%Access Layer% Archives %%page%%

Tag Archive for 'Access Layer'

Preparing a used switch for use

Published

on July 3, 2008

in BCMSN, Cabling and Equiptment, Certification, Cisco Systems, Concepts and Constructs, SSH, Telnet and VLAN

. 0 Comments

Console Port DS

Step 1: Connect a Workstation (PC or notebook) to the console port of the switch (shown above for Access layer-2 and Distribution layer-3 devices). This is the Cisco Blue cable that comes with the switches (generally a RJ-45 connector on one end and Serial connector on the other, dependant on the switch it was shipped with).

This will enable you to gain console access via Telnet or SSH into your switch. This is how configuration is done at the command line level (if you got this far without ever doing this, it’s a miracle you passed).

Step 2 elete the vlan.dat file

When in privaleged mode, you can type the following commands and delete the vlan.dat file
ASW1#delete vlan.dat Delete filename [vlan.dat]? Delete flash:vlan.dat? [confirm] ASW1#

Step 3 elete the startup-config file

After erasing the vlan.dat file all vlan information is gone, now the startup config file needs to be erased as this holds VTP, interface, passwords and other information that you want to get rid of to start the switch from scratch.

ASW1#erase startup-config Erasing the nvram filesystem will remove all configuration files! Continue? [confirm]? [OK] Erase of nvram: complete ASW1#

Step 4:Reload

After the above steps, it is now time to reload the switch

ASW1#reload System configuration has been modified. Save? [yes/no] no Proceed with reload?

Side Note

As a side note User-Defined VLAN setting is stored in a file on flash called vlan.dat (unix/linux based operating systems like Cisco IOS use case sensitive file naming unlike windows where a file called Aaa.dat and aaa.dat will be seen as identical.

If and when VLAN information is configured and created on a network, this vlan.dat file is used and information stored inside this file. To insert new kit or old kit into a networking (or lab) use the above steps to get rid of the file. If you have for some reason renamed the file using the below steps then you need to follow the below steps.

You can change the file-name where the vlan.dat is stored in the following way:

ASW1(config)#vtp file VLAN.dat

This command changes the vlan.dat file from vlan.dat (all lowercase) uppercase which is seen as different in IOS.

To then delete the file keep in mind that you have to keep the case sensitive spelling otherwise IOS will tell you the file doesn’t exist or delete the old file (vlan.dat) and not the new file where information is actually stored in. To delete the file:

ASW1#delete VLAN.dat

You can name the file anything you want and do pretty much anything you want on “your network”, just keep in mind that keeping things as standard and normal as possible means that if you leave your current job / position / contract the next person to work on that network is going to hate your guts if you went buck wild and creative setting up things in totally weird ways.

Notes and Notices:

This is a part of my personal BCMSN notes and research to assist myself in learning and understanding the concepts and theory for the BCMSN exam. I learn by making notes reading and writing things down and wish to file them where I can’t lose them. These notes are not to be seen, judged or mistaken for replacements to Cisco recognized and authorized training which I personally support and attend and suggest you undertake if you are going for the BCMSN Certification.

BCMSN Practical Lab Initial Config

Published

Deon Botha

on June 9, 2008

in BCMSN, Certification and Cisco Systems

. 0 Comments

The Topology

The above topology shows (from the top) a Distribution and Access switched network design with redundant links between Distribution switches and Distribution and Access Layers. Finally there are two attached end-devices (workstations).

The network is going to use the 192.168.1.0 network using the /24 (255.255.255.0) subnet thus allowing for 254 hosts on the network.

Lets say that the DSW switches are MLS switches for argument sake (I know the diagram doesn’t show it).

If you look at the colour key at the bottom you will find that each link colour combination represents a fastethernet port in this case. It’s a fairly simple Lab so its easy to have each link connected on Access Switch fe0/1 and then Distribution Switch fe0/1 on the other end.

I didn’t want to make much work for myself connecting things weird but you can do that by all means. All that means is that you really have to pay attention when you configure when Access Switch fe0/1 connects to Distribution Switch fe0/8 or something weird on one switch and then Access Switch fe0/5 connects to Distribution Switch fe0/12 on the other.

There is however still a catch to this lab layout, notice that from DSW1 to DWS2 the connections flip and the same applies to the ASW1 and ASW2 (meaning DSW1 fe0/1 connects to ASW1 while DSW2 fe0/1 connects to ASW2). Something that means I have to stay awake but not on my toes.

Initial Configuration

The initial configuration entails some things old (CCNA) and some one new command (not drastically new). I am going to go through what I am doing to practice for the exam and annotate the commands and generally what they do.

I am a weird Muppet, I want to know what and more importantly why something has to be used (probably the reason it takes me so long to study things). I can’t make sense of something unless I know command X is used to enable/do Y and relates to the theory in such and such a fashion for a particular reason.

Distribution Switch 1

Step 1: Setup the basics all of the following is CCNA level stuff and should easy if not second nature. This is to get the security and host name down before going onto the interface configuration.

Enter Privileged Mode switch>enable Enter Global Configuration Mode switch#configure terminal Change the hostname of the switch switch(config)#hostname DSW1 Enable secret and password DSW1(config)#enable secret ciscosystems DSW1(config)#enable password cisco Setup a local user database DSW1(config)#username admin@mydomain.com privilege 15 password cisco Setup the console port password DSW1(config)#line con 0 DSW1(config-line)#login local DSW1(config-line)#exit Setup the Virtual Teletype Terminal (VTY) Password DSW1(config)#line vty 0 4 DSW1(config-line)#password cisco DSW1(config-line)#login DSW1(config-line)#exit Setup the Auxiliary Password DSW1(config)#line aux 0 DSW1(config-line)#no exec DSW1(config-line)#exit

Step 2: Setup the management interface

Setup the default VLAN ip address from remote ip admin if there was a GUI and to Telnet to the switch DSW1(config)#interface vlan 1 DSW1(config-if)#ip address 192.168.1.1 255.255.255.0 DSW1(config-if)#no shut DSW1(config-if)#exit

