Routing and Switching

Dec 20 2008   6:33AM GMT

Cisco Etherchannel Overview and how it can be configured in Cisco Catalyst Switches – Series 2

Posted by: Yasir Irfan
Networking, Switches, Cisco, Switching, Routing and Switching, Cisco 2960, Cisco 2950, Cisco 6500, Cisco Tips, Cisco 3560, Cisco 3750-E, Cisco Systems, Etherchannel, Layer 2 Etherchannel, Layer 3 Etherchannel, Etherchannel configuration, Etherchannel restrictions

Dear Friends, in my previous post I just introduced Etherchannel, now let’s proceed one step ahead,  there are certain limits with the Etherchannel  lets figure out what are those  limits,

 

·         An Etherchannel  Group Number must be in the range of 1 to 256.

·         All ports in the target Etherchannel  group MUST be in the same VLAN.

·         If one physical link in the Etherchannel  group is a TRUNK, then all other ports must be configured as trunks carrying the same VLAN information.

·         Any defined broadcast limits must be the same across all ports in an Etherchannel.

·         An LACP Etherchannel  group cannot support any physical links in half duplex mode.

·         No port in the Etherchannel  group can be defined as a SPAN port.

Dec 15 2008   6:55AM GMT

Cisco Etherchannel Overview and how it can be configured in Cisco Catalyst Switches – Series 1

Posted by: Yasir Irfan
Networking, Switches, Cisco, IEEE, Switching, Routing and Switching, Cisco IOS, Cisco 6500, Cisco Tips, Etherchannel, Switching Secrets, 802.3ad, Kalpana, Layer 2 Etherchannel, Layer 3 Etherchannel, Etherchannel configuration, 10 GigaEtherchannel

Dear Friends in this upcoming series of posts I would like to concentrate on Etherchannel , what is Etherchannel? , what rules and restrictions are  applied to an Etherchannel and finally I will show you how to configure an Etherchannel in Cisco Switches both layer 2 as well as layer 3.

 

An Etherchannel combines multiple physical links into a single logical link that provides aggregate bandwidth of 800 MBPS (fast Etherchannel, full duplex) , 8 GBPS (Giga Etherchannel) or 80 Gbps (10 Giga Ethernet) . Ideal for load sharing or link redundancy – can be used by both layer 2 and Layer 3 subsystems and Etherchannel  can provide network managers with a reliable, high-speed solution for the campus network backbone. EtherChannel technology was invented by Kalpana in the early 1990s. They were later acquired by Cisco Systems in 1994. In 2000 the IEEE passed 802.3ad which is an open standard version of EtherChannel.

I would like to explain some key points about Etherchannel using graphical diagrams so that it’s easy understand and to remember.

 

Etherchannel  can be configured defined on Ethernet, Fast Ethernet, Giga Ethernet or 10 Giga Ethernet ports.

Dec 13 2008   6:27AM GMT

How to configure an interface to default settings in a Cisco Switch or a Cisco Router?

Posted by: Yasir Irfan
Switches, Cisco, Routers, Switching, Routing and Switching, Cisco IOS, Routing, Cisco 2960, Cisco 2950, Cisco 6500, Cisco Tips, Cisco 3560, Cisco 3745, Cisco 3750-E, Router Troubleshooting, Cisco 877W Router, Cisco 6500 Series Catalyst Switch, Cisco 6503, Cisco Catalyst 6503-E Switch, Cisco Catalyst 6506-E Switch, Cisco Catalyst 6509-V-E Switch, Cisco Catalyst 6509-E Switch, Cisco Catalyst 6513 Switch

This is a cool command to erase just the configuration for a particular interface in a Cisco Switch or a Cisco Router.

In the following example we will configure the interface fast Ethernet 0/9  to default configuration

Current Configuration for fast Ethernet 0/9  

ITKE-Cisco#sho running-config interface fastEthernet 0/9

Building configuration…

 

Current configuration : 85 bytes

!

interface FastEthernet0/9

 switchport access vlan 100

 switchport mode access

end

ITKE-Cisco

 

Now we will configure the fast Ethernet 0/9 to default configuration using the following command

“default interface fastEthernet 0/9” 

ITKE-Cisco#configure t

Enter configuration commands, one per line.  End with CNTL/Z.

ITKE-Cisco(config)#default interface fastEthernet 0/9

Interface FastEthernet0/6 set to default configuration

ITKE-Cisco(config)#

 

Running configuration for fast Ethernet 0/9 after configuring to default settings

ITKE-Cisco#sho running-config interface fastEthernet 0/9

Building configuration…

 

Current configuration : 68 bytes

!

interface FastEthernet0/9

 switchport mode dynamic desirable

end

 

ITKE-Cisco#

Dec 3 2008   5:58AM GMT

Switching Secrets for Multimedia by TechWise TV

Posted by: Yasir Irfan
Switches, Switching, Routing and Switching, VSS, Netflow, Cisco Learning, Cisco News, Cisco Systems, Cisco Events, Switching Secrets, Cisco Virtual Switching System, PISA, TechWise TV

Dear Friends here is one more opportunity from Cisco Systems TechWise TV which reveals how to use the techniques, tools and innovations you might already have to effectively support rich communication and full service video without adding bandwidth. 

Industry

Large Corporations Mid Size / Enterprise Business

Who Should Attend

Technology decision makers.

Details

TechWiseTV Switching Secrets for Multimedia Thursday, December 18, 2008, 10–11 a.m. Pacific Time, 1–2 p.m. Eastern Time As networks become vital for connecting people and processes, full-service video and other rich media communications are quickly gaining adoption. In this environment, your network foundation becomes more important than ever. This TechWiseTV episode will show you how to make the most of the switching technologies you might already have to achieve the performance you need. Carl Solder, Cisco Distinguished Marketing Engineer and one of only four Distinguished Switch Engineers in the world, joins TechWiseTV to reveal the valuable techniques, tools, and innovations that can help you make the most of your switching investments. Discover how rich multimedia is affecting switch and network design. Find out how to architect a real-time network to support rich communication and full-service video through extensive whiteboarding sessions. Learn the most overlooked and underpublicized secrets for effective core security as well as:   How to use Generic Online Diagnostics (GOLD), NetFlow, and other built-in tools to identify and eliminate the sources of jitter   What makes a switch truly “stackable” and why the distinction is vitally important   How to use the Programmable Intelligent Services Accelerator (PISA) to achieve effective Layer 4–7 security   How to take advantage of the Cisco Virtual Switching System (VSS) to maximize availability, scalability, management, and ease of maintenance Live Q&A Our expert guests will be available to answer your switching questions during the broadcast.

Agenda

Segment 1: “A Switch Is Just a Switch, Right?” Segment 2: Enhancing Core Security Segment 3: Maximizing Redundancy Segment 4: Switch and Network Design for Rich Media

Cisco only privacy policy: You are being invited to attend a Cisco-sponsored event. By providing your contact details, a representative may contact you regarding this event. All personal information will be handled in accordance with Cisco’s privacy notice. http://www.cisco.com/en/US/swassets/sw293/privacy_statement.html

 

Register

Nov 22 2008   12:56PM GMT

How to configure DHCP Snooping in a Cisco Catalyst Switches.

Posted by: Yasir Irfan
Networking, DHCP, Switches, Cisco, Switching, Routing and Switching, CCNP, Cisco IOS, Cisco 2960, Cisco 2950, HSRP, Cisco 6500, Cisco Tips, Cisco 3560, Cisco Learning, Server Security, Cisco 3750-E, Cisco 3560-E, IOS commands, Cisco Systems, Cisco 6500 Series Catalyst Switch, Cisco 6503, Cisco Catalyst 6503-E Switch, Cisco Catalyst 6506-E Switch, Cisco Catalyst 6509-V-E Switch, Cisco Catalyst 6509-E Switch, Cisco Catalyst 6513 Switch, DHCP Snooping, Configuring DHCP Snooping, 802.1 Q, Trunk Ports

 So here we go, with the configuration of DHCP snooping on a Cisco Switch. This feature protects the network by allowing the Cisco Switches to accept DHCP response message only from the authorized servers connected to the trusted interfaces in a Cisco Switch.

All Switch to  Switch connections are configured as 802.1 1Q Trunk ports.

IP Address and HSRP Details for the Core Switches  From the above scenario we have two Cisco 6513 Series Switches as a Core/ Distribution with three VLANS one for management of Switches VLAN 50,VLAN 100 for all the servers and VLAN 101 for clients. Two Cisco 3560 Series Switches as Server Farm Switches and a Cisco 3560 Series Switch as an Access Switch.There are two DHCP servers with an IP address 10.0.1.100 and 10.0.1.101 connected with Server Farm Switches with HP NIC teaming. We configure DHCP Snooping based on above scenario. 

The first step to configure DHCP Snooping is to turn on DHCP snooping in all Cisco Switches using the “ip dhcp snooping” command. 

All Cisco Switches (config)#ip dhcp snooping  Second step is to configure the trusted interfaces, from the above scenario all trunk ports are configured as trusted ports as well as the interfaces G0/7,(ITKESF01 50.0.0.6),  G0/17,(ITKESF02 50.0.0.7),  G0/9 ITKESF01 50.0.0.6)  and G0/18 ITKESF02 50.0.0.7)  connected to DHCP servers with IP 10.0.1.100 and 10.0.1.101. Lets configure all trunk ports in ITKEBB01 

ITKEBB01(config)#interface range  gigabitEthernet 3/21 - 23

ITKEBB01 (config-if)#ip dhcp snooping trust 

Now let’s configure all trunk ports in ITKEBB02 

ITKEBB02(config)#interface range  gigabitEthernet 3/21 - 23 ITKEBB02 (config-if)#ip dhcp snooping trust 

ITKEBB02 (config)#interface gigabitEthernet 3/16

ITKEBB02 (config-if)#ip dhcp snooping trust 

Now let’s configure the trusted ports for the DHCP servers  

ITKESF01(config)#interface gigabitEthernet 0/7

ITKESF01 (config-if)#ip dhcp snooping trust 

ITKESF01(config)#interface gigabitEthernet 0/17 ITKESF01 (config-if)#ip dhcp snooping trust 

ITKESF02(config)#interface gigabitEthernet 0/9

ITKESF02 (config-if)#ip dhcp snooping trust 

ITKESF02(config)#interface gigabitEthernet 0/18 ITKESF02 (config-if)#ip dhcp snooping trust 

Now let’s configure the trunk ports  Access Switch ITKEAS01 

ITKEAS01(config)#interface range  gigabitEthernet 0/49 - 52

ITKEAS01 (config-if)#ip dhcp snooping trust 

Finally we are going to configure VLANS for DHCP snooping DHCP snooping will used on all the VLANs (VLAN 100 & 101)except management VLAN 50 . Also we will limit the requests rate received in the Access Switch (ITKEAS01)  ALL SWITCHES(config)# ip dhcp snooping VLAN 100,101 

ITKEAS01(config)#interface range  gigabitEthernet 0/1 - 48

ITKEAS01 (config-if)#ip dhcp snooping limit rate 20

Displaying the DHCP snooping  

For further reference please do check this article from Cisco about DHCP snooping.

Nov 17 2008   5:16AM GMT

In which slot shall we install the Supervisor Engine in Cisco 6500 Series Catalyst Switches -Series2

Posted by: Yasir Irfan
Switches, Cisco, Switching, Routing and Switching, Cisco 6500, Cisco Tips, Network Troubleshooting, Cisco Systems, Cisco 6500 Series Catalyst Switch, Cisco Catalyst 6506-E Switch, SUP720, Supervisor Engine

Dear Friends in one of my previous post I did explained in which slot the Supervisor Engine SUP720  to be installed in a Cisco 6500 Series Switches. Now let’s proceed further and figure out in a Cisco Catalyst 6506-E Switch, in a Cisco Catalyst 6506-E Switch the  Supervisor Engine SUP720 is either installed in slot 5 or 6.

Nov 12 2008   12:56PM GMT

Solution for %IP-4-DUPADDR: Duplicate address error log in your Cisco 6500 Switches running HSRP

Posted by: Yasir Irfan
Switches, Cisco, Switching, Routing and Switching, Cisco IOS, WebEx, Hot Standby Router Protocol, HSRP, Cisco 6500, Cisco Tips, Cisco Learning, Network Troubleshooting, Cisco Systems, Cisco 6500 Series Catalyst Switch, Cisco Catalyst 6513 Switch, Cisco Support, TAC

Dear Friends In my previous post I was talking about the HSRP error generated in Cisco 6513 Switches with a Duplicate IP Address. I did open a TAC case with Cisco Systems. I should first of all salute Cisco for the great support to solve this issue.  Cisco TAC Engineer Mr. Pradeep was in constant touch with me in this case to resolve the issue. The best part of their support is the use of technology. Mr. Pradeep initiated a Web Ex meeting with me and spent more than hour to check step by step.  He helped me a lot and did learned lot of things from Cisco TAC team, like how to approach the problem and what measures should be taken to trouble shoot any problem. Finally we came to the conclusion there are no bugs or errors in the IOS we are using. There are no problems either in hardware or in the current configuration.I would like to quote the solution provided Mr. Pradeep TAC Engineer, Cisco Systems “Let me summarize this issue. You told me that there is one Trojan affected PC/ Host, which is connected to your access switch. Further, you got some duplicate IP address messages on your core switch. During troubleshooting, I have checked and verified that the Cisco’s Switches are working fine. Their configurations were correct. Generally duplicate IP addresses can be impounded by “broken HSRP links” or “incorrect DHCP pool configuration”, or by misconfiguration of switches or STP. I found that this entire setup is configured correctly. Furthermore, I would like to inform you that Cisco’s IOS cannot resolve Trojan issue on any PC. PC has got its own Operating System, and IOS can work only and only on “Cisco’s device”

 So now it’s quite clear if you face this kind of problem make sure the infected PC is removed from the network and make sure it s free from any sort of Trojans or Virus.

