1. Describing the STP

2. Enhancements to STP PortFast Per VLAN Spanning Tree+ (PVST+)
Rapid Spanning Tree Protocol (RSTP)
Multiple Spanning Tree Protocol (MSTP)
MSTP is also known as Multi-Instance Spanning Tree Protocol (MISTP) on Cisco Catalyst 6500 switches and above
Per VLAN Rapid Spanning Tree (PVRST)

3. Describing PortFast

4. Configuring PortFast Configuring Verifying
spanning-tree portfast (interface command) or
spanning-tree portfast default (global command)
enables PortFast on all nontrunking ports
Verifying
show running-config interface fastethernet 1/1

5. Rapid Spanning Tree Protocol

6. RSTP Port States

7. Port Included in Active Topology? Port Learning MAC Addresses?
RSTP Port States
Port Included in Active Topology?
Port Learning MAC Addresses?
STP Port State
RSTP Port State
Disabled
Discarding No No
Blocking
Discarding No No
Listening
Discarding No No
Learning
Learning No
Yes
Forwarding
Forwarding
Yes No

8. RSTP Port Roles

9. What Are Edge Ports? Will never have a switch connected to it
Immediately transitions to forwarding
Functions similarly to PortFast
Configured by issuing the spanning-tree portfast command

10. RSTP Link Types Slide 2 of 2
Emphasize: What will happen if switch X fails?
Switch Y will detect the missing BPDU from switch X in 20 seconds (max. age timer), then recalculate the Spanning Tree Protocol.
After the network converges, switch Y will be the root bridge, and all its ports will transit to the forwarding states (DP) 30 seconds after the max. age timer expires.

11. RSTP BPDU Flag Byte Use

12. RSTP Proposal and Agreement Process

13. Downstream RSTP Proposal and Agreement
Root and switch A synchronize.
Ports on A come out of sync.
Proposal or agreement takes place between A and B.

14. RSTP Topology Change Mechanism

15. PVRST Implementation Commands
Configuring
spanning-tree mode rapid-pvst
Verifying
show spanning-tree vlan 101
Debugging
debug spanning-tree

16. How to Implement Rapid PVRST

17. Verifying PVRST Display spanning tree mode is set to PVRST.
Switch# show spanning-tree vlan 30
VLAN0030
Spanning tree enabled protocol rstp
Root ID Priority 24606
Address 00d0.047b.2800
This bridge is the root
Hello Time 2 sec Max Age 20 sec Forward Delay 15 sec
Bridge ID Priority (priority sys-id-ext 30)
Aging Time 300
Interface Role Sts Cost Prio.Nbr Type
Gi1/1 Desg FWD P2p
Gi1/2 Desg FWD P2p
Gi5/1 Desg FWD P2p
Display spanning tree mode is set to PVRST.

18. Summary
RSTP provides faster convergence than 802.1D STP when topology changes occur.
RSTP defines three port states: discarding, listening, and forwarding.
RSTP defines five port roles: root, designated, alternate, backup, and disabled.
Edge ports forward while topology changes occur.
RSTP makes use of two link types–P2P and shared.
802.1w uses the BPDU differently from 802.1D.
Convergence results from the proposal and agreement process conducted switch by switch.
The RSTP topology change notification process differs from 802.1D.
Various commands are used to configure and verify PVRST.
PVRST enables RSTP while still maintaining PVST.

19. Implementing MSTP

20. Multiple Spanning Tree Protocol
Instance 1 maps to VLANs 1–500
Instance 2 maps to VLANs 501–1000

21. MST Regions MST configuration on each switch: Name Revision number
VLAN association table

22. Extended System ID in Bridge ID Field

23. Interacting Between MST Regions and 802.1D

24. Configuring MSTP Enters MST configuration submode
Switch(config)#spanning-tree mst configuration
Enters MST configuration submode
Switch(config-mst)#name name
Sets the MST region name
Switch(config-mst)#revision rev_num
Sets the MST configuration revision number
Switch(config-mst)#instance inst vlan range
Maps the VLANs to an MST instance
Switch(config-mst)#spanning-tree mst instance_number root primary|secondary
Establishes primary and secondary roots for MST instance

25. Verifying MSTP
Switch#show spanning-tree mst configuration
Displays MSTP configuration information
Switch#show spanning-tree mst configuration Name [cisco] Revision 1 Instance Vlans mapped