Step 3: Setup other interfaces

Setup Fastethernet Interfaces DSW1(config)#interface fastethernet 0/1 DSW1(config-if)#description DSW1 - ASW1 DSW1(config-if)#speed 100 DSW1(config-if)#duplex auto DSW1(config-if)#no shut DSW1(config-if)#exit DSW1(config)#interface fastethernet 0/2 DSW1(config-if)#description DSW1 - ASW1 DSW1(config-if)#speed 100 DSW1(config-if)#duplex auto DSW1(config-if)#no shut DSW1(config-if)#exit DSW1(config)#interface fastethernet 0/3 DSW1(config-if)#description DSW1 - ASW2 DSW1(config-if)#speed 100 DSW1(config-if)#duplex auto DSW1(config-if)#no shut DSW1(config-if)#exit DSW1(config)#interface fastethernet 0/4 DSW1(config-if)#description DSW1 - ASW2 DSW1(config-if)#speed 100 DSW1(config-if)#duplex auto DSW1(config-if)#no shut DSW1(config-if)#exit DSW1(config)#interface fastethernet 0/11 DSW1(config-if)#description DSW1 - DSW2 DSW1(config-if)#speed 100 DSW1(config-if)#duplex auto DSW1(config-if)#no shut DSW1(config-if)#exit DSW1(config)#interface fastethernet 0/12 DSW1(config-if)#description DSW1 - DSW2 DSW1(config-if)#speed 100 DSW1(config-if)#duplex auto DSW1(config-if)#no shut DSW1(config-if)#exit

Alternatively use range command

Setup Fastethernet Interfaces DSW1(config)#interface fastethernet 0/1 DSW1(config-if)#description DSW1 - ASW1 DSW1(config-if)#exit DSW1(config)#interface fastethernet 0/2 DSW1(config-if)#description DSW1 - ASW1 DSW1(config-if)#exit DSW1(config)#interface fastethernet 0/3 DSW1(config-if)#description DSW1 - ASW2 DSW1(config-if)#exit DSW1(config)#interface fastethernet 0/4 DSW1(config-if)#description DSW1 - ASW2 DSW1(config-if)#exit DSW1(config)#interface range fastethernet 0/1 - 4 DSW1(config-if-range)#speed 100 DSW1(config-if-range)#duplex auto DSW1(config-if-range)#no shut DSW1(config-if-range)#exit DSW1(config)#interface fastethernet 0/11 DSW1(config-if)#description DSW1 - DSW2 DSW1(config-if)#exit DSW1(config)#interface fastethernet 0/12 DSW1(config-if)#description DSW1 - DSW2 DSW1(config-if)#exit DSW1(config)#interface range fastethernet 0/11 - 12 DSW1(config-if-range)#speed 100 DSW1(config-if-range)#duplex auto DSW1(config-if-range)#no shut DSW1(config-if-range)#exit

Step 4: Shut down non-used interfaces

Aministratively shut down all ports not connected DSW1(config)#interface range fastethernet 0/5 - 10 DSW1(config-if-range)#shut DSW1(config-if-range)#exit Exit Global Configuration Mode DSW1(config)#exit

Step 5: Check your work

Check that you named the interfaces correctly, havent missed out on a connected interface and that the duplex and speed setting are correct DSW1#show interfaces status show run the running configuration DSW1#show run

Step 6: Save your work

Copy the running configuration to the startup configuration. I got in the bad habbit to do this the other way around for a while (did it in an exam)... oops copy start run DSW1#copy run start

Distribution Switch 2

Enter Privelaged Mode switch>enable Enter Global Configuration Mode switch#configure terminal Change the hostname of the switch switch(config)#hostname DSW2 Enable secret and password DSW2(config)#enable secret cisco DSW2(config)#enable password cisco Setup a local user database DSW2(config)#username admin@mydomain.com privilege 15 password cisco Setup the console port password DSW2(config)#line con 0 DSW2(config-line)#login local DSW2(config-line)#exit Setup the Virtual Teletype Terminal (VTY) Password DSW2(config)#line vty 0 4 DSW2(config-line)#password cisco DSW2(config-line)#login DSW2(config-line)#exit Setup the Auxiliary Password DSW2(config)#line aux 0 DSW2(config-line)#no exec DSW2(config-line)#exit

Step 2: Setup the management interface

Setup the default VLAN ip address from remote ip admin if there was a GUI and to Telnet to the switch DSW2(config)#interface vlan 1 DSW2(config-if)#ip address 192.168.1.50 255.255.255.0 DSW2(config-if)#no shut DSW2(config-if)#exit

Step 3: Setup other interfaces

Setup Fastethernet Interfaces DSW2(config)#interface fastethernet 0/1 DSW2(config-if)#description DSW2 - ASW2 DSW2(config-if)#speed 100 DSW2(config-if)#duplex auto DSW2(config-if)#no shut DSW2(config-if)#exit DSW2(config)#interface fastethernet 0/2 DSW2(config-if)#description DSW2 - ASW2 DSW2(config-if)#speed 100 DSW2(config-if)#duplex auto DSW2(config-if)#no shut DSW2(config-if)#exit DSW2(config)#interface fastethernet 0/3 DSW2(config-if)#description DSW2 - ASW1 DSW2(config-if)#speed 100 DSW2(config-if)#duplex auto DSW2(config-if)#no shut DSW2(config-if)#exit DSW2(config)#interface fastethernet 0/4 DSW2(config-if)#description DSW2 - ASW1 DSW2(config-if)#speed 100 DSW2(config-if)#duplex auto DSW2(config-if)#no shut DSW2(config-if)#exit DSW2(config)#interface fastethernet 0/11 DSW2(config-if)#description DSW2 - DSW1 DSW2(config-if)#speed 100 DSW2(config-if)#duplex auto DSW2(config-if)#no shut DSW2(config-if)#exit DSW2(config)#interface fastethernet 0/12 DSW2(config-if)#description DSW2 - DSW1 DSW2(config-if)#speed 100 DSW2(config-if)#duplex auto DSW2(config-if)#no shut DSW2(config-if)#exit

Alternatively use range command

Setup Fastethernet Interfaces DSW2(config)#interface fastethernet 0/1 DSW2(config-if)#description DSW1 - ASW1 DSW2(config-if)#exit DSW2(config)#interface fastethernet 0/2 DSW2(config-if)#description DSW1 - ASW1 DSW2(config-if)#exit DSW2(config)#interface fastethernet 0/3 DSW2(config-if)#description DSW1 - ASW2 DSW2(config-if)#exit DSW2(config)#interface fastethernet 0/4 DSW2(config-if)#description DSW1 - ASW2 DSW2(config-if)#exit DSW2(config)#interface range fastethernet 0/1 - 4 DSW2(config-if-range)#speed 100 DSW2(config-if-range)#duplex auto DSW2(config-if-range)#no shut DSW2(config-if-range)#exit DSW2(config)#interface fastethernet 0/11 DSW2(config-if)#description DSW1 - DSW2 DSW2(config-if)#exit DSW2(config)#interface fastethernet 0/12 DSW2(config-if)#description DSW1 - DSW2 DSW2(config-if)#exit DSW2(config)#interface range fastethernet 0/11 - 12 DSW2(config-if-range)#speed 100 DSW2(config-if-range)#duplex auto DSW2(config-if-range)#no shut DSW2(config-if-range)#exit

