Day6 Notes-1

Vlan Routing
============
- vlans are used to separate a large broadcast domain into multiple broadcast
domains
- however, the broadcast domains cannot communicate with each other without
routing
- hence, vlan routing is required
Two types of vlan routing solutions:
a) Router on a stick solution
- a dedicated Layer 3 router and layer 2 switch are used to connect each other
over a trunk link
- the router uses a single port to connect to a switch trunk port
- it is not scalable because the router's port can be at bottleneck
b) Layer 3 switching
- only a Layer 3 switch required with vlan interfaces serve as routed ports
- scalable due to no bottleneck on a port performance
Configuration command:
--------------------a) Router
-----int gi0/0/0
ip address 10.1.1.1 24
undo shutdown
int gi0/0/0.11
dot1q termination vid 11
ip address 10.1.11.1 24
int gi0/0/0.12
dot1q termination vid 12
ip address 10.1.12.1 24
Switch
------vlan 11
vlan 12
int gi0/0/1
port link-type trunk
port trunk allow-pass vlan all
b) L3 Switch
--------vlan 11
vlan 12
int vlan 11
ip address 10.1.11.1 24
int vlan 12
ip address 10.1.12.1 24
Reminder: No router is required for this solution for the Vlan routing.
Virtual Router Redundancy Protocol (VRRP)
=========================================
- VRRP provides gateway redudancy for routing clients; preventing single point of
failure for gateway solution
- VRRP can be configured to provide load balance for gateway load sharing when
network size grows
- clients need to point to the ip address of the virtual router to use the
redundant service
- master router of the VRRP group serves the client traffic
- backup/slave router listens and monitors the heartbeat of the master router in
VRRP
Page 1

Day6 Notes-1
VRRP characteristics:
---------------------- VRRP group is created for the router members
- one master is selected the rest are backup or slaves
- VRRP ip address can be set to unique address from the physical routers or used
any one of the physical routers' address
Example:
VRRP 1
Router A
ip address: 10.1.1.1/24

Router B
10.1.1.2/24

VRRP Address
Option (i)
Option (ii)

10.1.1.3/24
10.1.1.1 or 10.1.1.2

Implications when VRRP address set to

Option (i), master router is selected based on the HIGHEST VRRP priority of the
group
- configurable VRRP priority is in the range of 1 - 254
- VRRP priority 0 and 255 are reserved
Option (ii), master router is selected based on the owner of VRRP group. VRRP
owner is the router in which his ip address is the same as the VRRP ip address
and it reserves its priority to 255.
Note: Owner of the VRRP group assumes VRRP priority 255 (fixed)
Assumption:
RouterA is configured with VRRP priority 254 and its address 10.1.1.1 while
RouterB is configured with address 10.1.1.2. VRRP group address is set 10.1.1.2.
Which router becomes master?
- RouterB
Why?
- RouterB is assumed priority 255 automatically when powered up. RouterB is the
owner.
Note: Default VRRP priority for all routers is 100.
Example of Configuration:
------------------------RouterA:
- RouterA serves a master router in VRRP group 1
- both routers back up each other in both VRRP groups
-----------------------------------------------int gi0/0/0
description connected to user segment for gateway
ip address 10.1.0.1 23
undo shutdown
vrrp vrid 1 virtual-ip 10.1.0.3
vrrp vrid 1 priority 250
vrrp vrid 1 preempt
vrrp vrid 1 track s0/0/0 reduced 160
vrrp vrid 1 track s0/0/1 reduced 160
vrrp
vrrp
vrrp
vrrp

vrid
vrid
vrid
vrid

2
2
2
2

virtual-ip 10.1.1.3
preempt
track s0/0/0 reduced 50
track s0/0/1 reduced 50

int s0/0/0
description connected to Public Internet
link-protocol ppp
ip address 202.190.109.5 30
undo shutdown
int s0/0/1
description connected to Intranet via VPN
link-protocol ppp
Page 2

