Extreme Networks switches test report

1 | P a g e

Testing Report

Testing performed by

Mikheil Kartvelishvili

UGT

Lab equipment:

Hostname Hardware Platform Software Version

SW1 Cisco Catalyst 3750 12.2(44)SE5

SW2 Extreme Networks X670-48x 12.6.2.10

SW3 Extreme Networks X440-24p 15.1.0.20

R1 Cisco 1841 12.4(15)T5

R2 Juniper ACX1100 12.3X54-D15.3

R3 Juniper ACX1100 12.3X54-D15.3

Features Tested:

1. Rapid PVST+

2. MST (802.1s)

3. STP Security

4. Link Aggregation (LACP)

5. DHCP Snooping / IP Source-guard

6. IP Routing / OSPF

7. First-Hop Redundancy / VRRP

2 | P a g e

1. Rapid PVST+

1.1 TOPOLOGY

R1Cisco 1841

R2ACX1100

R3ACX1100

SW1Cisco Catalyst 3750

SW3Extreme Summit X440


Fa0/0

Gi1/0/1 Gi1/0/2

Port 1 Port 1

Port 2 Port 2

Port 3 Port 3

Fa1/0/1

GE0/0/0 GE0/0/0

.1

.2 .3

VLAN 10,20,30

VLAN 10,20,30 VLAN 10,20,30

VLAN 10,20,30VLAN 10,20,30

VLAN 10,20,30

1.2 CONFIGURATION

SW1

spanning-tree mode rapid-pvst

spanning-tree etherchannel guard misconfig

spanning-tree extend system-id

spanning-tree vlan 20 priority 4096

!

vlan 10

name LAN1

!

vlan 20

3 | P a g e

name LAN2

!

vlan 23

!

vlan 30

name LAN3

!

!

interface GigabitEthernet1/0/1

switchport trunk encapsulation dot1q

switchport mode trunk

!




!

!

end

SW2

configure vlan default delete ports all

configure vr VR-Default delete ports 1-48

configure vr VR-Default add ports 1-48

create vlan "LAN10"

configure vlan LAN10 tag 10

create vlan "LAN20"


create vlan "LAN30"


configure vlan Default add ports 1-48 untagged

configure vlan LAN10 add ports 1-2 tagged



create stpd LAN10

configure stpd LAN10 mode dot1w

configure stpd LAN10 priority 4096

configure stpd LAN10 default-encapsulation pvst-plus

create stpd LAN20



create stpd LAN30



configure stpd s0 delete vlan default ports all

disable stpd s0 auto-bind vlan default

enable stpd s0 auto-bind vlan Default

configure stpd LAN10 add vlan LAN10 ports 1 pvst-plus




4 | P a g e



configure stpd LAN10 tag 10

enable stpd LAN10


enable stpd LAN20


enable stpd LAN30

SW3

configure vlan default delete ports all

configure vr VR-Default delete ports 1-24

configure vr VR-Default add ports 1-24

create vlan "LAN10"


create vlan "LAN20"


create vlan "LAN30"


configure vlan Default add ports 1 untagged




create stpd LAN10



create stpd LAN20



create stpd LAN30


configure stpd LAN30 priority 4096




enable stpd s0 auto-bind vlan Default








enable stpd LAN10


enable stpd LAN20


enable stpd LAN30

5 | P a g e

1.3 VERIFICATION

SW1#sho spanning-tree vlan 10 VLAN0010 Spanning tree enabled protocol rstp Root ID Priority 4096 Address 0004.966d.5c18 Cost 4 Port 2 (GigabitEthernet1/0/2) Hello Time 2 sec Max Age 20 sec Forward Delay 15 sec Bridge ID Priority 32778 (priority 32768 sys-id-ext 10) Address 001d.45d0.4080 Hello Time 2 sec Max Age 20 sec Forward Delay 15 sec Aging Time 300 sec Interface Role Sts Cost Prio.Nbr Type ------------------- ---- --- --------- -------- -------------------------------- Gi1/0/1 Desg FWD 4 128.1 P2p Gi1/0/2 Root FWD 4 128.2 P2p SW1#sho spanning-tree vlan 20 VLAN0020 Spanning tree enabled protocol rstp Root ID Priority 4116 Address 001d.45d0.4080 This bridge is the root Hello Time 2 sec Max Age 20 sec Forward Delay 15 sec Bridge ID Priority 4116 (priority 4096 sys-id-ext 20) Address 001d.45d0.4080 Hello Time 2 sec Max Age 20 sec Forward Delay 15 sec Aging Time 300 sec Interface Role Sts Cost Prio.Nbr Type ------------------- ---- --- --------- -------- -------------------------------- Gi1/0/1 Desg FWD 4 128.1 P2p Gi1/0/2 Desg FWD 4 128.2 P2p SW1#sho spanning-tree vlan 30 VLAN0030 Spanning tree enabled protocol rstp Root ID Priority 4096

