Professional Documents
Culture Documents
SG1 00314282
SG1 00314282
SG1 00314282
P
C
&L
St
ake
ho
ld
er
use
on
ly
.R
ep
ro
du
c tio
n
in
w
ho
le
or
i
BitSpyder - The Culture of Knowledge
n
pa
rt
w
ith
ou
tp
er
m
is
sio
n
is
pr
oh
ib
ite
d.
BitSpyder - The Culture of Knowledge
d.
ite
ib
oh
pr
is
n
sio
is
m
er
tp
ou
ith
w
rt
pa
i n
or
l e
ho
w
in
n
c tio
du
ro
ep
.R
ly
on
u se
er
ld
ho
ake
St
&L
C
P
H
Student guide
HP Partner Learning
BitSpyder - The Culture of Knowledge
d.
ite
ib
oh
pr
is
n
ios
is
m
er
tp
Copyright 2011 Hewlett-Packard Development Company, L.P.
ou
The information contained herein is subject to change without notice. The only warranties for
ith
HP products and services are set forth in the express warranty statements accompanying such
w
products and services. Nothing herein should be construed as constituting an additional
rt
warranty. HP shall not be liable for technical or editorial errors or omissions contained
pa
herein.
This is an HP copyrighted work that may not be reproduced without the written permission of
i n
HP. You may not use these materials to deliver training to any person outside of your
or
organization without the written permission of HP.
e
April 2011
n
HP Restricted
c tio
du
ro
ep
.R
ly
on
u se
er
ld
ho
ake
St
&L
C
P
H
BitSpyder - The Culture of Knowledge
Contents
d.
Module 1: Introduction to HP Networking Interoperability
ite
ib
Course objectives .......................................................................................... 1-1
oh
Course agenda ............................................................................................. 1-2
pr
Multi-vendor networks—Challenges and opportunities........................................ 1-3
is
Interoperability goals ..................................................................................... 1-5
n
io
Initial information for labs ............................................................................... 1-7
s
is
Module 1 summary ....................................................................................... 1-8
m
er
Module 2: Switch Management
tp
Module 2 objectives ...................................................................................... 2-1
ou
Notes ..............................................................................................2-1
ith
w
Enabling basic remote management ................................................................ 2-2
rt
Notes ..............................................................................................2-2
pa
Management scenario 1 ................................................................................2-3
n
Management scenario 1a—Cisco ...................................................................2-5
i
or
Management scenario 1b—HP A-Series ...........................................................2-6
e
Seven output destinations and ten channels of system information ......... 2-28
Ten channels of system information ................................................... 2-29
Default output rules of system information ........................................... 2-29
info-center source ...........................................................................2-30
Rev. 11.12 i
BitSpyder - The Culture of Knowledge
HP Networking Interoperability
d.
ite
Management scenario 2c—HP E-Series (cont.) ................................................ 2-39
ib
Management scenario 2c—HP E-Series (cont.) ............................................... 2-40
oh
Management scenario 2c—HP E-Series (cont.) ................................................ 2-41
pr
LLDP and CDP ............................................................................................. 2-42
is
Notes ............................................................................................ 2-42
n
io
IEEE 802.1AB LLDP and CDP ........................................................................2-43
s
is
HP E-Series .................................................................................... 2-43
m
HP A-Series .................................................................................... 2-43
er
Cisco ............................................................................................2-44
tp
Useful show and display commands ..............................................................2-45
ou
Notes ............................................................................................ 2-45
ith
Lab 2.1: Management.................................................................................. 2-46
w
rt
Lab debrief ................................................................................................. 2-47
pa
Module 2 summary .....................................................................................2-49
Module 3: VLANs i n
or
e
VLAN configuration on Cisco: VLAN creation and trunk ports ............................ 3-6
.R
ii Rev. 11.12
BitSpyder - The Culture of Knowledge
Contents
d.
ite
Lab debrief ................................................................................................ 3-32
ib
Module 3 summary .................................................................................... 3-34
oh
Learning check ........................................................................................... 3-35
pr
Module 4: Link Aggregation
is
n
io
Module 4 objectives ...................................................................................... 4-1
s
is
MSTP review ................................................................................................ 4-2
m
MSTP regions—Review 1 ............................................................................... 4-3
er
MSTP regions—Review 2 ............................................................................... 4-5
tp
Which BPDUs are used?—Review 3 ................................................................ 4-6
ou
MSTP BPDUs—Review 4 ................................................................................ 4-7
ith
w
Additional Information about MSTP .................................................... 4-8
rt
Common spanning tree—Review 5 ................................................................. 4-9
pa
What setup is required to enable load balancing?—Review 6 ........................... 4-10
n
Mapping VLANs to MST instances—Review 7 ................................................. 4-11
i
or
Is MSTP “aware” of the VLAN setup?—Review 8 ............................................. 4-12
e
HP Networking Interoperability
iv Rev. 11.12
BitSpyder - The Culture of Knowledge
Contents
Rev. 11.12 v
BitSpyder - The Culture of Knowledge
HP Networking Interoperability
vi Rev. 11.12
BitSpyder - The Culture of Knowledge
Contents
HP Networking Interoperability
Contents
Rev. 11.12 ix
BitSpyder - The Culture of Knowledge
HP Networking Interoperability
x Rev. 11.12
BitSpyder - The Culture of Knowledge
Course objectives
In this course, you will learn how to deploy Cisco and HP devices together in a
network. You will examine Cisco interoperability both with HP A-Series devices,
designed for large and complex enterprises, and with HP E-Series devices, intended
for Small to Medium Businesses (SMBs), which might, nonetheless, have some
sophisticated requirements.
Specifically, you will learn how to:
Manage the devices from a single management solution
Extend VLANs across the network in a consistent manner
Configure link aggregation groups between HP and Cisco switches
Implement redundant links in a loopless topology using the best method for your
environment
Configure virtual IP protocols for redundant routing
Establish OSPF autonomous systems with HP and Cisco switches
Implement NAT on the appropriate devices
Rev. 11.12 1 –1
BitSpyder - The Culture of Knowledge
HP Networking Interoperability
Course agenda
The agenda for this course is:
Day 1:
Module 1: Introduction to HP Networking Interoperability
Module 2: Switch Management
Lab 2.1: Management
Module 3: VLANs
Lab 3.1: Configuring VLANs
Module 4: Implementing MSTP (beginning)
Day 2:
Module 4: Implementing MSTP (end)
Lab 4.1: Configuring MSTP
Module 5: Interoperability Among PVST+, Rapid PVST+, and MSTP
Lab 5.1: Configuring PVST+/MSTP Interoperability: Cisco at the
Aggregation Layer
Optional Lab 5.2: Configuring PVST+/MSTP Interoperability: HP at the
Aggregation Layer
Module 6: Redundancy Without STP
Lab 6.1: Implementing Redundant links Without STP
Day 3:
Optional Module 7: STP Hardening
Lab 7.1: Configuring Spanning Tree Hardening
Module 8: Link Aggregation
Lab 8.1: Configuring Link Aggregation and IRF
Module 9: Virtual IP Protocols
Optional Lab 9.1: Configuring VRRP
Day 4
Module 10: Routing with OSPF
Lab 10.1: Configuring OSPF Areas
Optional Lab 10.2: Configuring OSPF Redistribution
Module 11: Network Address Translation
1 –2 Rev. 11.12
BitSpyder - The Culture of Knowledge
Consider the questions displayed in the table. Why do you want to implement a
multi-vendor network? What benefits do you expect from knowing how to do so? On
the other hand, what challenges do you expect to face during the implementation?
What pitfalls must you avoid?
The table above gives a couple of general ideas to get you started. Discuss more
ideas with your classmates. Try to make your contributions to the discussion as
concrete as possible. Draw on your experiences as a networking professional and
think carefully about why you are attending this course and what you hope to gain
from your time here.
_______________________________________________________________________
_______________________________________________________________________
_______________________________________________________________________
_______________________________________________________________________
_______________________________________________________________________
_______________________________________________________________________
_______________________________________________________________________
Rev. 11.12 1 –3
BitSpyder - The Culture of Knowledge
HP Networking Interoperability
_______________________________________________________________________
_______________________________________________________________________
_______________________________________________________________________
_______________________________________________________________________
_______________________________________________________________________
_______________________________________________________________________
_______________________________________________________________________
_______________________________________________________________________
_______________________________________________________________________
_______________________________________________________________________
_______________________________________________________________________
_______________________________________________________________________
_______________________________________________________________________
_______________________________________________________________________
_______________________________________________________________________
_______________________________________________________________________
_______________________________________________________________________
_______________________________________________________________________
1 –4 Rev. 11.12
BitSpyder - The Culture of Knowledge
Interoperability goals
– What are your goals for the multi-vendor network
deployment?
• Using single management system?
• Providing a consistent, high-quality network experience?
• Implementing open-standard protocols? Making familiar Cisco
protocols interoperate with open-standard protocols?
• Other goals?
You have considered the challenges of deploying a multi-vendor network. You must
now set goals to meet those challenges. The figure gives some examples of general
goals that you might set. For example, you might want to deploy a network that uses
a single management solution.
Of course, you will need to define your goals more precisely than the ones listed
above. What does a consistent, high-quality network experience mean to you? What
issues are involved in providing it, and what concrete goals can you set to ensure
that these issues are resolved? For example, you might need to provide high
availability by implementing redundant links between all access layer and
aggregation layer switches.
Your goals might differ from others’. For example, you might want to implement open-
standard protocols while your neighbor would prefer to implement familiar
proprietary protocols whenever they can interoperate with the open-standard ones.
What are the advantages and disadvantages of either goal?
You can record your ideas and the ideas of your classmates in the space provided.
_______________________________________________________________________
_______________________________________________________________________
_______________________________________________________________________
_______________________________________________________________________
_______________________________________________________________________
Rev. 11.12 1 –5
BitSpyder - The Culture of Knowledge
HP Networking Interoperability
_______________________________________________________________________
_______________________________________________________________________
_______________________________________________________________________
_______________________________________________________________________
_______________________________________________________________________
_______________________________________________________________________
_______________________________________________________________________
_______________________________________________________________________
_______________________________________________________________________
_______________________________________________________________________
_______________________________________________________________________
_______________________________________________________________________
_______________________________________________________________________
_______________________________________________________________________
_______________________________________________________________________
_______________________________________________________________________
_______________________________________________________________________
1 –6 Rev. 11.12
BitSpyder - The Culture of Knowledge
IP addressing:
Names: 10.POD.VLAN.X/24
During this course, you will complete several labs. Each lab includes two or more of
the switches displayed in the slide. The names and IP addresses used throughout the
labs are consistent. For example, the HP A5800 switches are always HP-C and HP-D
and have 3 and 4 in the final octet of their IP addresses. However, some of the labs
include only some of the equipment.
You will also use a Windows Server 2008 and a client for the labs.
Rev. 11.12 1 –7
BitSpyder - The Culture of Knowledge
HP Networking Interoperability
Module 1 summary
You have articulated your goals for a multi-vendor network deployment and seen the
multi-vendor equipment with which you will be practicing such a deployment for the
rest of this course. You are ready to turn your attention to the specific interoperability
issues on which the rest of this course focuses.
1 –8 Rev. 11.12
BitSpyder - The Culture of Knowledge
Switch Management
Module 2
Module 2 objectives
After completing this module, you will be able to:
Configure HP A-Series, HP E-Series, and Cisco switches so that they can be
managed by the HP Intelligent Management Center (IMC) platform
Configure the following features for secure management of HP A-Series, HP E-
Series, and Cisco switches:
Authenticated access
Secure Shell (SSH) V2.0
Simple Network Management Protocol (SNMP) v2 and v3
Network Time Protocol (NTP)
Syslog
Configure and use Link Layer Discovery Protocol (LLDP) on HP A-Series, HP E-
Series, and Cisco switches
Notes
_____________________________________________________________________
_____________________________________________________________________
_____________________________________________________________________
_____________________________________________________________________
_____________________________________________________________________
_____________________________________________________________________
_____________________________________________________________________
_____________________________________________________________________
Rev. 11.12 2 –1
BitSpyder - The Culture of Knowledge
HP Networking Interoperability
Notes
_________________________________________________________________________
_________________________________________________________________________
_________________________________________________________________________
_________________________________________________________________________
_________________________________________________________________________
_________________________________________________________________________
_________________________________________________________________________
_________________________________________________________________________
_________________________________________________________________________
_________________________________________________________________________
_________________________________________________________________________
_________________________________________________________________________
_________________________________________________________________________
2 –2 Rev. 11.12
BitSpyder - The Culture of Knowledge
Switch Management
Management scenario 1
– You must deploy a number of access-layer
switches:
• HP A-Series, E-Series, and Cisco switches
For the first scenario, you are deploying an HP A-Series switch, HP E-Series switch,
and Cisco switch at the access layer. You need to pre-configure the switches with the
most basic configurations that will allow IMC to discover the switches. You will then
use IMC to configure and manage the switches.
Q: What minimal switch parameters does IMC require to discover the switches?
_________________________________________________________________________
_________________________________________________________________________
_________________________________________________________________________
_________________________________________________________________________
_________________________________________________________________________
_________________________________________________________________________
_________________________________________________________________________
Rev. 11.12 2 –3
BitSpyder - The Culture of Knowledge
HP Networking Interoperability
These are the basic switch parameters necessary for IMC to discover the device:
System name
IP address and default gateway
SNMPv2 community—IMC requires only the read-only community to discover
the device, but it needs the read-write community to manage the device.
Configuring an SNMP trap receiver is not necessary for the discovery process but
can provide useful feedback to IMC regarding the switch. Once IMC discovers a
device, it can set itself as an SNMP trap receiver.
Telnet access is also not needed for the discovery process, but you might want to
configure it so that you can configure the switches remotely as needed. (SSH is the
more secure alternative, covered in the Management Appendix.)
2 –4 Rev. 11.12
BitSpyder - The Culture of Knowledge
Switch Management
Management scenario
g 1a—Cisco
Conf t
1 System name
hostname corpabc-1-2
2 IP address through DHCP IMC
Interface vlan 1 10.1.1.100
ip address dhcp
no shut
3 SNMP v2c community
snmp-server community imc-access rw
4 SNMP traps
snmp-server enable traps
snmp-server source-interface loopback 0
snmp-server host 10.1.1.100 version 2c public
5 Telnet without authentication
line vty 0 4
no login
privilege level 15
_________________________________________________________________________
_________________________________________________________________________
_________________________________________________________________________
_________________________________________________________________________
Note
Setting up Telnet access without authentication, as shown above, will allow you
to access a Cisco switch remotely and log in without a password. This can be
insecure, so in a real-world situation, you would either set a password or set the
privilege level lower for the interface without authentication.
