Describing the STP

Enhancements to STP PortFast Per VLAN Spanning Tree+ (PVST+) Rapid Spanning Tree Protocol (RSTP) Multiple Spanning Tree Protocol (MSTP) MSTP is also known as Multi-Instance Spanning Tree Protocol (MISTP) on Cisco Catalyst 6500 switches and above Per VLAN Rapid Spanning Tree (PVRST)

Describing PortFast

Configuring PortFast Configuring Verifying spanning-tree portfast (interface command) or spanning-tree portfast default (global command) enables PortFast on all nontrunking ports Verifying show running-config interface fastethernet 1/1

Rapid Spanning Tree Protocol

RSTP Port States

Port Included in Active Topology? Port Learning MAC Addresses? RSTP Port States Port Included in Active Topology? Port Learning MAC Addresses? STP Port State RSTP Port State Disabled Discarding No No Blocking Discarding No No Listening Discarding No No Learning Learning No Yes Forwarding Forwarding Yes No

RSTP Port Roles

What Are Edge Ports? Will never have a switch connected to it Immediately transitions to forwarding Functions similarly to PortFast Configured by issuing the spanning-tree portfast command

RSTP Link Types Slide 2 of 2 Emphasize: What will happen if switch X fails? Switch Y will detect the missing BPDU from switch X in 20 seconds (max. age timer), then recalculate the Spanning Tree Protocol. After the network converges, switch Y will be the root bridge, and all its ports will transit to the forwarding states (DP) 30 seconds after the max. age timer expires.

RSTP BPDU Flag Byte Use

RSTP Proposal and Agreement Process

Downstream RSTP Proposal and Agreement Root and switch A synchronize. Ports on A come out of sync. Proposal or agreement takes place between A and B.

RSTP Topology Change Mechanism

PVRST Implementation Commands Configuring spanning-tree mode rapid-pvst Verifying show spanning-tree vlan 101 Debugging debug spanning-tree

How to Implement Rapid PVRST

Verifying PVRST Display spanning tree mode is set to PVRST. Switch# show spanning-tree vlan 30 VLAN0030 Spanning tree enabled protocol rstp Root ID Priority 24606 Address 00d0.047b.2800 This bridge is the root Hello Time 2 sec Max Age 20 sec Forward Delay 15 sec Bridge ID Priority 24606 (priority 24576 sys-id-ext 30) Aging Time 300 Interface Role Sts Cost Prio.Nbr Type -------- ----- --- --- -------- ---- Gi1/1 Desg FWD 4 128.1 P2p Gi1/2 Desg FWD 4 128.2 P2p Gi5/1 Desg FWD 4 128.257 P2p Display spanning tree mode is set to PVRST.

Summary RSTP provides faster convergence than 802.1D STP when topology changes occur. RSTP defines three port states: discarding, listening, and forwarding. RSTP defines five port roles: root, designated, alternate, backup, and disabled. Edge ports forward while topology changes occur. RSTP makes use of two link types–P2P and shared. 802.1w uses the BPDU differently from 802.1D. Convergence results from the proposal and agreement process conducted switch by switch. The RSTP topology change notification process differs from 802.1D. Various commands are used to configure and verify PVRST. PVRST enables RSTP while still maintaining PVST.

Implementing MSTP

Multiple Spanning Tree Protocol Instance 1 maps to VLANs 1–500 Instance 2 maps to VLANs 501–1000

MST Regions MST configuration on each switch: Name Revision number VLAN association table

Extended System ID in Bridge ID Field

Interacting Between MST Regions and 802.1D

Configuring MSTP Enters MST configuration submode Switch(config)#spanning-tree mst configuration Enters MST configuration submode Switch(config-mst)#name name Sets the MST region name Switch(config-mst)#revision rev_num Sets the MST configuration revision number Switch(config-mst)#instance inst vlan range Maps the VLANs to an MST instance Switch(config-mst)#spanning-tree mst instance_number root primary|secondary Establishes primary and secondary roots for MST instance

Verifying MSTP Switch#show spanning-tree mst configuration Displays MSTP configuration information Switch#show spanning-tree mst configuration Name [cisco] Revision 1 Instance Vlans mapped -------- ------------------------------------ 0 11-4094 1 1-10 ----------------------------------------------