Step 4: Shut down non-used interfaces

Aministratively shutdown all ports not connected DSW2(config)#interface range fastethernet 0/5 - 10 DSW2(config-if-range)#shut DSW2(config-if-range)#exit Exit Global Configuration Mode DSW2(config)#exit

Step 5: Check your work

Check that you named the interfaces correctly, havent missed out on a connected interface and that the duplex and speed setting are correct DSW2#show interfaces status show run the running configuration DSW2#show run

Step 6: Save your work

Copy the running configuration to the startup configuration. I got in the bad habbit to do this the other way around for a while (did it in an exam)... oops copy start run DSW2#copy run start

Access Switch 1

Enter Privelaged Mode switch>enable Enter Global Configuration Mode switch#configure terminal Change the hostname of the switch switch(config)#hostname ASW1 Enable secret and password ASW1(config)#enable secret cisco ASW1(config)#enable password cisco Setup a local user database ASW1(config)#username admin@mydomain.com privilege 15 password cisco Setup the console port password ASW1(config)#line con 0 ASW1(config-line)#login local ASW1(config-line)#exit Setup the Virtual Teletype Terminal (VTY) Password ASW1(config)#line vty 0 4 ASW1(config-line)#password cisco ASW1(config-line)#login ASW1(config-line)#exit Setup the Auxiliary Password ASW1(config)#line aux 0 ASW1(config-line)#no exec ASW1(config-line)#exit

Step 2: Setup the management interface

Setup the default VLAN ip address from remote ip admin if there was a GUI and to Telnet to the switch ASW1(config)#interface vlan 1 ASW1(config-if)#ip address 192.168.1.100 255.255.255.0 ASW1(config-if)#no shut ASW1(config-if)#exit

Step 3: Setup other interfaces

Setup Fastethernet Interfaces ASW1(config)#interface fastethernet 0/1 ASW1(config-if)#description ASW1 - DSW1 ASW1(config-if)#speed 100 ASW1(config-if)#duplex auto ASW1(config-if)#no shut ASW1(config-if)#exit ASW1(config)#interface fastethernet 0/2 ASW1(config-if)#description ASW1 - DSW1 ASW1(config-if)#speed 100 ASW1(config-if)#duplex auto ASW1(config-if)#no shut ASW1(config-if)#exit ASW1(config)#interface fastethernet 0/3 ASW1(config-if)#description ASW1 - DSW2 ASW1(config-if)#speed 100 ASW1(config-if)#duplex auto ASW1(config-if)#no shut ASW1(config-if)#exit ASW1(config)#interface fastethernet 0/4 ASW1(config-if)#description ASW1 - DSW2 ASW1(config-if)#speed 100 ASW1(config-if)#duplex auto ASW1(config-if)#no shut ASW1(config-if)#exit

Alternatively use the range command

Setup Fastethernet Interfaces ASW1(config)#interface fastethernet 0/1 ASW1(config-if)#description DSW1 - ASW1 ASW1(config-if)#exit ASW1(config)#interface fastethernet 0/2 ASW1(config-if)#description DSW1 - ASW1 ASW1(config-if)#exit ASW1(config)#interface fastethernet 0/3 ASW1(config-if)#description DSW1 - ASW2 ASW1(config-if)#exit ASW1(config)#interface fastethernet 0/4 ASW1(config-if)#description DSW1 - ASW2 ASW1(config-if)#exit ASW1(config)#interface range fastethernet 0/1 - 4 ASW1(config-if-range)#speed 100 ASW1(config-if-range)#duplex auto ASW1(config-if-range)#no shut ASW1(config-if-range)#exit

Step 4: This is where the ASW and the DSW switches differ. This connects to the Workstation end-point where the DSW switches use port 11/12 to provide failover for the distribution

Setup Fastethernet 0/12 for 10mbs half duplex as an access level end-point interface ASW1(config)#interface fastethernet 0/12 ASW1(config-if)#description ASW1 - PC1 ASW1(config-if)#speed 10 ASW1(config-if)#duplex half Make the port as an access port ASW1(config-if)#switchport mode access ASW1(config-if)#no shut ASW1(config-if)#exit

Step 5: Shut down non-used interfaces

Aministratively shutdown all ports not connected ASW1(config)#interface range fastethernet 0/5 - 11 ASW1(config-if-range)#shut ASW1(config-if-range)#exit Exit Global Configuration Mode ASW1(config)#exit

Step 5: Check your work

Check that you named the interfaces correctly, havent missed out on a connected interface and that the duplex and speed setting are correct ASW1#show interfaces status show run the running configuration ASW1#show run

Step 6: Save your work

Copy the running configuration to the startup configuration. I got in the bad habbit to do this the other way around for a while (did it in an exam)... oops copy start run ASW1#copy run start

Access Switch 2

Enter Privelaged Mode switch>enable Enter Global Configuration Mode switch#configure terminal Change the hostname of the switch switch(config)#hostname ASW2 Enable secret and password ASW2(config)#enable secret cisco ASW2(config)#enable password cisco Setup a local user database ASW2(config)#username admin@mydomain.com privilege 15 password cisco Setup the console port password Setup the console port password ASW2(config)#line con 0 ASW2(config-line)#login local ASW2(config-line)#exit Setup the Auxiliary Password ASW2(config)#line aux 0 ASW2(config-line)#no exec ASW2(config-line)#exit Setup the Virtual Teletype Terminal (VTY) Password ASW2(config)#line vty 0 4 ASW2(config-line)#password cisco ASW2(config-line)#login ASW2(config-line)#exit

Step 2: Setup the management interface

Setup the default VLAN ip address from remote ip admin if there was a GUI and to Telnet to the switch ASW2(config)#interface vlan 1 ASW2(config-if)#ip address 192.168.1.200 255.255.255.0 ASW2(config-if)#no shut ASW2(config-if)#exit

Step 3: Setup other interfaces

Setup Fastethernet Interfaces ASW2(config)#interface fastethernet 0/1 ASW2(config-if)#description ASW2 - DSW2 ASW2(config-if)#speed 100 ASW2(config-if)#duplex auto ASW2(config-if)#no shut ASW2(config-if)#exit ASW2(config)#interface fastethernet 0/2 ASW2(config-if)#description ASW2 - DSW2 ASW2(config-if)#speed 100 ASW2(config-if)#duplex auto ASW2(config-if)#no shut ASW2(config-if)#exit ASW2(config)#interface fastethernet 0/3 ASW2(config-if)#description ASW2 - DSW1 ASW2(config-if)#speed 100 ASW2(config-if)#duplex auto ASW2(config-if)#no shut ASW2(config-if)#exit ASW2(config)#interface fastethernet 0/4 ASW2(config-if)#description ASW2 - DSW1 ASW2(config-if)#speed 100 ASW2(config-if)#duplex auto ASW2(config-if)#no shut ASW2(config-if)#exit