Rev. 11.12 2 –5
BitSpyder - The Culture of Knowledge
HP Networking Interoperability
Management scenario
g 1b—HP A-Series
system-view
1 System name
sysname corpabc-1-3
2 IP address through DHCP
Interface vlan 1
ip address dhcp-alloc
quit
3 SNMP v2c community
snmp-agent trap-source vlan-interface 1
snmp-agent sys-info version v2c
snmp-agent community write imc-access
4 SNMP trap receiver
snmp-agent target-host trap address udp-domain 10.1.1.100
params securityname public V2C
5 Telnet without authentication
telnet server enable
user-interface vty 0 15
authentication-mode none
user privilege level 3
quit
What does user privilege level 3 mean?
Figure 2-4: Management scenario 1b—HP A-Series
_________________________________________________________________________
_________________________________________________________________________
_________________________________________________________________________
Note
A-Series switches have four command and privilege levels: visitor, monitor,
system, and manager. These levels are numbered 0-3, respectively. By default,
the command level for a user console interface is 3, and for all other interfaces it
is 0.
2 –6 Rev. 11.12
BitSpyder - The Culture of Knowledge
Switch Management
Management scenario
g 1c—HP E-Series
1 System name
hostname corpabc-2-4
2 IP address through DHCP
vlan 1 ip address dhcp ! Default
3 SNMP v2c community
no snmp-server community public
snmp-server community imc-access manager unrestricted
4 SNMP trap receiver
snmp-server host 10.1.1.100 public
snmp-server trap-source loopback 0
5 Telnet without authentication
! telnet access is permitted without passwords
! And provide access to privileged level
_________________________________________________________________________
_________________________________________________________________________
_________________________________________________________________________
_________________________________________________________________________
_________________________________________________________________________
_________________________________________________________________________
Rev. 11.12 2 –7
BitSpyder - The Culture of Knowledge
HP Networking Interoperability
dhcp enable
_________________________________________________________________________
_________________________________________________________________________
_________________________________________________________________________
Q2: Why would you use a DHCP server to assign IP address to your switches? You
usually configure static IP addresses on switches.
_________________________________________________________________________
_________________________________________________________________________
_________________________________________________________________________
For example, suppose you need to replace a defective switch. If you preconfigure the
switch with the basic parameters outlined in this scenario, it will automatically
acquire an IP address and be discovered by IMC when it is plugged in to the
network. (The IP address can also be found through the LLDP display.) This will allow
remote configuration and management of the switch.
Later you can apply an IMC configuration template that sets the IP address for all
devices.
2 –8 Rev. 11.12
BitSpyder - The Culture of Knowledge
Switch Management
IMC discovery—1
The next several pages describe the basic steps to set IMC to discover the devices
that have been added to the network.
The first step is to create an SNMP template that contains one of the following:
An SNMP v2c communities (read-only and read-write)
An SNMP v3 group, a user associated with that group, and authentication and
encryption methods
Multiple templates can be created to be used by IMC to discover all devices or those
within a given range of IP addresses
_________________________________________________________________________
_________________________________________________________________________
_________________________________________________________________________
_________________________________________________________________________
_________________________________________________________________________
_________________________________________________________________________
_________________________________________________________________________
Rev. 11.12 2 –9
BitSpyder - The Culture of Knowledge
HP Networking Interoperability
IMC discovery—2
dhcp enable
Switch Management
IMC discovery—3
Four modes for auto-discovery
IMC supports four modes of auto discovery, which determine how IMC searches for
devices:
1. Routing-Based
IMC reads the routing table of the “seed” router and explores all the nodes in all
IP subnets discovered in the routing table.
Pros: Full automatic discovery of the network.
Cons: If the routing table is large, discovery could take hours or even days.
The routing table may be much larger than the network to be discovered.
Recommendation: Use when the network is limited to one, or a few small, IP
subnets.
2. ARP-Based
ARP reads the ARP table of the main device to find nodes.
Pros: The search is restricted to active devices of local IP subnets as found
on a routing switch, so the search is quicker.
Cons: If devices are not active in IP, they may not be found. Also, if the ARP
table is populated with many IP end nodes, the search can be time
consuming.
Recommendation: Use for a quicker search.
HP Networking Interoperability
3. IPSec VPN-Based
IMC scans the IP addresses on the remote end of IPSec VPN.
Pros: The search focuses on remote devices related to IPSec VPN.
Cons: May be time consuming if remote networks are large.
Recommendation: Use with IPSec VPN remote networks
4. Network-Segment Based
You enter specific ranges of IP addresses to reduce scope of the IMC search.
Pros: You can target the “management VLAN”IP subnets, the IP ranges in
which devices are set (for example, the first 10 IP addresses of the subnet).
This can increase discovery efficiency
Cons: Requires more manual configuration.
Recommendation: Use with large networks. Use when the range of IP
addresses of network devices is known. Use to decrease discovery time.
Note
Manual discovery is always possible.
Switch Management
IMC discovery—4 y
5. How to discover devices:
- IP range
- SNMP templates
- Telnet and SSH templates
dhcp enable
This figure shows the IMC window on which you define Network Segment-Based
auto-discovery. Configuration tasks include:
Configure a range of IP addresses to be discovered. This step is required.
If you want to use your devices’ loopback interface IP addresses as the
management addresses, select the check box.
Select the Automatically register to receive SNMP traps from supported devices
check box.
Configure the type of login: Telnet or SSH.
Configure the SNMP settings. You can use pre-defined SNMP templates or
define SNMP parameters manually. This step is required.
Configure the parameters for connecting to the switches using either SSH or
Telnet.
HP Networking Interoperability
IMC discovery—5
Switch Management
Notes
_________________________________________________________________________
_________________________________________________________________________
_________________________________________________________________________
_________________________________________________________________________
_________________________________________________________________________
_________________________________________________________________________
_________________________________________________________________________
_________________________________________________________________________
_________________________________________________________________________
_________________________________________________________________________
_________________________________________________________________________
_________________________________________________________________________
_________________________________________________________________________
_________________________________________________________________________
_________________________________________________________________________
_________________________________________________________________________
_________________________________________________________________________
_________________________________________________________________________
HP Networking Interoperability
Management scenario 2
– Goals:
• Make devices manageable
• Createa secured infrastructure, which
requires secured devices
_________________________________________________________________________
_________________________________________________________________________
_________________________________________________________________________
_________________________________________________________________________
_________________________________________________________________________
_________________________________________________________________________
_________________________________________________________________________
_________________________________________________________________________
_________________________________________________________________________
_________________________________________________________________________
Switch Management
Management scenario
g
2 (cont.)( )
1 Encrypting passwords
2 Time protocol client
3 Syslog services
4 SSH V2.0
5 Secured access
• Local authentication
6 SNMP v3
Now you need to select the features needed to complete the configuration.
The device needs to be fully manageable
The access needs to be secure
Examine the following features to make the device and the configuration secure:
Encryption of passwords in the configuration process
SSH access
SNMP v3
Authentication of username and passwords, but only at one level
Due to the time constraints of the course, only a limited number of features can be
covered. However, you should be aware of some other features, including:
Secure Socket Layer (SSL)
Console access
Access Control Lists (ACLs) to restrict access to devices (access class, ACL with
SNMP communities)
Authentication of NTP
Hardening switch configuration (such as closing ports or disabling switches)
HP Networking Interoperability
_________________________________________________________________________
_________________________________________________________________________
_________________________________________________________________________
_________________________________________________________________________
_________________________________________________________________________
_________________________________________________________________________
_________________________________________________________________________
_________________________________________________________________________
_________________________________________________________________________
_________________________________________________________________________
_________________________________________________________________________
_________________________________________________________________________
_________________________________________________________________________
_________________________________________________________________________
_________________________________________________________________________
Switch Management
In the USA, Daylight Saving Time begins the second Sunday in March and ends
the first Sunday in November. (Note that the states of Hawaii and Arizona do
not observe Daylight Saving Time.)
HP Networking Interoperability
clock summer-time GMT1 recurring 2 Sun Mar 1:00 first Sun Nov 1:00
60
_________________________________________________________________________
_________________________________________________________________________
Use the following command as a precaution against your input being interrupted by
a large amount of system output:
Cisco# conf t
Cisco(config)# line vty 04
Cisco(config)# logging synchronous
Cisco(config)# exit
With this feature enabled, you can continue your operations from the point where
you were interrupted.
You should also specify the name or number of the severity level where messages
should be automatically logged by the system. Messages at, or numerically lower,
than the specified level will be logged.
Severity values
Severity Severity Value Description
Emergencies 0 The system is unavailable
Alerts 1 Immediate action required
Critical 2 Critical information
Errors 3 Error warning
Warnings 4 Warnings
Notifications 5 Information that the system
administrator should be aware of
Informational 6 Information to be recorded
Debugging 7 Debugging information
The default level varies according to the platform you are using, but is generally 7.
Level 7 means that messages at all levels (0-7) are logged to the buffer.
Switch Management
_________________________________________________________________________
_________________________________________________________________________
_________________________________________________________________________
It could be argued that this authentication method is not secure because it uses one
password and not two. However, security can be enhanced by implementing the
following password policies:
Longer passwords—10 characters minimum (or use of a passphrase)
Regular password rotation
Timeout between failed logins (to reduce the risks of dictionary attacks)
Authentication to a RADIUS server
There is no specific command to disable the Telnet server. To limit remote access to
the switch to SSH, use these commands:
line vty 0 4
transport input ssh
exit
If a user is defined with the embedded level 15, that user directly accesses the enable
level when entering credentials with SSH. The user does not need to enter a
command to move to the enable level.
HP Networking Interoperability
_________________________________________________________________________
_________________________________________________________________________
_________________________________________________________________________
Should SNMP v2 or SNMP v3 be used to send the trap? SNMP v2 has been used
here, but the trap could also be sent using SNMP v3:
Cisco(config) # snmp-server host 10.0.100.21 version 3 auth
test
The setup can also be achieved via IMC itself during device discovery (this is an
option in IMC and PCM+) or after.
IMC is the recommended method because:
The setup will be homogeneous for all devices
Passwords can be changed through IMC on a regular basis
IMC maintains synchronization of changed authentication passwords and
methods in devices and its database
Switch Management
HP Networking Interoperability
Management scenario
g 2b—HP A-Series
1 Encrypting passwords
Use “cipher” keyword every time a password is entered
_________________________________________________________________________
_________________________________________________________________________
You can define multiple NTP servers, specifying the authentication and version levels.
You can also set your preferred NTP server with a priority keyword.
ntp-service unicast-server 10.1.1.101 priority
ntp-service unicast-server 10.1.1.100
To set the timezone, enter:
clock timezone GMT1 add 1:00:00
Note that GMT1 is an arbitrary timezone name. The add 01:00:00 option in this
command instructs the device to add one hour to the UTC, which is the default time
on the switch. Time changes are specified using the hh:mm:ss format. If you need to
set the clock to a zone that falls before the UTC, use the minus command:
clock timezone PT minus 08:00:00
Q2: What does the clock summer-time command highlighted in this figure do?
_________________________________________________________________________
_________________________________________________________________________
Switch Management
Use the clock summer-time repeating command to set the system to annually adjust
for Daylight Saving Time.
In Western Europe, Daylight Saving Time starts on the last Sunday in March and
ends the last Sunday in October at 1:00 a.m.
d.
One hour is added when summertime starts and deducted when it ends.
ite
ib
clock summer-time GMT1 recurring last Sun Mar 1:00 last Sun Oct
oh
1:00 60
pr
In the USA, Daylight Saving Time begins the second Sunday in March and ends
is
the first Sunday in November. (Note that the states of Hawaii and Arizona do
n
io
not observe Daylight Saving Time.)
s
is
m
clock summer-time GMT1 recurring 2 Sun Mar 1:00 first Sun Nov 1:00
er
60
tp
Q3: What commands can you use to access logging on the terminal?
ou
_________________________________________________________________________
ith
w
rt
_________________________________________________________________________
pa
n
_________________________________________________________________________
i
or
e
_________________________________________________________________________
l
ho
w
in
Use this command as a precaution against your input being interrupted by a large
ro
amount of system output. With this feature enabled, you can continue your
ep
informational
u
To enable the transmission of syslog messages to the syslog server, enter the
following commands.
&L
C
info-center enable
P
H
HP Networking Interoperability
By default, the log level for syslog is set to information. You can change this setting
using the following commands:
info-center source default channel loghost log level alerts
info-center source default channel loghost debug level
d.
debugging
ite
ib
info-center source default channel loghost trap level alerts
oh
You can select from one of the following levels:
pr
is
0 = emergencies – System is unusable
n
io
1 = alerts – Immediate action required
s
is
2 = critical – Critical condition
m
er
3 = errors – Error conditions exist
tp
ou
4 = warnings – Warning condition
ith
5 = notifications – Normal but significant conditions
w
rt
6 = informational – Informational system messages
pa
7 = debugging – Debugging messages
i n
or
On an A-Series switch, there are ten information channels, ranging from 0 to 9. Each
e
console 0 console
n
You will more about these channels as you learn about the information center on the
se
next slide.
u
As you did for the Cisco switches, you can prevent ports from generating link
er
ld
up/down log information. For example, to disable port GigabitEthernet 3/0/1 from
ho
<HP-A> system-view
St
Switch Management
d.