6 | P a g e

Address 0004.966d.558b Cost 4 Port 1 (GigabitEthernet1/0/1) Hello Time 2 sec Max Age 20 sec Forward Delay 15 sec Bridge ID Priority 32798 (priority 32768 sys-id-ext 30) Address 001d.45d0.4080 Hello Time 2 sec Max Age 20 sec Forward Delay 15 sec Aging Time 300 sec Interface Role Sts Cost Prio.Nbr Type ------------------- ---- --- --------- -------- -------------------------------- Gi1/0/1 Root FWD 4 128.1 P2p Gi1/0/2 Desg FWD 4 128.2 P2p ============================= SW2.73 # sho stpd LAN10 Stpd: LAN10 Stp: ENABLED Number of Ports: 2 Rapid Root Failover: Disabled Operational Mode: 802.1W Default Binding Mode: PVST+ 802.1Q Tag: 10 Ports: 1,2 Participating Vlans: LAN10 Auto-bind Vlans: (none) Bridge Priority: 4096 BridgeID: 10:00:00:04:96:6d:5c:18 Designated root: 10:00:00:04:96:6d:5c:18 RootPathCost: 0 Root Port: ---- MaxAge: 20s HelloTime: 2s ForwardDelay: 15s CfgBrMaxAge: 20s CfgBrHelloTime: 2s CfgBrForwardDelay: 15s Topology Change Time: 35s Hold time: 1s Topology Change Detected: FALSE Topology Change: FALSE Number of Topology Changes: 4 Time Since Last Topology Change: 1686s SW2.74 # sho stpd LAN20 Stpd: LAN20 Stp: ENABLED Number of Ports: 2 Rapid Root Failover: Disabled Operational Mode: 802.1W Default Binding Mode: PVST+ 802.1Q Tag: 20 Ports: 1,2 Participating Vlans: LAN20 Auto-bind Vlans: (none) Bridge Priority: 32768 BridgeID: 80:00:00:04:96:6d:5c:18 Designated root: 10:14:00:1d:45:d0:40:80 RootPathCost: 20000 Root Port: 1

7 | P a g e

MaxAge: 20s HelloTime: 2s ForwardDelay: 15s CfgBrMaxAge: 20s CfgBrHelloTime: 2s CfgBrForwardDelay: 15s Topology Change Time: 35s Hold time: 1s Topology Change Detected: FALSE Topology Change: FALSE Number of Topology Changes: 2 Time Since Last Topology Change: 1664s SW2.75 # sho stpd LAN30 Stpd: LAN30 Stp: ENABLED Number of Ports: 2 Rapid Root Failover: Disabled Operational Mode: 802.1W Default Binding Mode: PVST+ 802.1Q Tag: 30 Ports: 1,2 Participating Vlans: LAN30 Auto-bind Vlans: (none) Bridge Priority: 32768 BridgeID: 80:00:00:04:96:6d:5c:18 Designated root: 10:00:00:04:96:6d:55:8b RootPathCost: 20000 Root Port: 2 MaxAge: 20s HelloTime: 2s ForwardDelay: 15s CfgBrMaxAge: 20s CfgBrHelloTime: 2s CfgBrForwardDelay: 15s Topology Change Time: 35s Hold time: 1s Topology Change Detected: FALSE Topology Change: FALSE Number of Topology Changes: 1 Time Since Last Topology Change: 1718s =========================================== SW3.13 # sho stp LAN10 Stpd: LAN10 Stp: ENABLED Number of Ports: 2 Rapid Root Failover: Disabled Operational Mode: 802.1W Default Binding Mode: PVST+ 802.1Q Tag: 10 Ports: 1,2 Participating Vlans: LAN10 Auto-bind Vlans: (none) Bridge Priority: 32768 BridgeID: 80:00:00:04:96:6d:55:8b Designated root: 10:00:00:04:96:6d:5c:18 RootPathCost: 20000 Root Port: 2 MaxAge: 20s HelloTime: 2s ForwardDelay: 15s CfgBrMaxAge: 20s CfgBrHelloTime: 2s CfgBrForwardDelay: 15s Topology Change Time: 35s Hold time: 1s Topology Change Detected: FALSE Topology Change: FALSE Number of Topology Changes: 3 Time Since Last Topology Change: 2005s SW3.14 # sho stp LAN20

8 | P a g e

Stpd: LAN20 Stp: ENABLED Number of Ports: 2 Rapid Root Failover: Disabled Operational Mode: 802.1W Default Binding Mode: PVST+ 802.1Q Tag: 20 Ports: 1,2 Participating Vlans: LAN20 Auto-bind Vlans: (none) Bridge Priority: 32768 BridgeID: 80:00:00:04:96:6d:55:8b Designated root: 10:14:00:1d:45:d0:40:80 RootPathCost: 20000 Root Port: 1 MaxAge: 20s HelloTime: 2s ForwardDelay: 15s CfgBrMaxAge: 20s CfgBrHelloTime: 2s CfgBrForwardDelay: 15s Topology Change Time: 35s Hold time: 1s Topology Change Detected: FALSE Topology Change: FALSE Number of Topology Changes: 9 Time Since Last Topology Change: 1954s SW3.15 # sho stp LAN30 Stpd: LAN30 Stp: ENABLED Number of Ports: 2 Rapid Root Failover: Disabled Operational Mode: 802.1W Default Binding Mode: PVST+ 802.1Q Tag: 30 Ports: 1,2 Participating Vlans: LAN30 Auto-bind Vlans: (none) Bridge Priority: 4096 BridgeID: 10:00:00:04:96:6d:55:8b Designated root: 10:00:00:04:96:6d:55:8b RootPathCost: 0 Root Port: ---- MaxAge: 20s HelloTime: 2s ForwardDelay: 15s CfgBrMaxAge: 20s CfgBrHelloTime: 2s CfgBrForwardDelay: 15s Topology Change Time: 35s Hold time: 1s Topology Change Detected: FALSE Topology Change: FALSE Number of Topology Changes: 7 Time Since Last Topology Change: 1968s R1#ping 192.168.20.2 repeat 10000 Type escape sequence to abort. Sending 10000, 100-byte ICMP Echos to 192.168.20.2, timeout is 2 seconds: !!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! !!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! !!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! !!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! !!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! !!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!

