Documenti di Didattica
Documenti di Professioni
Documenti di Cultura
In this article I will show how can you can configure router. For demonstration purpose I used packet tracer software. If you havent install packet tracer read our pervious article to download and install packet tracer. Link is given on the top side of left. Create a simple topology by dragging dives on workspace as shown in figure.
Click inside the Router and select CLI and press Enter to get started. Setup mode start automatically if there is no startup configuration present. The answer inside the square brackets [ ], is the default answer. If this is the answer you want, just press enter. Pressing CTRL+C at any time will end the setup process, shut down all interfaces, and take you to user mode(Router>). You cannot use setup mode to configure an entire router. It does only the basics. For example, you can only turn on either RIPv1 or Interior Gateway Routing Protocol (IGRP), but not Open Shortest Path First Protocol (OSPF) or Enhanced Interior Gateway Routing Protocol (EIGRP). You cannot create access control lists (ACL) here or enable Network Address Translation (NAT). You can assign an IP address to an interface, but not to a subinterface. All in all, setup mode is very limiting. --- System Configuration Dialog --- Continue with configuration dialog? [yes/no]: Write no and press enter. To get router prompt You are now connected to Router and are in user mode prompt. The prompt is broken down into two parts, the hostname and the mode. "Router" is the Router0's hostname and ">" means you are in user mode. Press RETURN to get started Router> User mode is indicated with the '>' next to the router name. in this mode you can look at settings but can not make changes. In Privilege mode(indicated by the '#', you can do anything). To get into privilege mode the keyword is enable. Next type the command enable to get to the privileged mode prompt. Router > enable Router#
To get back to the user mode, simply type disable. From the user mode type logout or exit to leave the router. Router#disable Router> Router>exit Router con0 is now available Press RETURN to get started press enter to get back router prompt Router> You are now in User mode. Type ?to view all the available commands at this prompt. Router>? From privilege mode you can enter in configuration mode by typing configure terminal you can exit configuration mode typeexit or <CTL>+z Router>enable Router#config terminal Router(config)#exit Router# To view all commands available from this mode type ? and press enter This will give you the list of all available commands for the router in your current mode. You can also use the question mark after you have started typing a command. For example if you want to use a show command but you do not remember which one it uses 'show ?' will output all commands that you can use with the show command. Router#show ? access-expression List access expression access-lists List access lists backup Backup status cdp CDP information clock Display the system clock cls DLC user information compress Show compression statistics configuration Contents of Non-Volatile memory --More--
Configuring Passwords
This command works on both routers and switches Router(config)#enable password test Router(config)#enable secret vinita Router(config)#line console 0 Router(config-line)#password console Router(config-line)#login Router(config)#line vty 0 4 Router(config-line)#password telnet Router(config-line)#login Router(config)#line aux 0 Router(config-line)#password aux Router(config-line)#login Sets enable password to test Sets enable secret password to vinita Enters console line mode Sets console line mode password to console Enables password checking at login Enters vty line mode for all five vty lines Sets vty password to telnet Enables password checking at login Enters auxiliary line mode Sets auxiliary line mode password to aux Enables password checking at login
CAUTION: The enable secret password is encrypted by default. The enable password is not. For this reason, recommended practice is that you never use the enable password command. Use only the enable secret password command in a router or switch configuration. You cannot set both enable secret password and enable password to the same password. Doing so defeats the use of encryption.
The MOTD banner is displayed on all terminals and is useful for sending messages that affect all users. Use the no banner motd command to disable the MOTD banner. The MOTD banner displays before the login prompt and the login banner, if one has been created.
The command exec-timeout 0 0 is great for a lab environment because the console never logs out. This is considered to be bad security and is dangerous in the real world. The default for the exec-timeout command is 10 minutes and zero (0) seconds (exec-timeout 10 0).
