Tuesday, April 19, 2011

Cisco HDLC

HDLC(High level Data Link Control) is a WAN protocol developed by ISO. Cisco implemented its own HDLC, to support multiple protocols. It added a 16-bit protocol field. Default for serial and dialer interfaces in Cisco devices.

cHDLC frame structure

The following table describes the make up of a cHDLC frame on the wire.

Useful commands:
show int serial (check for encapsulation field)
show controller serial (check for DTE\DCE and clock settings)

Monday, April 18, 2011

Cisco Router as a Frame Relay switch

Below is the simple setup about using Router(FR_Switch) as a Frame Relay switch

Hostname FR_Switch
frame-relay switching
interface Serial0/0
description Connected to R1 S0/0
no ip address
encapsulation frame-relay
clock rate 2000000
frame-relay lmi-type ansi
frame-relay intf-type dce
frame-relay route 102 interface Serial0/1 201
interface Serial0/1
no ip address
encapsulation frame-relay
clock rate 2000000
frame-relay lmi-type ansi
frame-relay intf-type dce
frame-relay route 201 interface Serial0/0 102

Hostname R1
interface Serial0/0
ip address
encapsulation frame-relay
hostname R2
interface Serial0/0
ip address
encapsulation frame-relay
show frame-relay route (FR Switch)
show frame-relay map (R1/R2)
show frame-relay pvc (R1/R2/FR Switch)
show frame-relay lmi (R1/R2/FR Switch)
ping ip address (R1/R2)

Sunday, April 17, 2011

Frame relay

->Frame-relay configuration - minimal tasklist
• Enabling Frame Relay Encapsulation on an Interface (Required)
• Configuring Dynamic or Static Address Mapping (Required)

->Configuring Frame Relay End-to-End Keepalives
Frame Relay end-to-end keepalives enable monitoring of PVC status for network monitoring
End-to-end keepalives can be configured in one of four modes: bidirectional, request, reply, or passive-reply.
• In bidirectional mode, both the send side and receive side are enabled. The device’s send side sends out and waits for replies to keepalive requests from the receive side of the other PVC device. The device’s receive side waits for and replies to keepalive requests from the send side of the other PVC device.
• In request mode, only the send side is enabled, and the device sends out and waits for replies to its keepalive requests.
• In reply mode, only the receive side is enabled, and the device waits for and replies to keepalive requests.
• In passive-reply mode, the device only responds to keepalive requests, but does not set any timers or keep track of any events.

->Subinterfaces can be configured for multipoint or point-to-point communication. (There is no default.)

->Useful Commands
no frame relay inverse-arp Disables Frame Relay Inverse ARP
clear frame-relay-inarp Clears dynamically created Frame Relay maps, which are created
by the use of Inverse ARP.

show frame-relay map Displays the current Frame Relay map entries.
show frame-relay pvc Displays PVC statistics.
show frame-relay end-to-end keepalive interface Shows the status of Frame Relay end-to-end

Sample output shown below:

R3#show frame-relay map
Serial0/0 (up): ip dlci 305(0x131,0x4C10), dynamic,
broadcast,, status defined, active
R3(config-fr-dlci)#do show frame map
Serial0/0.1 (up): point-to-point dlci, dlci 305(0x131,0x4C10), broadcast
status defined, active
R3(config-subif)#do show frame pvc

PVC Statistics for interface Serial0/0 (Frame Relay DTE)

Active Inactive Deleted Static
Local 1 0 0 0
Switched 0 0 0 0
Unused 0 0 0 0


input pkts 6 output pkts 0 in bytes 848
out bytes 0 dropped pkts 0 in pkts dropped 0
out pkts dropped 0 out bytes dropped 0
in FECN pkts 0 in BECN pkts 0 out FECN pkts 0
out BECN pkts 0 in DE pkts 0 out DE pkts 0
out bcast pkts 0 out bcast bytes 0
5 minute input rate 0 bits/sec, 0 packets/sec
5 minute output rate 0 bits/sec, 0 packets/sec
pvc create time 00:00:58, last time pvc status changed 00:00:58

R3#show frame-relay end-to-end keepalive int se0/0.2

End-to-end Keepalive Statistics for Interface Serial0/0.2 (Frame Relay DTE)



Send Sequence Number: 255, Receive Sequence Number: 0
Configured Event Window: 3, Configured Error Threshold: 2
Total Observed Events: 31, Total Observed Errors: 31
Monitored Events: 3, Monitored Errors: 3
Successive Successes: 0, End-to-end VC Status: DOWN


Send Sequence Number: 0, Receive Sequence Number: 0
Configured Event Window: 3, Configured Error Threshold: 2
Total Observed Events: 20, Total Observed Errors: 20
Monitored Events: 3, Monitored Errors: 3
Successive Successes: 0, End-to-end VC Status: DOWN

Failures Since Started: 1, Last Failure: 00:04:54

Wednesday, April 13, 2011

Switching.. Bullet points(continued..)

->The private-VLAN feature addresses two problems that service providers face when using VLANs:
•Scalability: The switch supports up to 1005 active VLANs. If a service provider assigns one VLAN per customer, this limits the numbers of customers the service provider can support.
•To enable IP routing, each VLAN is assigned a subnet address space or a block of addresses, which can result in wasting the unused IP addresses, and cause IP address management problems.

->There are two types of secondary VLANs:
•Isolated VLANs—Ports within an isolated VLAN cannot communicate with each other at the Layer 2 level.
•Community VLANs—Ports within a community VLAN can communicate with each other but cannot communicate with ports in other communities at the Layer 2 level.