9 | P a g e

!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!.!!!!!!!!!!!!!!!!!!!!!! !!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! !!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! !!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! !!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! !!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! !!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! !!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! !!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! !!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! !!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! !!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! !!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! !!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! Success rate is 99 percent (1392/1393), round-trip min/avg/max = 1/8/16 ms * SW3.2 # disable ports 1 * SW3.3 # enable ports 1 SW1(config)#int gi1/0/2 SW1(config-if)#shut SW1(config-if)# mikho@R3# run ping 192.168.10.1 rapid count 10000 PING 192.168.10.1 (192.168.10.1): 56 data bytes !!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!.!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!...!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!

10 | P a g e

!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!^C --- 192.168.10.1 ping statistics --- 3384 packets transmitted, 3379 packets received, 0% packet loss round-trip min/avg/max/stddev = 0.820/9.510/16.475/2.055 ms [edit interfaces] mikho@R3#

11 | P a g e

2. MST (802.1s) 2.1 TOPOLOGY

R1Cisco 1841

R2ACX1100

R3ACX1100




Fa0/0

Gi1/0/1 Gi1/0/2

Port 1 Port 1

Port 2 Port 2

Port 3 Port 3

Fa1/0/1

GE0/0/0 GE0/0/0

.1

.2 .3

VLAN 10,20,30

VLAN 10,20,30 VLAN 10,20,30

VLAN 10,20,30VLAN 10,20,30

VLAN 10,20,30

2.2 CONFIGURATION SW1 spanning-tree mode mst

spanning-tree etherchannel guard misconfig

spanning-tree extend system-id

!

spanning-tree mst configuration

name TEST

revision 1

instance 1 vlan 10, 20

instance 2 vlan 30

!

spanning-tree mst 1 priority 4096

!

12 | P a g e

vlan internal allocation policy ascending

!

vlan 10

name LAN1

!

vlan 20

name LAN2

!

vlan 30

name LAN3

!

!

!

!

!

interface FastEthernet1/0/1



spanning-tree portfast trunk

!

!




!




!

end

SW2 configure vlan default delete ports all

create vlan "LAN10"


create vlan "LAN20"


create vlan "LAN30"






configure mstp region TEST

configure mstp revision 1



configure stpd s0 mode mstp cist

create stpd INST1

configure stpd INST1 mode mstp msti 1

13 | P a g e

create stpd INST2


configure stpd INST1 add vlan LAN10 ports 1 dot1d






enable stpd s0

enable stpd INST1

enable stpd INST2

SW3 configure vlan default delete ports all

configure vlan default delete ports 3-24

create vlan "LAN10"


create vlan "LAN20"


create vlan "LAN30"



configure vlan LAN10 add ports 1-2, 23-24 tagged



configure mstp region TEST

configure mstp revision 1



configure stpd s0 mode mstp cist

create stpd INST1


create stpd INST2


configure stpd INST2 priority 4096







enable stpd s0

enable stpd INST1

enable stpd INST2

14 | P a g e

2.3 VERIFICATION SW1#sho spanning-tree mst 1 ##### MST1 vlans mapped: 10,20 Bridge address 001d.45d0.4080 priority 4097 (4096 sysid 1) Root this switch for MST1 Interface Role Sts Cost Prio.Nbr Type ---------------- ---- --- --------- -------- -------------------------------- Gi1/0/1 Desg FWD 20000 128.1 P2p Gi1/0/2 Desg FWD 20000 128.2 P2p Fa1/0/1 Desg FWD 200000 128.3 P2p Edge SW1#sho spanning-tree mst 2 ##### MST2 vlans mapped: 30 Bridge address 001d.45d0.4080 priority 32770 (32768 sysid 2) Root address 0004.966d.558b priority 4098 (4096 sysid 2) port Gi1/0/1 cost 20000 rem hops 19 Interface Role Sts Cost Prio.Nbr Type ---------------- ---- --- --------- -------- -------------------------------- Gi1/0/1 Root FWD 20000 128.1 P2p Gi1/0/2 Altn BLK 20000 128.2 P2p Fa1/0/1 Desg FWD 200000 128.3 P2p Edge * SW2.2 # sho stp INST1 Stpd: INST1 Stp: ENABLED Number of Ports: 2 Rapid Root Failover: Disabled Operational Mode: MSTP Default Binding Mode: 802.1D MSTI Instance: MSTI 1 802.1Q Tag: (none) Ports: 1,2 Participating Vlans: LAN10,LAN20 Auto-bind Vlans: (none) Bridge Priority: 32768 BridgeID: 80:00:00:04:96:6d:5c:18 Designated root: 10:00:00:1d:45:d0:40:80 CIST Root: 80:00:00:04:96:6d:55:8b CIST Regional Root: 80:00:00:04:96:6d:55:8b MSTI Regional Root: 10:00:00:1d:45:d0:40:80 External RootPathCost: 0 Internal RootPathCost: 20000 Root Port: 1 Master Port: ---- MaxAge: 20s HelloTime: 2s ForwardDelay: 15s CfgBrMaxAge: 20s CfgBrHelloTime: 2s CfgBrForwardDelay: 15s RemainHopCount: 19 CfgMaxHopCount: 20