Click inside the Router and select CLI and press Enter to get started. --- System Configuration Dialog --Continue with configuration dialog? [yes/no]: no Press RETURN to get started! Router>enable Router#configure terminal Enter configuration commands, one per line. End with CNTL/Z. Router(config)#hostname R1 R1(config)#interface fastethernet 0/0 R1(config-if)#description Student Lab LAN R1(config-if)#ip address 192.168.20.1 255.255.255.0 R1(config-if)#no shutdown %LINK-5-CHANGED: Interface FastEthernet0/0, changed state to up %LINEPROTO-5-UPDOWN: Line protocol on Interface FastEthernet0/0, changed state to up R1(config-if)#exit R1(config)#banner motd # Next Schedule metting with is postponed # R1(config)#banner login # Unauthorized access is prohibited ! Enter you user name and password # R1(config)#ip host Lucknow 172.16.1.1 R1(config)#no ip domain-lookup
R1(config)#line console 0 R1(config-line)#exec-timeout 0 0 R1(config-line)#logging synchronous R1(config-line)#password consloe R1(config-line)#login R1(config-line)#exit R1(config)#line vty 0 4 R1(config-line)#password telnet R1(config-line)#login R1(config-line)#exit % Unrecognized command R1(config)#enable password test R1(config)#enable secret vinita R1(config)#exit %SYS-5-CONFIG_I: Configured from console by console R1#copy running-config startup-config Destination filename [startup-config]? Building configuration... [OK] R1# Share this post In this tutorial I will demonstrate that how can you Configure Access or Trunk links Create VLAN Assign VLAN membership Configure Intra VLAN routing Configure VTP Server Make VTP Clients Show STP Static Configure DTP port To complete these lab either create a topology as shown in figure or download this file and load it in packet tracer
PC configurations Devices IP Address PC0 PC1 PC2 PC3 PC4 PC5 10.0.0.2 20.0.0.2 10.0.0.3 20.0.0.3 10.0.0.4 20.0.0.4 VLAN VLAN10 VLAN20 VLAN10 VLAN20 VLAN10 VLAN20 Connected With Switch1 on F0/1 Switch1 on F0/2 Switch2 on F0/1 Switch2 on F0/2 Switch3 on F0/1 Switch3 on F0/2
2960 24 TTL Switch 1 Configuration Port Connected to F0/1 With PC0 F0/2 With PC1 Gig1/1 With Router Gig 1/2 With Switch2 F0/24 Witch Switch2 VLAN VLAN10 VLAN20 VLAN 10,20 VLAN 10,20 VLAN 10,20 LINK Access Access Trunk Trunk Trunk STATUS OK OK OK OK OK
2960 24 TTL Switch 2 Configuration F0/1 With PC0 F0/2 With PC1 Gig 1/2 With Switch1 Gig 1/1 With Switch3 F0/24 Witch Switch1 F0/23 Witch Switch3 VLAN10 VLAN20 VLAN 10,20 VLAN 10,20 VLAN 10,20 VLAN 10,20 Access Access Trunk Trunk Trunk Trunk OK OK OK OK Blocked OK
2960 24 TTL Switch 3 Configuration F0/1 With PC0 F0/2 With PC1 Gig 1/1 With Switch2 F0/24 Witch Switch1 VLAN10 VLAN20 VLAN 10,20 VLAN 10,20 Access Access Trunk Trunk OK OK OK Blocked
Task
You are the administrator at ComputerNetworkingNotes.com. company have two department sales and management. You have given three pc for sales and three pc in management. You created two VLAN. VLAN 10 for sales and VLAN20 for management. For backup purpose you have interconnected switch with one extra connection. You have one router for intera VLAN communications. Let's start configuration first assign IP address to all pc's To assign IP address double click on pc and select ip configurations from desktop tab and give ip address as shown in table given above
Switch 3 Switch>enable Switch#configure terminal Enter configuration commands, one per line. End with CNTL/Z. Switch(config)#hostname S3 S3(config)#vtp mode client Setting device to VTP CLIENT mode. S3(config)#vtp domain example Changing VTP domain name from NULL to example S3(config)#vtp password vinita Setting device VLAN database password to vinita S3(config)#
FastEthernet0/24, FastEthernet0/24,
GigabitEthernet1/2, GigabitEthernet1/2,
Switch 2 S2(config)#interface gigabitEthernet 1/1 S2(config-if)#switchport mode trunk %LINEPROTO-5-UPDOWN: Line protocol on Interface GigabitEthernet1/1, changed state to down %LINEPROTO-5-UPDOWN: Line protocol on Interface GigabitEthernet1/1, changed state to up S2(config-if)#exit S2(config)#interface gigabitEthernet 1/2 S2(config-if)#switchport mode trunk S2(config-if)#exit S2(config)#interface fastEthernet 0/23 S2(config-if)#switchport mode trunk %LINEPROTO-5-UPDOWN: Line protocol on Interface FastEthernet0/23,
changed state to down %LINEPROTO-5-UPDOWN: Line protocol on Interface FastEthernet0/23, changed state to up S2(config-if)#exit S2(config)#interface fastEthernet 0/24 S2(config-if)#switchport mode trunk S2(config-if)#exit Switch 3 S3(config)#interface fastEthernet 0/24 S3(config-if)#switchport mode trunk S3(config-if)#exit S3(config)#interface gigabitEthernet 1/1 S3(config-if)#switchport mode trunk S3(config-if)#exit
Now we have two working vlan. To test connectivity do ping form 10.0.0.2 to 10.0.0.3 and 10.0.0.4. if you get successfully replay then you have successfully created VLAN and VTP server.