Verifying MSTP (Cont.) Switch#show spanning-tree mst instance_number Displays configuration information for a specific MSTP instance Switch#show spanning-tree mst 1 ###### MST01 vlans mapped: 1-10 Bridge address 00d0.00b8.1400 priority 32769 (32768 sysid 1) Root this switch for MST01 Interface Role Sts Cost Prio.Nbr Status ---------------- ---- --- --------- -------- -------------------------------- Fa4/4 Back BLK 1000 240.196 P2p Fa4/5 Desg FWD 200000 128.197 P2p Fa4/48 Boun FWD 200000 128.240 P2p Bound(STP) Switch#clear spanning-tree detected-protocols [interface interface-id] Forces renegotiation with neighboring switches during migration process

Summary MSTP reduces the encumbrance of PVST by allowing a single instance of spanning tree to run for multiple VLANs. An MST region is a group of MSTP switches that appears as a single virtual bridge to adjacent CST and MSTP regions. Extended system ID ensures that VLAN ID or MSTP instance can be carried in the Bridge ID field of a BPDU. An MSTP region requires an IST and an arbitrary number of MSTP instances as it connects to an 802.1Q network at the MST region border. MSTP is configured with a unique set of commands. MSTP implementation requires configuration and verification using specific configuration and show commands.

Configuring Link Aggregation with EtherChannel

EtherChannel Logical aggregation of similar links Load balances Viewed as one logical port Redundancy

Dynamic Trunk Negotiation Protocols PAgP Cisco proprietary LACP IEEE 802.3ad standard

About EtherChannel Configuration Commands Configure PAgP interface port-channel {channel-group-number} channel-protocol pagp channel-group 1 mode {mode} Verify show interfaces fastethernet 0/1 etherchannel show etherchannel 1 port-channel show etherchannel 1 summary

Configuring Layer 2 EtherChannel Switch(config)#interface range interface slot/port - port Specifies the interfaces to configure in the bundle Switch(config-if-range)#channel-protocol {pagp | lacp} Specifies the channel protocol—either PAgP or LACP Switch(config-if-range)#channel-group number mode {active | on | auto | desirable | passive} Creates the port-channel interface and places the interfaces as members

Configuring Layer 3 EtherChannel Switch(config)#interface port-channel port-channel-number Creates a port-channel interface Switch(config-if)#no switchport Switch(config-if)#ip address address mask Specifies L3 and assigns an IP address and subnet mask to the EtherChannel Switch(config)#interface interface slot/port Specifies an interface to configure Switch(config-if)#no switchport Switch(config-if)#channel-group number mode {auto | desirable | on} Configures the interface as L3 and specifies the port channel and the PAgP mode

Verifying EtherChannel Switch#show running-config interface port-channel num Displays port-channel information Switch#show running-config interface interface x/y Displays interface information Switch#show run interface port-channel 1 Building configuration... Current configuration : 66 bytes ! interface Port-channel1 switchport mode dynamic desirable end Switch#show run interface gig 0/9 Building configuration... Current configuration : 127 bytes ! interface GigabitEthernet 0/9 switchport mode dynamic desirable channel-group 2 mode desirable channel-protocol pagp end interface Port-channel2 switchport trunk encapsulation dot1q switchport mode trunk switchport nonegotiate no ip address ! interface GigabitEthernet0/9 description DSW121 0/9-10 -- DSW122 0/9-10 duplex full speed 100 channel-group 2 mode desirable interface GigabitEthernet0/10

Verifying EtherChannel (Cont.) Switch#show interfaces gigabitethernet 0/9 etherchannel Port state = Up Mstr In-Bndl Channel group = 1 Mode = Desirable-Sl Gcchange = 0 Port-channel = Po2 GC = 0x00020001 Pseudo port-channel = Po1 Port index = 0 Load = 0x00 Flags: S - Device is sending Slow hello. C - Device is in Consistent state. A - Device is in Auto mode. P - Device learns on physical port. d - PAgP is down. Timers: H - Hello timer is running. Q - Quit timer is running. S - Switching timer is running. I - Interface timer is running. Local information: Hello Partner PAgP Learning Group Port Flags State Timers Interval Count Priority Method Ifindex Gi0/9 SC U6/S7 H 30s 1 128 Any 15 Partner's information: Partner Partner Partner Partner Group Port Name Device ID Port Age Flags Cap. Gi0/9 DSW122 0005.313e.4780 Gi0/9 18s SC 20001 Age of the port in the current state: 00d:20h:00m:49s

Guidelines for Configuring EtherChannel

Guidelines for Configuring EtherChannel (Cont.)