15 | P a g e

Topology Change Time: 35s Hold time: 1s Topology Change Detected: FALSE Topology Change: FALSE Number of Topology Changes: 1 Time Since Last Topology Change: 1302s * SW2.3 # sho stp INST2 Stpd: INST2 Stp: ENABLED Number of Ports: 2 Rapid Root Failover: Disabled Operational Mode: MSTP Default Binding Mode: 802.1D MSTI Instance: MSTI 2 802.1Q Tag: (none) Ports: 1,2 Participating Vlans: LAN30 Auto-bind Vlans: (none) Bridge Priority: 32768 BridgeID: 80:00:00:04:96:6d:5c:18 Designated root: 80:00:00:04:96:6d:55:8b CIST Root: 80:00:00:04:96:6d:55:8b CIST Regional Root: 80:00:00:04:96:6d:55:8b MSTI Regional Root: 80:00:00:04:96:6d:55:8b External RootPathCost: 0 Internal RootPathCost: 20000 Root Port: 2 Master Port: ---- MaxAge: 20s HelloTime: 2s ForwardDelay: 15s CfgBrMaxAge: 20s CfgBrHelloTime: 2s CfgBrForwardDelay: 15s RemainHopCount: 19 CfgMaxHopCount: 20 Topology Change Time: 35s Hold time: 1s Topology Change Detected: FALSE Topology Change: FALSE Number of Topology Changes: 4 Time Since Last Topology Change: 1017s SW3.1 # sho stp INST1 Stpd: INST1 Stp: ENABLED Number of Ports: 2 Rapid Root Failover: Disabled Operational Mode: MSTP Default Binding Mode: 802.1D MSTI Instance: MSTI 1 802.1Q Tag: (none) Ports: 1,2 Participating Vlans: LAN10,LAN20 Auto-bind Vlans: (none) Bridge Priority: 32768 BridgeID: 80:00:00:04:96:6d:55:8b Designated root: 10:00:00:1d:45:d0:40:80 CIST Root: 80:00:00:04:96:6d:55:8b CIST Regional Root: 80:00:00:04:96:6d:55:8b MSTI Regional Root: 10:00:00:1d:45:d0:40:80 External RootPathCost: 0 Internal RootPathCost: 20000 Root Port: 1 Master Port: ---- MaxAge: 20s HelloTime: 2s ForwardDelay: 15s CfgBrMaxAge: 20s CfgBrHelloTime: 2s CfgBrForwardDelay: 15s

16 | P a g e

RemainHopCount: 20 CfgMaxHopCount: 20 Topology Change Time: 35s Hold time: 1s Topology Change Detected: FALSE Topology Change: FALSE Number of Topology Changes: 11 Time Since Last Topology Change: 1085s SW3.2 # sho stp INST2 Stpd: INST2 Stp: ENABLED Number of Ports: 2 Rapid Root Failover: Disabled Operational Mode: MSTP Default Binding Mode: 802.1D MSTI Instance: MSTI 2 802.1Q Tag: (none) Ports: 1,2 Participating Vlans: LAN30 Auto-bind Vlans: (none) Bridge Priority: 4096 BridgeID: 80:00:00:04:96:6d:55:8b Designated root: 80:00:00:04:96:6d:55:8b CIST Root: 80:00:00:04:96:6d:55:8b CIST Regional Root: 80:00:00:04:96:6d:55:8b MSTI Regional Root: 80:00:00:04:96:6d:55:8b External RootPathCost: 0 Internal RootPathCost: 0 Root Port: ---- Master Port: ---- MaxAge: 20s HelloTime: 2s ForwardDelay: 15s CfgBrMaxAge: 20s CfgBrHelloTime: 2s CfgBrForwardDelay: 15s RemainHopCount: 20 CfgMaxHopCount: 20 Topology Change Time: 35s Hold time: 1s Topology Change Detected: FALSE Topology Change: FALSE Number of Topology Changes: 37 Time Since Last Topology Change: 1089s root@R2# run ping 192.168.10.1 rapid count 10000 PING 192.168.10.1 (192.168.10.1): 56 data bytes !!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!...!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!^C --- 192.168.10.1 ping statistics --- 1533 packets transmitted, 1529 packets received, 0% packet loss round-trip min/avg/max/stddev = 0.817/9.293/12.112/2.359 ms

17 | P a g e

SW1(config)#int gi1/0/1 SW1(config-if)#shut SW1(config-if)# *Apr 27 01:43:46.546: %LINK-5-CHANGED: Interface GigabitEthernet1/0/1, changed state to administratively down *Apr 27 01:43:46.554: %LINEPROTO-5-UPDOWN: Line protocol on Interface GigabitEthernet1/0/1, changed state to down SW1(config-if)#

18 | P a g e

3. STP Security 3.1 TOPOLOGY

< Same as section[2] >

3.2 CONFIGURATION

3.2.1 BPDU Guard/Loop Guard configure stpd s0 ports link-type edge 1 edge-safeguard enable bpdu-restrict

3.3.2 Root Guard configure stpd INST1 ports restricted-role enable 1

3.3 VERIFICATION 3.3.1 BPDU Guard/Loop Guard * SW2.17 # sho log 02/16/2015 20:24:44.22 Port 1 link down - Local fault 02/16/2015 20:24:44.12 Toggling AdminState on Port 1 02/16/2015 20:24:44.12 BPDU Restrict Port (1) has received a bpdu and will be shutdown * SW2.20 # sho port 1 no-refresh Port Summary Port Display VLAN Name Port Link Speed Duplex # String (or # VLANs) State State Actual Actual ================================================================== 1 (0004) R D ================================================================== Port State: D-Disabled, E-Enabled Link State: A-Active, R-Ready, NP-Port not present, L-Loopback, D-ELSM enabled but not up d-Ethernet OAM enabled but not up * SW2.18 # enable ports 1 * SW2.19 # sho port 1 no-refresh Port Summary Port Display VLAN Name Port Link Speed Duplex # String (or # VLANs) State State Actual Actual ================================================================== 1 (0004) E A 1000 FULL ================================================================== Port State: D-Disabled, E-Enabled Link State: A-Active, R-Ready, NP-Port not present, L-Loopback, D-ELSM enabled but not up d-Ethernet OAM enabled but not up

19 | P a g e

3.3.2 Role-restricted

Note: This feature is similar to Cisco Root-guard, but is a bit different: in case of superior BPDU

received on protected port it is not disabled, and violating BPDU is simply ignored leaving port in

forwarding state and avoiding it to assume root role.