Information
ite
ib
default console
oh
ospf monitor
log level 0-7
info-center source pim channel loghost
pr
debug
stp logbuffer state on |off
trap
is
. . . logfile
n
snmpagent
io
. . .
s
is
m
er
tp
Figure 2-19: Information center on HP A-Series switches
ou
Introduction to information center
ith
w
Acting as the system information hub, the information center classifies and manages
rt
pa
system information, offering powerful support for network administrators and
developers in monitoring network performance and diagnosing network problems.
i n
or
The following describes the working process of information center:
l e
ho
Receives the log, trap, and debugging information generated by each module
w
channel-to-destination associations
c
du
In sum, the information center assigns the log, trap and debugging information to the
ro
10 information channels according to the eight severity levels and then outputs the
ep
The system information of the information center falls into three types:
er
ld
Log information
ho
ke
Trap information
a
St
Debugging information
&L
C
P
H
HP Networking Interoperability
d.
information with severity level higher than or equal to the specified level is output. For
ite
example, in the output rule, if you configure to output information with severity level
ib
oh
being notifications, the information with severity level being emergencies through
pr
notifications is logged.
is
Severity values
n
io
Severity Severity Value Description
s
is
m
Emergencies 0 The system is unavailable
er
Alerts 1 Immediate action required
tp
Critical 2 Critical information
ou
Errors 3 Error warning
Warnings 4 Warnings
ith
Notifications 5 Information that the system administrator
w
should be aware of
rt
pa
Informational 6 Information to be recorded
Debugging 7 Debugging information
i n
or
e
console, monitor terminal (monitor), log buffer, log host, trap buffer, SNMP module
n
These switches also support ten channels. The seven channels 0 through 5, and
du
channel 9 are configured with channel names, output rules, and are associated with
ro
ep
output destinations by default. The channel names, output rules and the associations
.R
between the channels and output destinations can be changed through commands.
ly
You can configure channels 6, 7, and 8 without changing the default configuration of
on
Switch Management
d.
information
ite
1 monitor monitor Receives log, trap and debugging
ib
information, facilitating remote
oh
maintenance.
pr
2 loghost log server Receives log, trap and debugging
is
information and information will be
n
stored in files for future retrieval
sio
3 trapbuffer trap buffer Receives trap information, a buffer inside
is
the router for recording information.
m
4 logbuffer log buffer Receives log and debugging information,
er
a buffer inside the router for recording
tp
information.
ou
5 snmpagant SNMP mod. Receives trap information.
ith
6 channel6 non spec. Receives log, trap, and debugging
w
information.
rt
7 channel7 non spec. Receives log, trap, and debugging
pa
information.
n
8 channel8 non spec. Receives log, trap, and debugging
i
or
information.
9 channel9 non spec. Receives log, trap, and debugging
l e
ho
information.
w
in
ep
Log information with severity level equal to or higher than warnings is allowed to
ly
Log information is not allowed to be output to the trap buffer and the SNMP
se
u
module.
er
All trap information is allowed to be output to the console, monitor terminal, log host
ld
ho
Trap information with severity level equal to or higher than warnings is allowed
a
St
HP Networking Interoperability
d.
The default output rules define the source modules allowed to output information on
ite
ib
each output destination, the output information type, and the output information level.
oh
info-center source
pr
is
To access the information center, use the following command:
n
io
info-center source [{ module-name | default } channel {
s
is
channel-number | channel-name } [ debug{ level severity |
m
state state } * | log { level severity | state state } * |
er
trap { level severity | state state }]*
tp
ou
Parameters:
ith
module-name
w
Specifies the output rules of the system information of the specified modules. For
rt
pa
instance, if information on the ARP module is to be output, you can configure
this argument as ARP. You can use the info-center source ? command to view
i n
or
the modules supported by the device.
e
default
l
ho
This specifies the output rules of the system information of all the modules
w
allowed to output the system information, including all modules displayed using
in
debug
c
du
log
.R
trap
on
level severity
er
Switch Management
You can use the display info-center command to view the operational status of
information center, the configuration of information channels, and the format of the
time stamp.
[S5800(4)]display info-center
d.
Information Center:enabled
ite
ib
Log host:
oh
10.1.1.100, port number : 514, host facility : local0,
pr
channel number : 2, channel name : loghost
is
n
Console:
sio
channel number : 0, channel name : console
is
m
Monitor:
er
channel number : 1, channel name : monitor
tp
ou
SNMP Agent:
ith
channel number : 5, channel name : snmpagent
w
Log buffer:
rt
pa
enabled,max buffer size 1024, current buffer size 512,
n
current messages 512, dropped messages 0, overwritten messages
i
or
60
e
Trap buffer:
in
logfile:
ep
syslog:
ly
on
loghost – date
ho
ake
St
&L
C
P
H
HP Networking Interoperability
Management scenario
g 2b—HP A-Series (cont.)
4 Generate key pair and enable SSH server
public-key local create rsa
Any drawback to disabling Telnet?
d.
ssh server enable
ite
Undo telnet server enable
ib
5 Set authentication mode to AAA – Default auth. : local user
oh
user-interface vty 0 4
pr
authentication-mode scheme Is this command required?
is
protocol inbound ssh
user privilege level 3
What would you recommend?
n
io
quit
s
is
Define local user and privilege level, associated services
m
local-user admin123
er
password cipher verysecret
tp
service-type ssh
authorization-attribute level 3
ou
quit
ith
What user characteristic is supported on these switches but not on Cisco?
w
rt
pa
Figure 2-20: Management scenario 2-b—HP A-Series (cont.)
_________________________________________________________________________
in
n
_________________________________________________________________________
c tio
du
_________________________________________________________________________
ro
ep
_________________________________________________________________________
.R
ly
on
Q2: Is the user privilege level 3 command required? Explain your answer.
ld
ho
_________________________________________________________________________
ake
_________________________________________________________________________
St
&L
_________________________________________________________________________
C
P
H
_________________________________________________________________________
_________________________________________________________________________
Switch Management
Q3: What would you recommend instead of the user privilege level 3 command?
_________________________________________________________________________
_________________________________________________________________________
d.
ite
_________________________________________________________________________
ib
oh
_________________________________________________________________________
pr
is
n
_________________________________________________________________________
sio
is
m
Command levels on A-Series switches are divided into four levels, visitor, monitor,
er
system, and manager, corresponding to the numbers 0-3, respectively. The system
tp
administrator can change the command level of a user if necessary. The default
ou
command level for the console user interface is 3, and 0 for the other user interfaces.
ith
w
Q4: What user characteristic is supported on HP A-Series switches but is not
rt
available on Cisco?
pa
_________________________________________________________________________
i n
or
e
_________________________________________________________________________
l
ho
w
_________________________________________________________________________
in
n
tio
_________________________________________________________________________
c
du
_________________________________________________________________________
ro
ep
.R
_________________________________________________________________________
use
er
_________________________________________________________________________
ld
ho
_________________________________________________________________________
ake
St
_________________________________________________________________________
&L
C
_________________________________________________________________________
P
H
_________________________________________________________________________
HP Networking Interoperability
d.
SNMP trap and trap receiver
ite
snmp-agent trap source loopback 0
ib
snmp-agent trap enable
oh
snmp-agent target-host trap address udp-domain 10.1.1.100
pr
udp-port 5000 params securityname public v3
is
Disable trap for link up/down
n
Interface gigabitethernet 1/0/10
io
Undo enable snmp trap updown
s
is
Disable SNMP trap on link up/down globally
m
er
Undo snmp-agent trap enable standard linkup-linkdown
tp
Extend the standard linkup/linkdown traps defined in RFC
ou
snmp-agent trap if-mib link extended
ith
w
Figure 2-21: Management scenario 2-b—HP A-Series (cont.)
rt
pa
To enable an interface to send linkup/linkdown traps when its state changes, you
n
need to enable the trap function both on the interface and globally.
i
or
Use these commands to enable or disable the trap function on an interface:
l e
ho
with interface description and interface type information. IMC supports the extended
u
messages (if you are using a different network management system [NMS], disable
er
Switch Management
d.
snmp-agent sys-info version v3
ite
Create a SNMPv3 group
ib
snmp-agent group v3 admin3group
oh
Create a SNMPv3 user
pr
snmp-agent usm-user v3 clara3 admin3group authentication-mode sha
authkey privacy-mode aes128 prikey
is
n
SNMP contact and location information
io
snmp-agent sys-info contact Mr. Smith :+1 510 234 4849
s
is
snmp-agent sys-info location phone-closet,3rd-floor,bldg A
m
er
tp
Figure 2-22: Management scenario 2b—HP A-Series (cont.)
ou
ith
To configure the agent in SNMP v3, complete the following steps:
w
1. Configure an SNMP group.
rt
pa
2. Configure a user associated with that group, authentication mode and
password, and the encryption mode and password. i n
or
The configuration is very similar to that on a Cisco switch.
l e
ho
number ]
.R
Alternatively you can set a group with restricted MIB right access:
ly
on
For example, the user can read and write the objects under the interface node with
the OID of 1.3.6.1.2.1.2, and cannot access other MIB objects.
u se
key to authkey, the privacy protocol to DES56, and the privacy password to prikey.
ld
ho
<Sysname> system-view
ake
write-view test
P
H
HP Networking Interoperability
d.
password. In addition, the timeout time and number of retries should also be
ite
configured. The user can inquire and configure the device through the NMS.
ib
oh
pr
is
n
sio
is
m
er
tp
ou
ith
w
rt
pa
i n
or
l e
ho
w
in
n
c tio
du
ro
ep
.R
ly
on
u se
er
ld
ho
ake
St
&L
C
P
H
Switch Management
d.
include-credentials
ite
ib
2 Setting time with SNTP, timezone, and summertime
oh
timesync sntp
pr
sntp unicast
sntp server 10.1.1.100
is
time timezone 60 daylight-savings western-europe
n
io
3 Setting the syslog server and log level
s
is
logging server 10.1.1.100
m
logging severity informational
er
tp
What command displays logging on the terminal? Logging buffer?
ou
ith
Figure 2-23: Management scenario 2c—HP E-Series
w
rt
This slide shows a similar configuration on HP E-Series switches.
pa
The include-credentials command enables various security settings to be included
i n
and viewed in the running-configuration instead of flash only. These settings include:
or
e
ho
in
When you enter the include-credentials keywords, the following cautions and
ro
action will make irreversible changes to the password and ssh public-key
on
storage.
It will affect *all* stored configurations, which might need to be updated.
se
and as a part of some CLI commands output. It is strongly recommended that you
ho
use sftp rather than tftp for transfer of the configuration over the network,
ke
and that you use the web configuration interface only with SSL enabled.
Proceed?[y/n]y
a
St
&L
C
P
H
Switch Management
d.
ip ssh (default)
ite
no telnet
ib
oh
5 Set local users (only manager and operator level)
pr
password manager user-name admin123 plaintext verysecret
is
n
Figure 2-24: Management scenario 2-c—HP E-Series (cont.)
io
s
is
SSH v2 is enabled by default on HP E-Series switches, but you must generate a key
m
pair.
er
tp
You can define two password levels on E-Series switches:
ou
operator level (read/monitor/user level)
ith
w
hp (config)# password operator plaintext / sha-1
rt
topsecret
pa
manager level (write/privileged/admin level)
n
i
or
hp (config)# password manager plaintext / sha-1
e
verysecret
l
ho
The password you enter determines the management level of your session.
w
in
n
c tio
du
ro
ep
.R
ly
on
use
er
ld
ho
ake
St
&L
C
P
H
HP Networking Interoperability
d.
snmp-server trap-source vlan 1
ite
Disable trap on link up/down on ports 1 to 46
ib
oh
no snmp-server enable traps link-change 1-46
pr
Disable SNMP trap on all links up/down globally
is
no snmp-server enable traps link-change all
n
ios
is
m
er
tp
ou
On what port do you want to disable snmp trap link up/down?
ith
Figure 2-25: Management scenario 2c—HP E-Series (cont.)
w
rt
pa
Q: On what port do you want to disable SNMP trap link up/down?
n
_________________________________________________________________________
i
or
e
_________________________________________________________________________
l
ho
w
_________________________________________________________________________
in
n
tio
You may choose to disable link traps on all access-layer switch ports, if leaving the
c
du
trap active on uplink ports generates too many events, and enable link traps only on
ro
Switch Management
d.
ite
Enable SNMP V3 – restrict V2 access to read-only
ib
snmpv3 enable
oh
snmpv3 restricted-access
pr
Create a SNMPV3 User and associate with predefined group managerpriv
is
snmpv3 user clara3 auth sha secret priv aes supersecret
n
io
snmpv3 group managerpriv user clara3 sec-model ver3
s
is
SNMP contact and location info
m
snmp-server contact “Lucas Kett :3306”
er
snmp-server location “telephone-closet,3rd-floor”
tp
ou
Figure 2-26: Management scenario 2c—HP E-Series (cont.)
ith
w
The SNMP v3 predefined group managerpriv allows full read-write access and
rt
requires the user profile to be set with authentication and encryption.
pa
n
There are seven other predefined groups, as shown in the table below. Only the Ver3
i
or
groups are intended for SNMPv3 users.
l e
View View
in
Authentication
Operatorauth Ver3 Must have OperatorReadView DiscoveryView
ro
Authentication
ep
HP Networking Interoperability
d.
Series, HP E-Series, and Cisco switches?
ite
ib
Notes
oh
pr
_________________________________________________________________________
is
n
_________________________________________________________________________
sio
is
m
_________________________________________________________________________
er
tp
_________________________________________________________________________
ou
ith
_________________________________________________________________________
w
rt
pa
_________________________________________________________________________
i n
or
_________________________________________________________________________
l e
ho
_________________________________________________________________________
w
in
_________________________________________________________________________
n
c tio
_________________________________________________________________________
du
ro
ep
_________________________________________________________________________
.R
_________________________________________________________________________
ly
on
se
_________________________________________________________________________
u
er
_________________________________________________________________________
ld
ho
_________________________________________________________________________
ake
St
_________________________________________________________________________
&L
C
_________________________________________________________________________
P
H
_________________________________________________________________________
Switch Management
d.
LLDP MIB
HP E-Series
ite
LLDP by default Cisco Cisco
ib
CDP
CDP RX only CDP by default HP E-Series LLDP enabled
oh
CDP
pr
LLDP LLDP
is
LLDP LLDP LLDP
n
io
CDP
s
is
m
er
HP A-Series
tp
HP A-Series
LLDP enabled
LLDP not enabled
ou
CDP Enabled
CDP not enabled
ith
X : not interpreted
w
Figure 2-27: IEEE 802.1AB LLDP and CDP
rt
pa
LLDP has become the industry standard and is implemented by all vendors. However,
i n
you may encounter older equipment that uses CDP. The CDP and LLDP support on
or
each platform is described below.
l e
ho
HP E-Series
w
in
A Cisco switch is visible in the LLDP and CDP MIBs because entries are cross
.R
populated.
ly
HP A-Series
on
se
ld
ke
System-view
a
St
The CDP feature is meant to be used with Cisco IP phones that support CDP v2 as
provisioning mechanism. When used with a switch neighbor, this feature does not
send CDP frames. With an IP Phone it works in Tx/Rx.