Spanning-Tree Protocol
In this configuration STP will block these ports F0/24 of S1 , F0/23 and F0/24 of S2 and F0/24 of S3 to avoid loop at layer to two. Verify those ports blocked due to STP functions
Interface Role ---------------- ---Fa0/1 Desg Fa0/2 Desg Fa0/23 Desg Fa0/24 Altn Gi1/1 Desg Gi1/2 Root [Output is omitted] S2#
You can test STP protocols status on S1 and S3 also with show spanning-tree active command
Router on Stick
At this point of configuration you have two successfully running VLAN but they will not connect each other. To make intra VLAN communications we need to configure router . To do this double click on router and select CLI.
Router#configure terminal Enter configuration commands, one per line. End with CNTL/Z. Router(config)#interface fastEthernet 0/0 Router(config-if)#no ip address Router(config-if)#no shutdown Router(config-if)#exit Router(config)#interface fastEthernet 0/0.10 Router(config-subif)#encapsulation dot1Q 10 Router(config-subif)#ip address 10.0.0.1 255.0.0.0 Router(config-subif)#exit Router(config)#interface fastEthernet 0/0.20 Router(config-subif)#encapsulation dot1Q 20 Router(config-subif)#ip address 20.0.0.1 255.0.0.0 Router(config-subif)#exit To test connectivity between different vlan do ping form any pc to all reaming pc. it should be ping successfully. If you have error download this configured topology and cross check that where you have committed mistake. Configured VLAN VTP STP topology
Displays VLAN information Displays VLAN information in brief Displays information about VLAN 10 only Displays information about VLAN named sales only
Displays interface characteristics for the specified VLAN Removes the entire VLAN database from flash. Make sure there is no space between the colon (:) and the characters vlan.dat. You can potentially erase the entire contents of the flash with this command if the syntax is not correct. Make sure you read the output from the switch. If you need to cancel, press ctrl+c to escape back to privileged mode:
Switch(config)#interface fastethernet 0/5 Switch(config-if)#no switchport access vlan 5 Switch(config-if)#exit Switch(config)#no vlan 5 Switch#copy running-config startupconfig Switch(config-if) #switchport mode trunk Switch(config)#vtp mode server Switch(config)#vtp mode client Switch(config)#vtp mode transparent Switch(config)#no vtp mode Switch(config)#vtp domain domain-name Switch(config)#vtp password password Switch(config)#vtp pruning Switch#show vtp status Switch#show vtp counters
Removes port from VLAN 5 and reassigns it to VLAN 1the default VLAN.
Moves to global configuration mode. Removes VLAN 5 from the VLAN database.
Saves the configuration in NVRAM Puts the interface into permanent trunking mode and negotiates to convert the link into a trunk link. Changes the switch to VTP server mode. Changes the switch to VTP client mode.
Configures the VTP domain name. The name can be from 1 to 32 characters long. Configures a VTP password .
Enables VTP pruning Displays general information about VTP configuration Displays the VTP counters for the switch
Share this post Bridges and switches are layer 2 devices that segment (break up) collision domains. A collision domain basically includes all the devices that share a media type at layer 1.
