Monday, November 9, 2009

CCNA3 Chap 4-7 Note

Chapter 4 VTP

The switch can be configured in the role of a VTP server or a VTP client. VTP only learns about normal-range VLANs (VLAN IDs 1 to 1005). Extended-range VLANs (IDs greater than 1005) are not supported by VTP.

VTP stores VLAN configurations in the VLAN database called vlan.dat.

A router or Layer 3 switch defines the boundary of each domain.

VTP Modes- A switch can be configured in one of three modes: server, client, or transparent.

VTP clients function the same way as VTP servers, but you cannot create, change, or delete VLANs on a VTP client.

VTP Transparent-Transparent switches forward VTP advertisements to VTP clients and VTP servers. Transparent switches do not participate in VTP. VLANs that are created, renamed, or deleted on transparent switches are local to that switch only.

VTP Pruning-VTP pruning increases network available bandwidth by restricting flooded traffic to those trunk links that the traffic must use to reach the destination devices. Without VTP pruning, a switch floods broadcast, multicast, and unknown unicast traffic across all trunk links within a VTP domain even though receiving switches might discard them.

VTP server mode is the default mode for a cisco switch

A switch can be a member of only one VTP domain at a time. Until the VTP domain name is specified you cannot create or modify VLANs on a VTP server, and VLAN information is not propagated over the network.

a VTP frame is encapsulated as an 802.1Q frame

Each time a VLAN is added or removed, the configuration revision number is incremented.

Note: A VTP domain name change does not increment the revision number. Instead, it resets the revision number to zero.

Summary advertisements are sent:

Every 5 minutes by a VTP server or client to inform neighboring VTP-enabled switches of the current VTP configuration revision number for its VTP domain
Immediately after a configuration has been made

Request Advertisements

When a request advertisement is sent to a VTP server in the same VTP domain, the VTP server responds by sending a summary advertisement and then a subset advertisement.

Request advertisements are sent if:

-The VTP domain name has been changed
-The switch receives a summary advertisement with a higher configuration revision number than its own
-A subset advertisement message is missed for some reason
-The switch has been reset

Summary advertisements comprise the majority of VTP advertisement traffic.

You need to enable pruning on only one VTP server switch in the domain.

VTP server: Confirm that all of the switches you are going to configure have been set to their default settings.

As on the VTP server switch, confirm that the default settings are present.

Configure VTP client mode. Recall that the switch is not in VTP client mode by default. You have to configure this mode.

///////////////////////////////////////////

Chap 5 STP


Redundancy is the solution for achieving the necessary availability.

For broadcast frame,if there is more than one path for the frame to be forwarded out, it can result in an endless loop.

Network loops that are a result of accidental duplicate connections in the wiring closets are a common occurrence.

STP ensures that there is only one logical path between all destinations on the network by intentionally blocking redundant paths that could cause a loop.

If the path is ever needed to compensate for a network cable or switch failure, STP recalculates the paths and unblocks the necessary ports to allow the redundant path to become active.

The switch with the lowest BID automatically becomes the root bridge for the STA calculations.

the BID is made up of a priority value, an extended system ID, and the MAC address of the switch.

After a switch boots, it sends out BPDU frames containing the switch BID and the root ID every 2 seconds.

The root ID identifies the root bridge on the network. Initially, each switch identifies itself as the root bridge after bootup.

Although switch ports have a default port cost associated with them, the port cost is configurable.

spanning-tree cost value
spanning-tree cost 25

no spanning-tree cost //revert back

STP determines a root bridge for the spanning-tree instance by exchanging BPDUs.

This frame has a destination MAC address of 01:80:C2:00:00:00, which is a multicast address for the spanning-tree group.

When a switch first boots, the root ID is the same as the bridge ID. However, as the election process occurs, the lowest bridge ID replaces the local root ID to identify the root bridge switch

During BPDU process, root ID will change. But bridge ID wont change.

The default value for the priority of all Cisco switches is 32768. The priority range is between 1 and 65536; therefore, 1 is the highest priority.