HP Networking Interoperability
Cisco
By default, CDP is enabled on all ports.
Support for LLDP has been introduced on Cisco Catalyst switches series 2950,
3760, 3750 switches running 12.2(37)SE without SNMP support and on Cisco
d.
ite
Catalyst 6500 running 12.2(33)SXH.
ib
oh
pr
is
n
sio
is
m
er
tp
ou
ith
w
rt
pa
i n
or
l e
ho
w
in
n
c tio
du
ro
ep
.R
ly
on
u se
er
ld
ho
ake
St
&L
C
P
H
Switch Management
d.
show cdp neighbor / show cdp neighbor
information
ite
Enabled by default
ib
Enabling LLDP lldp run lldp enable
lldp run
oh
display lldp
pr
LLDP neighbor show lldp info
show lldp neighbor neighbor-
information remote
is
information list
Detailed LLDP
n
display lldp
and LLDP-MED show lldp neighbor show lldp info
io
neighbor-
neighbor detail remote all
s
information information
is
Detailed LLDP
m
display lldp
and LLDP-MED
er
show lldp neighbor neighbor- show lldp info
port specific
<port-id> detail information remote <port-id>
tp
neighbor
information interface <port-id>
ou
ith
Figure 2-28: Useful show and display commands
w
rt
Refer to these commands as you set up or troubleshoot LLDP or CDP.
pa
Notes i n
or
_________________________________________________________________________
l e
ho
w
_________________________________________________________________________
in
n
_________________________________________________________________________
c tio
du
_________________________________________________________________________
ro
ep
_________________________________________________________________________
.R
ly
_________________________________________________________________________
on
se
_________________________________________________________________________
u
er
ld
_________________________________________________________________________
ho
ake
_________________________________________________________________________
St
&L
_________________________________________________________________________
C
P
_________________________________________________________________________
H
_________________________________________________________________________
Switch Management
Lab debrief
What useful display and show commands did you learn?
____________________________________________________________________
d.
ite
ib
____________________________________________________________________
oh
pr
____________________________________________________________________
is
n
sio
____________________________________________________________________
is
m
er
tp
____________________________________________________________________
ou
ith
What are you key insights? Did you learn anything new?
w
rt
____________________________________________________________________
pa
i n
____________________________________________________________________
or
l e
ho
____________________________________________________________________
w
in
n
____________________________________________________________________
ctio
du
____________________________________________________________________
ro
ep
.R
___________________________________________________________________
use
___________________________________________________________________
er
ld
ho
___________________________________________________________________
ake
St
___________________________________________________________________
&L
C
P
___________________________________________________________________
H
HP Networking Interoperability
What did you learn that you can apply in a real-world environment?
___________________________________________________________________
___________________________________________________________________
d.
ite
ib
___________________________________________________________________
oh
pr
is
___________________________________________________________________
n
sio
is
___________________________________________________________________
m
er
tp
___________________________________________________________________
ou
ith
___________________________________________________________________
w
rt
pa
i n
or
l e
ho
w
in
n
c tio
du
ro
ep
.R
ly
on
u se
er
ld
ho
ake
St
&L
C
P
H
Switch Management
Module 2 summary
In this module, you have learned how to:
Configure HP A-Series, HP E-Series, and Cisco switches so that they can be
d.
automatically discovered by IMC
ite
ib
Define parameters to secure access and management of these switches
oh
Enable LLDP to permit mutual link layer discovery
pr
is
Record your key insights below.
n
sio
is
_________________________________________________________________________
m
er
tp
_________________________________________________________________________
ou
ith
_________________________________________________________________________
w
rt
_________________________________________________________________________
pa
i n
_________________________________________________________________________
or
l e
_________________________________________________________________________
ho
w
in
_________________________________________________________________________
n
tio
_________________________________________________________________________
c
du
ro
_________________________________________________________________________
ep
.R
_________________________________________________________________________
ly
on
_________________________________________________________________________
use
_________________________________________________________________________
er
ld
ho
_________________________________________________________________________
ake
St
_________________________________________________________________________
&L
_________________________________________________________________________
C
P
H
_________________________________________________________________________
HP Networking Interoperability
Learning check
Q1: Describe an HP A-Series switch’s support for LLDP and CDP.
_________________________________________________________________________
d.
ite
_________________________________________________________________________
ib
oh
pr
_________________________________________________________________________
is
n
_________________________________________________________________________
sio
is
m
_________________________________________________________________________
er
tp
_________________________________________________________________________
ou
ith
w
Q2: Which parameters does a switch require in order for IMC to discover it?
rt
pa
_________________________________________________________________________
i n
_________________________________________________________________________
or
l e
ho
_________________________________________________________________________
w
in
_________________________________________________________________________
n
tio
_________________________________________________________________________
c
du
ro
_________________________________________________________________________
ep
.R
ly
Q3: You want to force management users for your Cisco and HP A-Series switches to
on
log in to the CLI using SSH. What steps must you complete on each type of switch?
se
_________________________________________________________________________
u
er
ld
_________________________________________________________________________
ho
ke
_________________________________________________________________________
a
St
&L
_________________________________________________________________________
C
P
_________________________________________________________________________
H
_________________________________________________________________________
VLANs
Module 3
d.
Module 3 objectives
ite
ib
oh
After completing this module, you will be able to:
pr
Configure and verify VLANs on a multivendor network
is
n
Configure HP A-Series and E-Series switches for VLAN interoperability with Cisco
io
s
switches
is
m
Notes
er
tp
_________________________________________________________________________
ou
ith
w
_________________________________________________________________________
rt
pa
_________________________________________________________________________
i n
or
e
_________________________________________________________________________
l
ho
w
in
_________________________________________________________________________
n
ctio
_________________________________________________________________________
du
ro
ep
_________________________________________________________________________
.R
ly
on
_________________________________________________________________________
use
_________________________________________________________________________
er
ld
ho
_________________________________________________________________________
ake
St
_________________________________________________________________________
&L
C
P
_________________________________________________________________________
H
Rev. 11.12 3 –1
BitSpyder - The Culture of Knowledge
HP Networking Interoperability
d.
you know about the VLAN configuration on each platform.
ite
Notes
ib
oh
_________________________________________________________________________
pr
is
n
_________________________________________________________________________
sio
is
m
_________________________________________________________________________
er
tp
ou
_________________________________________________________________________
ith
w
rt
_________________________________________________________________________
pa
i n
_________________________________________________________________________
or
l e
ho
_________________________________________________________________________
w
in
n
_________________________________________________________________________
c tio
du
_________________________________________________________________________
ro
ep
.R
_________________________________________________________________________
ly
on
_________________________________________________________________________
u se
er
_________________________________________________________________________
ld
ho
ke
_________________________________________________________________________
a
St
&L
_________________________________________________________________________
C
P
H
_________________________________________________________________________
_________________________________________________________________________
3 –2 Rev. 11.12
BitSpyder - The Culture of Knowledge
VLANs
Terminology
Switch Port
Cisco HP A-Series HP E-Series
Role
d.
ite
End nodes:
PCs, printers, and Access port Access port Untagged port
ib
so on
oh
Access port with Untagged in data
pr
Hybrid port
PC + IP Phone auxiliary VLAN VLAN; tagged in
or trunk port
is
(voice) voice VLAN
n
Switch-to-switch
io
with multiple Trunk port Trunk port Tagged port
s
is
VLANs
m
Port channel Bridge aggregation
er
Link aggregation Trunk port
interface interface
tp
ou
Figure 3-1: Terminology
ith
w
On HP A-Series switches, access ports and trunk ports have similar definitions as they
rt
pa
do on Cisco switches. However, by default, trunk ports on HP A-Series switches do
not carry any VLANs; they must be permitted.
i n
or
A hybrid port is a concept specific to HP A-Series switches: like trunk ports, a hybrid
e
port may be assigned to multiple VLANs. The VLANs can be tagged and untagged.
l
ho
Note that the default VLAN on HP A-Series switches is equivalent to the native VLAN
c
du
on Cisco switches.
ro
Access port
ep
.R
The following describes how traffic is handled when received and transmitted from
ly
u
If a frame is tagged:
ho
a
&L
Rev. 11.12 3 –3
BitSpyder - The Culture of Knowledge
HP Networking Interoperability
Trunk port
The following describes how traffic is handled when received and transmitted from
trunk ports on HP A-Series switches.
Actions in the inbound direction
d.
ite
If the frame is untagged, check whether the default VLAN is permitted on
ib
the port.
oh
pr
If the fame is permitted, tag the frame with the default VLAN tag.
is
If the frame is not permitted, drop the frame.
n
sio
If frame is tagged:
is
m
Receive the frame if its VLAN is permitted on the port.
er
tp
Drop the frame if its VLAN is not permitted on the port.
ou
Actions in the outbound direction
ith
w
Remove the tag and send the frame if it carries the default VLAN tag and
rt
the port is assigned to the default VLAN.
pa
n
Send the frame without removing the tag if its VLAN is carried on the port
i
or
but is different from the default one.
l e
Hybrid port
ho
w
The following describes how traffic is handled when received and transmitted from
in
the port.
ep
.R
se
ld
Send the frame if its VLAN is carried on the port. The frame is sent with the
&L
VLAN tag removed or intact depending on your configuration with the port
C
3 –4 Rev. 11.12
BitSpyder - The Culture of Knowledge
VLANs
d.
2
ite
Trunk ports 47, 48
Native VLAN 99
ib
Allowed VLANs 100, 200-203
oh
1
pr
VLAN creation:
Management 99 4
is
IP address 10.1.99.10/24 Voice port
Voice 100
n
Ports 25 - 46
io
Data 200-203
s
is
IP phone PC
m
PC
PC
er
3 Access port
tp
Ports 1 – 24
Assigned to
ou
VLAN 200
ith
Figure 3-2: VLAN configuration scenario
w
rt
pa
This is a simple scenario to show an identical VLAN configuration on HP A-Series, E-
Series, and Cisco switches. The scenario demonstrates:
in
or
Creating multiple VLANs, including a management VLAN for infrastructure
e
device management address, a voice VLAN for VoIP traffic, and data VLANs for
l
ho
user traffic
w
in
tagged ports)
c tio
ro
Configuring voice ports that support VoIP devices and a workstation behind
ep
them
.R
on
Rev. 11.12 3 –5
BitSpyder - The Culture of Knowledge
HP Networking Interoperability
d.
VLAN creation
ite
Cisco(config)# vlan 99
ib
Cisco(vlan-99)# vlan 100
oh
Cisco(vlan-100)# vlan 200
pr
Cisco(vlan-200)# vlan 201
Cisco(vlan-201)# vlan 202
is
Cisco(vlan-202)# vlan 203
n
io
Trunk ports
s
is
Cisco(config)# interface range gigabit 0/47 - 48
m
Cisco(config-if-range)# switchport encapsulation dot1q
er
Cisco(config-if-range)# switchport mode trunk
Cisco(config-if-range)# switchport trunk native vlan 99
tp
Cisco(config-if-range)# switchport trunk allowed vlan 1,100,200-203
ou
ith
Figure 3-3: VLAN configuration on Cisco: VLAN creation and trunk ports
w
rt
pa
To configure a trunk port on Cisco switches, you must specify dot1q encapsulation.
The native VLAN is 1 by default, and all VLANs are permitted by default.
i n
or
l e
ho
w
in
n
c tio
du
ro
ep
.R
ly
on
u se
er
ld
ho
ake
St
&L
C
P
H
3 –6 Rev. 11.12
BitSpyder - The Culture of Knowledge
VLANs
d.
Access ports
ite
Cisco(config)# interface range gigabit 0/1 - 24
ib
Cisco(config-if-range)# switchport mode access
oh
Cisco(config-if-range)# switchport access vlan 200
pr
Voice ports
is
Cisco(config)# interface range gigabit 0/25 - 46
n
io
Cisco(config-if-range)# switchport mode access
s
Cisco(config-if-range)# switchport access vlan 200
is
Cisco(config-if-range)# switchport voice vlan 100
m
er
Figure 3-4: VLAN configuration on Cisco: Access and voice ports
tp
ou
The slide indicates how you configure a port as an access port in a VLAN. On ports
ith
that connect to voice devices, you must configure the voice VLAN. You also configure
w
the access VLAN. The switch distinguishes the traffic from the phone, which it assigns
rt
pa
to the voice VLAN, from the traffic from a workstation, which it assigns to the access
VLAN.
i n
or
Q1: How do you list VLANs?
l e
ho
_________________________________________________________________________
w
in
n
_________________________________________________________________________
ro
ep
.R
_________________________________________________________________________
ly
on
se
_________________________________________________________________________
ld
ho
ke
Rev. 11.12 3 –7
BitSpyder - The Culture of Knowledge
HP Networking Interoperability
d.
ite
Gi0/3 connected trunk a-full a-1000 10/100/1000BaseTX
ib
Gi0/4 connected 100 a-full a-1000 10/100/1000BaseTX
oh
Gi0/5 notconnect 1 auto auto 10/100/1000BaseTX
pr
is
n
Cisco#sh int trunk
ios
Port Mode Encapsulation Status Native vlan
is
m
Gi0/1 on 802.1q trunking 1
er
tp
Gi0/2 on 802.1q trunking 1
ou
Gi0/3 on 802.1q trunking 1
ith
Port Vlans allowed on trunk
w
rt
Gi0/1 1-4094
pa
Gi0/2 1-4094
Gi0/3 1-4094 i n
or
Port Vlans allowed and active in management domain
l e
ho
Gi0/1 1,10,20,30,40,100,200
w
Gi0/2 1,10,20,30,40,100,200
in
Gi0/3 1,10,20,30,40,100,200
n
tio
Gi0/1 1,10,20,30,40,100,200
ro
Gi0/2 1,10,20,30,40,100,200
ep
.R
Gi0/3 1,10,20,30,40,100,200
ly
on
Name: Gi0/1
u
er
Switchport: Enabled
ld
ho
Negotiation of Trunking: On
P
H
3 –8 Rev. 11.12
BitSpyder - The Culture of Knowledge
VLANs
d.
ite
Administrative private-vlan trunk encapsulation: dot1q
ib
Administrative private-vlan trunk normal VLANs: none
oh
Administrative private-vlan trunk associations: none
pr
is
Administrative private-vlan trunk mappings: none
n
Operational private-vlan: none
sio
Trunking VLANs Enabled: ALL
is
m
Pruning VLANs Enabled: 2-1001
er
tp
Capture Mode Disabled
ou
Capture VLANs Allowed: ALL
ith
Protected: false
w
rt
Unknown unicast blocked: disabled
pa
Unknown multicast blocked: disabled
Appliance trust: none i n
or
l e
ho
w
in
n
tio
c
du
ro
ep
.R
ly
on
se
u
er
ld
ho
ake
St
&L
C
P
H
Rev. 11.12 3 –9
BitSpyder - The Culture of Knowledge
HP Networking Interoperability
d.