Methods of Switching
Store and Forward
Store and Forward is the basic mode that bridges and switches use. It is the only mode that bridges can use, but many switches can use one or more of the other modes as well, depending on the model. In Store-and-Forward switching, the entire frame is buffered (copied into memory) and the Cyclic Redundancy Check (CRC), also known as the FCS or Frame Check Sequence is run to ensure that the frame is valid and not corrupted.
Cut Through
Cut Through is the fastest switching mode. The switch analyzes the first six bytes after the preamble of the frame to make its forwarding decision. Those six bytes are the destination MAC address, which, if you think about it, is the minimum amount of information a switch has to look at to switch efficiently. After the forwarding decision has been made, the switch can begin to send the frame out the appropriate port(s), even if the rest of the frame is still arriving at the inbound port. The chief advantage of Cut-Through switching is speed; no time is spent running the CRC, and the frame is forwarded as fast as possible
Fragment-free
Switching will switch a frame after the switch sees at least 64 bytes, which prevents the switching of runt frames. This is the default switching method for the 1900 series. 2950 doesnt support cut -through Fragment-Free switching is sometimes called "runtless" switching for this reason. Because the switch only ever buffers 64 bytes of each frame, Fragment Free is a faster mode than Store and Forward, but there still exists a risk of forwarding bad frames, so the previously described mechanisms to change to Store and Forward if excessive bad CRCs are received are often implemented as well.
Forwarding
Address learning refers to the intelligent capability of switches to dynamically learn the source MAC addresses of devices that are connected to its various ports. These addresses are stored in RAM in a table that lists the address and the port on which a frame was last received from that address. This enables a switch to selectively forward the frame out the appropriate port(s), based on the destination MAC address of the frame. Anytime a device that is connected to a switch sends a frame through the switch, the switch records the source MAC address of the frame in a table and associates that address with the port the frame arrived on. There are some situations in which a switch cannot make its forwarding decision and flood the frame. Three frame types that are always flooded: Broadcast address Destination MAC address of FFFF.FFFF.FFFFF Multicast address Destination MAC addresses between 0100.5E00.0000 and 0100.5E7F.FFFF
Unknown unicast destination MAC addresses The MAC address is not found in the CAM table
EtherChannels
An EtherChannelis a layer 2 solution that allows you to aggregate multiple layer 2 Ethernet-based connections between directly connected devices. Basically, an EtherChannel bundles together multiple Ethernet ports between devices, providing what appears to be single logical interface. EtherChannels provide these advantages:
Redundancy If one connection in the channel fails, you can use other connections in the channel. More bandwidth each connection can be used simultaneously to send frames. Simplified management Configuration is done on the logical interface, not on each individual connection in the channel.
EtherChannel Restrictions
Interfaces in an EtherChannel must be configured identically: speed, duplexing, and VLAN settings (in the same VLAN if they are access ports or the same trunk properties) must be the same. When setting up EtherChannels, you can use up to eight interfaces bundled together: Up to eight Fast Ethernet connections, providing up to 800 Mbps Up to eight Gigabit Ethernet connections, providing up to 8 Gbps Up to eight 10-Gigabit Ethernet connections, providing up to 80 Gbps You can have a total of six EtherChannels on a switch.
EtherChannel Operations
Channels can be formed dynamically between devices by using one of two protocols: Port Aggregation Protocol (PAgP) or Link Aggregation Control Protocol (LACP). Remember that ports participating in a channel must be configured identically. Once a channel is formed, load balancing can be used by the connected devices to utilize all the ports in the channel. Load balancing is performed by reducing part of the binary addressing in the frame or packet to a numeric value and then associating the numeric value to one of the ports in the channel. Load balancing can use MAC or IP addresses, source or destination addresses, or both source and destination address pairs. With this fashion, you are guaranteed that all links in the channel will be utilized; however, you are not guaranteed that all the ports will be utilized the same. For example, if you are load balancing based on source addresses; you are guaranteed that different source MAC addresses will use different ports in the channel. All traffic from a single-source MAC address, however, will always use the same port in the channel. Given this situation, if you have one device generating a lot of traffic, that link will possibly be utilized more than other links in the channel. In this situation, you might want to load balance based on destination or both source and destination addresses. In our last article we learn about basic functions of switching. We mentioned that one of the functions of a switch was Layer 2 Loop removal. The Spanning Tree Protocol (STP) carries out this function. STP is a
critical feature; without it many switched networks would completely stop to function. Either accidentally or intentionally in the process of creating a redundant network, the problem arises when we create a looped switched path. A loop can be defined as two or more switches that are interconnected by two or more physical links. Switching loops create three major problems: Broadcast stormsSwitches must flood broadcasts, so a looped topology will create multiple copies of a single broadcast and perpetually cycle them through the loop. MAC table instabilityLoops make it appear that a single MAC address is reachable on multiple ports of a switch, and the switch is constantly updating the MAC table. Duplicate frames Because there are multiple paths to a single MAC, it is possible that a frame could be duplicated in order to be flooded out all paths to a single destination MAC. All these problems are serious and will bring a network to an effective standstill unless prevented
Root Port
After the root switch is elected, every other switch in the network needs to choose a single port on itself that it will use to reach the root. This port is called the root port. The root port is always the link directly connected to the root bridge, or the shortest path to the root bridge. If more than one link connects to the root bridge, then a port cost is determined by checking the bandwidth of each link. The lowest-cost port becomes the root port. If multiple links have the same cost, the bridge with the lower advertising bridge ID is used. Since multiple links can be from the same device, the lowest port number will be used.
Root Bridge
Switch with the lowest switch ID is chosen as root. The switch ID is made up of two components: The switch's priority, which defaults to 32,768 on Cisco switches (two bytes in length) The switch's MAC address (six bytes in length)
All other decisions in the network such as which port is to be blocked and which port is to be put in forwarding modeare made from the perspective of this root bridge
BPDUs
Which are sent out as multicast information that only other layer-2 devices are listening to. BPDUs are used to share information, and these are sent out as multicasts every two seconds. The BPDU contains the bridge's or switch's ID, made up of a priority value and the MAC address. BPDUs are used for the election process.
Path Costs
Path costs are calculated from the root switch. A path cost is basically the accumulated port costs from the root switch to other switches in the topology. When the root advertises BPDUs out its interfaces, the default path cost value in the BPDU frame is 0. When a connected switch receives this BPDU, it increments the path cost by the cost of its local incoming port. If the port was a Fast Ethernet port, then the path cost would be figured like this: 0 (the root's path cost) + 19 (the switch's port cost) = 19. This switch, when it advertises BPDUs to switches behind it, will include the updated path cost. As the BPDUs propagate further and further from the root switch, the accumulated path cost values become higher and higher. Connection Type 10Gb 1Gb 100Mb 10Mb New Cost Value 2 4 19 100 Old Cost Value 1 1 10 100
Remember that path costs are incremented as a BPDU comes into a port, not when a BPDU is advertised out of a port. Designated Port A designated port is one that has been determined as having the best (lowest) cost. A designated port will be marked as a forwarding port. Each (LAN) segment also has a single port that is uses to reach the root. This port is called adesignated port Forwarding port A forwarding port forwards frames. Blocked port A blocked port is the port that, in order to prevent loops, will not forward frames. However, a blocked port will always listen to frames
Nondesignated port A nondesignated port is one with a higher cost than the designated port. Nondesignated ports are put in blocking modethey are not forwarding ports.
Port States
Blocking
Ports will go into a blocking state under one of three conditions: Election of a root switch (for instance, when you turn on all the switches in a network) When a switch receives a BPDU on a port that indicates a better path to the root switch than the port the switch is currently using to reach the root If a port is not a root port or a designated port. A port in a blocked state will remain there for 20 seconds by default during this state; the port is only listening to and processing BPDUs on its interfaces. Any other frames that the switch receives on a blocked port are dropped.
Listening
the port is still listening for BPDUs and double-checking the layer-2 topology. Again, the only traffic that is being processed in this state consists of BPDUs; all other traffic is dropped. default for this value is 15 seconds.
