Cisco_4948E_02
security-level 50
ip address 192.168.1.6 255.255.255.252
interface GigabitEthernet0/3
description Cisco_4948E_01 Gi1/46
nameif Cisco_4948E_01
security-level 100
ip address 192.168.1.2 255.255.255.252
Now we need to create an acl and in this case I created a ACL that will permit anything and applied it to the lower level interface per Cisco Rule. The permit any is just for this example, I will harden it later.
Cisco-ASA5520-01#
access-list any permit ip any any Cisco_4948E_02
!
access-group any in interface Cisco_4948E_02
Now we need to tell the ASA how to route the traffic and for this I created static routes. Now lets test.
Cisco-ASA5520-01#
route Cisco_4948E_01 10.50.51.0 255.255.255.0 192.168.1.1 1
route Cisco_4948E_02 10.50.52.0 255.255.255.0 192.168.1.5 1
Success!!!!!
Cisco_4948E_02#ping 10.50.51.254 source 10.50.52.254
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 10.50.51.254, timeout is 2 seconds:
Packet sent with a source address of 10.50.52.254
!!!!!
Cisco_4948E_01#ping 10.50.52.254 source 10.50.51.254
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 10.50.52.254, timeout is 2 seconds:
Packet sent with a source address of 10.50.51.254
!!!!!
Monday, November 19, 2012
Understanding STP and RSTP Convergence
A must read on STP.
http://blog.ine.com/wp-content/uploads/2011/11/understanding-stp-rstp-convergence.pdf
http://blog.ine.com/wp-content/uploads/2011/11/understanding-stp-rstp-convergence.pdf
Sunday, November 18, 2012
Spanning Tree Protocol (STP) Convergance
Two great articles that I highly recommend you read to get a deeper understanding of STP. I have been so busy with work and personal things, that It has taken time away from me being able to update this blog. Hence why I am posting links to other sites. Never stop learning. I am studying for my switch Exam and would like to take the Exam sometime in late December.
Subscribe to:
Posts (Atom)