->An isolated port sends a broadcast only to the promiscuous ports or trunk ports.

->A community port sends a broadcast to all promiscuous ports, trunk ports, and ports in the same community VLAN.

->A promiscuous port sends a broadcast to all ports in the private VLAN (other promiscuous ports, trunk ports, isolated ports, and community ports).

->If you try to configure a VLAN with an active SVI as a secondary VLAN, the configuration is not allowed until you disable the SVI.

->If you try to create an SVI on a VLAN that is configured as a secondary VLAN and the secondary VLAN is already mapped at Layer 3, the SVI is not created, and an error is returned. If the SVI is not mapped at Layer 3, the SVI is created, but it is automatically shut down.

->VTP version 1 and 2 do not propagate private-VLAN configuration. You must configure private VLANs on each device where you want private-VLAN ports unless the devices are running VTP version 3.

->You cannot configure VLAN 1 or VLANs 1002 to 1005 as primary or secondary VLANs. Extended VLANs (VLAN IDs 1006 to 4094) can belong to private VLANs

->Sticky ARP
–Sticky ARP entries are those learned on SVIs and Layer 3 interfaces. They entries do not age out.
–The ip sticky-arp global configuration command is supported only on SVIs belonging to private VLANs

->Use the vlan dot1q tag native global configuration command to configure the edge switch so that all packets going out an IEEE 802.1Q trunk, including the native VLAN, are tagged.

->A switch stack appears as a single spanning-tree node to the rest of the network, and all stack members use the same bridge ID.

->When you enable MST by using the spanning-tree mode mst global configuration command, RSTP is automatically enabled.

->The Catalyst 3560-E switch supports up to 65 MST instances. The number of VLANs that can be mapped to a particular MST instance is unlimited.

->BPDU Filter command prevents interfaces that are in a Port Fast-operational state from sending or receiving BPDUs. The interfaces still send a few BPDUs at link-up before the switch begins to filter outbound BPDUs.

->You can use the SPAN or RSPAN destination port to inject traffic from a network security device.

Monday, April 11, 2011

Switching.. Bullet points

-> The VLAN configurations for VLAN IDs 1 to 1005 are saved in the VLAN
database. Extended-range VLANs are not added to the VLAN database but are saved in the configuration and are creatable only if switch is in transparent mode

->If an access port receives a tagged packet (Inter-Switch Link [ISL] or IEEE 802.1Q tagged) for the VLAN assigned to the port, the packet is forwarded. If the port receives a tagged packet for another VLAN, the packet is dropped, the source
address is not learned, and the frame is counted in the No destination statistic.

->Native (non-tagged) frames received from an ISL trunk port are dropped.

->The SMI supports static routing and RIP; for more advanced routing, you must have the EMI installed on your switch.

->If a link within the EtherChannel fails, traffic previously carried over the ailed link changes to the remaining links.

->Most protocols operate over either single ports or aggregated switch ports and
do not recognize the physical ports within the port group. Exceptions are the DTP, the Cisco Discovery Protocol (CDP), and the Port Aggregation Protocol (PAgP), which operate only on physical ports.

->For Layer 3 interfaces, you manually create the logical interface by using the
interface port-channel global configuration command. For Layer 2 interfaces, the logical interface is dynamically created.

->The switch supports 128 spanning-tree instances. Depending on the topology of
the network, this could create a loop in the new VLAN. You can prevent this
possibility by setting allowed lists on the trunk ports of switches that have used up their allocation of spanning-tree instances. Configuring the IEEE 802.1S Multiple STP (MSTP) on your switch to map multiple VLANs to a single STP instance is also recommended.

->The configurations of VLAN IDs 1 to 1005 are always saved in the VLAN database (vlan.dat file). If VTP mode is transparent, they are also saved in the switch running configuration file.

->When you delete a VLAN from a switch that is in VTP server mode, the VLAN is removed from the VLAN database for all switches in the VTP domain.

->You cannot include extended-range VLANs in the pruning eligible range.

->Each routed port on a Catalyst 3550 switch creates an internal VLAN for its use. These internal VLANs use extended-range VLAN numbers If you try to create an extended-range VLAN with a VLAN ID that is already allocated as an internal VLAN, an error message is generated, and the command is rejected.

->we recommend that you create extended-range VLANs beginning from the highest number (4094) and moving to the lowest (1006) to reduce the possibility of using an internal VLAN ID.

->Before configuring extended-range VLANs, enter the show vlan internal usage privileged EXEC command to see which VLANs have been allocated as internal VLANs.

->If necessary, you can shut down the routed port assigned to the internal VLAN, which frees up the internal VLAN, and then create the extended-range VLAN and re-enable the port, which then uses another VLAN as its internal VLAN.

->Make sure the native VLAN for an IEEE 802.1Q trunk is the same on both ends of the trunk link. If the native VLAN on one end of the trunk is different from the native VLAN on the other end, spanning-tree loops might result.

->We recommend that you configure no more than 24 trunk ports in PVST+ mode and no more than 40 trunk ports in MST mode.

->If you try to enable IEEE 802.1X on a trunk port, an error message appears, and IEEE 802.1X is not enabled. If you try to change the mode of an IEEE 802.1X-enabled port to trunk, the port mode is not changed.

->To reduce the risk of spanning-tree loops or storms, disable VLAN 1 on trunk port by removing from the allowed list(known as VLAN1 minimization). As a result, no user traffic, including spanning-tree advertisements, is sent or received on VLAN 1.

->If a packet has a VLAN ID that is the same as the outgoing port native VLAN ID, the packet is sent untagged; otherwise, the switch sends the packet with a tag.