EtherChannel Guidelines Switch#show run interface FastEthernet0/9 description DSW121 0/9-10 - DSW122 0/9-10 switchport trunk encapsulation dot1q switchport trunk allowed vlan 1,21-28 switchport mode trunk switchport nonegotiate duplex full speed 100 channel-group 2 mode desirable ! interface FastEthernet0/10

EtherChannel Load Balancing Switch(config)# port-channel load-balance src-mac

Configuring EtherChannel Load Balancing Switch(config)#port-channel load-balance type Configures EtherChannel load balancing Switch#show etherchannel load-balance Source XOR Destination IP address

Summary EtherChannel increases bandwidth and provides redundancy by aggregating individual links between switches. EtherChannel can be dynamically configured between switches using either PAgP or LACP. Etherchannel is configured and verified using a variety of show commands. Best practices should be followed for EtherChannel configuration. EtherChannel load balances traffic over all the links in the bundle.

Implementing Inter-VLAN Routing

Problem: Isolated Broadcast Domains Purpose: This slide poses the problem of communicating between VLANs. Emphasize: Point out that VLANs, by their nature, are designed to keep data from traversing the VLAN borders. However, end users stations need to communicate with entities outside the VLAN borders. Use the example of end users in one VLAN needed to communicate with enterprise servers residing in a VLAN across the network core. Transition: Following introduces the solution. Because of their nature, VLANs inhibit communication between VLANs.

Solution: Routing Between VLANs Purpose: This slide introduces routers as the solution to inter-VLAN communications. Emphasize: In switched networks, route processors are used to provide communications between VLANs. Before you can configure routing between VLANs, you must have defined the VLANs on the switches in your network. Refer to the Cisco Internetworking Design Guide and appropriate switch documentation for information on these topics. The Cisco Internetworking Design Guide is available from Cisco Press. Inter-VLAN Routing is discussed in the Cisco IOS Switching Services Configuration Guide located on the Cisco Documentation CD-ROM. Transition: Following begins the discussion of some problems that occur as result of inter-VLAN routing. Communications between VLANs requires a Layer 3 services module.

Inter-VLAN Routing with External Router Purpose: This slide discusses the solution of ISL. Emphasize: The Inter-Switch Link (ISL) protocol is used to inter-connect two VLAN-capable Fast Ethernet devices, such as the Catalyst 5000 or Cisco 7500 routers. The ISL protocol is a packet-tagging protocol that contains a standard Ethernet frame and the VLAN information associated with that frame. ISL is currently supported over Fast Ethernet links, but a single ISL link, or trunk, can carry traffic from multiple VLANs. The concept of ISL was discussed in the “Defining Common Workgroups” chapter. How to configure ISL links is discussed later in this chapter. Discuss the example in the SG. Transition: Following is a discussion of ISL links to single router. Single trunk link carries traffic for multiple VLANs to and from router.

Inter-VLAN Routing External Router Configuration Commands Configure on subinterface encapsulation dot1Q (or isl) 10 ip address 10.10.1.1 255.255.255.0 Verify show vlan 10 show ip route

Inter-VLAN Routing on External Router: 802.1Q Trunk Link Purpose: This figure shows the configuration of the router on a stick. Emphasize: Highlight the two different interconnecting networks, 10.1.1.0 and 10.2.2.0.

Inter-VLAN Routing on External Router: ISL Trunk Link Purpose: This figure shows the configuration of the router on a stick. Emphasize: Highlight the two different interconnecting networks, 10.1.1.0 and 10.2.2.0.

Verifying Inter-VLAN Routing Purpose: This slide discusses the ping command. Emphasize: Use the ping command to test connectivity to remote hosts. The ping command will return one of the following responses: Success rate is 100 percent or ip address is alive. This response occurs in 1 to 10 seconds, depending on network traffic and the number of ICMP packets sent. Destination does not respond. No answer message is returned if the host does not Unknown host. This response occurs if the targeted host does not exit Destination unreachable. This response occurs if the default gateway cannot reach the specified network Network or host unreachable. This response occurs if there is no entry in the route table for the host or network. You can also test the routes packets will take from the route processor to a specific destination by using the trace ip destination command. For more information on the trace ip command, refer to the Cisco IOS Release 12.0 Command Summary . Transition: Following is the visual for the laboratory exercise. The ping command tests connectivity to remote hosts.