Alternatively use the range command

Setup Fastethernet Interfaces ASW2(config)#interface fastethernet 0/1 ASW2(config-if)#description DSW1 - ASW1 ASW2(config-if)#exit ASW2(config)#interface fastethernet 0/2 ASW2(config-if)#description DSW1 - ASW1 ASW2(config-if)#exit ASW2(config)#interface fastethernet 0/3 ASW2(config-if)#description DSW1 - ASW2 ASW2(config-if)#exit ASW2(config)#interface fastethernet 0/4 ASW2(config-if)#description DSW1 - ASW2 ASW2(config-if)#exit ASW2(config)#interface range fastethernet 0/1 - 4 ASW2(config-if-range)#speed 100 ASW2(config-if-range)#duplex auto ASW2(config-if-range)#no shut ASW2(config-if-range)#exit

Step 4: This is where the ASW and the DSW switches differ. This connects to the Workstation end-point where the DSW switches use port 11/12 to provide failover for the distribution

Setup Fastethernet 0/12 for 10mbs half duplex as an access level end-point interface ASW2(config)#interface fastethernet 0/12 ASW2(config-if)#description ASW2 - PC2 ASW2(config-if)#speed 10 ASW2(config-if)#duplex half ASW2(config-if)#no shut Make the port as an access port ASW2(config-if)#switchport mode access ASW2(config-if)#exit

Step 5: Shut down non-used interfaces

Aministratively shutdown all ports not connected ASW2(config)#interface range fastethernet 0/5 - 11 ASW2(config-if-range)#shut ASW2(config-if-range)#exit Exit Global Configuration Mode ASW2(config)#exit

Step 5: Check your work

Check that you named the interfaces correctly, havent missed out on a connected interface and that the duplex and speed setting are correct ASW2#show interfaces status show run the running configuration ASW2#show run

Step 6: Save your work

Copy the running configuration to the startup configuration. I got in the bad habbit to do this the other way around for a while (did it in an exam)... oops copy start run ASW2#copy run start

For more information on Commands and why to use a command in a certain place check out the Cisco Command lookup tool (CCO Login required)

Cisco CDP

In a LAB or Real World (RW) situation you would telnet or console into Distribution Switch 1 (DSW1) and work from there. First off I am going to use CDP to discover the network topology. This is old work from the CCNA and useful if you (1) don’t know the network topology, (2) remote into a network to do work and need to hop from one device to another and need network information, (3) have a huge network and never bothered to document growth (ISPs), or (4) you are too lazy or there is a foot thick metal vault door between you and the kit and changing the console cable from one switch/router to another one isn’t going to happen.

The following command gives a basic table of information,
DSW1#show cdp neighbors
To get specific information use,
DSW1#show cdp neighbors detail
With that information you can then do something like this:
DSW1#telnet 192.168.1.50 Trying 192.168.1.50 ... Open User Access Verification Password:_ DSW2#

Terminology:

Two terms that I have been made aware of recently that I need to remember out-of-band management and in-band management.

Out-of-Band Management is the use of a dedicated channel for device maintenance. Example of this would be using the Console port (Serial) or maybe the Auxiliary port (modem – pots – offsite) for management purposes.

In-Band Management is the use of regular channels for device maintenance. Example of this would be using Ethernet for Console Access (when you change the IP Address the session ends).

Notes and Notices:

QoS and Voice Traffic

Published

Deon Botha

on May 22, 2008

in AutoQoS, BCMSN, Certification, Cisco Systems, CoS, Concepts and Constructs, NBAR, QoS and Trunk

. 0 Comments

Definitions

ingress: arrives/come in/enter

egress: leaving/exit/to go

Its the new words of the day so its going to be used alot

Introduction

Regardless of the speed of individual switches (slower/older vs. faster/newer switches) or links (10/100), speed mismatches (ingress 1000/egress 100), many-to-one switching fabrics(multiple access layer switches into a distribution layer switch), and aggregation (multiple devices communicating through a single connection or to a single device or server) may cause a device to experience congestion, which can result in latency that result in dropped packets.

If and inevitably when congestion occurs (I have heard of enterprise pay-rolls that cause certain amounts of congestion on a network at the end of each month) and congestion management features are not in place (QoS, load balancing on servers, etc) then some packets will be dropped, causing retransmission (TCP) that inevitably increase overall network load and if voice and video are on the network (UDP) the inevitable will be angry employees. QoS can to an extent mitigate latency caused by congestion.

QoS is implemented by classifying and marking traffic at one device while allowing other devices to prioritize or to queue the traffic according to those marks applied to individual frames or packets.

LAN-Based Classification and Marking of Traffic

Classification and marking of traffic is the process of identifying traffic for prioritization as that traffic moves across the network. Traffic is classified by examining information at various layers of the Open Systems Interconnection (OSI) model. IP traffic can be classified according to any values configurable in an access control list (ACL) or any of these layers:

Layer-2 parameters: MAC Address, Multiprotocol Label Switching (MPLS), ATM Cell Loss Priority (CLP) bit, Frame Relay discard eligible (DE) bit, ingress interface
Layer-3 parameters: IP precedence, DiffServ Code Point (DSCP), QoS group, IP Address, ingress interface
Layer-4 parameters: TCP or User Datagram Protocol (UDP) ports, ingress interface
Layer-7 parameters: Application signature, ingress interface

QoS marks (values) establish priority levels (priority classes of service) for network traffic as it is processed by each switch (Access, Distribution, or Core). Once traffic is marked with a QoS value, then QoS policies on switches and interfaces will handle traffic accordingly at the frame and packet level. As a result of classification and marking, traffic will be prioritized accordingly at each switch to ensure that delay-sensitive traffic receives priority processing (voice, video) while non-delay sensitive data traffic waits it’s turn as each switch manages congestion, delay, and bandwidth allocation.

Layer-2 Qos

QoS layer-2 classification occurs by examining information in the Ethernet or 802.1Q header (trunking), like destination MAC Address, Virtual Local Area Network (VLAN) ID. QoS layer-2 markings occur in the priority field of the 802.1q header (LAN layer-2 headers have no place for this so 802.1Q encapsulation must occur). The priority field is 3 bits long (a.k.a 802.1p User Priority or class of Service (CoS) value).

The 3-bit Priority field can carry a value of 1 to 7; 1 is associated with delay tolerant traffic like TCP/IP traffic. Voice traffic receiving a higher priority for Call Signalling receiving a 3 value and Voice bearer traffic 5 value.

