SG1 00314282

H
P
C
&L
St
ake
ho
ld
er
use
on
ly
.R
ep
ro
du
c tio
n
in
w
ho
le
or
i
BitSpyder - The Culture of Knowledge
n
pa
rt
w
ith
ou
tp
er
m
is
sio
n
is
pr
oh
ib
ite
d.
Accelerated Interoperability and Troubleshooting HP Networks

Part 1: HP Networking Interoperability
Rev. 11.31 - Course #: 00314282
Part Number: 00314282S11104 – Book 1 of 2
d.
ite
ib
oh
pr
is
n
sio
is
m
er
tp
ou
ith
w
rt
pa
i n
or
l e
ho
w
in
n
c tio
du
ro
ep
.R
ly
on
u se
er
ld
ho
ake
St
&L
C
P
H
Student guide
HP Partner Learning
d.
ite
ib
oh
pr
is
n
ios
is
m
er
tp
 Copyright 2011 Hewlett-Packard Development Company, L.P.
ou
The information contained herein is subject to change without notice. The only warranties for
ith
HP products and services are set forth in the express warranty statements accompanying such
w
products and services. Nothing herein should be construed as constituting an additional
rt
warranty. HP shall not be liable for technical or editorial errors or omissions contained
pa
herein.
This is an HP copyrighted work that may not be reproduced without the written permission of
i n
HP. You may not use these materials to deliver training to any person outside of your
or
organization without the written permission of HP.
e
Printed in United States of America

l
ho
Accelerated Interoperability and Troubleshooting HP Networks – v11.31

w
Student guide – Book 1 of 2

in
April 2011
n
HP Restricted
c tio
du
ro
ep
.R
ly
on
u se
er
ld
ho
ake
St
&L
C
P
H
Contents
d.
Module 1: Introduction to HP Networking Interoperability
ite
ib
Course objectives .......................................................................................... 1-1
oh
Course agenda ............................................................................................. 1-2
pr
Multi-vendor networks—Challenges and opportunities........................................ 1-3
is
Interoperability goals ..................................................................................... 1-5
n
io
Initial information for labs ............................................................................... 1-7
s
is
Module 1 summary ....................................................................................... 1-8
m
er
Module 2: Switch Management
tp
Module 2 objectives ...................................................................................... 2-1
ou
Notes ..............................................................................................2-1
ith
w
Enabling basic remote management ................................................................ 2-2
rt
Notes ..............................................................................................2-2
pa
Management scenario 1 ................................................................................2-3
n
Management scenario 1a—Cisco ...................................................................2-5
i
or
Management scenario 1b—HP A-Series ...........................................................2-6
e
Management scenario 1c—HP E-Series ............................................................ 2-7

l
ho
Setting up a DHCP server on an HP A-Series switch ...........................................2-8

w
IMC discovery—1 .........................................................................................2-9

in
IMC discovery—2 ....................................................................................... 2-10

n
tio
IMC discovery—3 ........................................................................................ 2-11

c
du
IMC discovery—4 ....................................................................................... 2-13

ro
IMC discovery—5 ....................................................................................... 2-14

ep
Advanced and secured management ............................................................. 2-15

.R
Notes ............................................................................................ 2-15

ly
Management scenario 2 .............................................................................. 2-16

on
Management scenario 2 (cont.) ..................................................................... 2-17

se
Management scenario 2a—Cisco ................................................................. 2-19

u
Management scenario 2a—Cisco (cont.) ........................................................ 2-21

er

ld
ho

ke
Management scenario 2b—HP A-Series ......................................................... 2-24

a
Information center on HP A-Series switches ..................................................... 2-27

St
Introduction to information center ...................................................... 2-27

&L
Classification of system information ................................................... 2-27

C
Eight levels of system information ...................................................... 2-28

P
H
Seven output destinations and ten channels of system information ......... 2-28
Ten channels of system information ................................................... 2-29
Default output rules of system information ........................................... 2-29
info-center source ...........................................................................2-30
Rev. 11.12 i
HP Networking Interoperability
Management scenario 2b—HP A-Series (cont.) ............................................... 2-32

Management scenario 2b—HP A-Series (cont.) ...............................................2-34
Management scenario 2b—HP A-Series (cont.) ............................................... 2-35
Configuring SNMP NMS ................................................................. 2-36
Management scenario 2c—HP E-Series .......................................................... 2-37
d.
ite
Management scenario 2c—HP E-Series (cont.) ................................................ 2-39
ib
Management scenario 2c—HP E-Series (cont.) ............................................... 2-40
oh
Management scenario 2c—HP E-Series (cont.) ................................................ 2-41
pr
LLDP and CDP ............................................................................................. 2-42
is
Notes ............................................................................................ 2-42
n
io
IEEE 802.1AB LLDP and CDP ........................................................................2-43
s
is
HP E-Series .................................................................................... 2-43
m
HP A-Series .................................................................................... 2-43
er
Cisco ............................................................................................2-44
tp
Useful show and display commands ..............................................................2-45
ou
Notes ............................................................................................ 2-45
ith
Lab 2.1: Management.................................................................................. 2-46
w
rt
Lab debrief ................................................................................................. 2-47
pa
Module 2 summary .....................................................................................2-49
Module 3: VLANs i n
or
e

l
ho
Notes ............................................................................................. 3-1

w
Configuring and managing VLANs ..................................................................3-2

in
n
Notes ............................................................................................. 3-2

tio
Terminology ................................................................................................. 3-3

c
du
Access, trunk, and hybrid ports on HP A-Series switches ....................... 3-3

ro
VLAN configuration scenario ......................................................................... 3-5

ep
VLAN configuration on Cisco: VLAN creation and trunk ports ............................ 3-6
.R
VLAN configuration on Cisco: Access and voice ports .......................................3-7

ly
VLAN routing on Cisco ................................................................................ 3-10

on
DHCP relay on Cisco ....................................................................................3-11

se
VLAN configuration on HP A-Series: VLAN creation and trunk ports................... 3-12

u
VLAN configuration on HP A-Series: Access and voice ports ............................. 3-13

er
VLAN routing on HP A-Series ........................................................................ 3-17

ld
ho
DHCP relay on HP A-Series ........................................................................... 3-18

ke
VLAN configuration on HP E-Series ................................................................ 3-19

a
VLAN routing on HP E-Series .........................................................................3-20

St
DHCP relay on HP E-Series ........................................................................... 3-21

&L
Dynamic VLAN creation: VTP and GVRP ........................................................ 3-22

C
VTP versus GVRP ......................................................................................... 3-23

P
H
GVRP and VTP on the same network .............................................................. 3-24
ii Rev. 11.12
Contents
GVRP operations ......................................................................................... 3-25

GVRP general operation ................................................................. 3-25
GVRP ......................................................................................................... 3-27
GVRP and VTP: Pros and cons ...................................................................... 3-28
Trunk and static VLANs: A best practice? ....................................................... 3-30
d.
ite
Lab debrief ................................................................................................ 3-32
ib
Module 3 summary .................................................................................... 3-34
oh
Learning check ........................................................................................... 3-35
pr
Module 4: Link Aggregation
is
n
io
s
is
MSTP review ................................................................................................ 4-2
m
MSTP regions—Review 1 ............................................................................... 4-3
er
MSTP regions—Review 2 ............................................................................... 4-5
tp
Which BPDUs are used?—Review 3 ................................................................ 4-6
ou
MSTP BPDUs—Review 4 ................................................................................ 4-7
ith
w
Additional Information about MSTP .................................................... 4-8
rt
Common spanning tree—Review 5 ................................................................. 4-9
pa
What setup is required to enable load balancing?—Review 6 ........................... 4-10
n
Mapping VLANs to MST instances—Review 7 ................................................. 4-11
i
or
Is MSTP “aware” of the VLAN setup?—Review 8 ............................................. 4-12
e
MSTP design options .................................................................................... 4-13

l
ho
How do you set up VLANs on uplinks? ........................................................... 4-14

w
Instances and VLAN settings—Activity ............................................................ 4-16

in
n
MSTP setting—Activity .................................................................................. 4-17

tio
Adding a new VLAN on a switch implementing MSTP ...................................... 4-19

c
du
Assigning a VLAN to an MST instance .......................................................... 4-20

ro
Strategies to place VLANs in MSTP instances ..................................................4-22

ep
MSTP—Path costs ........................................................................................ 4-24

.R
Configuring MSTP ........................................................................................4-25

ly
IOS requirements for MSTP on Cisco .............................................................. 4-27

on
Cisco and HP MSTP scenario: HP A-Series switch configurations ........................4-29

se
Cisco and HP MSTP scenario: HP E-Series switch configurations ....................... 4-30

u
Troubleshooting MSTP .................................................................................. 4-31

er
Conclusion: MSTP on Cisco and HP switches ................................................. 4-32

ld
ho
Lab 4.1: Configuring MSTP ........................................................................... 4-33

ke
Lab debrief ................................................................................................ 4-34

a
Module 4 summary .................................................................................... 4-35

St
Learning check ........................................................................................... 4-36

&L
C
P
H
Rev. 11.12 iii

Module 5: Implementing MSTP on Cisco and HP Switches

PVST+ and STP interoperability .......................................................................5-2
How do STP/RSTP and Cisco PVST+/Rapid PVST+ differ? ................................. 5-3
PVST+ versus MSTP ....................................................................................... 5-5
Spanning tree BPDUs .....................................................................................5-7
Cisco PVST+: Which BPDUs are sent on trunk ports? ......................................... 5-9
Cisco PVST+: Which BPDUs are sent on access ports? ..................................... 5-10
Spanning tree BPDUs—Quiz 1 .......................................................................5-11
Spanning tree BPDUs—Quiz 2 ...................................................................... 5-13
Which BPDUs are sent and interpreted? ......................................................... 5-15
Resulting topology ....................................................................................... 5-16
STP—Port cost differences ............................................................................. 5-17
PVST+ quiz ................................................................................................. 5-18
Cisco and HP scenario 1 .............................................................................. 5-19
PVST+/STP interoperability—Scenario 1.........................................................5-20
Scenario 1—VLAN topologies ...................................................................... 5-21
Considering STP port cost differences ............................................................. 5-22
Considering STP port cost differences (cont.) ................................................... 5-23
Cisco and HP scenario 1: Cisco switch configurations ...................................... 5-24
Cisco and HP scenario 1: HP A-Series switch configuration ............................... 5-25
Cisco and HP scenario 1: HP E-Series switch configuration ................................ 5-26
Cisco and HP scenario 2 .............................................................................. 5-27
PVST+/STP interoperability—Scenario 2......................................................... 5-28
Scenario 2—VLAN topologies ...................................................................... 5-29
What setup is required in VLAN 1? .............................................................. 5-30
Cisco view in other VLANs ........................................................................... 5-31
Cisco and HP scenario 2: Cisco switch configurations ..................................... 5-32
What about other Cisco switches in the access layer? ..................................... 5-33
What is the purpose of load balancing?........................................................ 5-34
Lab 5.1: PVST+/MSTP interoperability............................................................ 5-36
Lab debrief .................................................................................................5-37
Cisco and HP scenario 3 ............................................................................. 5-38
HP in aggregation—Scenario 3 ................................................................... 5-39
HP in aggregation—Scenario 3 (cont.) .......................................................... 5-40
HP in aggregation—Scenario 3: With MSTP and PVST+ .................................. 5-41
HP in aggregation—Scenario 3: With MSTP and PVST+ (cont.) ........................ 5-43
HP in aggregation—Scenario 3: Configuration .............................................. 5-45
Lab 5.2: PVST+/MSTP interoperability: HP at the aggregation layer
(Optional).................................................................................................. 5-46
Lab debrief .................................................................................................5-47
Module 5 summary .................................................................................... 5-48
Learning check ........................................................................................... 5-49
iv Rev. 11.12
Contents
Module 6: Interoperability among PVST+, Rapid PVST+, and MSTP

Reminder: With IRF, STP is unnecessary ........................................................... 6-2
Disabling STP on HP edge switches ................................................................ 6-3
What happens when STP is disabled on the HP edge switch? ............................ 6-4
What happens when STP is disabled on the HP edge switch? (cont.) .................. 6-5
Configuring the HP switch to disable STP ......................................................... 6-6
Configuring smart link ................................................................................... 6-7
Smart link on HP A-Series switches .................................................................. 6-8
Simple smart link configuration....................................................................... 6-9
Smart link and load balancing ...................................................................... 6-10
Smart link and load balancing (cont.) ............................................................ 6-11
Topology change mechanisms .......................................................... 6-11
Smart link status .......................................................................................... 6-13
Configuring monitor link ............................................................................... 6-14
Monitor link on HP A-Series switches .............................................................. 6-15
Monitor link on HP A-Series switches (cont.) .................................................... 6-16
Monitor link configuration ............................................................................. 6-17
Lab 6.1: Redundancy without STP ................................................................... 6-18
Lab debrief ................................................................................................ 6-20
Module 6 summary .....................................................................................6-22
Learning check ............................................................................................ 6-23
Module 7: Redundancy Without STP

Spanning tree problems ................................................................................. 7-2
Hardening STP .............................................................................................. 7-3
Spanning tree hardening features ....................................................................7-4
Setting edge ports and non-edge ports............................................................. 7-5
UDLD and DLDP ............................................................................................ 7-6
Why unidirectional links cause problems .......................................................... 7-7
UDLD and DLDP interoperability ...................................................................... 7-9
STP hardening on edge ports ........................................................................ 7-10
BPDU guard = BPDU protection ...................................................................... 7-11
HP loop protect (HP E-Series) ..........................................................................7-12
TCN guard ..................................................................................................7-13
BPDU filter—Disabling STP on individual ports .................................................7-14
STP hardening on Cisco ................................................................................7-15
STP hardening on HP A-Series ........................................................................7-16
STP hardening on HP E-Series ........................................................................7-17
STP hardening on uplinks ............................................................................. 7-18
Root guard ................................................................................................. 7-19
Spanning tree root guard configuration .......................................................... 7-20
Rev. 11.12 v
Loop guard ................................................................................................. 7-21

Spanning tree loop guard configuration ......................................................... 7-22
Lab 7.1: Hardening STP ................................................................................. 7-23
Module 7 summary ..................................................................................... 7-26
Module 8: Link Aggregation

Module 8 Objectives ..................................................................................... 8-1
Link aggregation and interoperability ...............................................................8-2
Link aggregation modes ................................................................................ 8-3
Interoperability between modes: What works? .................................... 8-4
Link aggregation modes (cont.) ...................................................................... 8-5
Link aggregation load balancing options ......................................................... 8-6
IRF, link aggregation, and interoperability: IRF in the distribution layer .................8-7
IRF, link aggregation, and interoperability: IRF in the distribution
and access layers ......................................................................................... 8-9
IRF, link aggregation, and interoperability: IRF in the core and
distribution layers ........................................................................................ 8-10
Static link aggregation configuration ...............................................................8-11
Static LACP link aggregation configuration ..................................................... 8-12
VLAN trunking and link aggregation .............................................................. 8-13
Troubleshooting link aggregation ................................................................... 8-14
Lab 8.1: Configuring link aggregation and IRF ................................................. 8-15
Lab debrief ................................................................................................. 8-16
Module 8 summary ..................................................................................... 8-18
Learning check ............................................................................................ 8-19
Module 9: Virtual IP Protocols

Virtual IP concepts ........................................................................................ 9-3
Reference .............................................................................................. 9-5
Virtual IP quiz .............................................................................................. 9-6
HSRP, GLBP, and VRRP comparison ................................................................. 9-9
Interoperability ................................................................................ 9-9
Authentication ................................................................................. 9-9
Preempt delay ................................................................................. 9-9
Load balancing ............................................................................... 9-9
Tracking interface and remote IP ....................................................... 9-10
Stateful NAT ................................................................................... 9-10
Virtual MAC................................................................................... 9-10
Multicast IP .................................................................................... 9-10
Comparing IRF to virtual IP protocols ............................................................... 9-11
VRRP on Cisco ............................................................................................ 9-12
Virtual IP design cases ................................................................................. 9-13
Default gateway redundancy with HSRP and VRRP .......................................... 9-14
vi Rev. 11.12
Contents
Default gateway redundancy with IRF ............................................................ 9-15

Operational planes (control, management, and forwarding) ................ 9-15
Operational planes in IRFv2 ............................................................ 9-16
Load balancing with GLBP and VRRP (HP A-Series devices) ............................... 9-17
Load balancing with IRF ............................................................................... 9-18
Next hop router in static routes—Case 1 ........................................................ 9-19
Next hop router in static routes—Case 2 ........................................................9-20
Next hop router in static routes with IRF .......................................................... 9-21
Preemption and preempt delay ...................................................................... 9-22
No preempt delay needed with IRF ................................................................ 9-23
Tracking interfaces with VRRP or HSRP ........................................................... 9-24
Tracking remote IP addresses ........................................................................ 9-25
Tracking with IRF and NQA .......................................................................... 9-27
Configuring virtual IP protocols ...................................................................... 9-28
HSRP configuration example ......................................................................... 9-29
GLBP configuration example ........................................................................ 9-30
VRRP configuration example on HP A-Series .................................................... 9-31
VRRP tracking remote IP on HP A-Series ......................................................... 9-32
VRRP tracking remote IP on HP A-Series (cont.) ............................................... 9-33
Example output for display and debugging commands ...................... 9-35
VRRP configuration example on HP E-Series ................................................... 9-38
Lab 9.1: Configuring VRRP (Optional) ............................................................ 9-39
Lab debrief ................................................................................................. 9-41
Module 9 summary .................................................................................... 9-44
Learning check ........................................................................................... 9-45
Module 10: Routing with OSPF

Module 10 objectives ................................................................................... 10-1
Scenarios for configuring OSPF neighbors ...................................................... 10-2
OSPF neighboring—Scenario 1-1 ...................................................................10-3
Best practices .................................................................................10-4
OSPF DR election—Scenario 1-2 ....................................................................10-5
Other best practices ........................................................................10-6
OSPF authentication..................................................................................... 10-7
OSPF neighbors—Scenario 1-4 .....................................................................10-9
What is the purpose of the configurations displayed in this slide? ......... 10-9
When would you need to initiate a graceful restart? ...........................10-9
What are requirements for implementing graceful restart? ....................10-9
What happens on each router when you initiate a graceful
restart on HP 1? ........................................................................... 10-10
Commands for enabling OSPF graceful restart ................................. 10-10
Rev. 11.12 vii

OSPF neighbors—Scenario 1-5 .................................................................... 10-11

Why is it relevant to use BFD between the three routers? .................... 10-11
What BFD transmit timers will be negotiated between HP1
and Cisco3? ................................................................................ 10-11
What values would you recommend for the timers? ........................... 10-12
What will happen if INT VLAN10 fails on HP1? ............................... 10-12
OSFP area scenarios...................................................................................10-13
OSPF area summarization—Scenario 2-1 .......................................................10-14
OSPF area summarization—Scenario 2-1-a ................................................... 10-17
How can the ABR filter networks? ................................................... 10-17
What is the default value for router ID? ........................................... 10-18
How and why would you configure the ABR to send a default route
to routers in an area? .................................................................... 10-18
OSPF area summarization—Scenario 2-1-b ................................................... 10-19
OSPF area summarization—Scenario 2-1-c .................................................... 10-21
OSPF area summarization—Scenario 2-2 ..................................................... 10-23
OSPF passive interface—Scenario 2-3 .......................................................... 10-26
Use cases .................................................................................... 10-26
OSPF passive interface—Scenario 2-3-a ................................................. 10-27
OSPF area and redistribution scenarios ........................................................ 10-28
OSPF redistribution—Scenario 3-1 ............................................................... 10-29
OSPF redistribution—Scenario 3-1-a ....................................................... 10-31
OSPF redistribution—Scenario 3-1-b ....................................................... 10-33
OSPF redistribution—Scenario 3-1-c ....................................................... 10-35
OSPF redistribution—Scenario 3-2-a ...................................................... 10-37
OSPF redistribution—Scenario 3-2-b ...................................................... 10-38
OSPF redistribution—Scenario 3-2-c ...................................................... 10-39
OSPF redistribution—Scenario 3-3 ...............................................................10-40
Use cases .................................................................................... 10-42
OSPF redistribution—Scenario 4-1 implications .......................................10-44
OSPF redistribution—Scenario 4-1 implications (cont) .............................. 10-46
OSPF redistribution—Scenario 4-1 configuration ..................................... 10-47
OSPF redistribution—Scenario 4-1-a ...................................................... 10-48
OSPF redistribution—Scenario 4-1-b ...................................................... 10-49
OSPF redistribution—Scenario 4-1-c ....................................................... 10-50
Configuration for Cisco ................................................................. 10-51
Limitations of the solution ............................................................... 10-51
OSPF redistribution and filtering: Scenario 4-2-a ..................................... 10-53
OSPF redistribution and filtering—Scenario 4-2-b .................................... 10-54
Alternate configuration with ip prefix-list ........................................... 10-54
Alternate configuration with filter-policy export ................................. 10-55
viii Rev. 11.12

Contents
OSPF redistribution and filtering—Scenario 4-2-c .................................... 10-56

OSPF redistribution and filtering—Scenario 4-2-d .................................... 10-57
OSPF default route injection—Scenario 5 ..................................................... 10-58
OSPF default route injection—Scenario 5-1 ............................................. 10-59
Additional reference...................................................................... 10-60
OSPF redistribution and filtering—Scenario 5-2 ....................................... 10-61
Labs 10.1 and 10.2: Configuring OSPF ........................................................ 10-62
Lab debrief ...............................................................................................10-64
Module 10 summary .................................................................................. 10-66
Learning check .......................................................................................... 10-67
Module 11: Network Address Translation

Module 11 objectives .................................................................................... 11-1
Internet access with dynamic NAT................................................................... 11-2
NAT and Internet access—Scenario 1 .............................................................11-3
NAT and Internet access—Scenario 1a .......................................................... 11-4
NAT and Internet access—Scenario 1b ........................................................... 11-5
NAPT configuration on the HP A-Series switch .....................................11-5
Introduction to connection limit .......................................................... 11-6
Internal servers with static NAT ....................................................................... 11-7
Internal servers and NAT—Scenario 2 .............................................................11-8
Internal servers and NAT—Scenario 2a ...........................................................11-9
Internal servers and NAT—Scenario 2b ......................................................... 11-10
Internal servers and NAT—Scenario 3 ............................................................ 11-11
Internal servers and NAT—Scenario 3a ......................................................... 11-12
Internal servers and NAT—Scenario 3b ..........................................................11-13
Internal servers and NAT—Scenario 3c ..........................................................11-14
Using static NAT for overlapping networks ......................................................11-15
Overlapping networks—Scenario 4 .............................................................. 11-16
Overlapping networks—Scenario 4a ............................................................ 11-18
Overlapping networks—Scenario 4b ............................................................ 11-19
Overlapping networks—Scenario 4c............................................................. 11-20
Overlapping networks—Scenario 4d ............................................................ 11-22
Alternative configuration with dynamic NAT ...................................... 11-22
Module 11 summary ................................................................................... 11-23
Learning check ........................................................................................... 11-24
Appendix A: Learning Check Answers
Rev. 11.12 ix
x Rev. 11.12
Introduction to HP Networking Interoperability

Module 1
Course objectives
In this course, you will learn how to deploy Cisco and HP devices together in a
network. You will examine Cisco interoperability both with HP A-Series devices,
designed for large and complex enterprises, and with HP E-Series devices, intended
for Small to Medium Businesses (SMBs), which might, nonetheless, have some
sophisticated requirements.
Specifically, you will learn how to:
 Manage the devices from a single management solution
 Extend VLANs across the network in a consistent manner
 Configure link aggregation groups between HP and Cisco switches
 Implement redundant links in a loopless topology using the best method for your
environment
 Configure virtual IP protocols for redundant routing
 Establish OSPF autonomous systems with HP and Cisco switches
 Implement NAT on the appropriate devices
Rev. 11.12 1 –1
Course agenda
The agenda for this course is:
 Day 1:
 Module 1: Introduction to HP Networking Interoperability
 Module 2: Switch Management
 Lab 2.1: Management
 Module 3: VLANs
 Lab 3.1: Configuring VLANs
 Module 4: Implementing MSTP (beginning)
 Day 2:
 Module 4: Implementing MSTP (end)
 Lab 4.1: Configuring MSTP
 Module 5: Interoperability Among PVST+, Rapid PVST+, and MSTP
 Lab 5.1: Configuring PVST+/MSTP Interoperability: Cisco at the
Aggregation Layer
 Optional Lab 5.2: Configuring PVST+/MSTP Interoperability: HP at the
Aggregation Layer
 Module 6: Redundancy Without STP
 Lab 6.1: Implementing Redundant links Without STP
 Day 3:
 Optional Module 7: STP Hardening
 Lab 7.1: Configuring Spanning Tree Hardening
 Module 8: Link Aggregation
 Lab 8.1: Configuring Link Aggregation and IRF
 Module 9: Virtual IP Protocols
 Optional Lab 9.1: Configuring VRRP
 Day 4
 Module 10: Routing with OSPF
 Lab 10.1: Configuring OSPF Areas
 Optional Lab 10.2: Configuring OSPF Redistribution
 Module 11: Network Address Translation
1 –2 Rev. 11.12
Multi-vendor networks—Challenges and

opportunities
Why do you want to
What challenges do you
implement a multi-
expect to face?
vendor network?
• Customers want the • Different platforms might
flexibility to purchase the support different protocols and
switches that make features.
economic sense now. • You are unfamiliar with the
• Customers want to continue protocols and configuration
to receive a return on former commands for the new
investments. vendor’s equipment.
Figure 1-1: Multi-vendor network—Challenges and opportunities
Consider the questions displayed in the table. Why do you want to implement a
multi-vendor network? What benefits do you expect from knowing how to do so? On
the other hand, what challenges do you expect to face during the implementation?
What pitfalls must you avoid?
The table above gives a couple of general ideas to get you started. Discuss more
ideas with your classmates. Try to make your contributions to the discussion as
concrete as possible. Draw on your experiences as a networking professional and
think carefully about why you are attending this course and what you hope to gain
from your time here.
_______________________________________________________________________
_______________________________________________________________________
_______________________________________________________________________
_______________________________________________________________________
_______________________________________________________________________
_______________________________________________________________________
_______________________________________________________________________
Rev. 11.12 1 –3
_______________________________________________________________________
_______________________________________________________________________
_______________________________________________________________________
_______________________________________________________________________
_______________________________________________________________________
_______________________________________________________________________
_______________________________________________________________________
_______________________________________________________________________
_______________________________________________________________________
_______________________________________________________________________
_______________________________________________________________________
_______________________________________________________________________
_______________________________________________________________________
_______________________________________________________________________
_______________________________________________________________________
_______________________________________________________________________
_______________________________________________________________________
_______________________________________________________________________
1 –4 Rev. 11.12
Interoperability goals
– What are your goals for the multi-vendor network
deployment?
• Using single management system?
• Providing a consistent, high-quality network experience?
• Implementing open-standard protocols? Making familiar Cisco
protocols interoperate with open-standard protocols?
• Other goals?
Figure 1-2: Interoperability goals
You have considered the challenges of deploying a multi-vendor network. You must
now set goals to meet those challenges. The figure gives some examples of general
goals that you might set. For example, you might want to deploy a network that uses
a single management solution.
Of course, you will need to define your goals more precisely than the ones listed
above. What does a consistent, high-quality network experience mean to you? What
issues are involved in providing it, and what concrete goals can you set to ensure
that these issues are resolved? For example, you might need to provide high
availability by implementing redundant links between all access layer and
aggregation layer switches.
Your goals might differ from others’. For example, you might want to implement open-
standard protocols while your neighbor would prefer to implement familiar
proprietary protocols whenever they can interoperate with the open-standard ones.
What are the advantages and disadvantages of either goal?
You can record your ideas and the ideas of your classmates in the space provided.
_______________________________________________________________________
_______________________________________________________________________
_______________________________________________________________________
_______________________________________________________________________
_______________________________________________________________________
Rev. 11.12 1 –5
_______________________________________________________________________
_______________________________________________________________________
_______________________________________________________________________
_______________________________________________________________________
_______________________________________________________________________
_______________________________________________________________________
_______________________________________________________________________
_______________________________________________________________________
_______________________________________________________________________
_______________________________________________________________________
_______________________________________________________________________
_______________________________________________________________________
_______________________________________________________________________
_______________________________________________________________________
_______________________________________________________________________
_______________________________________________________________________
_______________________________________________________________________
1 –6 Rev. 11.12
Initial information for labs

Cisco-A Cisco-B
IP addressing:
Names: 10.POD.VLAN.X/24
HP-C HP-D •Cisco-A=Catalyst 3750 X=1 on Cisco-A

•Cisco-B=Catalyst 3750 X=2 on Cisco-B
•HP-C=HP A5800 X=3 on HP-C

HP-E HP-F
•HP-D= HP A5800 X=4 on HP-D
•HP-E= HP E3500 X=5 on HP-E

•HP-F=HP E3500 X=6 on HP-F
Server_1 Client_1
IMC XP •Server_1= Windows 2008 Server X=100 on Server_1
•Client_1= Client X=101 on Client_1
Figure 1-3: Initial information for labs
During this course, you will complete several labs. Each lab includes two or more of
the switches displayed in the slide. The names and IP addresses used throughout the
labs are consistent. For example, the HP A5800 switches are always HP-C and HP-D
and have 3 and 4 in the final octet of their IP addresses. However, some of the labs
include only some of the equipment.
You will also use a Windows Server 2008 and a client for the labs.
Rev. 11.12 1 –7
Module 1 summary
You have articulated your goals for a multi-vendor network deployment and seen the
multi-vendor equipment with which you will be practicing such a deployment for the
rest of this course. You are ready to turn your attention to the specific interoperability
issues on which the rest of this course focuses.
1 –8 Rev. 11.12
Switch Management
Module 2
Module 2 objectives
After completing this module, you will be able to:
 Configure HP A-Series, HP E-Series, and Cisco switches so that they can be
managed by the HP Intelligent Management Center (IMC) platform
 Configure the following features for secure management of HP A-Series, HP E-
Series, and Cisco switches:
 Authenticated access
 Secure Shell (SSH) V2.0
 Simple Network Management Protocol (SNMP) v2 and v3
 Network Time Protocol (NTP)
 Syslog
 Configure and use Link Layer Discovery Protocol (LLDP) on HP A-Series, HP E-
Series, and Cisco switches
Notes
_____________________________________________________________________
_____________________________________________________________________
_____________________________________________________________________
_____________________________________________________________________
_____________________________________________________________________
_____________________________________________________________________
_____________________________________________________________________
_____________________________________________________________________
Rev. 11.12 2 –1
Enabling basic remote management

This first scenario focuses on how to pre-configure a switch so that it can be
discovered by IMC and accessed through Telnet.
The second scenario shows you how to create secure configuration sessions for a
switch using NTP, Syslog, SSH, and SNMPv3.
Finally, you will review Cisco Discovery Protocol (CDP) and Link Layer Discovery
Protocol (LLDP) and their uses in gathering network information.
Notes
_________________________________________________________________________
_________________________________________________________________________
_________________________________________________________________________
_________________________________________________________________________
_________________________________________________________________________
_________________________________________________________________________
_________________________________________________________________________
_________________________________________________________________________
_________________________________________________________________________
_________________________________________________________________________
_________________________________________________________________________
_________________________________________________________________________
_________________________________________________________________________
2 –2 Rev. 11.12
Switch Management
Management scenario 1
– You must deploy a number of access-layer
switches:
• HP A-Series, E-Series, and Cisco switches
– You pre-configure switches with a minimal

configuration to allow discovery by IMC.
– With IMC, you create a template configuration that is
secured and operational.
What minimal switch parameters should you configure to allow

discovery by IMC?
Figure 2-1: Management scenario 1
For the first scenario, you are deploying an HP A-Series switch, HP E-Series switch,
and Cisco switch at the access layer. You need to pre-configure the switches with the
most basic configurations that will allow IMC to discover the switches. You will then
use IMC to configure and manage the switches.
Q: What minimal switch parameters does IMC require to discover the switches?
_________________________________________________________________________
_________________________________________________________________________
_________________________________________________________________________
_________________________________________________________________________
_________________________________________________________________________
_________________________________________________________________________
_________________________________________________________________________
Rev. 11.12 2 –3
Management scenario 1 (cont.)

1 System name (configured by default)
2 IP address + default gateway
3 SNMPv2 community
RW is required for management (RO would be enough for discovery)
4
SNMP trap receiver*
5 Telnet access without authentication
* IMC can set itself as trap receiver
when it discovers devices
Once the switch is discovered, IMC can apply a secured

configuration, which will be shown in management
scenario 2.
Figure 2-2: Management scenario 1 (cont.)
These are the basic switch parameters necessary for IMC to discover the device:
 System name
 IP address and default gateway
 SNMPv2 community—IMC requires only the read-only community to discover
the device, but it needs the read-write community to manage the device.
Configuring an SNMP trap receiver is not necessary for the discovery process but
can provide useful feedback to IMC regarding the switch. Once IMC discovers a
device, it can set itself as an SNMP trap receiver.
Telnet access is also not needed for the discovery process, but you might want to
configure it so that you can configure the switches remotely as needed. (SSH is the
more secure alternative, covered in the Management Appendix.)
2 –4 Rev. 11.12
Switch Management
Management scenario
g 1a—Cisco
Conf t
1 System name
hostname corpabc-1-2
2 IP address through DHCP IMC
Interface vlan 1 10.1.1.100
ip address dhcp
no shut
3 SNMP v2c community
snmp-server community imc-access rw
4 SNMP traps
snmp-server enable traps
snmp-server source-interface loopback 0
snmp-server host 10.1.1.100 version 2c public
5 Telnet without authentication
line vty 0 4
no login
privilege level 15
When is a source-interface useful?
Figure 2-3: Management scenario 1a—Cisco
Q: When is a source interface useful?

_________________________________________________________________________
_________________________________________________________________________
_________________________________________________________________________
_________________________________________________________________________
_________________________________________________________________________
Note
Setting up Telnet access without authentication, as shown above, will allow you
to access a Cisco switch remotely and log in without a password. This can be
insecure, so in a real-world situation, you would either set a password or set the
privilege level lower for the interface without authentication.
Rev. 11.12 2 –5
Management scenario
g 1b—HP A-Series
system-view
1 System name
sysname corpabc-1-3
2 IP address through DHCP
Interface vlan 1
ip address dhcp-alloc
quit
snmp-agent trap-source vlan-interface 1
snmp-agent sys-info version v2c
snmp-agent community write imc-access
4 SNMP trap receiver
snmp-agent target-host trap address udp-domain 10.1.1.100
params securityname public V2C
telnet server enable
user-interface vty 0 15
authentication-mode none
user privilege level 3
quit
What does user privilege level 3 mean?
Figure 2-4: Management scenario 1b—HP A-Series
Q: What does user privilege level 3 mean?

_________________________________________________________________________
_________________________________________________________________________
_________________________________________________________________________
_________________________________________________________________________
Note
A-Series switches have four command and privilege levels: visitor, monitor,
system, and manager. These levels are numbered 0-3, respectively. By default,
the command level for a user console interface is 3, and for all other interfaces it
is 0.
2 –6 Rev. 11.12
Switch Management
Management scenario
g 1c—HP E-Series
1 System name
hostname corpabc-2-4
2 IP address through DHCP
vlan 1 ip address dhcp ! Default
no snmp-server community public
snmp-server community imc-access manager unrestricted
4 SNMP trap receiver
snmp-server host 10.1.1.100 public
snmp-server trap-source loopback 0
! telnet access is permitted without passwords
! And provide access to privileged level
Why not configure a read-only community?
Figure 2-5: Management scenario 1c—HP E-Series
Q: Why not configure a read-only community?

_________________________________________________________________________
_________________________________________________________________________
_________________________________________________________________________
_________________________________________________________________________
_________________________________________________________________________
_________________________________________________________________________
_________________________________________________________________________
In the final setup you will configure:

 A read-only community for SNMP management platforms that allows you to view
information and monitor the switch’s status
 A read-write community for SNMP management platforms, such as IMC, which
allows you to configure settings, and manage firmware
Rev. 11.12 2 –7
Setting up a DHCP server on an HP A-Series switch
dhcp enable
dhcp server ip-pool vlan1-pool

network 10.1.1.0 24
gateway-list 10.1.1.1
dns-list 10.1.1.20
domain-name corpabc.com
quit
dhcp server forbidden-ip 10.1.1.1 10.1.1.4
Figure 2-6: Setting up a DHCP server on an HP A-Series switch
Q1: Why would you configure a DHCP server on an A-Series switch?

_________________________________________________________________________
_________________________________________________________________________
_________________________________________________________________________
_________________________________________________________________________
Q2: Why would you use a DHCP server to assign IP address to your switches? You
usually configure static IP addresses on switches.
_________________________________________________________________________
_________________________________________________________________________
_________________________________________________________________________
For example, suppose you need to replace a defective switch. If you preconfigure the
switch with the basic parameters outlined in this scenario, it will automatically
acquire an IP address and be discovered by IMC when it is plugged in to the
network. (The IP address can also be found through the LLDP display.) This will allow
remote configuration and management of the switch.
Later you can apply an IMC configuration template that sets the IP address for all
devices.
2 –8 Rev. 11.12
Switch Management
IMC discovery—1
Add an SNMP Template
1. Add an SNMP template that contains SNMP communities (or

SNMPv3 settings).
2. Multiple SNMP templates can be used by Auto-Discovery
mechanisms.
Figure 2-7: IMC discovery—1
The next several pages describe the basic steps to set IMC to discover the devices
that have been added to the network.
The first step is to create an SNMP template that contains one of the following:
 An SNMP v2c communities (read-only and read-write)
 An SNMP v3 group, a user associated with that group, and authentication and
encryption methods
Multiple templates can be created to be used by IMC to discover all devices or those
within a given range of IP addresses
_________________________________________________________________________
_________________________________________________________________________
_________________________________________________________________________
_________________________________________________________________________
_________________________________________________________________________
_________________________________________________________________________
_________________________________________________________________________
Rev. 11.12 2 –9
IMC discovery—2
dhcp enable

network 10.1.1.0 mask 255.255.255.0
dns-list 10.1.1.20
quit
3. Set parameters of SNMP template
Here is a sample SNMP v2c template.

The SNMP v2c template contains:
 Read-Only community string
 Read-Write community string
An SNMP v3 template contains:
 SNMPv3 group
 SNMPv3 user
 Authentication method and password (for example, Message Digest 5 [MD5] or
Secure Hash Algorithm [SHA])
 Encryption method and password (for example, Advanced Encryption Standard
[AES] 128 or Digital Encryption Standard [DES] 56)
2 –10 Rev. 11.12

Switch Management
IMC discovery—3
Four modes for auto-discovery
4. Select Auto-Discovery method.
What are the discovery methods? Pro and cons of each?
IMC supports four modes of auto discovery, which determine how IMC searches for
devices:
1. Routing-Based
IMC reads the routing table of the “seed” router and explores all the nodes in all
IP subnets discovered in the routing table.
 Pros: Full automatic discovery of the network.
 Cons: If the routing table is large, discovery could take hours or even days.
The routing table may be much larger than the network to be discovered.
 Recommendation: Use when the network is limited to one, or a few small, IP
subnets.
2. ARP-Based
ARP reads the ARP table of the main device to find nodes.
 Pros: The search is restricted to active devices of local IP subnets as found
on a routing switch, so the search is quicker.
 Cons: If devices are not active in IP, they may not be found. Also, if the ARP
table is populated with many IP end nodes, the search can be time
consuming.
 Recommendation: Use for a quicker search.
Rev. 11.12 2 –11

3. IPSec VPN-Based
IMC scans the IP addresses on the remote end of IPSec VPN.
 Pros: The search focuses on remote devices related to IPSec VPN.
 Cons: May be time consuming if remote networks are large.
 Recommendation: Use with IPSec VPN remote networks
4. Network-Segment Based
You enter specific ranges of IP addresses to reduce scope of the IMC search.
 Pros: You can target the “management VLAN”IP subnets, the IP ranges in
which devices are set (for example, the first 10 IP addresses of the subnet).
This can increase discovery efficiency
 Cons: Requires more manual configuration.
 Recommendation: Use with large networks. Use when the range of IP
addresses of network devices is known. Use to decrease discovery time.
Note
Manual discovery is always possible.
2 –12 Rev. 11.12

Switch Management
IMC discovery—4 y
5. How to discover devices:
- IP range
- SNMP templates
- Telnet and SSH templates
dhcp enable

network 10.1.1.0 mask 255.255.255.0
dns-list 10.1.1.20
quit
This figure shows the IMC window on which you define Network Segment-Based
auto-discovery. Configuration tasks include:
 Configure a range of IP addresses to be discovered. This step is required.
 If you want to use your devices’ loopback interface IP addresses as the
management addresses, select the check box.
 Select the Automatically register to receive SNMP traps from supported devices
check box.
 Configure the type of login: Telnet or SSH.
 Configure the SNMP settings. You can use pre-defined SNMP templates or
define SNMP parameters manually. This step is required.
 Configure the parameters for connecting to the switches using either SSH or
Telnet.
Rev. 11.12 2 –13

IMC discovery—5
Devices discovered through SNMP
This is how IMC lists the auto-discovered devices.
2 –14 Rev. 11.12

Switch Management
Advanced and secured management

In the next section, you will review how to secure management access to HP A-Series,
HP E-Series, and Cisco switches. In the space provided below, list the management
access methods that are secure and those that are not secure.
Notes
_________________________________________________________________________
_________________________________________________________________________
_________________________________________________________________________
_________________________________________________________________________
_________________________________________________________________________
_________________________________________________________________________
_________________________________________________________________________
_________________________________________________________________________
_________________________________________________________________________
_________________________________________________________________________
_________________________________________________________________________
_________________________________________________________________________
_________________________________________________________________________
_________________________________________________________________________
_________________________________________________________________________
_________________________________________________________________________
_________________________________________________________________________
_________________________________________________________________________
Rev. 11.12 2 –15

– Goals:
• Make devices manageable
• Createa secured infrastructure, which
requires secured devices
What settings would you recommend to make switches

manageable and secured?
Figure 2-12: Management scenario 2
In scenario 2, you will concentrate on creating secured configurations for switches.

What settings would you recommend to make switches manageable and secured?
_________________________________________________________________________
_________________________________________________________________________
_________________________________________________________________________
_________________________________________________________________________
_________________________________________________________________________
_________________________________________________________________________
_________________________________________________________________________
_________________________________________________________________________
_________________________________________________________________________
_________________________________________________________________________
_________________________________________________________________________
2 –16 Rev. 11.12

Switch Management
Management scenario
g
2 (cont.)( )
1 Encrypting passwords
2 Time protocol client
3 Syslog services
4 SSH V2.0
5 Secured access
• Local authentication
6 SNMP v3
How do you secure management access?
Figure 2-13: Management scenario 2 (cont.)
Now you need to select the features needed to complete the configuration.
 The device needs to be fully manageable
 The access needs to be secure
Examine the following features to make the device and the configuration secure:
 Encryption of passwords in the configuration process
 SSH access
 SNMP v3
 Authentication of username and passwords, but only at one level
Due to the time constraints of the course, only a limited number of features can be
covered. However, you should be aware of some other features, including:
 Secure Socket Layer (SSL)
 Console access
 Access Control Lists (ACLs) to restrict access to devices (access class, ACL with
SNMP communities)
 Authentication of NTP
 Hardening switch configuration (such as closing ports or disabling switches)
Rev. 11.12 2 –17

Consider your own switch management practices:

 What management features do you always configure on your devices?
 Why do you choose these management features?
 To harden configuration?
 To make deployment and maintenance easier?
 For automation or scalability?
 To access more information from the device?
 To secure management access?
_________________________________________________________________________
_________________________________________________________________________
_________________________________________________________________________
_________________________________________________________________________
_________________________________________________________________________
_________________________________________________________________________
_________________________________________________________________________
_________________________________________________________________________
_________________________________________________________________________
_________________________________________________________________________
_________________________________________________________________________
_________________________________________________________________________
_________________________________________________________________________
_________________________________________________________________________
_________________________________________________________________________
_________________________________________________________________________
2 –18 Rev. 11.12

Switch Management
Management scenario 2a—Cisco

1
Encrypt passwords
Service password-encryption
2 Set time with NTP, time zone, and summertime

ntp server 10.1.1.100 What does this command do?
clock timezone gmt1 1
clock summer-time GMT1 recurring last Sun Mar 1:00 last Sun Oct 1:00 60
3 Setting syslog server and info log level

Logging host 10.1.1.100
Logging alarm notifications
service timestamps log datetime localtime
What commands do you use to access logging on the terminal?
Figure 2-14: Management scenario 2a—Cisco
In this Cisco switch configuration, note the following command:

clock timezone gmt1 1
 This command sets the timezone. Note that gmt1 does not configure the
timezone; rather this option is a name that displays for the timezone setting. You
can select any name (up to seven characters.)
 The next option actually sets the timezone. In this example, it is the positive offset
to the coordinated universal time (UTC). For a negative offset, use the –
character:
clock timezone PT -8
Use the clock summer-time recurring command to set the system to annually adjust
for Daylight Saving Time.
 In Western Europe, Daylight Saving Time starts on the last Sunday in March and
ends the last Sunday in October at 1 a.m.
 One hour is added when summertime starts and deducted when summertime
ends.
clock summer-time GMT1 recurring last Sun Mar 1:00 last Sun Oct
1:00 60
 In the USA, Daylight Saving Time begins the second Sunday in March and ends
the first Sunday in November. (Note that the states of Hawaii and Arizona do
not observe Daylight Saving Time.)
Rev. 11.12 2 –19

clock summer-time GMT1 recurring 2 Sun Mar 1:00 first Sun Nov 1:00
60
What command do you use to access logging on the terminal?

_________________________________________________________________________
_________________________________________________________________________
_________________________________________________________________________
Use the following command as a precaution against your input being interrupted by
a large amount of system output:
Cisco# conf t
Cisco(config)# line vty 04
Cisco(config)# logging synchronous
Cisco(config)# exit
With this feature enabled, you can continue your operations from the point where
you were interrupted.
You should also specify the name or number of the severity level where messages
should be automatically logged by the system. Messages at, or numerically lower,
than the specified level will be logged.
Severity values
Severity Severity Value Description
Emergencies 0 The system is unavailable
Alerts 1 Immediate action required
Critical 2 Critical information
Errors 3 Error warning
Warnings 4 Warnings
Notifications 5 Information that the system
administrator should be aware of
Informational 6 Information to be recorded
Debugging 7 Debugging information
The default level varies according to the platform you are using, but is generally 7.
Level 7 means that messages at all levels (0-7) are logged to the buffer.
2 –20 Rev. 11.12

Switch Management
Management scenario 2a—Cisco (cont.)

4 Generate key pair, enable SSH server, and disable Telnet access
crypto key generate rsa usage-keys modulus 1024
ip ssh version 2
line vty 0 4
transport input ssh
exit
5 Set authentication mode to AAA – default authentication : local user

line vty 0 4
login local
exit
Define local user and privilege level, associated services

username admin123 privilege 15 password verysecret
How will admin123 log in to the switch?
Figure 2-15: Management scenario 2a—Cisco (cont.)
Q: How will admin123 log in to the switch?

_________________________________________________________________________
_________________________________________________________________________
_________________________________________________________________________
_________________________________________________________________________
It could be argued that this authentication method is not secure because it uses one
password and not two. However, security can be enhanced by implementing the
following password policies:
 Longer passwords—10 characters minimum (or use of a passphrase)
 Regular password rotation
 Timeout between failed logins (to reduce the risks of dictionary attacks)
 Authentication to a RADIUS server
There is no specific command to disable the Telnet server. To limit remote access to
the switch to SSH, use these commands:
line vty 0 4
transport input ssh
exit
If a user is defined with the embedded level 15, that user directly accesses the enable
level when entering credentials with SSH. The user does not need to enter a
command to move to the enable level.
Rev. 11.12 2 –21


6
SNMP
SNMP trap and trap receiver

snmp-server source-interface trap loopback 0
snmp-server enable trap
snmp-server host 10.1.1.100 version 2c public
Disable trap on link up/down

Interface range GigabitEthernet1/0/1 - 46
no snmp trap link-status
What is the purpose of this command?
Figure 2-16: Management scenario 2a—Cisco (cont.)
What is the purpose of the no snmp trap link-status command?

_________________________________________________________________________
_________________________________________________________________________
_________________________________________________________________________
_________________________________________________________________________
Should SNMP v2 or SNMP v3 be used to send the trap? SNMP v2 has been used
here, but the trap could also be sent using SNMP v3:
Cisco(config) # snmp-server host 10.0.100.21 version 3 auth
test
The setup can also be achieved via IMC itself during device discovery (this is an
option in IMC and PCM+) or after.
IMC is the recommended method because:
 The setup will be homogeneous for all devices
 Passwords can be changed through IMC on a regular basis
 IMC maintains synchronization of changed authentication passwords and
methods in devices and its database
2 –22 Rev. 11.12

Switch Management

6
SNMP v3
snmp-server engine-id local ABCD123456
Create a SNMPv3 group

snmp-server group admin3group v3 auth
Create a SNMPv3 user

snmp-server user clara3 admin3group v3 auth sha verysecret
priv aes 128 supersecret
SNMP contact and location info

snmp-server location “phone-closet,3rd-floor,bldg A”
snmp-server contact “Charly Shapo, 3033”
Figure 2-17: Management scenario 2-a—Cisco (cont.)
To set up SNMPv3 on a Cisco switch, you must:

 Define its engine ID
 Create an SNMPv3 group
Then you can specify:
 A user for the group
 The user’s authentication method and password
 The user’s encryption method and password
Below are the options for the SNMPv3 groups:
Cisco(config)#snmp-server group admin3group v3 ?
Auth group using the authNoPriv Security Level
noauth group using the noAuthNoPriv Security Level
priv group using SNMPv3 authPriv security level
To set an SNMP trap receiver in v3, use the following command:
Cisco(config)#snmp-server host 10.0.100.21 version 3 auth
usm-user
Rev. 11.12 2 –23

Management scenario
g 2b—HP A-Series
Use “cipher” keyword every time a password is entered
2 Setting time with NTP, timezone, and summertime

ntp-service unicast-server 10.1.1.101 What does this command do?
clock timezone GMT1 add 01:00:00
clock summer-time western-europe repeating 01:00:00 2010 March
last Sunday 01:00:00 2010 October last Sunday 01:00:00
3 Setting syslog server and information log level

info-center enable
info-center loghost 10.1.1.200
info-center source default channel loghost log level information
info-center source default channel loghost trap level information
info-center source default channel loghost debug state off
What commands do you use to access logging on terminal

and to set level of information displayed?
Figure 2-18: Management scenario 2-b—HP A-Series
Q1: What does the ntp-service unicast-server command do?

_________________________________________________________________________
_________________________________________________________________________
_________________________________________________________________________
You can define multiple NTP servers, specifying the authentication and version levels.
You can also set your preferred NTP server with a priority keyword.
ntp-service unicast-server 10.1.1.101 priority
ntp-service unicast-server 10.1.1.100
To set the timezone, enter:
clock timezone GMT1 add 1:00:00
Note that GMT1 is an arbitrary timezone name. The add 01:00:00 option in this
command instructs the device to add one hour to the UTC, which is the default time
on the switch. Time changes are specified using the hh:mm:ss format. If you need to
set the clock to a zone that falls before the UTC, use the minus command:
clock timezone PT minus 08:00:00
Q2: What does the clock summer-time command highlighted in this figure do?
_________________________________________________________________________
_________________________________________________________________________
2 –24 Rev. 11.12

Switch Management
Use the clock summer-time repeating command to set the system to annually adjust
for Daylight Saving Time.
 In Western Europe, Daylight Saving Time starts on the last Sunday in March and
ends the last Sunday in October at 1:00 a.m.
d.
One hour is added when summertime starts and deducted when it ends.
ite

ib
clock summer-time GMT1 recurring last Sun Mar 1:00 last Sun Oct
oh
1:00 60
pr
In the USA, Daylight Saving Time begins the second Sunday in March and ends
is

the first Sunday in November. (Note that the states of Hawaii and Arizona do
n
io
not observe Daylight Saving Time.)
s
is
m
clock summer-time GMT1 recurring 2 Sun Mar 1:00 first Sun Nov 1:00
er
60
tp
Q3: What commands can you use to access logging on the terminal?
ou
_________________________________________________________________________
ith
w
rt
_________________________________________________________________________
pa
n
_________________________________________________________________________
i
or
e
_________________________________________________________________________
l
ho
w
in
Note the following helpful commands:

n
tio
<hp> info-center synchronous

c
du
Use this command as a precaution against your input being interrupted by a large
ro
amount of system output. With this feature enabled, you can continue your
ep
operations from the point where you were interrupted.

.R
To set the level of information, use the following command:

ly
on
info-center source default channel console log level

se
informational
u
To display the buffer log, use this command:

er
ld
display logbuffer [ reverse ]

ho
ke
You can then explore all the available options by entering ?.

a
St
To enable the transmission of syslog messages to the syslog server, enter the
following commands.
&L
C
info-center enable
P
H
info-center loghost <a.b.c.d>

Replace <a.b.c.d> with the IP address of the syslog server. In the example, 10.1.1.100
is the IP address of the syslog server.
Rev. 11.12 2 –25

By default, the log level for syslog is set to information. You can change this setting
using the following commands:
info-center source default channel loghost log level alerts
info-center source default channel loghost debug level
d.
debugging
ite
ib
info-center source default channel loghost trap level alerts
oh
You can select from one of the following levels:
pr
is
0 = emergencies – System is unusable
n
io
1 = alerts – Immediate action required
s
is
2 = critical – Critical condition
m
er
3 = errors – Error conditions exist
tp
ou
4 = warnings – Warning condition
ith
5 = notifications – Normal but significant conditions
w
rt
6 = informational – Informational system messages
pa
7 = debugging – Debugging messages
i n
or
On an A-Series switch, there are ten information channels, ranging from 0 to 9. Each
e
channel is assigned to a different output destination, as shown in the table below.

l
ho
Output Destination Information Channel Default Channel Name

w
in
console 0 console
n
monitor terminal 1 monitor

tio
log hostl 2 loghost

c
du
trap buffer 3 trapbuffer

log buffer 4 logbuffer 1-2
ro
SNMP module 5 snmpagent

ep
log file 9 channel9

.R
ly
on
You will more about these channels as you learn about the information center on the
se
next slide.
u
As you did for the Cisco switches, you can prevent ports from generating link
er
ld
up/down log information. For example, to disable port GigabitEthernet 3/0/1 from
ho
generating link up/down logging information, enter:

ake
<HP-A> system-view
St
[HP-A] interface GigabitEthernet 3/0/1

&L
[HP-A-GigabitEthernet3/0/1] undo enable log updown

C
P
H
2 –26 Rev. 11.12

Switch Management
Information center on HP A-Series switches

The
The Source The System
Processes Outputs
d.
Information
ite
ib
default console
oh
ospf monitor
log level 0-7
info-center source pim channel loghost
pr
debug
stp logbuffer state on |off
trap
is
. . . logfile
n
snmpagent
io
. . .
s
is
m
er
tp
Figure 2-19: Information center on HP A-Series switches
ou
Introduction to information center
ith
w
Acting as the system information hub, the information center classifies and manages
rt
pa
system information, offering powerful support for network administrators and
developers in monitoring network performance and diagnosing network problems.
i n
or
The following describes the working process of information center:
l e
ho
 Receives the log, trap, and debugging information generated by each module
w
 Outputs the information according to user-defined parameters

in
n
 Outputs the information to different destinations based on the information

tio
channel-to-destination associations
c
du
In sum, the information center assigns the log, trap and debugging information to the
ro
10 information channels according to the eight severity levels and then outputs the
ep
information to different destinations.

.R
ly
The following describes this process in detail:

on
Classification of system information

use
The system information of the information center falls into three types:
er
ld
Log information
ho

ke
 Trap information
a
St
 Debugging information
&L
C
P
H
Rev. 11.12 2 –27

Eight levels of system information

The information is classified into eight levels by severity. The severity levels in the
descending order are emergencies, alerts, critical, errors, warnings, notifications,
informational, and debugging. When the system information is output by level, the
d.
information with severity level higher than or equal to the specified level is output. For
ite
example, in the output rule, if you configure to output information with severity level
ib
oh
being notifications, the information with severity level being emergencies through
pr
notifications is logged.
is
Severity values
n
io
Severity Severity Value Description
s
is
m
Emergencies 0 The system is unavailable
er
Alerts 1 Immediate action required
tp
Critical 2 Critical information
ou
Errors 3 Error warning
Warnings 4 Warnings
ith
Notifications 5 Information that the system administrator
w
should be aware of
rt
pa
Informational 6 Information to be recorded
Debugging 7 Debugging information
i n
or
e
Seven output destinations and ten channels of system information

l
ho
w
A-Series switches support seven information output destinations, including the

in
console, monitor terminal (monitor), log buffer, log host, trap buffer, SNMP module
n
and log file.

c tio
These switches also support ten channels. The seven channels 0 through 5, and
du
channel 9 are configured with channel names, output rules, and are associated with
ro
ep
output destinations by default. The channel names, output rules and the associations
.R
between the channels and output destinations can be changed through commands.
ly
You can configure channels 6, 7, and 8 without changing the default configuration of
on
the seven channels.

u se
er
ld
ho
ake
St
&L
C
P
H
2 –28 Rev. 11.12

Switch Management
Ten channels of system information

Channel Default Default Output Description
Number Channel Name Destination
0 console console Receives log, trap and debugging
d.
information
ite
1 monitor monitor Receives log, trap and debugging
ib
information, facilitating remote
oh
maintenance.
pr
2 loghost log server Receives log, trap and debugging
is
information and information will be
n
stored in files for future retrieval
sio
3 trapbuffer trap buffer Receives trap information, a buffer inside
is
the router for recording information.
m
4 logbuffer log buffer Receives log and debugging information,
er
a buffer inside the router for recording
tp
information.
ou
5 snmpagant SNMP mod. Receives trap information.
ith
6 channel6 non spec. Receives log, trap, and debugging
w
information.
rt
pa
information.
n
i
or
information.
l e
ho
information.
w
in
Default output rules of system information

n
tio
All log information is allowed to be output to the log file.

c
du
Log information with severity level equal to or higher than informational is

ro

ep
allowed to be output to the log host.

.R
 Log information with severity level equal to or higher than warnings is allowed to
ly
be output to the console, monitor terminal, and log buffer.

on
Log information is not allowed to be output to the trap buffer and the SNMP
se

u
module.
er
All trap information is allowed to be output to the console, monitor terminal, log host
ld
ho
and log file.

ke
Trap information with severity level equal to or higher than warnings is allowed
a

St
to be output to the trap buffer and SNMP module.

&L
 Trap information is not allowed to be output to the log buffer.

