Interesting Facts

Author:

Navneet Gaur

Date:

November 2013

Description:

Interesting facts that do not fit into a specific category

Note 1

How to stop notifications, that are generated when I

edit any one of the pre-existing documents
https://learningnetwork.cisco.com/
message/406093

Note 2

To view the included images clearly, click on them

Note 3

Irrespective of the dates of edit, Cisco Learning

Network maintains the history and keeps each edited
version in its database for later reference

Note 4

Index of all my documents

Table of contents:
1. Wildcard Masks vs Subnet Masks - The reason for using both
2. Wildcard Masks in access lists - discontinuous series of 0s and 1s
3. Binary Math Part I & II by Scott Morris - hyperlinks
4. Wildcard Masks - The Logic
5. Extended VLANs and the VLAN.DAT file - The Mystery
Update - Point 4 added on 18 Feb 2015
6. Mismatched VTP domains on a trunk link - What if ?
Updated on 09 Feb 2014
7. VTP vrersion 1 & 2

1. Wildcard Masks vs Subnet Masks - The reason for using both

1. Subnet masks, as well as wildcard masks have the same purpose. That is, to fine tune the selection of
network numbers or Ip address'.
So why use both - when only one would serve the purpose ?
2. The reason for using wildcard masks has already been clarified by Scott Morris in the thread
https://learningnetwork.cisco.com/thread/3194?start=0&tstart=0

2015 Cisco and/or its affiliates. All Rights Reserved.

This document is Cisco Public Information.

Generated on 2015-03-28-07:00
1

Interesting Facts

3. The gist is, it is easier to code the NAND gate in assembler than the AND gate.
4. This implies that, in programming, it is easier to implement wildcard logic than the AND logic used by subnet
masks.
5. It is also important to note that initially subnet-masks were not required - at the time of classfull ip
addressing.
5. However, access lists were present. And access lists needed some way of defining the boundaries.
6. So, due to the ease of programming logic, as stated in 'point 4' previously, wildcard masks were used with
access lists.
7. However, when the concept of subnetting was introduced, it was logical to extend pre-defined network
masks as they were, in to subnet masks.
8. And so we ended up with wildcard masks for access-lists and subnet masks for ip addressing.

2. Wildcard Masks in access lists - discontinuous series of 0s and 1s

1. Wildcard masks are used in two different ways.

With routing protocols - they have to be a continuous series of 0s followed by continuous series of 1s
With access-lists - they can be discontinuous series of 0s and 1s

Example:
Lets say we have to permit the following networks using access lists.
204.85.0.0 / 16
220.117.0.0 / 16
Normally it would require two different statements as a single statement would include too many networks.
However, we could also follow the logic as stated below:

Decimal

Binary

Decimal

Binary

204

11001100

85

01010101

220

11011100

117

01110101

2015 Cisco and/or its affiliates. All Rights Reserved.

This document is Cisco Public Information.

Generated on 2015-03-28-07:00
2

Interesting Facts

Mask

00010000

00100000

5. So for the first octet we have:

Ip 204
wildcard mask 16 to ignore the 5th bit

For second octet:

Ip 85
wildcard mask 32 to ignore the 6th bit

6. Now the access list statement can be shortened to a single line as follows:
access-list 1 permit 204.85.0.0 16.32.255.255
The wildcard mask in binary would be '00010000.00100000.11111111.11111111', which is not a continuous
series of 1's and 0's.

3. Binary Math Part I & II by Scott Morris - hyperlinks

http://blog.ine.com/2008/09/15/binary-math-part-i/
http://blog.ine.com/2008/11/03/binary-math-part-ii/

4. Wildcard Masks - The Logic

1. Wildcard masks use a logic of boolean OR
2. This logic states, as long as one of the two variables is 1, the result is 1
0 OR 0 - 0
0 OR 1 - 1
1 OR 0 - 1
1 OR 1 - 1
3. Example 1:

2015 Cisco and/or its affiliates. All Rights Reserved.

This document is Cisco Public Information.