Verifying the Inter-VLAN Routing Configuration Router#show vlan Displays the current IP configuration per VLAN Router#show ip route Displays IP route table information Router#show ip interface brief Displays IP address on interfaces and current state of interface

Explaining Multilayer Switching

Multilayer Switched Environment Conventional Environment Defining Flows p3 p2 p1 Multilayer Switched Environment Host A Host B Conventional Environment First Packet 1 Host A Host B 2 Subsequent Packets Each packet of a traditional flow must be processed by the router The first packet of an MLS flow is processed by the router; all subsequent packets are switched Purpose: This page defines a flow. Emphasize: A flow is a specific conversation, consisting of many packets, between a network source and destination. Actual network traffic consists of many end-to-end conversations, or flows, between users or applications. The concept of flows is important because Catalyst family of multilayer switches maintains a Layer 3 switching table based on data flows. Transition: Following discusses the Cisco devices that support MLS.

Layer 2 Switch Forwarding Process

Logical Packet Flow for a Multilayer Switch

Internal Router Processor Software/Hardware Requirements Route Switch Module (RSM) Cisco IOS™ Release 11.3(2)WA4(4) or Later Purpose: This slide describes the hardware and software requirements when using a multilayer switch. Emphasize: Multilayer switching can be implemented by using a Layer 3 switch or an external router configuration. An integrated, or Layer 3, switch contains a route switch module (RSM) and the NetFlow Feature Card (NFFC) and requires the following software and hardware: Catalyst 2926G, 5000 or 6000 series switch with supervisor engine software Release 4.1(1) or later. Cisco IOS router software Release 11.3(2)WA4(4) or later. Supervisor Engine III, FSX, or III FLX module with a NetFlow Feature Card (NFFC) or NFFC II Route Switch Module (RSM). MLS is also supported on the following software and hardware: Catalyst 5000 series switch with supervisor engine software Release 4.1(1) or later.(The RSFC is supported on the Catalyst 5000 only.) Cisco IOS router software Release 12.0W5 or later. Supervisor Engine IIG or IIIG with an RSFC daughter card. Transition: Following identifies the equipment requirements for MLS when using an external router. Catalyst 2926G, 5000, or 6000 Series Switch Supervisor Engine III, FSX, III FLX, IIG, or IIIG Module Supervisor Engine Software Release 4.1(1) or Later NetFlow Feature Card (NFFC), NFFC II

MLS Components MLS-RP—Multilayer Switching Route Processor MLS-SE—Multilayer Switching Switch Engine RSM Cisco 85xx 75XX 72XX 4XXX OR MLSP—Multilayer Switching Protocol Purpose: This slide identifies the major components in multilayer switching. Emphasize: The MLS-SE is the multilayer switching switch engine. This switching entity handles the function of moving and rewriting the packets. The MLS-SE is a NetFlow Feature card residing on a Supervisor III card in a Catalyst switch. The MLS-RP is the route processor. This component is an Route Switch Module (RSM) or an externally connected Cisco 7500, 7200, 4500, 4700, or 8500 series router with software that supports multilayer switching. The MLS-RP sends MLS configuration information and updates, such as the router MAC address and Vlan number, flow mask, and routing and access list changes. The MLSP is the multilayer switching protocol. This protocol operates between the MLS-Switch Engine and MLS-Route Processor to enable multilayer switching. The MLSP is the method in which the RSM or router advertises routing changes and the Vlans or MAC addresses of the interfaces that are participating in MLS. Transition: Following begins the discussion of how an MLS-RP is made known in the network. Multicast Hello Messages sent to MLS-SE by MLS-RP to Inform: MAC addresses used on different VLANs Routing/access—lists changes occurring on MLS-RP

MLS-RP Advertisement MLS-RP sends out multicast hello messages Messages contain MAC, VLAN, and route information Messages use the CGMP multicast well-known address Purpose: This slide describes how the MLSP advertises an MLS-RP when it first starts up in the network. Emphasize: When an MLS-RP is activated in a campus network, the MLS-RP sends out multicast Layer 3-hello message every 15 seconds. This hello message is sent using the MSLP. This message is sent to all switches in the network and contains: The MAC addresses used by the MLS-RP on its interfaces that are participating in MLS. The students will be able to view this information in the MLS cache later in this chapter. Access-List Information. This information is used in flow mask identification and is discussed in detail later in this chapter. Routing table updates and changes. How the MLS-SE handles this information is discussed later in this chapter. MLSP uses the Cisco Group Management Protocol (CGMP) multicast address, ensuring interoperability with other Cisco switches.