When two switches are configured with the same priority and have the same extended system ID, the switch with the MAC address with the lowest hexadecimal value has the lower BID. Initially, all switches are configured with the same default priority value. The MAC address is then the deciding factor on which switch is going to become the root bridge.

The root port exists on non-root bridges and is the switch port with the best path to the root bridge. Root ports forward traffic toward the root bridge.

Only one root port is allowed per bridge.

For root bridges, all switch ports are designated ports. For non-root bridges, a designated port is the switch port that receives and forwards frames toward the root bridge as needed.

spanning-tree port-priority value

The port priority values range from 0 - 240, in increments of 16. The default port priority value is 128. As with bridge priority, lower port priority values give the port higher priority.

When two switches are connected to the same LAN segment, and root ports have already been defined, the two switches have to decide which port gets to be configured as a designated port and which one is left as the non-designated port

the switch with the lower BID has its port configured as a designated port, while the switch with the higher BID has its port configured as a non-designated port.

The port ID is appended to the port priority. For example, switch port F0/1 has a default port priority value of 128.1, where 128 is the configurable port priority value, and .1 is the port ID. Switch port F0/2 has a port priority value of 128.2, by default.

During a topology change, a port temporarily implements the listening and learning states for a specified period called the "forward delay interval."

switch diameter is the number of switches a frame has to traverse to travel from the two farthest points on the broadcast domain. A seven-switch diameter is the largest diameter that STP permits because of convergence times.

When a switch port configured with PortFast is configured as an access port, that port transitions from blocking to forwarding state immediately, bypassing the typical STP listening and learning states.

To understand the convergence process more thoroughly, it has been broken down into three distinct steps:

Step 1. Elect a root bridge

Step 2. Elect root ports

Step 3. Elect designated and non-designated ports

the show spanning-tree output for switch S1 reveals that it is the root bridge. You can see that the BID matches the root ID, confirming that S1 is the root bridge.

The max age delay of 20 seconds provides enough time for the seven-switch diameter with the 2-second hello timer between BPDU frame transmissions.

When a switch needs to signal a topology change, it starts to send TCNs on its root port. The TCN is a very simple BPDU that contains no information and is sent out at the hello time interval.

The receiving switch is called the designated bridge and it acknowledges the TCN by immediately sending back a normal BPDU with the topology change acknowledgement (TCA) bit set.

PVST+ a network can run an STP instance for each VLAN in the network. With PVST+, more than one trunk can block for a VLAN and load sharing can be implemented.

However, you can set the switch priority for the specified spanning-tree instance. This setting affects the likelihood that this switch is selected as the root switch. A lower value increases the probability that the switch is selected. The range is 0 to 61440 in increments of 4096. For example, a valid priority value is 4096x2 = 8192. All other values are rejected.

RSTP does not have a blocking port state. RSTP defines port states as discarding, learning, or forwarding.

RSTP speeds the recalculation of the spanning tree when the Layer 2 network topology changes.

For RSTP,
Protocol information can be immediately aged on a port if hellos are not received for three consecutive hello times, 6 seconds by default, or if the max age timer expires.

An RSTP edge port is a switch port that is never intended to be connected to another switch device. It immediately transitions to the forwarding state when enabled.

Root ports, althernate and backup ports do not use the link type parameter. Designated ports make the most use of link

1 designed port per segment
1 root port per switch
1 root bridge per network

Althernate port
-present on non-designated switches and will make a transition to a designed port if the current designated path fails

Backup port
-redundant link to the segment

RSTP significantly speeds up the recalculation process after a topology change, because it converges on a link-by-link basis and does not rely on timers expiring before ports can transition. Rapid transition to the forwarding state can only be achieved on edge ports and point-to-point links.

Do not leave it up to the STP to decide which bridge is root.

STP Failure scenerio
Most spanning free algorithm failures occus due to excessive losses of BPDUs causing blocked ports to transition to forwarding mode. Broadcast sotrm occurring

BPDU guard disables a PortFast-configured port or interface if the

Using the original IEEE 802.1D spanning-tree protocol involves a convergence time of up to 50 seconds. RSTP reduces convergence time to approximately 6 seconds or less.port or interface receives a BPDU.