C
P
H
Rev. 11.12 2 –29

All debugging information is allowed to be output to the console and monitor

terminal.
 Debugging information is not allowed to be output to the log host, log file, log
buffer, trap buffer and the SNMP module.
d.
The default output rules define the source modules allowed to output information on
ite
ib
each output destination, the output information type, and the output information level.
oh
info-center source
pr
is
To access the information center, use the following command:
n
io
info-center source [{ module-name | default } channel {
s
is
channel-number | channel-name } [ debug{ level severity |
m
state state } * | log { level severity | state state } * |
er
trap { level severity | state state }]*
tp
ou
Parameters:
ith
 module-name
w
Specifies the output rules of the system information of the specified modules. For
rt
pa
instance, if information on the ARP module is to be output, you can configure
this argument as ARP. You can use the info-center source ? command to view
i n
or
the modules supported by the device.
e
default
l
ho
This specifies the output rules of the system information of all the modules
w
allowed to output the system information, including all modules displayed using
in
the info-center source ? command.

n
tio
debug
c

du
Displays debugging information.

ro
ep
 log
.R
Displays log information.

ly
trap
on
Displays trap information.

u se
 level severity
er
Specifies the severity of system information to be allowed/denied output.

ld
ho
ake
St
&L
C
P
H
2 –30 Rev. 11.12

Switch Management
You can use the display info-center command to view the operational status of
information center, the configuration of information channels, and the format of the
time stamp.
[S5800(4)]display info-center
d.
Information Center:enabled
ite
ib
Log host:
oh
10.1.1.100, port number : 514, host facility : local0,
pr
channel number : 2, channel name : loghost
is
n
Console:
sio
channel number : 0, channel name : console
is
m
Monitor:
er
channel number : 1, channel name : monitor
tp
ou
SNMP Agent:
ith
channel number : 5, channel name : snmpagent
w
Log buffer:
rt
pa
enabled,max buffer size 1024, current buffer size 512,
n
current messages 512, dropped messages 0, overwritten messages
i
or
60
e
channel number : 4, channel name : logbuffer

l
ho
w
Trap buffer:
in
enabled,max buffer size 1024, current buffer size 256,

n
tio
current messages 61, dropped messages 0, overwritten messages 0

c
channel number : 3, channel name : trapbuffer

du
ro
logfile:
ep
channel number:9, channel name:channel9

.R
syslog:
ly
on
channel number:6, channel name:channel6

se
Information timestamp setting:

u
log - date, trap - date, debug - date,

er
ld
loghost – date
ho
ake
St
&L
C
P
H
Rev. 11.12 2 –31

Management scenario
g 2b—HP A-Series (cont.)
4 Generate key pair and enable SSH server
public-key local create rsa
Any drawback to disabling Telnet?
d.
ssh server enable
ite
Undo telnet server enable
ib
5 Set authentication mode to AAA – Default auth. : local user
oh
user-interface vty 0 4
pr
authentication-mode scheme Is this command required?
is
protocol inbound ssh
user privilege level 3
What would you recommend?
n
io
quit
s
is
Define local user and privilege level, associated services
m
local-user admin123
er
password cipher verysecret
tp
service-type ssh
authorization-attribute level 3
ou
quit
ith
What user characteristic is supported on these switches but not on Cisco?
w
rt
pa
Figure 2-20: Management scenario 2-b—HP A-Series (cont.)
Q1: Is there any drawback to disabling Telnet? i n

or
_________________________________________________________________________
l e
ho
w
_________________________________________________________________________
in
n
_________________________________________________________________________
c tio
du
_________________________________________________________________________
ro
ep
_________________________________________________________________________
.R
ly
on
To start the SSH V2 client, enter:

se
<hp> ssh2 10.214.50.51

u
er
Q2: Is the user privilege level 3 command required? Explain your answer.
ld
ho
_________________________________________________________________________
ake
_________________________________________________________________________
St
&L
_________________________________________________________________________
C
P
H
_________________________________________________________________________
_________________________________________________________________________
2 –32 Rev. 11.12

Switch Management
Q3: What would you recommend instead of the user privilege level 3 command?
_________________________________________________________________________
_________________________________________________________________________
d.
ite
_________________________________________________________________________
ib
oh
_________________________________________________________________________
pr
is
n
_________________________________________________________________________
sio
is
m
Command levels on A-Series switches are divided into four levels, visitor, monitor,
er
system, and manager, corresponding to the numbers 0-3, respectively. The system
tp
administrator can change the command level of a user if necessary. The default
ou
command level for the console user interface is 3, and 0 for the other user interfaces.
ith
w
Q4: What user characteristic is supported on HP A-Series switches but is not
rt
available on Cisco?
pa
_________________________________________________________________________
i n
or
e
_________________________________________________________________________
l
ho
w
_________________________________________________________________________
in
n
tio
_________________________________________________________________________
c
du
_________________________________________________________________________
ro
ep
.R
Q5: What is the meaning of “cipher” in “password cipher verysecret”?

ly
on
_________________________________________________________________________
use
er
_________________________________________________________________________
ld
ho
_________________________________________________________________________
ake
St
_________________________________________________________________________
&L
C
_________________________________________________________________________
P
H
_________________________________________________________________________
Rev. 11.12 2 –33

Management scenario 2b—HP A-Series (cont.)

6
SNMP
d.
SNMP trap and trap receiver
ite
snmp-agent trap source loopback 0
ib
snmp-agent trap enable
oh
snmp-agent target-host trap address udp-domain 10.1.1.100
pr
udp-port 5000 params securityname public v3
is
Disable trap for link up/down
n
Interface gigabitethernet 1/0/10
io
Undo enable snmp trap updown
s
is
Disable SNMP trap on link up/down globally
m
er
Undo snmp-agent trap enable standard linkup-linkdown
tp
Extend the standard linkup/linkdown traps defined in RFC
ou
snmp-agent trap if-mib link extended
ith
w
Figure 2-21: Management scenario 2-b—HP A-Series (cont.)
rt
pa
To enable an interface to send linkup/linkdown traps when its state changes, you
n
need to enable the trap function both on the interface and globally.
i
or
Use these commands to enable or disable the trap function on an interface:
l e
ho
interface gigabitethernet 1/0/10

w
in
enable snmp trap updown

n
undo enable snmp trap updown

c tio
Use this command to enable this function globally:

du
ro
snmp-agent trap enable[ standard [ linkdown | linkup ] * ]

ep
To extend the standard linkup/linkdown traps defined in RFC:

.R
ly
snmp-agent trap if-mib link extended

on
An extended linkup/linkdown trap is the standard linkup/linkdown trap appended

se
with interface description and interface type information. IMC supports the extended
u
messages (if you are using a different network management system [NMS], disable
er
this function to let the device send standard linkup/linkdown traps.)

ld
ho
ake
St
&L
C
P
H
2 –34 Rev. 11.12

Switch Management

6
Enable SNMP v3 (continue)
snmp-agent
d.
snmp-agent sys-info version v3
ite
Create a SNMPv3 group
ib
snmp-agent group v3 admin3group
oh
Create a SNMPv3 user
pr
snmp-agent usm-user v3 clara3 admin3group authentication-mode sha
authkey privacy-mode aes128 prikey
is
n
SNMP contact and location information
io
snmp-agent sys-info contact Mr. Smith :+1 510 234 4849
s
is
snmp-agent sys-info location phone-closet,3rd-floor,bldg A
m
er
tp
Figure 2-22: Management scenario 2b—HP A-Series (cont.)
ou
ith
To configure the agent in SNMP v3, complete the following steps:
w
1. Configure an SNMP group.
rt
pa
2. Configure a user associated with that group, authentication mode and
password, and the encryption mode and password. i n
or
The configuration is very similar to that on a Cisco switch.
l e
ho
snmp-agent group v3 group-name [ authentication | privacy ] [

w
read-view read-view ] [ write-view write-view ] [ notify-view

in
notify-view ] [ acl acl-number ]

n
tio
snmp-agent usm-user v3 user-name group-name [ [ cipher ]

c
du
authentication-mode { md5 | sha } auth-password [ privacy-

ro
mode { 3des | aes128 | des56 } priv-password ] ] [ acl acl-

ep
number ]
.R
Alternatively you can set a group with restricted MIB right access:
ly
on
For example, the user can read and write the objects under the interface node with
the OID of 1.3.6.1.2.1.2, and cannot access other MIB objects.
u se
Set the user name to managev3user, authentication protocol to md5, authentication

er
key to authkey, the privacy protocol to DES56, and the privacy password to prikey.
ld
ho
<Sysname> system-view
ake
[Sysname] undo snmp-agent mib-view ViewDefault

St
[Sysname] snmp-agent mib-view included test interfaces

&L
[Sysname] snmp-agent group v3 managev3group read-view test

C
write-view test
P
H
[Sysname] snmp-agent usm-user v3 managev3user managev3group

authentication-mode md5 authkey privacy-mode des56 prikey
Rev. 11.12 2 –35

Configuring SNMP NMS

SNMPv3 uses an authentication and privacy security model. On the NMS, the user
needs to specify the username and security level, and based on that level, configure
the authentication mode, authentication password, privacy mode, and privacy
d.
password. In addition, the timeout time and number of retries should also be
ite
configured. The user can inquire and configure the device through the NMS.
ib
oh
pr
is
n
sio
is
m
er
tp
ou
ith
w
rt
pa
i n
or
l e
ho
w
in
n
c tio
du
ro
ep
.R
ly
on
u se
er
ld
ho
ake
St
&L
C
P
H
2 –36 Rev. 11.12

Switch Management
Management scenario 2c—HP E-Series

conf t
d.
include-credentials
ite
ib
2 Setting time with SNTP, timezone, and summertime
oh
timesync sntp
pr
sntp unicast
sntp server 10.1.1.100
is
time timezone 60 daylight-savings western-europe
n
io
3 Setting the syslog server and log level
s
is
logging server 10.1.1.100
m
logging severity informational
er
tp
What command displays logging on the terminal? Logging buffer?
ou
ith
Figure 2-23: Management scenario 2c—HP E-Series
w
rt
This slide shows a similar configuration on HP E-Series switches.
pa
The include-credentials command enables various security settings to be included
i n
and viewed in the running-configuration instead of flash only. These settings include:
or
e
Local manager/operator usernames and passwords for switch access

l

ho
802.1X port-access username and password for switch access

w

in
 SSH client public keys for switch access

n
tio
 RADIUS and TACACS+ shared secrets

c
du
When you enter the include-credentials keywords, the following cautions and
ro
prompts are displayed:

ep
.R
**** CAUTION ****

You have invoked the command 'include-credentials' for the first time. This
ly
action will make irreversible changes to the password and ssh public-key
on
storage.
It will affect *all* stored configurations, which might need to be updated.
se
Those credentials will no longer be readable by older software revisions.

u
It also may break some of your existing user scripts. Continue?[y/n] y

er
**** CAUTION ****

This will insert possibly sensitive information in switch configuration files,
ld
and as a part of some CLI commands output. It is strongly recommended that you
ho
use sftp rather than tftp for transfer of the configuration over the network,
ke
and that you use the web configuration interface only with SSL enabled.
Proceed?[y/n]y
a
St
&L
C
P
H
Rev. 11.12 2 –37

Switch Management
Management scenario 2c—HP E-Series (cont.)

4
Generate key pair and enable SSH server (default)
crypto key generate ssh rsa
d.
ip ssh (default)
ite
no telnet
ib
oh
5 Set local users (only manager and operator level)
pr
password manager user-name admin123 plaintext verysecret
is
n
Figure 2-24: Management scenario 2-c—HP E-Series (cont.)
io
s
is
SSH v2 is enabled by default on HP E-Series switches, but you must generate a key
m
pair.
er
tp
You can define two password levels on E-Series switches:
ou
operator level (read/monitor/user level)
ith

w
hp (config)# password operator plaintext / sha-1
rt
topsecret
pa
manager level (write/privileged/admin level)
n

i
or
hp (config)# password manager plaintext / sha-1
e
verysecret
l
ho
The password you enter determines the management level of your session.
w
in
n
c tio
du
ro
ep
.R
ly
on
use
er
ld
ho
ake
St
&L
C
P
H
Rev. 11.12 2 –39


6 SNMP trap and trap receiver
snmp-server host 10.1.100 public all
d.
snmp-server trap-source vlan 1
ite
Disable trap on link up/down on ports 1 to 46
ib
oh
no snmp-server enable traps link-change 1-46
pr
Disable SNMP trap on all links up/down globally
is
no snmp-server enable traps link-change all
n
ios
is
m
er
tp
ou
On what port do you want to disable snmp trap link up/down?
ith
Figure 2-25: Management scenario 2c—HP E-Series (cont.)
w
rt
pa
Q: On what port do you want to disable SNMP trap link up/down?
n
_________________________________________________________________________
i
or
e
_________________________________________________________________________
l
ho
w
_________________________________________________________________________
in
n
tio
You may choose to disable link traps on all access-layer switch ports, if leaving the
c
du
trap active on uplink ports generates too many events, and enable link traps only on
ro
distribution or core switches.

ep
.R
ly
on
u se
er
ld
ho
ake
St
&L
C
P
H
2 –40 Rev. 11.12

Switch Management

6 Remove SNMP V2 community RW public that is default
no snmp-server community public
d.
ite
Enable SNMP V3 – restrict V2 access to read-only
ib
snmpv3 enable
oh
snmpv3 restricted-access
pr
Create a SNMPV3 User and associate with predefined group managerpriv
is
snmpv3 user clara3 auth sha secret priv aes supersecret
n
io
snmpv3 group managerpriv user clara3 sec-model ver3
s
is
SNMP contact and location info
m
snmp-server contact “Lucas Kett :3306”
er
snmp-server location “telephone-closet,3rd-floor”
tp
ou
Figure 2-26: Management scenario 2c—HP E-Series (cont.)
ith
w
The SNMP v3 predefined group managerpriv allows full read-write access and
rt
requires the user profile to be set with authentication and encryption.
pa
n
There are seven other predefined groups, as shown in the table below. Only the Ver3
i
or
groups are intended for SNMPv3 users.
l e
Group Names Group Access Type Group Read Group Write

ho
w
View View
in
Managerpriv Ver3 Must have ManagerReadView ManagerWriteView

n
Authentication and Privacy

tio
managerauth Ver3 Must have ManagerReadView ManagerWriteView

c
du
Authentication
Operatorauth Ver3 Must have OperatorReadView DiscoveryView
ro
Authentication
ep
operatornoauth Ver3 No Authentication OperatorReadView DiscoveryView

.R
commanagerrw Ver2c or Ver1 ManagerReadView ManagerWriteView

ly
commanagerr Ver2c or Ver1 ManagerReadView DiscoveryView

on
comoperatorrw Ver2c or Ver1 OperatorReadView OperatorReadView

se
comoperatorr Ver2c or Ver1 OperatorReadView DiscoveryView

u
er
To display the SNMP v3 groups, enter:

ld
ho
Switch# show snmpv3 group

ake
St
&L
C
P
H
Rev. 11.12 2 –41

LLDP and CDP

In this section of the module, you will learn about LLDP and CDP.
Which protocol is the industry standard? Are both protocols supported on HP A-
d.
Series, HP E-Series, and Cisco switches?
ite
ib
Notes
oh
pr
_________________________________________________________________________
is
n
_________________________________________________________________________
sio
is
m
_________________________________________________________________________
er
tp
_________________________________________________________________________
ou
ith
_________________________________________________________________________
w
rt
pa
_________________________________________________________________________
i n
or
_________________________________________________________________________
l e
ho
_________________________________________________________________________
w
in
_________________________________________________________________________
n
c tio
_________________________________________________________________________
du
ro
ep
_________________________________________________________________________
.R
_________________________________________________________________________
ly
on
se
_________________________________________________________________________
u
er
_________________________________________________________________________
ld
ho
_________________________________________________________________________
ake
St
_________________________________________________________________________
&L
C
_________________________________________________________________________
P
H
_________________________________________________________________________
2 –42 Rev. 11.12

Switch Management
IEEE 802.1AB LLDP and CDP

LLDP
Default
Enabled
d.
LLDP MIB
HP E-Series
ite
LLDP by default Cisco Cisco
ib
CDP
CDP RX only CDP by default HP E-Series LLDP enabled
oh
CDP
pr
LLDP LLDP
is
LLDP LLDP LLDP
n
io
CDP
s
is
m
er
HP A-Series
tp
HP A-Series
LLDP enabled
LLDP not enabled
ou
CDP Enabled
CDP not enabled
ith
X : not interpreted
w
Figure 2-27: IEEE 802.1AB LLDP and CDP
rt
pa
LLDP has become the industry standard and is implemented by all vendors. However,
i n
you may encounter older equipment that uses CDP. The CDP and LLDP support on
or
each platform is described below.
l e
ho
HP E-Series
w
in
 By default, CDP is enabled on all ports in receive mode only.

n
tio
 Transmission of CDP packets is no longer supported.

c
du
 By default, LLDP is enabled on all ports.

ro
ep
A Cisco switch is visible in the LLDP and CDP MIBs because entries are cross
.R
populated.
ly
HP A-Series
on
se
 Neither LLDP or CDP is enabled by default.

u
When enabled, LLDP is enabled on all ports.

er

ld
CDP can be enabled, as follows:

ho

ke
System-view
a
St
lldp compliance cdp

&L
Int gig 1/0/1

C
lldp compliance admin-status cdp txrx

P
H
The CDP feature is meant to be used with Cisco IP phones that support CDP v2 as
provisioning mechanism. When used with a switch neighbor, this feature does not
send CDP frames. With an IP Phone it works in Tx/Rx.
Rev. 11.12 2 –43

Cisco
 By default, CDP is enabled on all ports.
 Support for LLDP has been introduced on Cisco Catalyst switches series 2950,
3760, 3750 switches running 12.2(37)SE without SNMP support and on Cisco
d.
ite
Catalyst 6500 running 12.2(33)SXH.
ib
oh
pr
is
n
sio
is
m
er
tp
ou
ith
w
rt
pa
i n
or
l e
ho
w
in
n
c tio
du
ro
ep
.R
ly
on
u se
er
ld
ho
ake
St
&L
C
P
H
2 –44 Rev. 11.12

Switch Management
Useful show and display commands

Description Cisco HP A-Series HP E-Series
CDP neighbor
d.
show cdp neighbor / show cdp neighbor
information
ite
Enabled by default
ib
Enabling LLDP lldp run lldp enable
lldp run
oh
display lldp
pr
LLDP neighbor show lldp info
show lldp neighbor neighbor-
information remote
is
information list
Detailed LLDP
n
display lldp
and LLDP-MED show lldp neighbor show lldp info
io
neighbor-
neighbor detail remote all
s
information information
is
Detailed LLDP
m
display lldp
and LLDP-MED
er
show lldp neighbor neighbor- show lldp info
port specific
<port-id> detail information remote <port-id>
tp
neighbor
information interface <port-id>
ou
ith
Figure 2-28: Useful show and display commands
w
rt
Refer to these commands as you set up or troubleshoot LLDP or CDP.
pa
Notes i n
or
_________________________________________________________________________
l e
ho
w
_________________________________________________________________________
in
n
_________________________________________________________________________
c tio
du
_________________________________________________________________________
ro
ep
_________________________________________________________________________
.R
ly
_________________________________________________________________________
on
se
_________________________________________________________________________
u
er
ld
_________________________________________________________________________
ho
ake
_________________________________________________________________________
St
&L
_________________________________________________________________________
C
P
_________________________________________________________________________
H
_________________________________________________________________________
Rev. 11.12 2 –45

Switch Management
Lab debrief
What useful display and show commands did you learn?
____________________________________________________________________
d.
ite
ib
____________________________________________________________________
oh
pr
____________________________________________________________________
is
n
sio
____________________________________________________________________
is
m
er
tp
____________________________________________________________________
ou
ith
What are you key insights? Did you learn anything new?
w
rt
____________________________________________________________________
pa
i n
____________________________________________________________________
or
l e
ho
____________________________________________________________________
w
in
n
____________________________________________________________________
ctio
du
____________________________________________________________________
ro
ep
.R
What were your greatest challenges?

ly
on
___________________________________________________________________
use
___________________________________________________________________
er
ld
ho
___________________________________________________________________
ake
St
___________________________________________________________________
&L
C
P
___________________________________________________________________
H
Rev. 11.12 2 –47

What did you learn that you can apply in a real-world environment?
___________________________________________________________________
___________________________________________________________________
d.
ite
ib
___________________________________________________________________
oh
pr
is
___________________________________________________________________
n
sio
is
___________________________________________________________________
m
er
tp
___________________________________________________________________
ou
ith
___________________________________________________________________
w
rt
pa
i n
or
l e
ho
w
in
n
c tio
du
ro
ep
.R
ly
on
u se
er
ld
ho
ake
St
&L
C
P
H
2 –48 Rev. 11.12

Switch Management
Module 2 summary
In this module, you have learned how to:
 Configure HP A-Series, HP E-Series, and Cisco switches so that they can be
d.
automatically discovered by IMC
ite
ib
 Define parameters to secure access and management of these switches
oh
Enable LLDP to permit mutual link layer discovery
pr

is
Record your key insights below.
n
sio
is
_________________________________________________________________________
m
er
tp
_________________________________________________________________________
ou
ith
_________________________________________________________________________
w
rt
_________________________________________________________________________
pa
i n
_________________________________________________________________________
or
l e
_________________________________________________________________________
ho
w
in
_________________________________________________________________________
n
tio
_________________________________________________________________________
c
du
ro
_________________________________________________________________________
ep
.R
_________________________________________________________________________
ly
on
_________________________________________________________________________
use
_________________________________________________________________________
er
ld
ho
_________________________________________________________________________
ake
St
_________________________________________________________________________
&L
_________________________________________________________________________
C
P
H
_________________________________________________________________________
Rev. 11.12 2 –49

Learning check
Q1: Describe an HP A-Series switch’s support for LLDP and CDP.
_________________________________________________________________________
d.
ite
_________________________________________________________________________
ib
oh
pr
_________________________________________________________________________
is
n
_________________________________________________________________________
sio
is
m
_________________________________________________________________________
er
tp
_________________________________________________________________________
ou
ith
w
Q2: Which parameters does a switch require in order for IMC to discover it?
rt
pa
_________________________________________________________________________
i n
_________________________________________________________________________
or
l e
ho
_________________________________________________________________________
w
in
_________________________________________________________________________
n
tio
_________________________________________________________________________
c
du
ro
_________________________________________________________________________
ep
.R
ly
Q3: You want to force management users for your Cisco and HP A-Series switches to
on
log in to the CLI using SSH. What steps must you complete on each type of switch?
se
_________________________________________________________________________
u
er
ld
_________________________________________________________________________
ho
ke
_________________________________________________________________________
a
St
&L
_________________________________________________________________________
C
P
_________________________________________________________________________
H
_________________________________________________________________________
2 –50 Rev. 11.12

VLANs
Module 3
d.
Module 3 objectives
ite
ib
oh
pr
Configure and verify VLANs on a multivendor network
is

n
Configure HP A-Series and E-Series switches for VLAN interoperability with Cisco
io

s
switches
is
m
Notes
er
tp
_________________________________________________________________________
ou
ith
w
_________________________________________________________________________
rt
pa
_________________________________________________________________________
i n
or
e
_________________________________________________________________________
l
ho
w
in
_________________________________________________________________________
n
ctio
_________________________________________________________________________
du
ro
ep
_________________________________________________________________________
.R
ly
on
_________________________________________________________________________
use
_________________________________________________________________________
er
ld
ho
_________________________________________________________________________
ake
St
_________________________________________________________________________
&L
C
P
_________________________________________________________________________
H
Rev. 11.12 3 –1
Configuring and managing VLANs

In this section of the module, you will review how to create a VLAN on HP A-Series,
E-Series, and Cisco switches. You may want to take a minute and list any differences
d.
you know about the VLAN configuration on each platform.
ite
Notes
ib
oh
_________________________________________________________________________
pr
is
n
_________________________________________________________________________
sio
is
m
_________________________________________________________________________
er
tp
ou
_________________________________________________________________________
ith
w
rt
_________________________________________________________________________
pa
i n
_________________________________________________________________________
or
l e
ho
_________________________________________________________________________
w
in
n
_________________________________________________________________________
c tio
du
_________________________________________________________________________
ro
ep
.R
_________________________________________________________________________
ly
on
_________________________________________________________________________
u se
er
_________________________________________________________________________
ld
ho
ke
_________________________________________________________________________
a
St
&L
_________________________________________________________________________
C
P
H
_________________________________________________________________________
_________________________________________________________________________
3 –2 Rev. 11.12
VLANs
Terminology
Switch Port
Cisco HP A-Series HP E-Series
Role
d.
ite
End nodes:
PCs, printers, and Access port Access port Untagged port
ib
so on
oh
Access port with Untagged in data
pr
Hybrid port
PC + IP Phone auxiliary VLAN VLAN; tagged in
or trunk port
is
(voice) voice VLAN
n
Switch-to-switch
io
with multiple Trunk port Trunk port Tagged port
s
is
VLANs
m
Port channel Bridge aggregation
er
Link aggregation Trunk port
interface interface
tp
ou
Figure 3-1: Terminology
ith
w
On HP A-Series switches, access ports and trunk ports have similar definitions as they
rt
pa
do on Cisco switches. However, by default, trunk ports on HP A-Series switches do
not carry any VLANs; they must be permitted.
i n
or
A hybrid port is a concept specific to HP A-Series switches: like trunk ports, a hybrid
e
port may be assigned to multiple VLANs. The VLANs can be tagged and untagged.
l
ho
On access ports, however, multiple VLANs can be untagged.

w
in
Access, trunk, and hybrid ports on HP A-Series switches

n
tio
Note that the default VLAN on HP A-Series switches is equivalent to the native VLAN
c
du
on Cisco switches.
ro
Access port
ep
.R
The following describes how traffic is handled when received and transmitted from
ly
access ports on HP A-Series switches.

on
Actions in the inbound direction

se

u
 If a frame is untagged, tag it with the default VLAN tag.

er
ld
 If a frame is tagged:
ho
Receive it if its VLAN ID is the same as the VLAN ID.

ke

a
Drop it if its VLAN ID is different from the VLAN ID.

St

&L
 Actions in the outbound direction

C
 Remove the default VLAN tag and send the frame.

P
H
Rev. 11.12 3 –3
Trunk port
trunk ports on HP A-Series switches.
Actions in the inbound direction
d.

ite
 If the frame is untagged, check whether the default VLAN is permitted on
ib
the port.
oh
pr
 If the fame is permitted, tag the frame with the default VLAN tag.
is
 If the frame is not permitted, drop the frame.
n
sio
 If frame is tagged:
is
m
 Receive the frame if its VLAN is permitted on the port.
er
tp
 Drop the frame if its VLAN is not permitted on the port.
ou
Actions in the outbound direction
ith

w
 Remove the tag and send the frame if it carries the default VLAN tag and
rt
the port is assigned to the default VLAN.
pa
n
 Send the frame without removing the tag if its VLAN is carried on the port
i
or
but is different from the default one.
l e
Hybrid port
ho
w
in
trunk ports on HP A-Series switches.

n
tio
 Actions in the inbound direction

c
du
 If the frame is untagged, check whether the default VLAN is permitted on

ro
the port.
ep
.R
 If it is permitted, tag the frame with the default VLAN tag.

ly
If it is not permitted, drop the frame.

on

se
 If the frame is tagged:

u
Receive the frame if its VLAN is permitted on the port.

er

ld
 Drop the frame if its VLAN is not permitted on the port.

ho
ke
 Actions in the outbound direction

a
St
 Send the frame if its VLAN is carried on the port. The frame is sent with the
&L
VLAN tag removed or intact depending on your configuration with the port
C
hybrid VLAN command. This is true of the default VLAN.

P
H
3 –4 Rev. 11.12
VLANs
VLAN configuration scenario
d.
2
ite
Trunk ports 47, 48
Native VLAN 99
ib
Allowed VLANs 100, 200-203
oh
1
pr
VLAN creation:
Management 99 4
is
IP address 10.1.99.10/24 Voice port
Voice 100
n
Ports 25 - 46
io
Data 200-203
s
is
IP phone PC
m
PC
PC
er
3 Access port
tp
Ports 1 – 24
Assigned to
ou
VLAN 200
ith
Figure 3-2: VLAN configuration scenario
w
rt
pa
This is a simple scenario to show an identical VLAN configuration on HP A-Series, E-
Series, and Cisco switches. The scenario demonstrates:
in
or
 Creating multiple VLANs, including a management VLAN for infrastructure
e
device management address, a voice VLAN for VoIP traffic, and data VLANs for
l
ho
user traffic
w
in
 Configuring support for multiple VLANs on switch-to-switch links (trunks or

n
tagged ports)
c tio
Assigning edge ports to a VLAN

du

ro
 Configuring voice ports that support VoIP devices and a workstation behind
ep
them
.R
Setting up DHCP so that devices in multiple VLAN can receive dynamic

ly

on
addresses from the DHCP server

use
er
ld
ho
ake
St
&L
C
P
H
Rev. 11.12 3 –5
VLAN configuration on Cisco: VLAN creation and

trunk ports
d.
VLAN creation
ite
Cisco(config)# vlan 99
ib
Cisco(vlan-99)# vlan 100
oh
pr
is
n
io
Trunk ports
s
is
Cisco(config)# interface range gigabit 0/47 - 48
m
Cisco(config-if-range)# switchport encapsulation dot1q
er
Cisco(config-if-range)# switchport mode trunk
Cisco(config-if-range)# switchport trunk native vlan 99
tp
Cisco(config-if-range)# switchport trunk allowed vlan 1,100,200-203
ou
ith
Figure 3-3: VLAN configuration on Cisco: VLAN creation and trunk ports
w
rt
pa
To configure a trunk port on Cisco switches, you must specify dot1q encapsulation.
The native VLAN is 1 by default, and all VLANs are permitted by default.
i n
or
l e
ho
w
in
n
c tio
du
ro
ep
.R
ly
on
u se
er
ld
ho
ake
St
&L
C
P
H
3 –6 Rev. 11.12
VLANs
VLAN configuration on Cisco: Access and voice

ports
d.
Access ports
ite
ib
Cisco(config-if-range)# switchport mode access
oh
Cisco(config-if-range)# switchport access vlan 200
pr
Voice ports
is
n
io
Cisco(config-if-range)# switchport mode access
s
Cisco(config-if-range)# switchport access vlan 200
is
Cisco(config-if-range)# switchport voice vlan 100
m
er
Figure 3-4: VLAN configuration on Cisco: Access and voice ports
tp
ou
The slide indicates how you configure a port as an access port in a VLAN. On ports
ith
that connect to voice devices, you must configure the voice VLAN. You also configure
w
the access VLAN. The switch distinguishes the traffic from the phone, which it assigns
rt
pa
to the voice VLAN, from the traffic from a workstation, which it assigns to the access
VLAN.
i n
or
Q1: How do you list VLANs?
l e
ho
_________________________________________________________________________
w
in
n
Q2: How do you list trunk ports?

tio
c
du
_________________________________________________________________________
ro
ep
.R
_________________________________________________________________________
ly
on
se
Q3: How do you list access ports?

u
er
_________________________________________________________________________
ld
ho
ke
Examples of these commands are provided on the following page.

a
St
&L
C
P
H
Rev. 11.12 3 –7
Cisco# sh interface status

Port Name Status Vlan Duplex Speed Type
Gi0/1 connected trunk a-full a-1000 10/100/1000BaseTX
d.
ite
ib
Gi0/4 connected 100 a-full a-1000 10/100/1000BaseTX
oh
Gi0/5 notconnect 1 auto auto 10/100/1000BaseTX
pr
is
n
Cisco#sh int trunk
ios
Port Mode Encapsulation Status Native vlan
is
m
Gi0/1 on 802.1q trunking 1
er
tp
ou
ith
Port Vlans allowed on trunk
w
rt
Gi0/1 1-4094
pa
Gi0/2 1-4094
Gi0/3 1-4094 i n
or
Port Vlans allowed and active in management domain
l e
ho
Gi0/1 1,10,20,30,40,100,200
w
Gi0/2 1,10,20,30,40,100,200
in
Gi0/3 1,10,20,30,40,100,200
n
tio
Port Vlans in spanning tree forwarding state and not pruned

c
du
Gi0/1 1,10,20,30,40,100,200
ro
Gi0/2 1,10,20,30,40,100,200
ep
.R
Gi0/3 1,10,20,30,40,100,200
ly
on
Cisco#sh int switchport

se
Name: Gi0/1
u
er
Switchport: Enabled
ld
ho
Administrative Mode: trunk

ke
Operational Mode: trunk (suspended member of bundle Po1)

a
St
Administrative Trunking Encapsulation: dot1q

&L
Operational Trunking Encapsulation: dot1q

C
Negotiation of Trunking: On
P
H
Access Mode VLAN: 1 (default)

Trunking Native Mode VLAN: 1 (default)
Administrative Native VLAN tagging: enabled
Voice VLAN: none
3 –8 Rev. 11.12
VLANs
Administrative private-vlan host-association: none

Administrative private-vlan mapping: none
Administrative private-vlan trunk native VLAN: none
Administrative private-vlan trunk Native VLAN tagging: enabled
d.
ite
Administrative private-vlan trunk encapsulation: dot1q
ib
Administrative private-vlan trunk normal VLANs: none
oh
Administrative private-vlan trunk associations: none
pr
is
Administrative private-vlan trunk mappings: none
n
Operational private-vlan: none
sio
Trunking VLANs Enabled: ALL
is
m
Pruning VLANs Enabled: 2-1001
er
tp
Capture Mode Disabled
ou
Capture VLANs Allowed: ALL
ith
Protected: false
w
rt
Unknown unicast blocked: disabled
pa
Unknown multicast blocked: disabled
Appliance trust: none i n
or
l e
ho
w
in
n
tio
c
du
ro
ep
.R
ly
on
se
u
er
ld
ho
ake
St
&L
C
P
H
Rev. 11.12 3 –9
VLAN routing on Cisco

Management VLAN
Cisco(config)# int vlan 99
d.
Cisco(config-if)# ip address 10.1.99.10 255.255.255.0
ite
If not a routing switch:
ib
Cisco(config)# ip default-gateway 10.1.99.1
oh
pr
If a routing switch:
is
Cisco(config)# ip routing
n
io
s
is
m
er
tp
ou
ith
w
Figure 3-5: VLAN routing on Cisco
rt
pa
This slide shows an example routing configuration on a Cisco switch.
i n
or
To list IP interfaces and IP routes, use the following commands:
l e
ho
Cisco#sh ip int brief

w
Interface IP-Address OK? Method Status Protocol

in
Vlan1 10.1.1.3 YES NVRAM up up

n
tio

c
du

ro
GigabitEthernet0/1 unassigned YES unset up up

ep
.R
Cisco# show ip route

ly
on
Codes: C - connected, S - static, R - RIP, M - mobile, B - BGP

se
D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area

u
er
...
ld
Gateway of last resort is not set

ho
ke
10.0.0.0/24 is subnetted, 4 subnets

a
C 10.1.11.0 is directly connected, Vlan11

St

&L
C

P

H
3 –10 Rev. 11.12

VLANs
DHCP relay on Cisco

IP addresses on interfaces vlan omitted
DHCP relay
d.
ite
Cisco(config-if)# ip helper-address 10.1.1.100
ib
oh
pr
is
n
sio
Figure 3-6: DHCP relay on Cisco
is
m
In most environments, you need to set up DHCP relay on IP interfaces to allow clients
er
tp
in that VLAN to receive DHCP addresses from servers in another VLAN. The slide
ou
displays the correct commands.
ith
To verify the DHCP relay setup, enter this command:
w
rt
Cisco-A# show ip interface vlan <ID>
pa
The output for VLAN 100 in this example is:
i n
or
Vlan100 is up, line protocol is up
e
Internet address is 10.2.3.1/24

l
ho
Broadcast address is 255.255.255.255

w
in
Address determined by setup command

n
tio
MTU is 1500 bytes

c
Helper addresses are 10.1.1.101

du
ro
10.1.1.100
ep
Directed broadcast forwarding is disabled

.R
ly
on
use
er
ld
ho
ake
St
&L
C
P
H
Rev. 11.12 3 –11

VLAN configuration on HP A-Series: VLAN creation

and trunk ports
d.
VLAN creation
ite
[HP]# vlan 99 to 100
ib
[HP]# vlan 200 to 203
oh
Trunk ports
pr
[HP]interface gigabit 1/0/47
is
[HP-gigabitethernet1/0/47]port link-type trunk
n
[HP-gigabitethernet1/0/47]port trunk pvid vlan 99
io
[HP-gigabitethernet1/0/47]undo port trunk permit vlan 1
s
is
[HP-gigabitethernet1/0/47]port trunk permit vlan 99 to 100 200 to 203
m
er
Figure 3-7: VLAN configuration on HP A-Series: VLAN creation and trunk ports
tp
ou
This slide shows how to create VLANs on HP A-Series switches.
ith
When you create a trunk port on an HP A-Series switch, VLAN 1 is the only VLAN
w
enabled by default. All other VLANs have to be permitted as shown in the slide.
rt
pa
i n
or
l e
ho
w
in
n
c tio
du
ro
ep
.R
ly
on
u se
er
ld
ho
ake
St
&L
C
P
H
3 –12 Rev. 11.12

VLANs
VLAN configuration on HP A-Series: Access and

voice ports
d.
Access ports
ite
[HP]port-group manual client1
ib
[HP-port-group-manual-client1] group-member Gi 1/0/1 to Gi 1/0/24
oh
[HP-port-group-manual-client1] port link-type access
pr
[HP-port-group-manual-client1] port access vlan 200
is
Voice ports
n
[HP]port-group manual pc-phone-1
io
[HP-port-group-manual-pc-phone-1]group-member Gi 1/0/25 to Gi 1/0/46
s
[HP-port-group-manual-pc-phone-1]port link-type hybrid
is
[HP-port-group-manual-pc-phone-1]port hybrid vlan 200 untagged
m
[HP-port-group-manual-pc-phone-1]port hybrid vlan 100 tagged
er
[HP-port-group-manual-pc-phone-1]port hybrid pvid vlan 200
tp
[HP-port-group-manual-pc-phone-1]undo port hybrid vlan 1
ou
[HP-port-group-manual-pc-phone-1]voice vlan 100 enable
ith
w
Figure 3-8: VLAN configuration on HP A-Series: Access and voice ports
rt
pa
You can define an access port in one of the following ways. This first method is from
the port: i n
or
[HPA]interface gigabit 1/0/1
l e
ho
[HPA-gigabitethernet1/0/1] port link-type access

w
[HPA-gigabitethernet1/0/1] port access vlan 200

in
The second method from specifying the access port is from the VLAN:
n
c tio
[HPA]vlan 200
du
[HPA-vlan200]port gigabitethernet 1/0/1 to gi 1/0/24

ro
ep
You need to configure ports that connect to voice devices as hybrid ports.
.R
On HP A-Series devices, the Voice VLAN operates by default in automatic mode. In

ly
this mode, the switch identifies IP phones by their MAC addresses, which it detects in
on
the source MAC address field of the phone’s untagged frames.

use
The switch matches these addresses against the Organizational Unique Identifers
er
(OIDs) in its list, which includes those for Cisco, Avaya, 3Com, Siemens, and
ld
Polycom phones. You can also add OID addresses for other vendors. If the device
ho
finds a match, it automatically assigns the port to the voice VLAN, applies ACL rules
ke
to the port, and assigns the port the correct quality of service (QoS) priority. You can
a
St
also configure the switch’s voice VLAN aging time, which determines how long the
&L
port is considered part of the VLAN without receiving frames on the device.
C
For more information on the various features of the Voice VLAN, please refer to the
P
H
Access volume and Voice VLAN chapter of your HP A-Series switches’

documentation.
Rev. 11.12 3 –13

To display information about the VLANs configured on an A-Series switch, enter:

<HPA>display vlan
Total 32 VLAN exist(s).
The following VLANs exist:
d.
ite
1(default), 10, 20, 30, 40, 99-105, 200-205, 300-306, 400-404
ib
488, 499
oh
To display ports assigned to a particular VLAN, enter:
pr
is
<HPA>display vlan 100
n
io
VLAN ID: 100
s
is
VLAN Type: static
m
er
Route Interface: not configured
tp
Description: VLAN 0100
ou
Name: VLAN 0100
ith
w
Tagged Ports:
rt
Bridge-Aggregation1
pa
GigabitEthernet1/0/1 GigabitEthernet1/0/2 GigabitEthernet1/0/3
i n
or
e
Untagged Ports: none

l
ho
w
in
To display all ports in all VLANs, enter:

n
tio
<HPA>display vlan all

c
du
VLAN ID: 1
ro
VLAN Type: static

ep
Route Interface: configured

.R
IP Address: 10.1.1.10
ly
on
Subnet Mask: 255.255.255.0

se

u
er
Name: VLAN 0001

ld
Tagged Ports: none

ho
Untagged Ports:
ake
Bridge-Aggregation1
St

&L

C
P

H

3 –14 Rev. 11.12

VLANs

GigabitEthernet1/0/28
d.
ite
VLAN ID: 10
ib
VLAN Type: static
oh
Route Interface: not configured
pr
is
n
Name: VLAN 0010
sio
Tagged Ports:
is
m
Bridge-Aggregation1
er
tp
ou
GigabitEthernet1/0/4 GigabitEthernet1/0/5
ith
w
rt
VLAN ID: 20
pa
VLAN Type: static
Route Interface: not configured i n
or
l e
ho
Name: VLAN 0020

w
Tagged Ports:
in
Bridge-Aggregation1
n
tio

c
du
GigabitEthernet1/0/4 GigabitEthernet1/0/5
ro

ep
.R
VLAN ID: 30….

ly
To display the status and type (trunk, access, hybrid) of all ports, enter:
on
<HPA>display brief interface

use
The brief information of interface(s) under route mode:

er
Interface Link Protocol-link Protocol type Main IP

ld
ho
NULL0 UP UP(spoofing) NULL --

ke
Vlan1 UP UP ETHERNET 10.1.1.10

a
St
The brief information of interface(s) under bridge mode:

&L
Interface Link Speed Duplex Link-type PVID

C
BAGG1 UP 2G(a) full(a) trunk 1

P
H
GE1/0/1 UP 1G(a) full(a) trunk 1

GE1/0/2 DOWN auto auto access 100
GE1/0/4 UP 1G(a) full(a) access 100
Rev. 11.12 3 –15


d.
ite
ib
oh
pr
To display all trunk ports and the permitted VLANs on each one, enter:
is
n
io
<HPA>display port trunk
s
is
Interface PVID VLAN passing
m
BAGG1 1 1, 10, 20, 30, 40, 99-105, 200-205, 300-306,
er
tp
400-404, 488, 499
ou
GE1/0/1 1 1, 10, 20, 30, 40, 99-105, 200-205, 300-306,
ith
400-404, 488, 499
w
rt
GE1/0/2 1 1, 10, 20, 30, 40, 99-105, 200-203, 300-306
pa
GE1/0/3 1 1, 10, 20, 30, 40, 99-105, 200-203, 300-306
GE1/0/4 1 i n
1, 10, 20, 30, 40, 99-105, 200-205, 300-306,
or
e
400-404, 488, 499

l
ho
GE1/0/5 1 1, 10, 20, 30, 40, 99-105, 200-203, 300-306

w
GE1/0/12 1 1, 99-100, 200-203

in
n
[HPA]display port hybrid

tio
Interface PVID VLAN passing

c
du
GE1/0/13 1 Tagged: 100

ro
ep
Untagged:200
.R
GE1/0/14 1 Tagged: 100

ly
Untagged:200
on
GE1/0/15 1 Tagged: 100

u se
Untagged:200
er
GE1/0/16 1 Tagged: 100

ld
ho
Untagged:200
ke
GE1/0/17 1 Tagged: 100

a
St
Untagged:200
&L
GE1/0/18 1 Tagged: 100

C
Untagged:200
P
H
GE1/0/19 1 Tagged: 100

Untagged:200
GE1/0/20 1 Tagged: 100
Untagged:200
3 –16 Rev. 11.12

VLANs
VLAN routing on HP A-Series

IP routing
Management VLAN
d.
[HP]interface vlan 99
ite
[HP-vlan-interface-99] ip address 10.1.99.10 24
If L2 switch to set default gateway
ib
oh
[HP] ip route-static 0.0.0.0 0 10.1.99.1
pr
If routing switch:
is
[HP] ip routing (enabled by default)
n
[HP] interface vlan 100
io
s
[HP-vlan-interface-100] interface vlan 200
is
m
er
tp
ou
ith
w
Figure 3-9: VLAN routing on HP A-Series
rt
pa
This slide shows two example setups for IP routing on an A-Series switch. The first set
i n
of commands configures the management IP address and default gateway for a non-
or
routing switch.
l e
ho
The second set of commands configures a routing switch with IP addresses on each
w
VLAN interface. The switch can then route between those VLANs as long as routing
in
is enabled.
n
tio
To view information about the VLAN interfaces that have been assigned IP
c
du
addresses, enter:
ro
ep
<HPA>display ip interface brief

.R
*down: administratively down

ly
(s): spoofing
on
Interface Physical Protocol IP Address Description

use
Vlan-interface1 up up 10.1.1.10 Vlan-inte...

er
Vlan-interface200 up down unassigned Vlan-inte...

ld
ho
ake
St
&L
C
P
H
Rev. 11.12 3 –17

VLANs
VLAN configuration on HP E-Series

Management VLAN
ProCurve(config)# vlan 99
ProCurve(vlan-99)# untagged 47-48
Data VLANs access and tagged ports

ProCurve(vlan-200)# name data1
ProCurve(vlan-200)# untagged 1-46
ProCurve(vlan-200)# tagged 47-48
Voice VLAN
ProCurve(vlan-100)# voice vlan
ProCurve(vlan-100)# tagged all
Figure 3-11: VLAN configuration on HP E-Series
On HP E-Series switches, you take a slightly different approach toward defining

VLANs. You do not define a port as a particular type. Instead, you specify exactly
which VLANs are tagged or untagged on each port. Figure 3-11 shows an example
configuration for several different types of VLAN on an E-Series switch.
Rev. 11.12 3 –19

VLAN routing on HP E-Series

Management VLAN
ProCurve(vlan-99)# ip address 10.1.99.10/24
ProCurve(vlan-99)# exit
If not routing:
ProCurve(config)# ip default-gateway 10.1.99.1
If routing:
ProCurve(config)# ip routing
ProCurve(config)# vlan 100 ip address 10.1.100.10/24

Figure 3-12: VLAN routing on HP E-Series
On HP E-Series switches:
 The IP address is defined in the VLAN itself, playing the role of “int vlan“
 IP routing is not enabled by default
 If IP routing is not enabled, a default gateway should be defined
3 –20 Rev. 11.12

Dynamic VLAN creation: VTP and GVRP

In this section, you will examine two protocols that can be used to dynamically create
VLANs on switches: VLAN Trunking Protocol (VTP), a Cisco proprietary protocol, and
GARP VLAN Registration Protocol (GVRP), an industry-standard protocol.
If you have experience implementing either of these protocols, write any thoughts you
have here while your facilitator begins the discussion.
____________________________________________________________________
____________________________________________________________________
____________________________________________________________________
____________________________________________________________________
____________________________________________________________________
____________________________________________________________________
____________________________________________________________________
____________________________________________________________________
____________________________________________________________________
____________________________________________________________________
____________________________________________________________________
____________________________________________________________________
____________________________________________________________________
____________________________________________________________________
____________________________________________________________________
3 –22 Rev. 11.12

VLANs
VTP versus GVRP

VTP GVRP
Cisco proprietary Standard 8021Q and 802.1P
On most vendors including HP

On Cisco IOS and CatOS switches
On Cisco CatOS only
Password protected No password protection
VLAN creation and port pruning VLAN creation and port pruning
Requires trunk port (ISL or 802.1Q) Requires trunk ports
VTP roles: server, client, transparent GVRP roles: all switches are equal
Figure 3-14: VTP versus GVRP
This table compares Cisco’s VLAN Trunking Protocol (VTP) and the industry-standard
GARP VLAN Registration Protocol (GVRP). (GARP stands for Generic Attribute
Registration Protocol.)
Rev. 11.12 3 –23

GVRP and VTP on the same network

– GVRP BPDUs go through Cisco switches and also switches that
are not GVRP aware.
– VTP frames go through GVRP devices.
– Both GVRP and VTP require VLAN 1.
Figure 3-15: GVRP & VTP on the same network
Figure 3-15 explains how GVRP and VTP function when they are implemented on the
same network. The protocols both function because their frames pass through devices
that do not understand those frames.
3 –24 Rev. 11.12

VLANs
GVRP operations p
2. Port 2 receives
Switch1 with static
advertisement
VLANs (VID= 1, 2, & 3). 4. A port is
of VIDs 1, 2, & 3 & becomes a
Port 1 is member of VIDs 1, statically configured
member of VIDs 1, 2, & 3.
2, & 3. to be a member of
3. Port 3 advertises VIDs 1,
1. Port 2 advertises VID 3.
2, & 3, but port 3 is NOT a
VIDs 1, 2, and 3.
member of VIDs 1, 2, & 3 at
this point.
Switch1 Switch2 Switch3

GVRP enabled GVRP enabled GVRP enabled
1 2 3 4
6. Port 3 receives advertisement

8. Port 1 receives of VID 3 AND becomes 5. Port 4 advertises
advertisement a member of VID 3. (Still not a VID 3.
of VID 3 member of VIDs 1 & 2.)
7. Port 2 advertises VID 3.
Figure 3-16: GVRP operations
When a GVRP-aware switch port learns a VLAN ID (VID) through GVRP from another
device, the switch begins advertising that VID out all of its ports except the port on
which the VID was learned.
GVRP general operation

When GVRP is enabled on a switch, the VID for any static VLANs configured on the
switch is advertised (using Bridge Protocol Data Units [BPDUs]) out all ports,
regardless of whether a port is up or assigned to any particular VLAN.
A GVRP-aware port on another device that receives the advertisements over a link
can dynamically join the advertised VLAN. A dynamic VLAN (that is, a VLAN
learned through GVRP) is tagged on the port on which it was learned. Also, a GVRP-
enabled port can forward an advertisement for a VLAN it learned from other ports
on the same switch (internal source), but the forwarding port will not itself join that
VLAN until an advertisement for that VLAN is received through a link from another
device (external source) on that specific port
A GVRP-aware port receiving advertisements has these options:
 If there is not already a static VLAN with the advertised VID on the receiving
port, then the port can dynamically create the VLAN and become a member.
 If the switch already has a static VLAN assignment with the same VID as in the
advertisement and the port is configured to Normal (HP A-Series) or Auto (HP E-
series) for that VLAN, then the port will dynamically join the VLAN and begin
handling that VLAN’s traffic.
 Ignore the advertisement for that VID.
 Don’t participate in that VLAN.
Rev. 11.12 3 –25
Note also that a port belonging to a tagged or untagged static VLAN has these
configurable options:
 Send VLAN advertisements and also receive advertisements for VLANs on other
ports and dynamically join those VLANs.
 Configuration on HP switches: Mode Auto on HP E-Series, Normal on HP A-
Series
 Send VLAN advertisements, but ignore advertisements received from other ports.
 Configuration on HP switches: Mode Block on HP E-Series, Fixed on HP A-
Series
 Avoid GVRP participation by not sending advertisements and dropping any
advertisements received from other devices.
 Configuration on HP switches: Mode Disable on HP E-Series, Forbidden on
HP A-Series
3 –26 Rev. 11.12

VLANs
GVRP
– GVRP BPDUs go through Cisco switches and also switches that are not
GVRP aware.
– Requires VLAN 1.
– Trunk port dynamically becomes part of a VLAN when receiving GVRP
join.
– And if VLAN is created locally (that is static)
– If trunk does not enable VLAN, VLANs are not learned via GVRP
HP A-Series:
HP E-Series
Enable GVRP globally and on trunk ports
Enable GVRP globally
[HP-A] gvrp
HP-E(config)# gvrp
[HP-A] int gi 1/0/1
[HP-A-gigabitethernet1/0/1] gvrp
Figure 3-17: GVRP
When GVRP is enabled on a switch, the VID for any static VLANs configured on the
switch is advertised (using Bridge Protocol Data Units (BPDUs) out all ports,
regardless of whether a port is up or assigned to any particular VLAN.
A GVRP-aware port on another device that receives the advertisements over a link
can dynamically join the advertised VLAN. A dynamic VLAN (that is, a VLAN
learned through GVRP) is tagged on the port on which it was learned. Also, a GVRP-
enabled port can forward an advertisement for a VLAN it learned about from other
ports on the same switch (internal source), but the forwarding port will not itself join
that VLAN until an advertisement for that VLAN is received through a link from
another device (external source) on that specific port .
On HP A-Series switches, you must enable GVRP on trunk ports. Also make sure all
VLANs are permitted on trunk ports to allow them to learn the GVRP VLAN. The HP
A-Series switch ports support the following modes for VLAN learning:
[HP-A-gigabitethernet1/0/1] gvrp registration normal
[HP-A-gigabitethernet1/0/1] gvrp registration forbidden
[HP-A-gigabitethernet1/0/1] gvrp registration fixed
Normal mode is default.

On the HP E-Series witches, you only need to enable GVRP globally. Then, by
default, ports will learn any VLAN. To forbid the learning of VLANs on edge ports,
you must forbid learning in each VLAN:
HP-E(config)# vlan 100 forbid 3-24
Rev. 11.12 3 –27

GVRP and VTP: Pros and cons

– Create VLANs automatically from one switch to all others
– Delete VLANs
•VTP puts ports in errdisable: networks stop working
•GVRP deletes a VLAN only if no port is statically attached to it
– Decrease the opportunity for making mistakes when

configuring VLANs on trunk ports
– Static assignment of access ports still requires static VLAN
configuration
– With GVRP, security requires blocking GVRP learning on
access ports (default setting on HP A-Series)
Figure 3-18: GVRP and VTP: Pro and cons
Figure 3-18 lists some of the pros and cons of using GVRP and VTP.
 Create VLANs automatically from one switch to all others:
 Pros: Automatic creation saves time and can reduce configuration errors.
 Cons: VLANs are created everywhere; there is no control.
 Broadcast domains are extended everywhere.
 If there are a lot of VLANs on the network, the VLAN limit on some
switches might be exceeded.
 Delete VLANs:
 VTP puts port in errdisable: networks stop working.
 Pro: Enables cleanup of unused VLANs.
 Cons: Accidental deletion is a well-known issue with VTP. This has
made some companies reject VTP.
 GVRP only deletes VLAN if no port is statically attached to it.
 Decrease the opportunity for making mistakes when configuring VLANs on trunk
ports.
 Pro: Configure the VLAN on trunk port
 Cons: This can be achieved without GVRP; you can simply allow all VLANs.
(This solution is not an issue on HP switches with MSTP. However, it is a
common issue with Cisco where all VLANs should not be enabled to reduce
number of PVST instances.)
3 –28 Rev. 11.12

VLANs
 Static assignment of access ports still requires static VLAN configuration.

 Cons: You must still set the VLAN as static to assign ports to VLAN.
 With GVRP, security requires blocking GVRP learning on access ports (default
setting on HP A-Series).
 GVRP is not protected. If someone can connect a device to a GVRP-enabled
port, he or she can create VLANs on the network.
Rev. 11.12 3 –29

Trunk and static VLANs: A best practice?

1 Static VLANs
Static VLANs
10,20,30,40
10,20,30,40
Trunk ports
Permitted VLANs: 10,20,30,40
2 Static VLANs
Static VLANs
10,20,30,40
10,20,30,40
Trunk ports
Permitted VLANs: ALL
3 Static VLANs
Static VLANs
10,20,30,40
10,20,30,40
50,60, 70,80
Trunk ports
Permitted VLANs: ALL
What do you think of these three setups? With a

Cisco switch? With an HP switch?
Figure 3-19: Trunk and static VLANs: A best practice?
In its best practices for LANs, Cisco recommends allowing only permitted VLANs on
trunk ports, for two reasons.
 The first is to reduce broadcast domain extension.
 The second is to reduce CPU demand. Because of VTP, a switch learns all
VLANs, creating one instance per VLAN in PVST, which is CPU intensive.
Is the best practice the same for HP switches? MSTP only uses one BPDU for all
instances, so the number of VLANs does not change CPU time for MSTP. Even if all
VLANs are allowed on trunk ports, only the frames of the configured VLANs will be
received and transmitted, so broadcast domains are not extended if VLANs are not
set on a device. If VLANs are not the same on both sides, as in case 3, broadcast
frames for VLANs 50, 60, 70 and 80 will be dropped when received by the right
switch.
Conclusion: if VLANs are not set dynamically on HP switches, the trunk ports can be
set with all VLANs permitted.
3 –30 Rev. 11.12

VLANs
Lab 3.1: Configuring VLANs

P3 P3
Cisco-A Cisco-B
P1 P2 P1 P2
Uplinks
Untagged in VLAN 1,
Tagged in VLAN 11, 12 & 13
P1 P2
P2
HP-C P1 HP-E
A-Series E-Series
P3 P3
Server_1 Client_1
Trunk 802.1q port Trunk/802.1q port

Connected Not Connected
To be configured
for later labs
Figure 3-20: Configuring VLANs
You will now complete Lab 3.1: Configuring VLANs. Use the space below to record
any instructions your facilitator gives you for this lab.
________________________________________________________________________
________________________________________________________________________
________________________________________________________________________
________________________________________________________________________
________________________________________________________________________
________________________________________________________________________
________________________________________________________________________
________________________________________________________________________
________________________________________________________________________
________________________________________________________________________
Rev. 11.12 3 –31

Lab debrief
What commands display ports status, port role (access, trunk, hybrid), VLANs, ports
in VLANS?
____________________________________________________________________
____________________________________________________________________
____________________________________________________________________
____________________________________________________________________
____________________________________________________________________
____________________________________________________________________
What have you learned?

___________________________________________________________________
___________________________________________________________________
___________________________________________________________________
___________________________________________________________________
___________________________________________________________________
___________________________________________________________________
___________________________________________________________________
___________________________________________________________________
___________________________________________________________________
___________________________________________________________________
3 –32 Rev. 11.12

VLANs
What was a challenge?

___________________________________________________________________
___________________________________________________________________
___________________________________________________________________
___________________________________________________________________
___________________________________________________________________
___________________________________________________________________
___________________________________________________________________
What did you learn that can be applied in the field?