Day6 Notes-1
ip address 199.190.15.23 24
undo shutdown
RouterB:
- RouterB serves as a master router in VRRP 2
- both routers back up each other in both VRRP groups
--------------------------------------------int gi0/0/0
description connected to user segment for gateway
ip address 10.1.0.2 23
undo shutdown
vrrp vrid 1 virtual-ip 10.1.0.3
vrrp vrid 1 preempt
vrrp vrid 1 track s0/0/0 reduced 50
vrrp vrid 1 track s0/0/1 reduced 50
vrrp
vrrp
vrrp
vrrp
vrrp

vrid
vrid
vrid
vrid
vrid

2
2
2
2
2

virtual-ip 10.1.1.3
priority 250
preempt
track s0/0/0 reduced 160
track s0/0/1 reduced 160

int s0/0/0
description connected to Public Internet
link-protocol ppp
ip address 202.190.188.11 30
undo shutdown
int s0/0/1
description connected to Intranet via VPN
link-protocol ppp
ip address 202.188.0.123 24
undo shutdown
Spanning Tree Protocol (STP)
============================
Redundant switched network without STP process will cause the following problems:
Symptons of Switching Loops
a) Instability of the MAC address table
b) Heavy broadcast storm
c) Network congestion
- STP is designed to prevent switching loops in redundant switched network
topology while maintaining physical link redundancy
- STP is defined in IEEE 802.3d, Rapid STP defined in 802.3w
Operational Rules of STP
-----------------------i) One ROOT switch per switched network
- root switch is the master switch that controls the topology of the redundant
switched networks
ii) One ROOT port per non-root switch
- root port is the port with the lowest path cost to the root switch (best port
to forward traffic to the root switch)
iii) One Designated port per switch link
- a designated port is the switch port where data traffic will be designated to
iv) One alternate port is blocking the user traffic from looping in the switched
networks
Port Roles in STP
----------------a) Root port
b) Designated port
c) Alternate port
Port State in STP process
------------------------i) Forwarding
Page 3

Day6 Notes-1
- user and BPDU traffic forwarding & processing goes on as normal (everything
works !)
ii) Blocking/Standby/Discarding
- NO user traffic; no learning of MAC address, receive and process BPDu but not
sending BPDU
iii)Listening
- no user data traffic pass, no learning of MAC address but BPDU process and
exchange (send/receive) go on
iv) Learning
- no user data traffic, learning MAC address, process and exchange of BPDU go on
v) Disabled
- port is in disconnected mode; no user traffic forwarded, no learning of MAC
addresses,NO BPDU exchange traffic (nothing happens)
How root switch is selected?
- Every switch has a unique bridge ID (switch/bridge ID)
- Bridge ID = Bridge Priority + System MAC Address
Note: By default, bridge priority is 32768 (configurable)
System MAC address is not configurable but unique
Switch priority can be modified from the value of Bridge
Priority
value which finally and manually determine the role of root switch selection.
- root switch is selected based LOWEST bridge ID (means lowest
bridge priority)
By default, root switch is selected based on the lowest system MAC address of the
switches (bcoz the bridge priority is the same for all)
IEEE defined path cost for each interface bandwidth/speed as follows:
Interface (speed)
path cost
------------------------10Mbps
100
100Mbps
19
1000Mbps
4
10000Mbps
2
Command:
--------stp enable
- enable STP process
- by default STP is enabled already on the switches
undo stp enable
- disable STP process
stp mode stp | rstp | mstp
- set and change STP mode (default is MSTP)
stp priority xxxx (xxxx can be 0 - 61440 in multiple of 4096)
- set STP priority to xxxx value
- lower the priority value, the higher is the preference for the switch to be
selected as root switch.
example of output:
[Sw3]display stp vlan 1
ProcessId
InstanceId
Port
Role State
---------------------------------------------------------------------0
0
GigabitEthernet0/0/1
DESI FORWARDING
0
0
GigabitEthernet0/0/2
DESI FORWARDING
[Sw3]display stp
-------[CIST Global
CIST Bridge
Config Times
Active Times
CIST Root/ERPC
CIST RegRoot/IRPC
CIST RootPortId
BPDU-Protection
TC or TCN received
TC count per hello
STP Converge Mode
Time since last TC