As a result of Layer-2 Classifications and marking, these QoS operations can occur:

Input queue scheduling: when a frame enters a port, it can be assigned to one of a number of port-based queues before being scheduled for switching to an egress port. Typically, multiple queues are used where traffic requires different levels of service.
Policing: is the process of inspecting a frame to see if it has exceeded a predefined rate of traffic within a certain time frame that is typically a fixed number internal to a switch. If a frame is determined to be in excess of the predefined rate limit, it can either be dropped, or the CoS value be marked down.
Output Queue Scheduling: is where the switch will place the frame into an appropriate egress queue for switching. The switch will perform buffer management on this queue by ensuring that the buffer does not overflow.

Layer-3 QoS

QoS layer-3 classification occurs by examining information of the header values such as destination IP address or protocol. Qos Layer-3 markings occurs in the Type of Service (ToS) byte in the IP header. The first three bits of the ToS byte are occupied by IP precedence, which correlates to three CoS bits carried in the Layer-2 header.

The ToS byte can also be used for DSCP marking that allows prioritization hop by hop as packets are processed on each switch and interface.

Trust Boundaries

In QoS campus implementations, trust boundaries are defined/created where existing QoS values that are attached to frames and packets are to be accepted or altered. These “trusts” are established by configuring trust levels on the ports of key peripheral network devices where QoS policies will be enforced (trusted) as traffic makes its way into/onto the network. At this entry point traffic will be allowed or not allowed to retain its original QoS markings or will be ascribed new markings (best practice is to mark traffic as close to the source as possible).

In practice this means that if you have a network with a Desktop/Notebook attached to a Cisco IP Phone attached to a Catalyst Switch attached to a Cisco Router the trust boundary can be set at the Cisco IP Phone. Where the IP Phone attaches priority values which are then trusted.

Otherwise if there is a Desktop/Notebook with Softphone attached to a Catalyst Switch attached to a Router the trust boundary can be set to the Desktop/Notebook. Where the softphone attaches priority values which are then trusted.

Configuration IP Phone Attachment

This goes hand in hand with how to configure VLANs first off we create a VLAN

switch#configure terminal switch(config)#vlan 10 name 001-WORK-STATION switch(config)#vlan 100 name 001-IP-PHONE

Now we need to assign the Data and Voice VLAN to a interface

switch(config)#interface gigabitethernet 0/1 switch(config-if)#switchport voice vlan 100 switch(config-if)#switchport access vlan 10

Now we need to setup trust as they arrive at the switch port

switch(config-if)#mls qos trust cos

Finally set the trust conditional to a Cisco IP Phone being attached

switch(config-if)#mls qos trust device cisco-phone

Auto QoS

Cisco AutoQoS gives the ability to deploy QoS features for converged IP Telephony and allow for telephony networks to be deployed quicker and efficiently than if it had to be done manually. Cisco AutoQoS generates traffic classes and policy map command-line (CLI) templates across platforms that are the same where doing things manually might not have the same congruence. Cisco AutoQoS simplifies and automates the QoS CLI (MQC) definition of traffic classes and the creation and configuration of traffic policies.

AutoQos can be beneficial in these scenarios:

SMB that deploy IP Telephony quickly but lack experience and staffing to deploy IP QoS Services.
Large enterprises that need to deploy Cisco Systems Telephony solutions on a large scale, while reducing costs, complexity, and time frame for deployment, and ensuring that the appropriate QoS for voice applications is being set in a consistent fashion.
International enterprises or service providers requiring QoS for VoIP where little expertise exists in different regions of the world and where provisioning QoS remotely and across different time-zones is difficult.
Service providers requiring a template-driven approach to deliver managed services and QoS for voice traffic of customer premises devices.

Cisco AutoQoS simplifies and shortens the deployment cycle in the following ways:

Application classification: By leveraging intelligent classification on routers Cisco network-based application recognition (NBAR) provides stateful and deep packet inspection. Cisco AutoQos uses Cisco Discovery Protocol (CDP) for voice packets to ensure that end-device attached to the Local Area Network (LAN) is really an Cisco IP Phones (keep in mind that CDP is Cisco Proprietary).
Policy Generation: Cisco AutoQos evaluates the network environment and generates the initial policy. This feature automatically generates interface configurations, policy maps, class maps, and Access Control Lists (ACL).
Configurations: Using one command, Cisco AutoQoS configures the port to prioritize voice traffic without affecting other network traffic, while still offering the flexibility to adjust QoS settings for unique network requirements. Cisco AutoQoS will automatically detect Cisco IP Phones and enable QoS settings, in turn it will also disable QoS settings to prevent malicious activity when a Cisco IP Phone is relocated or moved.
Monitoring and reporting: Cisco AutoQoS provides visibility into the Class of Service (CoS) deployed via system logging and Simple Network Management Protocol (SNMP) traps, with notification of abnormal events(VoIP packet drops).
Consistency: Cisco AutoQoS configurations are consistent among router and switch platforms. This level of consistency ensures seamless QoS operation and interoperability within the network.

Cisco Catalyst Switch Configuration – Cat OS

To configure the global QoS settings

Console> (enable) set qos autoqos ......... All ingress and egress QoS scheduling parameters configured on all ports. CoS to DSCP, DSCP to CoS. Precedence to DSCP and policed dscp maps configured. Global QoS configured, port specific autoqos recommended: set port qos <mod/port> autoqos trust <cos/dscp> set port qos <mod/port> autoqos voip <ciscoipphone/ciscosoftphone>

To configure Cisco AutoQoS settings and the trusted boundary features on/for Cisco IP Phones, CDP V.2 or later needs to be enabled on a port. If the trusted boundary feature is enabled. You will receive a syslog warning message if CDP is not running or CDP V.1 is running.

CDP need not be enabled if you do not use the ciscoipphone QoS configuraiton.
Console> (enable) set port qos 4/1 autoqos voip ciscoipphone Warning: CDP is disabled or CDP version 1 is in use. Ensure that CDP version 2 is enabled globally, and also ensure that CDP is enabled on the port(s) you wish to configure autoqos on. Port 4/1 ingress QoS configures for ciscoipphone. It is recommended to execute the "set qos autoquos" gloval command if not executed previously. Console> (enable)

To configure the port-specific QoS macro that handles all inbound QoS configurations that are specific to a particular port. This should only be used when the port connects to other known switches or servers because the port tursts all inbound traffic marked.
Console> (enable) set port qos 4/1 autoqos voip code/dscp

Cisco Catalyst Switch Configuration – Cisco IOS

When Cisco AutoQos in enabled on the first interface, QoS is globally enabled. This would be like configuring this command

switch#configure terminal switch(config)msl qos

To in turn enable QoS on an interface use this command that tells the switch that the interface is connected to a trusted router/switch and that the VoIP classifications in the ingress packet should be trusted:

switch#configure terminal switch(config)#interface gigabitethernet 0/1 switch(config-if)#auto qos voip trust

OR that the interface is connected to a Cisco IP Phone, the QoS labels of incoming packets are trusted only when the IP Phone is detected; this enabled CDP to detect the IP Phones absence or presence.

switch#configure terminal switch(config)#interface gigabitethernet 0/1 switch(config-if)#auto qos voip cisco-phone
To check config use the following command
switch#show auto qos interface-id

Cisco AutoQoS Automation

Cisco AutoQoS automates several things when configured. It enforces trust boundaries on Cisco Catalyst switches access ports, uplinks and downlinks. Enables Catalyst strict priority queuing (PQ) (a.k.a expedited queuing) with weighted round-robin (WRR) scheduling for voice and data traffic. It configures queue admission criteria and finally modifies queue sizes and weights as needed.