26. Verifying MSTP (Cont.)
Switch#show spanning-tree mst instance_number
Displays configuration information for a specific MSTP instance
Switch#show spanning-tree mst 1 ###### MST vlans mapped: Bridge address 00d0.00b priority (32768 sysid 1) Root this switch for MST01 Interface Role Sts Cost Prio.Nbr Status Fa4/ Back BLK P2p Fa4/ Desg FWD P2p Fa4/ Boun FWD P2p Bound(STP)
Switch#clear spanning-tree detected-protocols [interface interface-id]
Forces renegotiation with neighboring switches during migration process

27. Summary
MSTP reduces the encumbrance of PVST by allowing a single instance of spanning tree to run for multiple VLANs.
An MST region is a group of MSTP switches that appears as a single virtual bridge to adjacent CST and MSTP regions.
Extended system ID ensures that VLAN ID or MSTP instance can be carried in the Bridge ID field of a BPDU.
An MSTP region requires an IST and an arbitrary number of MSTP instances as it connects to an 802.1Q network at the MST region border.
MSTP is configured with a unique set of commands.
MSTP implementation requires configuration and verification using specific configuration and show commands.

28. Configuring Link Aggregation with EtherChannel

29. EtherChannel Logical aggregation of similar links Load balances
Viewed as one logical port
Redundancy

30. Dynamic Trunk Negotiation Protocols
PAgP
Cisco proprietary
LACP
IEEE 802.3ad standard

31. About EtherChannel Configuration Commands
Configure PAgP
interface port-channel {channel-group-number}
channel-protocol pagp
channel-group 1 mode {mode}
Verify
show interfaces fastethernet 0/1 etherchannel
show etherchannel 1 port-channel
show etherchannel 1 summary

32. Configuring Layer 2 EtherChannel
Switch(config)#interface range interface slot/port - port
Specifies the interfaces to configure in the bundle
Switch(config-if-range)#channel-protocol {pagp | lacp}
Specifies the channel protocol—either PAgP or LACP
Switch(config-if-range)#channel-group number mode {active | on | auto | desirable | passive}
Creates the port-channel interface and places the interfaces as members

33. Configuring Layer 3 EtherChannel
Switch(config)#interface port-channel port-channel-number
Creates a port-channel interface
Switch(config-if)#no switchport
Switch(config-if)#ip address address mask
Specifies L3 and assigns an IP address and subnet mask to the EtherChannel
Switch(config)#interface interface slot/port
Specifies an interface to configure
Switch(config-if)#no switchport
Switch(config-if)#channel-group number mode {auto | desirable | on}
Configures the interface as L3 and specifies the port channel and the PAgP mode

34. Verifying EtherChannel
Switch#show running-config interface port-channel num
Displays port-channel information
Switch#show running-config interface interface x/y
Displays interface information
Switch#show run interface port-channel 1
Building configuration...
Current configuration : 66 bytes !
interface Port-channel1
switchport mode dynamic desirable
end
Switch#show run interface gig 0/9 Building configuration...
Current configuration : 127 bytes !
interface GigabitEthernet 0/9
switchport mode dynamic desirable
channel-group 2 mode desirable
channel-protocol pagp
end
interface Port-channel2
switchport trunk encapsulation dot1q
switchport mode trunk
switchport nonegotiate
no ip address !
interface GigabitEthernet0/9
description DSW121 0/ DSW122 0/9-10
duplex full
speed 100
channel-group 2 mode desirable
interface GigabitEthernet0/10

35. Verifying EtherChannel (Cont.)
Switch#show interfaces gigabitethernet 0/9 etherchannel
Port state = Up Mstr In-Bndl
Channel group = Mode = Desirable-Sl Gcchange = 0
Port-channel = Po GC = 0x Pseudo port-channel = Po1
Port index = Load = 0x00
Flags: S - Device is sending Slow hello. C - Device is in Consistent state.
A - Device is in Auto mode P - Device learns on physical port.
d - PAgP is down.
Timers: H - Hello timer is running Q - Quit timer is running.
S - Switching timer is running. I - Interface timer is running.
Local information:
Hello Partner PAgP Learning Group
Port Flags State Timers Interval Count Priority Method Ifindex
Gi0/9 SC U6/S7 H s Any
Partner's information:
Partner Partner Partner Partner Group
Port Name Device ID Port Age Flags Cap.
Gi0/9 DSW e Gi0/ s SC
Age of the port in the current state: 00d:20h:00m:49s