Cisco(config-if)# ip address 10.1.99.10 255.255.255.0
ite
If not a routing switch:
ib
Cisco(config)# ip default-gateway 10.1.99.1
oh
pr
If a routing switch:
is
Cisco(config)# ip routing
Cisco(config)# int vlan 100
n
io
Cisco(config-if)# ip address 10.1.100.10 255.255.255.0
s
Cisco(config)# int vlan 200
is
Cisco(config-if)# ip address 10.1.200.10 255.255.255.0
m
Cisco(config)# int vlan 201
er
Cisco(config-if)# ip address 10.1.201.10 255.255.255.0
tp
Cisco(config)# int vlan 202
Cisco(config-if)# ip address 10.1.202.10 255.255.255.0
ou
Cisco(config)# int vlan 203
ith
Cisco(config-if)# ip address 10.1.203.10 255.255.255.0
w
Figure 3-5: VLAN routing on Cisco
rt
pa
This slide shows an example routing configuration on a Cisco switch.
i n
or
To list IP interfaces and IP routes, use the following commands:
l e
ho
...
ld
VLANs
d.
ite
Cisco(config)# int vlan 100
Cisco(config-if)# ip helper-address 10.1.1.100
ib
Cisco(config-if)# ip helper-address 10.1.1.101
oh
pr
Cisco(config)# int vlan 200
Cisco(config-if)# ip helper-address 10.1.1.100
is
Cisco(config-if)# ip helper-address 10.1.1.101
n
sio
Figure 3-6: DHCP relay on Cisco
is
m
In most environments, you need to set up DHCP relay on IP interfaces to allow clients
er
tp
in that VLAN to receive DHCP addresses from servers in another VLAN. The slide
ou
displays the correct commands.
ith
To verify the DHCP relay setup, enter this command:
w
rt
Cisco-A# show ip interface vlan <ID>
pa
The output for VLAN 100 in this example is:
i n
or
Vlan100 is up, line protocol is up
e
10.1.1.100
ep
HP Networking Interoperability
d.
VLAN creation
ite
[HP]# vlan 99 to 100
ib
[HP]# vlan 200 to 203
oh
Trunk ports
pr
[HP]interface gigabit 1/0/47
is
[HP-gigabitethernet1/0/47]port link-type trunk
n
[HP-gigabitethernet1/0/47]port trunk pvid vlan 99
io
[HP-gigabitethernet1/0/47]undo port trunk permit vlan 1
s
is
[HP-gigabitethernet1/0/47]port trunk permit vlan 99 to 100 200 to 203
m
er
Figure 3-7: VLAN configuration on HP A-Series: VLAN creation and trunk ports
tp
ou
This slide shows how to create VLANs on HP A-Series switches.
ith
When you create a trunk port on an HP A-Series switch, VLAN 1 is the only VLAN
w
enabled by default. All other VLANs have to be permitted as shown in the slide.
rt
pa
i n
or
l e
ho
w
in
n
c tio
du
ro
ep
.R
ly
on
u se
er
ld
ho
ake
St
&L
C
P
H
VLANs
d.
Access ports
ite
[HP]port-group manual client1
ib
[HP-port-group-manual-client1] group-member Gi 1/0/1 to Gi 1/0/24
oh
[HP-port-group-manual-client1] port link-type access
pr
[HP-port-group-manual-client1] port access vlan 200
is
Voice ports
n
[HP]port-group manual pc-phone-1
io
[HP-port-group-manual-pc-phone-1]group-member Gi 1/0/25 to Gi 1/0/46
s
[HP-port-group-manual-pc-phone-1]port link-type hybrid
is
[HP-port-group-manual-pc-phone-1]port hybrid vlan 200 untagged
m
[HP-port-group-manual-pc-phone-1]port hybrid vlan 100 tagged
er
[HP-port-group-manual-pc-phone-1]port hybrid pvid vlan 200
tp
[HP-port-group-manual-pc-phone-1]undo port hybrid vlan 1
ou
[HP-port-group-manual-pc-phone-1]voice vlan 100 enable
ith
w
Figure 3-8: VLAN configuration on HP A-Series: Access and voice ports
rt
pa
You can define an access port in one of the following ways. This first method is from
the port: i n
or
[HPA]interface gigabit 1/0/1
l e
ho
The second method from specifying the access port is from the VLAN:
n
c tio
[HPA]vlan 200
du
You need to configure ports that connect to voice devices as hybrid ports.
.R
this mode, the switch identifies IP phones by their MAC addresses, which it detects in
on
The switch matches these addresses against the Organizational Unique Identifers
er
(OIDs) in its list, which includes those for Cisco, Avaya, 3Com, Siemens, and
ld
Polycom phones. You can also add OID addresses for other vendors. If the device
ho
finds a match, it automatically assigns the port to the voice VLAN, applies ACL rules
ke
to the port, and assigns the port the correct quality of service (QoS) priority. You can
a
St
also configure the switch’s voice VLAN aging time, which determines how long the
&L
port is considered part of the VLAN without receiving frames on the device.
C
For more information on the various features of the Voice VLAN, please refer to the
P
H
HP Networking Interoperability
d.
ite
1(default), 10, 20, 30, 40, 99-105, 200-205, 300-306, 400-404
ib
488, 499
oh
To display ports assigned to a particular VLAN, enter:
pr
is
<HPA>display vlan 100
n
io
VLAN ID: 100
s
is
VLAN Type: static
m
er
Route Interface: not configured
tp
Description: VLAN 0100
ou
Name: VLAN 0100
ith
w
Tagged Ports:
rt
Bridge-Aggregation1
pa
GigabitEthernet1/0/1 GigabitEthernet1/0/2 GigabitEthernet1/0/3
i n
or
GigabitEthernet1/0/4 GigabitEthernet1/0/5 GigabitEthernet1/0/12
e
VLAN ID: 1
ro
IP Address: 10.1.1.10
ly
on
Untagged Ports:
ake
Bridge-Aggregation1
St
VLANs
d.
ite
VLAN ID: 10
ib
VLAN Type: static
oh
Route Interface: not configured
pr
is
Description: VLAN 0010
n
Name: VLAN 0010
sio
Tagged Ports:
is
m
Bridge-Aggregation1
er
tp
GigabitEthernet1/0/1 GigabitEthernet1/0/2 GigabitEthernet1/0/3
ou
GigabitEthernet1/0/4 GigabitEthernet1/0/5
ith
Untagged Ports: none
w
rt
VLAN ID: 20
pa
VLAN Type: static
Route Interface: not configured i n
or
Description: VLAN 0020
l e
ho
Tagged Ports:
in
Bridge-Aggregation1
n
tio
GigabitEthernet1/0/4 GigabitEthernet1/0/5
ro
To display the status and type (trunk, access, hybrid) of all ports, enter:
on
HP Networking Interoperability
d.
ite
GE1/0/9 DOWN auto auto access 1
ib
GE1/0/10 DOWN auto auto access 1
oh
GE1/0/11 DOWN auto auto access 1
pr
To display all trunk ports and the permitted VLANs on each one, enter:
is
n
io
<HPA>display port trunk
s
is
Interface PVID VLAN passing
m
BAGG1 1 1, 10, 20, 30, 40, 99-105, 200-205, 300-306,
er
tp
400-404, 488, 499
ou
GE1/0/1 1 1, 10, 20, 30, 40, 99-105, 200-205, 300-306,
ith
400-404, 488, 499
w
rt
GE1/0/2 1 1, 10, 20, 30, 40, 99-105, 200-203, 300-306
pa
GE1/0/3 1 1, 10, 20, 30, 40, 99-105, 200-203, 300-306
GE1/0/4 1 i n
1, 10, 20, 30, 40, 99-105, 200-205, 300-306,
or
e
Untagged:200
.R
Untagged:200
on
Untagged:200
er
Untagged:200
ke
Untagged:200
&L
Untagged:200
P
H
VLANs
d.
[HP]interface vlan 99
ite
[HP-vlan-interface-99] ip address 10.1.99.10 24
If L2 switch to set default gateway
ib
oh
[HP] ip route-static 0.0.0.0 0 10.1.99.1
pr
If routing switch:
is
[HP] ip routing (enabled by default)
n
[HP] interface vlan 100
io
[HP-vlan-interface-100] ip address 10.1.100.10 24
s
[HP-vlan-interface-100] interface vlan 200
is
[HP-vlan-interface-200] ip address 10.1.200.10 24
m
[HP-vlan-interface-200] interface vlan 201
er
[HP-vlan-interface-201] ip address 10.1.201.10 24
tp
[HP-vlan-interface-201] interface vlan 202
ou
[HP-vlan-interface-202] ip address 10.1.202.10 24
[HP-vlan-interface-202] interface vlan 203
ith
[HP-vlan-interface-203] ip address 10.1.203.10 24
w
Figure 3-9: VLAN routing on HP A-Series
rt
pa
This slide shows two example setups for IP routing on an A-Series switch. The first set
i n
of commands configures the management IP address and default gateway for a non-
or
routing switch.
l e
ho
The second set of commands configures a routing switch with IP addresses on each
w
VLAN interface. The switch can then route between those VLANs as long as routing
in
is enabled.
n
tio
To view information about the VLAN interfaces that have been assigned IP
c
du
addresses, enter:
ro
ep
(s): spoofing
on
VLANs
Voice VLAN
ProCurve(config)# vlan 100
ProCurve(vlan-100)# voice vlan
ProCurve(vlan-100)# tagged all
HP Networking Interoperability
If not routing:
ProCurve(config)# ip default-gateway 10.1.99.1
If routing:
ProCurve(config)# ip routing
On HP E-Series switches:
The IP address is defined in the VLAN itself, playing the role of “int vlan“
IP routing is not enabled by default
If IP routing is not enabled, a default gateway should be defined
HP Networking Interoperability
____________________________________________________________________
____________________________________________________________________
____________________________________________________________________
____________________________________________________________________
____________________________________________________________________
____________________________________________________________________
____________________________________________________________________
____________________________________________________________________
____________________________________________________________________
____________________________________________________________________
____________________________________________________________________
____________________________________________________________________
____________________________________________________________________
____________________________________________________________________
VLANs
VLAN creation and port pruning VLAN creation and port pruning
VTP roles: server, client, transparent GVRP roles: all switches are equal
This table compares Cisco’s VLAN Trunking Protocol (VTP) and the industry-standard
GARP VLAN Registration Protocol (GVRP). (GARP stands for Generic Attribute
Registration Protocol.)
HP Networking Interoperability
Figure 3-15 explains how GVRP and VTP function when they are implemented on the
same network. The protocols both function because their frames pass through devices
that do not understand those frames.
VLANs
GVRP operations p
2. Port 2 receives
Switch1 with static
advertisement
VLANs (VID= 1, 2, & 3). 4. A port is
of VIDs 1, 2, & 3 & becomes a
Port 1 is member of VIDs 1, statically configured
member of VIDs 1, 2, & 3.
2, & 3. to be a member of
3. Port 3 advertises VIDs 1,
1. Port 2 advertises VID 3.
2, & 3, but port 3 is NOT a
VIDs 1, 2, and 3.
member of VIDs 1, 2, & 3 at
this point.
1 2 3 4
When a GVRP-aware switch port learns a VLAN ID (VID) through GVRP from another
device, the switch begins advertising that VID out all of its ports except the port on
which the VID was learned.
HP Networking Interoperability
Note also that a port belonging to a tagged or untagged static VLAN has these
configurable options:
Send VLAN advertisements and also receive advertisements for VLANs on other
ports and dynamically join those VLANs.
Configuration on HP switches: Mode Auto on HP E-Series, Normal on HP A-
Series
Send VLAN advertisements, but ignore advertisements received from other ports.
Configuration on HP switches: Mode Block on HP E-Series, Fixed on HP A-
Series
Avoid GVRP participation by not sending advertisements and dropping any
advertisements received from other devices.
Configuration on HP switches: Mode Disable on HP E-Series, Forbidden on
HP A-Series
VLANs
GVRP
– GVRP BPDUs go through Cisco switches and also switches that are not
GVRP aware.
– Requires VLAN 1.
– Trunk port dynamically becomes part of a VLAN when receiving GVRP
join.
– And if VLAN is created locally (that is static)
– If trunk does not enable VLAN, VLANs are not learned via GVRP
HP A-Series:
HP E-Series
Enable GVRP globally and on trunk ports
Enable GVRP globally
[HP-A] gvrp
HP-E(config)# gvrp
[HP-A] int gi 1/0/1
[HP-A-gigabitethernet1/0/1] gvrp
When GVRP is enabled on a switch, the VID for any static VLANs configured on the
switch is advertised (using Bridge Protocol Data Units (BPDUs) out all ports,
regardless of whether a port is up or assigned to any particular VLAN.
A GVRP-aware port on another device that receives the advertisements over a link
can dynamically join the advertised VLAN. A dynamic VLAN (that is, a VLAN
learned through GVRP) is tagged on the port on which it was learned. Also, a GVRP-
enabled port can forward an advertisement for a VLAN it learned about from other
ports on the same switch (internal source), but the forwarding port will not itself join
that VLAN until an advertisement for that VLAN is received through a link from
another device (external source) on that specific port .
On HP A-Series switches, you must enable GVRP on trunk ports. Also make sure all
VLANs are permitted on trunk ports to allow them to learn the GVRP VLAN. The HP
A-Series switch ports support the following modes for VLAN learning:
[HP-A-gigabitethernet1/0/1] gvrp registration normal
[HP-A-gigabitethernet1/0/1] gvrp registration forbidden
[HP-A-gigabitethernet1/0/1] gvrp registration fixed
HP Networking Interoperability
Figure 3-18 lists some of the pros and cons of using GVRP and VTP.
Create VLANs automatically from one switch to all others:
Pros: Automatic creation saves time and can reduce configuration errors.
Cons: VLANs are created everywhere; there is no control.
Broadcast domains are extended everywhere.
If there are a lot of VLANs on the network, the VLAN limit on some
switches might be exceeded.
Delete VLANs:
VTP puts port in errdisable: networks stop working.
Pro: Enables cleanup of unused VLANs.
Cons: Accidental deletion is a well-known issue with VTP. This has
made some companies reject VTP.
GVRP only deletes VLAN if no port is statically attached to it.
Decrease the opportunity for making mistakes when configuring VLANs on trunk
ports.
Pro: Configure the VLAN on trunk port
Cons: This can be achieved without GVRP; you can simply allow all VLANs.
(This solution is not an issue on HP switches with MSTP. However, it is a
common issue with Cisco where all VLANs should not be enabled to reduce
number of PVST instances.)
VLANs
HP Networking Interoperability
3 Static VLANs
Static VLANs
10,20,30,40
10,20,30,40
50,60, 70,80
Trunk ports
Permitted VLANs: ALL
In its best practices for LANs, Cisco recommends allowing only permitted VLANs on
trunk ports, for two reasons.
The first is to reduce broadcast domain extension.
The second is to reduce CPU demand. Because of VTP, a switch learns all
VLANs, creating one instance per VLAN in PVST, which is CPU intensive.
Is the best practice the same for HP switches? MSTP only uses one BPDU for all
instances, so the number of VLANs does not change CPU time for MSTP. Even if all
VLANs are allowed on trunk ports, only the frames of the configured VLANs will be
received and transmitted, so broadcast domains are not extended if VLANs are not
set on a device. If VLANs are not the same on both sides, as in case 3, broadcast
frames for VLANs 50, 60, 70 and 80 will be dropped when received by the right
switch.
Conclusion: if VLANs are not set dynamically on HP switches, the trunk ports can be
set with all VLANs permitted.
VLANs
P1 P2 P1 P2
Uplinks
Untagged in VLAN 1,
Tagged in VLAN 11, 12 & 13
P1 P2
P2
HP-C P1 HP-E
A-Series E-Series
P3 P3
Server_1 Client_1
You will now complete Lab 3.1: Configuring VLANs. Use the space below to record
any instructions your facilitator gives you for this lab.
________________________________________________________________________
________________________________________________________________________
________________________________________________________________________
________________________________________________________________________
________________________________________________________________________
________________________________________________________________________
________________________________________________________________________
________________________________________________________________________
________________________________________________________________________
________________________________________________________________________
HP Networking Interoperability
Lab debrief
What commands display ports status, port role (access, trunk, hybrid), VLANs, ports
in VLANS?
____________________________________________________________________
____________________________________________________________________
____________________________________________________________________
____________________________________________________________________
____________________________________________________________________
____________________________________________________________________
___________________________________________________________________
___________________________________________________________________
___________________________________________________________________
___________________________________________________________________
___________________________________________________________________
___________________________________________________________________
___________________________________________________________________
___________________________________________________________________
___________________________________________________________________
VLANs
___________________________________________________________________
___________________________________________________________________
___________________________________________________________________
___________________________________________________________________
___________________________________________________________________
___________________________________________________________________
___________________________________________________________________
___________________________________________________________________
___________________________________________________________________
___________________________________________________________________
___________________________________________________________________
___________________________________________________________________
___________________________________________________________________
___________________________________________________________________
HP Networking Interoperability
Module 3 summary
In this module, you have learned how to configure VLANs, configure access, trunk
and voice ports, and compare VTP and GVRP. Write down any thoughts you may
have while your facilitator reviews the content of this module.
_______________________________________________________________________
_______________________________________________________________________
_______________________________________________________________________
_______________________________________________________________________
_______________________________________________________________________
_______________________________________________________________________
_______________________________________________________________________
_______________________________________________________________________
_______________________________________________________________________
_______________________________________________________________________
_______________________________________________________________________
_______________________________________________________________________
_______________________________________________________________________
_______________________________________________________________________
_______________________________________________________________________
_______________________________________________________________________
VLANs
Learning check
Q1: What is a major difference between trunk ports on Cisco and HP A-Series?
___________________________________________________________________
___________________________________________________________________
___________________________________________________________________
___________________________________________________________________
___________________________________________________________________
___________________________________________________________________
___________________________________________________________________
___________________________________________________________________
Q2: Can you remove VLAN 1 on trunk ports on HP switches? Explain your answer.
___________________________________________________________________
___________________________________________________________________
___________________________________________________________________
___________________________________________________________________
___________________________________________________________________
___________________________________________________________________
___________________________________________________________________
___________________________________________________________________
___________________________________________________________________
HP Networking Interoperability
Q3: Can you assign a VLAN to an access port with GVRP or VTP?
___________________________________________________________________
___________________________________________________________________
___________________________________________________________________
___________________________________________________________________
___________________________________________________________________
___________________________________________________________________
___________________________________________________________________
___________________________________________________________________
Q4: Would you enable all VLANs on trunk ports in a mixed environment with HP
and Cisco switches?
___________________________________________________________________
___________________________________________________________________
___________________________________________________________________
___________________________________________________________________
___________________________________________________________________
___________________________________________________________________
___________________________________________________________________
___________________________________________________________________
___________________________________________________________________
___________________________________________________________________
3 –36 Rev. 11.12
BitSpyder - The Culture of Knowledge
Implementing MSTP
on Cisco and HP Switches
Module 4
Module 4 objectives
After completing this module, you will be able to:
Explain key parameters in Multiple Spanning Tree Protocol (MSTP)
implementation and explain how MSTP differs from Cisco’s Per VLAN Spanning
Tree Plus (PVST+)
Given specific network environment requirements, differentiate between key
design options and make the right choices when implementing MSTP to create a
redundant network
Configure Cisco and HP switches for MSTP interoperability
Rev. 11.12
BitSpyder - The Culture of Knowledge
HP Networking Interoperability
MSTP review
In this section of the module, you will review basic MSTP concepts such as MSTP
regions, load balancing, and VLAN setup in an MSTP environment. Use the space
below to record your thoughts as your facilitator asks you questions about your
experience in configuring MSTP.
_______________________________________________________________________
_______________________________________________________________________
_______________________________________________________________________
_______________________________________________________________________
_______________________________________________________________________
_______________________________________________________________________
_______________________________________________________________________
_______________________________________________________________________
_______________________________________________________________________
_______________________________________________________________________
_______________________________________________________________________
_______________________________________________________________________
_______________________________________________________________________
Rev. 11.12
BitSpyder - The Culture of Knowledge
MSTP regions—Review 1
Region Name = “Region1" Region Name = “Region1"
Revision # = 1 Revision # = 1
Instance 1 = VLANs 1, 12 Instance 1 = VLANs 1, 12
Instance 2 = VLANs 11, 13 Instance 2 = VLANs 11, 13
You will now review Multiple Spanning Tree Protocol (MSTP) regions. Configuring the
regions correctly is key to designing networks that include switches from different
vendors.
Some important facts to remember are:
MSTP was defined by the IEEE 802.1s standard, which has been incorporated
into 802.1Q-2003.
MSTP is backward compatible with Rapid Spanning Tree Protocol (RSTP)
(802.1w), which superseded the original Spanning Tree Protocol (STP) standard
(802.1D). RSTP has been incorporated into 802.1D-2004.
Q1: What MSTP parameters must be set for all switches to be in the same MSTP
region?
_____________________________________________________________________
_____________________________________________________________________
_____________________________________________________________________
Rev. 11.12
BitSpyder - The Culture of Knowledge
HP Networking Interoperability
Q3: Why would you want to put all switches within the same MSTP region?
_____________________________________________________________________
_____________________________________________________________________
_____________________________________________________________________
_____________________________________________________________________
_____________________________________________________________________
_____________________________________________________________________
Rev. 11.12
BitSpyder - The Culture of Knowledge
MSTP regions—Review 2
Region Name = “Region1 " Region Name = “Region1 "
Revision # = 1 Revision # = 1
Instance 1 = VLANs 1, 12 Instance 1 = VLANs 1, 12
Instance 2 = VLANs 11, 13 Instance 2 = VLANs 11, 13
_____________________________________________________________________
_____________________________________________________________________
_____________________________________________________________________
Q2: Besides mistakes in the region name or revision number, what conditions could
result in switches being in different regions?
_____________________________________________________________________
_____________________________________________________________________
_____________________________________________________________________
_____________________________________________________________________
Rev. 11.12
BitSpyder - The Culture of Knowledge
HP Networking Interoperability
•
•
Q1: Which Bridge Protocol Data Units (BPDUs) are used inside and outside the MSTP
region?
_____________________________________________________________________
_____________________________________________________________________
_____________________________________________________________________
_____________________________________________________________________
_____________________________________________________________________
_____________________________________________________________________
MSTP is backward compatible with RSTP and STP. A STP- or RSTP-capable switch
can interpret the first part of the MSTP BPDU, which includes CIST parameters,
such as the IST root bridge ID, which are used for the CST root bridge election.
Rev. 11.12
BitSpyder - The Culture of Knowledge
MSTP BPDUs—Review 4
1. Are MSTP BPDUs tagged?
2. Are they attached to a VLAN?
3. On a trunk port, is it required to set an untagged VLAN
for MSTP BPDUs?
4. What is the destination Mac address of an MSTP BPDU?
5. Does an MSTP BPDU carry information about all
instances?
_____________________________________________________________________
_____________________________________________________________________
_____________________________________________________________________
Q3: On a trunk port, is it required to set an untagged VLAN for MSTP BPDUs?
_____________________________________________________________________
_____________________________________________________________________
_____________________________________________________________________
_____________________________________________________________________
Rev. 11.12
BitSpyder - The Culture of Knowledge
HP Networking Interoperability
_____________________________________________________________________
_____________________________________________________________________
_____________________________________________________________________
_____________________________________________________________________
_____________________________________________________________________
The switch will not be the BPDU’s destination when MSTP is disabled. In this
case, the MSTP BPDU will be an untagged frame and will be forwarded in the
untagged VLAN. This is true for both HP A-Series and E-Series switches.
Q5: Does each MSTP BPDU include information about all instances? _____________
Rev. 11.12
BitSpyder - The Culture of Knowledge
Q: Which MSTP parameters affect the spanning tree outside of the MSTP region?
_____________________________________________________________________
_____________________________________________________________________
_____________________________________________________________________
_____________________________________________________________________
_____________________________________________________________________
_____________________________________________________________________
IST parameters—in particular the ID (priority and MAC address) of the IST root—are
key to managing interoperability outside an MSTP region, particularly with switches
running PVST+ or Rapid PVST+.
The MSTP region’s IST acts like a single virtual switch in the Common Spanning Tree
(CST), which enables the interoperation of MSTP, STP, and RSTP. In general, the CST
consists of each MSTP region’s IST and the Single Spanning Tree (SST) domains
formed by STP and RSTP switches. The CST creates a single loop-free path between
all of the IST instances and all of the SST domains.
Rev. 11.12
BitSpyder - The Culture of Knowledge
HP Networking Interoperability
_____________________________________________________________________
_____________________________________________________________________
_____________________________________________________________________
_____________________________________________________________________
_____________________________________________________________________
_____________________________________________________________________
_____________________________________________________________________
_____________________________________________________________________
Rev. 11.12
BitSpyder - The Culture of Knowledge
d.
ite
VLANs
ib
1-4094 VLANs
oh
11, 13
pr
is
n
sio
is
VLANs
m
2-11, VLANs VLANs
er
14-4094 1, 12 11, 13
tp
ou
ith
IST =“Internal Spanning-Tree”= MST Instance 0= Default Instance for VLANs
w
Figure 4-7: Mapping VLANs to MST instances—Review 7
rt
pa
Q1: What happens to the MSTP configuration when VLANs are moved to an
instance? i n
or
e
_____________________________________________________________________
l
ho
w
in
_____________________________________________________________________
n
ctio
_____________________________________________________________________
du
ro
ep
_____________________________________________________________________
.R
ly
on
_____________________________________________________________________
se
u
_____________________________________________________________________
er
ld
ho
ake
St
&L
C
P
H
Rev. 11.12
BitSpyder - The Culture of Knowledge
HP Networking Interoperability
d.
Instance 2 = VLANs 11-20
ite
ib
oh
pr
is
n
ios
is
m
er
tp
ou
ith
w
Figure 4-8: Is MSTP “aware” of the VLAN setup?—Review 8
rt
pa
Q1: Is MSTP “aware” of the VLAN setup? Explain your answer.
i n
_____________________________________________________________________
or
l e
ho
_____________________________________________________________________
w
in
_____________________________________________________________________
n
c tio
du
_____________________________________________________________________
ro
ep
.R
Q2: If all link costs are equal in each instance, which ports are root ports?
ly
_____________________________________________________________________
on
u se
_____________________________________________________________________
er
ld
ho
Q3: If all link costs are equal in each instance, which ports are alternate ports?
ke
_____________________________________________________________________
a
St
&L
_____________________________________________________________________
C
P
H
Remember that with MSTP, the port role is entirely independent of VLAN setup, as is
the topology in each instance.
