Tag: CCNP

CCNP Switch – SPAN/RSPAN

SPAN or Switched Port Analyzer, tells the switch to send a copy of frames out of another switch port. This is usually used for traffic sniffers (Wireshark for example).

To set this up:

SW1(config)#monitor session 1 source int fa 1/0/1 (This is the switch port that we want to monitor)

SW1(config)#monitor session 1 dest int fa 1/0/12 (This is where the copy of the frames will be sent)

Along with monitoring a single interface, we can also monitor an entire VLAN’s traffic.

SW1#show monitor

show monitor

RSPAN

RSPAN (Remote Switched Port Analyzer) is the same as SPAN, only it gives you the ability to have the copied frames sent to a port that is not on the local switch.

RSPAN

With RSPAN, you need to create a VLAN that will be used to carry the copied frames.

 SW1(config)#vlan 50

SW1(config-if)#name RSPAN

SW1(config-if)#remote-span

SW1(config-if)#exit

Now that we have a VLAN created for RSPAN, this can be used as a destination to send the copied frames too.

SW1(config)#monitor session 2 source int fa 1/0/1

SW1(config)#monitor sessions 2 dest remote vlan 50

Now we need to set this up on the remote switch. Ensure that the vlan exists on the remote switch.

SW2(config)#monitor sessions 3 source remote vlan 50

SW2(config)#monitor session 3 dest int fa 0/7

 

 

 

CCNP Switch – UDLD

Unidirectional Link Detection (UDLD) is typically used on Fibre connections. As there will usually be two fibre strands for each connection (one for sending and one for receiving), the switch or router will have not know if one of the links are damaged. Due to them being one way links.

UDLD is a layer 2 technology that allows the two end points to communicate with each other using a Well-Known MAC address.

UDLD Well-Known MAC address = 01:00:0C:CC:CC:CC

UDLD Messages are usually sent around every 15 seconds and the device will expect to see the message returned.

If the device receives no return reply, then it will put the port into the ‘err-disabled’ state.

There are two modes that UDLD can be configured as:

  • Normal – Marks port as ‘Undetermined state’ and generates a syslog message.
  • Aggressive – Sends UDLD message every second for 8 seconds. If no reply after this point, the port will be put into ‘err-disabled’ state. (This is the recommended mode)

To configure this:

SW1(config)#udld aggressive

This turns UDLD globally, but only enables on fibre ports.

You can also turn this on, on a port by port basis by using the below:

SW1(config)#int fa 0/1

SW1(config-if)#udld port aggressive

To look at all ports and their UDLD status:

SW1#show udld

To reset all ports after recovery:

SW1#udld reset

CCNP Switch – SDM Templates

Switch Database Management  (SDM) Templates, are collections of settings that can allocate a switches resources (e.g. TCAM resources) in different ways, depending on the role and how we’re going to be using that switch.

This includes preferences for more VLAN’s, to be able to learn more MAC addresses, or to perform routing.

To view the current SDM template, type following show command:

SW1#show sdm prefer

show sdm prefer

If you wish to change the current SDM template, you’d need to issue the following commands:

SW1#conf t

SW1(config)#sdm prefer ?

You’ll then be presented with the following options to choose from:

sdm prefer

  • Access – Access layer switch that can learn many VLAN’s but not do much routing
  • Default – Balanced setup
  • Dual IPv4 and IPv6 – Support for both IPv4 and IPv6 (Use this if you want to support dual stack routing of both IPv4 and IPv6)
  • Routing – This would be a good setting to use at a distribution or core layer switch, that needs to keep track of multiple routes (remember, this setting does not include IPv6)
  • VLAN – Tells the switch to allocate most resources to Layer 2 Unicasts and many many MAC addresses

To enable IPv6 dual stack:

SW1(config)#sdm prefer dual-ipv4-and-ipv6 default

sdm reload

The changes will only take effect, once the switch has been reloaded.

ipv6 sdm

As you can see from the above, IPv6 is now supported. Well, at least it will be after issuing the below command:

SW1(config)#ipv6 unicast-routing

To show the current TCAM utilization, issue the command:

SW1#show platform tcam utilization

platform untilisation

Before using SDM templates, Cisco recommends that we try and optimize the switch. Examples of this would be to reduce the amount of ACL’s or QoS policies we have running.

 

CCNP Switch – Layer 2 vs. Multilayer switches

Firstly the MAC address structure is split in two and looks like follows:

Organisationally Unique Identifier (OUI) | Assigned by the Vendor

Layer 2 forwarding is performed by looking at the CAM (Content Addressable Memory) table. The MAC address is added into the CAM table, once a frame is received on a port of the switch. As the CAM table is populated, the switch can forward frames only to the device that needs it, based on the information found in the CAM table. If the destination MAC is not known by the switch, the frame will be flooded out of all ports, except the port on which it was received.

There is also a TCAM table – This works in the same way as the CAM table, but holds things like security ACL’s and Quality of service ACL’s.

A TCAM table is a table which can be queried using values of 0, 1, or x, where x is a ‘don’t care’ bit. Ternary means it can use three values.

This allows the switch to make very fast decisions, based on:

  • Where should the frame be forwarded?
  • Should the frame be forwarded?
  • With what QoS treatment should the frame be forwarded?

Layer 3 Switches

Layer 3 switches can make forwarding decisions based upper-layer information, such as IP addresses, alongside the typical layer 2 switch functionality.

They still have the CAM and TCAM tables, but in addition to this, they have the FIB (Forwarding Information Base), which forwards packets based on layer 3 information.

Cisco Express Forwarding (CEF) is a packet switching technology that makes forwarding decisions using two tables, the FIB and the Adjacency table.

A Layer 3 switch will still make the same decisions based on:

  • Where should the frame be forwarded?
  • Should the frame be forwarded?
  • With what QoS treatment should the frame be forwarded?

Switches use Application Specific Integrated Circuits (ASIC’s) – This is a high speed integrated circuit designed for a specific purpose (for example, frame forwarding).

Switches can have multiple TCAM tables for different ACL’s (inbound, outbound etc). This allows the switch to do parallel processing.