36. Guidelines for Configuring EtherChannel

37. Guidelines for Configuring EtherChannel (Cont.)

38. EtherChannel Guidelines
Switch#show run
interface FastEthernet0/9
description DSW121 0/ DSW122 0/9-10
switchport trunk encapsulation dot1q
switchport trunk allowed vlan 1,21-28
switchport mode trunk
switchport nonegotiate
duplex full
speed 100
channel-group 2 mode desirable !
interface FastEthernet0/10

39. EtherChannel Load Balancing
Switch(config)# port-channel load-balance src-mac

40. Configuring EtherChannel Load Balancing
Switch(config)#port-channel load-balance type
Configures EtherChannel load balancing
Switch#show etherchannel load-balance Source XOR Destination IP address

41. Summary
EtherChannel increases bandwidth and provides redundancy by aggregating individual links between switches.
EtherChannel can be dynamically configured between switches using either PAgP or LACP.
Etherchannel is configured and verified using a variety of show commands.
Best practices should be followed for EtherChannel configuration.
EtherChannel load balances traffic over all the links in the bundle.

42. Implementing Inter-VLAN Routing

43. Problem: Isolated Broadcast Domains
Purpose: This slide poses the problem of communicating between VLANs.
Emphasize:
Point out that VLANs, by their nature, are designed to keep data from traversing the VLAN borders.
However, end users stations need to communicate with entities outside the VLAN borders.
Use the example of end users in one VLAN needed to communicate with enterprise servers residing in a VLAN across the network core.
Transition: Following introduces the solution.
Because of their nature, VLANs inhibit communication between VLANs.

44. Solution: Routing Between VLANs
Purpose: This slide introduces routers as the solution to inter-VLAN communications.
Emphasize:
In switched networks, route processors are used to provide communications between VLANs.
Before you can configure routing between VLANs, you must have defined the VLANs on the switches in your network.
Refer to the Cisco Internetworking Design Guide and appropriate switch documentation for information on these topics.
The Cisco Internetworking Design Guide is available from Cisco Press.
Inter-VLAN Routing is discussed in the Cisco IOS Switching Services Configuration Guide located on the Cisco Documentation CD-ROM.
Transition: Following begins the discussion of some problems that occur as result of inter-VLAN routing.
Communications between VLANs requires a Layer 3 services module.

45. Inter-VLAN Routing with External Router
Purpose: This slide discusses the solution of ISL.
Emphasize:
The Inter-Switch Link (ISL) protocol is used to inter-connect two VLAN-capable Fast Ethernet devices, such as the Catalyst or Cisco 7500 routers. The ISL protocol is a packet-tagging protocol that contains a standard Ethernet frame and the VLAN information associated with that frame.
ISL is currently supported over Fast Ethernet links, but a single ISL link, or trunk, can carry traffic from multiple VLANs.
The concept of ISL was discussed in the “Defining Common Workgroups” chapter. How to configure ISL links is discussed later in this chapter.
Discuss the example in the SG.
Transition: Following is a discussion of ISL links to single router.
Single trunk link carries traffic for multiple VLANs to and from router.

46. Inter-VLAN Routing External Router Configuration Commands
Configure on subinterface
encapsulation dot1Q (or isl) 10
ip address
Verify
show vlan 10
show ip route

47. Inter-VLAN Routing on External Router: 802.1Q Trunk Link
Purpose: This figure shows the configuration of the router on a stick.
Emphasize: Highlight the two different interconnecting networks, and

48. Inter-VLAN Routing on External Router: ISL Trunk Link
Purpose: This figure shows the configuration of the router on a stick.
Emphasize: Highlight the two different interconnecting networks, and

49. Verifying Inter-VLAN Routing
Purpose: This slide discusses the ping command.
Emphasize: Use the ping command to test connectivity to remote hosts.
The ping command will return one of the following responses:
Success rate is 100 percent or ip address is alive. This response occurs in 1 to 10 seconds, depending on network traffic and the number of ICMP packets sent.
Destination does not respond. No answer message is returned if the host does not
Unknown host. This response occurs if the targeted host does not exit
Destination unreachable. This response occurs if the default gateway cannot reach the specified network
Network or host unreachable. This response occurs if there is no entry in the route table for the host or network.
You can also test the routes packets will take from the route processor to a specific destination by using the trace ip destination command.
For more information on the trace ip command, refer to the Cisco IOS Release 12.0 Command Summary .
Transition: Following is the visual for the laboratory exercise.
The ping command tests connectivity to remote hosts.