* SW2.66 # show stpd INST1

Stpd: INST1 Stp: ENABLED Number of Ports: 2

Rapid Root Failover: Disabled

Operational Mode: MSTP Default Binding Mode: 802.1D

MSTI Instance: MSTI 1

802.1Q Tag: (none)

Ports: 1,2

Participating Vlans: LAN10,LAN20

Auto-bind Vlans: (none)

Bridge Priority: 32768

BridgeID: 80:00:00:04:96:6d:5c:18

Designated root: 80:00:00:04:96:6d:55:8b

CIST Root: 80:00:00:04:96:6d:55:8b

CIST Regional Root: 80:00:00:04:96:6d:55:8b

MSTI Regional Root: 80:00:00:04:96:6d:55:8b

External RootPathCost: 0 Internal RootPathCost: 20000

Root Port: 2 Master Port: ----

MaxAge: 20s HelloTime: 2s ForwardDelay: 15s

CfgBrMaxAge: 20s CfgBrHelloTime: 2s CfgBrForwardDelay: 15s

RemainHopCount: 19 CfgMaxHopCount: 20

Topology Change Time: 35s Hold time: 1s

Topology Change Detected: FALSE Topology Change: FALSE

20 | P a g e

Number of Topology Changes: 6

Time Since Last Topology Change: 1363s

* SW2.67 # configure stpd INST1 ports restricted-role dis 1

* SW2.68 # show stpd INST1

Stpd: INST1 Stp: ENABLED Number of Ports: 2

Rapid Root Failover: Disabled

Operational Mode: MSTP Default Binding Mode: 802.1D

MSTI Instance: MSTI 1

802.1Q Tag: (none)

Ports: 1,2

Participating Vlans: LAN10,LAN20

Auto-bind Vlans: (none)

Bridge Priority: 32768

BridgeID: 80:00:00:04:96:6d:5c:18

Designated root: 10:00:00:1d:45:d0:40:80

CIST Root: 80:00:00:04:96:6d:55:8b

CIST Regional Root: 80:00:00:04:96:6d:55:8b

MSTI Regional Root: 10:00:00:1d:45:d0:40:80

External RootPathCost: 0 Internal RootPathCost: 20000

Root Port: 1 Master Port: ----

MaxAge: 20s HelloTime: 2s ForwardDelay: 15s

CfgBrMaxAge: 20s CfgBrHelloTime: 2s CfgBrForwardDelay: 15s

RemainHopCount: 19 CfgMaxHopCount: 20

Topology Change Time: 35s Hold time: 1s

Topology Change Detected: TRUE Topology Change: TRUE

Number of Topology Changes: 7

Time Since Last Topology Change: 2s

21 | P a g e

4. Link Aggregation (LACP)

4.1 TOPOLOGY

R1Cisco 1841

R2ACX1100

R3ACX1100




Fa0/0

Gi1/0/1 Gi1/0/2

Port 1 Port 1

Port 2 Port 2

Port 23 Port 3

Fa1/0/1

GE0/0/0 GE0/0/0

.1

.2 .3

VLAN 10,20,30

VLAN 10,20,30 VLAN 10,20,30

VLAN 10,20,30VLAN 10,20,30

VLAN 10,20,30

Port 4Port 3

GE0/0/1

Port 24

4.2 CONFIGURATION SW2 enable sharing 2 grouping 2, 4 algorithm address-based L3_L4 lacp

SW3 enable sharing 2 grouping 2-3 algorithm address-based L2 lacp

enable sharing 23 grouping 23-24 algorithm address-based L3_L4 lacp

configure sharing 23 lacp timeout short

22 | P a g e

R2 chassis {

aggregated-devices {

ethernet {

device-count 1;

}

}

}

interfaces {

ge-0/0/0 {

gigether-options {

802.3ad ae0;

}

}

ge-0/0/1 {

gigether-options {

802.3ad ae0;

}

}

ae0 {

vlan-tagging;

aggregated-ether-options {

lacp {

active;

}

}

unit 10 {

vlan-id 10;

family inet {

address 192.168.10.2/24;

}

}

unit 20 {

vlan-id 20;

family inet {

address 192.168.20.2/24;

}

}

unit 30 {

vlan-id 30;

family inet {

address 192.168.30.2/24;

}

}

}

}

23 | P a g e

4.3 VERIFICATION * SW2.22 # show sharing Load Sharing Monitor Config Current Agg Ld Share Ld Share Agg Link Link Up Master Master Control Algorithm Group Mbr State Transitions ============================================================================== 2 2 LACP L3_L4 2 Y A 3 L3_L4 4 Y A 2 ============================================================================== Link State: A-Active, D-Disabled, R-Ready, NP-Port not present, L-Loopback Load Sharing Algorithm: (L2) Layer 2 address based, (L3) Layer 3 address based (L3_L4) Layer 3 address and Layer 4 port based (custom) User-selected address-based configuration Custom Algorithm Configuration: ipv4 L3-and-L4, xor Number of load sharing trunks: 1 SW3.1 # show sharing Load Sharing Monitor Config Current Agg Ld Share Ld Share Agg Link Link Up Master Master Control Algorithm Group Mbr State Transitions ============================================================================== 2 2 LACP L2 2 Y A 10 L2 3 Y A 1 23 23 LACP L3_L4 23 Y A 8 L3_L4 24 Y A 8 ============================================================================== Link State: A-Active, D-Disabled, R-Ready, NP-Port not present, L-Loopback Load Sharing Algorithm: (L2) Layer 2 address based, (L3) Layer 3 address based (L3_L4) Layer 3 address and Layer 4 port based Number of load sharing trunks: 2 mikho@R2# run show lacp interfaces Aggregated interface: ae0 LACP state: Role Exp Def Dist Col Syn Aggr Timeout Activity ge-0/0/0 Actor No No Yes Yes Yes Yes Fast Active ge-0/0/0 Partner No No Yes Yes Yes Yes Fast Active ge-0/0/1 Actor No No Yes Yes Yes Yes Fast Active ge-0/0/1 Partner No No Yes Yes Yes Yes Fast Active LACP protocol: Receive State Transmit State Mux State ge-0/0/0 Current Fast periodic Collecting distributing ge-0/0/1 Current Fast periodic Collecting distributing [ R2 Set up as FTP server ] [edit interfaces] mikho@R3# ...kernel-ppc-12.3X51-D10.5 ftp://mikho:[email protected]/ ftp://mikho:[email protected]/jkernel-ppc- 18% of 66 MB 142 kBps 06m24s^C