Generated on 2015-03-28-07:00
3

Interesting Facts

Octet 1
Octet 3

2
Row 1

10.10.1.0

00001010
00000001

Row 2

.
.

Octet
Octet 4

00001010
00000000

Insert any ip that needs to be

evaluated against the list - here

Row 3

0.0.0.255

00000000
00000000

.
.

00000000
11111111

Row 4

Result of OR logic
between R1 & R3

00001010
00000001

.
.

00001010
11111111

Row 5

In Binary

10
.

.
.

10
255

4. Here is the logic - as long as the result from calculation between

new value to be compared in 'Row 2'
and wildcard mask in 'Row 3'
is equal to predetermined result in 'Row 4/5', a match would be assumed.

5. It is easy to see, that the result will be "10.10.1.255" as long as

the first three octets in 'Row 1' are exactly 10.10.1 - any variation here will modify the result
the fourth octet in 'Row 1' can be of any value - since the wildcard mask in 'Row 3' will force the
result to be - 255
that covers the ip address range of 10.10.1.0 to 10.10.1.255

6. Example 2:

Case 1

Case 2

10.10.1.0

00001010 . 00001010 .
00000001 . 00000000

10.10.1.0

00001010 . 00001010 .
00000001 . 00000000

0.0.0.255

00000000 . 00000000 .
00000000 . 11111111

0.0.0.3

00000000 . 00000000 .
00000000 . 00000011

OR logic

00001010 . 00001010 .
00000001 . 11111111

Result

10
.

.
1

10
255

2015 Cisco and/or its affiliates. All Rights Reserved.

This document is Cisco Public Information.

00001010 . 00001010 .
00000001 . 00000011

10
.

.
1

10
3

Generated on 2015-03-28-07:00
4

Interesting Facts

Case 1 - the possible Ip's that are matched so that the result is 10.10.1.255 are from 10.10.1.0 to
10.10.1.255

Case 2 - the possible Ip's that are matched so that the result is 10.10.1.3 are from 10.10.1.0 to
10.10.1.3

Any address range beyond that will result in mismatch

Our matches are limited to 10.10.1.0, 10.10.1.1, 10.10.1.2 and 10.10.1.3

5. Extended VLANs and the VLAN.DAT file - The Mystery

Summarization of important points:

File

Information

Running configuration

Port - Vlan association

Running configuration

Vlan information

Specifics

Defaults

Extended Vlans - 1006 to

4094

Only in VTP transparent

mode

Standard Vlans - 2 to
1001
Vlan.Dat

Vlan information

Only standard Vlans - 1 to

1005

Vlan.Dat

VTP information

Switch mode - Server,

Client or Transparent

Default - Server

VTP information

VTP domain name &

password

Default - -null-

Vlans Displayed

Display the Vlan

information from:

VTP Mode Server / Client

Only Vlan.dat

Running configuration
after merging the information contained in Vlan.dat

2015 Cisco and/or its affiliates. All Rights Reserved.

This document is Cisco Public Information.

VTP Mode Transparent

Generated on 2015-03-28-07:00
5

Interesting Facts

Point 1
The port to vlan association is stored in running configuration.
Vlan.dat does not carry this information.

Result:
If running configuration is not saved, the switch will reset all the ports back to VLAN 1 on reboot, or as they
were specified in the startup configuration.
Sw-1#show running configuration
------output omitted----interface FastEthernet0/1
! No Vlan information equals default Vlan 1
no ip address
!
interface FastEthernet0/2
! Vlan information
switchport access vlan 2
no ip address
-------output omitted------

Example:
Stage 1
Default configuration
SW-1#show vlan brief
VLAN Name
Status
Ports
---- -------------------------------- --------------------------------------1 default
active Fa0/1, Fa0/2, Fa0/3, Fa0/4
Fa0/5, Fa0/6, Fa0/7, Fa0/8
Fa0/9, Fa0/10, Fa0/11, Fa0/12
Fa0/13, Fa0/14, Fa0/15, Fa0/16
Fa0/17, Fa0/18, Fa0/19, Fa0/20
Fa0/21, Fa0/22, Fa0/23, Fa0/24
Gi0/1, Gi0/2
1002 fddi-default
act/unsup
1003 token-ring-default
act/unsup
1004 fddinet-default
act/unsup
1005 trnet-default
act/unsup

2015 Cisco and/or its affiliates. All Rights Reserved.

This document is Cisco Public Information.