Rev. 11.12
BitSpyder - The Culture of Knowledge
d.
ite
ib
oh
pr
is
Configuring MSTP on HP and Cisco
n
sio
is
Figure 4-9: MSTP design options
m
er
The next section covers design considerations for implementing MSTP on a
tp
multivendor network. Before you discuss best practices, your facilitator will ask you
ou
questions about how you configure VLANs on uplinks when MSTP is enabled on a
ith
network. Use the space below to record anything you learn from this discussion.
w
rt
_______________________________________________________________________
pa
i n
_______________________________________________________________________
or
l e
ho
_______________________________________________________________________
w
in
n
_______________________________________________________________________
c tio
du
_______________________________________________________________________
ro
ep
.R
_______________________________________________________________________
ly
on
_______________________________________________________________________
use
er
_______________________________________________________________________
ld
ho
ke
_______________________________________________________________________
a
St
&L
C
P
H
Rev. 11.12
BitSpyder - The Culture of Knowledge
HP Networking Interoperability
d.
ite
ib
oh
pr
is
n
sio
is
m
er
tp
Region name = “Region1"
ou
Revision #= 1
ith
Instance 1 = VLANs 1-10
Instance 2 = VLANs 11-20
w
rt
Figure 4-10: How do you set up VLANs setup on uplinks?
pa
n
The goals of this discussion are to put what was learned in the MSTP review into
i
or
action and to emphasize some differences between MSTP and Cisco PVST+.
l e
Q1: What are the pros and cons of setup 1and setup 2?
ho
w
_____________________________________________________________________
in
n
tio
_____________________________________________________________________
c
du
ro
_____________________________________________________________________
ep
.R
ly
_____________________________________________________________________
on
se
_____________________________________________________________________
u
er
ld
_____________________________________________________________________
ho
ake
_____________________________________________________________________
St
&L
C
P
H
Rev. 11.12
BitSpyder - The Culture of Knowledge
HP Networking Interoperability
d.
ite
ib
If VLAN 100 is added
oh
to instance 1, will this
pr
link stay active?
is
How can you ensure
n
io
that it does?
s
is
m
er
tp
Figure 4-11: Instances and VLAN settings—Activity
ou
ith
Q1: If VLAN 100 is set in instance 1, will this link forward traffic?
w
_____________________________________________________________________
rt
pa
i n
_____________________________________________________________________
or
l e
ho
Q2: How can you ensure that this link forwards traffic?
w
in
_____________________________________________________________________
n
c tio
du
_____________________________________________________________________
ro
ep
_____________________________________________________________________
.R
ly
on
_____________________________________________________________________
u se
_____________________________________________________________________
er
ld
ho
_____________________________________________________________________
ake
St
_____________________________________________________________________
&L
C
P
H
Rev. 11.12
BitSpyder - The Culture of Knowledge
MSTP setting—Activity
- Two links/VLANs separate two MSTP regions.
- IP traffic is routed between regions.
d.
ite
ib
oh
pr
is
n
sio
is
m
er
tp
ou
ith
w
rt
Figure 4-12: MSTP setting—Activity
pa
The goal of this implementation is to limit the extension of the VLANs’ broadcast
i n
domains and also to split one MSTP region in two, creating two MSTP regions and a
or
simpler setup per region.
l e
ho
Q1: Is MSTP active on the links that carry routed traffic on VLANs 100 and 200?
w
____________________________________
in
n
On Cisco switches, you would call these routed links. However, today there is no
tio
strict concept of routed links on HP switches. In other words, you cannot set an IP
c
du
address on an interface to make it routed. You create a routed link by assigning the
ro
physical interface to a unique VLAN reserved for it (100 and 200 in this example)
ep
_____________________________________________________________________
use
er
_____________________________________________________________________
ld
ho
ke
_____________________________________________________________________
a
St
&L
_____________________________________________________________________
C
P
H
_____________________________________________________________________
_____________________________________________________________________
Rev. 11.12
BitSpyder - The Culture of Knowledge
d.
– What happens if you add VLAN 14 on switch D?
ite
ib
oh
pr
is
n
sio
is
m
er
Config name = “Region1“
tp
Revision #= 1
ou
Instance 1 = VLANs 1, 12
Instance 2 = VLANs 11, 13
ith
IST instance = VLANs 2-10, 14-4094
w
rt
Figure 4-13: Adding a new VLAN on a switch implementing MSTP
pa
Q1: What happens if you add VLAN 14 on switch D? i n
or
_____________________________________________________________________
l e
ho
w
_____________________________________________________________________
in
n
tio
_____________________________________________________________________
c
du
ro
_____________________________________________________________________
ep
.R
ly
_____________________________________________________________________
on
se
u
er
ld
ho
ake
St
&L
C
P
H
Rev. 11.12
BitSpyder - The Culture of Knowledge
HP Networking Interoperability
d.
3. What can you do to limit the MSTP region changes?
ite
ib
oh
pr
Use IST
is
parameters to establish
n
the spanning tree
s io
is
m
er
tp
Config name = “Region1" Config name = “Region1"
Revision number = 1 Revision number = 1
ou
Instance 1 = VLANs 1 12 Instance 1 = VLANs 1 12
ith
Instance 2 = VLANs 11 13 Instance 2 = VLANs 11 13 14
IST instance = VLANs 2 - 10 14 - 4094 IST instance = VLANs 2 - 10 15 - 4094
w
rt
Figure 4-14: Assigning a VLAN to an MST instance
pa
n
Every time you add or delete a VLAN from an MST instance other than 0, it changes
i
or
the mapping of the VLAN to instances, and then it changes the region of that switch.
l e
Q1: What happens if you add VLAN 14 on switch D? (You learned on the previous
ho
slide.)
w
in
_____________________________________________________________________
n
c tio
_____________________________________________________________________
du
ro
ep
_____________________________________________________________________
.R
ly
on
_____________________________________________________________________
u se
_____________________________________________________________________
ho
ake
_____________________________________________________________________
St
&L
C
_____________________________________________________________________
P
H
_____________________________________________________________________
_____________________________________________________________________
Rev. 11.12
BitSpyder - The Culture of Knowledge
Note that the average failover timeout when moving from MSTP to RSTP may not be
longer than 1 to 3 seconds.
Q3: What can you do to limit the MSTP region changes?
_____________________________________________________________________
d.
ite
ib
_____________________________________________________________________
oh
pr
is
_____________________________________________________________________
n
sio
is
_____________________________________________________________________
m
er
tp
_____________________________________________________________________
ou
ith
_____________________________________________________________________
w
rt
pa
The following page presents two strategies.
i n
or
l e
ho
w
in
n
c tio
du
ro
ep
.R
ly
on
use
er
ld
ho
ake
St
&L
C
P
H
Rev. 11.12
BitSpyder - The Culture of Knowledge
HP Networking Interoperability
d.
ite
ib
oh
VLANs 11-2000 VLANs 1-100
pr
is
n
io
VLANs 2001-4094 VLANs 101-200
s
is
m
er
tp
VLANs 1-10 VLANs 200-4094
ou
ith
w
Figure 4-15: Strategies to place VLANs in MSTP instances
rt
pa
These two strategies are designed to reduce:
Failover due to changes in MSTP instances i n
or
e
Configuration overhead due to adding and deleting VLANs from MST instances
l
ho
Pros:
n
tio
Cons:
.R
You might find it complex to implement setups that do not use a range of
u
Rev. 11.12
BitSpyder - The Culture of Knowledge
Strategy 2: Do not move VLANs when they are created. Leave them in instance 0
and make all during the planning maintenance window.
Pros:
In this strategy, you can add VLANs and downtime is limited to once every
d.
“n” months.
ite
ib
This strategy reduces the number of changes that need to be made at once.
oh
pr
This strategy does not require you to set up instances in advance.
is
Cons:
n
sio
While setup requirements are minimized, this strategy still requires changes
is
m
and some failover time every “n” months.
er
tp
ou
ith
w
rt
pa
i n
or
l e
ho
w
in
n
c tio
du
ro
ep
.R
ly
on
use
er
ld
ho
ake
St
&L
C
P
H
Rev. 11.12
BitSpyder - The Culture of Knowledge
HP Networking Interoperability
MSTP—Path costs
d.
ite
ib
oh
pr
is
n
io
s
is
m
er
tp
stp pathcost-
Default Default
ou
standard dot1t
ith
Figure 4-16: MSTP—Path costs
w
rt
pa
Figure 4-16 shows the default path costs for HP A-Series, E-Series, and Cisco switches.
n
While the slide covers MSTP implementations, note that both RSTP and MSTP utilize
i
or
the 20000 cost value.
e
On both HP E-Series switches and Cisco switches, MSTP implements the IEEE
l
ho
PVST+/Rapid PVST+, the long option for spanning-tree path costs can change the
in
legacy cost. If you need to use the standard MSTP cost calculation for full
ro
HP A-Series switches to use the costs in the STP 802.1D standard version. You might
se
select this option when you use the HP A-Series switches with Cisco switches that
u
implement PVST+ and do not support the long option for path cost calculation.
er
ld
ho
ake
St
&L
C
P
H
Rev. 11.12
BitSpyder - The Culture of Knowledge
Configuring MSTP
MSTP review
MSTP design options
d.
ite
ib
oh
pr
is
n
sio
is
m
er
Figure 4-17: Configuring MSTP
tp
ou
In this section, you will learn about the key differences in configuring MSTP on HP A-
ith
Series, E-Series, and Cisco switches.
w
rt
pa
i n
or
l e
ho
w
in
n
ctio
du
ro
ep
.R
ly
on
use
er
ld
ho
ake
St
&L
C
P
H
Rev. 11.12
BitSpyder - The Culture of Knowledge
HP Networking Interoperability
d.
ite
2.
2 Define region parameters.
ib
• Config name, revision number, and instances
oh
pr
3.
3 Set root and secondary root in each MST instance.
is
4.
4 Set edge and non-edge ports.
n
io
5.
5 Enable spanning-tree.
s
is
m
6 Connect the switches.
er
tp
ou
Figure 4-18: Configuring MSTP—Major steps
ith
This slide summarizes the major steps in configuring MSTP. As you configure MSTP,
w
keep in mind the following default settings:
rt
pa
HP E-Series switches use MSTP as the default STP version, but it is not enabled by
i n
default. When MSTP is manually enabled, all ports are auto-edge-ports by
or
default. Auto-edge ports send and listen for BPDUs for three seconds. If they do
l e
Cisco uses Per VLAN Spanning Tree Plus (PVST+) as the default STP version, and
c
du
it is enabled by default. When you change the mode to MSTP, all ports are non-
ro
Rev. 11.12
BitSpyder - The Culture of Knowledge
d.
ite
•Catalyst 2950, 3550, 3560, 3750: IOS 12.2(25)SEC
ib
•Catalyst 2955: supported on all versions
oh
•Catalyst 4000, 2948G and 2980G: CatOS 12.2(25)SG
pr
•Catalyst 4000: IOS12.2(25)SG
is
•Catalyst 6000: native IOS 12.2(18)SXF or CatOS 8.3
n
io
•MSTP is not supported on following: Catalyst 2900XL, 3500XL,
s
is
2948G-L3, 4908G-L3, 5000, 5500, 8500
m
er
– Earlier versions than the ones specified implement a pre-standard of MSTP
tp
that is compliant with 802.1s.
ou
– The pre-standard and standard commands look the same, so do not use
ith
them to check for support.
w
Figure 4-19: IOS requirements for MSTP on Cisco
rt
pa
Some Cisco switches, such as the 2900 XL and the others mentioned above, do not
i
support MSTP. On others, double check the IOS version.n
or
e
You must double check the IOS version because the commands will not tell you
l
ho
whether your switch is capable of implementing MSTP. (They are the same as
w
standard MSTP commands.) Pre-standard MSTP looks identical in the CLI but is not
in
compatible with 802.1s. It will use RSTP, however, to interoperate with the MSTP
n
tio
switches.
c
du
ro
ep
.R
ly
on
use
er
ld
ho
ake
St
&L
C
P
H
Rev. 11.12
BitSpyder - The Culture of Knowledge
HP Networking Interoperability
d.
!Enable MSTP mode and define MSTP parameters
ite
Cisco(config)# spanning-tree mode mst
Cisco(config)# spanning-tree mst configuration
ib
Cisco(config-mst)# instance 1 vlan 1,12
oh
Cisco(config-mst)# instance 2 vlan 11,13
Cisco(config-mst)# name Region1
pr
Cisco(config-mst)# revision 1
is
Cisco(config-mst)# ! EXIT Required to validate config
Cisco(config-mst)# exit
n
io
!Set CiscoA as root of instance 0 and 1
s
CiscoA(config)# spanning-tree mst 0 priority 0
is
CiscoA(config)# spanning-tree mst 1 priority 0
m
CiscoA(config)# spanning-tree mst 2 priority 4096
er
tp
!Set CiscoB as root of instance 2
CiscoB(config)# spanning-tree mst 0 priority 4096
ou
CiscoB(config)# spanning-tree mst 1 priority 4096
CiscoB(config)# spanning-tree mst 2 priority 0
ith
w
!Enable PortFast on all access ports
Cisco(config)# spanning-tree portfast default
rt
pa
Figure 4-20: Cisco and HP MSTP scenario: Cisco switch configurations
i n
or
The slide displays the commands for configuring the Cisco switches to implement
e
You must set MSTP mode because it is not the default mode.
w
in
You must also define the region parameters. In this example these are:
n
tio
Revision number: 1
ro
ep
1.
er
ld
You must type for the MSTP region commands to take effect.
St
&L
C
P
H
Rev. 11.12
BitSpyder - The Culture of Knowledge
d.
#MSTP is default
ite
#Enable MSTP standard cost (not default)
ib
[Switch] stp pathcost-standard dot1t
oh
#Define MSTP region parameters
pr
[Switch]stp region-configuration
[Switch-mst-region] region-name Region1
is
[Switch-mst-region] revision-level 1
n
[Switch-mst-region] instance 1 vlan 1 11
io
[Switch-mst-region] instance 2 vlan 12 to 13
s
[Switch-mst-region] active region-configuration
is
m
#STP is not enabled by default
[Switch] stp enable
er
tp
#Define edge ports using a port group
ou
[Switch]port-group manual edge-1
[Switch-…] group-member Gi 1/0/1 to Gi 1/0/40
ith
[Switch-…] port link-type access
[Switch-…] port access vlan 11
w
[Switch-…] stp edged-port enable
rt
pa
Figure 4-21: Cisco and HP MSTP scenario: HP A-Series switch configurations
i n
As you learned earlier, on HP A-Series switches, the default path cost does not
or
adhere to the 802.1t-2001 standard. Unless you configure the dot1t standard in this
l e
ho
scenario, the alternate port will not be on the access layer side but rather on the
w
secondary root side. This error arises because the legacy values of the HP A-Series
in
Fast-Ethernet:200
c
du
Gigabit: 20
ro
ep
10 Gig: 2
.R
ly
on
use
er
ld
ho
ake
St
&L
C
P
H
Rev. 11.12
BitSpyder - The Culture of Knowledge
Troubleshooting MSTP
Use the following guidelines for troubleshoot MSTP in a multivendor environment:
If a switch is the root in an instance when it should not be, and its priority is
d.
correct, the switch probably belongs to another MSTP region.
ite
ib
Verify the MSTP configuration parameters.
oh
pr
If an edge switch can no longer forward traffic when its root port is down, verify
is
the VLAN configuration on the alternate port.
n
io
The alternate and root ports should carry the same VLANs (untagged or
s
tagged).
is
m
er
If MSTP does not converge quickly, check that uplinks are set as non-edge and
tp
point-to-point.
ou
ith
w
rt
pa
i n
or
l e
ho
w
in
n
c tio
du
ro
ep
.R
ly
on
use
er
ld
ho
ake
St
&L
C
P
H
Rev. 11.12
BitSpyder - The Culture of Knowledge
HP Networking Interoperability
d.