Info][Mode MSTP]------:32768.4c1f-cc6e-6aca
:Hello 2s MaxAge 20s FwDly 15s MaxHop 20
:Hello 2s MaxAge 20s FwDly 15s MaxHop 20
:32768.4c1f-cc07-0b17 / 1
:32768.4c1f-cc6e-6aca / 0
:128.1
:Disabled
:6
:0
:Normal
:0 days 0h:59m:6s
Page 4

Day6 Notes-1
Number of TC
:5
Last TC occurred
:GigabitEthernet0/0/1
----[Port1(GigabitEthernet0/0/1)][FORWARDING]---Port Protocol
:Enabled
Port Role
:Root Port
Port Priority
:128
- from the above info, you can see the root ID, switch ID and port role
CIST Root
:32768.4c1f-cc07-0b17 (root switch)
CIST Bridge
:32768.4c1f-cc6e-6aca (current switch ID)
Port1(GigabitEthernet0/0/1)
Port role
:Root Port
WAN Encapsulation with High-level Data Link Control Protocol (HDLC)
===================================================================
- WAN encapsulation protocol works in Data Link layer over serial interfaces
(serial links)
- HDLC does not provide authentication, compression nor encryption
- not practically being used nowadays (obsolete)
command:
link-protocol hdlc
IP Address UNNumbered
- loan ip address from loopback interfaces
command:
ip address unnumbered interface loopback 0
WAN Encapsulation with Point-to-Point (PPP) protocol
=====================================================
- PPP is a well-known WAN encapsulation protocol supports many kinds of networks
as leased lines, circuit switching networks as PSTN/ISDN with serial interfaces
- PPP works in Data Link layer as other encapsulation protocols as Ethernet,
Frame Relay, ATM, and X.25
- All Huawei router serial interfaces use PPP by default
- PPP carries functions in encapsulation, link compression, and peer
authentication with the following components:
a) PPP encapsulation
b) Link Control Protocol (LCP)
- responsible for link establishment, session negotiation and compression
(optional)
- it works with Data Link layer
- LCP supports link authentication with CHAP and PAP
- CHAP (Challenge Handshake Authentication Protocol) supports encrypted password
(three-way handshake) with MD5 encryption algorithm
- PAP (Password Authentication Protocol) supports plaintext password only; less
secure (two-way handshake)
- LCP uses ICMP (echo request/reply) to detect link state of the peer
c) Network Control Protocol (NCP)
- NCP is in charge of encapsulating network-layer protocols as IP and IPX
- NCP uses IPCP and IPXCP to negotiate for IP/IPX parameters before establishing
the layer 3 connection
- it works on Network layer
Configuration:
--------------int s0/0/0
link-protocol ppp
- set link encap with PPP
link-protocol hdlc
- set link encap with HDLC
PPP Address Dynamic Negotiation
-------------------------------R1:
int s1/0/0
link-protocol ppp
ip address 192.168.1.2 30
Page 5

Day6 Notes-1
remote address 192.168.1.1
R2:
int s1/0/0
link-protocol ppp
ip address ppp-negotiate
Verify the serial interface configuration
----------------------------------------[Router1]display interface s1/0/0
Serial1/0/0 current state : UP
Line protocol current state : UP
Last line protocol up time : 2014-05-20 10:47:38 UTC-05:13
Description:HUAWEI, AR Series, Serial1/0/0 Interface
Route Port,The Maximum Transmit Unit is 1500, Hold timer is 10(sec)
Internet Address is 192.168.1.1/30
Link layer protocol is PPP
LCP opened, IPCP opened
CHAP with MD5-encrypted password Authentication and IPCP Negotiation
----------------------------------------------R1: (Authenticator)
--aaa
local-user admin password cipher Hu@We1
local-user admin service-type ppp
int s1/0/0
link-protocol ppp
ip address 192.168.1.1 24
remote address 192.168.1.2
ppp authentication-mode chap
R2: (Authenticated)
--int s1/0/0
link-protocol ppp
ip address ppp-negotiate
ppp chap user admin
ppp chap password cipher Hu@We1

Page 6