Learning
Port is still listening for and processing BPDUs on the port; however, unlike while in the listening state, the port begins to process user frames. When processing user frames, the switch is examining the source addresses in the frames and updating its CAM table, but the switch is still not forwarding these frames out destination ports. Defaults to 15 seconds
Forwarding
the port will process BPDUs, update its CAM table with frames that it receives, and forward user traffic through the port.
Disabled
A port in a disabled state is not participating in STP.
Convergence
STP convergence has occurred when all root and designated ports are in a forwarding state and all other ports are in a blocking state.
Per-VLAN STP
STP doesn't guarantee an optimized loop-free network. PVST supports one instance of STP per VLAN.
RSTP BPDUs
With 802.1w, if a BPDU is not received in three expected hello periods (6 seconds), STP information can be aged out instantly and the switch considers that its neighbor is lost and actions should be taken. This is different from 802.1d, where the switch had to miss the BPDUs from the roothere, if the switch misses three consecutive hellos from a neighbor, actions are immediately taken. Share this post A virtual LAN (VLAN) is a logical grouping of network devices in the same broadcast domain that can span multiple physical segments.
Advantages of VLANs:
Increase the number of broadcast domains while reducing their size. Provide additional security. Increase the flexibility of network equipment. Allow a logical grouping of users by function, not location. Make user adds, moves, and changes easier.
Scalability
VLANs provide for location independence. This flexibility makes adds, changes, and moves of networking devices a simple process. It also allows you to group people together, which also makes implementing your security policies straightforward. IP protocols supports 500 devices per vlans.
VLAN Membership
A device's membership in a VLAN can be determined by one of two methods: static or dynamic Static: - you have to assign manually Dynamic:- Configure VTP server and it will automatically do rest
VLAN Connections
two types of connections: access links and trunks. Access-Link Connections An access-link connection is a connection between a switch and a device with a normal Ethernet NIC, where the Ethernet frames are transmitted unaltered. Trunk Connections trunk connections are capable of carrying traffic for multiple VLANs. Cisco supports two Ethernet trunking methods: Cisco's proprietary Inter Switch Link (ISL) protocol for Ethernet IEEE's 802.1Q, commonly referred to as dot1q for Ethernet ISL is Cisco-proprietary trunking method that adds a 26-byte header and a 4-byte trailer to the original Ethernet frame. Cisco's 1900 switch supports only ISL 802.1Q is a standardized trunking method that inserts a four-byte field into the original Ethernet frame and recomputed the FCS. The 2950 only supports 802.1Q. 802.1Q trunks support two types of frames: tagged and untagged. An untagged frame does not carry any VLAN identification information in itbasically, this is a standard, unaltered Ethernet frame. A tagged frame contains VLAN information, and only other 802.1Q-aware devices on the trunk will be able to process this frame
Trunk Tagging
For VLANs to span across multiple switches, you obviously need to connect the switches to each other. Although it is possible to simply plug one switch into another using an Access port just as you would plug in a host or a hub, doing so kills the VLAN-spanning feature and a bunch of other useful stuff too. A switch-to-switch link must be set up as a trunk link in order for the VLAN system to work properly. A trunk link is a special connection; the key difference between an ordinary connection (an Access port) and a Trunk port is that although an Access port is only in one VLAN at a time, a Trunk port has the job of carrying traffic for all VLANs from one switch to another. Any time you connect a switch to another switch, you want to make it a trunk. Trunking methods create the illusion that instead of a single physical connection between the two trunking devices, a separate logical connection exists for each VLAN between them. When trunking, the switch adds the source port's VLAN identifier to the frame so that the device (typically a switch) at the other end of the trunk understands what VLAN originated this frame and the destination switch can make intelligent forwarding decisions on not just the destination MAC address, but also the source VLAN