___________________________________________________________________
___________________________________________________________________
___________________________________________________________________
___________________________________________________________________
___________________________________________________________________
___________________________________________________________________
___________________________________________________________________
___________________________________________________________________
___________________________________________________________________
Rev. 11.12 3 –33

Module 3 summary
In this module, you have learned how to configure VLANs, configure access, trunk
and voice ports, and compare VTP and GVRP. Write down any thoughts you may
have while your facilitator reviews the content of this module.
_______________________________________________________________________
_______________________________________________________________________
_______________________________________________________________________
_______________________________________________________________________
_______________________________________________________________________
_______________________________________________________________________
_______________________________________________________________________
_______________________________________________________________________
_______________________________________________________________________
_______________________________________________________________________
_______________________________________________________________________
_______________________________________________________________________
_______________________________________________________________________
_______________________________________________________________________
_______________________________________________________________________
_______________________________________________________________________
3 –34 Rev. 11.12

VLANs
Learning check
Q1: What is a major difference between trunk ports on Cisco and HP A-Series?
___________________________________________________________________
___________________________________________________________________
___________________________________________________________________
___________________________________________________________________
___________________________________________________________________
___________________________________________________________________
___________________________________________________________________
___________________________________________________________________
Q2: Can you remove VLAN 1 on trunk ports on HP switches? Explain your answer.
___________________________________________________________________
___________________________________________________________________
___________________________________________________________________
___________________________________________________________________
___________________________________________________________________
___________________________________________________________________
___________________________________________________________________
___________________________________________________________________
___________________________________________________________________
Rev. 11.12 3 –35

Q3: Can you assign a VLAN to an access port with GVRP or VTP?
___________________________________________________________________
___________________________________________________________________
___________________________________________________________________
___________________________________________________________________
___________________________________________________________________
___________________________________________________________________
___________________________________________________________________
___________________________________________________________________
Q4: Would you enable all VLANs on trunk ports in a mixed environment with HP
and Cisco switches?
___________________________________________________________________
___________________________________________________________________
___________________________________________________________________
___________________________________________________________________
___________________________________________________________________
___________________________________________________________________
___________________________________________________________________
___________________________________________________________________
___________________________________________________________________
___________________________________________________________________
3 –36 Rev. 11.12
Implementing MSTP
on Cisco and HP Switches
Module 4
Module 4 objectives
 Explain key parameters in Multiple Spanning Tree Protocol (MSTP)
implementation and explain how MSTP differs from Cisco’s Per VLAN Spanning
Tree Plus (PVST+)
 Given specific network environment requirements, differentiate between key
design options and make the right choices when implementing MSTP to create a
redundant network
 Configure Cisco and HP switches for MSTP interoperability
Rev. 11.12
MSTP review
In this section of the module, you will review basic MSTP concepts such as MSTP
regions, load balancing, and VLAN setup in an MSTP environment. Use the space
below to record your thoughts as your facilitator asks you questions about your
experience in configuring MSTP.
_______________________________________________________________________
_______________________________________________________________________
_______________________________________________________________________
_______________________________________________________________________
_______________________________________________________________________
_______________________________________________________________________
_______________________________________________________________________
_______________________________________________________________________
_______________________________________________________________________
_______________________________________________________________________
_______________________________________________________________________
_______________________________________________________________________
_______________________________________________________________________
Rev. 11.12
Implementing MSTP on Cisco and HP Switches
MSTP regions—Review 1
Region Name = “Region1" Region Name = “Region1"
Revision # = 1 Revision # = 1
Instance 1 = VLANs 1, 12 Instance 1 = VLANs 1, 12
Region Name = “Region1" Region Name = “Region1"

Instance 2 = VLANs 11, 13 Instance 2 = VLAN 11, 13 13
Figure 4-1: MSTP regions—Review 1
You will now review Multiple Spanning Tree Protocol (MSTP) regions. Configuring the
regions correctly is key to designing networks that include switches from different
vendors.
Some important facts to remember are:
 MSTP was defined by the IEEE 802.1s standard, which has been incorporated
into 802.1Q-2003.
 MSTP is backward compatible with Rapid Spanning Tree Protocol (RSTP)
(802.1w), which superseded the original Spanning Tree Protocol (STP) standard
(802.1D). RSTP has been incorporated into 802.1D-2004.
Q1: What MSTP parameters must be set for all switches to be in the same MSTP
region?
_____________________________________________________________________
_____________________________________________________________________
Q2: What are the default MSTP parameters?

_____________________________________________________________________
_____________________________________________________________________
Rev. 11.12
Q3: Why would you want to put all switches within the same MSTP region?
_____________________________________________________________________
_____________________________________________________________________
_____________________________________________________________________
_____________________________________________________________________
_____________________________________________________________________
_____________________________________________________________________
Rev. 11.12
Region Name = “Region1 " Region Name = “Region1 "
Region Name = “Region1 "

Region Name = “region"
Revision # = 1
Revision # = 1
Instance 1 = VLANs 1, 12
Instance 2 = VLAN 11 ,1313
Figure 4-2: MSTP regions—Review 2
Q1: If there is a mistake in the switch’s MSTP configuration, what happens?

_____________________________________________________________________
_____________________________________________________________________
_____________________________________________________________________
_____________________________________________________________________
Q2: Besides mistakes in the region name or revision number, what conditions could
result in switches being in different regions?
_____________________________________________________________________
_____________________________________________________________________
_____________________________________________________________________
_____________________________________________________________________
Rev. 11.12
Which BPDUs are used?—Review 3

– Inside the MSTP region?
– Outside the MSTP region?
•
•
Figure 4-3: Which BPDUs are used?—Review 3
Q1: Which Bridge Protocol Data Units (BPDUs) are used inside and outside the MSTP
region?
_____________________________________________________________________
_____________________________________________________________________
_____________________________________________________________________
_____________________________________________________________________
_____________________________________________________________________
_____________________________________________________________________
MSTP is backward compatible with RSTP and STP. A STP- or RSTP-capable switch
can interpret the first part of the MSTP BPDU, which includes CIST parameters,
such as the IST root bridge ID, which are used for the CST root bridge election.
Rev. 11.12
MSTP BPDUs—Review 4
1. Are MSTP BPDUs tagged?
2. Are they attached to a VLAN?
3. On a trunk port, is it required to set an untagged VLAN
for MSTP BPDUs?
4. What is the destination Mac address of an MSTP BPDU?
5. Does an MSTP BPDU carry information about all
instances?
Figure 4-4: MSTP BPDUs—Review 4
Q1: Are MSTP BPDUs tagged? ______________________________________________

Q2: Are MSTP BPDUs attached to a VLAN?
_____________________________________________________________________
_____________________________________________________________________
_____________________________________________________________________
_____________________________________________________________________
Q3: On a trunk port, is it required to set an untagged VLAN for MSTP BPDUs?
_____________________________________________________________________
_____________________________________________________________________
_____________________________________________________________________
_____________________________________________________________________
Rev. 11.12
Q4: What is the destination MAC address of an MSTP BPDU?

_____________________________________________________________________
_____________________________________________________________________
_____________________________________________________________________
_____________________________________________________________________
_____________________________________________________________________
_____________________________________________________________________
The switch will not be the BPDU’s destination when MSTP is disabled. In this
case, the MSTP BPDU will be an untagged frame and will be forwarded in the
untagged VLAN. This is true for both HP A-Series and E-Series switches.
Q5: Does each MSTP BPDU include information about all instances? _____________
Additional Information about MSTP

MSTP was originally introduced in 802.1s, but was later added to the 802.1Q-2001
amendment. MSTP enhances RSTP, enabling switches to establish different spanning
tree topologies for different VLANs. Unlike PVST+ and Rapid PVST+, however, MSTP
does not create per-VLAN spanning trees. Instead, you assign VLANs to instances,
and MSTP creates per-instance spanning trees. In fact, MSTP is not VLAN aware in
that every link participates in every spanning tree instance (unless spanning tree is
disabled on it) even if that does not carry any VLANs that are in that instance.
MSTP BPDUs, which are always sent untagged, include information about all
instances, which means that the protocol sends the same number of BPDUs no matter
how many VLANs a link supports. The MSTP BPDU is backward compatible with
RSTP (and STP BPDU); it simply includes extra fields that contain the MSTP region
and instance information. The portion of the BPDU that is interpreted by RSTP/STP-
capable devices includes common internal spanning tree (CIST) parameters, which
mimic the parameters included by an RSTP switch. However, the parameters are for
the MSTP region’s IST. For example, the switch includes the IST root bridge ID.
The STP/RSTP and MSTP switches (as well as MSTP switches in different regions)
establish a single common spanning tree (CST), which is much like an RSTP topology.
In the CST, each MSTP region appears much like a single bridge.
Rev. 11.12
Common spanning tree—Review 5

– Which MSTP parameters affect the spanning tree outside of
the MSTP region?
Figure 4-5: Common spanning tree—Review 5
Q: Which MSTP parameters affect the spanning tree outside of the MSTP region?
_____________________________________________________________________
_____________________________________________________________________
_____________________________________________________________________
_____________________________________________________________________
_____________________________________________________________________
_____________________________________________________________________
IST parameters—in particular the ID (priority and MAC address) of the IST root—are
key to managing interoperability outside an MSTP region, particularly with switches
running PVST+ or Rapid PVST+.
The MSTP region’s IST acts like a single virtual switch in the Common Spanning Tree
(CST), which enables the interoperation of MSTP, STP, and RSTP. In general, the CST
consists of each MSTP region’s IST and the Single Spanning Tree (SST) domains
formed by STP and RSTP switches. The CST creates a single loop-free path between
all of the IST instances and all of the SST domains.
Rev. 11.12
What setup is required to enable load balancing?—

Review 6
Figure 4-6: What setup is required to enable load balancing?—Review 6
Q1: What setup is required to enable load balancing?
_____________________________________________________________________
_____________________________________________________________________
_____________________________________________________________________
_____________________________________________________________________
Q2: Does the STP topology depend on the VLAN setup?

_____________________________________________________________________
_____________________________________________________________________
_____________________________________________________________________
_____________________________________________________________________
_____________________________________________________________________
Rev. 11.12
Mapping VLANs to MST instances—Review 7

VLANs
1, 12
d.
ite
VLANs
ib
1-4094 VLANs
oh
11, 13
pr
is
n
sio
is
VLANs
m
2-11, VLANs VLANs
er
14-4094 1, 12 11, 13
tp
ou
ith
IST =“Internal Spanning-Tree”= MST Instance 0= Default Instance for VLANs
w
Figure 4-7: Mapping VLANs to MST instances—Review 7
rt
pa
Q1: What happens to the MSTP configuration when VLANs are moved to an
instance? i n
or
e
_____________________________________________________________________
l
ho
w
in
_____________________________________________________________________
n
ctio
_____________________________________________________________________
du
ro
ep
_____________________________________________________________________
.R
ly
on
_____________________________________________________________________
se
u
_____________________________________________________________________
er
ld
ho
ake
St
&L
C
P
H
Rev. 11.12
Is MSTP “aware” of the VLAN setup?—Review 8

8
Region name = “Region1"
Revision #= 1
Instance 1 = VLANs 1-10
d.
ite
ib
oh
pr
is
n
ios
is
m
er
tp
ou
ith
w
Figure 4-8: Is MSTP “aware” of the VLAN setup?—Review 8
rt
pa
Q1: Is MSTP “aware” of the VLAN setup? Explain your answer.
i n
_____________________________________________________________________
or
l e
ho
_____________________________________________________________________
w
in
_____________________________________________________________________
n
c tio
du
_____________________________________________________________________
ro
ep
.R
Q2: If all link costs are equal in each instance, which ports are root ports?
ly
_____________________________________________________________________
on
u se
_____________________________________________________________________
er
ld
ho
Q3: If all link costs are equal in each instance, which ports are alternate ports?
ke
_____________________________________________________________________
a
St
&L
_____________________________________________________________________
C
P
H
Remember that with MSTP, the port role is entirely independent of VLAN setup, as is
the topology in each instance.
Rev. 11.12
MSTP design options

 MSTP Review
d.

ite

ib
oh

pr

is
 Configuring MSTP on HP and Cisco
n
sio
is
Figure 4-9: MSTP design options
m
er
The next section covers design considerations for implementing MSTP on a
tp
multivendor network. Before you discuss best practices, your facilitator will ask you
ou
questions about how you configure VLANs on uplinks when MSTP is enabled on a
ith
network. Use the space below to record anything you learn from this discussion.
w
rt
_______________________________________________________________________
pa
i n
_______________________________________________________________________
or
l e
ho
_______________________________________________________________________
w
in
n
_______________________________________________________________________
c tio
du
_______________________________________________________________________
ro
ep
.R
_______________________________________________________________________
ly
on
_______________________________________________________________________
use
er
_______________________________________________________________________
ld
ho
ke
_______________________________________________________________________
a
St
&L
C
P
H
Rev. 11.12
How do you set up VLANs on uplinks?
d.
ite
ib
oh
pr
is
n
sio
is
m
er
tp
Region name = “Region1"
ou
Revision #= 1
ith
w
rt
Figure 4-10: How do you set up VLANs setup on uplinks?
pa
n
The goals of this discussion are to put what was learned in the MSTP review into
i
or
action and to emphasize some differences between MSTP and Cisco PVST+.
l e
Q1: What are the pros and cons of setup 1and setup 2?
ho
w
_____________________________________________________________________
in
n
tio
_____________________________________________________________________
c
du
ro
_____________________________________________________________________
ep
.R
ly
_____________________________________________________________________
on
se
_____________________________________________________________________
u
er
ld
_____________________________________________________________________
ho
ake
_____________________________________________________________________
St
&L
C
P
H
Rev. 11.12
Instances and VLAN settings—Activity

- A link is used for transmitting keepalives between servers
d.
ite
ib
If VLAN 100 is added
oh
to instance 1, will this
pr
link stay active?
is
How can you ensure
n
io
that it does?
s
is
m
er
tp
Figure 4-11: Instances and VLAN settings—Activity
ou
ith
Q1: If VLAN 100 is set in instance 1, will this link forward traffic?
w
_____________________________________________________________________
rt
pa
i n
_____________________________________________________________________
or
l e
ho
Q2: How can you ensure that this link forwards traffic?
w
in
_____________________________________________________________________
n
c tio
du
_____________________________________________________________________
ro
ep
_____________________________________________________________________
.R
ly
on
_____________________________________________________________________
u se
_____________________________________________________________________
er
ld
ho
_____________________________________________________________________
ake
St
_____________________________________________________________________
&L
C
P
H
Rev. 11.12
MSTP setting—Activity
- Two links/VLANs separate two MSTP regions.
- IP traffic is routed between regions.
d.
ite
ib
oh
pr
is
n
sio
is
m
er
tp
ou
ith
w
rt
Figure 4-12: MSTP setting—Activity
pa
The goal of this implementation is to limit the extension of the VLANs’ broadcast
i n
domains and also to split one MSTP region in two, creating two MSTP regions and a
or
simpler setup per region.
l e
ho
Q1: Is MSTP active on the links that carry routed traffic on VLANs 100 and 200?
w
____________________________________
in
n
On Cisco switches, you would call these routed links. However, today there is no
tio
strict concept of routed links on HP switches. In other words, you cannot set an IP
c
du
address on an interface to make it routed. You create a routed link by assigning the
ro
physical interface to a unique VLAN reserved for it (100 and 200 in this example)
ep
and assigning the VLAN an IP address.

.R
ly
Q2: Which link is blocked? Why?

on
_____________________________________________________________________
use
er
_____________________________________________________________________
ld
ho
ke
_____________________________________________________________________
a
St
&L
_____________________________________________________________________
C
P
H
_____________________________________________________________________
_____________________________________________________________________
Rev. 11.12
Adding a new VLAN on a switch implementing

MSTP
d.
– What happens if you add VLAN 14 on switch D?
ite
ib
oh
pr
is
n
sio
is
m
er
Config name = “Region1“
tp
Revision #= 1
ou
ith
IST instance = VLANs 2-10, 14-4094
w
rt
Figure 4-13: Adding a new VLAN on a switch implementing MSTP
pa
Q1: What happens if you add VLAN 14 on switch D? i n
or
_____________________________________________________________________
l e
ho
w
_____________________________________________________________________
in
n
tio
_____________________________________________________________________
c
du
ro
_____________________________________________________________________
ep
.R
ly
_____________________________________________________________________
on
se
u
er
ld
ho
ake
St
&L
C
P
H
Rev. 11.12
Assigning a VLAN to an MST instance

1. What happens if you add VLAN 14 on switch D?
2. What happens if you move VLAN 14 to instance 2 on D?
d.
3. What can you do to limit the MSTP region changes?
ite
ib
oh
pr
Use IST
is
parameters to establish
n
the spanning tree
s io
is
m
er
tp
Config name = “Region1" Config name = “Region1"
Revision number = 1 Revision number = 1
ou
Instance 1 = VLANs 1 12 Instance 1 = VLANs 1 12
ith
Instance 2 = VLANs 11 13 Instance 2 = VLANs 11 13 14
IST instance = VLANs 2 - 10 14 - 4094 IST instance = VLANs 2 - 10 15 - 4094
w
rt
Figure 4-14: Assigning a VLAN to an MST instance
pa
n
Every time you add or delete a VLAN from an MST instance other than 0, it changes
i
or
the mapping of the VLAN to instances, and then it changes the region of that switch.
l e
Q1: What happens if you add VLAN 14 on switch D? (You learned on the previous
ho
slide.)
w
in
_____________________________________________________________________
n
c tio
_____________________________________________________________________
du
ro
ep
_____________________________________________________________________
.R
ly
on
_____________________________________________________________________
u se
Q2: What happens when you define VLAN 14 on switch D in instance 2?

er
ld
_____________________________________________________________________
ho
ake
_____________________________________________________________________
St
&L
C
_____________________________________________________________________
P
H
_____________________________________________________________________
_____________________________________________________________________
Rev. 11.12
Note that the average failover timeout when moving from MSTP to RSTP may not be
longer than 1 to 3 seconds.
Q3: What can you do to limit the MSTP region changes?
_____________________________________________________________________
d.
ite
ib
_____________________________________________________________________
oh
pr
is
_____________________________________________________________________
n
sio
is
_____________________________________________________________________
m
er
tp
_____________________________________________________________________
ou
ith
_____________________________________________________________________
w
rt
pa
The following page presents two strategies.
i n
or
l e
ho
w
in
n
c tio
du
ro
ep
.R
ly
on
use
er
ld
ho
ake
St
&L
C
P
H
Rev. 11.12
Strategies to place VLANs in MSTP instances

Preset all VLANs in Move newly created VLANs to instances
instances at initial setup during a defined maintenance window
d.
ite
ib
oh
VLANs 11-2000 VLANs 1-100
pr
is
n
io
VLANs 2001-4094 VLANs 101-200
s
is
m
er
tp
VLANs 1-10 VLANs 200-4094
ou
ith
w
Figure 4-15: Strategies to place VLANs in MSTP instances
rt
pa
These two strategies are designed to reduce:
Failover due to changes in MSTP instances i n
or

e
Configuration overhead due to adding and deleting VLANs from MST instances
l

ho
Strategy 1: Preset all VLANs in instances at initial setup.

w
in
 Pros:
n
tio
 In this strategy, you complete the setup all at once.

c
du
 This strategy reduces the risks of misconfiguration.

ro
ep
 Cons:
.R
 If VLANs exist and HSRP/VRRP gateways are already defined, instance

ly
setup may be complex.

on
se
 You might find it complex to implement setups that do not use a range of
u
VLANs per instance.

er
ld
ho
ake
St
&L
C
P
H
Rev. 11.12
Strategy 2: Do not move VLANs when they are created. Leave them in instance 0
and make all during the planning maintenance window.
Pros:
 In this strategy, you can add VLANs and downtime is limited to once every
d.
“n” months.
ite
ib
 This strategy reduces the number of changes that need to be made at once.
oh
pr
 This strategy does not require you to set up instances in advance.
is
Cons:
n
sio
 While setup requirements are minimized, this strategy still requires changes
is
m
and some failover time every “n” months.
er
tp
ou
ith
w
rt
pa
i n
or
l e
ho
w
in
n
c tio
du
ro
ep
.R
ly
on
use
er
ld
ho
ake
St
&L
C
P
H
Rev. 11.12
MSTP—Path costs
d.
ite
ib
oh
pr
is
n
io
s
is
m
er
tp
stp pathcost-
Default Default
ou
standard dot1t
ith
Figure 4-16: MSTP—Path costs
w
rt
pa
Figure 4-16 shows the default path costs for HP A-Series, E-Series, and Cisco switches.
n
While the slide covers MSTP implementations, note that both RSTP and MSTP utilize
i
or
the 20000 cost value.
e
On both HP E-Series switches and Cisco switches, MSTP implements the IEEE
l
ho
802.1s/802.1t cost value by default. (Note that on switches that implement

w
PVST+/Rapid PVST+, the long option for spanning-tree path costs can change the
in
costs to the RSTP/MSTP standard values.)

n
tio
HP-A-Series switches are somewhat different. By default, they implement a private

c
du
legacy cost. If you need to use the standard MSTP cost calculation for full
ro
compatibility, you can use the following command:

ep
.R
stp pathcost-standard dot1t

ly
Another option for this command ( ) configures the

on
HP A-Series switches to use the costs in the STP 802.1D standard version. You might
se
select this option when you use the HP A-Series switches with Cisco switches that
u
implement PVST+ and do not support the long option for path cost calculation.
er
ld
ho
ake
St
&L
C
P
H
Rev. 11.12
Configuring MSTP
 MSTP review
 MSTP design options
d.
ite

ib
oh

pr

is

n
sio
is
m
er
Figure 4-17: Configuring MSTP
tp
ou
In this section, you will learn about the key differences in configuring MSTP on HP A-
ith
Series, E-Series, and Cisco switches.
w
rt
pa
i n
or
l e
ho
w
in
n
ctio
du
ro
ep
.R
ly
on
use
er
ld
ho
ake
St
&L
C
P
H
Rev. 11.12
Configuring MSTP—Major steps

1.
1 Set MSTP as the spanning-tree mode, if it is not the default
STP version.
d.
ite
2.
2 Define region parameters.
ib
• Config name, revision number, and instances
oh
pr
3.
3 Set root and secondary root in each MST instance.
is
4.
4 Set edge and non-edge ports.
n
io
5.
5 Enable spanning-tree.
s
is
m
6 Connect the switches.
er
tp
ou
Figure 4-18: Configuring MSTP—Major steps
ith
This slide summarizes the major steps in configuring MSTP. As you configure MSTP,
w
keep in mind the following default settings:
rt
pa
 HP E-Series switches use MSTP as the default STP version, but it is not enabled by
i n
default. When MSTP is manually enabled, all ports are auto-edge-ports by
or
default. Auto-edge ports send and listen for BPDUs for three seconds. If they do
l e
not receive any BPDUs, they become edge ports.

ho
w
 On HP A-Series switches, MSTP is the default STP version. By default, MSTP is

in
not enabled, and all ports are non-edge ports.

n
tio
 Cisco uses Per VLAN Spanning Tree Plus (PVST+) as the default STP version, and
c
du
it is enabled by default. When you change the mode to MSTP, all ports are non-
ro
edge ports by default.

ep
.R
ly
on
u se
er
ld
ho
ake
St
&L
C
P
H
Rev. 11.12
IOS requirements for MSTP on Cisco

To be compliant with the IEEE 802.1s-2002 standard, Cisco switches
must run the following (or newer) software versions:
d.
ite
•Catalyst 2950, 3550, 3560, 3750: IOS 12.2(25)SEC
ib
•Catalyst 2955: supported on all versions
oh
•Catalyst 4000, 2948G and 2980G: CatOS 12.2(25)SG
pr
•Catalyst 4000: IOS12.2(25)SG
is
•Catalyst 6000: native IOS 12.2(18)SXF or CatOS 8.3
n
io
•MSTP is not supported on following: Catalyst 2900XL, 3500XL,
s
is
2948G-L3, 4908G-L3, 5000, 5500, 8500
m
er
– Earlier versions than the ones specified implement a pre-standard of MSTP
tp
that is compliant with 802.1s.
ou
– The pre-standard and standard commands look the same, so do not use
ith
them to check for support.
w
Figure 4-19: IOS requirements for MSTP on Cisco
rt
pa
Some Cisco switches, such as the 2900 XL and the others mentioned above, do not
i
support MSTP. On others, double check the IOS version.n
or
e
You must double check the IOS version because the commands will not tell you
l
ho
whether your switch is capable of implementing MSTP. (They are the same as
w
standard MSTP commands.) Pre-standard MSTP looks identical in the CLI but is not
in
compatible with 802.1s. It will use RSTP, however, to interoperate with the MSTP
n
tio
switches.
c
du
ro
ep
.R
ly
on
use
er
ld
ho
ake
St
&L
C
P
H
Rev. 11.12
Cisco and HP MSTP scenario: Cisco switch

configurations
d.
!Enable MSTP mode and define MSTP parameters
ite
Cisco(config)# spanning-tree mode mst
Cisco(config)# spanning-tree mst configuration
ib
Cisco(config-mst)# instance 1 vlan 1,12
oh
Cisco(config-mst)# instance 2 vlan 11,13
Cisco(config-mst)# name Region1
pr
Cisco(config-mst)# revision 1
is
Cisco(config-mst)# ! EXIT Required to validate config
Cisco(config-mst)# exit
n
io
!Set CiscoA as root of instance 0 and 1
s
CiscoA(config)# spanning-tree mst 0 priority 0
is
m
er
tp
!Set CiscoB as root of instance 2
CiscoB(config)# spanning-tree mst 0 priority 4096
ou
ith
w
!Enable PortFast on all access ports
Cisco(config)# spanning-tree portfast default
rt
pa
Figure 4-20: Cisco and HP MSTP scenario: Cisco switch configurations
i n
or
The slide displays the commands for configuring the Cisco switches to implement
e
MSTP. Note the following aspects of the configuration:

l
ho
You must set MSTP mode because it is not the default mode.
w

in
 You must also define the region parameters. In this example these are:
n
tio
 Region name: Region1 (it is case sensitive)

c
du
 Revision number: 1
ro
ep
 Instance 1: VLAN 1 and 12

.R
 Instance 2: VLAN 11 and 13

ly
on
 Cisco A is defined as root in Instance 0 and 1 and secondary root in instance 2

se
 Cisco B is defined as Root in Instance 2 and secondary root in instance 0 and

u
1.
er
ld
The command sets all ports that not trunks and

ho
that do not receive BPDUs as edge ports.

ake
You must type for the MSTP region commands to take effect.
St

&L
C
P
H
Rev. 11.12
Cisco and HP MSTP scenario: HP A-Series switch

configurations
d.
#MSTP is default
ite
#Enable MSTP standard cost (not default)
ib
[Switch] stp pathcost-standard dot1t
oh
#Define MSTP region parameters
pr
[Switch]stp region-configuration
[Switch-mst-region] region-name Region1
is
[Switch-mst-region] revision-level 1
n
[Switch-mst-region] instance 1 vlan 1 11
io
[Switch-mst-region] instance 2 vlan 12 to 13
s
[Switch-mst-region] active region-configuration
is
m
#STP is not enabled by default
[Switch] stp enable
er
tp
#Define edge ports using a port group
ou
[Switch]port-group manual edge-1
[Switch-…] group-member Gi 1/0/1 to Gi 1/0/40
ith
[Switch-…] port link-type access
[Switch-…] port access vlan 11
w
[Switch-…] stp edged-port enable
rt
pa
Figure 4-21: Cisco and HP MSTP scenario: HP A-Series switch configurations
i n
As you learned earlier, on HP A-Series switches, the default path cost does not
or
adhere to the 802.1t-2001 standard. Unless you configure the dot1t standard in this
l e
ho
scenario, the alternate port will not be on the access layer side but rather on the
w
secondary root side. This error arises because the legacy values of the HP A-Series
in
for MSTP default to lower ones than the standard values:

n
tio
 Fast-Ethernet:200
c
du
 Gigabit: 20
ro
ep
 10 Gig: 2
.R
ly
on
use
er
ld
ho
ake
St
&L
C
P
H
Rev. 11.12
Troubleshooting MSTP
Use the following guidelines for troubleshoot MSTP in a multivendor environment:
 If a switch is the root in an instance when it should not be, and its priority is
d.
correct, the switch probably belongs to another MSTP region.
ite
ib
 Verify the MSTP configuration parameters.
oh
pr
 If an edge switch can no longer forward traffic when its root port is down, verify
is
the VLAN configuration on the alternate port.
n
io
 The alternate and root ports should carry the same VLANs (untagged or
s
tagged).
is
m
er
 If MSTP does not converge quickly, check that uplinks are set as non-edge and
tp
point-to-point.
ou
ith
w
rt
pa
i n
or
l e
ho
w
in
n
c tio
du
ro
ep
.R
ly
on
use
er
ld
ho
ake
St
&L
C
P
H
Rev. 11.12
Conclusion: MSTP on Cisco and HP switches

In conclusion, follow these guidelines when configuring MSTP on Cisco and HP
switches:
d.
Check that Cisco switches can support MSTP and upgrade IOS if required.
ite

ib
 Schedule downtime for changing the STP mode.
oh

pr
The step-by-step transition might introduce some downtime.
is
 Carefully plan MSTP instances:
n
io
 Possibly preset all VLANs in instances.
s
is
m
 Pay attention to instance 0 for interoperability with non-MSTP switches.
er
tp
 Analyze the location of your region boundaries, if any.
ou
 Disable STP on routed links or when the VLAN topology prevents loops.
ith
w
rt
pa
i n
or
l e
ho
w
in
n
c tio
du
ro
ep
.R
ly
on
u se
er
ld
ho
ake
St
&L
C
P
H
Rev. 11.12
Lab 4.1: Configuring MSTP
d.
ite
ib
oh
pr
is
n
sio
is
m
er
tp
ou
ith
Figure 4-23: Lab 4.1: Configuring MSTP
w
rt
You will now complete a lab in which you configure Cisco, HP A-Series, and HP E-
pa
Series switches to implement MSTP.
i n
Use the space below to record any instructions your facilitator gives you for this lab.
or
e
________________________________________________________________________
l
ho
w
in
________________________________________________________________________
n
c tio
________________________________________________________________________
du
ro
ep
________________________________________________________________________
.R
ly
on
________________________________________________________________________
use
________________________________________________________________________
er
ld
ho
________________________________________________________________________
ake
St
________________________________________________________________________
&L
C
P
________________________________________________________________________
H
________________________________________________________________________
Rev. 11.12
Lab debrief
1. What are your key insights about MSTP?
a. Did you discover something new?
d.
ite
b. Did you discover something that surprised you?
ib
_______________________________________________________________________
oh
pr
is
_______________________________________________________________________
n
sio
is
_______________________________________________________________________
m
er
tp
_______________________________________________________________________
ou
ith
w
2. What were your greatest challenges?
rt
pa
a. Did you learn something that helped you to address the challenges?
n
_______________________________________________________________________
i
or
l e
ho
_______________________________________________________________________
w
in
_______________________________________________________________________
n
c tio
du
_______________________________________________________________________
ro
ep
3. What did you learn of practical value?

.R
ly
a. What did you discover that you can apply in the field?
on
_______________________________________________________________________
u se
er
_______________________________________________________________________
ld
ho
ke
_______________________________________________________________________
a
St
&L
_______________________________________________________________________
C
P
H
_______________________________________________________________________
_______________________________________________________________________
Rev. 11.12
Module 4 summary
In this module, you reviewed MSTP concepts such as regions, instances, and
interoperability with RSTP and STP. If you were more familiar with PVST+ when you
d.
began the module you should now understand how MSTP operates in a slightly
ite
different way.
ib
oh
You also learned the steps and commands for implementing MSTP on Cisco, HP A-
pr
Series, and HP E-Series switches. You analyzed the problems that might occur if you
is
do not set up consistent path costs across the platforms and also studied several
n
scenarios and best practices for MSTP design. Finally, you learned a little about
sio
troubleshooting MSTP in a multi-vendor environment.
is
m
er
tp
ou
ith
w
rt
pa
i n
or
l e
ho
w
in
n
ctio
du
ro
ep
.R
ly
on
use
er
ld
ho
ake
St
&L
C
P
H
Rev. 11.12
Learning check
Q1: Is the MSTP region name case sensitive?
_________________________________________________________________________
d.
ite
Q2: Is MSTP aware of VLAN configuration? Explain your answer.
ib
_________________________________________________________________________
oh
pr
is
_________________________________________________________________________
n
sio
is
_________________________________________________________________________
m
er
tp
_________________________________________________________________________
ou
ith
w
Q3: Which parameters are applied outside of an MSTP region?
rt
pa
_________________________________________________________________________
i n
or
_________________________________________________________________________
l e
ho
w
_________________________________________________________________________
in
n
tio
_________________________________________________________________________
c
du
ro
Q4: Can a switch that implements STP be the root of the CST?
ep
_________________________________________________________________________
.R
ly
Q5: How should you configure VLANs on uplink ports?

on
_________________________________________________________________________
u se
er
_________________________________________________________________________
ld
ho
ke
_________________________________________________________________________
a
St
&L
_________________________________________________________________________
C
P
H
_________________________________________________________________________
_________________________________________________________________________
Rev. 11.12
Q6: Does a Cisco switch implementing PVST+ interoperate with a switch

implementing MSTP? If so, how?
_________________________________________________________________________
d.
_________________________________________________________________________
ite
ib
oh
_________________________________________________________________________
pr
is
n
_________________________________________________________________________
sio
is
m
_________________________________________________________________________
er
tp
ou
_________________________________________________________________________
ith
w
_________________________________________________________________________
rt
pa
i n
or
l e
ho
w
in
n
ctio
du
ro
ep
.R
ly
on
use
er
ld
ho
ake
St
&L
C
P
H
Rev. 11.12
H
P
C
&L
St
ake
ho
ld
er
use
on
ly
.R
ep
ro
du
c tio
n
in
w
ho
le
or
i
n
pa
rt
w
ith
ou
tp
er
m
is
sio
n
is
Rev. 11.12
pr
oh
ib
ite
d.
Interoperability Among PVST+,

Rapid PVST+, and MSTP
Module 5
d.
ite
ib
oh
Module 5 objectives
pr
is
After this module, you will be able to:
n
io
 Explain the interoperability capabilities and limits of Cisco’s Per VLAN Spanning
s
is
Tree Plus protocol (PVST+) and Rapid PVST+ with Spanning Tree Protocol (STP),
m
Rapid Spanning Tree Protocol (RSTP), and Multiple Spanning Tree Protocol
er
tp
(MSTP)
ou
 Select an STP option to integrate HP switches and Cisco switches based on
ith
customer constraints and the existing network
w
rt
 Configure STP on HP switches and PVST+ with Cisco switches for integration in a
pa
redundant network
i n
or
l e
ho
w
in
n
c tio
du
ro
ep
.R
ly
on
use
er
ld
ho
ake
St
&L
C
P
H
Rev. 11.12
PVST+ and STP interoperability

In this section of the module, you will review basic interoperability concepts. You will
compare Spanning Tree Protocol (STP), Rapid Spanning Tree Protocol (RSTP), and
d.
Multiple Spanning Tree Protocol (MSTP) with Cisco’s Per VLAN Spanning Tree Plus
ite
(PVST+), and learn about the BPDUs that are exchanged. Use the space below to
ib
record your thoughts as your facilitator explains the information covered in this
oh
section. You may also want to write down any questions you have, so you can be
pr
pay particular attention to that section of the module.
is
n
_______________________________________________________________________
sio
is
m
_______________________________________________________________________
er
tp
ou
_______________________________________________________________________
ith
w
_______________________________________________________________________
rt
pa
i n
_______________________________________________________________________
or
l e
ho
_______________________________________________________________________
w
in
n
_______________________________________________________________________
c tio
du
_______________________________________________________________________
ro
ep
.R
_______________________________________________________________________
ly
on
_______________________________________________________________________
u se
er
_______________________________________________________________________
ld
ho
ke
_______________________________________________________________________
a
St
&L
_______________________________________________________________________
C
P
H
Rev. 11.12
Interoperability Among PVST+, Rapid PVST+, and MSTP
How do STP/RSTP and Cisco PVST+/Rapid PVST+

differ?
d.
ite
ib
oh
pr
is
n
sio
is
m
er
tp
Standard Proprietary based on standard
ou
Single instance One STP instance per VLAN
ith
One STP topology One STP topology per VLAN
Untagged BPDUs
w
Tagged BPDUs per VLAN
rt
Figure 5-1: How do STP/RSTP and Cisco PVST+/Rapid PVST+ differ?
pa
n
It is important to understand the key differences between STP/RSTP and
i
or
PVST+/Rapid PVST+.
l e
ho
 With STP and RSTP:

w
 There is only a single instance of spanning tree.

in
n
 Blocked ports are physically blocked, blocking all VLANs configured on that
tio
port.
c
du
 Standard BPDUs are sent untagged and are not attached to any VLAN.
ro
ep
 The BPDUs are always sent no matter which VLANs are configured on
.R
the link. They are untagged (even if the link has only a tagged
ly
membership).
on
 The MAC address of a BPDU is a standard bridge multicast MAC address:

use
01:80:c2:00:00:00.
er
A bridge that implements standard STP uses this MAC address to

ld

ho
determine that it must check the content of the frame.

ke
With PVST+ and Rapid PVST+:

a

St
 There is one instance of STP per VLAN.

&L
C
 Port roles are defined on a per-VLAN basis.

P

H
PVST+ BPDUs are set tagged on ports when the VLAN is tagged on a port
and untagged when VLANs are untagged.
Rev. 11.12
 The forwarding and reception of PVST BPDUs directly depends on whether

a VLAN exists on a particular link.
 PVST+ is based on standard spanning tree 802.1D mechanisms but is a
proprietary implementation, with the exception of VLAN 1. (See later slides.)
d.
ite
 Backbonefast, uplinkfast and portfast are specific mechanisms to speed
ib
STP convergence on Cisco platforms.
oh
 Rapid PVST+ uses the same principles as PVST+ but is based on RSTP
pr
(802.1w) for its fast convergence mechanisms.
is
n
 With Rapid PVST+, link cost is based on 802.1D calculations:
sio
is
 Fast Ethernet: 19
m
er
 Gigabit: 4
tp
 10 Gigabit: 2
ou
ith
 When you enter the global
w
command, the switch uses RSTP and MSTP standard costs:
rt
pa
 Fast Ethernet: 200 000
 Gigabit: 20 000 i n
or
e
 10 Gigabit: 2000
l
ho
w
in
n
ctio
du
ro
ep
.R
ly
on
u se
er
ld
ho
ake
St
&L
C
P
H
Rev. 11.12
PVST+ versus MSTP
d.
ite
ib
oh
pr
is
n
sio
is
m
One STP topology per VLAN One STP Topology per instance
er
Proprietary Standard
tp
Fast convergence with Rapid PVST+ Fast convergence included
ou
High overhead Reduced overhead
ith
Config per VLAN Config per instance
PVST+ aware of VLAN topology MSTP not aware of VLAN topology
w
rt
Figure 5-2: PVST+ versus MSTP
pa
n
Very often there are misconceptions about MSTP versus PVST+. MSTP is not the
i
or
standard version of PVST+ or Rapid PVST+. Here are the key differences between
e
MSTP and PVST+:

l
ho
w
 MSTP
in
 There is one spanning tree topology per instance.

n
tio
 Each instance is defined as a set of VLANs.

c
du
 MSTP is the IEEE 802.1s standard.

ro
ep
 For fast convergence it uses RSTP mechanisms.

.R
 It is backward compatible with RSTP or STP.

ly
on
 Ports are blocked or forwarding on a per instance basis.

se
 What is really blocked or forwarding are the VLANs of the given

u
er
instance.
ld
ho
 Standard MSTP BPDUs are sent untagged and are not attached to any
ke
VLAN.
a
St
 BPDUs are sent for whatever VLAN setup exists on a port.

&L
 MSTP BPDUs contain information about all instances. (See the BPDU
C
page.)
P
H
 This reduces overhead for BPDU management.

 There is no need to restrict the number of VLANs created per switch.
Rev. 11.12

01:80:c2:00:00:0.
 PVST+ and Rapid PVST+
 These protocols not standard despite being interoperable with standard STP.
d.
ite
(See the following pages.)
ib
 There is only one instance of STP per VLAN.
oh
pr
 BPDUs are sent in each VLAN, which creates overhead.
is
 The port role is defined on a per VLAN basis.
n
sio
 A design recommendation is to reduce the number of VLANs on the
is
switch to reduce overhead due to BPDUs per VLAN.
m
er
 PVST+ BPDUs are sent tagged on ports when a VLAN is tagged on the
tp
port, and untagged when a VLAN untagged.
ou
ith
 Forwarding and reception of PVST BPDUs directly depends on a VLAN’s
w
existence on the link.
rt
pa
01:80:c2:00:00:0. i n
or
l e
ho
w
in
n
c tio
du
ro
ep
.R
ly
on
u se
er
ld
ho
ake
St
&L
C
P
H
Rev. 11.12
Spanning tree BPDUs
d.
ite
ib
oh
pr
is
n
sio
is
m
er
tp
ou
ith
True if VLAN 1 is ALLOWED on the trunk.
w
VLAN 1 may or may not be the native VLAN
rt
Figure 5-3: Spanning tree BPDUs
pa
n
STP, RST, MSTP and PVST+ use different types of BPDUs. Understanding what BPDUs
i
or
are generated by a switch and what received BPDUs are interpreted by a switch
e
helps manage STP interoperability.

l
ho
w
Some important things to know about BPDUs are:

in
Standard BPDUs
n

tio
 802.1D/802.1w/802.1s BPDUs use a standard bridge multicast MAC

c
du
address: 01:80:c2:00:00:00, so the BPDUs will be looked through by

ro
switches where STP or RSTP or MSTP is enabled.

ep
.R
 RSTP BPDUs are backward compatible with STP BPDUs, and MSTP BPDUs
are backward compatible with both. When a device that supports only
ly
on
RSTP or STP receives an MSTP BPDU, it can interpret all of the BPDU except
se
the MSTP-specific data. The CIST data includes the ID for the region’s IST
u
root bridge, which is the ID for the region as a whole acting like a single
er
logical bridge.
ld
ho
 There are three kinds of PVST+ Cisco BPDUs:

ke
 When VLAN 1 is allowed on a trunk, PVST+ sends standard STP BPDUs.

a
St
 BPDUs carry the parameters set in VLAN 1.

&L
C
 Note that VLAN 1 does not need to be the native VLAN for standard
P
BPDUs to be sent. It only needs to be enabled.

H
 In any case, the Cisco switch sends an untagged, standard BPDU.
Rev. 11.12
 If Rapid PVST+ is enabled, then RSTP BPDUs are sent instead of STP BPDUs.
 In an untagged/native VLAN (if different than 1), PVST+ BPDUs with Cisco
MAC addresses are sent.
 PVST+ BPDUs are only understood by switches running PVST+.
d.
ite
 In tagged VLANs, PVST BPDUs are tagged and use Cisco MAC addresses.
ib
oh
 PVST+ BPDUs are only understood by switches running PVST+.
pr
is
n
sio
is
m
er
tp
ou
ith
w
rt
pa
i n
or
l e
ho
w
in
n
c tio
du
ro
ep
.R
ly
on
u se
er
ld
ho
ake
St
&L
C
P
H
Rev. 11.12
Cisco PVST+: Which BPDUs are sent on trunk ports?

interface GigabitEthernet 1/20
switchport access vlan 11
d.
switchport mode access
ite
ib
oh
pr
is
n
switchport voice vlan 12
sio
is
m
er
tp
ou
Figure 5-4: Cisco PVST+: Which BPDUs are sent on trunk ports?
ith
w
Standard BPDUs are sent if VLAN 1 is allowed on the trunk port. If VLAN 1 is not
rt
allowed, no standard BPDUs are sent, and interoperability with standard-based
pa
switches cannot occur.
i n
or
l e
ho
w
in
n
c tio
du
ro
ep
.R
ly
on
use
er
ld
ho
ake
St
&L
C
P
H
Rev. 11.12
Cisco PVST+: Which BPDUs are sent on access

ports?
d.
ite
ib
oh
pr
is
n
io
s
is
m
switchport voice vlan 12
er
tp
ou
ith
w
Figure 5-5: Cisco PVST+: Which BPDUs are sent on access ports?
rt
pa
On Cisco access ports, standard BPDUs are sent, which allows interoperability to
i n
occur on access ports. However, if the port is a voice over IP (VoIP) port, and if a
or
voice VLAN is defined on that port, no standard BPDUs are sent. This should not be
l e
an issue as no switch should be connected on the access port.

ho
w
Q1: Which setup would you recommend for VoIP ports?

in
__________________________________________________________________
n
c tio
du
__________________________________________________________________
ro
ep
.R
__________________________________________________________________
ly
on
__________________________________________________________________
u se
er
__________________________________________________________________
ld
ho
ke
__________________________________________________________________
a
St
&L
__________________________________________________________________
C
P
H
Rev. 11.12
Spanning tree BPDUs—Quiz 1

For each case, find BPDU characteristics:
• BDPU Type is: A) STP B) RSTP C) MSTP D) PVST+ E) Rapid PVST+
d.
ite
• MAC address: 1) Standard 01:80:c2:00:00:00 2) Cisco 01:00:0c:cc:cc:cd
ib
• BDPU Frame is: A) Tagged B) Untagged
oh
pr
is
BPDU Type:…. MAC @:…… Tagged/Untagged:….
n
sio
is
m
er
tp
ou
ith
w
rt
Figure 5-6: Spanning tree BPDUs—Quiz 1
pa
Answer each question for all VLANs.
in
or
Q1-a: For Cisco Switch 1, what types of BPDUs are sent? (Choose from STP, RSTP,
le
ho
MSTP, PVST+, Rapid PVST+)____________________________________________

w
in
n
____________________________________________________________________
c tio
du
____________________________________________________________________
ro
ep
.R
Q1-b: For Cisco Switch 1, what MAC address is used, standard, or Cisco?
ly
on
____________________________________________________________________
use
____________________________________________________________________
er
ld
ho
____________________________________________________________________
ake
St
Q1-c: Are the BPDUs that Cisco Switch 1 sends out tagged or untagged?
&L
C
____________________________________________________________________
P
H
____________________________________________________________________
____________________________________________________________________
Rev. 11.12
MSTP, PVST+, Rapid PVST+)____________________________________________
d.
____________________________________________________________________
ite
ib
oh
____________________________________________________________________
pr
is
____________________________________________________________________
n
sio
is
m
____________________________________________________________________
er
tp
ou
ith
____________________________________________________________________
w
rt
pa
____________________________________________________________________
i n
or
____________________________________________________________________
l e
ho
w
____________________________________________________________________
in
n
tio
____________________________________________________________________
c
du
ro
ep
.R
____________________________________________________________________
ly
on
____________________________________________________________________
u se
er
____________________________________________________________________
ld
ho
ke
____________________________________________________________________
a
St
&L
____________________________________________________________________
C
P
H
Rev. 11.12

For each received BPDU and for each switch config, specify if the switch will:
1) Inspect it 2) Drop it 3) Forward it
What BPDUs will the switch send on the same port?
d.
ite
BPDU type: PVST+ MAC @: Cisco Tagged VLAN 10
ib
oh
pr
BPDU type: RPVST+ MAC @: Cisco Untagged
is
n
io
BPDU type: STP MAC @: Std Untagged
s
is
m
er
BPDU type: RSTP MAC @: Std Untagged
tp
ou
BPDU type: MSTP MAC @: Std Untagged
ith
w
rt
Figure 5-7: Spanning tree BPDUs—Quiz 2
pa
n
Your goal for this activity is to learn standard and proprietary BPDUs are handled by
i
or
Cisco and HP switches, preparing yourself for the interoperability scenarios that will
e
be presented later in this module.

l
ho
Q1: For each BPDU in Figure 5-7, specify whether each switch will inspect, drop, or
w
forward a received BPDU of that type. When you are finished, you should have a
in
n
total of 20 answers, but your instructor might assign you and your group to a
tio
particular set of answers.

c
du
The table on the next page provides a space to enter your answers.
ro
ep
.R
ly
on
use
er
ld
ho
ake
St
&L
C
P
H
Rev. 11.12
d.
ite
ib
oh
pr
is
B
n
sio
is
m
er
tp
ou
ith
C
w
rt
pa
i n
or
l e
ho
D
w
in
n
c tio
du
ro
ep
E
.R
ly
on
u se
er
ld
ho
a ke
St
&L
C
P
H
Rev. 11.12
Cisco and HP scenario 1: HP A-Series switch

configuration
d.
ite
ib
stp region-configuration
oh
region-name PCU1
pr
revision-level 1
instance 1 vlan 1 11
is
instance 2 vlan 12 to 13
active region-configuration
n
io
quit
s
is
port-group manual edge-1
m
group-member Gi 1/0/1 to Gi 1/0/44
stp edged-port enable
er
quit
tp
stp enable
ou
ith
Is the MSTP region configuration required?
w
Under what circumstances, would you
rt
configure these settings?
pa
Figure 5-16: Cisco and HP scenario 1: HP A-Series switch configuration
i n
or
Q1: Is the MSTP region configuration required?
l e
ho
_________________________________________________________________
w
in
_________________________________________________________________
n
c tio
du
_________________________________________________________________
ro
ep
.R
_________________________________________________________________
ly
on
_________________________________________________________________
use
er
Q2: Under what circumstances, would you configure the MSTP region settings?
ld
ho
_________________________________________________________________
ake
St
_________________________________________________________________
&L
C
_________________________________________________________________
P
H
_________________________________________________________________
_________________________________________________________________
Rev. 11.12
Cisco and HP scenario 1: HP E-Series switch

configuration
d.
ite
ib
spanning-tree
oh
spanning-tree 1-44 admin-edge-port
pr
is
n
s io
is
In the latest versions of current E-Series
m
software, MSTP is default.
er
With these configurations, what is the region
tp
name?
ou
ith
w
rt
Figure 5-17: Cisco-HP scenario 1: HP E-Series switch configuration
pa
Q1: With these configurations, what is the region name?
i n
or
_________________________________________________________________
l e
ho
w
_________________________________________________________________
in
n
tio
_________________________________________________________________
c
du
ro
_________________________________________________________________
ep
.R
ly
_________________________________________________________________
on
se
_________________________________________________________________
u
er
ld
_________________________________________________________________
ho
ake
St
&L
C
P
H
Rev. 11.12
Cisco and HP scenario 2

Now you will learn about another practical interoperability scenario. This scenario
introduces load balancing. HP switches are at the access layer, and the Cisco
d.
switches are in aggregation layer with load balancing enabled between them.
ite
ib
oh
pr
is
n
sio
is
m
er
tp
ou
ith
w
rt
pa
i n
or
l e
ho
w
in
n
c tio
du
ro
ep
.R
ly
on
use
er
ld
ho
ake
St
&L
C
P
H
Rev. 11.12
PVST+/STP interoperability—Scenario 2
d.
Does traffic from Cisco C
ite
experience the PVST+ load
balancing effect?
ib
oh
Does traffic from HP Switch D
pr
experience this effect?
is
n
Can you obtain load balancing
io
for HP D?
s
is
m
er
tp
ou
Figure 5-18: PVST+/STP interoperability—Scenario 2
ith
w
In Scenario 2, you implement the load balancing that is already in effect in many
rt
Cisco networks for the HP to Cisco links.
pa
Q1: Does traffic from Cisco C experience the PVST+ load balancing effect on uplinks
to the aggregation layer? i n
or
e
_________________________________________________________________
l
ho
w
in
_________________________________________________________________
n
c tio
_________________________________________________________________
du
ro
ep
Q2: Does traffic from HP Switch D experience this effect?

.R
_________________________________________________________________
ly
on
se
_________________________________________________________________
u
er
ld
_________________________________________________________________
ho
ake
Q3: Can you obtain load balancing for HP D?

St
&L
_________________________________________________________________
C
P
_________________________________________________________________
H
_________________________________________________________________
Rev. 11.12
Scenario 2—VLAN topologies
d.
ite
ib
oh
pr
is
n
sio
is
m
er
tp
ou
ith
w
Figure 5-19: Scenario 2—VLAN topologies
rt
pa
In scenario 1, the MSTP/RSTP edge switch did not forward PVST+ BPDUs because
one uplink was physically blocked. i n
or
In this scenario, you will change the configuration so that the blocked port is on the
l e
ho
secondary root instead of the HP switch at the access layer. This topology permits the
w
forwarding of PVST+ BPDUs to the Cisco switch as shown in the figure. From the
in
Cisco switches’ point of view, it seems that the two core switches are connected by a
n
direct cable. Thus the secondary root for each VLAN blocks the link, causing different
tio
links to be active for different VLANs.

c
du
ro
ep
.R
ly
on
use
er
ld
ho
ake
St
&L
C
P
H
Rev. 11.12
What setup is required in VLAN 1?
d.
ite
ib
oh
pr
is
n
sio
is
m
er
tp
ou
ith
w
Figure 5-20: What setup is required in VLAN 1?
rt
pa
How do you configure the switches so that the ports on the secondary root switches
i n
are blocked? You must configure the VLAN 1 topology so that secondary root switch
or
for VLAN 1 (Cisco B) blocks the port that connects to HP C. Therefore, the root path
l e
cost of Cisco B must be higher than the root path cost of HP C.

ho
w
One way to configure the desired root path cost is to increase the path cost of Cisco
in
B to the root (on PO1) in VLAN 1. The second way is to reduce the path cost on the
n
tio
link between HP C and Cisco A.

c
du
Q1: On Cisco B, what can you do to block port gig1/1 on VLAN 1?

ro
_________________________________________________________________
ep
.R
ly
_________________________________________________________________
on
se
_________________________________________________________________
u
er
ld
Q2: What can you do on HP C to block the same port on Cisco B?

ho
ke
_________________________________________________________________
a
St
&L
_________________________________________________________________
C
P
H
_________________________________________________________________
Rev. 11.12
Cisco view in other VLANs
d.
ite
ib
oh
pr
is
n
sio
is
m
er
tp
ou
ith
w
Figure 5-21: Cisco view in other VLANs
rt
pa
Now that the blocked port has moved from HP C to Cisco B, HP C will forward Cisco
n
PVST+ BPDUs. From the PVST+ or Rapid PVST+ point of view, the two aggregation
i
or
switches seem to be connected together. Consequently, ports that lead to HP switches
e
may become the root port for the Cisco switches in various VLANs, blocking the
l
ho
higher-bandwidth link aggregation between the two Cisco switches.

w
in
Q1: On Cisco B, what is the root port in VLANs 11 and13 if the cost is 20000?
n
tio
_________________________________________________________________
c
du
ro
_________________________________________________________________
ep
.R
_________________________________________________________________
ly
on
se
_________________________________________________________________
u
er
ld
Q2: How do you ensure that po1 is selected as the root port?
ho
ke
_________________________________________________________________
a
St
&L
_________________________________________________________________
C
P
_________________________________________________________________
H
_________________________________________________________________
Rev. 11.12
Cisco and HP scenario 2: Cisco switch

configurations
d.
ite
ib
spanning-tree mode rapid-pvst
oh
spanning-tree extend system-id
spanning-tree path cost method long
pr
spanning-tree vlan 1,12 priority 0
is
interface po 1
n
spanning-tree vlan 1 cost 30000
io
spanning-tree vlan 11-13 cost 10000
s
is
m
er
tp
ou
ith
interface po 1
spanning-tree vlan 1 cost 30000
w
rt
pa
Figure 5-22: Cisco and HP scenario 2: Cisco switch configurations
i n
Pay attention to the cost configured for po1 on Cisco A and B in various VLANs. In
or
VLAN 1, the cost is increased to 30000, and in other VLANs it is decreased to
l e
ho
10000. (If the Cisco switches were not using the long path cost method, the values
w
would be 5 and 3.) These configurations ensure that the proper ports forward and
in
block traffic in each VLAN to implement load balancing and efficient use of the
n
connections.
c tio
Q1: What is the setup for HP C?

du
ro
_________________________________________________________________
ep
.R
_________________________________________________________________
ly
on
se
_________________________________________________________________
u
er
ld
_________________________________________________________________
ho
ake
_________________________________________________________________
St
&L
C
_________________________________________________________________
P
H
Rev. 11.12
What about other Cisco switches in the access

layer?
d.
ite
ib
oh
pr
is
n
s io
is
m
er
tp
ou
ith
w
rt
pa
Figure 5-23: What about other Cisco switches in the access layer?
i n
The goal of this page is to point out a drawback of the previous setup when there are
or
also Cisco switches at the edge implementing PVST+ uplinkfast. This feature requires
l e
ho
one uplink (the root port) to be up, and the other one (the alternate port) to be
w
blocked for fast convergence.

in
Q1: If Cisco C implements PVST+ uplinkfast, what is the drawback of the setup
n
tio
illustrated in the slide?

c
du
_________________________________________________________________
ro
ep
_________________________________________________________________
.R
ly
on
Q2: What setup do you suggest to resolve this issue?

se
_________________________________________________________________
u
er
ld
ho
_________________________________________________________________
ake
St
Q3: If Cisco C implements Rapid PVST+, do the setup requirements change?

&L
_________________________________________________________________
C
P
H
_________________________________________________________________
_________________________________________________________________
Rev. 11.12
What is the purpose of load balancing?

Name some good reasons to set up load balancing
• Better use of uplink bandwidth
d.
Load sharing of traffic on aggregation devices
ite
•
ib
Name some reasons not to set up load balancing
oh
Complexity
pr
•
Asymmetric routing causing excessive unicast flooding
is
•
n
Suggestions for load balancing traffic include:
sio
Send data traffic on one uplink and VoIP and video on another
is
•
m
In a data center, send data traffic on one uplink and backup traffic on
er
•
another
tp
ou
Figure 5-24: What is the purpose of load balancing?
ith
w
Q1: Name some good reasons to set up load balancing.
rt
pa
_________________________________________________________________
i n
or
_________________________________________________________________
l e
ho
w
_________________________________________________________________
in
n
tio
_________________________________________________________________
c
du
ro
_________________________________________________________________
ep
.R
_________________________________________________________________
ly
on
se
_________________________________________________________________
u
er
ld
_________________________________________________________________
ho
ake
_________________________________________________________________
St
&L
C
_________________________________________________________________
P
H
Rev. 11.12
Q2: What might be some reasons to not set up load balancing?

_________________________________________________________________
_________________________________________________________________
d.
ite
ib
_________________________________________________________________
oh
pr
is
_________________________________________________________________
n
sio
is
_________________________________________________________________
m
er
tp
_________________________________________________________________
ou
ith
_________________________________________________________________
w
rt
pa
_________________________________________________________________
i n
or
e
_________________________________________________________________
l
ho
w
_________________________________________________________________
in
n
ctio
_________________________________________________________________
du
ro
ep
_________________________________________________________________
.R
ly
_________________________________________________________________
on
use
_________________________________________________________________
er
ld
ho
_________________________________________________________________
ake
St
_________________________________________________________________
&L
C
_________________________________________________________________
P
H
_________________________________________________________________
Rev. 11.12
Lab 5.1: PVST+/MSTP interoperability
d.
ite
ib
oh
pr
is
n
sio
is
m
er
tp
ou
ith
Figure 5-25: Lab 5.1: PVST+/MSTP interoperability
w
rt
You will now complete Lab 5.1: Configuring PVST+/MSTP interoperability, in which
pa
you practice configuring the scenarios covered in this module. Use the space below
i n
to record any instructions your facilitator gives you for this lab.
or
e
________________________________________________________________________
l
ho
w
in
________________________________________________________________________
n
c tio
________________________________________________________________________
du
ro
ep
________________________________________________________________________
.R
ly
on
________________________________________________________________________
u se
________________________________________________________________________
er
ld
ho
________________________________________________________________________
ake
St
________________________________________________________________________
&L
C
________________________________________________________________________
P
H
________________________________________________________________________
Rev. 11.12
Lab debrief
– What did you find challenging?
– What do you think is the most important thing you learned
d.
about PVST+-MSTP interoperability?
ite
ib
– Of what you learned in the lab, what will be the most useful
oh
for you in the field?
pr
is
n
Figure 5-26: Lab debrief
sio
is
Record your thoughts about the lab here.
m
er
_________________________________________________________________
tp
ou
ith
_________________________________________________________________
w
rt
pa
_________________________________________________________________
i n
or
_________________________________________________________________
l e
ho
w
_________________________________________________________________
in
n
tio
_________________________________________________________________
c
du
ro
_________________________________________________________________
ep
.R
_________________________________________________________________
ly
on
se
_________________________________________________________________
u
er
ld
_________________________________________________________________
ho
ake
_________________________________________________________________
St
&L
C
P
H
Rev. 11.12
Cisco and HP scenario 3

This is the final scenario in this module. In this scenario, Cisco switches are at the
access layer and HP switches are at the aggregation layer.
d.
ite
ib
oh
pr
is
n
sio
is
m
er
tp
ou
ith
w
rt
pa
i n
or
l e
ho
w
in
n
c tio
du
ro
ep
.R
ly
on
u se
er
ld
ho
ake
St
&L
C
P
H
Rev. 11.12
HP in aggregation—Scenario 3
How would you manage these
redundant connections?
d.
ite
What are your
recommendations for setting up
ib
IRF?
oh
pr
is
n
sio
is
m
er
Prefer IRF to STP based solutions
tp
ou
Figure 5-27: HP in aggregation—Scenario 3
ith
Q1: How would you manage the redundant connections in this scenario?
w
rt
_________________________________________________________________
pa
i n
or
_________________________________________________________________
l e
ho
_________________________________________________________________
w
in
n
tio
_________________________________________________________________
c
du
ro
_________________________________________________________________
ep
.R
Q2: What are your recommendations for setting up IRF?

ly
on
_________________________________________________________________
use
_________________________________________________________________
er
ld
ho
_________________________________________________________________
ake
St
_________________________________________________________________
&L
C
P
_________________________________________________________________
H
Rev. 11.12
HP in aggregation—Scenario 3 (cont.)
d.
• Both the access and core layers
ite
can use link aggregations to
connect to the IRF in the
ib
aggregation layer.
oh
• Thus you create a redundant
pr
network without an STP
is
requirement.
n
sio
is
m
er
tp
ou
ith
Figure 5-28: HP in aggregation—Scenario 3 (cont.)
w
rt
This slide shows a core layer. Note that both access and core switches can use link
pa
aggregation to connect to the two switches that compose the IRF. In this way, you can
n
create a redundant network without implementing STP of any type.
i
or
l e
ho
w
in
n
c tio
du
ro
ep
.R
ly
on
u se
er
ld
ho
ake
St
&L
C
P
H
Rev. 11.12
HP in aggregation—Scenario 3: With MSTP and

PVST+
d.
Which BPDUs are sent and
ite
received by Cisco switches in
ib
VLAN 1?
oh
Which BPDUs are sent and
pr
received by HP switches?
is
n
If HP A and B are root and
io
secondary root in the CST, what
s
is
are the root port and alternate
m
ports in VLAN1 on Cisco switches?
er
tp
What happens if the long path cost
method is enabled?
ou
ith
w
rt
pa
Figure 5-29: HP in aggregation—Scenario 3: With MSTP and PVST+
i n
or
Examine the scenario. Assume that in this network VLAN 1 is allowed on uplinks so
e
Cisco switches can send and receive standard BPDUs.

l
ho
w
Q1: Which BPDUs are sent and received by Cisco switches in VLAN 1?
in
_________________________________________________________________
n
ctio
du
_________________________________________________________________
ro
ep
.R
_________________________________________________________________
ly
on
_________________________________________________________________
use
er
Q2: Which BPDUs are sent and received by the HP switches?

ld
ho
_________________________________________________________________
ake
St
_________________________________________________________________
&L
C
_________________________________________________________________
P
H
_________________________________________________________________
Rev. 11.12
Q3: If HP switches A and B are the roots in the CST, what are the root port and
alternate ports in VLAN 1 on Cisco switches?
_________________________________________________________________
d.
_________________________________________________________________
ite
ib
oh
_________________________________________________________________
pr
is
n
_________________________________________________________________
sio
is
m
_________________________________________________________________
er
tp
ou
_________________________________________________________________
ith
w
Q4: What happens if the long path cost method is not enabled?
rt
pa
_________________________________________________________________
i n
or
e
_________________________________________________________________
l
ho
w
_________________________________________________________________
in
n
c tio
_________________________________________________________________
du
ro
ep
_________________________________________________________________
.R
ly
_________________________________________________________________
on
u se
er
ld
ho
ake
St
&L
C
P
H
Rev. 11.12
HP in aggregation—Scenario 3: With MSTP and

PVST+ (cont.)
d.
Which BPDUs are sent and received
ite
by Cisco switches in other VLANs?
ib
oh
How do HP switches handle the
pr
PVST+ BPDUs?
is
If Cisco C has the lowest bridge ID,
n
what will the topology be in the
io
other VLANs from the Cisco
s
is
switches’ point of view?
m
er
tp
ou
ith
w
rt
pa
Figure 5-30: HP in aggregation—Scenario 3: With MSTP and PVST+ (cont.)
i n
or
Q1: Which BPDUs are sent and received by Cisco switches in other VLANs?
e
_________________________________________________________________
l
ho
w
in
_________________________________________________________________
n
c tio
_________________________________________________________________
du
ro
ep
_________________________________________________________________
.R
ly
on
_________________________________________________________________
use
_________________________________________________________________
er
ld
ho
Q2: How do the HP switches handle the PVST+ BPDUs?

ake
St
_________________________________________________________________
&L
C
_________________________________________________________________
P
H
_________________________________________________________________
_________________________________________________________________
Rev. 11.12
_________________________________________________________________
_________________________________________________________________
d.
_________________________________________________________________
ite
ib
oh
_________________________________________________________________
pr
is
n
Q3: Having exchanged these BPDUs, what topology do the switches create? Assume
sio
that the Cisco switches are using their default priorities and that Cisco C has the
is
m
lowest MAC address.
er
_________________________________________________________________
tp
ou
ith
_________________________________________________________________
w
rt
pa
_________________________________________________________________
i n
or
_________________________________________________________________
l e
ho
w
_________________________________________________________________
in
n
tio
_________________________________________________________________
c
du
ro
_________________________________________________________________
ep
.R
ly
_________________________________________________________________
on
se
_________________________________________________________________
u
er
ld
_________________________________________________________________
ho
ake
St
&L
C
P
H
Rev. 11.12
HP in aggregation—Scenario 3: Configuration
!Cisco Access configuration:
d.
ite
ib
! Set Cisco B as the root of other VLANs
oh
spanning-tree vlan 2-6 priority 0
pr
!To get a load balancing effect per VLAN,
different cost are set on uplinks
is
interface GigabitEthernet2/1
n
io
s
is
interface GigabitEthernet2/2
m
er
tp
ou
ith
Figure 5-31: HP in aggregation—Scenario 3: Configuration
w
rt
The commands shown in the slide configure Cisco C for the scenario introduced in
pa
the previous slides. The commands would be similar for the other Cisco switches;
i n
however, you would not change their priorities, or you would assign these switches
or
different priorities.
l e
ho
The slide shows how you can set the path costs so that the switch load balances
w
traffic over its two links rather that always selects the port with the lower ID:
in
n
 Set the port cost to 10000 to have the uplink port become the root port (or
tio
designated port on the root bridge).

c
du
 Set the port cost to 30000 to have the uplink port become the alternate port.
ro
ep
 Alternate which ports are set to 10000 and which are set to 30000 in different
.R
VLANs.
ly
This slide does not show the configuration for the HP switches, which are
on
implementing MSTP. Within the MSTP region, HP A is root bridge and VRRP master
se
on VLANs 1 to 3, and HP B is root bridge and VRRP master on VLANs 4 to 6. You

u
er
have seen similar configurations in other scenarios.

ld
ho
ake
St
&L
C
P
H
Rev. 11.12
Lab 5.2: PVST+/MSTP interoperability: HP at the

aggregation layer (Optional)
d.
ite
ib
oh
pr
is
n
io
•
s
•
is
•
m
•
er
•
tp
ou
ith
w
rt
Figure 5-32: Lab 5.2: PVST+/MSTP interoperability: HP at the aggregation layer (Optional)
pa
n
In this lab, you practice configuring a scenario like the one that you have just
i
or
examined. You will configure a network with HP A-Series switches at the aggregation
e
layer, implementing MSTP, and Cisco switches at the edge, implementing Rapid
l
ho
PVST+.
w
in
n
________________________________________________________________________
c tio
du
ro
________________________________________________________________________
ep
.R
________________________________________________________________________
ly
on
se
________________________________________________________________________
u
er
ld
________________________________________________________________________
ho
ke
________________________________________________________________________
a
St
&L
________________________________________________________________________
C
P
H
________________________________________________________________________
________________________________________________________________________
Rev. 11.12
Lab debrief
– What key things did you learn about configuring MSTP with
HP switches at the aggregation layer and Cisco at the
d.
edge?
ite
ib
– What were your greatedst challenges?
oh
– If you had to apply such a design at a customer site, what
pr
to-do list would you create?
is
n
sio
is
m
er
Record your thoughts about the lab here.
tp
_________________________________________________________________
ou
ith
w
_________________________________________________________________
rt
pa
_________________________________________________________________
i n
or
e
_________________________________________________________________
l
ho
w
in
_________________________________________________________________
n
ctio
_________________________________________________________________
du
ro
ep
_________________________________________________________________
.R
ly
on
_________________________________________________________________
use
_________________________________________________________________
er
ld
ho
_________________________________________________________________
ake
St
&L
C
P
H
Rev. 11.12
Module 5 summary
– PVST+ or Rapid PVST+ do interoperate with standard STP
protocols. VLAN 1 setup is key.
d.
ite
– Load balancing can be obtained. This requires a careful
ib
setup and understanding of the consequences.
oh
pr
– There are alternatives to enabling STP, such as disabling
is
STP, smart Link, and monitor link.
n
io
– Set your priorities between convergence speed, load-
s
is
balancing and ease of setup.
m
er
– Remember that a solution that is easy to set up is also easy
tp
to maintain.
ou
ith
Figure 5-34: Module 5 summary
w
In this module, you have been introduced to the concept of interoperability, and you
rt
pa
reviewed three practical scenarios in which it was implemented. Record your
n
thoughts here while your facilitator reviews what was covered in this module.
i
or
____________________________________________________________________
l e
ho
w
____________________________________________________________________
in
n
tio
____________________________________________________________________
c
du
ro
____________________________________________________________________
ep
.R
ly
____________________________________________________________________
on
se
____________________________________________________________________
u
er
ld
____________________________________________________________________
ho
ake
St
____________________________________________________________________
&L
C
____________________________________________________________________
P
H
____________________________________________________________________
Rev. 11.12
Learning check
Q1: When does PVST+ interoperate with standard STP? And with RSTP? And with
MSTP?
d.
____________________________________________________________________
ite
ib
oh
____________________________________________________________________
pr
is
n
____________________________________________________________________
sio
is
m
____________________________________________________________________
er
tp
ou
Q2: Does an HP switch “understand” (that is process and interpret) tagged PVST+
ith
BPDUs? If not, does it drop them or forward them?
w
____________________________________________________________________
rt
pa
n
____________________________________________________________________
i
or
l e
ho
____________________________________________________________________
w
in
____________________________________________________________________
n
ctio
du
Q3: What is the default cost value in PVST+ and Rapid-PVST+ for a Gigabit port?
ro
ep
____________________________________________________________________
.R
ly
____________________________________________________________________
on
use
____________________________________________________________________
er
ld
ho
Q4: What STP protocol is a proprietary Cisco protocol based on 802.1w

ke
mechanisms?
a
St
____________________________________________________________________
&L
C
____________________________________________________________________
P
H
____________________________________________________________________
____________________________________________________________________
Rev. 11.12
H
P
C
&L
St
ake
ho
ld
er
use
on
ly
.R
ep
ro
du
c tio
n
in
w
ho
le
or
i
n
pa
rt
w
ith
ou
tp
er
m
is
sio
n
is
Rev. 11.12
pr
oh
ib
ite
d.
Redundancy Without STP

Module 6
d.
Module 6 objectives
ite
ib
oh
pr
Select and configure features to replace Spanning Tree Protocol (STP) in
is

redundant networks while maintaining interoperability
n
sio
 Disable STP on edge switches to integrate them into in a multivendor
is
environment
m
er
Configure smart link on HP A-Series switches
tp

ou
 Configure monitor link on HP A-Series switches
ith
w
rt
pa
i n
or
l e
ho
w
in
n
ctio
du
ro
ep
.R
ly
on
use
er
ld
ho
ake
St
&L
C
P
H
Rev. 11.12 –
Reminder: With IRF, STP is unnecessary
d.
ite
ib
oh
pr
is
n
sio
is
m
er
tp
Figure 6-1: Reminder: With IRF, STP is unnecessary
ou
ith
Q1: What are the key advantages of using IRF for redundancy?
w
___________________________________________________________________
rt
pa
n
___________________________________________________________________
i
or
l e
ho
___________________________________________________________________
w
in
Q2: Why would you enable STP in an IRF topology?

n
tio
___________________________________________________________________
c
du
ro
___________________________________________________________________
ep
.R
ly
___________________________________________________________________
on
se
___________________________________________________________________
u
er
ld
ho
Q3: What STP setup would you recommend?

ke
___________________________________________________________________
a
St
&L
___________________________________________________________________
C
P
H
___________________________________________________________________
___________________________________________________________________
– Rev. 11.12
Disabling STP on HP edge switches

The first section in this module introduces an unconventional method for integrating
Cisco and HP switches. Based on the title of this slide, do you have any misgivings?
d.
Record your thoughts here. Once the lecture has started, feel free to ask questions
ite
you may about disabling STP on HP edge switches.
ib
oh
pr
is
____________________________________________________________________
n
io
s
is
____________________________________________________________________
m
er
tp
____________________________________________________________________
ou
ith
w
____________________________________________________________________
rt
pa
n
____________________________________________________________________
i
or
l e
____________________________________________________________________
ho
w
in
____________________________________________________________________
n
c tio
du
____________________________________________________________________
ro
ep
____________________________________________________________________
.R
ly
on
____________________________________________________________________
use
____________________________________________________________________
er
ld
ho
____________________________________________________________________
ake
St
____________________________________________________________________
&L
C
P
____________________________________________________________________
H
____________________________________________________________________
Rev. 11.12 –
What happens when STP is disabled on the HP

edge switch?
– What happens to BPDUs sent by Cisco switches?
d.
– What is the resulting topology?
ite
ib
oh
pr
is
n
sio
is
m
er
tp
ou
ith
w
rt
Figure 6-2: What happens when STP is disabled on the HP edge switch?
pa
Q1: What happens to BPDUs sent by Cisco switches? i n
or
____________________________________________________________________
l e
ho
w
____________________________________________________________________
in
n
tio
____________________________________________________________________
c
du
ro
____________________________________________________________________
ep
.R
ly
Q2: What is the resulting topology?

on
____________________________________________________________________
u se
er
____________________________________________________________________
ld
ho
ke
____________________________________________________________________
a
St
&L
____________________________________________________________________
C
P
H
____________________________________________________________________
____________________________________________________________________
– Rev. 11.12
What happens when STP is disabled on the HP

edge switch? (cont.)
d.
How do you make sure this
ite
link is the root port?
ib
oh
pr
is
n
io
s
is
m
er
tp
ou
ith
w
rt
pa
Figure 6-3: What happens when STP is disabled on the HP edge switch? (cont.)
n
Just as in the “HP and Cisco Scenario 2” in Module 5: Interoperability Among
i
or
PVST+, Rapid PVST+, and MSTP, several ports can now be the root port because
l e
their cost maybe equal. Traffic between aggregation switches should be transmitted
ho
on the direct link or link-aggregation between them, and you should avoid having
w
this traffic transmitted on an edge switch. On HP C there is always a risk of a local

in
n
loop. Although you don’t want to enable STP on the edge switch, you can use loop
tio
protection on an HP E-Series switch to prevent local loops.

c
du
Q1: How do you make sure the link between Cisco aggregation switches is the root
ro
port?
ep
.R
_____________________________________________________________________
ly
on
_____________________________________________________________________
use
er
_____________________________________________________________________
ld
ho
ke
_____________________________________________________________________
a
St
&L
_____________________________________________________________________
C
P
H
_____________________________________________________________________
_____________________________________________________________________
Rev. 11.12 –
Configuring smart link

Next, you will learn about smart link, which is available on HP A-Series switches.
Smart link enables redundancy while preventing network loops. It opens a master
d.
port and blocks a slave port. If the master port fails, smart link enables a rapid
ite
failover.
ib
oh
pr
is
____________________________________________________________________
n
io
s
is
____________________________________________________________________
m
er
tp
____________________________________________________________________
ou
ith
w
____________________________________________________________________
rt
pa
n
____________________________________________________________________
i
or
l e
____________________________________________________________________
ho
w
in
____________________________________________________________________
n
c tio
du
____________________________________________________________________
ro
ep
____________________________________________________________________
.R
ly
on
____________________________________________________________________
use
____________________________________________________________________
er
ld
ho
____________________________________________________________________
ake
St
____________________________________________________________________
&L
C
P
____________________________________________________________________
H
____________________________________________________________________
Rev. 11.12 –
Smart link on HP A-Series switches

– When the master port fails, the
slave port becomes active.
d.
Very fast failover (<100 ms)
ite
ib
Does not require STP
oh
– Master and slave roles can be
pr
shared on a per-instance basis.
is
n
sio
is
m
Figure 6-5: Smart link on HP A-Series switches
er
tp
Developed to address STP’s slow convergence, smart link is applied on edge
ou
switches connected with redundant links to upstream switches. It supports link
ith
redundancy and provides fast convergence.
w
A master link connects a switch to the rest of the network. The master link is active
rt
pa
while a slave link is standby. If the master link fails, a slave port becomes active with
n
only a very short delay.
i
or
To summarize, smart link features the following:
l e
ho
 Dedicated to dual uplink networks

w
Sub-second convergence
in

n
Easy configuration
tio

c
The master and slave roles can be shared among VLAN instances. The master role
du
can also be set to preempt the slave role if the master fails and then comes back up.
ro
ep
.R
ly
on
u se
er
ld
ho
ake
St
&L
C
P
H
– Rev. 11.12
Simple smart link configuration
d.
ite
# Create a smart link group 1
[SwitchC] smart-link group 1
ib
oh
# Configure all VLANs mapped to MSTIs 0 -15 as the protected VLANs
pr
[SwitchC-smlk-group1] protected-vlan reference-instance 0 to 15
is
# Configure Gigabit 1/0/1 as the master port
n
[SwitchC-smlk-group1] port gigabitethernet 1/0/1 master
io
s
# Configure Gigabit 1/0/2 as the slave port of smart link group 1
is
m
[SwitchC-smlk-group1] port gigabitethernet 1/0/2 slave
er
# Configure preemption
tp
[SwitchC-smlk-group1] preemption mode role
ou
ith
w
Figure 6-6: Simple smart link configuration
rt
pa
In this simple configuration, the role of the smart link ports is defined for all VLANs
n
(all instances). In the above configuration, port gig 1/0/1 is the master/active, and
i
or
port gig 1/0/2 is the slave.
l e
ho
If the master fails, the slave takes over. If master comes up again, it will preempt the
w
slave.
in
n
c tio
du
ro
ep
.R
ly
on
use
er
ld
ho
ake
St
&L
C
P
H
Rev. 11.12 –
Smart link and load balancing
d.
ite
ib
oh
pr
# Create 2 instances
is
[SwitchC] vlan 1 to 200
n
[SwitchC] stp region-configuration
io
[SwitchC-mst-region] instance 1 vlan 1 to 100
s
[SwitchC-mst-region] instance 2 vlan 101 to 200
is
[SwitchC-mst-region] active region-configuration
m
er
# Ports are set as trunk and STP is disabled
tp
[SwitchC] interface gigabitethernet 1/0/1
[SwitchC-GigabitEthernet1/0/1] stp disable
ou
[SwitchC-GigabitEthernet1/0/1] port link-type trunk
ith
[SwitchC-GigabitEthernet1/0/1] port trunk permit vlan all
w
rt
pa
Figure 6-7: Smart link and load balancing
i n
This configuration is designed to make best use of both uplinks on the edge switch.
or
The master and slave roles can be configured per VLAN instance.
l e
ho
Instances are configured through MSTP, even though STP is not involved on the port
w
in smart link. The idea is to synchronize the instances configuration with the setup of
in
virtual IPs (using Hot Standby Router Protocol [HSRP] or Virtual Router Redundancy
n
tio
Protocol [VRRP]) on Layer 3 switches.

c
du
The uplink is set as master for the VLANs on which the HSRP owner is directly
ro
connected to the edge switch.

ep
.R
ly
on
u se
er
ld
ho
ake
St
&L
C
P
H
– Rev. 11.12
Smart link and load balancing (cont.)

# Create smart link group 1
d.
[SwitchC-smlk-group1] protected-vlan reference-instance 1
ite
# Gigabit 1/0/1 is the master & Gigabit 1/0/2 is the slave
ib
oh
# Enable role preemption in smart link group 1
pr
is
n
# Create smart link group 2
io
s
is
[SwitchC-smlk-group1] protected-vlan reference-instance 2
m
# Gigabit 1/0/2 is the master & Gigabit 1/0/1 the slave
er
tp
ou
# Enable role preemption in smart link group 2
ith
w
Figure 6-8: Smart link and load balancing (cont.)
rt
pa
This configuration includes two smart link groups:
i n
or
 Smart link group 1
l e
ho
 This group is associated with instance 1.

w
 Int Gig 1/0/1 is the master.

in
n
 Int Gig 1/0/2 is the slave.

c tio
Smart link group 2

du

ro
 This group is associated with instance 2.

ep
 Int Gig 1/0/2 is the master.

.R
ly
 Int Gig 1/0/1 is the slave.

on
Topology change mechanisms

use
Because link switchovers can outdate the MAC address forwarding entries and
er
ld
Address Resolution Protocol (ARP) or Neighbor Discovery (ND) entries on all

ho
devices, you need a forwarding entry update mechanism to ensure proper

ke
transmission. The following two update mechanisms are provided:

a
St
 —An update is triggered by uplink

&L
traffic. This mechanism is applicable to environments with devices that do not

C
support smart link, including devices from other vendors.

P
H
 —A smart link-enabled device updates its information by

transmitting flush messages over the backup link to its upstream devices. This
mechanism requires the upstream devices to be capable of recognizing smart
link flush messages to update its MAC address forwarding entries and ARP/ND
entries.
Rev. 11.12 –
: If no control VLAN is specified for processing flush messages, the device

forwards the received flush messages directly without processing them.
 Make sure that the receive control VLAN is the same as the transmit control
VLAN configured on the smart link device. If they are not the same, the
d.
associated device will forward the received flush messages directly without any
ite
processing.
ib
oh
 Do not remove the control VLANs. Otherwise, flush messages cannot be sent
pr
properly.
is
Make sure that the control VLANs are existing VLANs. You must assign the port
n

io
capable of receiving flush messages to the control VLANs.
s
is
m
er
tp
ou
ith
w
rt
pa
i n
or
l e
ho
w
in
n
c tio
du
ro
ep
.R
ly
on
u se
er
ld
ho
ake
St
&L
C
P
H
– Rev. 11.12
Smart link status

[SwitchC] display smart-link group all
Smart link group 1 information:
d.
Device ID: 000f-e23d-5af0
ite
Preemption mode: ROLE
Control VLAN: 10
ib
Protected VLAN: Reference Instance 1
oh
Member Role State Flush-count Last-flush-time
pr
------------------------------------------------------------
GigabitEthernet1/0/1 MASTER ACTIVE 5 16:37:20 2010/02/21
is
GigabitEthernet1/0/2 SLAVE STANDBY 1 17:45:20 2010/02/21
n
io
Smart link group 2 information:
s
Device ID: 000f-e23d-5af0
is
Preemption mode: ROLE
m
Control VLAN: 101
er
Protected VLAN: Reference Instance 2
tp
Member Role State Flush-count Last-flush-time
ou
-------------------------------------------------------------
GigabitEthernet1/0/2 MASTER ACTIVE 5 16:37:20 2010/02/21
ith
GigabitEthernet1/0/1 SLAVE STANDBY 1 17:45:20 2010/02/21
w
rt
Figure 6-9: Smart link status
pa
n
You can use the command to view your smart link configuration.
i
or
For example, you can see how many smart link groups are configured and which
e
links are the master and slave for each group.

l
ho
What other information can you view using this command?

w
in
_______________________________________________________________________
n
ctio
_______________________________________________________________________
du
ro
ep
_______________________________________________________________________
.R
ly
on
_______________________________________________________________________
use
_______________________________________________________________________
er
ld
ho
_______________________________________________________________________
ake
St
_______________________________________________________________________
&L
C
P
_______________________________________________________________________
H
_______________________________________________________________________
Rev. 11.12 –
Configuring monitor link

Now you will be introduced to monitor link, which is a useful technique for
connecting servers in datacenters. Monitor link is available on HP A-Series switches.
d.
Cisco switches support a similar feature, but on these switches, it is called uplink
ite
failure detection.
ib
oh
pr
is
____________________________________________________________________
n
sio
is
____________________________________________________________________
m
er
tp
____________________________________________________________________
ou
ith
w
____________________________________________________________________
rt
pa
n
____________________________________________________________________
i
or
l e
____________________________________________________________________
ho
w
in
____________________________________________________________________
n
c tio
du
____________________________________________________________________
ro
ep
____________________________________________________________________
.R
ly
on
____________________________________________________________________
u se
____________________________________________________________________
er
ld
ho
____________________________________________________________________
ake
St
____________________________________________________________________
&L
C
P
____________________________________________________________________
H
____________________________________________________________________
– Rev. 11.12
Monitor link on HP A-Series switches

– In this architecture, is there a loop?
Why or why not?
d.
– What happens if the uplink fails?
ite
ib
– When is it an interesting design
oh
option?
pr
is
n
io
s
is
m
er
tp
ou
Figure 6-10: Monitor link on HP A-Series switches
ith
Q1: In this architecture, is there a loop? Why or why not?
w
rt
______________________________________________________________
pa
i n
or
______________________________________________________________
l e
ho
______________________________________________________________
w
in
n
Q2: What will happen if an uplink fails?

c tio
______________________________________________________________
du
ro
ep
______________________________________________________________
.R
ly
on
______________________________________________________________
use
Q3: When might it be appropriate to use this architecture?

er
ld
______________________________________________________________
ho
ake
______________________________________________________________
St
&L
C
______________________________________________________________
P
H
______________________________________________________________
Rev. 11.12 –
Monitor link on HP A-Series switches (cont.)

– On HP C or D, if the uplink
fails, servers cannot sense it.
d.
– With monitor link, if an uplink
ite
ib
fails, downlinks are shut down.
oh
– This triggers switchover in NIC
pr
teaming on servers:
is
n
Very fast failover (<100 ms)
sio
Does not require STP
is
m
Easy setup
er
tp
Figure 6-11: Monitor link on HP A-Series switches (cont.)
ou
ith
In this configuration, servers are connected to two switches. The two switches are
w
not connected together. Each server switch is connected with a single link to an
rt
pa
upstream switch. Overall, this does not create a loop because servers don’t bridge
n
the traffic.
i
or
The advantage of such a configuration is the ability to connect servers redundantly
l e
to an existing network without the need to enable spanning-tree. If an uplink fails,

ho
the server cannot sense it. Server traffic will then be lost.
w
in
This is where the monitor link feature can help. With monitor link, the status of the
n
tio
downlink ports is linked with the status of the uplink. If the uplink fails, then
c
downlinks are set to down. In return, this triggers the NIC teaming failover on the
du
servers.
ro
ep
.R
ly
on
u se
er
ld
ho
ake
St
&L
C
P
H
– Rev. 11.12
Monitor link configuration

# Create monitor link group 1.
[SwitchC] monitor-link group 1
d.
# Configure Gigabit 1/0/1 as an uplink port
ite
and Gigabit 1/0/2 - 3 as downlink ports.
ib
[SwitchC-mtlk-group1] port gigabitethernet1/0/1 uplink
oh
[SwitchC-mtlk-group1] port gigabitethernet1/0/2 downlink
pr
[SwitchC-mtlk-group1] port gigabitethernet1/0/3 downlink
is
# Check status of monitor link group 1.
n
io
<SwitchC> display monitor-link group 1
s
Monitor link group 1 information:
is
Group status: DOWN
m
Last-up-time: -
er
Last-down-time: -
Member Role Status
tp
------------------------------------------
ou
GigabitEthernet1/0/1 UPLINK DOWN
GigabitEthernet1/0/2 DOWNLINK DOWN
ith
GigabitEthernet1/0/3 DOWNLINK DOWN
w
Figure 6-12: Monitor link configuration
rt
pa
Enabling monitor link is very easy. You must define a monitor link group. Then, you
i n
must configure the uplink port (switch uplink) and downlink ports (server ports).
or
e
To check the status of the monitor link group, use the command,
l
ho
as shown in the figure. In this example, the output shows the uplink is down.
w
in
n
c tio
du
ro
ep
.R
ly
on
use
er
ld
ho
ake
St
&L
C
P
H
Rev. 11.12 –
Lab 6.1: Redundancy without STP
d.
ite
ib
oh
pr
is
n
sio
is
m
er
tp
ou
ith
w
Figure 6-13: Lab 6.1a: Redundancy without STP
rt
pa
In this lab, you will configure the redundancy methods you have learned about in this
n
module. You will first disable STP on an edge switch and observe the effect this has
i
or
on the STP network. The topology for this part of the lab is shown in Figure 6-13.
l e
ho
You will then configure smart link and monitor link on HP A-Series switches. Figures 6-
w
14 and 6-15 illustrate the topologies for these sections of the lab.
in
n
c tio
du
ro
ep
.R
ly
on
u se
er
ld
ho
ake
St
&L
Figure 6-14: Lab 6:1b: Smart link

C
P
H
– Rev. 11.12
d.
ite
ib
oh
pr
is
n
io
s
is
m
er
tp
ou
ith
w
Figure 6-15: Lab 6.1c: Monitor link
rt
pa
Use the space below to record any behavior you want to observe or test about these
i n
redundancy methods. Refer back to this list as you complete the lab.
or
________________________________________________________________________
l e
ho
w
________________________________________________________________________
in
n
tio
________________________________________________________________________
c
du
ro
ep
________________________________________________________________________
.R
ly
________________________________________________________________________
on
use
________________________________________________________________________
er
ld
ho
________________________________________________________________________
ake
St
________________________________________________________________________
&L
C
________________________________________________________________________
P
H
Rev. 11.12 –
Lab debrief
– What did you learn in this “redundancy without STP” lab?
– What were your challenges?
d.
ite
– What do you think you will apply in the field?
ib
oh
pr
is
n
What did you learn in this “redundancy without STP” lab?
sio
____________________________________________________________________
is
m
er
tp
____________________________________________________________________
ou
ith
____________________________________________________________________
w
rt
pa
____________________________________________________________________
i n
or
____________________________________________________________________
l e
ho
w
____________________________________________________________________
in
n
tio
What challenges did you experience?

c
du
____________________________________________________________________
ro
ep
.R
____________________________________________________________________
ly
on
____________________________________________________________________
u se
er
____________________________________________________________________
ld
ho
ke
____________________________________________________________________
a
St
&L
____________________________________________________________________
C
P
H
– Rev. 11.12
What do you think you will apply in the field?

____________________________________________________________________
____________________________________________________________________
d.
ite
ib
____________________________________________________________________
oh
pr
is
____________________________________________________________________
n
io
s
is
____________________________________________________________________
m
er
tp
____________________________________________________________________
ou
ith
____________________________________________________________________
w
rt
pa
____________________________________________________________________
i n
or
e
____________________________________________________________________
l
ho
w
____________________________________________________________________
in
n
c tio
____________________________________________________________________
du
ro
ep
____________________________________________________________________
.R
ly
____________________________________________________________________
on
use
____________________________________________________________________
er
ld
ho
____________________________________________________________________
ake
St
____________________________________________________________________
&L
C
____________________________________________________________________
P
H
____________________________________________________________________
Rev. 11.12 –
Module 6 summary
– Remember that a solution that is easy to set up is also easy
to maintain.
d.
ite
ib
oh
Figure 6-17: Module 6 summary
pr
is
In this module, you have been introduced to ways to create network redundancy
n
io
without STP, including disabling STP on edge switches, and also using smart link and
s
monitor link. Record your thoughts here while your facilitator reviews what was
is
m
covered in this module.
er
tp
_________________________________________________________________________
ou
ith
_________________________________________________________________________
w
rt
pa
_________________________________________________________________________
i n
or
e
_________________________________________________________________________
l
ho
w
_________________________________________________________________________
in
n
tio
_________________________________________________________________________
c
du
ro
ep
_________________________________________________________________________
.R
ly
_________________________________________________________________________
on
u se
_________________________________________________________________________
er
ld
ho
_________________________________________________________________________
ake
St
_________________________________________________________________________
&L
C
P
H
– Rev. 11.12
Learning check
– With STP disabled on an HP switch:
Does it forward or drop standard STP BPDUs?
d.
Can you load balance traffic?
ite
What can occur if STP is disabled at the edge?
ib
oh
– What is required to enable the smart link feature?
pr
What do you enable to get load balancing with smart link?
is
n
io
s
Figure 6-18: Learning check
is
m
er
With STP disabled on an HP switch:
tp
Q1a: Does the switch forward or drop standard STP BPDUs?
ou
ith
_____________________________________________________________________
w
rt
pa
_____________________________________________________________________
i n
or
_____________________________________________________________________
l e
ho
w
_____________________________________________________________________
in
n
tio
_____________________________________________________________________
c
du
ro
Q1b: Can you load balance traffic?

ep
.R
_____________________________________________________________________
ly
on
_____________________________________________________________________
use
er
_____________________________________________________________________
ld
ho
ke
_____________________________________________________________________
a
St
&L
_____________________________________________________________________
C
P
H
Rev. 11.12 –
Q1c: What can occur if STP is disabled at the edge?

_____________________________________________________________________
_____________________________________________________________________
d.
ite
ib
_____________________________________________________________________
oh
pr
is
Q2a: What is required to enable the smart link feature?
n
io
_____________________________________________________________________
s
is
m
er
_____________________________________________________________________
tp
ou
_____________________________________________________________________
ith
w
rt
_____________________________________________________________________
pa
i n
or
Q2b: What do you enable to get load balancing with smart link?
l e
_____________________________________________________________________
ho
w
in
_____________________________________________________________________
n
c tio
du
_____________________________________________________________________
ro
ep
_____________________________________________________________________
.R
ly
on
Q3: With monitor link, if the downlink goes down, does it trigger the uplink to switch
se
to down status?
u
_____________________________________________________________________
er
ld
ho
_____________________________________________________________________
ake
St
_____________________________________________________________________
&L
C
P
_____________________________________________________________________
H
_____________________________________________________________________
– Rev. 11.12
Hardening STP
Module 7
d.
Module 7 objectives
ite
ib
oh
pr
Set up the features that can be used to stabilize Spanning Tree Protocol (STP) on
is

a LAN:
n
sio
 On edge ports--Bridge Protocol Data Unit (BPDU) guard, loop protect, and
is
Topology Change Notification (TCN) guard
m
er
 On uplinks—UniDirectional Link Detection (UDLD), root guard, loop guard,
tp
and BPDU filter
ou
ith
w
rt
pa
i n
or
l e
ho
w
in
n
ctio
du
ro
ep
.R
ly
on
use
er
ld
ho
ake
St
&L
C
P
H
Rev. 11.12 7 –1
Spanning tree problems

– Unstable spanning tee operation can be caused by factors
and conditions that include:
d.
• Unidirectional links
ite
• Rogue devices talking STP
ib
oh
• Continuous STP topology changes due to flapping ports or end-user
pr
ports not set to edge mode (PortFast)
is
• Loops not detected by STP
n
sio
is
Blocked
m
gigabit link
er
tp
Rogue switch
root bridge
ou
ith
w
Figure 7-1: Spanning tree problems
rt
pa
Figure 7-1 shows some of the factors that cause instability in spanning tree.
Hardening STP helps mitigate these problems. i n
or
l e
ho
w
in
n
c tio
du
ro
ep
.R
ly
on
u se
er
ld
ho
ake
St
&L
C
P
H
7 –2 Rev. 11.12
Hardening STP
Hardening STP
BPDU filter: Filters BPDUs in
Tx/Rx on port without loop Loop guard:
d.
(E.g. “routed” port) Prevents loop
ite
situations when
edge switches stop
ib
receiving BPDUs
oh
Root guard: Prevents the
insertion of a “fake” root from upstream
pr
triggering an STP topology switches
is
change
n
sio
is
m
Edge ports
er
BPDU guard: Prevents TCN guard: Prevents
tp
network instability due to Loop protect: Prevents loops excessive TCNs from
switch insertion at the that occur on an external triggering MAC
ou
edge hubs or switches and are not address table aging
ith
detected by STP
w
rt
Figure 7-2: Hardening STP
pa
n
This is a short presentation of the features used to harden STP. The goal of this figure
i
or
is to show where the different features function on the network.
e
Note that on HP E-Series switches, another application of BPDU filter may also be
l
ho
used on edge ports combined with loop protect.

w
in
n
c tio
du
ro
ep
.R
ly
on
use
er
ld
ho
ake
St
&L
C
P
H
Rev. 11.12 7 –3
Spanning tree hardening features

Cisco HP A-Series HP E-Series
d.
Unidirectional Link Device Link Detection Unidirectional Link
ite
Detection (UDLD) Protocol (DLDP) Detection (UDLD)
ib
oh
BPDU guard:
BPDU protection BPDU protection
pr
On PortFast ports
is
— — Loop protection
n
io
Root guard Root guard Root guard
s
is
m
Loop guard Loop guard —
er
tp
TCN guard:
TC-BPDU guard TCN-guard
On PortFast ports
ou
ith
Figure 7-3: Spanning tree hardening features
w
rt
Figure 7-3 shows what spanning tree hardening features are called on Cisco, HP A
pa
and E-Series switches. Note that some features are not available for all switches.
i n
or
l e
ho
w
in
n
c tio
du
ro
ep
.R
ly
on
u se
er
ld
ho
ake
St
&L
C
P
H
7 –4 Rev. 11.12
Hardening STP
Setting edge ports and non-edge ports

– STP hardening features such as BPDU guard, loop protect,
and TCN-guard are set on edge ports.
d.
ite
– Activating those features may only be valid if the port is an
ib
edge port.
oh
pr
is
n
io
Figure 7-4: Setting edge ports and non-edge ports
s
is
m
The STP hardening features such listed above are intended for edge ports.
er
In fact, on some platforms you can only enable these features on edge ports. For
tp
example, on HP A-Series switches, you enable BPDU guard globally, and the feature
ou
takes effect on all edge ports. Similarly, on Cisco switches, you select PortFast ports,
ith
w
and then enable the protection features for PortFast ports globally. (However, you
rt
select the precise ports on which you want to enable these features on HP E-Series
pa
switches.)
i n
For these reasons, before you begin implementing these features, you must carefully
or
check your switches’ configurations and ensure that edge ports are defined as such.
l e
ho
w
in
n
c tio
du
ro
ep
.R
ly
on
use
er
ld
ho
ake
St
&L
C
P
H
Rev. 11.12 7 –5
UDLD and DLDP

You will now be introduced to the UDLD and DLDP protocols and learn how they can
solve the problems caused by unidirectional links.
d.
ite
ib
oh
pr
is
n
sio
is
m
er
tp
ou
ith
w
rt
pa
i n
or
l e
ho
w
in
n
c tio
du
ro
ep
.R
ly
on
u se
er
ld
ho
ake
St
&L
C
P
H
7 –6 Rev. 11.12
Hardening STP
Why unidirectional links cause problems

– Switch B (secondary root) is
transmitting BPDUs on a Secondary
d.
Root
designated port connected to root
ite
Switch A Switch B
Switch C’s alternate port TX RX
ib
oh
– Switch C does not receive them so RX TX
it opens the blocked port (*)
pr
RX TX RX TX
is
– As a result, a loop occurs in the
n
network causing the network to go
io
down Unidirectional
s
is
TX RX
link fails
• Troubleshooting can be very difficult
m
TX RX
er
tp
Blocked port
transitions to
ou
Switch C
forwarding
ith
(*) This can be prevented by loop guard
w
Figure 7-5: Why unidirectional links cause problems
rt
pa
A unidirectional link, a link that transmits but does not receive (or vice versa) can
ni
occur in several circumstances, typically on a fiber optic connection:
or
e
One of the fibers fails

l

ho
w
 One of the transceivers fails

in
 The fibers are incorrectly connected so that a device transmits to a different

n
tio
device from which it receives traffic

c
du
These types of problems can occur because physical layer protocols do not identify
ro
the ends of the connection; the devices must simply assume that they are receiving
ep
traffic from the device to which they transmit.

.R
Unidirectional links can cause problems with STP because STP assumes that if a port
ly
on
does not receive BPDUs, it has no connection with another switch or bridge.
However, with a unidirectional link, a device might be able transmit to another switch
se
or bridge but not to receive its BPDUs.

u
er
Examine an example. In the figure, Switch C has blocked its port to Switch B because
ld
ho
Switch A is root but Switch B has a lower ID than C. Then switch C’s receive link
ke
goes down, and switch C no longer receives B’s BPDUs. Switch C therefore
a
transitions its port to forwarding state (designated), creating a loop.

St
&L
Finding the origin of such a problem and troubleshooting it can sometimes be

C
difficult.
P
H
Rev. 11.12 7 –7
UDLD, on Cisco and HP E-Series switches, and DLDP, on HP A-Series switches,

address this problem by helping the ends of a link to identify each other—thus
removing the problem of a device transmitting to a device from which it cannot
receive. A UDLD-capable device advertises its identity and its neighbor’s identity (the
device from it receives traffic). The connected device, which must also support UDLD,
d.
ite
does the same. If a device does not receive an advertisement with the same two
ib
identities that it advertised, it knows a unidirectional link has occurred and shuts
oh
down the port.
pr
is
n
sio
is
m
er
tp
ou
ith
w
rt
pa
i n
or
l e
ho
w
in
n
c tio
du
ro
ep
.R
ly
on
u se
er
ld
ho
ake
St
&L
C
P
H
7 –8 Rev. 11.12
Hardening STP
UDLD and DLDP interoperability

hello I am switch A, port 1/1
UDLD
acknowledge hello operates at
d.
Cisco Cisco Layer 2
ite
ib
Does not work since Cisco and HP have
different implementations
oh
Cisco HP E-Series or HP A-Series
pr
hello I am switch A, port a1
is
HP E-Series acknowledge hello HP E-Series
n
hello I am switch A, port 1/0/1
s io
HP A-Series acknowledge hello HP A-Series
is
m
er
Figure 7-6: UDLD and DLDP interoperability
tp
Unfortunately, none of the implementations interoperate, because none are standard
ou
ith
and, in fact, a UDLD standard does not yet exist.
w
 UDLD on Cisco and UDLD on HP E-Series do not interoperate.
rt
pa
 UDLD and DLDP (on HP A-Series) do not interoperate.
i n
or
l e
ho
w
in
n
c tio
du
ro
ep
.R
ly
on
use
er
ld
ho
ake
St
&L
C
P
H
Rev. 11.12 7 –9
STP hardening on edge ports

Now you will learn in detail about the STP hardening features on edge ports: BPDU
guard, loop protection, TCN guard, and BPDU filter.
d.
ite
ib
oh
pr
is
n
sio
is
m
er
tp
ou
ith
w
rt
pa
i n
or
l e
ho
w
in
n
c tio
du
ro
ep
.R
ly
on
u se
er
ld
ho
ake
St
&L
C
P
H
7 –10 Rev. 11.12

Hardening STP
BPDU guard = BPDU protection

—What is the purpose of BPDU protection?
• Prevents
network instability and network attacks that can occur when
d.
uncontrolled switches are inserted at the edge of the network.
ite
• Switches are detected by their BPDUs.
ib
oh
—How does it work?
pr
• If a BPDU is received, the port is disabled.
is
− errdisable state (Cisco) or simply disabled (HP)
n
io
• Port recovery may be automatic after timeout, or manual.
s
is
—Where do you enable BPDU protection?
m
er
• On edge ports.
tp
ou
Figure 7-7: BPDU guard = BPDU protection
ith
w
BPDU protection (called BPDU guard on Cisco switches) shuts down a port when it
rt
receives BPDU. Depending on the platform, you can configure the feature such that
pa
the port remains shut down until an administrator re-enables it, or you can have the
i n
port recover after a set lockout period. This feature helps to protect your network from
or
rogue switches and from rogue devices implementing STP exploits (for example,
l e
attempting to become the root and force your network into an inefficient topology).
ho
w
However, BPDU protection is not enough to prevent switches from connecting on the
in
edge, as not all switches generate BPDUs. For example, unmanaged switches and
n
tio
switches with STP disabled do not. Additional measures can be taken to prevent
c
switches from connecting on the edge:

du
ro
 Port security that counts MAC addresses and closes ports if there is more than
ep
one address on a given port.

.R
 Ensure that the port-security setup sets a list of the authorized MAC
ly
on
addresses.
se
 802.1X authentication.
u
er
 Only authorized users or devices can connect to the network.

ld
ho
 However, this feature requires an AAA infrastructure and careful setup.

ke
 Detecting switch connections at the edge may not be in itself a sufficient

a
St
reason to set 802.1X.

&L
 Loop protect can detect if loop conditions occur on the switch but does not
C
prevent the connection of a switch.

P
H
Rev. 11.12 7 –11

HP loop protect (HP E-Series)

Unmanaged device
that does not block If BPDU guard is configured, it
any packets will detect it
d.
ite
ib
oh
If BPDU guard is configured, it
pr
will detect it
HP E-Series
is
switch
n
io
Loop is not detected by BPDU
s
guard
is
m
Unmanaged device
HP loop protect can detect these
on the network
er
loop conditions
that drops
tp
spanning tree
ou
packets
ith
w
Figure 7-8: HP loop protect (HP E-Series)
rt
pa
HP E-Series devices support loop protect, which detects loops introduced by devices
n
that do not support STP. Ports that implement loop protect send out packets. If another
i
or
port receives that packet, the loop is detected. If the port that received the packet is
e
configured with the receiver-action send-disable option, the port that sent out the
l
ho
packet is disabled.
w
For example, you enable loop protect on the E-Series switch ports and set the
in
n
receiver-action send-disable option on them. When the E-Series switch sends a loop
tio
protect packet out the port connected to the unmanaged switch shown below, the
c
du
packet moves over the loop, and returns on the port. Therefore, the switch disables
ro
port 1, preventing the switch with the erroneous cabling from causing trouble
ep
throughout the network.

.R
You can use loop protect in conjunction with BPDU protection on edge ports. Another
ly
on
way to implement loop protect is to set it in conjunction with BPDU filter. Note that
this feature is supported only on the HP E-Series devices.
u se
er
Note
ld
Do not confuse loop protect with the loop protection feature on HP A-Series
ho
switches, which is equivalent to loop guard on Cisco.

ake
St
&L
C
P
H
7 –12 Rev. 11.12

Hardening STP
TCN guard
– STP TCNs causes switches to age out their MAC address
forwarding tables in 15 seconds instead of 5 minutes.
d.
ite
– This helps switches learn the correct new ports for
ib
forwarding traffic more quickly.
oh
– But edge port status changes, which also generate TCNs,
pr
cause unnecessary aging out and flooding.
is
n
– TCN guard (Cisco and HP E-Series) prevents TCNs from
sio
being generated bases on edge port status changes.
is
m
– TC-BPDU guard (HP A-Series) prevents excessive flushing of
er
the tables in response to TCN floods.
tp
ou
Figure 7-9: TCN guard
ith
w
STP defines topology change notification (TCN) BPDU, which are intended to alert
rt
other members of the spanning tree that the topology is changing, so they should
pa
rapidly age out their MAC forwarding table because they might now reach MAC
addresses on different ports. i n
or
e
The switch that originates the TCN ages out its own table and forwards the frame
l
ho
toward the root bridge. Each switch in the path to the root acknowledges the TCN,
w
ages out its own table, and forwards the TCN toward the root bridge. The root
in
bridge does the same, but forwards the TCN to all devices in the spanning tree.
n
tio
TCNs are useful when the topology has actually changed in a significant way.
c
du
However, switches also generate TCNs when edge ports change status—although
ro
such changes do not truly necessitate all switches in the spanning tree flushing their
ep
forwarding tables. The TCN will only cause the switches to flood traffic unnecessarily
.R
while they rebuild their forwarding tables.

ly
on
TCN guard protects your network from such an occurrence and is available on Cisco
and HP E-Series switches. This feature prevents TCNs from being generated in
use
response to status changes on edge ports. You enable this feature on Cisco and HP
er
E-Series edge ports.

ld
ho
HP A-Series switches have a slightly different feature, TC-BPDU guard, which is

ke
intended to guard against TCN floods implemented by hackers. The flood ties up the
a
switch’s resources as the switch flushes its addresses again and again, affecting
St
network stability. When you enable the TC-BPDU guard feature, which is a global
&L
feature on the switch, you can set the maximum number of forwarding address
C
flushes that the switch can perform within a certain period of time after receiving the
P
H
first TCN. For TCNs received in excess of the limit, the switch only performs the
forwarding address entry flush after the time period expires. This feature prevents the
switch’s resources from being consumed.
Rev. 11.12 7 –13

BPDU filter—Disabling
p STP on individual ports
– By default, BPDUs are sent in all VLANs.
– BPDU filter disables the sending and receiving of
d.
BPDUs on selected ports. It is useful for:
ite
ib
• Setting the boundary of your LAN when connecting to
oh
another LAN (e.g. ISP)
pr
• Ports that do not cause loops by the VLAN design
is
• “Routed” ports
n
• Disabling STP on a port when it is required by another
ios
feature (e.g. smart link, RRPP, monitor link)
is
m
er
HP E-Series switches provide a PVST filter to filter PVST
tp
BPDUs, for example on the boundary of your LAN.
ou
ith
Figure 7-10: BPDU filter—Disabling STP on individual ports
w
BPDU filter is very useful for setting the limit of your LAN, and for when you connect
rt
pa
to VLAN and MSTP domains by routed links. When you connect a LAN to a
n
provider’s LAN, you can filter BPDUs (and PVST BPDUs on HP E-Series switches) to
i
or
avoid STP interference from the provider’s switch.
l e
Note that BPDU filter can also be set on edge ports combined with loop protect and
ho
admin-edge on HP E-Series switches. It will filter BPDUs sent by rogue switches set at
w
in
the edge and will play the role of BPDU guard and root guard, although without an
n
alarm. Loop protect will detect loop conditions.

c tio
du
ro
ep
.R
ly
on
u se
er
ld
ho
ake
St
&L
C
P
H
7 –14 Rev. 11.12

Hardening STP
STP hardening on Cisco

Hardening STP on a Cisco switch on the edge
Enable PortFast and BPDU guard on all access ports
d.
Cisco(config)# spanning-tree portfast default
ite
Enable BPDU guard on the PortFast port globally and set recovery time to seconds
ib
Switch(config)# spanning-tree portfast bpduguard default
oh
Cisco-A(config)# errdisable recovery cause bpduguard
Cisco-A(config)# errdisable recovery interval 30
pr
On Cisco, TCN are not generated when ports are set in PortFast mode
is
n
ios
is
m
BPDU filter on Cisco
Enabled on interface
er
tp
Switch(config)# interface gig1/1
Switch(config-if)# spanning-tree bpdufilter
ou
ith
Figure 7-11: STP hardening on Cisco
w
rt
As you see, on Cisco switches, you define PortFast on access ports. You then activate
pa
BPDU guard on the PortFast ports. With BPDU guard enabled on Cisco switches,
n
MSTP closes PortFast ports that receive BPDUs. The switch will automatically re-enable
i
or
the port after the recovery interval. (If you do not set the interval, an administrator
e
must re-enable the port.)

l
ho
w
The PortFast configuration also enables the TCN guard.

in
You can also see the command for BPDU filtering.

n
c tio
du
ro
ep
.R
ly
on
use
er
ld
ho
ake
St
&L
C
P
H
Rev. 11.12 7 –15

STP hardening on HP A-Series

Hardening edge ports on HP A-Series switches
#All ports are non-edge by default
# if an edge port receives a BPDU, it becomes non-edge automatically
d.
[Switch]port-group manual edge-1
ite
[Switch-…] group-member Gi 1/0/1 to Gi 1/0/44
[Switch-…] port link-type access
ib
[Switch-…] port access vlan 11
oh
[Switch-…] stp edged-port enable
# Loop protect is not supported.
pr
# Enable BPDU protection globally. Applies to ports defined as edge
is
[Switch]stp bpdu-protection
n
# Enable TC BPDU guard to limit excessive TCN s– Enabled by default
io
[Switch] stp tc-protection enable
s
# Configure the maximum number of address entry flushes that the device can perform
is
within a specific time period after it receives the first TC-BPDU
m
[Switch] stp tc-protection threshold 2
er
BPDU filtering on HP A-Series switches
tp
# Disable STP on the interface
ou
[DeviceA] interface gigabitethernet 2/0/1
[DeviceA-GigabitEthernet2/0/1] stp disable
ith
# Ignore STP results in VLANs when loop does not exist in VLANs by design
w
[DeviceA] stp ignored vlan 100,200
rt
pa
Figure 7-12: STP hardening on HP A-Series
i
On HP A-Series switches, MSTP will close these ports and notify the Networkn
or
Management System (NMS) that the ports are closed. Only the network
l e
administrator, or an automatic procedure set on the NMS, can restore the ports once
ho
they have been closed.

w
in
n
c tio
du
ro
ep
.R
ly
on
u se
er
ld
ho
ake
St
&L
C
P
H
7 –16 Rev. 11.12

Hardening STP
STP hardening on HP E-Series

Hardening STP on the edge on HP E-Series switches
Edge ports are discovered automatically but can be set manually
d.
Switch(config)# spanning-tree
ite
Switch(config)# spanning-tree 1-44 admin-edge-port
ib
BPDU guard
oh
Switch(eth-a1)# spanning-tree 1-44 bpdu-protection
pr
Switch(config)# spanning-tree bpdu-protection-timeout 3600
Loop protect:
is
Switch(config)# loop- protect 1-46 receiver-action send-disable
n
Switch(config)# loop-protect disable-timer 3600
sio
TCN guard
is
Switch(config)# spanning-tree 1-46 tcn-guard
m
er
BPDU and PVST filtering on HP E-Series switches
tp
Apply BPDU filter on the boundary of your LAN on the routed interface
ou
Switch(config)# spanning-tree 46-47 bpdu-filter
Apply PVST-Filter on boundary of your LAN
ith
Switch(config)# spanning-tree 46-47 pvst-filter
w
rt
Figure 7-13: STP hardening on HP E-Series
pa
n
The slide displays the commands for configuring the features discussed earlier on HP
i
or
E-Series switches. As you see, you can set a timeout for BPDU protection, which
e
automatically re-enables the port the specified amount of time after the BPDU is
l
ho
received. If you set the timeout to 0 (the default), the port is never re-enabled until an
w
administrator enables it.

in
n
The slide also shows how to implement loop protect, TCN guard, and BPDU and
tio
PVST BPDU filtering.

c
du
ro
ep
.R
ly
on
use
er
ld
ho
ake
St
&L
C
P
H
Rev. 11.12 7 –17

STP hardening on uplinks

Now you will learn about the STP hardening features loop guard and root guard,
which are configured on uplinks.
d.
ite
ib
oh
pr
is
n
sio
is
m
er
tp
ou
ith
w
rt
pa
i n
or
l e
ho
w
in
n
c tio
du
ro
ep
.R
ly
on
u se
er
ld
ho
ake
St
&L
C
P
H
7 –18 Rev. 11.12

Hardening STP
Root guard
– Root guard prevents a switch from taking the place of the
desired root bridge.
d.
– Root guard is typically set:
ite
ib
• On edge ports (not needed if BPDU guard/protection is already set)
oh
• On the switch-to-switch ports of the root and secondary root switches
pr
− Except the links between roots
is
n
sio
Figure 7-14: Root guard
is
m
er
When root guard is enabled on a port, it cannot be selected as the root port even if
tp
it receives superior STP BPDUs. The port is assigned an alternate port role and enters
ou
a blocking state if it receives superior STP BPDUs. (A superior BPDU contains
ith
information about a root bridge with lower priority and/or a lower path cost to the
w
root bridge.) The superior BPDUs received on a root guard port are ignored. All other
rt
BPDUs are accepted, and the external devices may belong to the spanning tree as
pa
long as they do not claim to be the root device.
i n
or
Typically, you enable this feature on switch-to-switch links on the root and secondary
e
root switches with the exception of the link between these two switches (which
l
ho
typically alternate roles in different MSTP instances).

w
in
You can also configure root guard on the edge ports of Cisco and HP E-Series
n
switches; however, BPDU guard provides the same protection and more, making root
tio
guard redundant. On HP A-Series switches, you cannot implement root guard on

c
du
edge ports. The last feature enabled takes effect. You should usually choose defining
ro
edge ports as edge ports, which can be protected by BPDU guard, in preference to
ep
enabling root guard on them.