Notes and Notices:

VTP Configuration

Published

Deon Botha

on April 10, 2008

in BCMSN, Certification, Cisco Systems, Concepts and Constructs, VLAN and VTP

. 0 Comments

Configuring VTP is as easy as one two three, literary

VTP Domain
VTP mode
VTP password

All switches in the same VTP domain will share the VTP domain and VTP password (if a password is configured for use). It is good practice to set the VTP mode to client if switches are being added to an existing switched network that uses VTP (use it don’t use it, for more look at the next section below the configuration for the steps involved) this is unless you want all your VLAN information going missing which means you have to re-load all your VLANs for large enterprise networks this could take many hours.

Configuration
switch>enable switch#show vlan brief Displays a list of VLANS Configured on Switch this list will replace all other VLAN information on the network if this is to be VTP Server switch#configure terminal switch(config)#vtp password my_password switch(config)#vtp domain my_domain switch(config)#vtp version 1/2 switch(config)#vtp mode client/server/transparent switch(config)#exit switch#show vlan brief Now either you will see the same VLANs or other VLANs that were advertised from the VTP Server if this is a VTP Client
Verification:
In this output, Configuration last modified by specifies the IP address of the switch that last updated the VLAN database of this switch.
switch#show vtp status
In the next output this verifies if VTP updates are being sent and received.
switch#show vtp counters

Things to keep in mind

VTP has small nuances that make it a pain to work with, the most obvious and the one I stress overly much is that VTP can create lots of work for you by deleting the entire enterprise VLAN database in a matter of seconds if you aren’t careful. This is something that you have to respect about VTP as it is a great time safer with respect to admin intense vlan creation but can also cause you headache.

Other small things being that there are 2 mainstream versions of VTP available and they are not interoperable (There is a version 3 available on big switch platforms). The default setting for VTP is Version 1 even if the switch platform supports Version 2, this is because of the interoperability issue. To use Version 2 explicitly set the server mode to Version 2 and the change will be propagated. Changes between Version 1 and Version 2 include

Version-dependant transparent mode where Version 1 matches VTP version and domain name before forwarding information to other switches. Version 2 forwards without checing the version number.
Consistency Checks are performed on VTP and VLAN parameters entered in the command line interface (CLI) or by simple network management protocol (SNMP). This prevents errors in vlan numbers and names from being propagated to other switches.
Token Ring support
Unrecognized Type-Lenght-Value (TLV) support will propagate received configuation changes even if the switch supervisor engine cannot parese of understand the message.

The VTP Domain name is case sensitive this is important and can only contain a maximum of 32 characters. If there is connectivity between two switches, there is no VTP password set and VTP is not propagating check that the CaSe is identical in the domain. For more in setting up VTP

The other final small thing is that VTP uses the configuration revision number to determine in the VTP domain whether it will accept or reject VTP advertisements. If the domain name is the same of the client or server then it checks the configuration revision number to see if it is going to update the vlan database. If the revision number of an update received on a client or server VTP switch is higher than the previous revision, then the new configuration is applied. Otherwise, the configuration is ignored. This comes back to being very careful as to the switches you just simply add to the network.

Adding a switch to VTP Network

Adding a new switch to an existing network can create a lot of work for you if you are not careful, follow these steps to make sure you aren’t shooting yourself in the foot.

This assumes that there is a “NEW” switch and an existing network to which the NEW switch is to be connected. The term “NEW” can either be right out the box brand spanking “NEW” from Cisco or “NEW” from ebay.

Make 110% sure that there is no network connectivity with the NEW switch and the existing network; then power on the switch.
Change the switch VTP mode to transparent on the NEW switch.
Delete vlan.dat on the NEW Switch.
Change the VTP domain name to something unconventional that is not in use on the network, and change the mode to client on the NEW Switch.
Reload or power cycle the switch NEW Switch.
Verify the switch VTP mode, VTP domain name, and vlan.dat configuration.
Configure the switch with the existing network settings and a valid VTP domain name and password.
Connect the NEW switch to the network.
Verify the VLAN database has propagated.

There are furthermore some other best practices concerning VTP Configuration when it comes to the ECNM:

The ECNM gives boundaries for VTP Domains. Not all switches need information on all VLANs (end-to-end). In the ECNM VTP Domains should be restricted to redundant distribution layer switches and access layer switches.
Have only one or two switches configured as VTP Servers and the remainder as clients.
Configure a password for the VTP Domain to increase security and not make more work for yourself should someone try and add a VTP switch (in sever mode) to the domain without your knowledge.
I know of a network where a a lab switch (old network switch) used during training added to the lab network deleted the VLAN database of the enterprise network. *shrug*
Manually configure the VTP domain name on all switches that are installed in the network so that the mode can be specified and the default mode of the server on all switches can be overwritten (see above for why)
When you are setting up a new domain configure VTP clients switches first so that they participate passively; then configure servers to update client devices after the fact.
In an existing domain, when performing clean-up, configure passwords on the servers first. clients may need to maintain current LAN information until the server contains a complete VLAN database. After the VLAN database on the server is verified as complete, client passwords can be configured to the server passwords to propagate the VLAN Database.

Some Asides that I wondered about

Doing some final revision and asking the Google about some weird questions CCIE Pursuit came up with the asnwers, this one has happened to me IRL where the switch came back up as Server. Also a question about the MD5 and VTP was neatly answered all in one visit.

Notes and Notices:

This is a part of my personal BCMSN notes and research to assist myself in learning and understanding the concepts and theory for the BCMSN exam. I learn by making notes reading and writing things down and wish to file them where I can’t lose them. These notes are not to be seen, judged or mistaken for replacements to Cisco recognized and authorized training which I personally support and attend and suggest you undertake if you are going for the BCMSN Certification.