Receiving MLSP Hello Messages I am not a Layer 3 Switch but I will still pass on the message. Hello Message Hello Message All switches receive the hello message Layer 3 switches process the hello message IP multicast passes transparently through non-Cisco switches Purpose: This slide describes how the MLS-SE handles MSLP messages. Emphasize: All Cisco switches listen to the well-known multicast address and receive the hello message. Only the switches that have Layer 3 capabilities process the hello message. Those switches without Layer 3 capabilities pass these packets through to downstream switches. When an MLS-SE receives the packet, the device extracts all the MAC addresses received in the packet along with the associated interface or VLAN ID for that address. The MLS-SE records the addresses in the MLS-SE CAM table. Transition: Following describes how the MLS-SE differentiates multiple routers.

Establishing an MLS Cache Entry Candidate Packet Source MAC = 0010.f663.d000 Destination MAC = 0010.0679.5800 L3 Information L2 Information Source IP = 172.16.10.123 Destination IP = 172.16.22.57 0010.0679.5800 172.16.68.13 2 3 4 Cache Entry? 1 A 0010.f663.d000 172.16.10.123 B 0090.b133.7000 172.16.22.57 The MLS-SE receives initial frame The MLS-SE reads and recognizes the destination MAC Address The MLS-SE checks the MLS cache for like entries The MLS-SE forwards the frame to the MLS-RP 1 Purpose: This slide introduces the first packet in a flow. Emphasize: The MLS-SE maintains a cache for MLS flows and stores statistics for each flow. The first packet in a flow is called a “Candidate” packet. Step 1: The MLS-SE receives a candidate packet and looks at the destination MAC address in the frame. The switch recognizes the destination address of the packet as the address of the MLS-RP. This address was recorded in the CAM table when the switch received the MLSP hello message. Step 2: The MLS-SE then checks the MLS cache to determine if an MLS flow is already established for this flow. Because this packet is the first packet in a flow, there will not be an entry in the cache. Step 3: The switch creates an entry in the MLS cache and assigns an XTAG to this entry. Step 4: The MLS-SE forwards the frame to the addressed router. Transition: Following continues the discussion of how an MLS flow is established. 2 3 4

Establishing an MLS Cache Entry (cont.) Source MAC = 0010.0679.5800 Destination MAC = 0090.b133.7000 Enable Packet Source IP = 172.16.10.123 Destination IP = 172.16.22.57 L3 Information L2 Information 0010.0679.5800 172.16.68.13 7 5 6 8 A 0010.f663.d000 172.16.10.123 B 0090.b133.7000 172.16.22.57 The MLS-RP receives the frame and consults the routing table The MLS-RP rewrites the header with the new destination MAC address The MLS-RP enters its own MAC address for the source address The MLS-RP forwards the frame to the MLS-SE 5 Purpose: This slide discusses how the router handles the candidate packet. Emphasize: Step 5: The router receives the frame and consults the routing table. Step 6: If the router finds the destination address in the routing table, the router constructs a new header, which now contains the MAC address of the destination host or next-hop router. Step 7: The router also enters its own MAC address as the source MAC address. Step 8: The router then returns the frame to the switch. Transition: Following describes how the MLS-SE handles the returned frame. 6 7 8