50. Verifying the Inter-VLAN Routing Configuration
Router#show vlan
Displays the current IP configuration per VLAN
Router#show ip route
Displays IP route table information
Router#show ip interface brief
Displays IP address on interfaces and current state of interface

51. Explaining Multilayer Switching

52. Multilayer Switched Environment Conventional Environment
Defining Flows p3 p2 p1
Multilayer Switched Environment
Host A
Host B
Conventional Environment
First Packet 1
Host A
Host B 2
Subsequent Packets
Each packet of a traditional flow must be processed by the router
The first packet of an MLS flow is processed by the router; all subsequent packets are switched
Purpose: This page defines a flow.
Emphasize:
A flow is a specific conversation, consisting of many packets, between a network source and destination.
Actual network traffic consists of many end-to-end conversations, or flows, between users or applications.
The concept of flows is important because Catalyst family of multilayer switches maintains a Layer 3 switching table based on data flows.
Transition: Following discusses the Cisco devices that support MLS.

53. Layer 2 Switch Forwarding Process

54. Logical Packet Flow for a Multilayer Switch

55. Internal Router Processor Software/Hardware Requirements
Route Switch Module (RSM)
Cisco IOS™ Release 11.3(2)WA4(4) or Later
Purpose: This slide describes the hardware and software requirements when using a multilayer switch.
Emphasize:
Multilayer switching can be implemented by using a Layer 3 switch or an external router configuration.
An integrated, or Layer 3, switch contains a route switch module (RSM) and the NetFlow Feature Card (NFFC) and requires the following software and hardware:
Catalyst 2926G, 5000 or 6000 series switch with supervisor engine software Release 4.1(1) or later.
Cisco IOS router software Release 11.3(2)WA4(4) or later.
Supervisor Engine III, FSX, or III FLX module with a NetFlow Feature Card (NFFC) or NFFC II
Route Switch Module (RSM).
MLS is also supported on the following software and hardware:
Catalyst 5000 series switch with supervisor engine software Release 4.1(1) or later.(The RSFC is supported on the Catalyst 5000 only.)
Cisco IOS router software Release 12.0W5 or later.
Supervisor Engine IIG or IIIG with an RSFC daughter card.
Transition: Following identifies the equipment requirements for MLS when using an external router.
Catalyst 2926G, 5000, or 6000 Series Switch
Supervisor Engine III, FSX, III FLX, IIG, or IIIG Module
Supervisor Engine Software Release 4.1(1) or Later
NetFlow Feature Card (NFFC), NFFC II

56. MLS Components MLS-RP—Multilayer Switching Route Processor
MLS-SE—Multilayer Switching Switch Engine
RSM
Cisco 85xx
75XX
72XX
4XXX OR
MLSP—Multilayer Switching Protocol
Purpose: This slide identifies the major components in multilayer switching.
Emphasize:
The MLS-SE is the multilayer switching switch engine.
This switching entity handles the function of moving and rewriting the packets.
The MLS-SE is a NetFlow Feature card residing on a Supervisor III card in a Catalyst switch.
The MLS-RP is the route processor.
This component is an Route Switch Module (RSM) or an externally connected Cisco 7500, 7200, 4500, 4700, or 8500 series router with software that supports multilayer switching.
The MLS-RP sends MLS configuration information and updates, such as the router MAC address and Vlan number, flow mask, and routing and access list changes.
The MLSP is the multilayer switching protocol.
This protocol operates between the MLS-Switch Engine and MLS-Route Processor to enable multilayer switching.
The MLSP is the method in which the RSM or router advertises routing changes and the Vlans or MAC addresses of the interfaces that are participating in MLS.
Transition: Following begins the discussion of how an MLS-RP is made known in the network.
Multicast Hello Messages sent to MLS-SE by MLS-RP to Inform:
MAC addresses used on different VLANs
Routing/access—lists changes occurring on MLS-RP

57. MLS-RP Advertisement MLS-RP sends out multicast hello messages
Messages contain MAC, VLAN, and route information
Messages use the CGMP multicast well-known address
Purpose: This slide describes how the MLSP advertises an MLS-RP when it first starts up in the network.
Emphasize:
When an MLS-RP is activated in a campus network, the MLS-RP sends out multicast Layer 3-hello message every 15 seconds.
This hello message is sent using the MSLP.
This message is sent to all switches in the network and contains:
The MAC addresses used by the MLS-RP on its interfaces that are participating in MLS. The students will be able to view this information in the MLS cache later in this chapter.
Access-List Information. This information is used in flow mask identification and is discussed in detail later in this chapter.
Routing table updates and changes. How the MLS-SE handles this information is discussed later in this chapter.
MLSP uses the Cisco Group Management Protocol (CGMP) multicast address, ensuring interoperability with other Cisco switches.