Generated on 2015-03-28-07:00
6

Interesting Facts

Stage 2
Transfer ports FastEthernet 0/1 - 0/8 to vlan 10
SW-1#configure terminal
SW-1(config)#interface range fastEthernet 0/1 - 8
SW-1(config-if-range)#switchport access vlan 10
SW-1(config-if-range)#end
SW-1#show vlan brief
VLAN Name
Status
---- -------------------------------- --------1 default
active

10 VLAN0010

active

Ports
------------------------------Fa0/9, Fa0/10, Fa0/11, Fa0/12
Fa0/13, Fa0/14, Fa0/15, Fa0/16
Fa0/17, Fa0/18, Fa0/19, Fa0/20
Fa0/21, Fa0/22, Fa0/23, Fa0/24
Gi0/1, Gi0/2
Fa0/1, Fa0/2, Fa0/3, Fa0/4
Fa0/5, Fa0/6, Fa0/7, Fa0/8

1002 fddi-default
1003 token-ring-default
1004 fddinet-default
1005 trnet-default

act/unsup
act/unsup
act/unsup
act/unsup

SW-151#show running-config
-------output omitted-----!
interface FastEthernet0/1
switchport access vlan 10
no ip address
-------output omitted-----interface FastEthernet0/8
switchport access vlan 10
no ip address
!
interface FastEthernet0/9
no ip address
!
-------output omitted-----Stage 3
Reload the switch without saving the running configuration

2015 Cisco and/or its affiliates. All Rights Reserved.

This document is Cisco Public Information.

Generated on 2015-03-28-07:00
7

Interesting Facts

SW-1#reload
SW-1#show running-config
-------output omitted-----!
interface FastEthernet0/1
no ip address
-------output omitted-----interface FastEthernet0/8
no ip address
!
interface FastEthernet0/9
no ip address
!
-------output omitted-----SW-1#show vlan brief
VLAN Name
Status
Ports
---- -------------------------------- --------------------------------------1 default
active
Fa0/1, Fa0/2, Fa0/3, Fa0/4
Fa0/5, Fa0/6, Fa0/7, Fa0/8
Fa0/9, Fa0/10, Fa0/11, Fa0/12
Fa0/13, Fa0/14, Fa0/15, Fa0/16
Fa0/17, Fa0/18, Fa0/19, Fa0/20
Fa0/21, Fa0/22, Fa0/23, Fa0/24
Gi0/1, Gi0/2
10 VLAN0010
1002 fddi-default
1003 token-ring-default
1004 fddinet-default
1005 trnet-default

active
act/unsup
act/unsup
act/unsup
act/unsup

Point 2
For normal Vlan range - 1 to 1001
Vlans configured on a switch are stored in VLAN.dat file - VTP Server & Client mode
They are also stored in running configuration in transparent mode

Result:
If running configuration is not saved, the switch will query the information from Vlan.dat file & recreate the vlans
using that information on reload.

2015 Cisco and/or its affiliates. All Rights Reserved.

This document is Cisco Public Information.