Switching Subsequent Frames in a Flow Incoming Frame L3 Information Source IP = 172.16.10.123 Destination IP = 172.16.22.57 Source IP = 172.16.10.123 Destination IP = 172.16.22.57 L3 Information L2 Information Rewritten Frame Source MAC = 0010.0679.5800 Destination MAC = 0090.b133.7000 L2 Information 13 15 Source MAC = 0010.f663.d000 Destination MAC = 0010.0679.5800 B A 16 0010.f663.d000 172.16.10.123 0090.b133.7000 172.16.22.57 14 Destination IP Source IP Port DstPrt SrcPrt Destination Mac Vlan Port 172.16.22.57 172.16.10.123 UDP 1238 60224 00-90-b1-33-70-00 45 2/9 MLS Cache Entry The MLS-SE receives subsequent frames in the flow The MLS-SE compares the incoming frame with the MLS cache entry The MLS-SE rewrites the frame header The MLS-SE forwards the frame to the destination 13 14 15 16 Purpose: This slide discusses how subsequent packets in the flow are handled. Emphasize: Step 13: The MLS-SE receives subsequent packets in the flow. Step 14: The frames with that destination MAC address are compared against the entry in the MLS Cache. Step 15: The switch performs a packet rewrite, based on information learned from the router (MLS-RP) and stored in the MLS cache Step 16: The switch bypasses the router and sends the packet out the appropriate port to the destination. The entry ages out of the cache when traffic for the flow ceases. The criteria for determining when an entry should be deleted is user configurable and is discussed later in this chapter. Partial, or candidate, entries will remain in the cache for five seconds with no enabled entry before timing out. The maximum MLS cache size is 128K. An MLS cache larger than 32K may increase the probability that packets in a flow will be forwarded to the router. Transition: Following begins the discussion of how to configure the MLS-RP. Note The Catalyst 5000 series 24-port 10/100BaseTX and 12-port 100BaseFX Backbone Fast Ethernet switching modules (WS-X5225R and WS-X5201R) have onboard hardware that performs the packet rewrite, optimizing MLS performance. When the MLS-SE receives the packet, it is formatted as follows: The MLS-SE rewrites the Layer 2 frame header, changing the destination MAC address to the MAC address of Host B and the source MAC address to the MAC address of the MLS-RP (these MAC addresses are stored in the MLS cache entry for this flow). The Layer 3 IP addresses remain the same, but the IP header Time to Live (TTL) is decremented and the checksum is recomputed. The MLS-SE rewrites the switched Layer 3 packets so that they appear to have been routed by a router. The MLS-SE forwards the rewritten packet to Host B's VLAN (the destination VLAN is saved in the MLS cache entry) and Host B receives the packet. After the MLS-SE performs the packet rewrite, the packet is formatted as follows: Frame Header IP Header Payload Destination Source TTL1 Checksum2 Data Checksum Host B MAC MLS-RP MAC Host B IP Host A IP 1The IP header TTL value is decremented by 1. 2The IP header checksum is recalculated.

IP Unicast Frame and Packet Rewrite Incoming IP Unicast Packet Rewritten IP Unicast Packet

Improving IP Routing Performance with MLS In this section we discuss the following topics: Multilayer Switching Fundamentals Configuring the Multilayer Switch Route Processor Applying Flow Masks Configuring the Multilayer Switch Switching Engine MLS Topologies Topology Examples Topology Quiz Unsupported Topology Topology Changes and Routing Impacts Purpose: This slide states the module objectives. Emphasize: Read or state each objective so each student has a clear understanding of the module objectives. At the end of this module, the students will be able to: Configure an MLS-RP Configure an MLS-SE Using access lists, set a flow mask on the MLS-RP Use IOS commands to verify the configuration on both the MLS-SE and MLS-RP Transition: Following is a definition of a multilayer switching.

MLS Topology Example 1 MLS-RP R2 3 4 1 2 5 R1 6 MLS-SE 1 2 3 4 5 6 B R2 R1 6 MLS-SE Host A sends a packet to the default gateway R1 rewrites the frame header to reflect the destination as the next-hop router (R2) MLS-SE forwards the frame to R2 R2 rewrites the frame header to reflect the destination as Host B MLS-SE forwards the frame to Host B All subsequent frames are switched 1 2 Purpose: This slide describes a MLS configuration example. Emphasis: How routers and switches are placed in relationship to each other is critical to multilayer switching. In this example, end Station A connects to the MLS-SE through router R2. Router R2 is not participating in MLS. Station A wants to send information to B. Station A addresses the frame with the MAC address of R2 at Layer 2 because R2 is its default gateway. To reach Station B, R2 has to use the next hop router R1. R2 rewrites its own MAC address in the source field of the frame header and writes the MAC address of R1 in the destination field. MLS-SE detects the packet and recognizes the MAC address in the destination field. Because this is the first frame in the flow, the frame is sent to R1. The MLS-SE treats this frame as a candidate packet. R1 rewrites with its own MAC address in the source field and the MAC address of end Station B in the destination field. The frame is returned to the switch . The MLS-SE recognizes the source address and treats this frame as the enabling packet. Having established the Layer 3 entry now, all subsequent frames bypass R1 and go straight from Station A through R2, through the MLS-SE, and ultimately, to Station B. Transition: The following discusses another MLS configuration. 3 4 5 6

MLS Topology Example 2 1 5 4 2 3 4 3 6 5 7 6 2 7 1 8 8 9 9 10 10 B A MLS-RP Host A sends a packet to the default gateway MLS-SE1 forwards the frame to MLS-SE2 MLS-SE2 forwards the frame to MLS-SE3 MLS-SE3 forwards the frame to MLS-RP1 MLS-RP1 rewrites the frame header and forwards the frame to MLS-SE3 MLS-SE3 forwards the frame to MLS-SE2 MLS-SE2 forwards the frame to MLS-SE1 MLS-SE1 forwards the frame to Host B All subsequent frames are switched through MLS-SE1 Entries in MLS-SE2 and 3 time out 1 4 5 2 3 MLS-SE3 10 4 3 6 5 10 MLS-SE2 7 6 2 A MLS-SE1 B 7 1 8 8 Purpose: This slide describes a MLS configuration example where packets traverse multiple switches. Emphasis: This example describes multilayer switching in a configuration that contains external routers and a hierarchy of MLS-SEs. Both Station A and Station B are connected through MLS-SE 3. To communicate with Station B, Station A addresses the frame to the default gateway R1. MLS-SE 3 recognizes this frame as a candidate packet and a partial entry is created in the MLS cache of MLS-SE 3. The frame is then sent to MLS-SE 2. MLS-SE 2 recognizes this frame as a candidate packet and a partial entry is created in the MLS cache of MLS-SE 2. This process is also repeated for MLS-SE 1. MLS-SE 1 then sends the frame to R1. R1 rewrites the destination and source MAC addresses in the frame and sends the frame back to MLS-SE The frame now meets the criteria of an enabling packet and the MLS entry is completed in the cache. This process is repeated in both MLS-SE 2 and MLS-SE 3 and the frame is sent to Station B. A Layer 3 entry switches for the flow between Station A and Station B is established in all three switches. When subsequent packets in this flow come to MLS-SE 3, a match is found is found in the MLS cache and forwarded to Station B. MLS-SE 2 and MLS-SE 1 never receive subsequent frames in this flow and the entries in those MLS caches age out. Transition: The following presents the last MLS configuration example. 9 9 10

Quiz: MLS Topology Example MLS-RP Port in Blocking State S1 X S2 S3 S4 S7 S5 S6 A B Slide 1 of 2 Purpose: This slide describes an MLS configuration with multiple Layer 2 paths. Emphasis: This example illustrates MLS in a configuration where multiple Layer 2 paths exist between the source and destination devices and how spanning tree operates with this configuration. As in the previous examples, communication is between Station A to Station B. From a spanning-tree perspective, the link between switches S2 and S3 is in blocking mode. Traffic from Station A to Station B takes the following path: S4®S2®S1®R®S1®S3®S7®B The first packet is forwarded along this path and candidate entries are established in S4, S2, and S1. Because this is the first packet in the flow, the frame is forwarded to R, rewritten with the appropriate source and destination headers, and returned to down to S1. The returning packet is the enabling packet, and the entry in the MLS cache of S1 is completed. The packet is then forwarded to S3, S7, and on to Station B. Subsequent packets in this flow are now Layer-3 switched at S1. Because S4 and S2 do not detect an enabling packet, candidate entries created in S4 and S2 age out of those MLS caches. If switch S1 is not a Layer 3 switch, then the packets never bypass the router because it is the only switch that is positioned to detect both the candidate and the enabling packet. Transition: The following completes the discussion of this configuration. Original MLS path was A S4 S2 S1 S3 S7 B Spanning tree blocked the link between S1 and S3 What is the next available MLS path?

Answer: MLS Topology Example MLS-RP Port in blocking state S1 X S2 S3 S4 S7 S5 S6 A B Slide 1 of 2 Purpose: This slide describes an MLS configuration with multiple Layer 2 paths. Emphasis: Traffic from Host A to Host B takes the following path: S4®S2®S1®R®S1®S3®S7®B The first packet is forwarded along this path and candidate entries are established in S4, S2, and S1. Because this is the first packet in the flow, the frame is forwarded to R, rewritten with the appropriate source and destination headers, and returned to down to S1. The returning packet is the enabling packet, and the entry in the MLS cache of S1 is completed. The packet is then forwarded to S3, S7, and on to Host B. Subsequent packets in this flow are now Layer-3 switched at S1. Because S4 and S2 do not detect an enabling packet, candidate entries created in S4 and S2 age out of those MLS caches. If switch S1 is not a Layer 3 switch, then the packets never bypass the router because it is the only switch that is positioned to detect both the candidate and the enabling packet. Transition: The following completes the discussion of this topology. First packet path = A S4 S2 S1 S2 S3 S7 B Subsequent packet path = A S4 S2 S3 S7 B

Unsupported MLS Topology VLAN41 VLAN42 RSM1 RSM2 A B Purpose: This slide describes an unsupported MLS configuration where one switch does not detect both the candidate and enable packets. Emphasis: The previous examples discussed how MLS works in different topologies. The following examples examine where MLS does not work. In this example, Station A communicates with Station B through the default gateway R1. Router R1 uses R2 as the next hop to route packets to Station B. The first packet takes the following path A®S1®R1®R2®S2®B A candidate entry is created in S1; however, S1 never detects an enabling packet from R1, which would have completed the entry in the MLS cache. Multlayer switching can not occur in this example. Transition: The following discusses an MLS solution to this configuration.