.R
ly
on
use
er
ld
ho
ake
St
&L
C
P
H
Rev. 11.12 7 –19

Spanning tree root guard configuration

Root guard on Cisco switches
Or interface specific
d.
ite
Switch(config-if)# spanning-tree guard root
ib
oh
Root guard on HP A-Series switches
# Enabled on interface
pr
is
[DeviceA-GigabitEthernet2/0/1] stp root-protection
n
io
Root guard on HP E-Series switches
s
is
Interface specific:
m
Switch(config)# spanning-tree 1-6 root-guard
er
tp
Figure 7-15: Spanning tree root guard configuration
ou
ith
Here is a network configuration with root guard enabled. Remember that root guard
w
is represented by the pink dots.
rt
pa
i n
or
l e
ho
w
in
n
c tio
du
ro
ep
.R
ly
on
u se
er
ld
ho
ake
St
&L
C
P
H
7 –20 Rev. 11.12

Hardening STP
Loop guard
– Loop guard prevents loops due to STP BPDUs not being
forwarded
d.
• E.g., a unidirectional link that does not transmit BPDUs
ite
ib
oh
pr
Unidirectional
is
link prevents
Loop guard
n
BPDU sending
io
prevents this
s
is
situation
m
Port is set as
er
forwarding
tp
And creates a
loop
ou
ith
w
Figure 7-16: Loop guard
rt
pa
By receiving BPDUs from the upstream device, a device can maintain the state of the
i n
root port and blocked ports. However, due to link congestion or unidirectional link
or
failures, these ports may fail to receive BPDUs from the upstream devices. In this case,
l e
the downstream device will reselect the port roles: Those ports in forwarding state
ho
that failed to receive upstream BPDUs will become designated ports, and the blocked
w
in
ports will transition to the forwarding state, resulting in loops in the switched network.
n
The loop guard function can suppress the occurrence of such loops.
c tio
If a loop guard-enabled port fails to receive BPDUs from the upstream device, and if
du
that port takes part in the STP calculation, all the instances on the port will be set to,
ro
and stay in, the discarding state. This will be true no matter what role the port plays.
ep
.R
Make this configuration on the root port or an alternate port of a device.

ly
on
use
er
ld
ho
ake
St
&L
C
P
H
Rev. 11.12 7 –21

Spanning tree loop guard configuration

Loop guard on Cisco switches
! Enabled on the uplinks interface
d.
ite
Switch(config-if)# spanning-tree guard loop
ib
oh
Loop guard on HP A-Series switches
# Enabled on the uplinks interface
pr
is
[DeviceA-GigabitEthernet2/0/1] stp loop-protection
n
sio
Loop guard on HP E-Series switches– does not exist
is
m
er
tp
Figure 7-17: Spanning tree loop guard configuration
ou
ith
Here is a network configuration with loop guard enabled. Remember that loop guard
w
is represented by the stars.
rt
pa
i n
or
l e
ho
w
in
n
c tio
du
ro
ep
.R
ly
on
u se
er
ld
ho
ake
St
&L
C
P
H
7 –22 Rev. 11.12

Hardening STP
Lab 7.1: Hardening STP

Root Root
for Instances 0 and 1 for Instance 2
P1 P1
d.
Cisco-A Cisco-B
ite
P3 P4 P3 P4
ib
P2 MSTP Region
oh
Name: HP-Cisco
pr
MSTP Revision: 1
MST Instance 1: VLAN 12
is
MST Instance 2: VLAN 1,11,13
n
io
P1 P2 P2
s
P1
is
HP-C HP-E
m
P3 P3
er
tp
ou
HP-D
ith
Figure 7-18: Lab 7.1: Hardening STP
w
rt
You will now complete a lab in which you implement these STP hardening features
pa
on Cisco and HP switches.
i n
or
l e
________________________________________________________________________
ho
w
in
________________________________________________________________________
n
c tio
du
________________________________________________________________________
ro
ep
________________________________________________________________________
.R
ly
on
________________________________________________________________________
use
________________________________________________________________________
er
ld
ho
________________________________________________________________________
ake
St
________________________________________________________________________
&L
C
P
________________________________________________________________________
H
________________________________________________________________________
Rev. 11.12 7 –23

Lab debrief
What were your key insights into hardening STP?
_________________________________________________________________________
d.
ite
ib
_________________________________________________________________________
oh
pr
_________________________________________________________________________
is
n
sio
_________________________________________________________________________
is
m
er
tp
_________________________________________________________________________
ou
ith
Did you discover anything new? If so, list this discovery below.
w
rt
_________________________________________________________________________
pa
i n
_________________________________________________________________________
or
l e
ho
_________________________________________________________________________
w
in
n
_________________________________________________________________________
c tio
du
_________________________________________________________________________
ro
ep
.R
_________________________________________________________________________
ly
on
Did anything you learned surprise you?

u se
_________________________________________________________________________
er
ld
ho
_________________________________________________________________________
ake
St
_________________________________________________________________________
&L
C
P
_________________________________________________________________________
H
_________________________________________________________________________
7 –24 Rev. 11.12

Hardening STP

_________________________________________________________________________
_________________________________________________________________________
d.
ite
ib
_________________________________________________________________________
oh
pr
is
_________________________________________________________________________
n
sio
is
_________________________________________________________________________
m
er
tp
_________________________________________________________________________
ou
ith
_________________________________________________________________________
w
rt
pa
_________________________________________________________________________
i n
or
e
What will you apply in the field?

l
ho
_________________________________________________________________________
w
in
n
_________________________________________________________________________
c tio
du
ro
_________________________________________________________________________
ep
.R
_________________________________________________________________________
ly
on
se
_________________________________________________________________________
u
er
ld
_________________________________________________________________________
ho
ke
_________________________________________________________________________
a
St
&L
_________________________________________________________________________
C
P
H
_________________________________________________________________________
_________________________________________________________________________
Rev. 11.12 7 –25

Module 7 summary
In this module, you have been introduced to ways to harden the spanning tree
protocol to reduce instability. Record your thoughts here while your facilitator reviews
d.
what was covered in this module.
ite
____________________________________________________________________
ib
oh
pr
____________________________________________________________________
is
n
io
____________________________________________________________________
s
is
m
er
____________________________________________________________________
tp
ou
ith
____________________________________________________________________
w
rt
pa
____________________________________________________________________
i n
or
____________________________________________________________________
l e
ho
w
____________________________________________________________________
in
n
tio
____________________________________________________________________
c
du
ro
____________________________________________________________________
ep
.R
ly
on
u se
er
ld
ho
ake
St
&L
C
P
H
7 –26 Rev. 11.12

Hardening STP
Learning check
Q1: What feature(s) prevent loops that can occur on edge ports?
_______________________________________________________________
d.
ite
ib
_______________________________________________________________
oh
pr
_______________________________________________________________
is
n
sio
_______________________________________________________________
is
m
er
tp
_______________________________________________________________
ou
ith
Q2: Are UDLD on Cisco and DLDP on HP-A Series switches interoperable?
w
rt
pa
_______________________________________________________________
i n
or
_______________________________________________________________
l e
ho
w
_______________________________________________________________
in
n
Q3: Would you set root guard on edge ports?

ctio
_______________________________________________________________
du
ro
ep
_______________________________________________________________
.R
ly
on
_______________________________________________________________
se
Q4: Would you set BPDU filter on edge ports?

u
er
_______________________________________________________________
ld
ho
ke
_______________________________________________________________
a
St
&L
_______________________________________________________________
C
P
_______________________________________________________________
H
_______________________________________________________________
Rev. 11.12 7 –27

Q5: Would you set BPDU guard on uplinks?

_______________________________________________________________
_______________________________________________________________
d.
ite
ib
_______________________________________________________________
oh
pr
is
_______________________________________________________________
n
sio
is
_______________________________________________________________
m
er
tp
Q6: What prevents loop in case of unidirectional links?
ou
_______________________________________________________________
ith
w
rt
_______________________________________________________________
pa
i n
or
_______________________________________________________________
l e
ho
_______________________________________________________________
w
in
n
_______________________________________________________________
c tio
du
ro
_______________________________________________________________
ep
.R
ly
on
u se
er
ld
ho
ake
St
&L
C
P
H
7 –28 Rev. 11.12

Link Aggregation
Module 8
Module 8 Objectives
 Identify and implement link aggregation methods that will interoperate between
Cisco and HP switches
 Use link aggregation and the HP Intelligent Resilient Framework (IRF) to build a
redundant network architecture that integrates Cisco and HP switches
 Configure link aggregation between Cisco switches and an HP IRF stack
Rev. 11.12 8 –1
Link aggregation and interoperability

– Link aggregation increases bandwidth + redundancy
– Link-aggregation interoperability is easy
Naming
Cisco: Ether or port channel
HP E-Series: Trunk
HP A-Series: Bridge or link aggregation
Our convention
Figure 8-1: Link aggregation and interoperability
Note the different naming conventions for link aggregation between HP and Cisco:
 Cisco: EtherChannel or port channel
 HP A-Series: bridge or link aggregation
 HP E-Series: trunk
Be careful with HP E-Series naming; link trunking can be confused with VLAN
trunking. For the purposes of this training, the term “link aggregation” will be used.
8 –2 Rev. 11.12
Link Aggregation
Link aggregation modes

Recommended combinations
Static Always works

Static
LACP-BPDUs
Switch MAC address, LACP key > Works if both
Static LACP sides agree
Static LACP
< Switch MAC address, LACP key
LACP-BPDUs
Switch MAC address, LACP key >
Dynamic LACP Set and works
Dynamic LACP if both sides agree
< Switch MAC address, LACP key
Active
Active
Passive
Figure 8-2: Link aggregation modes
Static link aggregation

In static link aggregation, there is no exchange of frames between the two switches.
Each side manages its own link aggregation. Each side load balances outgoing
frames according to that platform’s rules. Each side accepts the incoming frames as
they are sent from the other side. Of course, neither side ever forwards incoming
frames back out the other ports in the link aggregation group because the switch
considers the ports one virtual port.
 Benefits: Static link aggregation is very interoperable. It can be used between all
vendors.
 Drawbacks: There is no control to guarantee that your link aggregation cabling
is correct For example, you wouldn’t be able to tell if the wrong ports were
connected. In an environment with many aggregated links, LACP gives you more
information for troubleshooting.
Static LACP
In static LACP, the link aggregation virtual port (port channel on Cisco, trunk on HP E-
Series, or bridge-aggregation on HP A-Series) is formed whether or not the other side
agrees. However, ports in the link aggregation will be selected (active/up) only if
both sides agree. The remote side must send the same switch MAC address and the
same operation key (which shows that the ports belong to same link aggregation). In
other words, the switch checks that LACP-BPDUs come from the same switch and from
same remote link aggregation.
Rev. 11.12 8 –3
 Benefits: LACP is a standard (802.3ad), which Cisco and HP switches support.

LACP gives information about the remote side and a way to control that cabling
has been correctly.
 Drawbacks: LACP negotiation may sometimes lead to unselected ports on both
sides.
Dynamic LACP
Both sides negotiate the link aggregation with LACP. Link aggregation will only be
formed if both sides agree. One side must be active LACP (initiates LACP
negotiation) and the other side can be either passive (does not initiate LACP
negotiation) or active. The active side sends LACP-BPDUs across all of the links of the
link aggregation. LACP-BPDUs contain the switch’s MAC address, a priority value,
and a port number. Although the priority value can be configured on Cisco switches,
on HP E-Series switches, it cannot be changed. On HP E-Series switches, dynamic
LACP supports hot-standby links. For example, out of ten lines, eight would be
actively used, and two lines would be in standby mode.
 Benefits: Allows a link aggregation to be initiated by one side only. However,
that requires the other side to be pre-set in passive mode. Most vendors do not
allow this pre-setting because it causes issues.
 Drawbacks: On HP E-Series switches, dynamic LACP trunks cannot be statically
assigned to a VLAN. VLAN assignments can be made only through GVRP.
Interoperability between modes: What works?

Interoperability works well with the following combinations, so they are
recommended for smooth interoperability:
 Static on both sides
 Static LACP on both sides
Interoperability usually works with dynamic LACP on both sides as long one side is
active. There are limitations on the HP E-Series for configuring the dynamic trunk
(Remember that dynamic trunk is the name for link aggregation on HP E-Series
switches.)
Other combinations include:
 Static LACP and dynamic LACP (passive or active), which also works most of the
time
 Static and static LACP, which do not usually work well together
Although a virtual port is created, the static LACP side requires the identity of the
remote side to be sent on all links to select the ports in link aggregation. One port
maybe selected but not the others.
8 –4 Rev. 11.12
Link Aggregation
Link aggregation modes (cont.)

Mode Cisco HP A-Series HP E-Series
Etherchannel Bridge
Trunk
mode aggregation
Static On Not specified Trunk
Static LACP Active Dynamic LACP
Dynamic LACP Active

Passive /
LACP LACP Passive
Preferred combinations:
Static-Static
Static LACP-Static LACP
Figure 8-3: Link aggregation modes (cont.)
Depending on a switch’s platform, link aggregation modes will be called different

names. Remember that the Static-Static and Static LACP-Static LACP are the
combinations you are recommended to use.
Apart from modes, there are other common requirements for link aggregation to
work. The links in a link aggregation must:
 Be coterminous—begin together and end together
 Use same speed, although they may use different media types
 Have the same duplex setting
 LACP requires full-duplex
 Have the same VLANs assigned
The maximum number of links that can comprise a link aggregation is usually eight,
but can be more or less, depending on the platform. The maximum number of link
aggregations per switch also varies on a per platform basis.
Rev. 11.12 8 –5
Link aggregation load balancing options

Load balancing option Cisco HP A-Series HP E-Series
Source-Destination MAC Y Y Y
Source MAC Y Y N
Destination MAC Y Y N
Source-Destination IP Y Y Y
Source IP Y Y N
Destination IP Y Y N
Destination UDP/TCP Port Y Y N
Figure 8-4: Link aggregation load balancing options
Load balancing does not play a role in interoperability; however, you should
understand how the traffic may be load balanced and the bandwidth may be used
on each platform. You should also understand the benefits of various types of load
balancing.
For example, your network features a link aggregation between two switches, one of
which connects to a server. Traffic destined to this server makes up a significant
portion of the link aggregation’s traffic, and you want to load balance it. The
destination MAC address and IP address (those of the server) are the same for all
traffic. In addition, if the traffic is routed before crossing the link aggregation, the
source MAC address for all traffic is the same. In this case, the only way to load
balance the traffic is using the source IP addresses, which differ for each client.
However, if you are trying to load balance communications between two servers, the
source IP address will be the same for most traffic, and the only way to truly load
balance traffic would be to use a TCP or UDP port. This option is available on the
Comware OS and on HP A-Series switches.
8 –6 Rev. 11.12
Link Aggregation
IRF, link aggregation, and interoperability: IRF in the

distribution layer
Physical view Logical view
Core
Cisco
Static or LACP
link aggregation
Distribution
HP A-Series IRF
Static or LACP
link aggregation
Access layer
Cisco
Would you enable STP?
Figure 8-5: IRF, link aggregation and interoperability: IRF in the distribution layer
IRF stands for Intelligent Resilient Framing. With IRF, two (or N) switches act as one.
IRF is what is conventionally called true stacking. It is available on HP A-Series
switches and requires 10 Gig links for stacking.
IRF is supported on these HP A-Series switches: A12500, A9500, A7500, A5820,
A5800, A5500, and A5120 (10GbE models). With IRF, two switches can be
combined together as a single virtual switch. The HP A-Series stackable switches
A3600, A5500-EI, and A5800/5810/5820 families support IRF with up to eight or
nine members.
A typical redundant connection is achieved using link aggregation in static or LACP
mode. Link aggregation to IRF can be static or dynamic (LACP). Switches from all
vendors can connect to an IRF using link aggregation, eliminating the need for STP.
Q1: Would you enable STP?
______________________________________________________________________
______________________________________________________________________
______________________________________________________________________
______________________________________________________________________
Rev. 11.12 8 –7
______________________________________________________________________
______________________________________________________________________
______________________________________________________________________
______________________________________________________________________
______________________________________________________________________
______________________________________________________________________
______________________________________________________________________
______________________________________________________________________
______________________________________________________________________
______________________________________________________________________
______________________________________________________________________
______________________________________________________________________
______________________________________________________________________
______________________________________________________________________
______________________________________________________________________
______________________________________________________________________
______________________________________________________________________
______________________________________________________________________
______________________________________________________________________
8 –8 Rev. 11.12
Link Aggregation

distribution and access layers
L3 Cisco
Core
Static or LACP
Link Aggregation
L2/L3 HP A-Series IRF

Distribution
L2
HP A-Series
Access layer
Do you need to configure VRRP the distribution layer?
Figure 8-6: IRF, link aggregation, and interoperability: IRF in the distribution and access layers
Q1: Do you need to configure VRRP?

______________________________________________________________________
______________________________________________________________________
______________________________________________________________________
______________________________________________________________________
______________________________________________________________________
______________________________________________________________________
Link aggregation becomes a way to integrate the different layers. In the above
design, IRF is put in the aggregation/distribution and access layer. The Cisco core
connects to the distribution layer via link aggregation.
Rev. 11.12 8 –9

core and distribution layers y
Core HP A-Series
Distribution HP A-Series IRF
Access layer
Cisco
stacking
Would you enable STP?
Figure 8-7: IRF, link aggregation, and interoperability: IRF in the core and distribution layers
Again, link aggregation can integrate the different layers. In the above design, IRF is
put in the aggregation/distribution and core layers. The Cisco stack in access
connects to the distribution layer via link aggregation.
Note
Cisco suggests stacking on its Catalyst 6500 and Catalyst 3750 switches, as well
as others.
8 –10 Rev. 11.12

Link Aggregation
Static link aggregation configuration

– HP A-Series bridge aggregation configuration
Interface Bridge-aggregation 1
Port link-aggregation group 1
Port link-aggregation group 1
– HP E-Series trunk configuration

trunk 47-48 trk1 trunk
– Cisco port channel configuration

interface Port-channel 1
channel-group 1 mode on
channel-group 1 mode on
Figure 8-8: Static link aggregation configuration
This slide provides a quick comparison of the static link aggregation configuration on
each platform.
Use the following commands to check the configuration:
 On Cisco:
Cisco# show interface port-channel 1 etherchannel
 On HP A-Series
<HP-A> display link-aggregation verbose
 On HP E-Series
HP-E# show trunk
Rev. 11.12 8 –11

Link Aggregation
VLAN trunking and link aggregation

– Trunk ports for HP A-Series bridge aggregation
Interface Bridge-aggregation 1
port link-type trunk
port trunk permit vlan All
– VLAN tagging for HP E-Series trunk Do you have to set

Vlan 11 tagged trk1 VLAN trunking on
Vlan 12 tagged trk1 physical ports as well?
Vlan 13 tagged trk1
– VLAN trunking for Cisco port channel

interface Port-channel 1
Switchport trunk encapsulation dot1q
Switchport mode trunk
Switchport trunk allowed vlan 1,11-13
Figure 8-10: VLAN trunking and link aggregation
Q1: Do you have to set VLAN trunking on physical ports as well?

______________________________________________________________________
______________________________________________________________________
______________________________________________________________________
______________________________________________________________________
______________________________________________________________________
______________________________________________________________________
______________________________________________________________________
______________________________________________________________________
______________________________________________________________________
______________________________________________________________________
Rev. 11.12 8 –13

Troubleshooting link aggregation

Here are some strategies you can use if you ever need to troubleshoot link
aggregation. Check the following:
 The local and remote links are connected together and truly associated with the
right link-aggregation.
 The ports are in full duplex mode, with same setup and not shut down.
 Both sides are either in static mode or in LACP mode:
 Active mode on Cisco
 Dynamic on HP A-Series
 Trunk LACP on HP E-Series switches
 VLAN trunking has been set on link aggregation ports and not on physical
ports.
If link aggregation still does not come up, try the following:
 Shut down and undo shut down of physical ports at the same time
 Repeat these operations in order:
1. Create link aggregation.
2. Assign physical ports.
3. Configure VLAN trunking on the link aggregation ports.
8 –14 Rev. 11.12

Link Aggregation
Lab 8.1: Configuring link aggregation and IRF

Server_1 IP addressing:
10.POD.VLAN.X/24
Cisco-A
P3 P4 X=1 on Cisco-A
PO2
X=3 on IRF
P1 BR3 P1 X=5 on HP-E

XP1 XP1
HP-C
XP2 XP2
HP-D X=100 on Server_1
IRF IRF X=101 on Client_1
P2 P2
Master BR4 Slave
XP1: Ten GIG ports
P1 trk1 P2
HP-E
P3
Client_1
Figure 8-11: Lab 8.1: Configuring link aggregation and IRF
You will now complete a lab in which you create link aggregation groups between
Cisco and HP A-Series switches, as well as Cisco and HP E-Series switches.
________________________________________________________________________
________________________________________________________________________
________________________________________________________________________
________________________________________________________________________
________________________________________________________________________
________________________________________________________________________
________________________________________________________________________
________________________________________________________________________
________________________________________________________________________
Rev. 11.12 8 –15

Lab debrief
Did you find any useful show and display commands during the lab?
______________________________________________________________
______________________________________________________________
______________________________________________________________
______________________________________________________________
______________________________________________________________
What were the main things you learned about link aggregation?
______________________________________________________________
______________________________________________________________
______________________________________________________________
______________________________________________________________
______________________________________________________________
______________________________________________________________

______________________________________________________________
______________________________________________________________
______________________________________________________________
______________________________________________________________
______________________________________________________________
8 –16 Rev. 11.12

Link Aggregation
Did you learn anything that you will apply in the field?
______________________________________________________________
______________________________________________________________
______________________________________________________________
______________________________________________________________
______________________________________________________________
______________________________________________________________
______________________________________________________________
______________________________________________________________
______________________________________________________________
Rev. 11.12 8 –17

Module 8 summary
In this module, you have learned about the benefits of using link aggregation, and
how when combined with IRF, it provides a redundant architecture without STP. Write
down any thoughts you may have while your facilitator reviews the content of this
module.
_______________________________________________________________________
_______________________________________________________________________
_______________________________________________________________________
_______________________________________________________________________
_______________________________________________________________________
_______________________________________________________________________
_______________________________________________________________________
_______________________________________________________________________
_______________________________________________________________________
_______________________________________________________________________
_______________________________________________________________________
_______________________________________________________________________
_______________________________________________________________________
_______________________________________________________________________
8 –18 Rev. 11.12

Link Aggregation
Learning check
Q1: In what circumstances can you create an LACP link aggregation in which one
switch connects to two different switches?
_______________________________________________________________________
_______________________________________________________________________
_______________________________________________________________________
_______________________________________________________________________
Q2: Can you create a link aggregation between a Cisco switch port in on mode and
an HP E-Series switch port in trunk mode?
_______________________________________________________________________
_______________________________________________________________________
_______________________________________________________________________
_______________________________________________________________________
Q3: Can you create a link aggregation between a Cisco switch in active mode and
an HP A-Series switch in dynamic mode?
_______________________________________________________________________
_______________________________________________________________________
_______________________________________________________________________
_______________________________________________________________________
_______________________________________________________________________
_______________________________________________________________________
_______________________________________________________________________
Rev. 11.12 8 –19

8 –20 Rev. 11.12

Virtual IP Protocols
Module 9
Module 9 objectives
 Describe the differences and similarities between several virtual IP protocols,
including:
 Cisco Hot Standby Router Protocol (HSRP)
 Cisco Gateway Load Balancing Protocol (GBLP)
 Industry-standard Virtual Router Redundancy Protocol (VRRP)
 Assess the advantages and disadvantages of virtual IP protocols as compared to
HP Intelligent Resilient Framework (IRF) solutions
 Implement the appropriate protocol options such as:
 Preemption
 Preempt delay timer
 Tracking of interface or IP object
 Load-balancing
 Support of stateful Network Address Translation (NAT)
Rev. 11.12 9 –1
Comparing HSRP, GLBP, VRRP, and IRF

This module covers options for providing router redundancy, principally by
implementing one of these protocols:
 HSRP
 GLBP
 VRRP
Although the protocols do not interoperate, often the lack of compatibility does not
create an issue. Typically the devices that provide redundancy for each other are
identical models from the same vendor. Therefore, this section focuses on comparing
the options provided by these protocols. You will also learn about the HP A-Series IRF
technology, which offers an attractive alternative to using these protocols.
Use the space below to record your experience in implementing any of these
protocols.
NOTES
_________________________________________________________________________
_________________________________________________________________________
_________________________________________________________________________
_________________________________________________________________________
_________________________________________________________________________
_________________________________________________________________________
_________________________________________________________________________
_________________________________________________________________________
_________________________________________________________________________
_________________________________________________________________________
_________________________________________________________________________
9 –2 Rev. 11.12
Virtual IP design cases

The next section guides you through designing virtual IP implementations for various
use cases.
If you have designed virtual IP protocol solutions, note some of the problems that you
have encountered below. After you complete the design cases, return to this page
and see if any of the solutions you discussed could have helped you resolve these
problems.
NOTES
________________________________________________________________________
________________________________________________________________________
________________________________________________________________________
________________________________________________________________________
________________________________________________________________________
________________________________________________________________________
________________________________________________________________________
________________________________________________________________________
________________________________________________________________________
________________________________________________________________________
________________________________________________________________________
________________________________________________________________________
________________________________________________________________________
________________________________________________________________________
________________________________________________________________________
________________________________________________________________________
________________________________________________________________________
Rev. 11.12 9 –13

Default gateway redundancy with HSRP and VRRP

Root Secondary Root Secondary Root Root
M1 B1 B2 M2
VIP1=10.1.1.1 VIP2=10.1.2.1
MSTP Instance 1 MSTP Instance 2
IP: 10.1.1.51/24 IP: 10.1.2.5/24

DEF GWY=10.1.1.1 Def GWY=10.1.2.1
VIRTUALMAC: 0000-0c07-ac01– HSRP VIRTUAL MAC: 0000-0c07-ac02– HSRP

0000-5e00-0101-VRRP 0000-5e00-0102-VRRP
Mx Master Bx
Backup
Figure 9-6: Default gateway redundancy with HSRP and VRRP
Here you see the main use case for HSRP and VRRP: providing redundancy for the
default gateways of VLANs. Typically, a VLAN has one master and one backup
router. The master owns the virtual IP address that the DHCP server distributes as the
VLAN’s default gateway.
Note that you should synchronize the roles between VRRP or HSRP and MSTP to
ensure that the topology is used efficiently. As you see, the VRRP or HSRP master for
a particular VLAN is the MSTP root for the instance that includes that root.
9 –14 Rev. 11.12

Default gateway redundancy with IRF

IP: 10.1.2.5/24
Def GWY: 10.1.2.1
3
1
1
4
10.1.2.1
10.1.2.1
IRF
10.1.1.1
10.1.1.1
3
1
1
4 IP: 10.1.1.51/24
Def GWY : 10.1.1.1
Figure 9-7: Default gateway redundancy with IRF
With IRF, you do not need to configure a virtual IP protocol to ensure redundancy for
the default gateway; IRF itself ensures such redundancy and more.
The IRF system acts as one single Layer 3 device. The master device or fabric
completes routing calculations. Its Forwarding Information Base (FIB) table is
synchronized across the IRF system. The other member or members of the IRF group
store the routing status in real-time to ensure that the IRF group continues to function
seamlessly while the master fails.
IRF supports all unicast and multicast routing protocols and implements distributed
resilient routing:
 No single-point routing failure
 Routing forwarding without interrupt
Operational planes (control, management, and forwarding)

Modern switches and routers segregate their functions into different groups called
operational planes or simply planes.
The most common planes are:
 Control Plane: This plane includes all internal monitoring and control functions
related to power, temperature, and hardware state in general.
 Management plane: This functional group provides the user interface and the
platform for all protocols run (for example, STP in Layer 2 and OSPF in layer 3).
The routing table is built in this plane. This plane’s functions are software based
to allow for upgrades.
Rev. 11.12 9 –15

 Forwarding plane: The group of functions includes Layer 2 and Layer 3

forwarding, packet filtering, and quality of service (QoS) policies. This plane’s
functions actually use the routing table. Functions in this plane are hardware
based because of speed requirements.
In stackable switches, the distribution of these planes is simple: a general purpose
CPU runs the management and control planes, and one or two ASICs are in charge
of actual packet processing and forwarding.
A modular switch centralizes the management and control planes in Switching and
Routing Processing Units (SRPUs) while they distribute the forwarding plane in two or
more Line Processing Units (LPUs). All modular switches support the installation of two
SRPUs for redundancy.
Operational planes in IRFv2

When you combine several HP A-Series devices to form an IRF virtual device, the
management and control planes of one of the devices becomes active while those of
the other devices stay in standby. However, every switch retains its active forwarding
planes, which the active management and control planes draw on as necessary.
In other words, an IRF system acts like a modular switch with centralized
management and control planes and a distributed forwarding plane.
Note
Currently, an IRF virtual device supports a maximum of two modular switches
with a maximum of four SRPUs. Only one SRPU becomes active while the others
(including another on the same switch) stay in standby.
Consider ARP. In an IRF virtual device, ARP runs in a distributed manner but as if on
a single switch:
 Static ARP entries are automatically synchronized through the shared
configuration.
 Each device sends its ARP requests independently. But when a device receives
an ARP response packet, it transmits this packet to all devices through the IUC to
prevent other devices from sending the same ARP requests.
 When the IRP virtual device receives an ARP request packet, the master responds
at once. The ARP request packet is broadcast, and it is automatically
synchronized to each device so that the entry can be learned by everyone.
However, each device ages its own ARP entry independently.
9 –16 Rev. 11.12

Load balancing with GLBP and VRRP (HP A-Series

devices)
In a given IP subnet, one virtual IP and several virtual
MAC addresses are assigned by the master.
M1 B1
VIP1=10.1.1.1
IP: 10.1.1.45/24 IP: 10.1.1.24/24

IP Def Gwy 10.1.1.1 IP Def Gwy: 10.1.1.1
MAC Def Gwy:000f-e2ff-0011 MAC Def Gwy: 000f-e2ff-0012
Figure 9-8: Load balancing with GLBP and VRRP (HP A-Series devices)
In this use case, you need to implement load balancing. On HP A-Series devices,
VRRP load balancing mode provides the necessary functionality. On Cisco devices,
GLBP provides load-balancing. However, this particular use case focuses on VRRP
load-balancing on HP A-Series devices.
When VRRP works in the standard protocol mode, only the master can forward
packets and the backups remain in a listening state. Although you can create
multiple VRRP groups to implement load balancing among multiple routers, this
solution would require endpoints in the VLAN to have different gateways,
complicating the configuration.
When VRRP works in the load balancing mode, however, the group gains load
balancing in addition to virtual gateway redundancy.
The virtual IP address is associated with multiple virtual MAC addresses, one for
each router in the VRRP group. The master allocates virtual MAC addresses to routers
in the VRRP group. It then replies to ARP requests (for the IPv4 network) or Neighbor
Discovery (ND) requests (for the IPv6 network) from different endpoints with different
virtual MAC addresses, using a load balancing algorithm. The backup routers,
however, do not reply to the ARP or ND requests.
In this way, each router in the group can forward packets. Because you only need to
create one VRRP group to implement load balancing among multiple routers, you
avoid the configuration issues but fully utilize your network resources rather than
leave backup routers in the idle state.
The VRRP load-balancing mode is based on the VRRP standard protocol mode, so
mechanisms, such as master election, preemption, and tracking functions, in the
standard protocol mode are also supported in the load-balancing mode.
Rev. 11.12 9 –17

Load balancing with IRF

Architecture is symmetric and Layer 2/Layer 3 forwarding is
distributed. Then load balancing is included
IRF
10.1.1.1
IP: 10.1.1.45/24 IP: 10.1.1.24/24

IP Def Gwy 10.1.1.1 IP Def Gwy: 10.1.1.1
Figure 9-9: Load balancing with IRF
The IRF architecture itself provides load balancing between the Layer 3 switches.
Unlike an MSTP/VRRP or PVST/HSRP architecture, it provides symmetric connections
between edge switches and the IRF, in which all links are used.
As the figure shows, traffic between the edge and core switches is load balanced by
the algorithm applied on the aggregated link.
When a packet arrives on a port on one of the IRF’s routing-switches, the packet is
forwarded locally because routing and switching are truly distributed among IRF
members and line card—as long as the destination is connected to a switch which is
also connected with link-aggregation.
MAC addresses as well as the ARP cache are distributed and synchronized among
IRF members. When forwarding the traffic to an aggregated link, the IRF virtual
device always chooses the closest link in the aggregation (preferably, directly
connected).
9 –18 Rev. 11.12

Next hop router in

p static routes—Case 1
Static route
WAN router 10.0.0.0/8 -> VIP1
or firewall Static route

10.0.0.0/8 -> VIP 2
Static route Static route
10.0.0.0/8 -> VIP1 10.0.0.0/8 -> VIP 2
M2
M1 VIP2 M2 VIP2
VIP1 VIP1 M1
B2 B1
Figure 9-10: Next hop router in static routes—Case 1
In some environments, static routing is a convenient solution for routing between a

WAN router or a firewall and a pair of routing switches. For example, the switches
might not support a common routing protocol, or the equipment might be managed
by different companies such as an Internet Service Provider (ISP) and a private
company.
You can use HSRP or VRRP to build redundancy into the static routes. Simply
configure the virtual IP address as the next hop IP address in the static routes to
subnets connected to that virtual router group.
Configuring the virtual IP address as the next hop in the static route provides more
redundancy than configuring two static routes that point to different real IP addresses.
Why? When you use real IP addresses, if the device that is the next hop for the
active route fails, the router must wait for the table to update. But with a single route
to the virtual IP address, the same route remains accurate if the master fails. The
backup simply takes ownership of the virtual IP address and the virtual MAC
address. As in the case of a failover for endpoints and their default gateway, the
router with the static route is not aware of the change.
For load-balancing purpose, you can create two static routes that point to two virtual
IP address.
Rev. 11.12 9 –19

Next hop router in static routes—Case 2

10.0.0.0/8 -> VIP1 10.0.0.0/8 -> VIP1
10.0.0.0/8 -> VIP 2 10.0.0.0/8 -> VIP 2
M3 M4
Wan router B4 VIP3 VIP4 B3

or Firewall
M1 M2
VIP1 VIP2
B2 B1
0.0.0.0/0 -> VIP3 0.0.0.0/0 -> VIP3

0.0.0.0/0 -> VIP 4 0.0.0.0/0 -> VIP 4
* Or GLBP or VRRP Load balancing
Figure 9-11: Next hop router in static routes—Case 2
This example is similar to the previous one except that it features a pair of WAN
routers or firewalls. The two pairs of routers—the pair of routing switches and the
pair of WAN routers—are not directly connected and use static routes to exchange IP
packets.
In this use model, you can build redundancy into the WAN routers as well as the
routing switches, again by using a virtual IP protocol. The WAN routers share a
virtual IP address, which serves as the next hop for the default route set on the routing
switches. As in the previous example, the WAN routers have a static route to the
local network using the routing switch’s virtual IP address as the next hop.
If you create two virtual IP addresses and two static routes on each side, you can
provide full load balancing.
9 –20 Rev. 11.12

Next hop router in static routes with IRF

10.0.0.0/8 -> IP1 10.0.0.0/8 -> IP1
Wan router M3 M4
or Firewall
B4 VIP3 VIP4 B3
IP1 0.0.0.0/0 -> VIP3

IRF
0.0.0.0/0 -> VIP 4
Figure 9-12: Next hop router in static routes with IRF
In this example, the WAN routers only have one Ethernet interface that is connected
to the LAN. They are connected to an access switch, which is connected to the IRP
with an aggregated link. This configuration provides the WAN router with symmetric
access to both IRF members.
Each WAN router could also be connected directly with a single interface to one of
the IRF member. This configuration would still ensure redundancy but the IRP links
would need to carry more traffic.
Each WAN router could also have two Ethernet interfaces and then form a port
channel or aggregated link to the IRF.
Rev. 11.12 9 –21

Preemption and preempt delay

t=0 t=n t=n+ preempt delay
Failure of S1 S1 is rebooted S1 preempt VIP1
Wan router
or Firewall
R R R
S2 S1 S2 S1
S2
S1 B1
M1 M1 M1
VIP1 VIP1 VIP2 VIP1
VIP2 M2 B2 M2 VIP2 M2
B2 B1
Figure 9-13: Preemption and preempt delay
The figure illustrates the preempt delay feature.

At time 0, the master router fails. Then the backup then takes ownership of VIP1.
At time n, when the master is restored or rebooted, it could preempt the role of
master. It may not be ready to route IP packets to remote networks because HSRP
and VRRP often converge much faster than routing protocols; even though the master
can route packets to directly connected networks immediately, it has not yet learned
routes via OSPF, RIP, or BGP. VRRP or HSRP usually converge faster than the routing
protocols.
The preempt delay setting solves this problem: it adds a delay time between when
the master comes back on line and when it preempts its role of master.
In the example, at time n+ preempt delay, the former master has waited for
convergence of its routing protocols, it can now preempt the role of master.
9 –22 Rev. 11.12

No preempt delay needed with IRF

t=0 t=n
Failure of S1 S1 is Rebooted
IP1
IP1 IP2
IP2
Figure 9-14: No preempt delay needed with IRF
Consider the previous scenario with IRF. In this example, the router is connected to
the IRF with an aggregated link.
A link failure would only cause less bandwidth; Layer 2 and Layer 3 connectivity
would remain, protecting packets from being dropped. Even if an IRF member fails
completely, Layer 2 and Layer 3 connectivity would be maintained.
Because the IRF virtual device uses a single routing table, there is no need for the
router to delay resuming its role in the IRF virtual device when it reboots.
Rev. 11.12 9 –23

Tracking interfaces with VRRP or HSRP
WAN router
or Firewall
M1 M2
M2
B1
VIP1 VIP2 B1 VIP1 M1
B2 B2
VIP2 Priority 90
Priority 100 Priority 90 Priority 80
- 20
Figure 9-15: Tracking interfaces with VRRP or HSRP
When the interface that the master router uses to connect to the WAN router or
firewall goes down, the master loses its IP routes to remote IP networks.
If the system uses routing protocols, the master can learn new routes to the remote
networks. Or the master might have a floating static route. In either case, however,
the next hop for new routes is typically a backup router in the VRRP group. The
master has become an unnecessary hop for traffic destined to remote IP networks, so
routing traffic directly through the backup would be more efficient.
VRRP or HSRP tracking enables the router to lower its priority if a particular interface
goes down so that its priority becomes lower than that of a backup. The backup can
then preempt the role of master for the virtual IP.
In this typical case, tracking is usually set for VLANs. So that routers can preempt the
master role when necessary, you should usually configure preempt mode with
tracking. Note, however, that tracking is optional; sometimes you might decide that
eliminating a potential extra hop is not worth the additional configuration.
9 –24 Rev. 11.12

Tracking remote IP addresses

N1 N2
N1 N2
M1 M2
M2
B1
VIP1 VIP2 B1 VIP1 M1
B2 B2
VIP2 Prior 90
Priority 105 Priority 90 Priority 85
- 2*10
Figure 9-16: Tracking remote IP addresses
A router’s access to remote IP networks may depend on a series of connections and

devices, including several routers, firewalls, and switches. Simply because the router’s
Internet-facing interface is up does not rule out a problem on another upstream
device.
HSRP and VRRP on HP A-Series devices offer the ability to track connectivity to a
remote IP address through a specific interface. (You must specify the interface;
otherwise, a router might not realize that its interface has gone down, and it is
reaching the remote IP addresses through the group’s backup.)
You would typically choose an IP address on the Internet or other remote network—
for example, the IP address of:
 A remote site router or server
 A router or server at headquarters
 A remote endpoint of an IPsec VPN tunnel
 A service provider device
 An Internet server with a stable IP address
Note
Make sure that the router can ping the IP address that you select and that there is
no firewall that can block the ping packets.
Rev. 11.12 9 –25

When a router detects that it cannot reach tracked IP address through the tracked
interface, the result is the same as in the simple tracked interface scenario.
In this example, the routers in the VRRP or HSRP group track two remote IP addresses;
thus they avoid relying on a single IP address (which might itself fail) to test an access
to remote networks. Failure of each node can lower priority—by 10 and by 15, for
example. However, only losing connectivity with both tracked addresses will truly
indicate a failure and lower the master’s priority enough to become lower than that
of the backup.
9 –26 Rev. 11.12

Tracking with IRF and NQA

N1 N2
N1 N2
IP3 IP4
0.0.0.0/0 -> IP3 pref 1 -> 100 0.0.0.0/0 -> IP 4 pref 10
0.0.0.0/0 -> IP 4 pref 10

IP1 IP1
IP2 IP2
Figure 9-17: Tracking with IRF and NQA
Network Quality Analyzer (NQA) allows a switch or an IRF, as shown in the figure
above, to track the status of a remote IP address. Based on connectivity to this
address, the router can change the preference of a static route. (On HP E-Series
switches and Cisco switches, the preference is the administrative distance.)
In the examples illustrated above, each WAN router has two static routes: a primary
route and a backup one with a lower preference (called a floating static route).
When the router fails to reach the tracked remote IP address, it increases the
preference of the main route (lower preference value is preferred). As a result, the
backup route is placed in the routing table.
Rev. 11.12 9 –27

Configuring virtual IP protocols

You will now evaluate example configurations for the various virtual IP protocols.
Which virtual IP protocols do you want to know more about?
NOTES
_________________________________________________________________________
_________________________________________________________________________
_________________________________________________________________________
_________________________________________________________________________
_________________________________________________________________________
_________________________________________________________________________
_________________________________________________________________________
_________________________________________________________________________
_________________________________________________________________________
_________________________________________________________________________
_________________________________________________________________________
_________________________________________________________________________
_________________________________________________________________________
_________________________________________________________________________
_________________________________________________________________________
_________________________________________________________________________
_________________________________________________________________________
_________________________________________________________________________
_________________________________________________________________________
9 –28 Rev. 11.12

HSRP configuration example

Active HSRP router
Real IP address used
interface vlan1
among HSRP routers
ip address 10.1.1.2 255.255.255.0
standby 1 ip 10.1.1.1
standby 1 priority 105
standby 1 preempt
Virtual IP address used
standby 1 tracking serial0
by local hosts
Highest priority wins By default, if

election, if equal tracked interface
then the highest real failovers, priority
IP address wins is reduced by 10
Standby HSRP Router
election interface vlan1
ip address 10.1.1.3 255.255.255.0
standby 1 ip 10.1.1.1
standby 1 preempt
standby 1 tracking serial0
Default HSRP priority is 100
Figure 9-18: HSRP configuration example
This slide shows the commands for configuring HSRP and the HSRP options discussed
earlier in this module on Cisco devices.
Rev. 11.12 9 –29

GLBP configuration example

Real IP address used
Master GLBP Router among HSRP routers
interface vlan 10
ip address 172.18.10.2 255.255.255.0
glbp 10 priority 110
glbp 10 preempt Authentication
glbp 10 authentication md5 key-string s!a863
glbp 10 ip 172.18.10.1
exit
Group number Virtual IP address used

by local hosts
Backup GLBP Router
interface vlan 10
ip address 172.18.10.3 255.255.255.0
glbp 10 authentication md5 key-string s!a863
glbp 10 ip 172.18.10.1
exit
Figure 9-19: GLBP configuration example
These are the commands for configuring GLBP and the GLBP options discussed
earlier on Cisco devices.
9 –30 Rev. 11.12

VRRP configuration example on HP A-Series

Master VRRP Router
interface vlan 100
ip address 202.38.160.1 255.255.255.0
vrrp vrid 1 virtual-ip 202.38.160.111
vrrp vrid 1 priority 110
vrrp vrid 1 preempt-mode timer delay 45
vrrp vrid 1 track interface gigabit 2/0/24
Virtual router ID
Preempt delay of 45 sec to allow OSPF
network to be in routing table
Backup VRRP Router

VRRP priority is 100 Interface vlan 100
if not specified ip address 202.38.160.2 255.255.255.0
Figure 9-20: VRRP configuration example on HP A-Series
These are the commands for configuring VRRP and the VRRP options discussed
earlier in this module on HP A-Series devices. For example, the preempt delay has
been set to 45 seconds so that the router can identify its Open Shortest Path First
(OSPF) neighbors and update its routing table with OSPF routes.
Rev. 11.12 9 –31

VRRP tracking remote IP on HP A-Series

Defined tracked entity with Network Quality Analyzer (NQA)
# Define Ping tests 1 and 2
# send echo request to 1.1.1.1 and to 2.2.2.2 every 300 ms,
# wait for timeout for 300 ms and trigger reaction when 5 pings to probes have failed
nqa entry internetlink test-ping1
type icmp-echo
destination ip 1.1.1.1
frequency 300
probe timeout 300
reaction 11 checked-element probe-fail threshold-type consecutive 5 action-
type trigger-only
# Define track entity #1; this object is used from applications: static route, vrrp, and so on
# The track object refers to the actual NQA test and the reaction which should be monitored.
track 1 nqa entry internetlink test-ping1 reaction 11
# Start the actual nqa processes:

nqa schedule internetlink test-ping1 start-time now lifetime forever
Figure 9-21: VRRP tracking remote IP on HP A-Series
To configure tracking with VRRP on HP A-Series devices, you must set up NQA tests
and a track to bind the test to the VRRP priority reduction function.
The specific commands are outlined in this figure and the one on the following page.
9 –32 Rev. 11.12

VRRP tracking remote IP on HP A-Series (cont.)

Associate VRRP and NQA-tracked entity VRRP router
# Configure vrrp as a test application

# define to track test-ping1 object,
# When remote host ping fails, the priority is reduced by 50 (from 140 to 90)
# the backup vrrp host can preempt this host and take control of the link
interface Vlan-interface201
ip address 172.21.1.2 255.255.255.0
vrrp vrid 1 priority 140
vrrp vrid 1 track 1 reduced 50
#
Figure 9-22: VRRP tracking remote IP on HP A-Series (cont.)
To finish the configuration, you specify the track in the VRRP configuration.
In another example, you can configure two IP addresses for the router to track. If the
router loses contact with one of the addresses, it decreases its priority by 30 to 110,
which is still higher than the backup. If the router loses contact with the other
address, it decreases its priority by 20—a different value from the first so that you
can look at the priority and instantly determine which IP addresses are accessible.
Only if the router loses contact with both addresses does the priority decrease
enough for the backup to become master. This setup helps to reduce the false
positives that can occur if you only ping one IP address.
Follow these steps to set up the two tracks:
1. First, define an NQA test. You need to specify the name of the administrative
user who creates the test and also assign the test a name.
[Switch] nqa entry admin pingtest1
2. Configure the test. In this example, the test sends echo requests to 10.1.1.1 every
200 ms, waiting for a 10 ms timeout. The test triggers a reaction when five
probes fail in a row.
[Switch-nqa-admin- pingtest1] type icmp-echo
[Switch-nqa-admin- pingtest1-icmp-echo] destination ip 1.1.1.1
[Switch-nqa-admin- pingtest1-icmp-echo] frequency 200
[Switch-nqa-admin- pingtest1-icmp-echo] probe timeout 10
[Switch-nqa-admin- pingtest1-icmp-echo] reaction 1 checked-
element probe-fail threshold-type consecutive 5 action-type
trigger-only
Rev. 11.12 9 –33

3. Define a second test. In this example, the second test sends echo requests to
10.2.2.2 every 200 ms, waiting for a 10 ms timeout and triggering reaction
when 5 probes failed
[Switch] nqa entry admin pingtest2
[Switch-nqa-admin- pingtest2] type icmp-echo
[Switch-nqa-admin- pingtest2-icmp-echo] destination ip 2.2.2.2
[Switch-nqa-admin- pingtest2-icmp-echo] frequency 200
[Switch-nqa-admin- pingtest2-icmp-echo] probe timeout 10
[Switch-nqa-admin- pingtest2-icmp-echo] reaction 1 checked-
element probe-fail threshold-type consecutive 5 action-type
trigger-only
4. Define tracks, which you use to link the NQA tests to applications such as static
routes or VRRP. The track specifies both the test and the reaction to monitor.
[Switch] track 1 nqa entry admin pingtest1 reaction 1
[Switch] track 2 nqa entry admin pingtest2 reaction 1
5. Start the actual NQA processes:

[Switch] nqa schedule admin pingtest1 start-time now lifetime
forever
[Switch] nqa schedule admin pingtest1 start-time now lifetime
forever
Note
If you want to stop a test, enter undo nqa schedule <admin-name> <test-name>.
For example, enter undo nqa schedule admin pingtest1.
6. Configure VRRP to base the priority on the track. In this example, the virtual IP is
172.21.1.10 and the priority is 140. As described earlier, you will configure a
slightly different reduction for the two tracks, and only the combined reductions
make the priority lower than the backup’s priority (90 compared to 100 on the
backup).
[Switch] interface Vlan-interface201
[Switch-Vlan-interface201] ip address 172.21.1.2 255.255.255.0
[Switch-Vlan-interface201] vrrp vrid 1 virtual-ip 172.21.1.10
[Switch-Vlan-interface201] vrrp vrid 1 priority 140
[Switch-Vlan-interface201] vrrp vrid 1 track 1 reduced 30
[Switch-Vlan-interface201] vrrp vrid 1 track 2 reduced 20
9 –34 Rev. 11.12

7. You can test the topology and configuration by activating debugging on the
switch.
<Switch> terminal debugging
<Switch> debugging nqa reaction
<Switch> debugging track
To deactivate debugging after the tests, enter these commands:

<Switch> undo debugging all
<Switch> undo terminal debugging
Example output for display and debugging commands

Below is the output when you view VRRP functionality when the router can contact
both remote IP addresses:
<Switch> display vrrp verbose
IPv4 Standby Information:
Run Method : VIRTUAL-MAC
Total number of virtual routers: 1
Interface : Vlan-interface201
VRID : 1 Adver. Timer : 1
Admin Status : UP State : Master
Config Pri : 140 Run Pri : 140
Preempt Mode : YES Delay Time : 0
Auth Type : NONE
Track Object : 1 Pri Reduced : 30
Virtual IP : 172.21.1.10
Virtual MAC : 0000-5e00-0101
Master IP : 172.21.1.2
The next example shows the debug output (debugging nqa reaction and debugging
track) when the router loses contact with one of the remote IP addresses.
<Switch1>
*May 2 21:37:19:385 2000 Switch1 TRACK/7/TRACK Debug: Receive the
notification that the status of NQA(admin-pingtest1) reaction(1)
has changed to 2.
*May 2 21:37:19:577 2000 Switch1 TRACK/7/TRACK Debug: Notify

application module(0x5230000) that the status of track entry 1 has
changed from 2 to 3.
*May 2 21:37:19:770 2000 Switch1 NQA/7/NQA_Reaction: Reaction:

Sending NQA reaction status change or stop schedule event to
module(0x5370000).
Rev. 11.12 9 –35
Owner: admin Tag: pingtest1

Reaction entry number: 1
Previous status: 3
Current status: 2
Below is the output for the display vrrp verbose command when the router has lost
contact with one of the remote IP addresses. As you see, the priority has been
reduced, but the router is still master.
Auth Type : NONE
Virtual IP : 172.21.1.10
Virtual MAC : 0000-5e00-0101
Master IP : 172.21.1.2
Here is the debugging output when the router’s link to the second tracked IP address
goes down:
*May 2 21:40:08:203 2000 Switch1 TRACK/7/TRACK Debug: Receive the
notification that the status of NQA(admin-pingtest2) reaction(1)
has changed to 2.
*May 2 21:40:08:395 2000 Switch1 TRACK/7/TRACK Debug: Notify
application module(0x5230000) that the status of track entry 2 has
changed from 2 to 3.
*May 2 21:40:08:588 2000 Switch1 NQA/7/NQA_Reaction: Reaction:

Sending NQA reaction status change or stop schedule event to
module(0x5370000).
Owner: admin Tag: linktest2
Reaction entry number: 1
Previous status: 3
Current status: 2
9 –36 Rev. 11.12

Here is the output for the display VRRP verbose command after the link to the second
remote IP address goes down. As you see, the priority has been further reduced, and
the former backup router (which must be configured separately) is now master.
Auth Type : NONE
Virtual IP : 172.21.1.10
Virtual MAC : 0000-5e00-0101
Master IP : 172.21.1.3
Rev. 11.12 9 –37

VRRP configuration example on HP E-Series

Virtual IP is not pingable when
router vrrp owned by backup in
router vrrp virtual-ip-ping compliance with RFC 3768
Master VRRP interface vlan1 Start with Release K.14.47
router ip address 10.1.1.2 255.255.255.0
vrrp vrid 1
backup
virtual-ip-address 10.1.1.1 255.255.255.0
priority 255
By default virtual IP is equal enable
to real IP of the master. exit
To set a virtual IP as a 3rd
exit
address, both sides are set
as backup.
router vrrp
router vrrp virtual-ip-ping
interface vlan1
ip address 10.1.1.3 255.255.255.0
vrrp vrid 1
Backup VRRP
backup
virtual-ip-address 10.1.1.1 255.255.255.0
router priority 100
enable
exit
exit
Figure 9-23: VRRP configuration example on HP E-Series
These are the commands for configuring VRRP and the VRRP options discussed
earlier on HP E-Series devices.
Note the virtual IP ping option.
When VRRP functions in compliance with RFC 3768, only the owner of the virtual IP
address replies to pings (ICMP echo requests) to the virtual IP address. When you
enable the virtual IP ping feature is enabled, a backup router operating as the master
can respond to ping requests made to the virtual IP address. This makes it possible to
test the availability of the default gateway with ping. A non-owner and non-master
member of the VRRP group still drops all packets to the VIP.
9 –38 Rev. 11.12

Lab 9.1: Configuring VRRP (Optional)

MSTP Region
Name: HP-Cisco
Revision: 1
Cisco-A Cisco-B
HSRP IP addressing:
P1 P1
10.POD.VLAN.X/24
X=1 on Cisco-A
P3 P4 P3 P4 X=2 on Cisco-B
Trunks X=3 on HP-C
VLANs1, 11,
X=4 on HP-D
12, 13
X=5 on HP-E
P1 P2 P1 P2 X=6 on HP-F
X=100 on Server_1
X=DHCP on Client_1
P3 HP-E P3 HP-F
Edge Edge
VLAN 1 VLAN 12
Server_1 Client_1
Figure 9-24: Lab 9.1: Configuring VRRP (Optional) Step 1
This lab is optional. Complete it if your facilitator tells you to do so.

In this lab you will replace a Cisco aggregation switch that is using HSRP, a
proprietary protocol, with an HP A-Series aggregation switch that is using VRRP, an
industry standard protocol.
Figure 9-24 shows the lab configuration before the migration begins.
As you begin to add the first HP switch, your network will resemble Figure 9-25.
MSTP Region
Name: HP-Cisco
Revision: 1
Cisco-A HP-C VRRP HP-D

P2 P1 XP1 XP1 IP addressing:
10.POD.VLAN.X/24
P2 P3 P2 P3 X=1 on Cisco-A
X=2 on Cisco-B
Trunks X=3 on HP-C
VLANs1, 11, 12, 13
X=4 on HP-D
P1 P2 P1 P2 X=5 on HP-E
X=6 on HP-F
HP-E HP-F X=100 on Server_1
P3 P3 X=DHCP on Client_1
Server_1 Client_1
Rev. 11.12 9 –39

Figure 9-26 shows your network as you add the second HP switch, finish
implementing VRRP, and migrate the access layer switches.
MSTP Region
Name: HP-Cisco
Revision: 1
Cisco-A Cisco-B HP-C HP-D

HSRP VRRP
P1 P1 XP1 XP1
P1
P4 P3 P4 P3 IP addressing:
P3 P2 P2 P3
P2 10.POD.VLAN.X/24
Trunks X=1 on Cisco-A
VLANs 1, 11, X=2 on Cisco-B
12, 13 P1 P2 X=3 on HP-C
P1 P2 P1 P2 P2 P1 X=4 on HP-D
X=5 on HP-E
HP-E P3 HP-E X=6 on HP-F
P3 P3 HP-F P3 HP-F
X=100 on Server_1
X=DHCP on Client_1
Server_1 Client_1 Server_1 Client_1
Finally, Figure 9-27 illustrates the topology after the migration is complete.
MSTP Region
Name: HP-Cisco
Revision: 1
Cisco-A Cisco-B HP-C HP-D

HSRP VRRP
P1 P1 XP1 XP1
P1
P3 P3 P4 P2 P3 P2 P3
IP addressing: Trunks
10.POD.VLAN.X/24 VLANs 1, 11, 12, 13
X=1 on Cisco-A P1 P2
X=2 on Cisco-B P2 P1
X=3 on HP-C HP-E HP-F
X=4 on HP-D
X=5 on HP-E P3 P3
X=6 on HP-F
X=100 on Server_1
X=DHCP on Client_1 Server_1 Client_1
Record your notes in the space provided below.

_________________________________________________________________________
_________________________________________________________________________
_________________________________________________________________________
_________________________________________________________________________
_________________________________________________________________________
9 –40 Rev. 11.12

Lab debrief
What were your key insights and discoveries about virtual IP protocols?
_________________________________________________________________________
d.
ite
ib
_________________________________________________________________________
oh
pr
_________________________________________________________________________
is
n
sio
_________________________________________________________________________
is
m
er
tp
_________________________________________________________________________
ou
ith
_________________________________________________________________________
w
rt
pa
Did you encounter any difficulties?
i n
_________________________________________________________________________
or
l e
ho
Did you encounter difficulties in configuring or verifying the configuration?

w
in
_________________________________________________________________________
n
c tio
_________________________________________________________________________
du
ro
ep
_________________________________________________________________________
.R
ly
on
_________________________________________________________________________
use
_________________________________________________________________________
er
ld
ho
_________________________________________________________________________
ake
St
_________________________________________________________________________
&L
C
P
_________________________________________________________________________
H
_________________________________________________________________________
Rev. 11.12 9 –41

How did you troubleshoot? Did you encounter difficulties troubleshooting?