Generated on 2015-03-28-07:00
8

Interesting Facts

Vlan.dat file saves the entries on every modification of Vlans

Point 3
For extended Vlan range - 1006 to 4094
Extended Vlans configured on a switch are stored only in running configuration file
Extended Vlans can be configured on a switch only in Transparent mode

Result:
If running configuration is not saved, the switch will lose the information for extended Vlans only

Situation 1

Vlan created - 10
Ports transferred to vlan 10 - FastEthernet 0/1
Running-config saved
Vlan.dat deleted

Result:
Only default Vlans will be visible
However, running configuration still believes port FastEthernet 0/1 is in Vlan 10
And Vlan 10 is not available
So, port FastEthernet 0/1 will not appear in the output of #show vlan brief command
Situation 2
Switch in transparent mode
Vlans created - 10 & 1500
Running configuration not saved

Result:
Vlan 10 will be still visible as the information is retrieved from Vlan.dat file
Vlan 1500, however, will disappear as running configuration does not have that information
Situation 3
Switch in transparent mode
Vlans created - 10 & 1500
Running configuration is saved
Vlan 10 is saved in Vlan.dat file + running configuration &
Extended Vlan 1500 is saved only in running configuration
Vlan.dat is deleted

2015 Cisco and/or its affiliates. All Rights Reserved.

This document is Cisco Public Information.

Generated on 2015-03-28-07:00
9

Interesting Facts

Important point:
Because Vlan.dat file has been deleted, the switch restores the default Vlan.dat file
This results in VTP default configuration of "Server" mode, revoking the transparent mode we had
configured in previous step
Now, under server mode, the Vlan information is queried from default Vlan.dat file
So, no Vlans, other than the default ones, are uploaded in running configuration file

Result:
None of the new Vlans will be visible as the information is retrieved only from the default Vlan.dat
Modification:
Revert the switch back to transparent mode, save nothing & reload
Result:
Startup configuration still has the standard vlan 10 & extended vlan 1500 information
So, now Vlan 10 & 1500 & the default Vlans will be visible

Point 4
When there is conflicting information in the startup configuration and vlan.dat file,
priority is given to the information carried by the vlan.dat file

Such a situation can arise if the switch configuration is modified

And the startup configuration is not updated by saving the new running configuration

In such a scenario, vlan.dat will carry new information within its limitations
On a reload this information will be used, overriding conflicting information from the startup
configuration

6. Mismatched VTP domains on a trunk link - What if ?

The role of Dynamic trunking protocol
When two switches are connected to each other, DTP negotiates the port mode - trunk or access
However, to function properly, DTP requires that both the switches should have identical VTP domain
name & password
If the switches are configured in different domain names, DTP negotiation fails

Result:

The ports fall back to Access mode

Caveat:

2015 Cisco and/or its affiliates. All Rights Reserved.

This document is Cisco Public Information.

Generated on 2015-03-28-07:00
10

Interesting Facts

This implies that the ports will transfer the data to & from their respective Vlans only, as normal ports
do
They will not tag the frames

Remedy:
Force the trunk mode on the given ports

Result:

Now data from different Vlans will be able to transverse the switches

Caveat:
VTP will still not operate. So Vlan created on the first switch will not update the information on second
switch, subject to "Note" below under heading #7

7. VTP vrersion 1 & 2

Important Note:
The tests were conducted using a Cisco 3550 with an enhanced image acting as a transparent switch
in the middle
Using a Catalyst 2950, instead of a Catalyst 3550 produced different results, i.e. VTP advertisements
were propagated once the links were configured to operate in trunk mode - in one of the older
versions of IOS

Because of this anomaly, it would be prudent to configure the transparent switch with the identical
domain name as the other participating switches

Contrary to the documented fact

That when two or more switches in a same Vtp domain, are separated,

2015 Cisco and/or its affiliates. All Rights Reserved.

This document is Cisco Public Information.

Generated on 2015-03-28-07:00
11

Interesting Facts

By a transparent switch belonging to a different Vtp domain,

Vtp version 2 will forward Vtp updates {vs. vtp version 1 - which doesn't},
through the mismatched transparent switch.

It will not do so { just as in vtp version 1 }

VTP debug command:

Sw2-3550#debug sw-vlan vtp events
Error generated on SW2
*Mar 1 01:13:30.167: VTP LOG RUNTIME: Dropping packet received on trunk Fa0/24
- not in domain Cisco
-----------------------------The End

2015 Cisco and/or its affiliates. All Rights Reserved.

This document is Cisco Public Information.

Generated on 2015-03-28-07:00
12