identifier. Since information is added to the original Ethernet frame, normal NICs will not understand this information and will typically drop the frame. Therefore, you need to ensure that when you set up a trunk connection on a switch's interface, the device at the other end also supports the same trunking protocol and has it configured. If the device at the other end doesn't understand these modified frames or is not set up for trunking, it will, in most situations, drop them. The modification of these frames, commonly called tagging. By default, all VLANs are permitted across a trunk link. Switch-to-Switch trunk links always require the use of a crossover cable, never a straight-through cable. Key feature about DTP A trunk can be created only on a Fast Ethernet or Gigabit Ethernet connection; 10Mb Ethernet ports are not fast enough to support the increased traffic from multiple VLANs, so the commands are not available for a regular Ethernet port. By default, traffic from all VLANs is allowed on a trunk. You can specify which VLANs are permitted (or not) to cross a particular trunk if you have that requirement, but these functions are not covered in the CCNA exam. Switches (whether trunked or not) are always connected with crossover cables, not straight-through cables. Dynamic Trunk Protocol (DTP) DTP supports five trunking modes On or Trunk interface always assumes the connection is a trunk, even if the remote end does not support trunking. Desirable the interface will generate DTP messages on the interface, but it make the assumption that the other side is not trunk-capable and will wait for a DTP message from the remote side. In this state, the interface starts as an access-link connection. If the remote side sends a DTP message, and this message indicates that trunking is compatible between the two switches, a trunk will be formed and the switch will start tagging frames on the interface. If the other side does not support trunking, the interface will remain as an access-link connection Auto-negotiate interface passively listens for DTP messages from the remote side and leaves the interface as an access-link connection. If the interface receives a DTP message, and the message matches trunking capabilities of the interface, then the interface will change from an access-link connection to a trunk connection and start tagging frames
No-negotiate, interface is set as a trunk connection and will automatically tag frames with VLAN information; however, the interface will not generate DTP messages: DTP is disabled. This mode is typically used when connecting trunk connections to non-Cisco devices that don't understand Cisco's proprietary trunking protocol and thus won't understand the contents of these messages.
Off If an interface is set to off, the interface is configured as an access link. No DTP messages are generated in this mode, nor are frames tagged.
VTP Messages
An advertisement request message is a VTP message a client generates When the server responds to a client's request, it generates a subset advertisement A summary advertisement is also generated by a switch in VTP server mode. Summary advertisements are generated every five minutes by default (300 seconds), or when a configuration change takes place on the server switch
VTP Pruning
VTP gives you a way to preserve bandwidth by configuring it to reduce the amount of broadcasts, multicasts, and unicast packets. This is called pruning. VTP pruning enabled switches sends broadcasts only to trunk links that actually must have the information. VTP pruning is used on trunk connections to dynamically remove VLANs not active between the two switches. It requires all of the switches to be in server mode In this article I will show you that how can you Configuring the IP address and subnet mask Setting the IP default gateway Enable telnet session for switch Enable Ethereal Channel Enable port security To perform this activity download this lab topology and load in packet tracer or create your own topology as shown in figure Switch Port Security
assign secure MAC addresses to a secure port, the port does not forward packets with source addresses outside the group of defined addresses. Switch>enable Switch#configure terminal Enter configuration commands, one per line. End with CNTL/Z. Switch(config)#hostname S2 S2(config)#interface fastEthernet 0/1 S2(config-if)#switchport mode access S2(config-if)#switchport port-security S2(config-if)#switchport port-security maximum 1 S2(config-if)#switchport port-security mac-address sticky S2(config-if)#switchport port-security violation shutdown S2(config-if)#exit S2(config)# You can verify port security. Click on the red x button on the right hand portion of the PT window. This will allow you to delete a connection in the topology. Place the x over the connection between Server and S2 and click. The connection should disappear. Select the lightening bolt button on the bottom left-hand corner of the PT window to pull up connection types. Click thecopper straight-through connection. Click the TestPC device and select the fastethernet port. Next, click on S2 and select port Fa0/1. From the command prompt of TestPC type the command ping 10.0.0.4. The ping should fail. On S3, enter the command show port-security interface fa0/1. Port security is enabled, port-status is secure-shutdown, security violation count is 1.
To enable EtherChannel on DLS1, enter the interface range mode for ports F0/11 and F0/12 on with the command interface range f0/11 - 12.
Enter the command switchport mode trunk. Enter the command channel-group 1 mode desirable. Repeat steps a through c on DLS2. DLS1>enable DLS1#configure terminal DLS1(config)#interface range fastEthernet 0/11 - 12 DLS1(config-if-range)#switchport mode trunk DLS1(config-if-range)#channel-group 1 mode desirable DLS1(config-if-range)#exit DLS1(config)#exit DLS1# Share this post