_________________________________________________________________________
_________________________________________________________________________
d.
ite
ib
_________________________________________________________________________
oh
pr
is
_________________________________________________________________________
n
sio
is
_________________________________________________________________________
m
er
tp
_________________________________________________________________________
ou
ith
_________________________________________________________________________
w
rt
pa
_________________________________________________________________________
i n
or
e
_________________________________________________________________________
l
ho
w
Did any of your mistakes teach you something that you would like to you would like
in
n
to share?
c tio
_________________________________________________________________________
du
ro
ep
_________________________________________________________________________
.R
ly
_________________________________________________________________________
on
u se
_________________________________________________________________________
er
ld
ho
_________________________________________________________________________
ake
St
_________________________________________________________________________
&L
C
_________________________________________________________________________
P
H
9 –42 Rev. 11.12

Have you learned a practice that you will apply in the field?
_________________________________________________________________________
_________________________________________________________________________
d.
ite
ib
_________________________________________________________________________
oh
pr
is
_________________________________________________________________________
n
sio
is
_________________________________________________________________________
m
er
tp
_________________________________________________________________________
ou
ith
_________________________________________________________________________
w
rt
pa
_________________________________________________________________________
i n
or
e
_________________________________________________________________________
l
ho
w
Did you find any show or display commands particularly useful?

in
n
_________________________________________________________________________
ctio
du
ro
_________________________________________________________________________
ep
.R
_________________________________________________________________________
ly
on
se
_________________________________________________________________________
u
er
ld
_________________________________________________________________________
ho
ke
_________________________________________________________________________
a
St
&L
_________________________________________________________________________
C
P
H
_________________________________________________________________________
_________________________________________________________________________
Rev. 11.12 9 –43

Module 9 summary
In this module, you have learned:
 Differences between various virtual IP protocols and the options that they support
d.
ite
 How to implement virtual IP protocols to support several different redundancy
ib
situations, including a default gateway and a next hop in a static route
oh
How virtual IP protocols compare with IRF
pr

is
 How to configure virtual IP protocols
n
sio
is
m
er
tp
ou
ith
w
rt
pa
i n
or
l e
ho
w
in
n
c tio
du
ro
ep
.R
ly
on
u se
er
ld
ho
ake
St
&L
C
P
H
9 –44 Rev. 11.12

Learning check
As usual, the answers to these questions are given in the appendix. The answers to
the quiz that you took earlier are also included for your reference.
d.
Q1: How does an IP endpoint learn its default gateway’s virtual IP and virtual MAC
ite
addresses?
ib
oh
_________________________________________________________________________
pr
is
n
_________________________________________________________________________
sio
is
m
_________________________________________________________________________
er
tp
ou
_________________________________________________________________________
ith
w
_________________________________________________________________________
rt
pa
n
Q2: Can a HP Layer 3 switch back up a Cisco Layer 3 switch using HSRP?
i
or
_________________________________________________________________________
l e
ho
w
_________________________________________________________________________
in
n
tio
_________________________________________________________________________
c
du
ro
ep
_________________________________________________________________________
.R
ly
_________________________________________________________________________
on
use
Q3: Can you use VRRP and HSRP in the same LAN?
er
_________________________________________________________________________
ld
ho
ke
_________________________________________________________________________
a
St
&L
_________________________________________________________________________
C
P
H
_________________________________________________________________________
_________________________________________________________________________
Rev. 11.12 9 –45

Q4: What is the purpose of the preempt delay purpose? When would you set it?
_________________________________________________________________________
_________________________________________________________________________
d.
ite
ib
_________________________________________________________________________
oh
pr
is
_________________________________________________________________________
n
sio
is
_________________________________________________________________________
m
er
tp
Q5: In what situations is load balancing desirable?
ou
_________________________________________________________________________
ith
w
rt
_________________________________________________________________________
pa
i n
or
_________________________________________________________________________
l e
ho
_________________________________________________________________________
w
in
n
_________________________________________________________________________
c tio
du
ro
_________________________________________________________________________
ep
.R
Q6: When a pair of core routing switches connect to a WAN router, is VRRP
ly
tracking always required?

on
se
_________________________________________________________________________
u
er
ld
_________________________________________________________________________
ho
ke
_________________________________________________________________________
a
St
&L
_________________________________________________________________________
C
P
H
_________________________________________________________________________
_________________________________________________________________________
9 –46 Rev. 11.12

Routing Using OSPF

Module 10
d.
Module 10 objectives
ite
ib
oh
Because OSPF is an open standard, Cisco and HP devices running this protocol
pr
interoperate well. You simply need to know which version your devices run and
is
which versions support the features that you require. In particular, you should check
n
for the newer features such as BFD and graceful restart. Of course, you must also
sio
know the process for implementing OSPF on both types of devices. This module
is
m
teaches you about setting up the key features in an HP and Cisco environment.
er
tp
ou
 Set up HP and Cisco devices as OSPF neighbors
ith
 Configure OSPF’s BFD feature to support fast convergence and graceful restart
w
for non-stop forwarding
rt
pa
 Configure OSPF in a multi-area environment
i n
Design an OSPF topology that is appropriate to your environment
or

e
Configure OSPF redistribution between Cisco and HP devices

l

ho
w
in
n
ctio
du
ro
ep
.R
ly
on
use
er
ld
ho
ake
St
&L
C
P
H
Rev. 11.12 10 –1
Scenarios for configuring OSPF neighbors

The following scenarios review how to configure HP and Cisco devices as OSPF
neighboring. In specific, they cover these topics:
d.
Conditions for becoming OSPF neighbors
ite

ib
 Authentication
oh
BFD for fast convergence
pr

is
 Graceful restart for non-stop forwarding
n
sio
is
m
er
tp
ou
ith
w
rt
pa
i n
or
l e
ho
w
in
n
c tio
du
ro
ep
.R
ly
on
u se
er
ld
ho
ake
St
&L
C
P
H
10 –2 Rev. 11.12
Routing Using OSPF
OSPF neighboring—Scenario 1-1

Which routers will become OSPF neighbors? Why?
d.
ite
IP: 10.1.2.1/24 IP: 10.1.2.3/24
ib
OSPF Area 0 OSPF Area 1
Hello timer: 10 s
oh
Hello timer: 10 s R1 R4
Dead interval: 40 sec Dead interval: 40 sec
pr
Network Type=Broadcast Network Type=Broadcast
is
n
sio
is
m
IP: 10.1.2.2/30
er
IP: 10.1.2.4/24
OSPF Area 0
tp
OSPF Area 0
Hello timer: 10 s R2 R3 Hello timer: 10 s
ou
Dead interval: 40 sec
Dead interval: 30 sec
Network Type=P2P
ith
Network Type=Broadcast
w
Figure 10-1: OSPF Neighboring—Scenario 1-1
rt
pa
Examine the figure and then answer this question:
i n
or
What conditions must two routers meet to become OSPF neighbors? For each
e
condition that you list, check that setting on the routers in this example. Circle any
l
ho
incorrect settings and replace them with the correct setting.

w
in
________________________________________________________________________
n
c tio
________________________________________________________________________
du
ro
ep
________________________________________________________________________
.R
ly
on
________________________________________________________________________
use
________________________________________________________________________
er
ld
ho
________________________________________________________________________
ake
St
________________________________________________________________________
&L
C
________________________________________________________________________
P
H
________________________________________________________________________
Rev. 11.12 10 –3
________________________________________________________________________
________________________________________________________________________
d.
________________________________________________________________________
ite
ib
oh
________________________________________________________________________
pr
is
n
________________________________________________________________________
sio
is
m
________________________________________________________________________
er
tp
ou
________________________________________________________________________
ith
w
________________________________________________________________________
rt
pa
i n
________________________________________________________________________
or
l e
ho
________________________________________________________________________
w
in
n
________________________________________________________________________
c tio
du
Best practices
ro
ep
This scenario does not show the most highly recommended topology. It is
.R
recommended to connect routing switches directly when possible:

ly
on
 If possible, create a mesh topology in which every routing switch connects to

every other routing switch. The formula for determining the required number of
u se
connections is: (N x (N-1))/2.

er
For example, with four routers, the number of required connections is 4x3/2 =
ld
ho
12/2 = 6. With six routers, the number is 6x5/2 = 15 connections.

ke
Each link should support its own VLAN and subnet (one link = one VLAN = one
a

St
subnet).
&L
If the routing switches do not have enough Ethernet interfaces, on the other hand,
C
you might have to connect them through a common Layer 2 switch—or preferably,
P
H
two Layer 2 switches for redundancy. In this case, you can implement BFD for faster
convergence.
10 –4 Rev. 11.12
Routing Using OSPF
OSPF DR election—Scenario 1-2

What router becomes DR? BDR?
d.
ite
ib
oh
IP: 10.1.2.1/24 R1 R4 IP: 10.1.2.3/24
pr
Priority 0 Priority 1
is
n
s io
is
m
er
IP: 10.1.2.2/24 IP: 10.1.2.4/24
tp
Priority 255 R2 R3
ou
Priority 4
ith
Figure 10-2: OSPF DR election—Scenario 1-2
w
rt
Examine the figure and then answer these questions:
pa
n
Q1: How do devices in a multi-access (such as Broadcast) network determine which
i
or
devices become DR and Backup DR (BDR)? What role does priority 0 play in this
e
process? What role do other priorities play?

l
ho
________________________________________________________________________
w
in
n
tio
________________________________________________________________________
c
du
ro
________________________________________________________________________
ep
.R
________________________________________________________________________
ly
on
se
________________________________________________________________________
u
er
ld
________________________________________________________________________
ho
ke
________________________________________________________________________
a
St
&L
________________________________________________________________________
C
P
H
________________________________________________________________________
Rev. 11.12 10 –5
Q2: Can you determine which routers in this figure become DR and BDR?
________________________________________________________________________
________________________________________________________________________
d.
ite
ib
________________________________________________________________________
oh
pr
is
________________________________________________________________________
n
sio
is
________________________________________________________________________
m
er
tp
Q3: How can you force two routers to become DR and BDR?
ou
________________________________________________________________________
ith
w
rt
________________________________________________________________________
pa
i n
or
________________________________________________________________________
l e
ho
________________________________________________________________________
w
in
n
________________________________________________________________________
c tio
du
ro
________________________________________________________________________
ep
.R
________________________________________________________________________
ly
on
se
________________________________________________________________________
u
er
ld
Other best practices

ho
ke
Multi-access network type interfaces always select a DR and BDR—even if you have
a
designed the topology as discussed on the previous slide (each routing switch
St
connects directly to each other routing switch on a VLAN and subnet that is unique to
&L
the point-to-point connection).In this case, one side becomes DR and the other BDR.
C
P
To prevent the election and speed convergence, you must manually set the interfaces’
H
network type to P2P. However, make sure that all network administrators understand
this practice; otherwise, the type might not match on both switches, so they will not
become neighbors.
10 –6 Rev. 11.12
Routing Using OSPF
OSPF authentication
Will the two OSPF adjacencies work?
HP1 gi1/0/2 HP3
d.
gi1/0/1
ite
Vlan 20
Vlan 10 port gigabit 1/0/2
ib
port gigabit 1/0/1 ospf 22
oh
ospf 11 Area 10
pr
Area 0 authentication-mode md5
authentication-mode simple network 10.6.0.2 0.0.0.0
is
network 192.168.1.1 0.0.0.0 interface vlan 20
interface vlan 10 ip address 10.6.0.2 24
n
ip address 192.168.1.1 24 ospf authentication-mode md5 1…
io
ospf authentication-mode simple… cipher cant_find
s
cipher very-secret
is
m
Cisco2 gi0/1 gi0/2
er
interface gigabitethernet 0/1
tp
router ospf 2
ip address 192.168.1.2 255.255.255.0 network 10.6.0.2 0.0.0.0 area 10
ou
ip ospf authentication-key very-secret network 192.168.0.0 0.0.255.255 area 0
interface gigabitethernet 0/2 area 10 authentication message-digest
ith
ip address 10.6.0.1 255.255.255.0 area 0 authentication
w
ip ospf message-digest-key 1 md5 cant_find
rt
Figure 10-3: OSPF authentication
pa
n
Examine the figure and then answer these questions (note that there is a fifth question
i
or
on the next page):
l e
ho
Q1: If you ignore the authentication settings, which routers become OSPF neighbors
w
and on which subnets and areas?

in
________________________________________________________________________
n
c tio
du
________________________________________________________________________
ro
ep
________________________________________________________________________
.R
ly
on
________________________________________________________________________
use
er
________________________________________________________________________
ld
ho
ke
Now examine the authentication settings.

a
St
Q2: Do the authentication settings match between HP 1 and Cisco 2?

&L
________________________________________________________________________
C
P
H
________________________________________________________________________
________________________________________________________________________
Rev. 11.12 10 –7
Q3: On HP 1, the password is specified with the cipher keyword. What purpose
does this keyword serve?
________________________________________________________________________
d.
________________________________________________________________________
ite
ib
oh
________________________________________________________________________
pr
is
n
________________________________________________________________________
sio
is
m
________________________________________________________________________
er
tp
ou
ith
________________________________________________________________________
w
rt
pa
________________________________________________________________________
i n
or
e
________________________________________________________________________
l
ho
w
________________________________________________________________________
in
n
c tio
________________________________________________________________________
du
ro
ep
Q5: What role does the key ID play (beyond being another matching setting)?
.R
________________________________________________________________________
ly
on
se
________________________________________________________________________
u
er
ld
________________________________________________________________________
ho
ke
________________________________________________________________________
a
St
&L
________________________________________________________________________
C
P
H
________________________________________________________________________
________________________________________________________________________
10 –8 Rev. 11.12
Routing Using OSPF
OSPF neighbors—Scenario 1-4

What happen on the different routers when
“reset ospf 1 process graceful-restart” is entered on HP1?
d.
ite
ospf 1
ib
opaque-capability enable router ospf 1
oh
graceful-restart ietf nsf ietf restart-interval 200
graceful-restart interval 120
pr
is
HP 1 Cisco 2
n
sio
is
m
er
Cisco 3 HP 4
tp
ou
router ospf 1 ospf 1
opaque-capability enable
ith
nsf ietf restart-interval 200
graceful-restart ietf
w
Figure 10-4: OSPF neighbors—Scenario 1-4
rt
pa
What is the purpose of the configurations displayed in this slide?
i n
or
These routers are implementing OSPF graceful restart, which is defined in RFC 3623.
l e
This feature allows you to restart OSPF processes without disturbing the OSPF
ho
neighboring status nor the forwarding of IP traffic.

w
in
When would you need to initiate a graceful restart?

n
tio
You would initiate a graceful restart whenever you need to restart an OSPF process
c
du
to clean out or update information. You will find this feature particularly useful when
ro
a component fails (for example, a Route Processor [RP] has crashed and a backup RP
ep
has taken over) or when you are performing a scheduled hitless software upgrade.
.R
What are requirements for implementing graceful restart?

ly
on
Your routers or routing switches must meet these requirements:

use
 They have independent control planes and forwarding planes. Cisco devices
er
require Cisco Express Forwarding (CEF). HP A-Series devices also meet the
ld
ho
requirement. While OSP processes restart on the control plane, the FIBs that
ke
reside on line cards continue to forward IP packets.

a
St
 In addition to supporting graceful restart themselves, their OSPF neighbors must

also support the feature. While one device reboots, its neighbors maintain their
&L
neighbor relationship with it during a grace period (the restart interval).

C
P
The slide shows the commands for configuring the graceful restart interval on
H
Cisco and HP devices.
Rev. 11.12 10 –9
What happens on each router when you initiate a graceful restart on

HP 1?
You initiate the graceful restart by entering reset ospf <process ID> process
graceful-restart. (On a Cisco device, you initiate the graceful restart by entering
d.
ite
clear ip ospf <process ID>.)
ib
After you enter the command, HP1 announces to all neighbors that it is going to
oh
reload its OSPF processes. While it restarts, HP1 continues to forward packets based
pr
on information in its routing table at the time that the restart initiated.
is
n
The other routers start their graceful restart timer. The default interval is 120 seconds,
sio
but the routers in this example have a 200 second interval. These routers freeze their
is
m
Link State (LS) database and routing table during this interval.
er
tp
After the interval expires (at which time HP 1 should have finished reloading its
ou
processes), all routers synchronize their databases.
ith
Commands for enabling OSPF graceful restart
w
rt
You must enter these commands on HP A-Series devices to enable graceful restart:
pa
n
ospf 1
i
or
opaque-capability enable
l e
graceful-restart ietf
ho
w
You must enter these commands on Cisco devices:

in
router ospf 1
n
tio
nsf ietf restart-interval 200

c
du
For more details on command syntax, refer to the configuration manual for your
ro
device.
ep
.R
ly
on
u se
er
ld
ho
ake
St
&L
C
P
H
10 –10 Rev. 11.12

Routing Using OSPF
OSPF neighbors—Scenario 1-5

•Why is it relevant to use BFD between the 3 routers?
•What BFD transmit timers will be negotiated between HP1 and Cisco3?
d.
•What values would you recommend for the timers?
ite
•What will happen if INT VLAN10 fails on HP1?
ib
oh
bfd session init-mode active
interface vlan-interface 10
pr
ip address 10.1.1.1 24 interface GigabitEthernet2/1
ospf bfd enable ip address 10.1.1.2 255.255.255.0
is
bfd min-transmit-interval 25 ip ospf bfd
n
bfd min-receive-interval 150 bfd interval 50 min_rx 50 multiplier 3
io
bfd detect-multiplier 3
s
router ospf 1
is
ospf 1 bfd all-interfaces
m
area 0 network 10.1.1.2 0.0.0.0 area 0
network 10.1.1.0 0.0.0.255
er
Cisco 3
tp
HP 1
ou
ith
w
HP 2
rt
Figure 10-5: OSPF neighbors—Scenario 1-5
pa
n
Examine the figure and consider the questions and answers below.
i
or
e
Note
l
ho
For this scenario, assume that HP2, which provides an alternate path to the same
w
remote networks as HP1, has a similar BFD and OSPF configuration to HP1’s.
in
n
Why is it relevant to use BFD between the three routers?

c tio
du
In this configuration, the three routers do not connect directly but instead through a
ro
Layer 2 switch. When a router or an interface fails, the routers cannot immediately
ep
detect the failure using the traditional OSPF hello and dead timers. BDF is another
.R
interval that helps the routers detect the failure more quickly.
ly
on
What BFD transmit timers will be negotiated between HP1 and Cisco3?
se
This scenario illustrates what can happen when two routers propose radically
u
different timers for BFD. Examine what happens step by step:

er
ld
1. HP1 sends its request for the timers.

ho
ke
2. Cisco3 receives the packet and compares the requested RX interval of 150ms to
a
its own TX interval of 50ms. The requested RX interval is larger, so Cisco3

St
throttles back its own transmit frequency and sends BFD control packets at
&L
150ms intervals.
C
P
3. Similarly, HP1 compares the Cisco’s requested RX interval of 50ms to its own
H
desired TX interval of 25ms. The requested RX interval is larger, so HP1 sends at

50ms intervals.
Rev. 11.12 10 –11

Routing Using OSPF
OSFP area scenarios

The following scenarios review OSPF area configuration, focusing in particular on the
role of the Area Border Router (ABR).
d.
It is important that you understand how to divide your system into areas to make the
ite
routing protocol operate more efficiently. Within an area all routers must synchronize
ib
oh
their link state databases, but areas allow you to filter routes at the ABR. (It is
pr
possible to configure individual routers to prevent the advertisement of certain LSAs;
is
however, this type of filtering is not what is typically meant by filtering routes.)
n
sio
is
m
er
tp
ou
ith
w
rt
pa
i n
or
l e
ho
w
in
n
ctio
du
ro
ep
.R
ly
on
use
er
ld
ho
ake
St
&L
C
P
H
Rev. 11.12 10 –13

OSPF area summarization—Scenario 2-1

Summarization
Inter-Area 10.1.0.0/16
d.
ite
R1 R4
ib
10.0.0.0/16 Area 0
oh
.4
.1
pr
10.0.10.0/24
is
10.1.1.0/24
n
10.1.3.0/24
io
.2
s
R2 .3
is
R3
m
Area 1 What is R1 configuration when R1 is:
er
10.1.2.0/24 •Cisco
tp
10.1.4.0/24 •HP A-Series
ou
•HP E-Series
ith
w
Figure 10-6: OSPF area summarization—Scenario 2-1
rt
pa
i n
or
Q1: What kind of OSPF router is R1?
l e
_______________________________________________________________________
ho
w
in
_______________________________________________________________________
n
c tio
du
_______________________________________________________________________
ro
ep
_______________________________________________________________________
.R
ly
on
Q2: What kind of LSAs are generated by R1?

se
_______________________________________________________________________
u
er
ld
_______________________________________________________________________
ho
ake
_______________________________________________________________________
St
&L
C
_______________________________________________________________________
P
H
_______________________________________________________________________
10 –14 Rev. 11.12

Routing Using OSPF
Q3: What function does configuring an area range serve?

_______________________________________________________________________
_______________________________________________________________________
d.
ite
ib
_______________________________________________________________________
oh
pr
is
Q4: Why would you configure an area range?
n
io
_______________________________________________________________________
s
is
m
er
_______________________________________________________________________
tp
ou
_______________________________________________________________________
ith
w
rt
_______________________________________________________________________
pa
i n
or
Q5: What are the key advantages of summarization?
l e
_______________________________________________________________________
ho
w
in
_______________________________________________________________________
n
ctio
du
_______________________________________________________________________
ro
ep
_______________________________________________________________________
.R
ly
on
_______________________________________________________________________
use
Q6: Does summarization have some disadvantages?

er
ld
_______________________________________________________________________
ho
ake
_______________________________________________________________________
St
&L
C
_______________________________________________________________________
P
H
_______________________________________________________________________
Rev. 11.12 10 –15

Q7: Why can you enable summarization on R1 and not on R2, R3, and R4?
_______________________________________________________________________
_______________________________________________________________________
d.
ite
ib
_______________________________________________________________________
oh
pr
is
_______________________________________________________________________
n
sio
is
Q8: What other tasks can you perform on an ABR related to area summarization?
m
er
_______________________________________________________________________
tp
ou
_______________________________________________________________________
ith
w
rt
_______________________________________________________________________
pa
i n
or
_______________________________________________________________________
l e
ho
Q9: Where can you see the results of the area summarization?
w
in
_______________________________________________________________________
n
c tio
du
_______________________________________________________________________
ro
ep
_______________________________________________________________________
.R
ly
on
_______________________________________________________________________
u se
er
ld
ho
ake
St
&L
C
P
H
10 –16 Rev. 11.12

Routing Using OSPF
OSPF area summarization—Scenario 2-1-a

Summarization
d.
ite
R1 Area 0 R4
10.0.0.0/16
ib
.4
.1
oh
10.0.10.0/24
pr
10.1.1.0/24 R1= Cisco
is
10.1.3.0/24 interface gigabitethernet 0/1
n
ip address 10.0.10.1 255.255.255.0
.2
io
R2 .3 interface gigabitethernet 0/2
R3
s
ip address 10.1.1.1 255.255.255.0
is
Area 1 interface gigabitethernet 0/3
m
ip address 10.1.3.1 255.255.255.0
10.1.2.0/24
er
10.1.4.0/24 router ospf 1
tp
router-id 1.1.1.1
? 0
ou
network 10.0.0.0 0.0.255.255 area
network 10.1.0.0 0.0.255.255 area? 1
ith
area 0? range 10.0.0.0 255.255.0.0
area 1? range 10.1.0.0 255.255.0.0
w
rt
Figure 10-7: OSPF area summarization—Scenario 2-1-a
pa
n
The figure above displays the network commands for enabling OSPF on interfaces
i
or
on Router 1, a Cisco router acting as ABR, and placing those interfaces in an area.
e
The last two commands configure area summaries (or aggregated routes) that the
l
ho
ABR advertises to routers in other areas.

w
in
The commands are missing some keywords. Fill in the commands, using the figure for
n
information:
c tio
network 10.0.0.0 0.0.255.255 __________________

du
ro
network 10.1.0.0 0.0.255.255 _________________

ep
______________ 10.0.0.0 255.255.0.0

.R
_____________ 10.1.0.0 255.255.0.0

ly
If you do not know the exact syntax, do not worry. You will learn it in a moment.
on
se
Also fill in the blanks to indicate how the ABR (R1) will summarize the routes.
u
R1 aggregates the routes in area 0 into a single route to ________________ and

er
ld
advertises this route to routers in ____________.

ho
R1 aggregates the routes in area 1 into a single route to ________________ and

ke
advertises this route to routers in ____________.

a
St
How can the ABR filter networks?

&L
C
You can configure a non-advertised route summarization. An example on the Cisco

P
ABR (R1) would be:

H
area-range 10.0.2.0 0.0.0.255 not-advertise
This command would prevent the ABR from advertising networks within the
10.0.2.0/24 space.
Rev. 11.12 10 –17

What is the default value for router ID?

In the Cisco IOS, if you do not explicitly set the OSPF router ID, the router uses the
value of the highest IP address on a loopback interface. If the router does not have a
loopback interface, its ID becomes the value of the highest IP address on an interface
d.
that is up.
ite
ib
How and why would you configure the ABR to send a default route to
oh
routers in an area?
pr
is
You must configure the area as a totally stubby area. In the Cisco IOS, the command
n
io
is:
s
is
area <ID> stub no-summary
m
er
Often an area at a branch office or other remote site connects only to an ABR in
tp
area 0. The routers at the branch office do not require a detailed view of the
ou
networks at the main office. A default route is enough.
ith
w
rt
pa
i n
or
l e
ho
w
in
n
c tio
du
ro
ep
.R
ly
on
u se
er
ld
ho
ake
St
&L
C
P
H
10 –18 Rev. 11.12

Routing Using OSPF
OSPF area summarization—Scenario 2-1-b

Summarization
10.1.0.0/16
Inter-Area
d.
R1 Area 0 R4
ite
10.0.0.0/16
ib
.4
.1
oh
10.0.10.0/24
R1= HP A-Series
pr
10.1.1.0/24 interface vlan 10
ip address 10.0.10.1 24
10.1.3.0/24
is
interface vlan 11
n
R2 .2 ip address 10.1.1.1 24
.3
io
R3 interface vlan 12
s
ip address 10.1.3.1 24
Area 1
is
m
10.1.2.0/24 ospf 1 router-id 1.1.1.1
er
10.1.4.0/24 area? 0
description backbone area
tp
network 10.0.0.0 16
ou
abr-summary 10.0.0.0 16 ?
? 1
area
ith
description asian area
network 10.1.0.0 16
w
abr-summary 10.1.0.0 16 ?
rt
pa
Figure 10-8: OSPF area summarization—Scenario 2-1-b
i n
This scenario presents a similar situation to the previous one. However, the ABR is an
or
HP A-Series switch. You configure this switch in a very similar manner to the Cisco
le
switches.
ho
w
in
information:
n
tio
ospf 1 router-id 1.1.1.1

c
du
_______________
ro

ep
.R
network 10.0.0.0 0.0.255.255

ly
abr-summary 10.0.0.0 _________________

on
______________
se

u
er
network 10.1.0.0 0.0.255.255

ld
ho
abr-summary 10.1.0.0 _________________

ake
St
&L
C
P
H
Rev. 11.12 10 –19

Summarization
R1 Area 0 R4
10.0.0.0/16
d.
.4
.1
ite
10.0.10.0/24
R1= HP A-Series
ib
oh
ip address 10.0.10.1 24
pr
R2 .2 ip address 10.1.1.1 24
.3 R3
is
interface vlan 12
Area 1
n
io
10.1.2.0/24 ospf 1 router-id 1.1.1.1
s
10.1.4.0/24 area 0
is
m
network 10.0.0.0 0.0.255.255
er
abr-summary 10.0.0.0 16
tp
area 1
ou
network 10.1.0.0 0.0.255.255
14 Rev. 10.41 abr-summary 10.1.0.0 16
ith
w
Figure 10-9: OSPF area summarization—Scenario 2-1-b
rt
pa
Figure 10-9 shows the commands in full.
in
Pretend that you have established this configuration on R1. On which routers could
or
you best verify the route summarization?
el
ho
You would verify it on routers in a different area from the summarized route. That is,
w
routers within area 1 receive the advertised summaries for area 0 and vice versa.
in
You should view the routing table on these routers to verify that they have received
n
tio
the summarized (aggregated) routes.

c
du
You can also verify the summarization on the ABR itself.

ro
The tables indicate the correct syntax on Cisco, HP A-Series, and HP E-Series
ep
commands that you could use to verify summarization. Because the aggregation
.R
creates a new Type 3 LSA, you can view the LSA database and look for the new LSA.
ly
on
Cisco switches also create a route to null0 for the summarized network, so you can
look for that route in the routing table.
u se
Commands for verifying summarization

er
ld
Description Cisco command HP A-Series command HP E-Series command

ho
View the routing table. show ip route display ip routing-table show ip route
ke
display ospf routing

a
St
View Type 3 LSAs in the show ip ospf database display ospf lsdb show ip ospf link-state
LSA database. summary summary summary
&L
display ospf lsdb brief

C
P
H
10 –20 Rev. 11.12

Routing Using OSPF
OSPF area summarization—Scenario 2-1-c

Summarization
d.
ite
R1 Area 0 R4
10.0.0.0/16
ib
.4
oh
.1
10.0.10.0/24 R1= HP E-Series
pr
vlan 10
10.1.1.0/24 ip address 10.0.10.1/24
is
10.1.3.0/24 ip ospf area 0?
n
vlan 11
io
R2 .2 ip address 10.1.1.1/24
.3 R3
s
ip ospf area 1?
is
Area 1 vlan 12
m
ip address 10.1.3.1/24
10.1.2.0/24 ip ospf area 1?
er
10.1.4.0/24 ip routing
tp
ip router-id 1.1.1.1
ou
router ospf
area 0
ith
?
area 0 range 10.0.0.0/16
area 1
w
?
area 1 range 10.1.0.0/16
rt
pa
Figure 10-10: OSPF area summarization—Scenario 2-1-c
i n
This scenario presents the same topology as the previous two, but an HP E-Series
or
switch is the ABR. Try to fill in the blanks in the configuration:
e l
ho
vlan 10
w
ip address 10.0.10.1/24
in
n
ip ospf area _____

tio
vlan 11
c
du
ro
ep
ip ospf area ____

.R
vlan 12
ly
on
ip ospf area 1
use
ip routing
er
ip router-id 1.1.1.1
ld
ho
router ospf
ke
area 0
a
St
area 0 range 10.0.0.0/16

&L
area 1
C
area 1 range 10.1.0.0/16

P
H
Rev. 11.12 10 –21

Routing Using OSPF

Summarization
d.
ite
R1 Area 0 R4
10.0.0.0/16
ib
oh
.4
.1
10.0.10.0/24
pr
10.1.1.0/24
is
10.1.3.0/24
n
io
R2 .2
.3
s
R3
is
Area 1 What are the IP subnets in the routing
m
tables of R1, R4, R2 and R3?
er
10.1.2.0/24
10.1.4.0/24 What is the type for each route?
tp
ou
ith
Figure 10-12: OSPF area summarization—Scenario 2-2
w
rt
pa
The figure displays an OSPF topology in which R1 is an ABR that advertises route
summaries 10.0.0.0/16 and 10.1.0.0/16 for areas 0 and 1.
in
or
You should now be able to predict the result of this configuration. For each router, fill
e
in the routing table:

l
ho
w
 Routes to directly connected networks

in
Routes discovered through OSPF, remembering to consider the summaries

n

tio
For Type, indicate the type of route using the Cisco abbreviations:
c
du
C = Connected networks
ro

ep
 O = OSPF networks internal to the area (Type 1and Type 2 LSAs)

.R
 O IA = Inter-area OSPF networks (Type 3 LSA)

ly
on
 O E1 or O E2: External (redistributed) OSPF networks

se
 O n1 or O N2: External (redistributed) OSPF networks in an NSSA

u
er
You do not necessarily have to fill in every row in every table.

ld
ho
Note
ke
All OSPF networks except external ones are indicated by: 0_ASE.
a
St
To see the type on HP A-series routers, you must enter display ospf routing-table.
&L
C
P
H
Rev. 11.12 10 –23

R2 Routing Table
IP network Next hop Type
d.
ite
ib
oh
pr
is
n
sio
is
m
er
tp
ou
ith
R3 Routing Table
w
rt
pa
i n
or
l e
ho
w
in
n
c tio
du
ro
ep
.R
ly
on
u se
er
ld
ho
ake
St
&L
C
P
H
10 –24 Rev. 11.12

Routing Using OSPF
R4 Routing Table
d.
ite
ib
oh
pr
is
n
sio
is
m
er
tp
ou
ith
Assume that R1 is a Cisco router.
w
rt
R1 Routing Table
pa
n
i
or
l e
ho
w
in
n
c tio
du
ro
ep
.R
ly
on
use
er
ld
ho
ake
St
&L
C
P
H
Rev. 11.12 10 –25

OSPF passive interface—Scenario 2-3

Summarization
d.
ite
R1 Area 0 R4
10.0.0.0/16
ib
.4
oh
.1
10.0.10.0/24
pr
10.1.1.0/24
is
10.1.3.0/24
n
io
R2 .2
.3
s
R3
is
Area 1 What command can you use on R2 and R3
m
to avoid an OSPF neighboring on LANs
er
10.1.2.0/24
10.1.4.0/24 10.1.2.0/24 and 10.1.4.0/24?
tp
ou
ith
Figure 10-13: OSPF passive interface—Scenario 2-3
w
rt
pa
Examine the topology displayed in the figure. Assume that you want to prevent R2
and R3 from becoming OSPF neighbors with any routers in their locally connected
networks, 10.1.2.0/24 and 10.1.4.0/24. How could you do so? i n
or
e
You can simply prevent the routers from sending OSPF packets on these interfaces by
l
ho
configuring these interfaces as passive interfaces.

w
in
Note
n
tio
You can alternatively configure OSPF authentication to prevent undesired

c
neighboring. However, in stub networks such as the ones in this example, it is

du
best to configure passive interfaces.

ro
ep
Use cases
.R
ly
You can implement the passive interface feature on any LAN in which your router
on
should not have any OSPF neighbors. A typical use case is a network with two
se
routing switches connected to the same VLANs. Instead of making the routers OSPF
u
neighbors on all IP interfaces (VLANs), you can simply make them neighbors on two
er
or three IP interfaces. Then you configure OSPF on all other interfaces (so these
ld
ho
networks are advertises) but configure them as passive interfaces.

ke
Can you think of other use cases?

a
St
_______________________________________________________________________
&L
C
P
_______________________________________________________________________
H
_______________________________________________________________________
10 –26 Rev. 11.12

Routing Using OSPF
OSPF passive interface—Scenario 2-3-a

Summarization
d.
ite
R1 Area 0 R4
10.0.0.0/16
ib
.4
.1
oh
R3= Cisco
10.0.10.0/24
pr
interface gigabit 0/1
10.1.1.0/24 ip address 10.1.4.3 255.255.255.0
is
10.1.3.0/24 router ospf 1
passive-interface gigabitethernet 0/1
n
.2
io
R2 .3 R3 R3= HP A-series
s
is
Area 1 interface vlan-interface 14
m
10.1.2.0/24
er
10.1.4.0/24 ospf 1
tp
silent-interface vlan-interface 14
R3= HP A-series
ou
vlan 14
ith
w
ip ospf area 1
21 Rev. 10.41 ip ospf passive
rt
pa
Figure 10-14: OSPF passive interface—Scenario 2-3-a
i n
or
The figure displays the commands for configuring OSPF passive interfaces.
e
To verify which interfaces are passive, enter this command on Cisco and HP E-Series
l
ho
devices:
w
in
show ip ospf interface

n
tio
Enter this command on HP A-Series devices:

c
du
display ip ospf interfaces

ro
On Cisco and HP A-Series devices, you can alternatively enable the passive interface
ep
feature globally (all OSPF interfaces are passive). Then you can enable individual
.R
interfaces as active OSPF interfaces. This configuration option for the example in the
ly
figure would be as follows on Cisco devices:

on
se
router ospf 1
u
passive-interface all
er
ld
no passive-interface gigabit 0/2

ho
On HP A-Series devices, this configuration option for the example in the figure would
ke
be as follows:
a
St
ospf1
&L
silent-interface all
C
P
undo silent-interface Vlan-interface1

H
Rev. 11.12 10 –27

OSPF area and redistribution scenarios

In the next section, you will practice designing OSPF for various environments with
multiple areas and the need for route redistribution.
d.
ite
ib
oh
pr
is
n
sio
is
m
er
tp
ou
ith
w
rt
pa
i n
or
l e
ho
w
in
n
c tio
du
ro
ep
.R
ly
on
u se
er
ld
ho
ake
St
&L
C
P
H
10 –28 Rev. 11.12

Routing Using OSPF
OSPF redistribution—Scenario 3-1

R1 Area 0 R4
d.
.4
.1
ite
10.0.10.0/24
10.1.1.0/24 Area 2
ib
10.2.1.0/24
oh
Area 1
pr
R2 .2 .5 R5
is
n
io
.3 R3
10.1.2.0/24
s
is
What is R2 configuration
m
when R2 is:
er
10.1.3.0/24
•Cisco
tp
• Redistribute (import) static and direct •HP A-Series
ou
routes •HP E-Series
ith
• Summarize the redistributed routes
w
• Make the cost increment as advertised
23 Rev. 10.41
rt
pa
Figure 10-15: OSPF redistribution—Scenario 3-1
i n
Examine the figure above. R2, which is part of the OSPF system, is connected to R3,
or
which is not. In a moment, you will discuss how to advertise the 10.1.10.0/24 and
e l
10.1.3.0/24 in OSPF using redistribution:

ho
w
 Redistribute the static and connected routes

in
Summarize the redistributed routes

n

tio
Configure the cost for the redistributed routes to increment as they are advertised
c

du
First, however, discuss why you would implement route redistribution.

ro
ep
Q1: Why would you redistribute routes to directly connected networks instead of
.R
configuring those networks as passive interface OSPF networks?

ly
on
_______________________________________________________________________
use
_______________________________________________________________________
er
ld
ho
_______________________________________________________________________
ake
St
_______________________________________________________________________
&L
C
P
_______________________________________________________________________
H
_______________________________________________________________________
Rev. 11.12 10 –29

Q2: What conditions must be met on a router for it to redistribute routes?

_______________________________________________________________________
_______________________________________________________________________
d.
ite
ib
_______________________________________________________________________
oh
pr
is
_______________________________________________________________________
n
sio
is
_______________________________________________________________________
m
er
tp
_______________________________________________________________________
ou
ith
Q3: Which type of OSPF LSA is created for the redistributed route?
w
rt
_______________________________________________________________________
pa
i n
or
_______________________________________________________________________
l e
ho
_______________________________________________________________________
w
in
n
_______________________________________________________________________
c tio
du
ro
_______________________________________________________________________
ep
.R
_______________________________________________________________________
ly
on
se
Q4: What are some reasons for not redistributing routes?

u
_______________________________________________________________________
er
ld
ho
_______________________________________________________________________
ake
St
_______________________________________________________________________
&L
C
P
_______________________________________________________________________
H
_______________________________________________________________________
10 –30 Rev. 11.12

Routing Using OSPF
OSPF redistribution—Scenario 3-1-a
R1 Area 0 R4
.4
d.
.1
10.0.10.0/24
ite
10.1.1.0/24 Area 2
ib
10.2.1.0/24
Area 1
oh
pr
R2 .2 .5 R5
is
n
.3 R3
io
10.1.2.0/24
s
is
m
10.1.3.0/24
er
R2= Cisco
tp
ip route 10.1.3.0 255.255.255.0 10.1.10.3
router ospf 1
ou
network 10.1.1.0 0.0.0.255 area 1
? ?
ith
redistribute static metric 10 metric-type 1 subnets
?
redistribute ?
connected metric 10 metric-type 1 subnets
w
?
summary-address 10.1.2.0 255.255.254.0
rt
Figure 10-16: OSPF redistribution—Scenario 3-1-a
pa
Examine the figure and answer these questions. i n
or
e
Note
l
ho
You will discuss the answers as a class, and the correct answers are also listed at
w
the end of this module in your guide.

in
n
tio
Q1: Fill in the blanks to show the proper configuration for R2 when it is a Cisco
c
router. R2 must:
du
ro
 Redistribute static and connected routes

ep

.R

ly
 Configure the cost for the redistributed routes to increment as they are advertised
on
ip route 10.1.3.0 255.255.255.0 10.1.10.3

u se
router ospf 1
er
network 10.1.1.0 0.0.0.255 area 1

ld
ho
___________ static metric 10 metric-type 1 __________

ke
___________ connected metric 10 metric-type 1 __________

a
St
___________ 10.1.2.0 255.255.254.0

&L
Q2: What command can you enter to verify that the Cisco R2 has properly
C
redistributed (or imported) the routes?

P
H
_______________________________________________________________________
Rev. 11.12 10 –31

Routing Using OSPF
OSPF redistribution—Scenario 3-1-b
R1 Area 0 R4
.4
d.
.1
10.0.10.0/24
ite
10.1.1.0/24 Area 2
ib
10.2.1.0/24
Area 1
oh
pr
R2 .2 .5 R5
is
n
.3 R3
io
10.1.2.0/24
s
R2= HP A-Series
is
m
ip route-static 10.1.3.0 24 10.1.10.3
10.1.3.0/24 ospf 1
er
area 1
tp
network 10.1.1.0 0.0.0.255
?
import-route static cost 10 type 1
ou
import-route direct cost 10 type 1
?
ith
asbr-summary 10.1.2.0 23
w
Figure 10-17: OSPF redistribution—Scenario 3-1-b
rt
pa
Examine the figure and answer these questions.
i n
or
Note
e
l
ho
the end of this scenario.

w
in
Q1: Fill in the blanks to show the proper configuration for R2 when it is an HP A-
n
tio
Series device. R2 must:

c
du
 Redistribute static and connected routes

ro

ep

.R
ly
ip route-static 10.1.3.0 24 10.1.10.3

on
ospf 1
u se
area 1
er
network 10.1.1.0 0.0.255.255

ld
ho
___________ static cost 10 type 1

ke
___________ direct cost 10 type 1

a
St
asbr-summary 10.1.2.0 ______

&L
C
P
H
Rev. 11.12 10 –33

Q2: This configuration sets metric type 1 for the redistributed routes. What purpose
does this configuration serve? Why might you select type 1 rather than type 2?
_______________________________________________________________________
d.
_______________________________________________________________________
ite
ib
oh
_______________________________________________________________________
pr
is
n
_______________________________________________________________________
sio
is
m
_______________________________________________________________________
er
tp
ou
_______________________________________________________________________
ith
w
_______________________________________________________________________
rt
pa
i n
_______________________________________________________________________
or
l e
ho
_______________________________________________________________________
w
in
n
_______________________________________________________________________
c tio
du
_______________________________________________________________________
ro
ep
.R
_______________________________________________________________________
ly
on
_______________________________________________________________________
u se
er
_______________________________________________________________________
ld
ho
ke
_______________________________________________________________________
a
St
&L
_______________________________________________________________________
C
P
H
_______________________________________________________________________
10 –34 Rev. 11.12

Routing Using OSPF
OSPF redistribution—Scenario 3-1-c
R1 Area 0 R4
.4
d.
.1
10.0.10.0/24
ite
10.1.1.0/24 Area 2
ib
10.2.1.0/24
Area 1
oh
pr
R2 .2 .5 R5
is
n
.3 R3
io
10.1.2.0/24 R2= HP A-Series
s
is
ip route 10.1.3.0/24 10.1.10.3
m
vlan 10
10.1.3.0/24
er
ip ospf area 1
tp
Router ospf
ou
area 1
?
redistribute connected
ith
?
redistribute static
default-metric 20
w
metric-type 1
rt
pa
Figure 10-18: OSPF redistribution—Scenario 3-1-c
in
or
Fill in the blanks to show the proper configuration for R2 when it is an HP E-Series
e
device. R2 must:
l
ho
Redistribute static and connected routes

w

in
n
tio
Note
c
du
HP E-Series devices do not support summarization for

ro
redistributed (external) routes.

ep
.R
ly
ip route 10.1.3.0/24 10.1.10.3

on
vlan 10
se
u
er
ip ospf area 1
ld
Router ospf
ho
ke
area 1
a
______________ connected
St
______________ static
&L
C
default-metric 20
P
metric-type 1
H
Note
the end of this scenario.
Rev. 11.12 10 –35


R1 Area 0 R4
0.0.0.0/0
d.
.4
.1
ite
10.0.10.0/24
10.1.1.0/24 Area 2
ib
10.2.1.0/24
oh
Area 1
pr
R2 .2 .5 R5
is
n
.3
io
10.1.2.0/24 R3
s
is
m
What can you do for R5 to have
er
10.1.3.0/24 a Default Route via OSPF
tp
for ALL networks outside of its own Area?
ou
ith
w
You now understand how R2 redistributes the external routes. You will now turn to
rt
pa
another part of the network: area 2.
n
In this scenario, you want to hide networks outside of area 2 to routers within area 2.
i
or
R5 does not need to store the complexities of the network topology because it has
e
only one connection to the rest of the network. (Perhaps R5 is a router at a branch
l
ho
office, and R4 is a router at the headquarters or a regional office). A default route is

w
functionally equivalent to many routes through the same forwarding interface and
in
much more efficient.

n
tio
To hide the non-area 2 networks in this way, you must define the area type. Typically,
c
du
you would define the area as a totally stubby area. The ABR for a totally stubby area
ro
generates a default route (Type 3 LSA) to replace inter-area route summarizations

ep
(other Type 3 LSAs) and routes to external networks (Type 5 LSAs).

.R
ly
You could also configure the area as a totally stubby NSSA, which allows routers
on
within the area to redistribute routes themselves, providing more flexibility for the
se
configuration.
u
er
ld
ho
ake
St
&L
C
P
H
10 –36 Rev. 11.12

Routing Using OSPF
R1 Area 0 R4
.4 0.0.0.0/0
d.
.1
10.0.10.0/24
ite
10.1.1.0/24 Area 2
ib
10.2.1.0/24
Area 1
oh
pr
R2 .2 .5 R5
R4=Cisco
is
router ospf 1
n
network 10.0.0.0 0.0.255.255 area 0
network.310.2.0.0
R3 0.0.255.255 area 2
io
10.1.2.0/24
s
area 2 stub no-summary
is
or
m
area 2 nssa no-summary
area 10.1.3.0/24
R5=Cisco
er
2 default-information originate
tp
router ospf 1
network 10.2.0.0 0.0.255.255 area 2
ou
area 2 stub
or
ith
area 2 nssa
w
rt
pa
As you learned, to configure the ABR to generate the default route for the area (and
i n
filter out other inter-area LSAs), you can define the area as either a totally stubby
or
area or a totally NSSA area.
l e
ho
The figure displays the configuration on a Cisco device that is acting as ABR (R4).
w
You enter either:

in
n
area <ID> stub no-summary

c tio
area <ID> nssa no-summary

du
On a Cisco device that is an internal router in the totally stubby area or NSSA, you
ro
enter either:
ep
.R
area <ID> stub

ly
area <ID> nssa

on
The area type must match the type on the internal router and the ABR. However, you
se
do not specify the no-summary option on the internal router. Only the ABR—or
u
er
ABRs—require that option to tell them to generate the default route.

ld
ho
Note that, when you disable summaries for a stubby area, the ABR automatically
ke
generates a default route. However, you must use the area <ID> default-information
a
originate command to generate this route for an NSSA, which does not receive it by
St
default. (This enables the NSSA to use its own default route if it has an external
&L
connection.)
C
P
H
Rev. 11.12 10 –37

R1 Area 0 R4
.4 0.0.0.0/0
d.
.1
10.0.10.0/24
ite
10.1.1.0/24 Area 2
ib
10.2.1.0/24
Area 1
oh
pr
R2 .2 .5 R5
R4=HP A-series
is
ospf 1
n
area 2
.3 10.2.0.0
R3
io
network 0.0.255.255
10.1.2.0/24
s
stub no-summary
is
or
m
area 2
10.1.3.0/24
er
network 10.2.0.0 16
nssa no-summary default-route-advertise
tp
R5=HP A-Series
ou
ospf 1
area 2
ith
network 10.2.0.0 0.0.255.255
stub
w
or
rt
nssa
pa
i n
or
The figure displays the correct configuration for this scenario when the ABR (R4) and
e
internal router in the stubby area (R5) are HP A-Series devices. As you see it is quite
l
ho
similar to the Cisco configuration. Again, note that the generation of the default route
w
is not automatic for the NSSA; you must add the default-route-advertise option.
in
n
c tio
du
ro
ep
.R
ly
on
u se
er
ld
ho
ake
St
&L
C
P
H
10 –38 Rev. 11.12

Routing Using OSPF
R1 Area 0 R4
.4 0.0.0.0/0
d.
.1
10.0.10.0/24
ite
10.1.1.0/24 Area 2
ib
10.2.1.0/24
Area 1
oh
pr
R2 .2 R4=HP E-series .5 R5
is
router ospf
area 2 stub 10 no-summary
n
.3 or
R3area 2 nssa 10 no-summary
io
10.1.2.0/24
s
is
m
10.1.3.0/24 R5=HP E-Series
er
router ospf
tp
area 2 stub 10
ou
or
area 2 nssa 10
ith
w
rt
pa
Here you see the configuration for the ABR (R4) and internal stub router (R5) when
they are HP E-Series devices. The main difference in the configuration is that the ABR
in
or
automatically generates a default route for both stubby areas and NSSAs whenever
e
you specify the no-summary option.

l
ho
w
in
n
c tio
du
ro
ep
.R
ly
on
use
er
ld
ho
ake
St
&L
C
P
H
Rev. 11.12 10 –39


R1 Area 0 R4
.4 0.0.0.0/0
d.
.1
10.0.10.0/24
ite
10.1.1.0/24 Area 2
ib
10.2.1.0/24
Area 1
oh
pr
R2 .2 .5 R5
is
n
.3
io
10.1.2.0/24 R3
s
is
What routes are listed in R4
m
10.1.3.0/24 and R5’s routing tables?
er
tp
ou
ith
You should now be able to predict the result of this configuration. For R4 and R5, fill
w
in the routing table:
rt
pa
i n
Routes discovered through OSPF (remember to consider redistributed routes,
or

summarized routes, and default routes)

le
ho
For Type, indicate the type of route using the Cisco abbreviations:
w
in
 C = Connected networks
n
tio
 O = OSPF networks internal to the area (Type 1and Type 2 LSAs)

c
du
 O IA = Inter-area OSPF networks (Type 3 LSAs)

ro
O E1 or O E2: External (redistributed) OSPF networks

ep

.R
 O N1 or O N2: External (redistributed) OSPF networks in an NSSA

ly
on
You do not necessarily have to fill in every row in every table.

se
R4 Routing Table
u
er

ld
ho
ake
St
&L
C
P
H
10 –40 Rev. 11.12

Routing Using OSPF
R5 Routing Table
d.
ite
ib
oh
pr
is
n
sio
is
m
er
tp
ou
ith
w
rt
pa
i n
or
l e
ho
w
in
n
c tio
du
ro
ep
.R
ly
on
se
u
er
ld
ho
ake
St
&L
C
P
H
Rev. 11.12 10 –41


10.1.N.0/24
1 2
10.1.N.0/24
OSPF 1 OSPF 2
d.
ite
R1
ib
Why create two OSPF
oh
domains?
pr
is
R3 R4
10.1.N.0/24 10.2.N.0/24
n
io
s
is
m
R2
er
tp
.2
ou
10.1.N.0/24
ith
1 2
10.1.N.0/24
w
rt
pa
The figure represents two OSPF domains with two ASBRs that are implementing two
i n
OSPF processes and redistributing routes from one process to another. This scenario
or
is completely different from a single OSPF domain with two areas but one OSPF
le
ho
process.
w
Use cases
in
n
tio
Why might you configure two OSPF domains rather than two areas within a single
c
domain? In a large and complicated network, you might have several reasons:
du
ro
 You want to filter networks between the two regions. Redistributing routes
ep
between two domains offers filtering capabilities that are not possible into an
.R
OSPF domain:
ly
on
 Within an area, you cannot filter routes because all routers in the area must
share a link-state database. (Although you can prevent individual routers
se
from representing certain LSAs in their local routing table, this function is not
u
er
true filtering.)
ld
ho
 Between areas, as you learned in earlier scenarios, you can configure some
ke
route filtering. You create non-advertised route summarizations (Type 3 LSAs)

a
on ABRs.
St
&L
 Redistributed routes to external networks (Type 5 LSAs) are distributed in all

C
areas in the domain and cannot be filtered except in stub areas and
P
NSSAs.
H
10 –42 Rev. 11.12

Routing Using OSPF
 Two corporate networks with separate OSPF domains have now merged under
one administration.
 Your network has complexities that do not fit within the OSPF area design
constraints.
d.
OSPF imposes a network design with Area 0 as the backbone area. All other
ite
ib
areas must connect to Area 0, which in same large networks results in a very
oh
large area 0 without any filtering capabilities. In an environment such as this,
pr
you can create multiple OSPF domains (or a hierarchy of OSPF domains), which
is
offers more flexibility for the topology and more filtering capabilities.
n
sio
Note
is
The multiple domain topology can introduce some issues. For example, the ASBR
m
er
will flood Type 5 LSAs throughout the remote domain every time Type 1 and 2
tp
LSAs indicate a change in its local area. Thus, instability in one domain can lead
ou
to a constant injection and withdrawal of Type 5 LSAs in the other domain.
ith
Many companies with complex topologies and extensive filtering requirements
w
prefer to establish multiple OSPF domains that connect through BGP. Such a
rt
deployment provides a great deal of control and flexibility. In addition, inter-
pa
OSPF domain communications must pass through BGP. Because BGP provides
n
dampening, the instability in one domain will be less visible to other domains.
i
or
l e
ho
w
in
n
c tio
du
ro
ep
.R
ly
on
use
er
ld
ho
ake
St
&L
C
P
H
Rev. 11.12 10 –43

OSPF redistribution—Scenario 4-1 implications

OSPF 1 OSPF 2
R1
1
10.1.N.0/24
d.
ite
What happens when R1
ib
10.1.N.0/24
10.1.N.0/24
2 and R2:
oh
R3 R4
10.1.N.0/24 10.2.N.0/24 1 • Learn 10.1.N.0/24 as an
pr
internal route in OSPF1
2
is
• Learn 10.1.N.0/24 as an
n
R2 2 external route in OSPF 2
1
io
10.1.N.0/24
s
is
.2
m
er
tp
Figure 10-25: OSPF redistribution—Scenario 4-1 implications
ou
ith
A scenario such as this, in which two ASBRs run two OSPF processes and redistribute
w
routes between them, introduces some concerns. (The same concerns would not
rt
apply if you had only one ASBR running two OSPF processes.)
pa
Consider what happens with 10.1.N.0/24, a domain 1 network. First, R1 and R2
i n
learn a route to this network as an internal route in OSPF process 1. Then the routers
or
redistribute the internal route from OSPF process 1 to OSPF process 2. OSPF process
le
ho
2 learns the route as a route to an external network. Because you have two ASBRs,
w
the routers advertise the external routes to each other in OSPF process 2.
in
What happens then?

n
tio
On each router, both processes propose a route to 10.1.N.0/24 to OSPF. In other

c
du
words, an external route to the network from OSPF process 2 is competing with an
ro
internal route to the same network from OSPF process 1.

ep
.R
On each router, OSPF must now choose between the routes. It has rules for doing so,
ly
but they might not lead to the desired result:

on
 Route type—OSPF prefers intra-area routes to inter-area routes to external routes.

se
However, this rule only applies to routes within a single process. In other words,
u
OSPF does not prefer internal routes from one process to external routes from
er
ld
another process.
ho
Administrative distance—Routes with lower administrative distance are

ke
preferred. This rule does apply to routes learned by different processes.

a
St
However, in effect, it might not help to distinguish the routes because different
&L
processes use the same administrative distance by default. (You should manually
C
configure the administrative distance for different OSPF processes to force OSPF
P
to select routes correctly.)

H
 Cost—When routes have the same administrative distance, OSPF can use cost
as a tie breaker—but only within in a single process.
10 –44 Rev. 11.12

Routing Using OSPF
Thus OSPF might not be able to choose between the routes correctly. On Cisco
devices, if two processes propose routes to the same network with the same
administrative distance, the first process to execute the Shortest Path First algorithm
wins. This process places its route into the routing-table (although if the forwarding
interface for that route goes down, the other process can place its route). In short,
you cannot reliably predict which route OSPF will select.
Note
Some earlier software versions might behave differently. Refer to your devices’
documentation for their functionality.
Rev. 11.12 10 –45

OSPF redistribution—Scenario 4-1 implications (cont)

2
IP Network Next Hop Type
OSPF 1 OSPF 2
10.1.1.0/24 0.0.0.0 C
10.2.1.0/24 0.0.0.0 C
R1 10.1.2.0/24 10.1.1.2 O
10.1.3.0/24 10.1.1.2 O
10.2.2.0/24 10.2.1.2 O E2
10.2.3.0/24 10.2.1.2 O E2
10.1.1.0/24 10.2.1.0/24
R3 R4
• Local networks learned
10.1.3.0/24 10.2.3.0/24
as external networks
10.1.2.0/24 10.2.2.0/24 • Routing loop
R2
.2 10.1.2.0/24 0.0.0.0 C
10.2.2.0/24 0.0.0.0 C
10.1.1.0/24 10.1.2.2 O
10.1.3.0/24 10.1.2.2 O
10.2.1.0/24 10.1.2.2 O E2
10.2.3.0/24 10.1.2.2 O E2
Figure 10- 26: OSPF redirection—Scenario 4-1 implications (cont.)
Here you see what might happen in the scenario that you have been examining.
R1 has selected the external route to network 10.2.3.0/24 known by OSPF process
2. The next hop for this route is R2 because R1 received the Type 5 LSA with this
route from R2. Similarly, R2 has selected the external route to 10.2.3.0/24 with R1
as the next hop. The routers have a routing loop that will prevent traffic from reaching
its destination.
Although OSPF might select the internal route from the original process, you cannot
rely on that.
10 –46 Rev. 11.12

Routing Using OSPF
OSPF redistribution—Scenario 4-1 configuration

Redistribution /Import
OSPF 1 OSPF 2
R1
How do you configure

redistribution on R1:
R3 R4 • Cisco
10.1.N.0/24 10.2.N.0/24 • HP A-Series
R2
You will now learn how to configure this scenario. You will see the commands for
Cisco devices and for HP A-Series devices. (HP E-Series devices do not support
multiple OSPF processes.)
Rev. 11.12 10 –47


OSPF 1 OSPF 2
R1
Redistribute:
•OSPF 2 in OSPF 1
R4 •OSPF 1 in OSPF 2
R3
10.1.N.0/24 10.2.N.0/24
R2 R1= Cisco
router ospf 1
network 10.1.0.0 0.0.255.255 area 0
redistribute ospf 2 subnets
router ospf 2
network 10.2.0.0 0.0.255.255 area 0
The figure shows the commands for redistributing OSFP process 2 in OSPF process 1
and vice versa. The subnets option is required on Cisco when you need to
redistribute the non-classful IPv4 networks (Class A, B, C). If you do not include this
option, routes to subnets within the classful network are not redistributed.
Important
! This scenario is progressive. These first commands introduce the possibility of
routing loops. You will learn the commands for preventing the loops a bit later.
10 –48 Rev. 11.12

Routing Using OSPF

OSPF 1 OSPF 2
R1
Redistribute:
•OSPF 2 in OSPF 1
R4 •OSPF 1 in OSPF 2
R3
10.1.N.0/24 10.2.N.0/24
R1= HP A-Series
area 0
R2
network 10.1.0.0 16
import-route ospf 2

area 0
network 10.2.0.0 16
import-route ospf 1
Here you see the configuration for the same router in the same scenario when the
router is an HP A-Series device.
Rev. 11.12 10 –49

OSPF 1 OSPF 2
R1
ospf 1
R4
R1= HP A-Series
R3 area 0
10.1.N.0/24 10.2.N.0/24
network 10.1.0.0 0.0.255.255
import-route ospf 2 cost 1000 type 1
preference ase 200
ospf 2 R2
area 0
network 10.2.0.0 0.0.255.255
import-route ospf 1 cost 1000 type 1
preference ase 200
What is the effect of changing

preference/administrative distance of
external networks?
The slide displays commands that you can enter on an HP A-Series device to avoid
the routing loop issues you learned about earlier. (The commands for Cisco are listed
at the end of the notes for this slide.)
Consider how this configuration resolves the problem.
As you learned earlier, OSPF can use administrative distance to choose between
routes learned by different processes. Here you have configured external networks
that are redistributed into OSPF to have a higher administrative distance than the
default.
Return to the earlier example: both R1 and R2 redistribute routes to network
10.1.N.0/24 from OSPF process 1 into OSPF process 2. They now advertise the
redistributed routes on OSPF process 2 with an administrative distance of 200.
Because the internal routes from OSPF process 1 have a lower administrative
distance, both routers select the internal routes for their routing tables.
The ASBRs will now prefer all internal routes to all external routes redistributed from
another process. In other words, the ASBRs will reach all networks in one domain
through that domain’s routers.
10 –50 Rev. 11.12

Routing Using OSPF
Configuration for Cisco

The configuration if R1 were a Cisco device would be:
router ospf 1
network 10.1.0.0 0.0.255.255 area 0
distance ospf external 200
router ospf 2
network 10.2.0.0 0.0.255.255 area 0
Limitations of the solution

This solution only resolves routing loops for routes that are internal to one of the OSPF
domains. It is possible that both ASBRs receive external routes to the same subnets
from other redistribution points. In this case, routing loops can still occur when the
ASBRs advertise the same routes to each other over the other OSPF process. Because
the routes in both processes are external, they have the same administrative distance,
and OSPF cannot select between them.
You can attempt to resolve that problem by configuring different administrative
distances for redistributed routes in different domains. However, this configuration
would only solve the problem for routes that are originally distributed into the domain
with the lower administrative distance. To ensure that a particular route is always
advertised with a lower administrative distance in the proper domain, you would
need to set up prefix-specific administrative distances, which are supported by both
Cisco and HP A-Series devices.
You could also attempt to configure the more reliable redistribution points to
advertise external routes with a lower administrative distance than that used by the
ASBRs running two OSPF processes. In that case, these ASBRs would prefer external
routes that they receive from the original, more reliable distribution points to the
routes that they redistribute into the other process and receive from each other.
Rev. 11.12 10 –51


10.1.N.0/24
10.2.N.0/24
OSPF 1 OSPF 2
R1
R3 R4 On R1, import all OSPF1

10.1.N.0/24 10.2.N.0/24 networks into OSPF 2
but not OSPF 2 networks.
R2 What filtering method s

do you know?
10.2.N.0/24
10.1.N.0/24
Whenever two routers redistribute routes between OSPF processes, they might
redistribute the route received from one process back into that process again,
potentially creating a routing loop. This scenario presents one of the best solutions:
filters that remove particular routes from redistribution.
Typically, when configuring redistribution from one process to another, you would
filter out the routes that should originate, as far as OSPF is concerned, in the
destination process (these routes might be internal or external). For example, when
redistributing from OSPF 1 to OSPF 2, filter out OSPF 2 networks.
You can achieve this goal in different ways:
 Typically, you create filters that map to ACLs or prefix lists, each of which lists all
networks in a particular OSPF domain. The drawback of this method is that you
must maintain these lists carefully.
 For a more dynamic setup, switches can automatically mark routes as associated
with a domain. When you set up the redistribution of routes into that domain,
you configure the filters based on the tag.
10 –52 Rev. 11.12

Routing Using OSPF
OSPF redistribution and filtering: Scenario 4-2-a
10.1.N.0/24 Filter a domain’s networks

10.2.N.0/24
OSPF 1 OSPF 2 when redistributing networks
R1
into that same domain
R1= Cisco
router ospf 1
redistribute ospf 2 subnet route-map ospf2-only
R3 R4
10.1.N.0/24 10.2.N.0/24
route-map ospf2-only permit 10
match ip address 22
access-list 22 permit 10.2.0.0 0.0.255.255

R2
router ospf 2
redistribute ospf 1 subnet route-map ospf1-only
10.2.N.0/24
route-map ospf2-only permit 10
10.1.N.0/24
match ip address 11
Figure 10-31: OSPF redistribution and filtering: Scenario 4-2-a
First examine the Cisco commands for one method of filtering routes that belong to a
specific domain out of the routes redistributed back into the domain.
You specify a route map with the redistribution command. The route map is
associated with an ACL that selects the networks that are part of the OSPF domain to
which routes are being distributed.
Note the distance ospf external 200 command, which you learned about in the
previous scenario. Why is this command still necessary when you have configured
filtering? Remember: the filtering prevents routes that belong to one OSPF process
from being redistributed back into that process. The raised administrative distance
deals with routes that have been properly redistributed into another process but
should not be preferred to the original routes on the router running both processes.
You must configure both a filter and a raised administrative distance.
Rev. 11.12 10 –53

OSPF redistribution and filtering—Scenario 4-2-b
10.1.N.0/24
OSPF
10.2.N.0/24
OSPF 2 R1= HP A-Series
ospf1 1
…
import-route R1
ospf 2 route-policy ospf2-only
preference ase 200
quit
acl number 2002
rule permit source 10.2.0.0 0.0.255.255
rule deny source any
R3
route-policy
R4
ospf2-only permit node 10
10.1.N.0/24 if-match acl 2002 10.2.N.0/24
ospf 2
… R2
import-route ospf 1 route-policy ospf1-only
preference ase 200
quit
acl number 2001
rule permit source10.2.N.0/24
10.1.0.0 0.0.255.255
10.1.N.0/24
route-policy ospf1-only permit node 10
if-match acl 2001
Figure 10-32: OSPF redistribution and filtering—Scenario 4-2-b
The figure displays the commands to configure similar filters on HP A-Series devices.
These devices also allow you to associate the filters with prefix lists instead of ACLs.
In another option, you can configure filter policies instead of router policy filters. Use
filter policies when you only need to apply filtering to the redistribution command.
Use route policies when you need to apply filters and potentially other actions.
The sections below give the commands for the alternate configurations for your
reference.
Alternate configuration with ip prefix-list

ospf 1
…
import-route ospf 2 route-policy filter_ospf1
preference ase 200
quit
ip ip-prefix n1 permit 10.1.0.0 16 greater-equal 16 less-equal 30
route-policy filter_ospf1 permit node 10
if-match ip-prefix n1
10 –54 Rev. 11.12

Routing Using OSPF
ospf 2
…
import-route ospf 1 route-policy filter_ospf2
preference ase 200
quit
ip ip-prefix n2 permit 10.2.0.0 16 greater-equal 16 less-equal 30
if-match ip-prefix n2
Alternate configuration with filter-policy export

ospf 1
…
filter-policy 2001 export
preference ase 200
quit
acl number 2001
ospf 2
…
filter-policy 2002 export
preference ase 200
quit
Acl number 2001
Rev. 11.12 10 –55

OSPF redistribution and filtering—Scenario 4-2-c

10.1.N.0/24
OSPF 1
10.2.N.0/24
OSPF 2 Mark redistributed networks with
a tag and filter based on tag.
R1
R1= Cisco
router ospf 1
R3 redistribute ospf 2R4subnet tag 22 route-map filter_ospf1
10.1.N.0/24 distance ospf external 10.2.N.0/24
200
!
route-map filter_ospf1 deny 10
match tag 11
R2 filter_ospf1 permit 20
route-map
router ospf 2
redistribute ospf 1 subnet tag 11 route-map filter_ospf2
! 10.2.N.0/24
10.1.N.0/24
route-map filter_ospf2 deny 10
match tag 22
route-map filter_ospf2 permit 20
Figure 10-33: OSPF redistribution and filtering—Scenario 4-2-c
In this configuration, you filter routes based on a tag. The configuration relies on
several components:
 When you configure redistribution from OSPF process 1 to process 2 (the bottom
box in the figure), you configure the router to tag the redistributed routes as
belonging to process 1 (tag 11).
 You also configure a route map filter that denies routes with that tag but permits
all other routes.
 When you configure redistribution from OSPF process 2 to OSPF process 1, you
specify the route map filter that denies all routes marked with process 1’s tag
(11).
You follow the same steps to filter routes redistributed from OSPF process 1 to process
2. Thus each redistribute command specifies a tag and a route map filter.
This method does not necessarily solve all problems. For example, each domain
might have another ASBR, which redistribute some of the same routes. The external
routes received from these ASBRs will not be tagged, and so they will be
redistributed to the other domain. You might need to configure prefix-based
administrative distances as discussed earlier.
10 –56 Rev. 11.12

Routing Using OSPF
OSPF redistribution and filtering—Scenario 4-2-d

10.1.N.0/24
OSPF 1
10.2.N.0/24
OSPF 2 Mark redistributed networks with
a tag and filter based on tag.
R1
ospf 1 R1= HP A-Series

…
R3
import-route R4 route-policy filter_ospf1
ospf 2 tag 22
10.1.N.0/24 preference ase 200 10.2.N.0/24
quit
route-policy filter_ospf1 deny node 10
if-match tag 11
R2
ospf 2
…
import-route ospf 1 tag 11 route-policy filter_ospf2
preference ase 200
quit 10.2.N.0/24
10.1.N.0/24
route-policy filter_ospf2 deny node 10
if-match tag 22
Figure 10-34: OSPF redistribution and filtering—Scenario 4-2-d
You can also configure filtering based on tags on HP A-Series switches. The
configuration is very similar to the Cisco configuration.
Rev. 11.12 10 –57

OSPF default route injection—Scenario 5

Internet
BGP
R1 R2
0.0.0.0/0 0.0.0.0/0 Both R1 and R2 use OSPF
to inject a default route
into corporate network
OSPF
R3 Area 0 R4
Figure 10-35: OSP default route injection—Scenario 5
In this scenario, R1 and R2 are connected to the Internet and use BGP to
communicate with the ISP routers. (They could also have a static default route to the
Internet for a similar scenario.)
Both routers inject a default route into the OSPF network.
10 –58 Rev. 11.12

Routing Using OSPF
OSPF default route injection—Scenario 5-1
Internet For the default route:

•What is the metric?
BGP
R2
•What is the metric type?
R1
0.0.0.0/0 0.0.0.0/0
10.1.N.0/24
If the cost of IP OSPF
OSPF
interfaces is 10, which
Area 0
R3 R4 default route will R3 and R4
add to their routing tables?
ospf 1 R1= HP A-Series

Area 0
network 10.1.0.0 0.0.255.255
default-route advertise always cost 100 type 1
50 ospf
router Rev. 10.41
1 R2 = Cisco
network 10.1.0.0 0.0.255.255 area 0
default-information originate metric 100 metric-type 1
Figure 10-36: OSPF default route injection—Scenario 5-1
This figure presents a scenario in which R1 (an HP A-Series router) and R2 (a Cisco
router) both
What is the metric for the default routes advertised by R1 and R2? What is the
default route’s metric type?
Both the Cisco and the HP A-Series devices have commands that define the default
cost (metric) and default metric type for routes advertised by OSPF. The figure shows
the commands that configure these settings for default routes injected into OSPF:
 Metric (cost) = 100
 Metric type = 1
Refer to the section at the end of the notes for this slide to see more commands for
changing these settings as well as the default settings when the commands are not
defined.
Continue to examine the configuration shown in the figure. If the cost on IP OSPF
interfaces is 10, which default route will R3 and R4 add to their routing table?
In this configuration, both R1 and R2 inject the default route with metric 100 and
metric type 1. Metric type 1 means that each router interface that advertises the route
will increment the cost.
Trace the routes from R1 and R2 to R3:
 When R3 receives the default route set by R1, its cost will be 100+10 =110.
 When R3 receives the default route set by R2, its cost will be 100+10 + 10
=120.
Rev. 11.12 10 –59

R3 will select the route from R1 as the route through the closest router. The default
route from R2 will serve as a backup in case R1 or the link to R1 fails; however, the
backup route is not part of the active routing table.
Also trace the routes from R1 and R2 to R4:
 When R3 receives the default route set by R1, its cost will be 100+10 + 10
=120.
 When R4 receives the default route set by R2, its cost will be 100+10 =110.
Thus R4 will add the route from R2 to its routing table; the route from R1 serves a
backup.
In conclusion, when the redistributed route uses metric type 1, other OSPF routers can
choose the route with the least cost.
Additional reference
On Cisco devices, you can specify the default metric and metric type for redistributed
routes when you enter the redistribute commands. Similarly, you specify the default
metric and metric type for a default route injected into an NSSA or totally stubby
area when you enter the default-information or area commands.
On HP A-Series devices, the commands for changing the default metric and metric
type are:
ospf <process ID>
default cost <metric> type [1 | 2]
But you can also override those commands for particular redistributed routes or route
summaries configured for areas.
If you have not configured these commands, the default settings are:
 On Cisco devices:
 Default cost is 20.
 Default external route type is 2.
 On HP A-Series devices:
 Default cost is 1.
 Default external route type is 2.
10 –60 Rev. 11.12

Routing Using OSPF
OSPF redistribution and filtering—Scenario 5-2
Internet All links are gigabit

and all routers use the
d.
BGP bandwidth reference.
ite
R1 R2
ib
0.0.0.0/0 0.0.0.0/0
oh
Which default route will R3
10.1.N.0/24
pr
and R4 add to their routing
OSPF
tables?
is
Area 0
R3 R4
n
sio
R1= HP A-Series
is
ospf 1
m
bandwidth-reference 10000
Area 0
er
network 10.1.0.0 0.0.255.255
tp
default-route advertise always cost 100 type 2
ou
router ospf 1 R2 = Cisco
ith
auto-cost reference-bandwidth 10000
network 10.1.0.0 0.0.255.255 area 0
w
default-information originate metric 100 metric-type 2
rt
pa
Figure 10-37: OSPF redistribution and filtering—Scenario 5-2
i n
Now consider the same scenario except that the injected default routes use type 2
or
metrics. In this case, which default routes to R3 and R4 add to their routing table.
l e
ho
First examine R3. Both R1 and R2 assign the same cost (100) to the default route, so
w
R3 cannot choose between the routes based on cost. Therefore, R3 selects the default
in
route from the ASBR to which it has the lowest cost path.
n
tio
In this example, the cost for a gigabit link is 10 (bandwidth reference/bandwidth =

c
du
10000/1000). R3’s path cost to R1 is 10 and its path cost to R2 is 20. Therefore, R1
ro
selects the default route from R1.

ep
.R
Similarly, R4 receives both default routes with the same cost. R4’s path cost to R1 is
20 and to R2, 10. Therefore, R4 selects the default route from R2.
ly
on
Again, both R3 and R4 can use the non-selected route as a backup, which is added
se
to the routing table if they can no longer reach the next-hop router in the selected
u
route.
er
ld
In conclusion, when routers inject default routes with type 2 metrics, other routers
ho
choose the default route of the closest ASBR (which is often the same route that would
ke
be selected with type 1 metrics).

a
St
&L
C
P
H
Rev. 11.12 10 –61

Labs 10.1 and 10.2: Configuring OSPF

Server_1
P3
VLAN 101
d.
HP-E
ite
P1
ib
VLAN 100 Area 1
P3
oh
Cisco-B OSPF Router-Id:
pr
POD.X.X.X
P1 P2
is
VLAN 2 VLAN 3
n
IP addressing:
P1
io
P1
HP-C Cisco-A 10.POD.VLAN.X/24
s
Area 0
is
P2 P2 X=1 on Cisco-A
X=2 on Cisco-B
m
X=3 on HP-C
er
VLAN 4 VLAN 5
P1 P2 X=4 on HP-D
tp
X=5 on HP-E
HP-D X=6 on HP-F
ou
X=100 on Server_1
P3 X=101 on Client_1
ith
VLAN 200 P1 Area 2
w
HP-F P3
Client_1
rt
VLAN 201
pa
Figure 10-38: Lab 10.1: Configuring OSPF areas
i n
or
Server_1
l e
P3
ho
VLAN 101
w
HP-E
in
P1
VLAN 100
n
P3
OSPF1 Area 0
tio
Cisco-B
OSPF Router-Id:
POD.X.X.X
c
du
P1 P2
VLAN 2 VLAN 3
ro
P1
IP addressing:
P1
ep
HP-C Cisco-A 10.POD.VLAN.X/24

P2
.R
P2 X=1 on Cisco-A
X=2 on Cisco-B
ly
VLAN 4
X=3 on HP-C
VLAN 5 X=4 on HP-D
on
P1 P2
X=5 on HP-E
X=6 on HP-F
OSPF2
se
HP-D
Area 0 X=100 on Server_1
P3 X=101 on Client_1
u
VLAN 200 P1
er
HP-F P3
ld
Client_1
ho
VLAN 201
ke
Figure 10- 39: Lab 10.2: Configuring OSPF redistribution

a
St
You will now complete two labs. In the first lab, illustrated in Figure 10-38, you
&L
establish a multi-area OSPF system, in which a Cisco switch is one ABR and a HP A-
C
Series switch is another ABR.

P
H
In the second lab, illustrated in Figure 10-39, you configure redistribution of routes
from one OSPF AS to another. In this lab, a Cisco switch is one ASBR and an HP A-
Series switch is another ASBR.
You can proceed directly from one lab to the next at your own pace.
10 –62 Rev. 11.12
Routing Using OSPF
Use the space below to record any instructions your facilitator gives you for
these labs.
________________________________________________________________________
d.
________________________________________________________________________
ite
ib
oh
________________________________________________________________________
pr
is
n
________________________________________________________________________
sio
is
m
________________________________________________________________________
er
tp
ou
________________________________________________________________________
ith
w
________________________________________________________________________
rt
pa
i n
________________________________________________________________________
or
l e
ho
________________________________________________________________________
w
in
n
________________________________________________________________________
ctio
du
________________________________________________________________________
ro
ep
.R
________________________________________________________________________
ly
on
________________________________________________________________________
use
er
________________________________________________________________________
ld
ho
ke
________________________________________________________________________
a
St
&L
________________________________________________________________________
C
P
H
________________________________________________________________________
________________________________________________________________________
Rev. 11.12 10 –63

Lab debrief
Did you find useful show and display commands?
_______________________________________________________________________
d.
ite
ib
_______________________________________________________________________
oh
pr
_______________________________________________________________________
is
n
sio
_______________________________________________________________________
is
m
er
tp
_______________________________________________________________________
ou
ith
_______________________________________________________________________
w
rt
pa
_______________________________________________________________________
i n
or
What are your key insights about OSPF? Have you discovered something new?
l e
ho
_______________________________________________________________________
w
in
n
_______________________________________________________________________
c tio
du
_______________________________________________________________________
ro
ep
.R
_______________________________________________________________________
ly
on
_______________________________________________________________________
u se
er
_______________________________________________________________________
ld
ho
ke
_______________________________________________________________________
a
St
&L
C
P
H
10 –64 Rev. 11.12

Routing Using OSPF

_______________________________________________________________________
d.
_______________________________________________________________________
ite
ib
oh
pr
_______________________________________________________________________
is
n
sio
is
m
_______________________________________________________________________
er
tp
ou
_______________________________________________________________________
ith
w
rt
pa
_______________________________________________________________________
i n
or
l e
ho
What practical discoveries do you plan to apply in the field?

w
in
_______________________________________________________________________
n
c tio
_______________________________________________________________________
du
ro
ep
_______________________________________________________________________
.R
ly
on
_______________________________________________________________________
use
_______________________________________________________________________
er
ld
ho
_______________________________________________________________________
ake
St
_______________________________________________________________________
&L
C
P
H
Rev. 11.12 10 –65

Module 10 summary
In this module, you have learned how to:
 Configure OSPF routing on HP and Cisco switches
d.
ite
 Enable OSPF’s BFD and graceful restart features
ib
Configure areas and summarization
oh

pr
 Configure redistribution and filtering
is
Generate default routes to inject into OSPF
n

sio
is
m
er
tp
ou
ith
w
rt
pa
i n
or
l e
ho
w
in
n
ctio
du
ro
ep
.R
ly
on
u se
er
ld
ho
ake
St
&L
C
P
H
10 –66 Rev. 11.12

Routing Using OSPF
Learning check
Q1: What parameters must match for OSPF neighbors?
_______________________________________________________________________
d.
ite
ib
_______________________________________________________________________
oh
pr
_______________________________________________________________________
is
n
sio
_______________________________________________________________________
is
m
er
tp
_______________________________________________________________________
ou
ith
_______________________________________________________________________
w
rt
pa
Q2: What purpose does BFD serve in OSPF?
i n
_______________________________________________________________________
or
l e
ho
_______________________________________________________________________
w
in
n
_______________________________________________________________________
ctio
du
_______________________________________________________________________
ro
ep
.R
_______________________________________________________________________
ly
on
_______________________________________________________________________
use
er
Q3: Which type of area conceals the networks in all other areas from routers within
ld
ho
that area?
ke
_______________________________________________________________________
a
St
&L
_______________________________________________________________________
C
P
H
_______________________________________________________________________
_______________________________________________________________________
Rev. 11.12 10 –67

Q4: What options can you set when you redistribute routes into OSPF?
_______________________________________________________________________
_______________________________________________________________________
d.
ite
ib
_______________________________________________________________________
oh
pr
is
_______________________________________________________________________
n
sio
is
_______________________________________________________________________
m
er
tp
Q5: Why would you tag IP routes when you redistribute them?
ou
_______________________________________________________________________
ith
w
rt
_______________________________________________________________________
pa
i n
or
_______________________________________________________________________
l e
ho
_______________________________________________________________________
w
in
n
_______________________________________________________________________
c tio
du
ro
_______________________________________________________________________
ep
.R
_______________________________________________________________________
ly
on
se
Q6: When you implement graceful restart, do all routers need to be aware of the
u
graceful restart feature?

er
ld
_______________________________________________________________________
ho
ke
_______________________________________________________________________
a
St
&L
_______________________________________________________________________
C
P
H
_______________________________________________________________________
_______________________________________________________________________
10 –68 Rev. 11.12

Routing Using OSPF
Q7: Why would you configure an OSPF interface as passive or silent?

_______________________________________________________________________
_______________________________________________________________________
d.
ite
ib
_______________________________________________________________________
oh
pr
is
_______________________________________________________________________
n
sio
is
_______________________________________________________________________
m
er
tp
_______________________________________________________________________
ou
ith
_______________________________________________________________________
w
rt
pa
_______________________________________________________________________
i n
or
e
_______________________________________________________________________
l
ho
w
Q8: How can you set up one router as the main router and the other router as a
in
n
backup for a given network?

ctio
_______________________________________________________________________
du
ro
ep
_______________________________________________________________________
.R
ly
_______________________________________________________________________
on
use
_______________________________________________________________________
er
ld
ho
_______________________________________________________________________
ake
St
_______________________________________________________________________
&L
C
_______________________________________________________________________
P
H
_______________________________________________________________________
Rev. 11.12 10 –69

d.
ite
ib
oh
pr
is
n
sio
is
m
er
tp
ou
ith
w
rt
pa
i n
or
l e
ho
w
in
n
c tio
du
ro
ep
.R
ly
on
u se
er
ld
ho
ake
St
&L
C
P
H
10 –70 Rev. 11.12

Network Address Translation

Module 11
d.
Module 11 objectives
ite
ib
oh
After completing this module, you will be able to configure network address
pr
translation (NAT) to:
is
Connect users with private addresses to the Internet
n

sio
 Allow external access to internal servers with private addresses
is
m
 Interconnect networks with overlapping addresses
er
tp
NOTES
ou
_________________________________________________________________________
ith
w
rt
_________________________________________________________________________
pa
i n
or
_________________________________________________________________________
l e
ho
_________________________________________________________________________
w
in
n
_________________________________________________________________________
c tio
du
_________________________________________________________________________
ro
ep
.R
_________________________________________________________________________
ly
on
se
_________________________________________________________________________
u
er
ld
_________________________________________________________________________
ho
ke
_________________________________________________________________________
a
St
&L
_________________________________________________________________________
C
P
H
_________________________________________________________________________
Rev. 11.12 11 –1
Internet access with dynamic NAT

This module focuses on the following scenarios:
 Using dynamic NAT to provide users with Internet access
d.
ite
 Many-to-one NAT, also called Network Address Port Translation (NAPT) or
ib
Port Address Translation (PAT)
oh
pr
 Many-to-many: NAT without PAT
is
 Accessing internal servers with private addresses from the outside, using a NAT
n
io
interface
s
is
Managing overlapping networks with NAT
m

er
tp
Note
ou
NAT support is very limited on HP E-Series devices, so this module will cover
ith
NAT for Cisco and the HP A-Series devices. NAT is supported on most HP and
w
Cisco routers, but only on a limited number of switches. If working with a switch,
rt
be sure to verify that it supports NAT.
pa
i n
or
l e
ho
w
in
n
c tio
du
ro
ep
.R
ly
on
u se
er
ld
ho
ake
St
&L
C
P
H
11 –2 Rev. 11.12
NAT and Internet access—Scenario 1

MANY to ONE
10.1.0.0/16 translated into 15.6.7.8
d.
ite
10.1.1.18
ib
10.1.0.0/16
oh
S=15.6.7.8 :2001 D=X
S=10.1.1.18 :1031 D=X
pr
S=15.6.7.8 :2002 D=Y
is
10.1.7.13 S=15.6.7.8 :2003 D=Z
n
S=10.1.7.13 :1028 D=Y 15.6.7.8
io
Internet
s
is
10.1.8.22
m
S=10.1.8.22 :1027 D=Z
er
tp
Intranet
ou
ith
Figure 11-1: NAT and Internet access—Scenario 1
w
rt
pa
Dynamic NAT or NAPT is a variation of NAT. Because it allows multiple internal
addresses to be mapped to the same public IP address, it is called many-to-one NAT
i n
or address multiplexing. NAPT is based on both the IP address and the port number.
or
With NAPT, multiple IP source addresses are translated to the same public IP
l e
ho
address, but each NAT session is assigned a unique source port.

w
Typically, the IP addresses to be translated are defined by an access control list

in
(ACL). The NAT device determines the address to which source addresses are
n
tio
translated by either:
c
du
 Using the IP address of a specific interface (the Internet-facing interface or the

ro
forwarding interface in the packet’s route)

ep
.R
 Selecting the IP address from pool of IP addresses, which might contain one or
several IP addresses
ly
on
NAPT has enabled companies to better utilize their IP address resources, providing
se
many internal devices access to the external network at the same time using only one
u
or a few public IP addresses.

er
ld
ho
ake
St
&L
C
P
H
Rev. 11.12 11 –3
NAT and Internet access—Scenario 1a

LAN Defined by ACL Interface or NAT Pool
10.1.0.0/16 R1
d.
ite
Gig 1/1 Gig 1/2
10.1.1.254 15.6.7.8 Internet
ib
Intranet
oh
R1= Cisco
pr
ip address 10.1.1.254 255.255.255.0
is
ip nat inside
n
io
ip address 15.6.7.8 255.255.255.252
s
is
ip nat outside
m
er
tp
ip nat inside source list 10 interface gig 1/2 overload
or
ou
ip nat inside source list 10 pool pool-corp123 overload
ith
ip nat pool pool-corp123 15.6.7.8 15.6.7.8 prefix 30
w
Figure 11-2: NAT and internet access—Scenario 1a
rt
pa
Figure 11-2 shows the Cisco commands for configuring NAT for this scenario.
in
or
e
l
ho
w
in
n
c tio
du
ro
ep
.R
ly
on
u se
er
ld
ho
ake
St
&L
C
P
H
11 –4 Rev. 11.12
NAT and Internet access—Scenario 1b

LAN Defined by the ACL Interface or NAT Pool
10.1.0.0/16
d.
R1
ite
Int VLAN 100 Int VLAN 200
10.1.1.254 15.6.7.8 Internet
ib
Intranet
oh
pr
R1= HP A -Series
is
ip address 10.1.1.254 24
n
io
OR
s
is
ip address 15.6.7.8 30 ip address 15.6.7.8 30
nat outbound 2001
m
nat outbound 2001 address-group 1
er
quit
nat address-group 1 15.6.7.8 15.6.7.8
tp
acl number 2001
ou
rule deny
ith
Figure 11-3: NAT and Internet access—Scenario 1-b
w
rt
pa
These are the commands for configuring NAT on an HP A-Series switch in a similar
scenario.
i n
or
NAPT configuration on the HP A-Series switch
l e
ho
The IP address to be translated, 10.1.0.0/16, is defined by the ACL. You can set the
w
NAT address (the address after translation) in one of two ways:

in
To a pool of IP addresses by entering:

n

c tio
[HP-A] nat address group <first IP address> <last IP address>

du
You must then configure outbound NAT on the interface on which the traffic to
ro
be translated is forwarded after being routed. When you do, you specify the
ep
address group:
.R
ly
[HP-A] interface vlan-interface 200

on
[HP-A-Vlan-interface200] ip address 15.6.7.8 30

use
[HP-A-Vlan-interface200] nat outbound 2001 address-group 1

er
 To the IP address of the interface to which you apply outbound NAT (this option
ld
is called easy IP):

ho
ke
[Device] interface vlan-interface 200

a
St
[Device-Vlan-interface200] ip address 15.6.7.8 30

&L
[Device-Vlan-interface200] nat outbound 2001

C
Note
P
H
By default, the IP NAT outbound setting is NAPT or PAT (many-to-one NAT). To

specify one-to-one NAT, you should add no-pat to the command:
nat outbound 2001 address-group1 no-pat
Rev. 11.12 11 –5
Introduction to connection limit

A user that initiates a large quantity of connections in a short period of time occupies
large amounts of system resources, preventing other users from accessing network
resources. An internal server that receives large numbers of connection requests
d.
within a short time cannot process them quickly enough and cannot accept other
ite
normal connection requests. To avoid these situations, you can configure a
ib
oh
connection limit policy to limit the number of connections, connection rate, and
pr
connection bandwidth.
is
The limits to the connection rate and bandwidth cannot be specified at the same
n

io
time.
s
is
If an option is not configured in the connection limit policy, the global
m

er
configuration settings will be used instead.
tp
For user connections not covered in the connection limit policy, the global
ou

configurations take effect.
ith
w
Follow these steps to configure this option:
rt
pa
1. Configure a connection limit policy. In this example, the policy limits user
n
connections from 10.1.10.100. Set the upper and lower limits to 1000 and 200
i
or
respectively.
l e
ho
[HP-A] acl number 2002

w
[HP-A-acl-basic-2002] rule permit source 10.1.10.100 0.0.0.0

in
[HP-A-acl-basic-2002] rule deny

n
tio
[HP-A-acl-basic-2002] quit
c
du
[HP-A] connection-limit policy 1

ro
[HP-A-connection-limit-policy-1] limit 0 acl 2002 per-

ep
destination amount 1000 200

.R
[HP-A-connection-limit-policy-1] quit
ly
2. Bind the connection limit policy to NAT.

on
se
[HP-A] nat connection-limit-policy 1

u
er
ld
ho
ake
St
&L
C
P
H
11 –6 Rev. 11.12
Internal servers with static NAT

Now that you considered a scenario involving dynamic NAT, you discuss two
scenarios for destination NAT. In these scenarios, external devices need to reach
d.
internal servers with private IP addresses. The external devices contact the internal
ite
servers at public IP addresses, and the NAT device translates the destination address
ib
to the internal server’s actual private IP address. The first scenario features one-to-one
oh
destination NAT, and the second features one-to-many destination NAT.
pr
is
n
sio
is
m
er
tp
ou
ith
w
rt
pa
i n
or
l e
ho
w
in
n
ctio
du
ro
ep
.R
ly
on
use
er
ld
ho
ake
St
&L
C
P
H
Rev. 11.12 11 –7
Internal servers and NAT—Scenario 2

ONE to ONE
Server seen as 15.6.7.1 and
is translated into 10.1.1.101
d.
ite
FTP 10.1.1.101
10.1.0.0/16
ib
S=X D=15.6.7.1:21
oh
S=X D=10.1.1.101:21 S=Y D=15.6.7.2:80
pr
Web 1 10.1.1.102
S=Z D=15.6.7.3:8080
is
S=Y D=10.1.1.102:80 15.6.7.1
n
io
15.6.7.2 Internet
s
Web 2 10.1.1.103 15.6.7.3
is
m
S=Z D=10.1.103:80
er
tp
Intranet
ou
ith
Figure 11-4: Internal servers and NAT—Scenario 2
w
rt
This scenario features static destination NAT, which you must sometimes use with
pa
dynamic source NAT.
i n
Dynamic source NAT hides the internal network structure, including the identities of
or
internal hosts. However, in practice, external hosts often need to access internal hosts
l e
ho
such as Web or FTP servers. Destination NAT enables them to do so.

w
With this form of NAT, you can deploy an internal server easily and flexibly. For
in
instance, you can use 15.6.7.1 as the Web server’s external address and 15.6.7.2 as
n
tio
the FTP server’s external address. You can even use an address like 15.6.7.3:8080
c
as the Web server’s external address.

du
ro
When a packet intended for an internal server arrives, NAT translates the destination
ep
address in the packet to the private IP address of the internal server. When a
.R
response packet from the internal server arrives, NAT translates the source address (a
ly
private IP address) of the packet into a public IP addresses mapped to the same
on
external IP address with different port numbers.

u se
er
ld
ho
ake
St
&L
C
P
H
11 –8 Rev. 11.12
Internal servers and NAT—Scenario 2b

FTP 10.1.1.101 15.6.7.1:21
Web 10.1.1.102 15.6.7.2:80
SMTP 10.1.1.103 15.6.7.3:25
R1
Int vlan 100 Int vlan200
10.1.1.254 15.6.7.8 Internet
Intranet
R1= HP A -Series
ip address 10.1.1.254 24

nat server protocol tcp global 15.6.7.1 21 inside 10.1.1.101 ftp
nat server protocol tcp global 15.6.7.2 80 inside 10.1.1.102 www
nat server protocol tcp global 15.6.7.3 smtp inside 10.1.1.103 smtp
Figure 11-6: Internal servers and NAT—Scenario 2b
This slide shows the same NAT configuration on an HP A-Series device. Notice that
the NAT commands are configured on the VLAN interface that faces the Internet. (If
you were configuring NAT on an HP A-Series router, you would configure the NAT
commands on the routed physical interface.)
You indicate that you are configuring static destination NAT by using the nat server
command shown in the slide. As you see, you specify the publically known IP
address for the global address and the server’s actual IP address for the inside
address.
The HP A-Series devices automatically implement source NAT for the reverse traffic
from the servers to the Internet clients.
11 –10 Rev. 11.12

Internal servers and NAT—Scenario 3

ONE to MANY
Servers all seen in15.6.7.8:X
translated into 10.1.1.101-104:Y
ftp 10.1.1.101:21
www 10.1.1.102:80
15.6.7.8:21
smtp 10.1.1.103:25
15.6.7.8:80
www2 10.1.1.104:80
15.6.7.8:25
S=X D=10.1.1.101:21 15.6.7.8:8080
S=X D=15.6.7.8:21
S=Y D=10.1.1.102:80
S=Y D=15.6.7.8:80
S=Z D=10.1.103:25
S=Z D=10.1.104:80 S=Z D=15.6.7.8:25
S=Z D=15.6.7.8:8080
Intranet
Internet
Figure 11-7: Internal servers and NAT—Scenario 3
IP NAT port forwarding is typically used in small networks or small divisions of larger
networks when only one public IP is available. The IP address of the router facing the
Internet becomes the “Internet interface.”
When a packet intended for an internal server arrives, NAT translates the destination
address in the packet to the private IP address of the Internet interface of the router.
When a response packet from the internal server arrives, NAT translates the source
address (a private IP address) of the packet into a public IP addresses mapped to the
same external IP address with different port numbers.
Rev. 11.12 11 –11

Internal servers and NAT—Scenario 3a

The server’s public IP address is translated
to a private IP address in the DNS response
10.1.3.140
10.1.0.0/16
DNS request for DNS response
www.corp123.com 15.6.7.8
DNS response DNS server
10.1.1.101 15.6.7.8:21
15.6.7.8:80
15.6.7.8:25 Internet
www.corp123.com 15.6.7.8:8080
10.1.1.101
Intranet
Figure 11-8: Internal servers and NAT—Scenario 3a
Internal server
Very often servers get their IP addresses from an external DNS server that belongs to
an Internet Service Provider (ISP) or to another company.
DNS mapping
You can specify an external IP address and port number for an internal server on the
public network interface of a NAT gateway, so that external users can access the
internal server using its domain name or pubic IP address.
An internal host may want to access an internal server on the same private network
by using its domain name, while the DNS server is located on the public network.
Typically, the DNS server will reply with the public address of the internal server to
the host. However, without relevant processing of the NAT device, the host cannot
access the internal server using its domain name. In this case, the DNS mapping
feature can solve the problem.
A DNS mapping entry records the domain name, public address, public port
number, and protocol type of an internal server. Upon receiving a DNS reply, the
NAT-enabled device matches the domain name in the message against the DNS
mapping entries. If a match is found, the private address of the internal server is
found and NAT replaces the public IP address in the reply with the private IP
address. Then, the host can use the private address to access the internal server.
11 –12 Rev. 11.12

Internal servers and NAT—Scenario 3b

ftp 10.1.1.101:21 15.6.7.8:21
DNS server
www 10.1.1.102:80 15.6.7.8:80
smtp 10.1.1.103:25 15.6.7.8:25 corp123.com
www2 10.1.1.104:80 R1 15.6.7.8:8080 ftp 15.6.7.8
www 15.6.7.8
Gig 1/1 Gig 1/2
web2 15.6.7.8
10.1.1.254 15.6.7.8 Internet smtp 15.6.7.8
Intranet
R1= Cisco
interface gigabitethernet 1/1 interface gigabitethernet 1/2
ip address 10.1.1.254 255.255.255.0 ip address 15.6.7.8 255.255.255.252
ip nat inside ip nat outside
ip nat inside source static tcp 10.1.1.101 21 15.6.7.8

15.6.7.0 21
15.6.7.1 80
15.6.7.2 25
15.6.7.3 8080
ip nat outside source static tcp 10.1.1.101 21 15.6.7.8 21

Figure 11-9: Internal servers and NAT—Scenario 3b
 The ip nat inside source command creates a translation, if necessary. It

translates:
 The source IP address for packets going from inside to outside
 The destination IP address for packets going from outside to inside
 The ip nat outside source command creates a translation, if necessary as well. It
translates:
 The source IP address for packets going from outside to inside
 The destination IP address for packets going from inside to outside
In the above configuration, the ip nat inside source static tcp 10.1.1.101 21 15.6.7.8 21
command translates the source IP in packets coming from server 10.1.1.101:21 to the
public IP address 15.6.7.8:21 when the packets are transmitted from inside (intranet)
to outside (internet).
The ip nat outside source static tcp 10.1.1.101 21 15.6.7.8 21 command translates the
source IP in packets coming from server 10.1.1.101:21 to the public IP address
15.6.7.8:21 when packets are transmitted from inside (intranet) to outside (internet).
In this case the ip nat outside command is not used to translate packets but only to
translate the embedded IP address into a DNS response.
Rev. 11.12 11 –13

Internal servers and NAT—Scenario 3c

ftp10.1.1.101:21 15.6.7.8:21 DNS server
www 10.1.1.102:80 15.6.7.8:80
smtp 10.1.1.10:25 15.6.7.8:25 corp123.com
www2 10.1.1.104:80 R1 15.6.7.8:8080 ftp 15.6.7.8
www 15.6.7.8
Gig 1/1 Gig 1/2
web2 15.6.7.8
10.1.1.254 15.6.7.8 Internet smtp 15.6.7.8
Intranet
interface vlan-interface 100 R1= HP A -Series

ip address 10.1.1.254 24

nat server protocol tcp global 15.6.7.8 21 inside 10.1.1.101 ftp
nat server protocol tcp global 15.6.7.8 80 inside 10.1.1.102 www
nat server protocol tcp global 15.6.7.8 smtp inside 10.1.1.103 smtp
nat server protocol tcp global 15.6.7.8 8080 inside 10.1.1.104 80
Quit
nat dns-map domain ftp.corp123.com protocol tcp ip 15.6.7.8 port ftp
nat dns-map domain www.corp123.com protocol tcp ip 15.6.7.8 port www
nat dns-map domain www2.corp123.com protocol tcp ip 15.6.7.8 port 8080
nat dns-map domain smtp.corp123.com protocol tcp ip 15.6.7.8 port 25
Figure 11-10: Internal servers and NAT—Scenario 3c
With DNS mapping, an internal host can access an internal server on the same
private network by using the domain name of the internal server when the DNS
server resides on the Internet.
 Use the nat dns-map command to map the domain name to the public network
information of an internal server.
 Use the undo nat dns-map command to remove a DNS mapping. Currently, the
device supports up to 16 DNS mappings.
 display nat dns-map is a related command.
11 –14 Rev. 11.12

Using static NAT for overlapping networks

Typically, people consider NAT for the scenarios discussed thus far in this module:
translating IP addresses between a company’s private network and the Internet.
However, NAT can also be useful for problems that arise on a private network when
a company or two companies must merge two networks that have overlapping IP
addresses. The rest of this module explains how to use NAT to resolve this issue
without reconfiguring the IP addresses on one of the networks being merged.
Rev. 11.12 11 –15

Overlapping networks—Scenario 4
10.1/16 10.1/16
S 10.111.3.18
1 S 10.1.3.18 D 10.222.2.200 S 10.111.3.18
D 10.222.2.200 D 10.1.2.200
S 10.1 10.111 D 10.222 10.1

10.1.2.200
10.1.3.18 R1 R2
Network1
Network2
D 10.1 10.111 S 10.222 10.1

S 10.222.2.200 S 10.1.2.200 2
D 10.1.3.18 S 10.222.2.200 D 10.111.3.18
D 10.111.3.18
As seen by Network2 : As seen by Network 1:
10.111/16 10.222/16
Figure 11-11: Overlapping networks—Scenario 4
When two networks are merged, they may have overlapping IP subnets.
Consequently, the two networks cannot be joined without causing IP address
conflicts. Rather than changing IP addressing, companies may want to use NAT
translate IP addresses so that each network appears to be unique.
In the above figure, Network 1 and 2 have the same IP subnet 10.1.0.0/16. With
NAT, Network 1 can “see” Network 2 as a unique network (10.222/16), and
Network 2 can “see” Network 1 as a unique network (10.111/16).
In the example above, node 10.1.3.18 in Network 1 tries to reach a server in
Network 2, which it sees the network as10.222.2.200. (The server is really
10.1.2.200 in its own network.) The server IP address may be provided by the DNS
response and translated by NAT if the DNS server is in Network 2. Or the server’s
address in Network 2 can already be assigned a “NATed” address in the local
DNS.
When a packet is routed by R1, source 10.1.3.18 is NATed to 10.111.3.18 and
forwarded to R2. When a packet is routed by R2, the destination 10.222.2.200 is
NATed to 10.1.2.200 and forwarded in Network 2.
Note that while you are applying NAT, you can start changing your IP addresses.
You can pick IP addresses in the range you use for NAT. This will make use of the
static routes you have to put in place for routing from Network 1’s real IP addresses
to Network 2’s NATed IP addresses and vice-versa.
For example, if you start changing IP addresses in Network 2, you can use some
subnets of 10.222/16 to start replacing the IP addresses of the node. These subnets
must not overlap with the pool you use on R2 to NAT addresses. They won’t be
NATed by R2 when routed, but they will be when entering R1. Or you can use a new
range of IPs for each side and then you must create new IP routes.
11 –16 Rev. 11.12

If each side has its own DNS server, NAT can also translate the DNS response when
sent to the other network.
For example, if a server account corp123.com with IP 10.1.1.100 is in Network 1,
when the DNS on Network 1 side responds to the DNS request coming from
Network 2, the IP address 10.1.1.100 will be translated by R1 to 10.111.1.100. So
server account corp123.com will appear to Network 2 with the IP address
10.111.1.100.
Rev. 11.12 11 –17

Overlapping networks—Scenario
pp g 4a
10.1/16 translated into 10.11/16
10.1/16 10.1/16
S 10.222.4.77
S 10.222.4.77 D=10.111.1.100 S 10.1.4.77 2
D=10.1.1.100 D=10.111.1.100
D=10.1 10.111 S 10.222 10.1

10.1.1.100 R1 R2 10.1.4.77
Network1 Network2
S 10.1 10.111 D=10.222 10.1
1 S 10.1.1.100 S 10.111.1.100
D=10.222.4.77 S 10.111.1.100 D=10.1.4.77
D=10.222.4.77
As seen by Network2 : As seen by Network 1:

10.111/16 10.222/16
10.1/16 translated into
10.222/16
Figure 11-12: Overlapping networks—Scenario 4a
In the example above, node 10.1.4.77 in Network 2 tries to reach a server in

Network 1, which it sees as 10.111.1.100 (the server is really 10.1.1.100 in its own
Network 1). The server’s IP address may be provided by the DNS response and
translated by NAT if the DNS server is in Network 2.
When a packet is routed by R2, the source IP 10.1.4.77 is NATed to 10.222.4.77
and forwarded to R1. When a packet is routed by R1, the destination 10.111.1.100 is
NATed to 10.1.1.100 and forwarded in Network 1.
11 –18 Rev. 11.12

Overlapping networks—Scenario 4b
As seen by Network 1:
10.1/16 10.222/16
R1 R2
Network1 Network2 1
As seen by Network2 : 10.1/16
10.111/16
Gig 1/0/1 Gig 1/0/2 Int vlan 100 Int vlan 200
10.1.1.254 10.3.1.1/24 10.3.1.2/24 10.1.1.2
IP Network Next Hop Type IP Network Next Hop Type

10.1.1.0/24 0.0.0.0 C 10.1.1.0/24 0.0.0.0 C
10.1.3.0/24 0.0.0.0 C 10.1.3.0/24 0.0.0.0 C
10.1.0.0/16 10.1.1.253 S 10.1.0.0/16 10.1.1.1 S
10.222.0.0/16 10.3.1.2 S 10.111.0.0/16 10.3.1.1 S
Static route to the network as seen when NATed, is required
R1-Cisco(config)#ip route 10.222.0.0 255.255.0.0 10.3.1.2
R2-HP(config)#ip route-static 10.111.0.0 255.255.0.0 10.3.1.1
Figure 11-13: Overlapping networks—Scenario 4b
For Network1 to send a packet to Network 2, R1 needs to have a route to

10.222/16, which is the IP subnet of Network 2 as it seen by Network1.
Symmetrically, R2 needs to have a route to 10.111/16, which is the IP subnet of
Network1 as it seen by Network2.
Rev. 11.12 11 –19

Overlapping networks—Scenario 4c
10.1/16 10.222/16
R1 R2
Network 1 Network 2 1
As seen by Network 2 : 10.1/16
10.111/16 Gig 1/1 Gig 1/2 Gig 1/2
10.1.1.254 10.3.1.1 10.3.1.2

R1=Cisco
ip address 10.1.1.254 255.255.255.0
ip nat inside

ip address 10.3.1.1 255.255.255.0
ip nat outside
ip route 10.222.0.0 255.255.0.0 10.3.1.2
ip nat inside source static network 10.1.0.0 10.111.0.0 /16

ip nat outside source static network 10.1.0.0 10.111.0.0 /16
Figure 11-14: Overlapping networks—Scenario 4c
This slide shows the configuration of R1 in the example network.

On Cisco devices, the command ip nat inside source static network 10.1.0.0
10.111.0.0 /16 translates all source addresses on the inside interface 10.1 into 10.111,
keeping the node part instead of selecting IP addresses from a pool.
The command ip nat outside source static network 10.1.0.0 10.111.0.0 /16 translates
all source addresses embedded in the DNS entry coming from outside (for example
from Network 2) into the inside.
Let’s say Network1 has a domain name of corp1.com, and Network 2’s domain
name is corp2.com. Each side has its own DNS server. You will have to configure the
DNS server in Network1so that the corp2.com domain is translated by the DNS
server in Network 2. The IP address you will have to provide will be the NATed
address of the DNS server in Network 1. In other words, if the real IP of the DNS
server in Network2 is 10.1.1.100, you will have to configure it as 10.222.1.100 in
DNS Network1.
You will reverse the operation for Network 2; on the DNS server, configure
corp1.com to be translated as such: Real IP = 10.1.1.222, NATed = 10.111.1.222.
11 –20 Rev. 11.12

The configuration of R2 is shown below.

ip address 10.1.10.254 255.255.255.0
ip nat inside

ip address 10.3.1.2 255.255.255.0
ip nat outside
ip route 10.111.0.0 255.255.0.0 10.3.1.1
ip nat inside source static network 10.1.0.0 10.222.0.0 /16

ip nat outside source static network 10.1.0.0 10.222.0.0 /16
Rev. 11.12 11 –21

Overlapping networks—Scenario
g 4d
10.1/16 10.222/16
R1 R2
Network1 Network2 1
As seen by Network2 : 10.1/16
10.111/16
Int vlan 100 Int vlan 200 Int vlan 100
Int vlan 200
10.1.1.254 10.3.1.1 10.1.10.254
10.3.1.2
ip address 10.1.1.254 24 R1= HP A -Series
nat outbound 2001 address-group 1 no-pat
ip route-static 10.222.0.0 16 10.3.1.2
acl number 2001

rule deny
nat address-group 1 10.111.0.1 10.111.254.254
Figure 11-15: Overlapping networks—Scenario 4d
This figure shows the configuration for R1.

For this scenario, you implement source NAT for all traffic selected by an ACL, which
specifies the private IP addresses that overlap between Network 1 and Network 2
(10.1/16). R1 translates each selected source address to one of the IP addresses in
address group 1. These are a range of Network 1 IP addresses as seen by Network
2 (10.111.0.1 to 10.111.254.254). As usual, R1 automatically performs the proper
translation on return traffic to forward the return traffic to the correct Network 1
device.
You must configure R2 in a similar manner. The configuration is:
ip address 10.1.10.254 24
nat outbound static
ip route-static 10.21.0.0 16 10.3.1.1
nat static net-to-net 10.1.0.1 10.1.255.254 global 10.21.0.0 16
Alternative configuration with dynamic NAT

You can implement a similar configuration for the same scenario, in which, instead of
each device having a different NAT IP address, all devices share a NAT address. You
learned the commands for configuring dynamic NAT in this way earlier in this
module.
11 –22 Rev. 11.12

Module 11 summary
In this module, you have learned how to configure NAT for various practical
scenarios. Write down any thoughts you may have while your facilitator reviews the
content of this module.
_______________________________________________________________________
_______________________________________________________________________
_______________________________________________________________________
_______________________________________________________________________
_______________________________________________________________________
_______________________________________________________________________
_______________________________________________________________________
_______________________________________________________________________
_______________________________________________________________________
_______________________________________________________________________
_______________________________________________________________________
_______________________________________________________________________
_______________________________________________________________________
_______________________________________________________________________
_______________________________________________________________________
_______________________________________________________________________
Rev. 11.12 11 –23

Learning check
Q1: What is the difference between dynamic NAT and NAPT?
___________________________________________________________________
___________________________________________________________________
___________________________________________________________________
___________________________________________________________________
___________________________________________________________________
___________________________________________________________________
___________________________________________________________________
___________________________________________________________________
Q2: What is required to access (from the outside) an internal server set with a
private address?
___________________________________________________________________
___________________________________________________________________
___________________________________________________________________
___________________________________________________________________
___________________________________________________________________
___________________________________________________________________
___________________________________________________________________
___________________________________________________________________
___________________________________________________________________
11 –24 Rev. 11.12
Q3: What is the benefit of such a configuration?

___________________________________________________________________
___________________________________________________________________
___________________________________________________________________
___________________________________________________________________
___________________________________________________________________
___________________________________________________________________
___________________________________________________________________
___________________________________________________________________
Q4: In what situation would you use static NAT?

___________________________________________________________________
___________________________________________________________________
___________________________________________________________________
___________________________________________________________________
___________________________________________________________________
___________________________________________________________________
___________________________________________________________________
___________________________________________________________________
___________________________________________________________________
___________________________________________________________________
Rev. 11.12 11 –25

11 –26 Rev. 11.12

Learning Check Answers

Appendix A
Module 2
Activity and discussion question answers
Q: What minimal switch parameters should you configure to allow discovery by
IMC?
A: The switch must be configured with:
 System name, or hostname (all switches have a name by default)
 IP address, preferably dynamic
 SNMP communities
Although open Telnet access is not necessary for IMC to discover the device, it can
be helpful to enable Telnet access so that you can easily access and configure the
switch.
Management scenario 1a—Cisco

Q: When is a source-interface useful?
A: The source interface specifies the source for traps, which is useful when the switch,
typically a routing switch, has multiple IP interfaces. Such a switch could send traps
from a different source address from the one at which IMC discovered it, causing the
trap to be misidentified.
Management scenario 1b—HP A-Series

Q: What does user privilege level 3 mean?
A: On HP A-Series switch, the highest privilege level is level 3.

Q: Why not configure a read-only community?
A: A read-write community (configured as “manager unrestricted“ on HP E-Series) will
allow you to configure both a read-only and a read-write community.
Rev 11.12
Q3: What commands can you use to access logging on the terminal?
A3: In the terminal session at user view level:
<hp>terminal monitor
You can select what display is shown with:
<hp>terminal logging
Enabled by default
<hp>terminal debugging
Disabled by default
<hp>terminal trapping
Enabled by default

Q1: Is there any drawback to disabling Telnet?
A1: When troubleshooting or configuring the network, it is convenient to access one
switch from another. If no SSH client exists on a switch’s platform (as with HP E-
Series), you cannot establish an SSH session between switches. (SSH is supported by
the HP A-Series switches.)
Q2: Is the command required?
A2: No. This command provides a default user privilege level for users connecting
via telnet. However the privilege for authenticated is the privilege level associated
with their user parameters. It overwrites the level define in user-interface. If not
defined, level defaults to 0.
Q3: What would you recommend instead of the command?
A3: No default privilege level.
Q4: What user characteristic is supported on HP A-Series switches but is not
available on Cisco?
A4: Service-type, which defines how users can communicate with the switch
Q5: What is the meaning of “cipher“ in “password cipher verysecret”?
A5: It means password will be encrypted during configuration

Q1: What command displays logging on the terminal?
A1: By default no logging message is displayed on terminal. You must enter:
Switch# debug destination session
Rev 11.12
Q2: What command displays the logging buffer?

A2: The following command displays the logging buffer:
show logging [-a, -r] [<search-text>]
By default, the command displays the log messages recorded in
chronological order since the last reboot. You use the and options as follows:
 The option displays all recorded log massages, including those before the last
reboot.
 The option displays all recorded log messages, with the most recent entries
listed first.
 The <search-text> option displays all event log entries that contain the specified
text.
You can use a value with or to further filter your search.

Q: On what port do you want to disable snmp trap link up/down?
A: Disable traps link up/down on ports that are not key such as access-layer ports
but leave the trap active for uplink ports.
Learning check answers

Q1: Describe an HP A-Series switch’s support for LLDP and CDP.
The switch supports both protocols, but neither is enabled by default. When you do
enable LLDP, it is enabled on all ports by default. CDP is intended for use with Cisco
IP phones. When used with a switch neighbor, the A-Series switch does not send
CDP frames. However, CDP transmits and receives frames when used with an IP
phone.
Q2: Which parameters does a switch require in order for IMC to discover it?
The switch requires:
 A system name (which is set by default)
 IP connectivity to the IMC (an IP address and sometimes a default gateway)
 The correct SNMP read-only community (and the correct SNMP read-write
community for IMC to manage it)
Setting IMC as the trap server is optional and so is configuring Telnet access.
Rev 11.12
Q3: You want to force management users for your Cisco and HP A-Series switches to
log in to the CLI using SSH. What steps must you complete on each type of switch?
The steps are similar on both switches. You must generate a public/private keypair,
enable SSH, and specify SSH as the protocol for the virtual management interfaces
(VTY). You should also configure an authentication method for management access.
You could configure the management users to authenticate to a local list of users, as
you learned in this module, or you can have users enter a password or authenticate
to a RADIUS server. And you should also set the privilege level for the management
users (if they authenticate locally).
Module 3
VLAN configuration on Cisco: Access and voice ports
Q1: How do you list VLANs?
A1: The command is.
Q2: How do you list trunk ports?
A2: For a quick view on port status, enter . For a more detailed
view, enter .
Q3: How do you list access ports?
A3: Enter .

Q1: What is a major difference between trunk ports on Cisco and HP A-Series?
A1: On Cisco switches, all VLANs are allowed on trunk ports. On HP A-Series
switches, only VLAN 1 is enabled by default. On HP E-series switches, VLANs have
to be assigned one by one.
Q2: Can you remove VLAN 1 on trunk ports on HP switches?
A2: Unlike on Cisco switches, VLAN 1 only plays the role of default VLAN on HP
switches. If a port is not specifically assigned to a VLAN, it is assigned to VLAN 1.In
most cases it does not play a role in L2 protocols such as LLDP, STP, and LACP.
BPDUs for these protocols are sent anyway, as untagged frames, and are not
attached to any specific VLAN since their destination is a switch. If the switch is
disabled for the protocol, it will recognize the frames as untagged and will attach it
to the native VLAN or untagged on a trunk.
Q3: Can you assign a VLAN to an access port with GVRP or VTP?
A3: VTP and GVRP only dynamically assign VLANs to trunk ports.
Rev 11.12
Q4: Would you enable all VLANs on trunk ports in a mixed environment with HP
and Cisco switches?
A4: The main issue with assigning all VLANs on trunk ports is that it extends the
broadcast domain VLANs to the overall LAN. That will not be an issue if not all
VLANs are created on all switches; it happens in the case of dynamic learning with
VTP and GVRP. With static configuration, the learning can be better controlled and
then all VLANs can be permitted on trunk ports.
Module 4
Q1: What MSTP parameters must be set consistently on all switches for them to be in
the same MSTP region?
A1: The region name (case sensitive), the revision number, and the mapping between
instances and VLANs must match EXACTLY.
Q2: What are the default MSTP parameters?
A2: Region name: MAC address of the switch; revision number: 0; mapping of
instance to VLAN: all VLANs in instance 0.
Q3: Why would you want all switches to be in the same MSTP region?
A3: The main reason for placing all switches in the same region is to get load
balancing on uplinks on a per-instance basis. If you are not worried about load-
balancing because you have enough network bandwidth, you might also put all
switches in the same region to keep the configuration consistent.
Q1: If there is a mistake in the switch’s MSTP configuration, what happens?
A1: When region parameters do not match between switches, each switch becomes
its own region, and they interoperate in the common spanning tree, which functions
like RSTP.
Q2: Besides mistakes in the region name or revision number, what conditions could
result in switches being in different regions?
A2: The following situations result in switches being in different regions:
 When MSTP is enabled on a switch but MSTP parameters have not been
configured, the region name is by default the MAC address of the switch. This
can be a valid setup if the load balancing effect between instances is not
desired.
 The VLAN mapping to instances do not match—a situation that occurs if VLANs
are added or deleted and have not been mapped to an instance in advance. A
best practice is to set the mapping in advance to avoid this situation.
Rev 11.12
Which BPDUs are used?—Review 3

Q1: Which Bridge Protocol Data Units (BPDUs) are used inside and outside the MSTP
region?
A1: The MSTP switches send these BPDUs:
 Inside the MSTP region, switches send MSTP BPDUs.
 Outside the MSTP region, the MSTP-capable switches also send MSTP BPDUs.
Switches that are capable only of RSTP or STP can interpret the first part of the
MSTP BPDUs, which is backward compatible with these protocols.
MSTP BPDUs—Review 4
Q1: Are MSTP BPDUs tagged?
A1: No, they are untagged. This is very different from PVST. Note that RSTP and STP
BPDUs are also untagged.
Q2: Are MSTP BPDUs attached to a VLAN?
A2: Absolutely not. The MSTP BPDUs are non-VLAN specific, and an untagged VLAN
may or may not exist on the link over which MSPT BPDUs are sent.
Q3: On a trunk port, is it required to set an untagged VLAN for MSTP BPDUs?
A3: No. MSTP BPDUs, as well as RSTP and STP BPDUs, will be sent on the link
whether or not a native VLAN or untagged VLAN exist on the link.
Q4: What is the destination MAC address of an MSTP BPDU?
A4: 01:80:c2:00:00:00 is a bridge MAC address. The switch is the destination for
that MAC address when MSTP is enabled.
Q5: Does each MSTP BPDU carry information about all instances?
A5: Yes. Switches outside of the MSTP region will only use the CIST parameters,
which are included in the STP/RSTP backward-compatible portion of the BPDU, but
the MSTP BPDU includes information about all instances.
Common spanning tree—Review 5

Q: Which MSTP parameters affect the spanning tree at the boundaries of the MSTP
region?
A: Switches within an MSTP region send the same MSTP BPDUs within and outside of
the region. However, MSTP switches in another region, as well as RSTP and STP (and
PVST+) switches, interpret only the first part of the MSTP BPDUs, which includes
parameters for the CST. These parameters are obtained from the MSTP region’s root
bridge in the IST.
Rev 11.12
What setup is required to enable load balancing—Review 6

Q1: What MSTP setup is required to enable load balancing?
A1: You must create a different topology for each instance to create a load-balancing
effect. The STP topology primarily depends on which switch acts as Root Bridge
within the instance and on port costs; therefore, you adjust these parameters for each
instance to create a load-balancing effect.
Q2: Does the MSTP topology depend on VLAN setup?
A2: No. The MSTP topology does not depend on the VLAN setup but solely on root
setup and link cost. Whether or not the VLAN exists on the port, a port role (root
port, alternate port or designated port) will be assigned to the port within an MSTP
instance. If VLANs of the given instance exist on that port, they will be blocked.
Mapping VLANs to MST instances—Review 7

Q1: What happens to the MSTP configuration when VLANs are moved to an
instance?
A1: By default all VLANs are assigned to instance 0 (the IST instance). When a
VLAN is assigned to an MST instance X, that VLAN is removed from instance 0.
Is MSTP “aware” of the VLAN setup—Review 8

Q1: Is MSTP “aware” of the VLANs setup?
A1: No. This is a key difference between Cisco PVST+ and MSTP. When creating the
spanning tree topology, MSTP is does consider which VLANs are supported on
which links. If a port must be blocked in instance X, then all VLANs in instance X that
exist on that port will be blocked.
Q2: If all link costs are equal in each instance, which ports are root ports?
A2: The root ports are ports that lead to the shortest path to the root bridge. If two
paths are the same, the port that leads to the switch with the higher priority (lower
value) is preferred. If two ports lead to the same switch, the tie is broken by the port
ID.
Q3: If all link costs are equal in each instance, which ports are alternate ports?
A3: The alternate ports are uplinks other than the root ports. Note that on edge
switches with more than two uplinks, only one port per-instance can be the alternate
port. The alternate port is then the second-best port in the selection process.
Rev 11.12
How do you set up VLANs on uplinks?