PVST - supprt ISL trunking and load balance
PVST+ -support RPDUguards
RSTP - incorporated into 802.1D; supports BackboneFast, Uplinkfast and PortFast
rapid PVST+ - based on IEEE802.1w

/////////////////////////////////////////////

Chap 6 Inter-VLAN routing


"Router-on-a-stick" is a type of router configuration in which a single physical interface routes traffic between multiple VLANs on a network

Subinterfaces are multiple virtual interfaces, associated with one physical interface.

These subinterfaces are configured in software on a router that is independently configured with an IP address and VLAN assignment to operate on a specific VLAN.

Traditional routing requires routers to have multiple physical interfaces to facilitate inter-VLAN routing.

Functionally, the router-on-a-stick model for inter-VLAN routing is the same as using the traditional routing model, but instead of using the physical interfaces to perform the routing, subinterfaces of a single interface are used.

Subinterfaces require the switch port to be configured as a trunk port so that it can accept VLAN tagged traffic

To configure switch port F0/5 as a trunk port, execute the switchport mode trunk command in interface configuration mode on the F0/5 interface. You cannot use the switchport mode dynamic auto or switchport mode dynamic desirable commands because the router does not support dynamic trunking protocol.

troubleshooting
1.verify vlan assigning in switch
2.verify switchport mode, (switch --> router must in trunk mode for subinterface to work)
3.wrong VLAN setting in router ( encapsulation bla bla)
4. ip adress and subnet mask

Each interface, or subinterface, needs to be assigned an IP address that corresponds to the subnet for which it is connected

//////////////////////////////////////////////

Chap 7 Wireless

You should be aware that when a standard uses OFDM, it will have faster data rates.

The ITU-R regulates the allocation of the RF spectrum and satellite orbits.

The IEEE developed and maintains the standards for local and metropolitan area networks with the IEEE 802 LAN/MAN family of standards

The Wi-Fi Alliance is an association of vendors whose objective is to improve the interoperability of products that are based on the 802.11 standard by certifying vendors for conformance to industry norms and adherence to standards.

-ITU-R regulates allocation of RF bands.
-IEEE specifies how RF is modulated to carry information.
-Wi-Fi ensures that vendors make devices that are interoperable.

an access point converts the TCP/IP data packets from their 802.11 frame encapsulation format in the air to the 802.3 Ethernet frame format on the wired Ethernet network.

Imagine two client stations that both connect to the access point, but are at opposite sides of its reach. If they are at the maximum range to reach the access point, they will not be able to reach each other. This knowns as hidden nodes

One means of resolving the hidden node problem is a CSMA/CA feature called request to send/clear to send (RTS/CTS).

When RTS/CTS is enabled in a network, access points allocate the medium to the requesting station for as long as is required to complete the transmission.

The wireless network mode refers to the WLAN protocols: 802.11a, b, g, or n.

When a Linksys access point is configured to allow both 802.11b and 802.11g clients, it is operating in mixed mode.


A shared service set identifier (SSID) is a unique identifier that client devices use to distinguish between multiple wireless networks in the same vicinity. Several access points on a network can share an SSID

Beacons - Frames used by the WLAN network to advertise its presence. (advertised by access point)
Probes - Frames used by WLAN clients to find their networks.

The common distribution system allows multiple access points in an ESS to appear to be a single BSS.

The attacker, using a PC as an access point, can flood the BSS with clear-to-send (CTS) messages, which defeat the CSMA/CA function used by the stations. The access points, in turn, flood the BSS with simultaneous traffic, causing a constant stream of collisions.

This login process is managed by the Extensible Authentication Protocol (EAP). EAP is a framework for authenticating network access


SSID cloaking - Disable SSID broadcasts from access points
MAC address filtering - Tables are manually constructed on the access point to allow or disallow clients based on their physical hardware address
WLAN security implementation - WPA or WPA2

Various types of PSKs are as follows:

PSK or PSK2 with TKIP is the same as WPA
PSK or PSK2 with AES is the same as WPA2
PSK2, without an encryption method specified, is the same as WPA2

Multiple access points that share a service set identifier combine to form an extended service set.

wireless NIC - encodes a data stream onto a RF signal

2 comments: