How I Got My CCNA @learnccna - Tumblr Blog

What is RootGuard?

Root Guard is used to prevent the down stream switch from becoming a root switch.

if the downstream port receives SUPERIOR a BPDU(which willl make a it a Root) then the port will turn into root-inconsistent state.

configuration

#sh spanning-tree

#config interface

(config-if)#spanning-tree guard root

it wont' show error disabled on the interface even though it's violated root guard, but it will still show up and connected

#sh spanning inconsistent

will display the inconsistent ports

#sh spanning vlan1

will show the vlan is in BKN(broken) mode

to fix it.. just to configure the higher priority to the root switch.

The BPDU guard feature is designed to allow network designers to keep the active network topology predictable. BPDU guard is used to protect the switched network from the problems that may be caused by the receipt of BPDUs on ports that should not be receiving them. The receipt of unexpected BPDUs may be accidental or may be part of an unauthorized attempt to add a switch to the network. BPDU guard is best deployed toward user-facing ports to prevent rogue switch network extensions by an attacker.

The root guard feature of Cisco switches is designed to provide a way to enforce the placement of root bridges in the network. Root guard limits the switch ports out of which the root bridge may be negotiated. If a root-guard-enabled port receives BPDUs that are superior to those that the current root bridge is sending, then that port is moved to a root-inconsistent state, which is effectively equal to an STP listening state, and no data traffic is forwarded across that port.

Because an administrator can manually set the bridge priority of a switch to zero, root guard may seem unnecessary. However, setting the priority of a switch to zero does not guarantee that switch will be elected as the root bridge because another switch could have a priority of zero and a lower MAC address, and therefore a lower Bridge ID.

Root guard is best deployed toward ports that connect to switches which should not be the root bridge.

#root guard

What is BPDU Guard, PortFast?

PortFast is only configured on End User Access Port.

and only switch/hub/router sends BPDUs

so when a PortFast Port receives a BPDU it will automatically error-disabled the port.

In Spanning Tree Protocol, only root bridge sends BPDUs, but in RSTP all the swtich sends BPDUs and if the swith missed 3 BPDU (2s/6s)the it's consider Dead on the network.

configuration

(config)#spanning-tree portfast

(config)#spanning-tree bpduguard

#PortFast #BPDU Guard #BPDU #STP

What's OSPF? Open Shorest Path First

What's HSRP? Hot Standby Router Protocol

- Failover protocol for setup default gateway amount routers.

- Cisco Proprietary

- its Fault-tolerant= Non-disruptive failover of IP traffic

- Using UDP port 1985

- HSRP sends hello message to 224.0.0.2(V1) 224.0.0.102(V2)

- Respond to ARP requests with the same mac address

- Virtual Router with a pre-defined gateway IP

- Not a routing protocol since it doesn't affect routing table and doesn't advertise IP routes

- Standby Timer

- Active Timer

- Higher Priority Wins

- Speak

- 0 Initial. This is the starting state and indicates that HSRP is not running. This state is entered via a configuration change or when an interface first comes up.

- 1 Learn. The router has not determined the virtual IP address, and not yet seen an authenticated Hello message from the active router. In this state the router is still waiting to hear from the active router.

- 2 Listen. The router knows the virtual IP address, but is neither the active router nor the standby router. It listens for Hello messages from those routers.

- 4 Speak. The router sends periodic Hello messages and is actively participating in the election of the active and/or standby router. A router cannot enter Speak state unless it has the virtual IP address.

- 8 Standby. The router is a candidate to become the next active router and sends periodic Hello messages. Excluding transient conditions, there MUST be at most one router in the group in Standby state.

- 16 Active. The router is currently forwarding packets that are sent to the group's virtual MAC address. The router sends periodic Hello messages. Excluding transient conditions, there MUST be at most one router in Active state in the group.

#HSRP #Hot Standby Router Protocol

What's UDLD? Unidirectional Link Detection

Unidirectional?It means sending packects more than two ways!

Summary:

It is a layer two protocol (Data Link Layer)

Goals and Purposes

-Eliminate Loops

-Detects broken unidirectional link e.g. transmitted packets do not arrive at the receiver, or the fibers are connected to different ports

Functions

-Complements to STP

-Only exchange packets between neighboring device

-UDLD Timer

-When the port does not see the packet from neighboring device for specific duration of time, the link is considered unidirectional

Broken

-Once it's Unidirectional, the repective port is disabled, and Message will print on the consolde: "UDLD-3-DISABLE: unidirectional link detected on port 1/2. Port Disabled"

UDLD Packets

For each device and for each port, a UDLD packet is sent to the port it links to:

-Contains sender ID(Device and Port)

-Expected Receiver ID(Device and port)

-Each port then checks the UDLD packet it received for it's own device and port ID

Modes

Normal

Aggressive

-Adds two more functions detection:

1. Link is up on both side, but on one side of the port not sending and receiving packet

2. Link is up on one side but down on the other, Up on local, Down on Remote side.

Commands

These commands detail the UDLD configuration on Catalyst switches that run CatOS. UDLD needs to first be enabled globally (default is disabled) with this command:

Vega> (enable) set udld enable UDLD enabled globally

Issue this command: to verify whether the UDLD is enabled

Vega> (enable) show udld UDLD: enabled Message Interval: 15 seconds

UDLD also needs to be enabled on necessary ports with this command:

Vega> (enable) set udld enable 1/2 UDLD enabled on port 1/2

Issue the show udld port command to verify whether UDLD is enabled or disabled on the port and what the link state is:

Vega> (enable) show udld port UDLD : enabled Message Interval : 15 seconds Port Admin Status Aggressive Mode Link State -------- ------------ --------------- ---------------- 1/1 enabled disabled undetermined 1/2 enabled disabled bidirectional

Aggressive UDLD is enabled on a per-port basis with the set udld aggressive-mode enable <module/port> command:

Vega> (enable) set udld aggressive-mode enable 1/2 Aggressive UDLD enabled on port 1/2. Vega> (enable) show udld port 1/2 UDLD : enabled Message Interval : 15 seconds Port Admin Status Aggressive Mode Link State -------- ------------ --------------- ---------------- 1/2 enabled enabled undetermined

Issue this command to change the message interval:

Vega> (enable) set udld interval 10

#UDLD

The Blog Journey of My CCNA Certificate

From May 10th, 2012:

I will Blog my Journey to get my Enable exam and eventually get my CCNA Certificate

Trending Blogs

Recently Viewed Blogs

How I Got My CCNA