58. Receiving MLSP Hello Messages
I am not a
Layer 3 Switch
but I will still
pass on the
message.
Hello Message
Hello Message
All switches receive the hello message
Layer 3 switches process the hello message
IP multicast passes transparently through non-Cisco switches
Purpose: This slide describes how the MLS-SE handles MSLP messages.
Emphasize:
All Cisco switches listen to the well-known multicast address and receive the hello message.
Only the switches that have Layer 3 capabilities process the hello message.
Those switches without Layer 3 capabilities pass these packets through to downstream switches.
When an MLS-SE receives the packet, the device extracts all the MAC addresses received in the packet along with the associated interface or VLAN ID for that address.
The MLS-SE records the addresses in the MLS-SE CAM table.
Transition: Following describes how the MLS-SE differentiates multiple routers.

59. Establishing an MLS Cache Entry
Candidate Packet
Source MAC = 0010.f663.d000
Destination MAC =
L3 Information
L2 Information
Source IP =
Destination IP = 2 3 4
Cache Entry? 1 A
0010.f663.d000 B
0090.b
The MLS-SE receives initial frame
The MLS-SE reads and recognizes the destination MAC Address
The MLS-SE checks the MLS cache for like entries
The MLS-SE forwards the frame to the MLS-RP 1
Purpose: This slide introduces the first packet in a flow.
Emphasize:
The MLS-SE maintains a cache for MLS flows and stores statistics for each flow.
The first packet in a flow is called a “Candidate” packet.
Step 1: The MLS-SE receives a candidate packet and looks at the destination MAC address in the frame. The switch recognizes the destination address of the packet as the address of the MLS-RP. This address was recorded in the CAM table when the switch received the MLSP hello message.
Step 2: The MLS-SE then checks the MLS cache to determine if an MLS flow is already established for this flow. Because this packet is the first packet in a flow, there will not be an entry in the cache.
Step 3: The switch creates an entry in the MLS cache and assigns an XTAG to this entry.
Step 4: The MLS-SE forwards the frame to the addressed router.
Transition: Following continues the discussion of how an MLS flow is established. 2 3 4

60. Establishing an MLS Cache Entry (cont.)
Source MAC =
Destination MAC = 0090.b
Enable Packet
Source IP =
Destination IP =
L3 Information
L2 Information 7 5 6 8 A
0010.f663.d000 B
0090.b
The MLS-RP receives the frame and consults the routing table
The MLS-RP rewrites the header with the new destination MAC address
The MLS-RP enters its own MAC address for the source address
The MLS-RP forwards the frame to the MLS-SE 5
Purpose: This slide discusses how the router handles the candidate packet.
Emphasize:
Step 5: The router receives the frame and consults the routing table.
Step 6: If the router finds the destination address in the routing table, the router constructs a new header, which now contains the MAC address of the destination host or next-hop router.
Step 7: The router also enters its own MAC address as the source MAC address.
Step 8: The router then returns the frame to the switch.
Transition: Following describes how the MLS-SE handles the returned frame. 6 7 8