VLAN Trunk Protocol

Published

Deon Botha

on April 10, 2008

in BCMSN, Certification, Cisco Systems, VLAN and VTP

. 0 Comments

VLAN Trunk Protocol (VTP) is what manages a consistent list of VLANs between switches on the enterprise network. All switches that share common information are grouped in VTP management domains. The “global” VLAN information shared between switches are VLAN number, name and description thereby keeping the same VLAN information shared between enterprise switches; more particular information like port assignments is kept local to each switch.

What this means is that you will have VLAN informaiton consistent on all switches of the enterprise but port assignment will have to be done manually on each switch.

Switches within a VTP Domain synchronize their VLAN databases by sending and receiving VTP advertisements over trunk links. VTP advertisements are flooded throughout a VTP domain by switches (every 5 minutes or when a change happens) over VLAN 1 (Cisco default NATIVE VLAN) using layer-2 multicast frame.

Describing the VTP:

VTP is a layer-2 messaging protocol that maintains VLAN configuration consistency between switches by managing the additions, deletions, and name changes of VLANs on all switches in a VTP domain. VTP runs over trunk links allowing interconnected switches to exchange layer-2 frames, synchronizing a single list of configured VLANS.

These are the attributes of VTP:

VTP is a Cisco Proprietary protocol.
VTP will advertise VLANs 1-1005 only.
VTP updates are exchanges only across trunk links.
Each switch operates in a given VTP mode (server, client, transparent) which determines how VTP updates re sent from and received by that switch.

These are the attributes of a VTP Domain:

A switch can only belong to one one VTP Domain.
A VTP Domain may be as small as only one switch.
VTP Updates will be exchanged only with other switches in the same domain.
The way VLAN information is exchanged between switches in the same domain depends upon the VTP mode on the switch (server, client, transparent).
By default, a Cisco Catalyst switch is in the no-management-domain state until it receives an advertisement for a domain over a trunk link, or until a management domain is configured.

These are the attributes of a VTP Modes:

VTP Mode	Feature
Server	Creates, Modifies, and deletes VLANs at the CLI Generate and forwards VTP advertisements from other switches in the same management domain. May update its own VLAN database with information received from other serves in the management domain Saves VLAN configuration information in “vlan.dat” file in Flash memory
Client	Cannot create, modify, or delete VLANs at the CLI Forwards VTP advertisements received Synchronizes its own VLAN database with latest information received from VTP server in the management domain VLAN information in RAM only, not stored in NVRAM or FLASH; must be repopulated from VTP Server if switch powered down
Transparent	Creates, modifies, and deletes VLANs for the VLAN database on the local switch only Does not generate VTP advertisements Does not update its VLAN database information received from VTP servers in the same management domain Forwards VTP advertisements received from VTP servers in the same VTP domain Always has configuration revision number of 0 Saves VLAN configuration to NVRAM

VTP Versions:

Version 2:

Supports Token Ring Switches.
Consistency checks on new VTP and VLAN configuration parameters.
Propagation of VTP updates that have an unrecognized type, length, or value.
Forwarding of VTP updates from transparent mode switches without checking the version number.

Version 3:

Support for extended VLANs.
Support for the creation and advertisement of private VLANs.
Support for VLAN instances and Multiple Spanning Tree (MSTP) mapping propagation instances.
Improved server authentication.
Protection from the wrong database accidentally being inserted into a VTP domain
Interaction with VTP Version 1 and VTP Version 2.
Ability to be configured on a per-port basis.

VTP Pruning

By default a trunk link carries all traffic for all VLANs in a VTP management domain. It is common however that all switches in the enterprise does not have all VLANs configured on all ports. VTP Pruning increases availability of bandwidth by decreasing traffic on trunk links through restriction of flooded traffic by network devices.

VTP Confiruation Revision Number

When VTP is initially configured the VTP configuration revision number is 0 (zero). Each time a VTP server modifies its VLAN information the configuration revision number is incremented by one. This new revision number is then sent out with the new VTP information and all switches with a lower configuration revision number are updated.

ECNM

There are some guidlines to using VTP in the Campus Infrastructure Model:

VTP Domain is restricted to the building Switch blocks.
VTP keeps VLAN information consistent between building distribution layer and building access layer switches.
VTP configuration errors or failures will be confined to the distribution and access layer switches.
Knowledge of all VLANs does not need to exist on all switches within the Campus infrastructure model.

Cabling and Equipment with relation to Network Design

Published

Deon Botha

on April 8, 2008

in BCMSN, Cabling and Equiptment, Certification, Cisco Systems, Concepts and Constructs, ECNM and Interconnection Technologies

. 0 Comments

The objective in network design is security availability, scalability and manageability. To achieve these objectives the following needs evaluation in the process of migrating to ECNM:

Replacement of hubs and legacy switching gear to new switching technology at the Building Access layer. Important factors include port density (current and expected), inline power and QoS (IP Telephony).

The Cabling Plant from the Building Access to the Buidling Distribution Layer will carry agregate traffic from end nodes to Building Distribution Switches.

At Building Distribution Layer switches must be Multilayer (Layer-2/Layer-3) switches and selected so that they can handle current Building Access Layer load they can be either fixed or modular chassis. Plan port density for additional Access Layer devices. Plan for redundancy in chassis and connections to Access Layer and Core Layers.

The Campus Backbone must support high-speed data communications between other modules. Size the backbone accordingly and plan on redundancy.

Notes and Notices:

Interconnection Technologies

Published

Deon Botha

on April 8, 2008

in BCMSN, Certification, Cisco Systems, Concepts and Constructs, ECNM and Interconnection Technologies

. 0 Comments

In the above network network diagram you can see different colours for the different speed interconnection technologies.

Colour	Name	Copper	Fibre
Yellow	Ethernet	10BaseT	-
Light Blue	Fast Ethernet	100BaseT	100BaseFX
Green	Gigabit Ethernet	1000BaseT	1000BaseSX/LX
Red	10-Gigabit Ethernet	-	10GBaseSR/LX4/LR/ER
Black	EtherChannel	100/0BaseT	-

Fast Ethernet operates at 100-Mbps over twisted pair cable. The LAN specification is IEEE 802.3u. Often used to connect end-user devices to the access layer switch.

Gigabit Ethernet operates at 1000-Mbps (1-Gbps) over twisted pair cable and fibre. The LAN specification is IEEE 802.3ab and fibre IEEE 802.3z. High Speed LAN backbones connecting building distribution switches to the campus backbone switches.

10-Gigabit Ethernet operates at 10-Gbps over fibre. Very high speed LAN backbone and link aggregation. Still a new technology still awaiting large scale commercial adoption.

EtherChannel is the feature of link aggregation of bandwidth over layer-2 links between two switches. EtherChannel bundles ports into a single logical port or link providing aggregate of up to 1600 Mbps (8×100Mbps full duplex links) or 16Gbps (8 x 1-Gigabit full duplex links).