24 | P a g e

fetch: transfer interrupted [abort] * SW2.3 # show ports 2,4 utilization bytes Port Link Rx Peak Rx Tx Peak Tx State bytes/sec bytes/sec bytes/sec bytes/sec ================================================================================ 2 A 5521 5521 169639 169639 4 A 0 5588 0 172405 ================================================================================ > indicates Port Display Name truncated past 8 characters Link State: A-Active, R-Ready, NP-Port Not Present, L-Loopback [edit interfaces] mikho@R3# top replace pattern 192.168.10.3/24 with 192.168.10.4/24 [edit interfaces] mikho@R3# commit commit complete [edit interfaces] mikho@R3# ...kernel-ppc-12.3X51-D10.5 ftp://mikho:[email protected]/ ftp://mikho:[email protected]/jkernel-ppc- 9% of 66 MB 143 kBps 07m04s^C fetch: transfer interrupted [abort] * SW2.3 # show ports 2,4 utilization bytes Port Link Rx Peak Rx Tx Peak Tx State bytes/sec bytes/sec bytes/sec bytes/sec ================================================================================ 2 A 5032 5521 9 169639 4 A 0 5588 155258 172405 ================================================================================ > indicates Port Display Name truncated past 8 characters Link State: A-Active, R-Ready, NP-Port Not Present, L-Loopback

25 | P a g e

5. DHCP Snooping / IP Source-Guard

5.1 TOPOLOGY

R1Cisco 1841

R2ACX1100

R3ACX1100




Fa0/0

Gi1/0/1 Gi1/0/2

Port 1 Port 1

Port 2 Port 2

Port 23 Port 3

Fa1/0/1

GE0/0/0 GE0/0/0

.1

.2

VLAN 10,20,30

VLAN 10,20,30 VLAN 10,20,30

VLAN 10,20,30VLAN 10,20,30

VLAN 10,20,30

Port 4Port 3

GE0/0/1

Port 24

DHCP Server

DHCP Client

Rogue DHCP Server

5.2 CONFIGURATION

SW2

enable ip-security dhcp-snooping vlan LAN20 port 1 violation-action drop-packet



configure trusted-ports 1-2 trust-for dhcp-server

enable ip-security source-ip-lockdown ports 3

26 | P a g e

SW3




block-port permanent

configure trusted-servers vlan LAN20 add server 192.168.20.1 trust-for dhcp-server

R1

ip dhcp pool TEST

network 192.168.20.0 255.255.255.0

default-router 192.168.20.1

domain-name ugt.ge

R2

system {

services {

ftp;

dhcp-local-server {

pool-match-order {

ip-address-first;

}

group GROUP1 {

interface ae0.20;

}

}

}

}

access {

address-assignment {

27 | P a g e

pool TEST {

family inet {

network 192.168.20.0/24;

}

}

}

}

R3

interfaces {

ge-0/0/0 {

unit 20 {

vlan-id 20;

family inet {

dhcp-client;

}

}

}

}

5.3 VERIFICATION

* SW2.1 # show ip-security dhcp-snooping entries LAN20 ------------------------------------------------------------------ Vlan: LAN20 ------------------------------------------------------------------ Lease Time Server Client IP Addr MAC Addr (hh:mm:ss) Port Port ------- -------- ---------- ------ ------ 192.168.20.9 28:8a:1c:74:9a:80 24:00:00 1 3 Total number of entries : 1 * SW2.2 # show ip-security source-ip-lockdown Ports Locked IP Address 3 192.168.20.9 mikho@R3# run show interfaces terse | except down

28 | P a g e

Interface Admin Link Proto Local Remote ge-0/0/0 up up ge-0/0/0.10 up up inet 192.168.10.4/24 multiservice ge-0/0/0.20 up up inet 192.168.20.9/24 multiservice ge-0/0/0.30 up up inet 192.168.30.3/24 multiservice ge-0/0/0.32767 up up multiservice ge-0/0/7 up up ge-0/0/7.0 up up inet 172.20.77.103/16 [edit interfaces] mikho@R3# run ping 192.168.20.1 PING 192.168.20.1 (192.168.20.1): 56 data bytes 64 bytes from 192.168.20.1: icmp_seq=0 ttl=255 time=1.319 ms 64 bytes from 192.168.20.1: icmp_seq=1 ttl=255 time=1.164 ms ^C --- 192.168.20.1 ping statistics --- 2 packets transmitted, 2 packets received, 0% packet loss round-trip min/avg/max/stddev = 1.164/1.241/1.319/0.078 ms [edit interfaces] mikho@R3# delete ge-0/0/0.20 family inet dhcp-client [edit interfaces] mikho@R3# set ge-0/0/0.20 family inet address 192.168.20.10/24 [edit interfaces] mikho@R3# commit commit complete [edit interfaces] mikho@R3# run ping 192.168.20.1 PING 192.168.20.1 (192.168.20.1): 56 data bytes ^C --- 192.168.20.1 ping statistics --- 4 packets transmitted, 0 packets received, 100% packet loss [edit interfaces] mikho@R3# delete ge-0/0/0.20 family inet address 192.168.20.10/24 ge-0/0/0.20 family inet dhcp-client [edit interfaces] mikho@R3# set ge-0/0/0.20 family inet dhcp-client [edit interfaces]