Q1: What are the pros and cons of setup 1and setup 2?
A1: In setup 1, all VLANs are permitted on all links.
 Pros:
 Easy setup
 Reduces risk of configuration errors
 No VLANs are forgotten in setup
 Easy maintenance
 Cons:
 The setup extends the broadcast domain to all edge switches.
There are some nuances to this point: if VLAN X is not created on a switch,
broadcasts in VLAN X will simply be dropped before being checked. In other words,
if VLANs are not defined on a switch, then this does not extend the VLAN to the
switch trunk port.
Unlike PVST+, this setup does not create overhead on the CPU due to BPDUs
because MSTP does not require one BPDU per VLAN or instance.
Conclusion: Setup of trunk with all permitted VLANs is simple and does not create
overhead.
In Setup 2, only VLANs defined on the edge are permitted on the trunk.
 Pros:
 The broadcast domain is not extended to all edge switches.
 Better control of VLANs.
 Cons:
 More complex setup
 More risk of configuration errors
Q2: Which setup would you suggest?
A2: Setup 1 because it is much simpler to put in place and does not really extend
the VLAN domains.
MSTP instances and VLAN settings

Q1: If VLAN 100 is set in instance 1, will this link stay active (forwarding traffic on
both sides)?
A1: If VLAN 100 is part of instance 1, then the link will be blocked on one side in the
instance that contains VLAN 100.
Rev 11.12
Q2: How can you ensure that this link stays active?
There are several solutions:
 Because VLAN 100 is on a unique link and does not create any loops, one idea
is to disable MSTP on that link only. However, this opens the risk that, if
someone later extends VLAN 100 to the rest of network or creates a trunk that
permits all VLANs, a loop will develop in VLAN 100. In other words, you can
disable MSTP only if you carefully control the VLANs permitted on each trunk.
Instead of disabling MSTP on the link, on HP A-Series switches, you can ignore
the STP results for the VLANs in which you are sure loops do not exist:
[HP-A] stp ignored vlan 100,200
 Because the topology is instance based, you can create a dedicated instance to
VLAN 100 with both switches at the end of the link being the root and
secondary root.
 Pros of this solution:
 Easy to setup
 Cons of this solution:
 You must create this instance on all switches in the MSTP region, which
is not scalable. If multiple links in the datacenter require this setup for
keepalives, it will require setup of many instances. In addition to being
inconvenient, there is also a capacity issue, as the number of instances
is limited to 16 or 32, depending on the platform.
 You can include this link in an existing instance, and then change the
cost to make sure the root port of the instance is on that link. Note that
all other VLANs of the instance should be defined on that link as well.
If instance 0 does not contain any of your “active VLANs,” you may
leave VLAN 100 on that link in instance 0 and change only the cost
setup for instance 0.
 Why dedicate a link for keepalives? Why not make that VLAN
dedicated to keepalives part of the other uplinks and of an existing
instance? That would drastically simplify instance setup. A simpler and
safer solution is to remove that dedicated link.
MSTP setting—Activity
Q1: Is MSTP active on the links that carry routed traffic on VLANs 100 and 200?
A1: Yes, MSTP is active on all links once spanning tree is enabled (MSTP is the
default version for spanning tree). Those ports are boundary ports for both MSTP
regions.
Rev 11.12
Q2: Which link is blocked? Why?

A2: Because each end of the links in VLAN 100 and VLAN 200 belongs to a
different region, the switches interoperate as if using RSTP. If the root switch of the
CST is the root in region 1, then the root port will be the port in region 2 on the
VLAN 100 link. The blocked port will be on the VLAN 200 link on the secondary
root of region 2. The decision about which link to block simply depends on the cost
of the path to the root switch.
Q3: How do you keep both links active?
A3: The simplest solution is to disable STP on both “routed links.” You could create
one unique MSTP region with separate dedicated instances for VLANs 100 and 200
and set a different root for each instance on either side of the link. However, this
design is rather more complicated than simply disabling STP.
Adding a new VLAN on a switch implementing MSTP

Q1: What happens if you add VLAN 14 on switch D?
A1: Because VLAN 14 is already in an instance (instance 0, by default and in this
example), no change will be made to the MSTP configuration, and it should not
affect the MSTP.
In general, creating a VLAN does not modify the instances. It is adding or removing
a VLAN from an instance that modifies the parameters of the MSTP region,
potentially causing the switch to be removed from other switches’ MSTP region.
Assigning a VLAN to an MST instance

Q1: What happens if you add VLAN 14 on switch D?
A1: The answer is the same as the answer on the previous slide; the MSTP topology
remains the same.
Q2: What happens when you define VLAN 14 on switch D in instance 2?
A1: The switch will be removed from the region that A, B and C belong to and will
be placed in its own region. Switch D will interact with the other switches in RSTP. To
put the switch back in the same region, you will have to update all the other switches.
Q3: What can you do to limit the MSTP region changes?
A3: A possible suggestion is leaving new VLANs in instance 0 until a scheduled
time. You can then move the VLANs to new instances on all switches at the same
time.
Rev 11.12

Q1: Is the MSTP region name case sensitive?
A1: Yes, it is.
Q2: Is MSTP aware of VLAN configuration? Explain your answer.
A2: No. MSTP BPDUs are sent untagged no matter what VLAN configuration is on
link. In addition, a link is blocked or not blocked simply based on the lowest path
cost to the instance root switch without regard to which VLANs are enabled on the
links.
Q3: Which parameters are applied outside of an MSTP region?
A3: The parameters applied in the CST are the parameters set in each region’s IST
instance/instance 0. The region’s bridge ID is the ID of the IST root bridge.
Q4: Can a switch that implements STP be the root of the CST?
A4: Yes.
Q5: How should you configure VLANs on uplink ports?
A5: There is no specific correct setup for uplinks. You can configure either all VLANs
or only allowed VLANs; either configuration can work well. The choice has no
impact on the way MSTP operates. However, you need to be careful to specify
VLANs on all ports that might have to carry traffic in case a link fails and the
topology changes.
In addition, you should remember that Cisco uplink ports must be trunk ports and not
access ports.
Q6: Does a Cisco switch implementing PVST+ interoperate with a switch
implementing MSTP? If so, how?
A6: Yes they do interoperate. Cisco switches send standard untagged RSTP BPDUs
on access ports or on trunks that allow VLAN 1. The HP switch implementing MSTP
send MSTP BPDUs, which are compatible with RSTP.
Module 5
Cisco PVST+: Which BPDUs are sent on access ports?
Q1: Which setup would you recommend for Voice over IP (VoIP) ports?
A1: Because VoIP ports do not send BPDUs, you might need to protect against loops
in case a standard switch is connected to such a port. You can either define the port
as a trunk instead of a VoIP port, or you can define it as a VoIP port and set BPDU
guard on it.
Rev 11.12

MSTP, PVST+, Rapid PVST)
A1-a: VLAN 1 sends out STP BPDUs. VLANs 10, 20 and 30 send out PVSTP BPDUs.
A1-b: VLAN 1 uses a standard MAC address (01:80:c2:00:00:00). VLANs 10, 20
and 30 use a Cisco MAC address (01:00:0c:cc:cc:cd).
A1-c: VLAN 1 frames are untagged, as all are standard STP frames. Frames are
tagged in VLAN 10.
MSTP, PVST+, Rapid PVST)
A2-a: VLAN 10 sends out PVST+ BPDUs. VLANs 20 and 30 send out PVSTP BPDUs.
A2-b: All VLANs use a Cisco MAC address (01:00:0c:cc:cc:cd).
A2-c: VLAN 10 frames are untagged. VLAN 20 frames are tagged.

Q1: For each BPDU in Figure 6-7, specify whether each switch will inspect, drop, or
forward a received BPDU of that type.
 BPDU A:
 Cisco switch 1 inspects BPDU A and sends the same type of BPDU.
 Cisco switch 2 inspects BPDU A and falls back to sending PVST+ BPDU.
 HP switch 3 forwards BPDU A without inspecting it because the BPDU does
not have a MAC address that the switch recognizes for STP BPDU. For its
part, the switch sends untagged MSTP BPDUs.
 HP switch 4 forwards BPDU A without inspecting it because the BPDU does
part, the switch sends untagged RSTP BPDUs.
Rev 11.12
 BPDU B:
 Cisco switch 1 inspects BPDU B and sends a PVST+ BPDU, forcing the other
side to fall back to this type.
 Cisco switch 2 inspects BPDU B and sends the same type of BPDU.
 HP switch 3 forwards BPDU B without inspecting it because the BPDU does
part, the switch sends untagged MSTP BPDUs.
 HP switch 4 forwards BPDU B without inspecting it because the BPDU does
part, the switch sends untagged RSTP BPDUs.
 BPDU C:
 Cisco switch 1 drops BPDU C because VLAN 1 is not allowed on this port.
This switch does not send standard STP BPDUs either.
 Cisco switch 2 inspects BPDU C because VLAN 1 is allowed on this port.
For its part, it sends untagged RSTP BPDUs.
 HP switch 3 inspects BPDU C and sends an MSTP BPDU, which is backward
compatible with STP.
 HP switch 4 inspects BPDU C and sends an RSTP BPDU, which is backward
compatible with STP.
 BPDU D:
 Cisco switch 1 drops BPDU D because VLAN 1 is not allowed on this port.
This switch does not send standard RSTP BPDUs either.
 Cisco switch 2 inspects BPDU D because VLAN 1 is allowed on this port. It
also sends untagged RSTP BPDUs.
 HP switch 3 inspects BPDU D and sends an MSTP BPDU, which is backward
compatible with RSTP.
 HP switch 4 inspects BPDU D and sends an RSTP BPDU.
 BPDU E:
 Cisco switch 1 drops BPDU E because VLAN 1 is not allowed on this port.
This switch does not send any standard STP/RSTP/MSTP BPDUs.
 Cisco switch 2 inspects BPDU E because VLAN 1 is allowed on this port (it
inspects only the CIST parameters included in the RSTP backward-
compatible portion of the BPDU). For its part, it sends untagged RSTP
BPDUs.
 HP switch 3 inspects BPDU E and sends an MSTP BPDU.
 HP switch 4 inspects BPDU E (only the CIST parameters) and sends an RSTP
BPDU.
Rev 11.12
What BPDUs are sent and interpreted?

Q1: What BPDUs are sent by the Cisco switch and by the HP switch?
A1: The Cisco switch sends tagged Rapid PVST+ BPDUs in VLANs 11, 12, and 13,
and standard RSTP BPDUs in VLAN 1. The HP switch sends an MSTP BPDU, which
the Cisco switch interprets like an RSTP BPDU.
Q2: What is the effect of an RSTP BPDU being sent to HP C?
A2: The HP and Cisco switch can establish a spanning tree as if using RSTP. Because
Cisco A is the root in VLAN 1, the root port will be uplink 1 and the alternate port
will be uplink 2.
Q3: Are the PVST+ BPDUs transmitted by HP C?
A3: Yes, they will be forwarded on all ports as the MAC address is multicast.
However, as uplink 2 is blocked, they will not be forwarded on that port. Cisco B will
not receive any PVST BPDUs on that port.
PVST+ quiz
Q1: What is the cost of a gigabit link in PVST+?
A1: The cost is 4 for a Gigabit link, 19 for Fast Ethernet, and 2 for10 Gig. Note that
the costs are the same in Rapid PVST+. To be aligned with standard RSTP and MSTP
(Gig: 20 000), you must use the command.
Q2: Why does Cisco recommend not allowing all VLANs on a trunk port when
running PVST+?
A2: If trunks are configured with all VLANs permitted, then PVST is going to run as
many STP instances as there are VLANs created on the switch, even if that switch
does not contain any edge ports in that VLAN. Cisco recommends only allowing
VLANs that exist on the switch onto the trunk in order to reduce the CPU overhead
due to BPDU per VLAN. Note that in MSTP this overhead does not exist.
Q3: Does Rapid PVST+ implement the “uplinkfast,” or “backbonefast,” Cisco’s fast
STP feature?
A3: No, Rapid PVST+ implements the fast convergent and imbedded mechanisms of
RSTP.
Considering STP port cost differences

Q1: The picture shows the desired topology. Is the actual topology the desired one?
A1: The root path cost for HP C is 20 000 on uplink 1 and 20 004 on uplink 2.
 Therefore, the root port is uplink 1, and the alternate port is uplink 2.
 The actual topology is the one that is shown.
Rev 11.12
Q2: Does setting the path cost method on the Cisco switches to long change the
topology?
A2: When you configure this option on the Cisco switches, all costs in this scenario
are now 20 000.
 The root path cost for HP C will be 20 000 on uplink 1 and 20 000 + 20
000= 40 000 on uplink 2.
 Therefore, the root port is uplink 1, and the alternate port is uplink 2.
 The topology is the same as in the previous case.
Considering STP port cost differences (cont.)

Q1: Identify the root port and blocked ports for switches B, C, and D.
A1-a: The root ports are:
 Switch Cisco B: The root port in VLAN 1 is A (shortest root path cost).
 Switch Cisco C: The root port in VLAN 1 is D (shortest root path cost).
 Switch Cisco B: The root port in VLAN 1 is F (shortest root path cost).
 A1-b: The blocked ports are:
 Switch Cisco B: The blocked port in VLAN 1 is B.
 Why? Because the root path cost of Cisco B is higher than the root
path cost of Cisco C, Cisco B blocks its port.
 Switch Cisco C: There is no alternate port as Cisco C is closer to the root
than Cisco B.
 Switch HP D: The blocked port in VLAN 1 is G.
Q2: What do you conclude?
A2: If the Cisco aggregation switches use the long option for path cost calculation
method, and if the Cisco edge switches do not support this method (because of an
old firmware version, for example), the secondary root switch, rather that the access
layer switch, might have the alternate (blocked) port. Cisco uplinkfast requires that
the root port and alternate ports be on the access switch, so this feature would not
work when access layer switches did not support the long path-cost calculation
method.
Cisco and HP scenario 1: HP A-Series switch configuration

Q1: Is the MSTP region configuration required?
A1: No, because the Cisco switches will not read these settings in the BPDU that they
exchange with the HP switches. The switches will interoperate in VLAN 1 as if using
RSTP.
Rev 11.12
Q2: Under what circumstances, would you configure the MSTP region settings?
A2: If you plan to convert Cisco switches to MSTP later, it makes sense to enter the
right configuration on the HP switches now.
Cisco and HP scenario 1: HP E-Series switch configuration

Q1: With these configurations, what is the region name?
A1: When not specified, the region name is set to the switch’s MAC address by
default. Again, setting the same MSTP region parameters for all access layer switches
makes sense if the Cisco switches will also be migrated to MSTP in the near future.
PVST+/STP interoperability—Scenario 2
Q1: Does traffic from Cisco C experience the PVST+ load balancing effect on uplinks
to the aggregation layer?
A1: Yes. Cisco C’s root port is different for different VLANs, so it forwards traffic over
different links in those VLANs.
Q2: Does traffic from HP Switch D experience this effect?
A2: With the configuration left as it is, the HP switch’s traffic does not experience the
load balancing effect. The blocked port blocks traffic in all ports, so one link carries
all traffic.
The drawback of this setup is the added burden on the link between Cisco A and
Cisco B. In order for VLAN 12 and 13 traffic to reach the default gateway that
resides on Cisco B, the traffic has to cross the link between Cisco A and B.
Q3: Can you obtain load balancing for HP D?
A3: Yes. (The rest of the scenario taught you how; see the next questions and
answers.)
What setup is required in VLAN 1?

Q1: On Cisco B, what can you do to block port gig1/1?
A1: Increase the cost of PO1 in VLAN 1 on Cisco B to be greater than the root path
cost of HP C. Then, if the root path cost of HP C is 20000, for example, choose 30
000 on PO1 on Cisco B in VLAN 1. Note that it is a per VLAN cost setup. If you do
not specify the command, the default cost would
be 4 and you would increase the value to 5.
 The pro of this solution is in setting this cost once, which will work for all HP
edge switches.
 The con is if there are Cisco switches at the edge, it is also going to move the
blocked port in VLAN 1 to the secondary root switch, which prevents uplinkfast
from working. See the discussion 2 slides from here for more detail.
Rev 11.12
Q2: What can you do on HP C to get the same result?

A2: Simply change the path cost of uplink 47 to make HP C have a lower cost path
to the root than Cisco B. For example, change the uplink cost value to 3 or 10 000,
which is lower than the root path cost of Cisco B, which is either 4 or 20 000
(depending on which path cost method the Cisco switch is using).
 The pro of this solution is that you do not change the path cast on the secondary
root, which ensures the correct topology for any Cisco switches at the access
layer.
 The con is the setup has to be done on all HP switches in the edge.
PVST+ view in other VLANs

Q1: On Cisco B, what is the root port in VLANs 11 and13 if the cost is 20000?
A1: Gig 1/1 and po1 will have a root path cost of 20000. If there are more HP
switches on the edge with an equivalent setup, there will be even more ports. In that
case, the port with the lower neighbor port ID will “win.” It could be Gig 1/1. This
would not be a good situation as po1 would be blocked in those VLANs. With as
much traffic that has to flow between Cisco A and Cisco B, this is not a desired
result.
Q2: How do you ensure that po1 is selected the root port?
A2: By decreasing the cost of po1 to a value lower than the root path cost of uplink
to the access switches (the cost of Gig1/1). If you specify the
command, you would have to set the cost of po1 to10000, as the cost
of Gig1/1 would be 20000. If you did not enter this command, you would set the
cost of po1 to 3 since the cost of Gig1/1 would be 4.
Cisco and HP scenario 2: Cisco switch configurations

Q1: What is the setup for HP C?
A1: You could configure HP C in the simplest way possible, simply enabling
spanning tree and defining the edge ports. The setup would be the same as that in
scenario 1.
What about other Cisco switches in the access layer?

Q1: If Cisco C implements PVST+ uplinkfast, what is the drawback of the setup
illustrated in the slide?
A1: When you change the cost of the link between the Cisco aggregation switches,
the alternate port moves to the secondary root switch not only for the HP switches but
also for the Cisco access layer switches. This change prevents uplinkfast from
working because this feature requires the access layer switches to have the alternate
port.
Rev 11.12
Q2: What setup do you suggest to resolve this issue?

A2: Change the port cost on the HP access switch rather than on the Cisco
aggregation switch.
Q3: If Cisco C implements Rapid PVST+, do the setup requirements change?
A3: When Cisco D implements Rapid PVST+, it has fast convergence without the
need for uplinkfast. Therefore, having the alternate port on the secondary root switch
has fewer consequences. You could choose to change the port cost on the Cisco
aggregation switch instead of the HP access switches.
What is the purpose of load balancing?

Q1: Name some good reasons to set up load balancing.
 A1: Load balancing can provide better use of uplinks.
 You can load balance the routing function between aggregation switches.
 The customer might want you to implement load balancing.
 Cisco emphasizes load balancing as a good use of uplinks in their training.
Q2: What might be some reasons to not set up load balancing?
 A2: Load balancing can be more complicated to set up.
 Load balancing can lead to asymmetric routing situations, which can cause
excessive flooding of unicast traffic.
 On small networks, this issue is quite minor. On large networks,
however, it can cause major problems.
 You can resolve this problem by raising the MAC address timeout
values to match the ARP timeout (for example, set both to one hour).
 Load balancing routing might slow network traffic because more traffic
needs to traverse the link between the core devices, which adds hops. In
addition, load balancing increases the number of ARP requests for each
conversation.
 Instead of always deciding to use load balancing, you should carefully consider
whether load balancing is required.
 Most customers find a psychological appeal in load balancing, but the
benefits are not always worth the added complexity.
 Because both switches are in use instead of being one active and one
standing by, customers feel that they are maximizing their resources.
However, load balancing is only truly required if you cannot obtain the
necessary bandwidth or performance from one switch.
Rev 11.12
 Load balancing is also perceived as a “safe” thing to do. Customers

often believe that even if they do not fully use the resources of one
switch, load balancing traffic cannot cause any harm. But this is not
always true, as indicated above; you should think through why load
balancing would be better in this particular environment.
 However, if customers have been educated one way, it might not be easy to
change their minds.
 You might need to give them some proof. For example, demonstrate
how much of the uplink bandwidth is used. End nodes typically use less
than 10 percent of Gigabit bandwidth. In data centers, however, end
nodes would often use more.
HP at the aggregation layer—Scenario 3

Q1: How would you manage the redundant connections in this scenario?
A1: IRF provides an easy way to integrate Cisco access switches without requiring
STP between Cisco and HP switches. Link aggregation –static or LACP based- can be
implemented.
Q2: What are your recommendations for setting up IRF?
A2: Recommendations include:
 Add a second 10 Gigabit link for IRF redundancy and to avoid splitting the
stack, which would create a loop.
 Enable IRF Mode, define the IRF member number (1 and 2 here) and the roles of
master and slave (by means of IRF priority), and set the IRF ports.
 Implement MAD in case of a split.
 Set link aggregation from Cisco access switches to the two HP switches that are
members of the IRF.
 To avoid a local loop, STP can be enabled locally. In addition, on Cisco
switches, loop guard can be enabled on edge ports.
HP at the aggregation layer—Scenario 3: MSTP and PVST+

Q1: Which BPDUs are sent and received by Cisco switches in VLAN 1?
A1: As Rapid PVST+ is enabled, Cisco switches send standard RSTP BPDUs in
VLAN 1.
Q2: Which BPDUs are sent and received by the HP switches?
A2: The HP switches exchange MSTP BPDUs between them. They send MSTP BPDUs
to the Cisco switches, which interpret these BPDUs like RSTP BPDUs, reading the CIST
parameters. For example, these parameters indicate the ID of the root bridge in the
MSTP IST, which is used in the election of the CST root.
Rev 11.12
Q3: If HP A and B are root and secondary root in the CST, what are the root port
and alternate ports in VLAN1 on Cisco switches?
A3: The root ports are the ports that connect to the HP A, which is the root in the IST.
Assuming that the links have equal bandwidth, each link has the same path cost
(because the Cisco switches are using the long option for path cost method).
Therefore, the path to the neighbor with the higher priority, in this case HP B for each
Cisco switch, is preferred. Thus the Cisco switches block their ports that connect to
HP B.
Q4: What happens if the long path cost method is not enabled?
A4: If the Cisco switches do not use the long path cost method, their ports have a
lower path cost than the HP B switch ports. Therefore, the HP B switch would block
the ports that connect to the Cisco switches rather than the opposite.
HP at the aggregation layer—Scenario 3: With MSTP and PVST+

Q1: Which BPDUs are sent and received by Cisco switches in other VLANs?
A1: The Cisco switches send PVST BPDUs that are tagged for those VLANs.
Q2: How do the HP switches handle the PVST BPDUs?
A2: HP switches forward the tagged PVST BPDUs like any other frame without
processing them. From the point of view of PVST+, the HP switches do not exist. They
are seen as a hub.
Q3 Having exchanged these BPDUs, what topology do the switches create? Assume
that the Cisco switches are using their default priorities and that Cisco C has the
lowest MAC address.
A3: The Cisco switches that implement PVST elect one root per-VLAN (besides VLAN
1, in which, as determined in the previous slide, the HP switch was elected root). The
switch with the lowest bridge ID in each VLAN is elected.
Often, as in this example, the access layer switches use the default priority. Therefore,
the switch with the lowest MAC address is the root for all VLANs besides VLAN 1 in
PVST+.
Because, as far as PVST+ is concerned, the Cisco switches connect as if through a
hub, the topology is slightly unusual:
 Cisco C, the root bridge, has only one designated port, which is the port with
the lower ID. The other port is a backup port, which is blocked. Typically, all
ports on the root bridge are designated.
 On the other switches, one port is the root port (the one that connects to Cisco C
with the lowest ID). The other port is blocked. (This behavior is more usual.)
Rev 11.12

Q1: When does PVST+ interoperate with standard STP? And with RSTP? And with
MSTP?
A1: PVST+ interoperates on access ports because these ports send standard STP
BPDUs—except if a voice VLAN is activated. On trunks, it interoperates if VLAN 1 is
allowed on the trunk. PVST+ also interoperates with switches in RSTP or MSTP,
because those protocols are backward compatible with STP.
Q2: Does an HP switch “understand” tagged PVST+ BPDUs? If not, does it drop them
or forward them?
A2: No, an HP switch does not understand Cisco tagged PVST BPDUs. An HP switch
will not be the destination of the Cisco multicast MAC address. The HP switch
forwards tagged PVST BPDUs.
Q3: What is the default cost value in PVST+ and Rapid-PVST+ for a Gigabit port?
A3: 4. If path cost method long is enabled then value is 20 000.
Q4: What STP protocol is a proprietary Cisco protocol based on 802.1w
mechanisms?
A4: Rapid-PVST+.
Module 6
Reminder: With IRF STP is unnecessary
Q1: What are the key advantages of using IRF for redundancy?
 A1: There is no need to implement STP. Logically, this solution looks like a single
star topology.
 IRF is easy to configure, easy to manage, and easy to maintain.
 IRF makes the switches in the stack look like one virtual switch.
 IRF interoperates well with most managed switches: link aggregation to IRF can
be static or LACP based.
Q2: Why would you enable STP in an IRF architecture?
A2: IRF typically creates an architecture without loops because links to different
switches within the IRF are treated as aggregated links. However, if someone
accidently connects cables to the wrong ports, it is possible for loops to emerge.
Therefore, you might want to implement STP with the IRF architecture.
Rev 11.12
Q3: What STP setup would you recommend?

A3: STP can be enabled globally. In addition, you should always define a root
bridge. If you have an IRF stack, it should be the root bridge.
You may choose to disable STP on uplinks. You can enable loop guard or loop
protection on the edge ports of switches that support this feature (Cisco or HP E-
Series). Loop guard provides additional protection in case a poorly configured
device does not forward the BPDUs and, therefore, fails to recognize loops.
What happens when STP is disabled on the HP edge switch

Q1: What happens to BPDUs sent by Cisco switches?
A1: When STP is disabled on an HP switch, it will forward standard BPDUs and
PVST+ BPDUs. The HP switch is no longer the destination for the multicast MAC
address 01:80:c2:00:00:00, and it has never been destination for the Cisco MAC
address, so all BPDUs are forwarded. Everything looks as if the two aggregation
switches were connected directly together by a simple link. HP switches are
“transparent.” Loops between switches are solved by running PVST+ on Cisco
switches. While disabling STP on a device is unconventional, it may work perfectly
when you integrate HP switches into an existing Cisco network.
Q2: What is the resulting topology?
A2: Cisco A and Cisco B send and receive BPDUs from each other. It is like two
switches connected together by multiple links. In this specific topology, one link is up
(the designated port on the root side and the root port on the other side).Other links
are designated on one side and blocked on the other side.
Note that the link between Cisco A and B is active only if:
 It has shortest path cost. This is not true if all link s are the same. If the link is a
port-channel, the Cisco IOS defines cost value as:
 3 or 10000 for two GbE links (4 or 20000 for a 1 GbE link)
 1 or 1000 for two 10 GbE links (2 or 2000 for one 10 GbE link)
 All port costs are equal, if the link is in front of the port with the lowest port ID.
Configuring the HP switch to disable STP

Q1: How should you configure HP C?
A1: Disable STP and enable loop protection on edge switches.
Monitor link on HP A-Series switches

Q1: In this architecture, is there a loop? Why or why not?
A1: In this configuration, servers are connected to two switches. The two switches
are not connected together. Each server switch is connected with a single link to the
upstream switch. Overall, this does not create a loop because servers don’t bridge
the traffic.
Rev 11.12
Q2: What will happen if an uplink fails?

A2: If an uplink fails, the server cannot sense it. Server traffic will then be lost.
Q3: When might it be appropriate to use this architecture?
A3: The advantage of such a configuration is the ability to connect servers
redundantly to an existing network without the need to enable spanning-tree.
Whenever you don’t want to interact with the customer’s configuration, this design
can fit very well.

Q1: With STP disabled on an HP switch:
Q1a: Does it forward or drop standard STP BPDUs?
A1a: The switch forwards all BPDUs.
Q1b: Can you load balance traffic?
A1b: Yes, load balancing is provided by PVST+ or MSTP on aggregation switches.
Q1c: What can occur if STP is disabled at the edge?
A1c: Local loops. With HP E-Series switch, you can enable loop-protection to prevent
local loops.
Q2a: What is required to enable the smart link feature?
A2a: An edge switch connected to an upstream network with two uplinks. STP must
be disabled on the two uplinks.
Q2b: What do you enable to get load balancing with smart link?
A2b: You create MSTP instances, create two smart link groups, and associate each
group with an MSTP instance.
Module 7
Q1: What feature(s) prevent loops that can occur on edge ports?
A1: Loop protection (or loop protect) on HP E-Series devices.
Q2: Are UDLD on Cisco and DLDP on HP-A series switches interoperable?
A2: No.
Rev 11.12
Q3: Would you set root guard on edge ports?

A3: You can, but this feature is redundant when BPDU guard is enabled. In addition,
on HP A-Series switches, root guard cannot be implemented on edge ports. The last
feature enabled takes effect. You should usually choose defining edge ports as edge
ports, which can be protected by BPDU guard, in preference to enabling root guard
on them.
It is usually recommended to configure root guard on the ports of aggregation
switches that lead to edge switches.
Q4: Would you set BPDU filter on edge ports?
A4: You can. This feature filters any BPDUs on the edge port, which would block
BPDU attacks on the edge. BPDU filter also prevents another switch being inserted
into the network and pretending to be the root. However, BPDU filter does not stop
the switch –sending BPDU from connecting like BPDU guard but only filters the BPDU.
Q5: Would you set BPDU guard on uplinks?
A5: No, as this is where you would want your switch to interact with others to form
the STP.
Q6: What prevents loop in case of unidirectional links?
A6: Loop guard or UDLD. If you cannot configure UDLD (perhaps because you are
connecting two different platforms), then you can configure loop guard on an edge
switch. With loop guard, when the switch does not receive BPDUs from an upstream
switch on its root or alternate port, the switch recognizes the abnormal situation and
disables one port, leaving the other one in forwarding state.
Module 8
IRF, Link aggregation and interoperability: IRF in the distribution level
Q1: Would you enable STP?
A1: The overall design with IRF does not require STP. However, the IRF design does
not prevent local loops due to incorrect cabling. Enabling MSTP as well as hardening
STP on the edge with BDPU guard may prevent accidental loops at the edge.
To keep STP functionality at the edge and to avoid compatibility issues due to a
different form of STP (such as Cisco PVST or MSTP) being used, you can filter BPDUs
with BPDU filter or by disabling STP per port.
In the scenario, IRF is set in the aggregation, or distribution, layer. Although IRF can
be placed at all levels, in the distribution layer, IRF provides a way to link to Cisco
devices either in access or in core, allowing you to completely remove STP.
Rev 11.12
IRF, link aggregation and interoperability: IRF in the distribution and access
layers
Q1: Do you need to configure VRRP?
A1: An IRF acts as a single L2 and L3 switch. There is no need for VRRP because the
IP addresses and the IP forwarding table are fully distributed on IRF members. The IP
forwarding plane is fully managed by line cards hardware based on the FIB table
that is loaded from the master switch. On the control plane, the routing table (RIB) is
set by the master switch using local networks, static routes and routing protocols.
VLAN trunking and link aggregation

Q1: Do you have to set VLAN trunking on physical ports as well?
A1: A virtual port set by link aggregation, is a port should be configured as such.
There is no need to configure individual ports.

Q1: In what circumstances can you create an LACP link aggregation in which one
switch connects to two different switches?
A1: When switches are set in a stack such as with HP A-Series IRF or Cisco VSS.
Q2: Can you create a link aggregation between a Cisco switch port in on mode and
an HP E-Series switch port in trunk mode?
A2: Both modes mean static and will interoperate together.
Q3: Can you create a link aggregation between a Cisco switch in active mode and
an HP A-Series switch in dynamic mode?
A3: Both modes mean static LACP and will interoperate together.
Module 9
Virtual IP concepts
Q1: List the virtual protocols with which you are familiar. State which are proprietary
and which are industry-standard.
A1: Virtual IP protocols include:
 Cisco HSRP
 Cisco GLPB
 VRRP
Both HSRP and GLBP are proprietary protocols implemented in Cisco devices. VRRP
is standard based, so various vendors’ equipment can interoperate.
Rev 11.12
Q2: What is the purpose of implementing HSRP and VRRP?

A2: Redundancy for the default gateway is the most well-known and commonly used
function. You can also use HSRP or VRRP to provide redundancy for the next hop in
static routes.
Q3: Do the endpoints that use the virtual IP as their default router need to be aware
of HSRP or VRRP?
A3: No. Devices for which the virtual IP address is the default router act just as they
would if their default router were not implementing a Virtual IP protocol. When they
need their traffic to be routed, they set the virtual MAC address, which they receive in
response to their ARP requests, as the destination MAC address for the Layer 2
Ethernet frames.
Q4: What are the different roles of routers in HSRP and VRRP?
A4: The master router owns the virtual IP address and virtual MAC address. It routes
traffic for endpoints for which the virtual IP address is the default router; it also routes
traffic for devices with state routes in which the virtual IP address is the next hop. The
backup routers monitor whether the master is up, and if the master fails, one of them
becomes the new master.
Q5: In what circumstances are the virtual IP and virtual MAC addresses used?
A5: Usually devices do not send traffic to the virtual IP at Layer 3. Devices can ping
this address, and SNMP devices can contact the address. Endpoints for which the
virtual IP is the default gateway, and routers for which the virtual IP is the next hop,
address frames with packets to be routed to the virtual MAC address.
Q6: For which common protocols might the virtual IP protocols not provide
redundancy without interruption?
A6: Some protocols do not experience seamless redundancy without interruption
unless the routers also implement state sharing between them. For example, NAT and
IP Security (IPsec) (a virtual private network, or VPN, protocol) are stateful functions.
When two routers share a virtual IP address that is configured as a gateway for an
IPsec VPN tunnel, they do not naturally share the states of the other’s IPsec (and
Internet Key Exchange, or IKE) SAs. Therefore, if the master router fails, the remote
endpoints of any active tunnels must establish new security associations (SAs) with the
new master.
Similarly, the routers implementing the virtual IP protocol do not share a NAT
translation table. If the master router fails, the NAT sessions are lost and must be
reestablished.
Rev 11.12
Virtual IP quiz answers

Q1: What is the difference between VRRP and HSRP?
A1: Both VRRP and HSRP provide the same functionality; however, some differences
exist:
 VRRP is standard based while HSRP is proprietary.
 In HSRP, the owner and standby routers exchange frames. In VRRP, the master
router sends VRRP frames to backup routers, but the backup routers are silent.
However, in enhanced forms of VRRP that implement more functions that those
required by the standard, such as the VRRP load balancing function supported
by HP A-Series switches, both master and backup exchange frames.
 The timers are different. The HSRP default hello time is 5 seconds and the hold
time is three times the hello time. The VRRP default hello time is 1 second, but
the hold time is also three times the hello time.
 HSRP uses the Cisco virtual MAC address of 00-00-0c-07-AC-XX while VRRP
uses 00-00-5E-00-01-XX. In both, XX is the group ID.
Q2: What is the difference between GLBP and HSRP?
A2: The main difference is that GLBP allows the load balancing of traffic among the
master and standby routers while in HSRP (and VRRP) the standby routers do not help
handle traffic. With GLBP, the single virtual IP address is associated with one virtual
MAC address per GLBP member. The master receives ARP requests and sends replies
that specify different virtual MAC addresses, taking turns among the different virtual
MAC addresses in order to distribute traffic among them.
Note that HP A-Series devices support a VRRP load balancing function which is very
similar to GLBP. However VRRP load balancing is a proprietary implementation of
VRRP and uses specific MAC addresses for that purpose.
Q3: What message does a backup router usually send when it becomes master?
A3: When the backup router becomes the master, it owns the virtual IP address and
the virtual MAC address. It usually sends a gratuitous ARP (ARP response without a
request in which the source MAC is the virtual MAC) that:
 Updates the ARP cache of the endpoints in the broadcast domain (usually not
necessary as the virtual MAC is not changed
 Updates the MAC address table of switches
Rev 11.12
Q4: What function does preemption serve?

A4: Preemption allows the router with the higher priority for a given virtual IP to
preempt the role of master when booted or rebooted; that is, the router can take the
role away from another device. Preemption based on priority is particularly useful for
synching HSRP/VRRP master roles with STP roles so that the network makes best use
of the STP topology. Preemption is also useful when a tracking situation occurs, in
which the master decreases its priority and the backup router gains a higher priority.
Preemption allows the backup to become the new master.
Q6: What function does the preempt delay serve?
A6: When a router preempts the master role, it may not be ready to route IP packets
to remote networks because HSRP and VRRP often converge much faster than routing
protocols; even though the master can route packets to directly connected networks
immediately, it has not yet learned routes via OSPF, RIP, or BGP.
With the preempt delay, it waits until it is ready before preempting its master role.
Preempt delay is not enabled by default; you must remember to set it to a value
greater than the time required for routing protocol convergence in your environment.
Q7: What function does tracking serve?
A7: If the master router loses an interface connection, it might lose connectivity with
other routers that are next hops in its routes to remote networks. The master will lose
these routes and no longer be able to route packets to these destinations.
Tracking enables the router to lower its priority if a particular interface goes down so
that its priority becomes lower than that of a backup router. The backup router
becomes the new master, and traffic can reach its destination.
Note that sometimes when the master loses one interface connection, routing
protocols converge and provide different routes to the remote networks. In this case,
tracking might not be necessary. However, it might still be useful because often the
backup route is through the backup router in the VRRP/HSRP protocol. The backup
partner might as well become the master so that the traffic is routed through it
directly.
An enhanced version of tracking, which is available with HSRP and VRRP on HP A-
Series devices, allows routers to tracking a remote IP address (for example, an
address on Internet) rather than an interface. This feature tests the router’s overall
connectivity more completely.
Rev 11.12

Q1: How does an IP endpoint learn the Virtual Router’s virtual IP and virtual MAC
addresses?
A1: It learns the virtual IP address from its default gateway IP address either through
DHCP or a manual configuration. The endpoint learns the virtual MAC address by
sending an ARP request for the virtual IP. The master responds to the request with the
virtual MAC address, which the endpoint can then use to send Layer 2 frames to its
default gateway.
Q2: Can a HP Layer 3 switch back up a Cisco Layer 3 switch using HSRP?
A2: No. For the HP switch to back up the Cisco switch, the Cisco switch would need
to implement VRRP, which is quite rare in the field as most Cisco devices implement
HSRP.
Q3: Can you use VRRP and HSRP in the same LAN?
A3: As long as the two implementations do not use the same virtual IP address, you
can. For example, two HP routing switches implement VRRP, and two Cisco WAN
routers implement HSRP. Both virtual IP groups have a static route in which the next
hop is the other group’s virtual IP.
The IP endpoints do not pose a concern because they are not aware of either
protocol. They only need to send ARP requests for their default gateway as always.
Q4: What is the purpose of the preempt delay purpose? When would you set it?
A4: When a master preempts its role, it may not be ready to route IP packets to
remote networks. With the preempt delay, it waits until it is ready before preempting
the master role.
Preempt delay is not enabled by default. You should enable it whenever the master
uses routing protocols, setting the delay to a value that is greater than the time for
routing protocol convergence.
Q5: In what situations is load balancing desirable?
A5: Whenever you want to divide traffic for a given VLAN/IP subnet between the
routing switches. You might enable this feature when both routers offer an equally
attractive path (MSTP does not block links).
Q6: When a pair of core routing switches connect to a WAN router, is VRRP always
tracking required?
A6: No, depending on your environment, it might not be required. If the switches run
a routing protocol, routing protocols convergence may be enough by itself to
preserve routes to the remote network. A floating static route might also serve this
purpose. Although these options might add an extra hop if one of the master’s
interfaces goes down, you might consider a simpler configuration worth that cost.
Rev 11.12
Module 10
OSPF neighboring—Scenario 1-1
Q1: What conditions must two routers meet to become OSPF neighbors? For each
condition that you list, check that setting on the routers in this example. Circle any
incorrect settings and replace them with the correct setting.
A1: For two routers to become OSPF neighbors, they must meet the following
conditions on the communicating IP interfaces:
 Same IP subnet
A subnet contained within a larger subnet also applied. For example, R2 has a
/30 IP address within the space of the other routers’ /24 subnet. It can still
become those routers’ neighbor.
 Same OSPF area
In this example, all routers have their IP interfaces in area 0 except R3. (Circle
that setting on R3 and change it to area 0.)
 Same timers
All of the routers except R4 are using the default Hello and Dead interval timers:
 Hello = 10 seconds
 Dead Interval = 40 seconds
R4 has a Dead Interval of 30 seconds, so it would not become a neighbor with
the other routers. (Circle that setting on R4 and change it to 40 seconds.)
 Same network type
On Ethernet interfaces, the default setting is Broadcast. All of the routers in this
example are using this setting except R2, which is set to Point to Point (P2P).
(Circle that setting on R2 and change it to Broadcast.)
The network type depends on the Layer 2 protocol:
 Ethernet interfaces—As mentioned, the default setting is Broadcast, which
indicates that Layer 2 network includes broadcast traffic. You can also
configure Ethernet interfaces as P2P, which indicates that the network
includes only two devices connected on a single routed Ethernet interface.
 The P2P setting speeds convergence because the routers do not need to
elect a designated router.
Rev 11.12
 Layer2 networks such as ATM and Frame Relay, provide more options for
the type:
 P2P
 Non Broadcast Multi Access (NBMA)
 Point to Multipoint in Multicast (P2MP)
 Unicast (P2PM In Unicast)
 Same authentication method and password
None of these routers implement authentication, so all of them meet this
condition.
OSPF DR Election—Scenario 1-2

Q1: How do devices in a multi-access (such as Broadcast) network determine which
devices become DR and Backup DR (BDR)? What role does priority 0 play in this
process? What role do other priorities play?
A1: The OSPF router that starts its processes first becomes the DR. The router that
starts second becomes the BDR. However, if a router’s priority is set to 0, it does not
participate to the elections. So, more precisely, the first OSPF router to start that does
not have priority 0 is the DR.
Other priorities only affect the process if an election must occur:
 More than one router starts its OSPF processes at the same time. In this case, the
router with the highest priority value becomes DR, and the router with the second
highest priority becomes BDR. In this example, those would be R2 and R4,
respectively. But it is relatively rare for multiple routers to start their processes at
once. Usually routers start one at a time as they are configured and brought up.
 The DR’s or BDR’s connection (Layer 1/Layer 2) goes down or goes down and
then comes back up. In this case, an election begins when all routers are
already running their OSPF processes when the election starts. They use
priorities to elect the DR or BDR.
Q2: Can you determine which routers in this figure become DR and BDR?
A2: No. You know R1 will not become DR or BDR because its priority is 0, but any
of the other three routers could become DR or BDR depending on when they start.
Q3: How can you force two routers to become DR and BDR?
A3: Set the priority on all other routers to 0.
Rev 11.12
OSPF authentication—Scenario 1-3

Q1: If you ignore the authentication settings, which routers become OSPF neighbors
and on which subnets and areas?
A1: Cisco 2 and HP 1 are neighbors on IP subnet 192.168.1.0/24 and area 0.
Cisco 2 and HP 3 similarly become neighbors on IP subnet 10.6.0.0/24 and area
10.
A2: Yes. Both sides use the simple password authentication method and the same
password, “very-secret.” Note that authentication method must be enabled for the
Area, but the specific settings are configured on a per-interface basis.
Q3: On HP 1, the password is specified with the keyword. What purpose
does this keyword serve?
A3: This keyword encrypts the password in the configuration to protect it from
unauthorized detection. However, it does not encrypt the password when HP 1
transmits it on the LAN. (Use the keyword to display the password in plaintext
in the configuration.)
A4: Yes. Both sides use the md5 password authentication method and the same
password, “cant_find.” In addition, the key ID matches.
Q5: What role does the key ID play (beyond being another matching setting)?
A5: The key ID helps you to rotate passwords. As with any password, it is best
practice to change OSPF MD5 passwords on a regular basis. However, if you start
by changing the password on one router, this router loses its neighbor relationships.
Instead, you should create the new password with a new key ID without removing the
first key. After you have configured the new password on every router, you can
remove the old password.

Q1: What kind of OSPF router is R1?
A1: R1 is an Area Border Router (ABR). It has interfaces in different areas.
Q2: What kind of LSAs are generated by R1?
A2: ABRs generate Type 3 LSAs, which are Inter Area LSAs or Summary LSAs. The
ABR generates the Type 3 LSA for an area based on its database of Type 1 and Type
2 LSAs for that area. The ABR advertises the Type 3 LSA for one area in other areas.
Q3: What function does configuring an area range serve?
A3: Configuring the area range configures the ABR to summarize a range of Inter
Area LSAs into a single LSA. Note also that you can configure an area range to
exclude a range of Inter-Area LSAs from the Summary LSA.
Rev 11.12
Q4: Why would you configure an area range?

A4: Configuring the area range reduces the size of the LSA table for devices in other
areas that receive the Summary LSAs, thus simplifying these devices’ routing tables.
Configuring the area range also reduces the number of LSA updates exchanged in
an OSPF network.
For example, you can include several remote sites in one area. If IP subnetting is
configured appropriately, you can then summarize all the remote sites’ networks in
one short list of IP networks.
Q5: What are the key advantages of summarization?
A5: Summarization simplifies the routing table because one area is seen as one
network.
In addition, by generating a default route (summarization of the rest of the network),
an ABR hides the rest of the network from routers in areas that do not need this
information (totally stubby areas and NSSA totally stubby areas).
Q6: Does summarization have some disadvantages?
A6: With summarization, you lose granularity. On a router in an area that receives a
summary for other areas, you cannot see when an individual network in another
area loses connectivity. You would typically have to access the ABR to see this
information.
You can only summarize Type 1 and Type 2 LSAs. Routes to external networks (Type
5 and Type 7 LSAs) are summarized by the ASBR and are not included with the Type
3 LSAs (except the default route advertised in totally stubby areas and NSSA totally
stubby areas).
Q7: Why can you enable summarization on R1 and not on R2, R3, and R4?
A7: Because R2, R3, and R4 are not ABRs and cannot generate Type 3 LSAs.
Q8: What other tasks can you perform on an ABR related to area summarization?
A8: You can filter some networks or blocks of network so that they are not seen in
other areas. You can generate a default route and advertise only that route in
selected non-backbone areas (totally stubby areas and NSSA totally stubby areas),
hiding unnecessary complexity from routers in the stub areas.
Q9: Where can you see the results of the area summarization?
A9: You see the results on routers in different areas from the one that is summarized.
On R4, you can check the summarization of area 1 (10.1.0.0/16). On Router R2 and
R3, the summarization of area 0 (10.0.0.0/16) is visible. On the ABR, you might also
see a summary to null 0 interface.
Rev 11.12
OSPF area summarization: Scenario 2-1-a

information:
network 10.0.0.0 0.0.255.255 area 0
network 10.1.0.0 0.0.255.255 area 1
area 0 range 10.0.0.0 255.255.0.0
area 1 range 10.1.0.0 255.255.0.0
Also fill in the blanks to indicate how the ABR (R1) will summarize the routes:
R1 aggregates the routes in area 0 into a single route to 10.0.0.0/16 and advertises
this route to routers in area 1.
R1 aggregates the routes in area 1 into a single route to 10.1.0.0/16 and advertises
this route to routers in area 0
OSPF area summarization: Scenario 2-2

Q1: For each router, fill in the routing table:
 Routes discovered through OSPF, remembering to consider the summaries
For Type, indicate the type of route using the Cisco abbreviations.
A1: The figure displays the answers for the activity.
Rev 11.12

Q1: Why would you redistribute routes to directly connected networks instead of
configuring those networks as OSPF networks?
A1: First, you might not be able to (or you might not want to) establish OSPF
neighboring with other routers on the network. For example, these routers might
belong to another company or to an ISP. A firewall might block OSPF
communications, or the connection might be over an IPsec VPN that does not support
OSPF communications.
You could configure the network as a passive interface OSPF network; however, often
redistribution provides a simpler configuration. For example, when two routing
switches are connected to more than 50 VLANs, you can redistribute connected with
fewer commands than enabling OSPF on all 50 VLANs.
In addition, redistributing the networks allows the router to aggregate them into fewer
routes, which can be crucial to simplifying the routing table on other routers.
Q2: What conditions must be met on a router for it to redistribute routes?
A2: For a router to redistribute a route, that route must be active in the routing table.
The connected interface must be up for a connected route, or the forwarding
interface must be up for a remote router. In addition, the router’s OSPF area must not
be stub or totally stubby.
Q3: Which type of OSPF LSA is created for the redistributed route?
A3: External network LSAs are created: Type 5 LSAs or, in an NSSA, Type 7 LSAs.
Q4: What are some reasons for not redistributing routes?
A4: Redistributed routes are always advertised as external networks. These networks
cannot be aggregated with other OSPF networks on an ABR. Therefore, if the
networks could fit in the range of a route summarization on the ABR, you might want
to advertise them as directly connected OSPF networks.
In addition, routers in stub and totally stub areas cannot receive advertisements for
the external networks created by route redistribution. (However, typically they do not
need these specific routes.)

Q1: Fill in the blanks to show the proper configuration for R2 when it is a Cisco
router.
A1: The figure gives the answer.
Rev 11.12
Q2: What command can you enter to verify that the Cisco R2 has properly
redistributed (or imported) the routes?
A2: show ip ospf database external
Q3: What command can you enter to verify that the routes to the external networks
have been summarized?
A3: You can enter show ip route on R1 to verify that this router received the
summarized route. On Cisco switches, the router that summarizes the route (R2 in this
example) also creates a route for the summarized networks with null as the
forwarding interface. You can enter show ip route on R2 to look for that route.
does this configuration serve, and how could you change the metric type?
A4: This configuration indicates that routers will increment the cost for the
redistributed (external) route as it is advertised. You can change the metric type with
these commands:
Router ospf 1
redistribute connected metric-type 2 subnets

Q1: Fill in the blanks to show the proper configuration for R2 when it is a HP A-
Series router.
Rev 11.12
ip route-static 10.1.3.0 24 10.1.10.3

ospf 1
area 1
network 10.1.1.0 24
import-route static cost 10 type 1
import-route direct cost 10 type 1
asbr-summary 10.1.2.0 23
does this configuration serve? Why might you select type 1 rather than type 2?
A2: Metric type 1 means that the cost for the route is incremented as it is advertised.
With type 2, the redistributed (external) route is assigned an initial cost that never
changes.
The type does not matter if only one path exists for the route. If multiple paths for a
specific network exist, then using type 1 metrics for redistributed routes to that
network enables routers to select the shortest path. If you use type 2, the cost is equal
for all paths. (However, routers will still select the path through the closest ASBR that
redistributed the route.)

Q1: Fill in the blanks to show the proper configuration for R2 when it is a HP E-Series
router.
Rev 11.12
ip route 10.1.3.0/24 10.1.10.3

vlan 10
ip ospf area 1
Router ospf
area 1
redistribute connected
redistribute static
default-metric 20
29 Rev. 10.41 metric-type 1

Q1: For R4 and R5, fill in the routing table:
 Routes discovered through OSPF (remember to consider redistributed routes,
summarized routes, and default routes)
For Type, indicate the type of route using the Cisco abbreviations.
A1: The figure below displays the answers for the activity.

10.0.10.0/24 0.0.0.0 C
10.1.2.0/23 10.0.10.1 O E1
10.1.1.0/24 10.0.10.1 O IA
10.2.1.0/24 0.0.0.0 C

0.0.0.0/0 10.2.1.4 O IA
10.2.1.0/24 0.0.0.0 C

36 Rev. 10.41 0.0.0.0/0 10.2.1.4 O N2
10.2.1.0/24 0.0.0.0 C
Rev 11.12

Q1: What parameters must match for OSPF neighbors?
A1: These parameters must match:
 IP subnet
 Hello and dead timers
 Area ID
 Area type (such as stub or NSSA)
 Network type
Q2: What purpose does BFD serve in OSPF?
A2: BFD speeds convergence to millisecond level. It enables routers to detect failures
when they are connected to same network but cannot sense the failure of the other
routers’ interfaces directly. That is, they are connected through a Layer 2 switch.
Q3: Which type of area conceals the networks in all other areas from routers within
that area?
A3: This is a totally stubby area (a stub or NSSA area with the no-summary
configured on the ABR). This type of area receives a single default route instead of
all Type 3 LSAs (inter-area route summarizations) and External Type 5 LSAs.
Q4: What options can you set when you redistribute routes into OSPF?
A4: You can change the metric and the metric type (1 or 2). You can tag the routes.
You can filter the networks that are imported.
Q5: Why would you tag IP routes when you redistribute them?
A5: Tagging a route marks (or “colors” it) so that you later select it for actions such
as filtering the route or changing its preference.
Module 11
Q1: What is the difference between dynamic NAT and NAPT?
A1: NAPT or PAT (port address translation) is a variation of dynamic NAT. To
configure dynamic NAT (many to many), you define a pool of IP addresses for the
NAT addresses. Each inside IP address is translated to an IP address of the pool.
With PAT or NAPT, there are a few inside source IP addresses and a source port that
is translated to the external IP address –usually the Internet or Public IP of the
router/firewall/gateway. This helps save a lot of public IP addresses, while enabling
Internet access for corporate clients.
Rev 11.12
Q2: What is required to access (from the outside) an internal server set with a
private address?
A2: A NAT setting is required that is going to translate the packets coming from
Internet clients: the few destination IP ports will be translated to an internal
destination IP port that defines the service on the server. When the DNS server is
outside and some inside nodes want to access the server, NAT translation of the
DNS payload can also be enabled.
Q3: What is the benefit of such a configuration?
A3: NAT and forwarding to the inside is restricted to the IP and ports for which NAT
has been defined.
Q4: In what situation would you use static NAT?
A4: Static NAT is used for accessing servers that are set with their private address
and for overlapping networks.
Rev 11.12
Rev 11.12
To learn more about HP networking, visit

www.hp.com/networking
© 2010 Hewlett-Packard Development Company, L.P. The information contained herein is
subject to change without notice. The only warranties for HP products and services are set forth
in the express warranty statements accompanying such products and services. Nothing herein
should be construed as constituting an additional warranty. HP shall not be liable for technical
or editorial errors or omissions contained herein.

SG1 00314282

Uploaded by

Copyright:

Available Formats

You might also like

SG1 00314282

Uploaded by

Document Information

Original Description:

Original Title

Copyright

Available Formats

Share this document

Share or Embed Document

Sharing Options

Did you find this document useful?

Is this content inappropriate?

Copyright:

Available Formats

SG1 00314282

Uploaded by

Copyright:

Available Formats

H

Accelerated Interoperability and Troubleshooting HP Networks

Printed in United States of America

Accelerated Interoperability and Troubleshooting HP Networks – v11.31

Student guide – Book 1 of 2

Management scenario 1c—HP E-Series ............................................................ 2-7

Setting up a DHCP server on an HP A-Series switch ...........................................2-8

IMC discovery—1 .........................................................................................2-9

IMC discovery—2 ....................................................................................... 2-10

IMC discovery—3 ........................................................................................ 2-11

IMC discovery—4 ....................................................................................... 2-13

IMC discovery—5 ....................................................................................... 2-14

Advanced and secured management ............................................................. 2-15

Notes ............................................................................................ 2-15

Management scenario 2 .............................................................................. 2-16

Management scenario 2 (cont.) ..................................................................... 2-17

Management scenario 2a—Cisco ................................................................. 2-19

Management scenario 2a—Cisco (cont.) ........................................................ 2-21

Management scenario 2a—Cisco (cont.) ........................................................ 2-22

Management scenario 2a—Cisco (cont.) ........................................................ 2-23

Management scenario 2b—HP A-Series ......................................................... 2-24

Information center on HP A-Series switches ..................................................... 2-27

Introduction to information center ...................................................... 2-27

Classification of system information ................................................... 2-27

Eight levels of system information ...................................................... 2-28

Management scenario 2b—HP A-Series (cont.) ............................................... 2-32

Module 3 objectives ...................................................................................... 3-1

Notes ............................................................................................. 3-1

Configuring and managing VLANs ..................................................................3-2

Notes ............................................................................................. 3-2

Terminology ................................................................................................. 3-3

Access, trunk, and hybrid ports on HP A-Series switches ....................... 3-3

VLAN configuration scenario ......................................................................... 3-5

VLAN configuration on Cisco: Access and voice ports .......................................3-7

VLAN routing on Cisco ................................................................................ 3-10

DHCP relay on Cisco ....................................................................................3-11

VLAN configuration on HP A-Series: VLAN creation and trunk ports................... 3-12

VLAN configuration on HP A-Series: Access and voice ports ............................. 3-13

VLAN routing on HP A-Series ........................................................................ 3-17

DHCP relay on HP A-Series ........................................................................... 3-18

VLAN configuration on HP E-Series ................................................................ 3-19

VLAN routing on HP E-Series .........................................................................3-20

DHCP relay on HP E-Series ........................................................................... 3-21

Dynamic VLAN creation: VTP and GVRP ........................................................ 3-22

VTP versus GVRP ......................................................................................... 3-23

GVRP and VTP on the same network .............................................................. 3-24

GVRP operations ......................................................................................... 3-25

MSTP design options .................................................................................... 4-13

How do you set up VLANs on uplinks? ........................................................... 4-14

Instances and VLAN settings—Activity ............................................................ 4-16

MSTP setting—Activity .................................................................................. 4-17

Adding a new VLAN on a switch implementing MSTP ...................................... 4-19

Assigning a VLAN to an MST instance .......................................................... 4-20

Strategies to place VLANs in MSTP instances ..................................................4-22

MSTP—Path costs ........................................................................................ 4-24

Configuring MSTP ........................................................................................4-25

IOS requirements for MSTP on Cisco .............................................................. 4-27