61. Switching Subsequent Frames in a Flow
Incoming Frame
L3 Information
Source IP =
Destination IP =
Source IP =
Destination IP =
L3 Information
L2 Information
Rewritten Frame
Source MAC =
Destination MAC = 0090.b
L2 Information 13 15
Source MAC = 0010.f663.d000
Destination MAC = B A 16
0010.f663.d000
0090.b 14
Destination IP Source IP Port DstPrt SrcPrt Destination Mac Vlan Port
UDP b /9
MLS Cache Entry
The MLS-SE receives subsequent frames in the flow
The MLS-SE compares the incoming frame with the MLS cache entry
The MLS-SE rewrites the frame header
The MLS-SE forwards the frame to the destination 13 14 15 16
Purpose: This slide discusses how subsequent packets in the flow are handled.
Emphasize:
Step 13: The MLS-SE receives subsequent packets in the flow.
Step 14: The frames with that destination MAC address are compared against the entry in the MLS Cache.
Step 15: The switch performs a packet rewrite, based on information learned from the router (MLS-RP) and stored in the MLS cache
Step 16: The switch bypasses the router and sends the packet out the appropriate port to the destination.
The entry ages out of the cache when traffic for the flow ceases. The criteria for determining when an entry should be deleted is user configurable and is discussed later in this chapter.
Partial, or candidate, entries will remain in the cache for five seconds with no enabled entry before timing out.
The maximum MLS cache size is 128K.
An MLS cache larger than 32K may increase the probability that packets in a flow will be forwarded to the router.
Transition: Following begins the discussion of how to configure the MLS-RP.
Note The Catalyst 5000 series 24-port 10/100BaseTX and 12-port 100BaseFX Backbone Fast Ethernet switching modules (WS-X5225R and WS-X5201R) have onboard hardware that performs the packet rewrite, optimizing MLS performance.
When the MLS-SE receives the packet, it is formatted as follows:
The MLS-SE rewrites the Layer 2 frame header, changing the destination MAC address to the MAC address of Host B and the source MAC address to the MAC
address of the MLS-RP (these MAC addresses are stored in the MLS cache entry for this flow). The Layer 3 IP addresses remain the same, but the IP header Time to
Live (TTL) is decremented and the checksum is recomputed. The MLS-SE rewrites the switched Layer 3 packets so that they appear to have been routed by a router.
The MLS-SE forwards the rewritten packet to Host B's VLAN (the destination VLAN is saved in the MLS cache entry) and Host B receives the packet.
After the MLS-SE performs the packet rewrite, the packet is formatted as follows:
Frame Header
IP Header
Payload
Destination
Source
TTL1
Checksum2
Data
Checksum
Host B MAC
MLS-RP MAC
Host B IP
Host A IP
1The IP header TTL value is decremented by 1.
2The IP header checksum is recalculated.

62. IP Unicast Frame and Packet Rewrite
Incoming IP Unicast Packet
Rewritten IP Unicast Packet

63. Improving IP Routing Performance with MLS
In this section we discuss the following topics:
Multilayer Switching Fundamentals
Configuring the Multilayer Switch Route Processor
Applying Flow Masks
Configuring the Multilayer Switch Switching Engine
MLS Topologies
Topology Examples
Topology Quiz
Unsupported Topology
Topology Changes and Routing Impacts
Purpose: This slide states the module objectives.
Emphasize:
Read or state each objective so each student has a clear understanding of the module objectives.
At the end of this module, the students will be able to:
Configure an MLS-RP
Configure an MLS-SE
Using access lists, set a flow mask on the MLS-RP
Use IOS commands to verify the configuration on both the MLS-SE and MLS-RP
Transition: Following is a definition of a multilayer switching.

64. MLS Topology Example 1 MLS-RP R2 3 4 1 2 5 R1 6 MLS-SE 1 2 3 4 5 6B R2 R1 6
MLS-SE
Host A sends a packet to the default gateway
R1 rewrites the frame header to reflect the destination as the next-hop router (R2)
MLS-SE forwards the frame to R2
R2 rewrites the frame header to reflect the destination as Host B
MLS-SE forwards the frame to Host B
All subsequent frames are switched 1 2
Purpose: This slide describes a MLS configuration example.
Emphasis:
How routers and switches are placed in relationship to each other is critical to multilayer switching.
In this example, end Station A connects to the MLS-SE through router R2. Router R2 is not participating in MLS.
Station A wants to send information to B. Station A addresses the frame with the MAC address of R2 at Layer 2 because R2 is its default gateway.
To reach Station B, R2 has to use the next hop router R1. R2 rewrites its own MAC address in the source field of the frame header and writes the MAC address of R1 in the destination field.
MLS-SE detects the packet and recognizes the MAC address in the destination field. Because this is the first frame in the flow, the frame is sent to R1. The MLS-SE treats this frame as a candidate packet.
R1 rewrites with its own MAC address in the source field and the MAC address of end Station B in the destination field. The frame is returned to the switch
. The MLS-SE recognizes the source address and treats this frame as the enabling packet. Having established the Layer 3 entry now, all subsequent frames bypass R1 and go straight from Station A through R2, through the MLS-SE, and ultimately, to Station B.
Transition: The following discusses another MLS configuration. 3 4 5 6