29 | P a g e

mikho@R3# commit commit complete [edit interfaces] SW3.15 # show log 02/24/2015 16:15:57.25 Remove port 23 from aggregator 02/24/2015 16:15:57.24 Port 23 is Down, remove from aggregator 23 02/24/2015 16:15:57.24 Port 23 link down 02/24/2015 16:15:57.19 Toggling AdminState on Port 23 02/24/2015 16:15:57.19 DHCP violation occurred. Disabling port 23 permanently 02/24/2015 16:15:57.19 A Rogue DHCP server with IP 192.168.20.2 was detected on port 23 * SW3.16 # show ports 23 no-refresh Port Summary Port Display VLAN Name Port Link Speed Duplex # String (or # VLANs) State State Actual Actual ================================================================== 23 (0004) D R ================================================================== Port State: D-Disabled, E-Enabled Link State: A-Active, R-Ready, NP-Port not present, L-Loopback, D-ELSM enabled but not up d-Ethernet OAM enabled but not up

30 | P a g e

6. IP Routing / OSPF

6.1 TOPOLOGY

VLAN20OSPF Area 20 Stub192.168.20.0/24

VLAN10OSPF Area 0

192.168.10.0/24

R1 R2SW2

6.2 CONFIGURATION

R1 router ospf 1

router-id 1.1.1.1

log-adjacency-changes

area 20 stub

interface Loopback0

ip address 10.1.1.1 255.255.255.255

ip ospf 1 area 20

interface FastEthernet0/0.10

shutdown


ip ospf 1 area 20


shutdown

R2 routing-options {

router-id 3.3.3.3;

}

protocols {

ospf {

area 0.0.0.0 {

interface ae0.10;

interface lo0.0;

}

}

}

SW2 configure vlan LAN10 ipaddress 192.168.10.12 255.255.255.0

enable ipforwarding vlan LAN10

configure vlan LAN20 ipaddress 192.168.20.12 255.255.255.0

31 | P a g e

enable ipforwarding vlan LAN20

configure ospf routerid 2.2.2.2

enable ospf

create ospf area 0.0.0.20

configure ospf area 0.0.0.20 stub nosummary stub-default-cost 10

configure ospf add vlan LAN10 area 0.0.0.0

configure ospf vlan LAN10 priority 0

configure ospf add vlan LAN20 area 0.0.0.20



configure ospf vlan raqcxa priority 0

6.3 VERIFICATION

[edit protocols ospf] mikho@R2# run show ospf interface Interface State Area DR ID BDR ID Nbrs ae0.10 DR 0.0.0.0 3.3.3.3 0.0.0.0 1 lo0.0 DR 0.0.0.0 3.3.3.3 0.0.0.0 0 [edit protocols ospf] mikho@R2# run show ospf neighbor Address Interface State ID Pri Dead 192.168.10.12 ae0.10 Full 2.2.2.2 0 32 [edit protocols ospf] mikho@R2# run show route protocol ospf inet.0: 12 destinations, 12 routes (12 active, 0 holddown, 0 hidden) + = Active Route, - = Last Active, * = Both 10.1.1.1/32 *[OSPF/10] 00:20:01, metric 6 > to 192.168.10.12 via ae0.10 192.168.20.0/24 *[OSPF/10] 00:20:01, metric 5 > to 192.168.10.12 via ae0.10 224.0.0.5/32 *[OSPF/10] 02:08:00, metric 1 MultiRecv * SW2.8 # show ospf interfaces VLAN IP Address AREA ID Flags Cost State Neighbors LAN10 192.168.10.12 /24 0.0.0.0 -rif- 4/A ODR 1 LAN20 192.168.20.12 /24 0.0.0.20 -rif- 4/A ODR 1 LAN30 192.168.30.12 /24 0.0.0.0 -r-f- 4/A DOWN 0 raqcxa 10.10.200.100 /24 0.0.0.0 -r-f- 10/A DOWN 0 Flags : f - Interface Forwarding Enabled, i - Interface OSPF Enabled,