Unsupported MLS Topology—Solution 1 VLAN 41 VLAN 42 MLS-RP 1 MLS-RP 2 ISL Link MLS-SE 1 MLS-SE 2 Purpose: This slide discusses an MLS solution to the previously described configuration. Emphasis: One solution for this topology is to configure an ISL link from MLS-RP1 to MSL-SE1. This ISL link would route for both VLANs 41 and 42. With this modification, MLS-SE1 detects both the candidate and enable packet for the flow and a Layer 3 entry is established in the MLS cache of MLS-SE1. Transition: The following discusses another solution to the unsupported MLS configuration. A B Configure an ISL link from MLS-SE1 to MLS-RP1 to carry both VLAN41 and VLAN42

Unsupported MLS Topology—Solution 2 VLAN 41 VLAN 42 MLS-RP 1 MLS-RP 2 Link 1 Link 2 MLS-SE 1 MLS-SE 2 Purpose: This slide discusses another MLS solution to the previously described configuration. Emphasis: Another solution for topology is to add another link from R1 to S1. This new interface on R1 now routes for subnet B. The first packet in a flow is sent from A to R1 over one interface and a partial entry is created in the MLS cache of S1. R1 modifies the packet header and sends the packet out the second interface to S1, completing the partial entry. The packet is now forwarded from S1 to Station B by way of S2. Subsequent packets in this flow can now be Layer-3 switched in S1. Transition: The following begins the discussion of how routing changes impact MLS cache entries. A B Configure a second link from MLS-SE1 to MLS-RP1 to route for Subnet 42

CAM Table Requires an exact match on all bits Matching is a binary operation: 0 or 1 Provides very high-speed lookups

TCAM Table Matches only significant values Matches based on three values: 0, 1, or X (either) Masks used to wildcard some content fields

Summary A router on a stick can be used to route between VLANs using either ISL or 802.1Q as the trunking protocol. A router on a stick requires subinterfaces, one for each VLAN. Verify inter-VLAN routing by generating IP packets between two subnets. Multilayer switches can forward traffic at both Layer 2 and Layer 3. Multilayer switches rewrite the Layer 2 and Layer 3 header using tables held in hardware.

SVI on a Multilayer Switch Configure ip routing interface vlan 10 ip address 10.1.1.1 255.255.255.0 router eigrp 50 network 10.0.0.0 Verify show ip route

Configuring Inter-VLAN Routing Through an SVI Step 1 : Configure IP routing. Switch(config)#ip routing Step 2 : Create an SVI interface. Switch(config)#interface vlan vlan-id Step 3 : Assign an IP address to the SVI. Switch(config-if)#ip address ip-address mask Step 4 : Configure the IP routing protocol if needed. Switch(config)#router ip_routing_protocol <options>

Routed Ports on a Multilayer Switch (Cont.)

Routed Ports on a Multilayer Switch Physical switch port with Layer 3 capability Not associated with a VLAN Requires removal of Layer 2 port functionality Configure ip routing interface fa0/1 no switchport ip address 10.3.3.1 255.255.255.0 router eigrp 50 network 10.0.0.0

Configuring a Routed Port Step 1 : Configure IP routing. Switch(config)#ip routing Step 2 : Create a routed port. Switch(config-if)#no switchport Step 3 : Assign an IP address to the routed port. Switch(config-if)#ip address ip-address mask Step 4 : Configure the IP routing protocol if needed. Switch(config)#router ip_routing_protocol <options>

Summary SVI is a VLAN of switch ports represented by one interface to the routing system. Specific commands are used to configure and verify routing on multilayer switch interfaces. The interface vlan command creates the SVI. A routed port has Layer 3 attributes. A routed port requires the removal of Layer 2 port functionality with the no switchport command. To receive dynamic updates, a routing protocol is required.