65. MLS Topology Example 2 1 5 4 2 3 4 3 6 5 7 6 2 7 1 8 8 9 9 10 10 B A
MLS-RP
Host A sends a packet to the default gateway
MLS-SE1 forwards the frame to MLS-SE2
MLS-SE2 forwards the frame to MLS-SE3
MLS-SE3 forwards the frame to MLS-RP1
MLS-RP1 rewrites the frame header and forwards the frame to MLS-SE3
MLS-SE3 forwards the frame to MLS-SE2
MLS-SE2 forwards the frame to MLS-SE1
MLS-SE1 forwards the frame to Host B
All subsequent frames are switched through MLS-SE1
Entries in MLS-SE2 and 3 time out 1 4 5 2 3
MLS-SE3 10 4 3 6 5 10
MLS-SE2 7 6 2 A
MLS-SE1 B 7 1 8 8
Purpose: This slide describes a MLS configuration example where packets traverse multiple switches.
Emphasis:
This example describes multilayer switching in a configuration that contains external routers and a hierarchy of MLS-SEs. Both Station A and Station B are connected through MLS-SE 3. To communicate with Station B, Station A addresses the frame to the default gateway R1. MLS-SE 3 recognizes this frame as a candidate packet and a partial entry is created in the MLS cache of MLS-SE 3.
The frame is then sent to MLS-SE 2. MLS-SE 2 recognizes this frame as a candidate packet and a partial entry is created in the MLS cache of MLS-SE 2. This process is also repeated for MLS-SE 1.
MLS-SE 1 then sends the frame to R1. R1 rewrites the destination and source MAC addresses in the frame and sends the frame back to MLS-SE
The frame now meets the criteria of an enabling packet and the MLS entry is completed in the cache. This process is repeated in both MLS-SE 2 and MLS-SE 3 and the frame is sent to Station B.
A Layer 3 entry switches for the flow between Station A and Station B is established in all three switches. When subsequent packets in this flow come to MLS-SE 3, a match is found is found in the MLS cache and forwarded to Station B. MLS-SE 2 and MLS-SE 1 never receive subsequent frames in this flow and the entries in those MLS caches age out.
Transition: The following presents the last MLS configuration example. 9 9 10

66. Quiz: MLS Topology Example
MLS-RP
Port in Blocking State S1 X S2 S3 S4 S7 S5 S6 A B
Slide 1 of 2
Purpose: This slide describes an MLS configuration with multiple Layer 2 paths.
Emphasis:
This example illustrates MLS in a configuration where multiple Layer 2 paths exist between the source and destination devices and how spanning tree operates with this configuration.
As in the previous examples, communication is between Station A to Station B. From a spanning-tree perspective, the link between switches S2 and S3 is in blocking mode. Traffic from Station A to Station B takes the following path:
S4®S2®S1®R®S1®S3®S7®B
The first packet is forwarded along this path and candidate entries are established in S4, S2, and S1. Because this is the first packet in the flow, the frame is forwarded to R, rewritten with the appropriate source and destination headers, and returned to down to S1. The returning packet is the enabling packet, and the entry in the MLS cache of S1 is completed. The packet is then forwarded to S3, S7, and on to Station B. Subsequent packets in this flow are now Layer-3 switched at S1. Because S4 and S2 do not detect an enabling packet, candidate entries created in S4 and S2 age out of those MLS caches.
If switch S1 is not a Layer 3 switch, then the packets never bypass the router because it is the only switch that is positioned to detect both the candidate and the enabling packet.
Transition: The following completes the discussion of this configuration.
Original MLS path was A S4 S2 S1 S3 S7 B
Spanning tree blocked the link between S1 and S3
What is the next available MLS path?

67. Answer: MLS Topology Example
MLS-RP
Port in blocking state S1 X S2 S3 S4 S7 S5 S6 A B
Slide 1 of 2
Purpose: This slide describes an MLS configuration with multiple Layer 2 paths.
Emphasis:
Traffic from Host A to Host B takes the following path:
S4®S2®S1®R®S1®S3®S7®B
The first packet is forwarded along this path and candidate entries are established in S4, S2, and S1. Because this is the first packet in the flow, the frame is forwarded to R, rewritten with the appropriate source and destination headers, and returned to down to S1. The returning packet is the enabling packet, and the entry in the MLS cache of S1 is completed. The packet is then forwarded to S3, S7, and on to Host B. Subsequent packets in this flow are now Layer-3 switched at S1. Because S4 and S2 do not detect an enabling packet, candidate entries created in S4 and S2 age out of those MLS caches.
If switch S1 is not a Layer 3 switch, then the packets never bypass the router because it is the only switch that is positioned to detect both the candidate and the enabling packet.
Transition: The following completes the discussion of this topology.
First packet path = A S4 S2 S1 S2 S3 S7 B
Subsequent packet path = A S4 S2 S3 S7 B

68. Unsupported MLS Topology
VLAN41
VLAN42
RSM1
RSM2 A B
Purpose: This slide describes an unsupported MLS configuration where one switch does not detect both the candidate and enable packets.
Emphasis:
The previous examples discussed how MLS works in different topologies. The following examples examine where MLS does not work.
In this example, Station A communicates with Station B through the default gateway R1. Router R1 uses R2 as the next hop to route packets to Station B.
The first packet takes the following path
A®S1®R1®R2®S2®B
A candidate entry is created in S1; however, S1 never detects an enabling packet from R1, which would have completed the entry in the MLS cache. Multlayer switching can not occur in this example.
Transition: The following discusses an MLS solution to this configuration.

69. Unsupported MLS Topology—Solution 1
VLAN 41
VLAN 42
MLS-RP 1
MLS-RP 2
ISL Link
MLS-SE 1
MLS-SE 2
Purpose: This slide discusses an MLS solution to the previously described configuration.
Emphasis:
One solution for this topology is to configure an ISL link from MLS-RP1 to MSL-SE1. This ISL link would route for both VLANs 41 and 42.
With this modification, MLS-SE1 detects both the candidate and enable packet for the flow and a Layer 3 entry is established in the MLS cache of MLS-SE1.
Transition: The following discusses another solution to the unsupported MLS configuration. A B
Configure an ISL link from MLS-SE1 to MLS-RP1 to carry both VLAN41 and VLAN42

70. Unsupported MLS Topology—Solution 2
VLAN 41
VLAN 42
MLS-RP 1
MLS-RP 2
Link 1
Link 2
MLS-SE 1
MLS-SE 2
Purpose: This slide discusses another MLS solution to the previously described configuration.
Emphasis:
Another solution for topology is to add another link from R1 to S1. This new interface on R1 now routes for subnet B.
The first packet in a flow is sent from A to R1 over one interface and a partial entry is created in the MLS cache of S1. R1 modifies the packet header and sends the packet out the second interface to S1, completing the partial entry.
The packet is now forwarded from S1 to Station B by way of S2. Subsequent packets in this flow can now be Layer-3 switched in S1.
Transition: The following begins the discussion of how routing changes impact MLS cache entries. A B
Configure a second link from MLS-SE1 to MLS-RP1 to route for Subnet 42

71. CAM Table Requires an exact match on all bits
Matching is a binary operation: 0 or 1
Provides very high-speed lookups

72. TCAM Table Matches only significant values
Matches based on three values: 0, 1, or X (either)
Masks used to wildcard some content fields

73. Summary
A router on a stick can be used to route between VLANs using either ISL or 802.1Q as the trunking protocol.
A router on a stick requires subinterfaces, one for each VLAN.
Verify inter-VLAN routing by generating IP packets between two subnets.
Multilayer switches can forward traffic at both Layer 2 and Layer 3.
Multilayer switches rewrite the Layer 2 and Layer 3 header using tables held in hardware.

74. SVI on a Multilayer Switch
Configure
ip routing
interface vlan 10
ip address
router eigrp 50
network
Verify
show ip route

75. Configuring Inter-VLAN Routing Through an SVI
Step 1 : Configure IP routing.
Switch(config)#ip routing
Step 2 : Create an SVI interface.
Switch(config)#interface vlan vlan-id
Step 3 : Assign an IP address to the SVI.
Switch(config-if)#ip address ip-address mask
Step 4 : Configure the IP routing protocol if needed.
Switch(config)#router ip_routing_protocol <options>

76. Routed Ports on a Multilayer Switch (Cont.)

77. Routed Ports on a Multilayer Switch
Physical switch port with Layer 3 capability
Not associated with a VLAN
Requires removal of Layer 2 port functionality
Configure
ip routing
interface fa0/1
no switchport
ip address
router eigrp 50
network

78. Configuring a Routed Port
Step 1 : Configure IP routing.
Switch(config)#ip routing
Step 2 : Create a routed port.
Switch(config-if)#no switchport
Step 3 : Assign an IP address to the routed port.
Switch(config-if)#ip address ip-address mask
Step 4 : Configure the IP routing protocol if needed.
Switch(config)#router ip_routing_protocol <options>

79. Summary
SVI is a VLAN of switch ports represented by one interface to the routing system.
Specific commands are used to configure and verify routing on multilayer switch interfaces.
The interface vlan command creates the SVI.
A routed port has Layer 3 attributes.
A routed port requires the removal of Layer 2 port functionality with the no switchport command.
To receive dynamic updates, a routing protocol is required.