32 | P a g e

n - Multinetted VLAN, p - Passive Interface, r - Router OSPF Enable, A - Automatic Cost, C - Configured Cost. Total number of interfaces: 4 * SW2.9 # show ospf neighbor Neighbor ID Pri State Up/Dead Time Address Interface 3.3.3.3 128 FULL /DR 00:00:21:01/00:00:00:09 192.168.10.2 LAN10 1.1.1.1 1 FULL /DR 00:00:21:06/00:00:00:02 192.168.20.1 LAN20 Total number of neighbors: 2 (All neighbors in Full state) * SW2.10 # sho iproute origin ospf Ori Destination Gateway Mtr Flags VLAN Duration #oa 10.1.1.1/32 192.168.20.1 5 UG-D---um--f- LAN20 0d:0h:21m:4s #oa 10.2.2.2/32 192.168.10.2 4 UG-D---um--f- LAN10 0d:0h:21m:0s Origin(Ori): (b) BlackHole, (be) EBGP, (bg) BGP, (bi) IBGP, (bo) BOOTP (ct) CBT, (d) Direct, (df) DownIF, (dv) DVMRP, (e1) ISISL1Ext (e2) ISISL2Ext, (h) Hardcoded, (i) ICMP, (i1) ISISL1 (i2) ISISL2 (is) ISIS, (mb) MBGP, (mbe) MBGPExt, (mbi) MBGPInter, (mp) MPLS Lsp (mo) MOSPF (o) OSPF, (o1) OSPFExt1, (o2) OSPFExt2 (oa) OSPFIntra, (oe) OSPFAsExt, (or) OSPFInter, (pd) PIM-DM, (ps) PIM-SM (r) RIP, (ra) RtAdvrt, (s) Static, (sv) SLB_VIP, (un) UnKnown (*) Preferred unicast route (@) Preferred multicast route (#) Preferred unicast and multicast route Flags: (B) BlackHole, (b) BFD protection requested, (c) Compressed, (D) Dynamic (f) Provided to FIB, (G) Gateway, (H) Host Route, (L) Matching LDP LSP (l) Calculated LDP LSP, (3) L3VPN Route, (m) Multicast, (P) LPM-routing (p) BFD protection active, (R) Modified, (S) Static, (s) Static LSP (T) Matching RSVP-TE LSP, (t) Calculated RSVP-TE LSP, (u) Unicast, (U) Up MPLS Label: (S) Bottom of Label Stack Mask distribution: 2 routes at length 32 Route Origin distribution: 2 routes from OSPFIntra Total number of routes = 2 Total number of compressed routes = 0 R1#sho ip ospf interface br Interface PID Area IP Address/Mask Cost State Nbrs F/C Lo0 1 20 10.1.1.1/32 1 LOOP 0/0

33 | P a g e

Fa0/0.20 1 20 192.168.20.1/24 1 DR 1/1 R1#sho ip ospf neighbor Neighbor ID Pri State Dead Time Address Interface 2.2.2.2 0 FULL/DROTHER 00:00:31 192.168.20.12 FastEthernet0/0.20 R1#sho ip route ospf O*IA 0.0.0.0/0 [110/11] via 192.168.20.12, 00:21:49, FastEthernet0/0.20 mikho@R2# run ping 10.1.1.1 source 10.2.2.2 PING 10.1.1.1 (10.1.1.1): 56 data bytes 64 bytes from 10.1.1.1: icmp_seq=0 ttl=254 time=1.317 ms 64 bytes from 10.1.1.1: icmp_seq=1 ttl=254 time=1.273 ms 64 bytes from 10.1.1.1: icmp_seq=2 ttl=254 time^C --- 10.1.1.1 ping statistics --- 3 packets transmitted, 3 packets received, 0% packet loss round-trip min/avg/max/stddev = 1.230/1.273/1.317/0.036 ms

34 | P a g e

7. First-Hop Redundancy / VRRP

7.1 TOPOLOGY

8.8.8.8 8.8.8.8

VLAN20192.168.20.0/24

.12.11

.2

VRRP ID 1VIP 192.168.20.1

R1

R2

SW2

7.2 CONFIGURATION

SW2

create vlan "LOOPBACK"

enable loopback-mode vlan LOOPBACK

configure vlan LOOPBACK ipaddress 8.8.8.8 255.255.255.255

create vrrp vlan LAN20 vrid 1

configure vrrp vlan LAN20 vrid 1 priority 110

configure vrrp vlan LAN20 vrid 1 authentication simplepassword CISCO

configure vrrp vlan LAN20 vrid 1 add 192.168.20.1

enable vrrp vlan LAN20 vrid 1

35 | P a g e

R1

interface Loopback100

ip address 8.8.8.8 255.255.255.255

!


vrrp 1 ip 192.168.20.1

vrrp 1 priority 120

vrrp 1 authentication CISCO

end

7.3 VERIFICATION

R1#sho vrrp all FastEthernet0/0.20 - Group 1 State is Master Virtual IP address is 192.168.20.1 Virtual MAC address is 0000.5e00.0101 Advertisement interval is 1.000 sec Preemption enabled Priority is 120 Authentication text "CISCO" Master Router is 192.168.20.11 (local), priority is 120 Master Advertisement interval is 1.000 sec Master Down interval is 3.531 sec * SW2.48 # show vrrp vlan LAN20 VLAN: LAN20 VRID: 1 VRRP: Enabled State: BACKUP Virtual Router: VR-Default Priority: 110(backup) Advertisement Interval: 1 sec Preempt: Yes Authentication: simple-password key: CISCO Virtual IP Addresses: 192.168.20.1 Tracking mode: ALL Tracked Pings: - Tracked IP Routes: - Tracked VLANs: - * indicates a tracking condition has failed R1(config)#int fa0/0

36 | P a g e

R1(config-if)#shut R1(config-if)# *Feb 24 12:05:29.436: %VRRP-6-STATECHANGE: Fa0/0.20 Grp 1 state Master -> Init *Feb 24 12:05:31.436: %LINK-5-CHANGED: Interface FastEthernet0/0, changed state to administratively down *Feb 24 12:05:32.436: %LINEPROTO-5-UPDOWN: Line protocol on Interface FastEthernet0/0, changed state to down mikho@R2# run ping 8.8.8.8 rapid count 10000 PING 8.8.8.8 (8.8.8.8): 56 data bytes !!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!.!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!^C --- 8.8.8.8 ping statistics --- 512 packets transmitted, 510 packets received, 0% packet loss round-trip min/avg/max/stddev = 27.153/28.614/47.702/2.189 ms

Extreme Networks switches test report

Documents

Transcript of Extreme Networks switches test report