Nov 9 2008   6:51AM GMT

Don’t panic whenever you see %IP-4-DUPADDR: Duplicate address error log in your Cisco 6500 Switches running HSRP

Posted by: Yasir Irfan
Networking, Switches, Cisco, Switching, Routing and Switching, Hot Standby Router Protocol, HSRP, Cisco 6500, Cisco Tips, Network Troubleshooting, Trojan, Cisco Systems, Cisco 6500 Series Catalyst Switch, Cisco 6503, Cisco Catalyst 6503-E Switch, Cisco Catalyst 6506-E Switch, Cisco Catalyst 6509-V-E Switch, Cisco Catalyst 6509-E Switch, Cisco Catalyst 6513 Switch

If you are running HSRP and one of your VLAN is down and the following errors are generated in your Switch don’t panic. All this happens due the Trojans in the network.

MBGF-DAC-6500-BB01#sho log

Nov  9 07:54:21: %IP-4-DUPADDR: Duplicate address 10.12.0.2 on Vlan106, sourced by 000f.fe0a.1fbc

Nov  9 07:54:52: %IP-4-DUPADDR: Duplicate address 10.12.0.2 on Vlan106, sourced by 000f.fe0a.1fbc

Nov  9 07:55:22: %IP-4-DUPADDR: Duplicate address 10.12.0.2 on Vlan106, sourced by 000f.fe0a.1fbc

Nov  9 07:55:52: %IP-4-DUPADDR: Duplicate address 10.12.0.2 on Vlan106, sourced by 000f.fe0a.1fbc

Nov  9 07:56:11: %SEC-6-IPACCESSLOGS: list 12 permitted 10.0.0.1 256 packets

Nov  9 07:56:22: %IP-4-DUPADDR: Duplicate address 10.12.0.2 on Vlan106, sourced by 000f.fe0a.1fbc

Nov  9 07:56:52: %IP-4-DUPADDR: Duplicate address 10.12.0.1 on Vlan106, sourced by 000f.fe0a.1fbc

Nov  9 07:57:11: %SEC-6-IPACCESSLOGS: list 12 permitted 10.0.0.2 263 packets

Nov  9 07:57:11: %SEC-6-IPACCESSLOGS: list 12 permitted 10.0.0.7 200 packets

Nov  9 07:57:22: %IP-4-DUPADDR: Duplicate address 10.12.0.1 on Vlan106, sourced by 000f.fe0a.1fbc

Nov  9 07:57:52: %IP-4-DUPADDR: Duplicate address 10.12.0.2 on Vlan106, sourced by 000f.fe0a.1fbc

MBGF-DAC-6500-BB01#

Last week at 3 A.M I received a call from our Help Desk, stating our applications are not running in one our departments. I logged remotely to our Network and try figured out what is problem. Upon carefully looking at the logs in our Cisco 6513 core Switches I figured out a duplicate IP address is created which happens to be the Standby IP address for the Core Switch for HSRP.

I figured out the PC by looking the at mac address generated in the log and closed the network connection for that particular PC and the problem was solved.

If you face similar problems its better to change the HSRP Standby IP address in Core Switches and then try figure out the infected PC. Once the PC is figured out close the network connection and make sure the Trojans are removed. Upon cleaning the infected PC you can reconfigure the HSRP Standby IP address to the previous one.

Once I get the complete solution to fix this problem I will post it.

Oct 23 2008   9:16PM GMT

Cisco Reviles 360 Learning Program for CCIE Routing and Switching.

Posted by: Yasir Irfan
Cisco, Certifications, Switching, Cisco Certifications, Routing and Switching, CCIE, Routing, Cisco News, Cisco Systems, Cisco 360

The Cisco 360 learning program has been launched. What is it? Its Cisco authorized training for the CCIE Routing and Switching exam. The Cisco 360 learning program is designed to help Network professionals to transform into certified network experts.

 

Courtesy:Cisco

The Cisco 360 learning program for CCIE Routing and Switching begins with a four-hour pre-assessment for core routing and switching technologies, allowing organizations to send only qualified network professionals to the program. Once a candidate qualifies, students participate in a 360-degree learning experience that includes skills building, assessments, and mentoring to gain knowledge. Students and their managers can establish milestones and metrics through an online Learning Management System as the individual moves through the program.Students receive training and mentoring from the most proficient, expert-level instructors in the networking business today.

In addition, Cisco uses only authorized Cisco Learning Partners to deploy the new program. Trained and endorsed by Cisco for their competency and ability to deliver unprecedented expert-level training, Cisco Learning Partners are the only organizations to employ Certified Cisco Systems Instructors (CCSIs) and deliver Cisco authorized and approved content. The Cisco 360 Learning Program for CCIE Routing and Switching will be made available November 1, 2008, through select Authorized Cisco Learning Solution Partners and Cisco Learning Partners globally. Access the Cisco Learning Partner Locator here, November 1, 2008 to find an authorized Learning Partner in your region offering the program.

CCIE 360 Press Release