Notes and Notices:

Logical Hierarchical Network Addressing

Published

Deon Botha

on April 8, 2008

in Addressing, BCMSN, Certification, Cisco Systems, Concepts and Constructs and ECNM

. 0 Comments

Revisiting logical hierarchical network addressing (CCNA) and going into more depth the reason for using a hierarchical addressing scheme is ease of management, ability to summarize routes and reduction of human error.

Linking this back to the ECNM above is a network diagram showing the campus infrastructure model with building access, distribution and core. Using this as a point of departure for addressing we can start using our past knowledge and apply it.

Design Considerations:

Use blocks of contiguous network numbers (4,8,16,32 or 64) and assigning them to access or building distribution areas allows for easy summarization.
At distribution level assign network numbers contiguously out towards the access layer.
A single IP Subnet for a single VLAN as each VLAN is a broadcast domain.
Subnet along the same binary value on all network numbers, avoid Variable Lenght Subnet masks (VLSM).

Application:

Using the above diagram we have 3 buildings with 6 floors or departments in each building. I am not going to waste time by coming up with department names. Naming is going to be AA (Building A; Department A), Bulding AB (Building A; Department B) then BA (Building B; Department A) and so on.

If the following is given as the department needs for IP addressing space:

		USERS			USERS			USERS
A	A	34	B	A	12	C	A	63
A	B	29	B	B	34	C	B	44
A	C	15	B	C	57	C	C	43
A	D	63	B	D	67	C	D	6
A	E	126	B	E	102	C	E	44
A	F	9	B	F	33	C	F	102

After consulting with the enterprise the 10.0.0.0 network is decided (Class A). Now Using the above considerations the decided information and previously learnt considerations from the CCNA this is what is the outcome.

Building Level:

Building A: 10.1.0.0/16 (Class A Address with a Class B Subnet 255.255.0.0 total 65,534 Hosts)

Building B: 10.2.0.0/16 (Class A Address with a Class B Subnet 255.255.0.0 total 65,534 Hosts)

Building C: 10.3.0.0/16 (Class A Address with a Class B Subnet 255.255.0.0 total 65,543 Hosts)

Department Level:

This is Building A Department Level IP Addressing

		SUBNET ADRESS
A	A	10.1.1.0	/24	255.255.255.0
A	B	10.1.2.0	/24	255.255.255.0
A	C	10.1.3.0	/24	255.255.255.0
A	D	10.1.4.0	/24	255.255.255.0
A	E	10.1.5.0	/24	255.255.255.0
A	F	10.1.6.0	/24	255.255.255.0
UNUSED		10.1.7.0 – 10.1.254.0	For Future Growth

This is Building B Department Level IP Addressing

		SUBNET ADRESS
B	A	10.2.1.0	/24	255.255.255.0
B	B	10.2.2.0	/24	255.255.255.0
B	C	10.2.3.0	/24	255.255.255.0
B	D	10.2.4.0	/24	255.255.255.0
B	E	10.2.5.0	/24	255.255.255.0
B	F	10.2.6.0	/24	255.255.255.0
UNUSED		10.2.7.0 – 10.1.254.0	For Future Growth

This is Building C Department Level IP Addressing

		SUBNET ADRESS
C	A	10.3.1.0	/24	255.255.255.0
C	B	10.3.2.0	/24	255.255.255.0
C	C	10.3.3.0	/24	255.255.255.0
C	D	10.3.4.0	/24	255.255.255.0
C	E	10.3.5.0	/24	255.255.255.0
C	F	10.3.6.0	/24	255.255.255.0
UNUSED		10.3.7.0 – 10.1.254.0	For Future Growth

Implementation Considerations:

There are different traffic types on a network that need to be considered before device placement and VLAN assignment.

Network Management traffic may be present on the network; bridge protocol data units (BPDU), Cisco Discovery Protocol (CDP) updates, Simple Network Management Protocol (SNMP) and Remote Monitoring (RMON). Assing a Separate VLAN for this traffic.

IP Telephony has two types of traffic: signalling between end-stations (IP Phone and Call Manager) and the data packets containing the voice conversations. Assing a different VLAN to be able to apply QoS to this traffic.

To go deeper on the topic Cisco Call Manager server need to be accessible throughout the network at all times. Ensure that there are redundant NICs in the publisher and subscriber servers and redundant connections between those NICs and upstream switch. It is as stated above recommended that Voice traffic be on its own VLAN.

Separate Voice and Data VLANs are recommended because:

Address space conservation and voice device protection
QoS trust boundry extension to voice devices
Protection from malicious network attacks
Ease of management and configuration

IP Multicast traffic for IP/TV broadcasts and software configuration software. Switches need to be configured to keep this traffic from flooding devices that did not accept this and Routers need to be configured to only send this data to networks that requested it.

To go deeper on this topic Layer 3 multicast is provided by Protocol Independant Multicast (PIM) routing protocol. The wiring closet control is provided by Internet Group Management Protocol (IGMP) snooping or Cisco Group Management Protocol (CGMP). Because of the large amount of traffic involved when several high-bandwidth multicast streams are provided it is important to control multicast consider the following:

IP Multicast servers may exist within a server farm or be distributed throughout the network.
Select distribution layer switches to act as PIM rendezvous points (PRs) and place them where they are central to the location of the largest distribution of receiving nodes. PRs are used to temporarily connect multicast sources and receivers.

Normal Data traffic from Server Message Block, Netware Core Protocol (NCP), Simple Mail Transfer Protocol (SMTP), Structured Query Language (SQL) and HTTP. May be assigned different priorities in different parts of the network.

Scavenger Class traffic that protocols or patterns that exceed their normal flows. P2P

Use:

When using the above to map VLANs to a network keep the following in mind:

Examine either the new or existing sybnetting scheme and associate a VLAN to each subnet.
Configure inter-vlan routing at the Distribution layer using the MLS.
Make end-user VLANs and subnets local to a specific switch block (unless wireless requires roaming/mobility).

Conclusion:

What one notices is that each building has a leading IP Address indicator of 10.x.0.0/24 with the additional subnet (VLAN) indicator for the department 10.x.x.0/24 making network management easier and identification easier.

An building is summarized using 10.x.0.0/16 and potentially the campus network is summarised as 10.0.0.0/8

Notes and Notices:

Network Ninja

Tag Archive for 'Access Layer'

Preparing a used switch for use

BCMSN Practical Lab Initial Config

QoS and Voice Traffic

VTP Configuration

VLAN Trunk Protocol

Cabling and Equipment with relation to Network Design

Interconnection Technologies

Logical Hierarchical Network Addressing

Search

About

Latest

Archives

Categories