Check that Cisco switches can support MSTP and upgrade IOS if required.
ite
ib
Schedule downtime for changing the STP mode.
oh
pr
The step-by-step transition might introduce some downtime.
is
Carefully plan MSTP instances:
n
io
Possibly preset all VLANs in instances.
s
is
m
Pay attention to instance 0 for interoperability with non-MSTP switches.
er
tp
Analyze the location of your region boundaries, if any.
ou
Disable STP on routed links or when the VLAN topology prevents loops.
ith
w
rt
pa
i n
or
l e
ho
w
in
n
c tio
du
ro
ep
.R
ly
on
u se
er
ld
ho
ake
St
&L
C
P
H
Rev. 11.12
BitSpyder - The Culture of Knowledge
d.
ite
ib
oh
pr
is
n
sio
is
m
er
tp
ou
ith
Figure 4-23: Lab 4.1: Configuring MSTP
w
rt
You will now complete a lab in which you configure Cisco, HP A-Series, and HP E-
pa
Series switches to implement MSTP.
i n
Use the space below to record any instructions your facilitator gives you for this lab.
or
e
________________________________________________________________________
l
ho
w
in
________________________________________________________________________
n
c tio
________________________________________________________________________
du
ro
ep
________________________________________________________________________
.R
ly
on
________________________________________________________________________
use
________________________________________________________________________
er
ld
ho
________________________________________________________________________
ake
St
________________________________________________________________________
&L
C
P
________________________________________________________________________
H
________________________________________________________________________
Rev. 11.12
BitSpyder - The Culture of Knowledge
HP Networking Interoperability
Lab debrief
1. What are your key insights about MSTP?
a. Did you discover something new?
d.
ite
b. Did you discover something that surprised you?
ib
_______________________________________________________________________
oh
pr
is
_______________________________________________________________________
n
sio
is
_______________________________________________________________________
m
er
tp
_______________________________________________________________________
ou
ith
w
2. What were your greatest challenges?
rt
pa
a. Did you learn something that helped you to address the challenges?
n
_______________________________________________________________________
i
or
l e
ho
_______________________________________________________________________
w
in
_______________________________________________________________________
n
c tio
du
_______________________________________________________________________
ro
ep
a. What did you discover that you can apply in the field?
on
_______________________________________________________________________
u se
er
_______________________________________________________________________
ld
ho
ke
_______________________________________________________________________
a
St
&L
_______________________________________________________________________
C
P
H
_______________________________________________________________________
_______________________________________________________________________
Rev. 11.12
BitSpyder - The Culture of Knowledge
Module 4 summary
In this module, you reviewed MSTP concepts such as regions, instances, and
interoperability with RSTP and STP. If you were more familiar with PVST+ when you
d.
began the module you should now understand how MSTP operates in a slightly
ite
different way.
ib
oh
You also learned the steps and commands for implementing MSTP on Cisco, HP A-
pr
Series, and HP E-Series switches. You analyzed the problems that might occur if you
is
do not set up consistent path costs across the platforms and also studied several
n
scenarios and best practices for MSTP design. Finally, you learned a little about
sio
troubleshooting MSTP in a multi-vendor environment.
is
m
er
tp
ou
ith
w
rt
pa
i n
or
l e
ho
w
in
n
ctio
du
ro
ep
.R
ly
on
use
er
ld
ho
ake
St
&L
C
P
H
Rev. 11.12
BitSpyder - The Culture of Knowledge
HP Networking Interoperability
Learning check
Q1: Is the MSTP region name case sensitive?
_________________________________________________________________________
d.
ite
Q2: Is MSTP aware of VLAN configuration? Explain your answer.
ib
_________________________________________________________________________
oh
pr
is
_________________________________________________________________________
n
sio
is
_________________________________________________________________________
m
er
tp
_________________________________________________________________________
ou
ith
w
Q3: Which parameters are applied outside of an MSTP region?
rt
pa
_________________________________________________________________________
i n
or
_________________________________________________________________________
l e
ho
w
_________________________________________________________________________
in
n
tio
_________________________________________________________________________
c
du
ro
Q4: Can a switch that implements STP be the root of the CST?
ep
_________________________________________________________________________
.R
ly
_________________________________________________________________________
u se
er
_________________________________________________________________________
ld
ho
ke
_________________________________________________________________________
a
St
&L
_________________________________________________________________________
C
P
H
_________________________________________________________________________
_________________________________________________________________________
Rev. 11.12
BitSpyder - The Culture of Knowledge
d.
_________________________________________________________________________
ite
ib
oh
_________________________________________________________________________
pr
is
n
_________________________________________________________________________
sio
is
m
_________________________________________________________________________
er
tp
ou
_________________________________________________________________________
ith
w
_________________________________________________________________________
rt
pa
i n
or
l e
ho
w
in
n
ctio
du
ro
ep
.R
ly
on
use
er
ld
ho
ake
St
&L
C
P
H
Rev. 11.12
H
P
C
&L
St
ake
ho
ld
er
use
on
HP Networking Interoperability
ly
.R
ep
ro
du
c tio
n
in
w
ho
le
or
i
BitSpyder - The Culture of Knowledge
n
pa
rt
w
ith
ou
tp
er
m
is
sio
n
is
Rev. 11.12
pr
oh
ib
ite
d.
BitSpyder - The Culture of Knowledge
d.
ite
ib
oh
Module 5 objectives
pr
is
After this module, you will be able to:
n
io
Explain the interoperability capabilities and limits of Cisco’s Per VLAN Spanning
s
is
Tree Plus protocol (PVST+) and Rapid PVST+ with Spanning Tree Protocol (STP),
m
Rapid Spanning Tree Protocol (RSTP), and Multiple Spanning Tree Protocol
er
tp
(MSTP)
ou
Select an STP option to integrate HP switches and Cisco switches based on
ith
customer constraints and the existing network
w
rt
Configure STP on HP switches and PVST+ with Cisco switches for integration in a
pa
redundant network
i n
or
l e
ho
w
in
n
c tio
du
ro
ep
.R
ly
on
use
er
ld
ho
ake
St
&L
C
P
H
Rev. 11.12
BitSpyder - The Culture of Knowledge
HP Networking Interoperability
d.
Multiple Spanning Tree Protocol (MSTP) with Cisco’s Per VLAN Spanning Tree Plus
ite
(PVST+), and learn about the BPDUs that are exchanged. Use the space below to
ib
record your thoughts as your facilitator explains the information covered in this
oh
section. You may also want to write down any questions you have, so you can be
pr
pay particular attention to that section of the module.
is
n
_______________________________________________________________________
sio
is
m
_______________________________________________________________________
er
tp
ou
_______________________________________________________________________
ith
w
_______________________________________________________________________
rt
pa
i n
_______________________________________________________________________
or
l e
ho
_______________________________________________________________________
w
in
n
_______________________________________________________________________
c tio
du
_______________________________________________________________________
ro
ep
.R
_______________________________________________________________________
ly
on
_______________________________________________________________________
u se
er
_______________________________________________________________________
ld
ho
ke
_______________________________________________________________________
a
St
&L
_______________________________________________________________________
C
P
H
Rev. 11.12
BitSpyder - The Culture of Knowledge
d.
ite
ib
oh
pr
is
n
sio
is
m
er
tp
Standard Proprietary based on standard
ou
Single instance One STP instance per VLAN
ith
One STP topology One STP topology per VLAN
Untagged BPDUs
w
Tagged BPDUs per VLAN
rt
Figure 5-1: How do STP/RSTP and Cisco PVST+/Rapid PVST+ differ?
pa
n
It is important to understand the key differences between STP/RSTP and
i
or
PVST+/Rapid PVST+.
l e
ho
Blocked ports are physically blocked, blocking all VLANs configured on that
tio
port.
c
du
Standard BPDUs are sent untagged and are not attached to any VLAN.
ro
ep
The BPDUs are always sent no matter which VLANs are configured on
.R
the link. They are untagged (even if the link has only a tagged
ly
membership).
on
01:80:c2:00:00:00.
er
ho
St
H
PVST+ BPDUs are set tagged on ports when the VLAN is tagged on a port
and untagged when VLANs are untagged.
Rev. 11.12
BitSpyder - The Culture of Knowledge
HP Networking Interoperability
d.
ite
Backbonefast, uplinkfast and portfast are specific mechanisms to speed
ib
STP convergence on Cisco platforms.
oh
Rapid PVST+ uses the same principles as PVST+ but is based on RSTP
pr
(802.1w) for its fast convergence mechanisms.
is
n
With Rapid PVST+, link cost is based on 802.1D calculations:
sio
is
Fast Ethernet: 19
m
er
Gigabit: 4
tp
10 Gigabit: 2
ou
ith
When you enter the global
w
command, the switch uses RSTP and MSTP standard costs:
rt
pa
Fast Ethernet: 200 000
Gigabit: 20 000 i n
or
e
10 Gigabit: 2000
l
ho
w
in
n
ctio
du
ro
ep
.R
ly
on
u se
er
ld
ho
ake
St
&L
C
P
H
Rev. 11.12
BitSpyder - The Culture of Knowledge
d.
ite
ib
oh
pr
is
n
sio
is
m
One STP topology per VLAN One STP Topology per instance
er
Proprietary Standard
tp
Fast convergence with Rapid PVST+ Fast convergence included
ou
High overhead Reduced overhead
ith
Config per VLAN Config per instance
PVST+ aware of VLAN topology MSTP not aware of VLAN topology
w
rt
Figure 5-2: PVST+ versus MSTP
pa
n
Very often there are misconceptions about MSTP versus PVST+. MSTP is not the
i
or
standard version of PVST+ or Rapid PVST+. Here are the key differences between
e
MSTP
in
instance.
ld
ho
Standard MSTP BPDUs are sent untagged and are not attached to any
ke
VLAN.
a
St
MSTP BPDUs contain information about all instances. (See the BPDU
C
page.)
P
H
Rev. 11.12
BitSpyder - The Culture of Knowledge
HP Networking Interoperability
d.
ite
(See the following pages.)
ib
There is only one instance of STP per VLAN.
oh
pr
BPDUs are sent in each VLAN, which creates overhead.
is
The port role is defined on a per VLAN basis.
n
sio
A design recommendation is to reduce the number of VLANs on the
is
switch to reduce overhead due to BPDUs per VLAN.
m
er
PVST+ BPDUs are sent tagged on ports when a VLAN is tagged on the
tp
port, and untagged when a VLAN untagged.
ou
ith
Forwarding and reception of PVST BPDUs directly depends on a VLAN’s
w
existence on the link.
rt
pa
The MAC address of a BPDU is a standard bridge multicast MAC address:
01:80:c2:00:00:0. i n
or
l e
ho
w
in
n
c tio
du
ro
ep
.R
ly
on
u se
er
ld
ho
ake
St
&L
C
P
H
Rev. 11.12
BitSpyder - The Culture of Knowledge
d.
ite
ib
oh
pr
is
n
sio
is
m
er
tp
ou
ith
True if VLAN 1 is ALLOWED on the trunk.
w
VLAN 1 may or may not be the native VLAN
rt
Figure 5-3: Spanning tree BPDUs
pa
n
STP, RST, MSTP and PVST+ use different types of BPDUs. Understanding what BPDUs
i
or
are generated by a switch and what received BPDUs are interpreted by a switch
e
Standard BPDUs
n
tio
RSTP BPDUs are backward compatible with STP BPDUs, and MSTP BPDUs
are backward compatible with both. When a device that supports only
ly
on
RSTP or STP receives an MSTP BPDU, it can interpret all of the BPDU except
se
the MSTP-specific data. The CIST data includes the ID for the region’s IST
u
root bridge, which is the ID for the region as a whole acting like a single
er
logical bridge.
ld
ho
Note that VLAN 1 does not need to be the native VLAN for standard
P
Rev. 11.12
BitSpyder - The Culture of Knowledge
HP Networking Interoperability
If Rapid PVST+ is enabled, then RSTP BPDUs are sent instead of STP BPDUs.
In an untagged/native VLAN (if different than 1), PVST+ BPDUs with Cisco
MAC addresses are sent.
PVST+ BPDUs are only understood by switches running PVST+.
d.
ite
In tagged VLANs, PVST BPDUs are tagged and use Cisco MAC addresses.
ib
oh
PVST+ BPDUs are only understood by switches running PVST+.
pr
is
n
sio
is
m
er
tp
ou
ith
w
rt
pa
i n
or
l e
ho
w
in
n
c tio
du
ro
ep
.R
ly
on
u se
er
ld
ho
ake
St
&L
C
P
H
Rev. 11.12
BitSpyder - The Culture of Knowledge
d.
switchport mode access
ite
ib
oh
pr
interface GigabitEthernet 1/20
is
switchport access vlan 11
switchport mode access
n
switchport voice vlan 12
sio
is
m
er
tp
ou
Figure 5-4: Cisco PVST+: Which BPDUs are sent on trunk ports?
ith
w
Standard BPDUs are sent if VLAN 1 is allowed on the trunk port. If VLAN 1 is not
rt
allowed, no standard BPDUs are sent, and interoperability with standard-based
pa
switches cannot occur.
i n
or
l e
ho
w
in
n
c tio
du
ro
ep
.R
ly
on
use
er
ld
ho
ake
St
&L
C
P
H
Rev. 11.12
BitSpyder - The Culture of Knowledge
HP Networking Interoperability
d.
ite
interface GigabitEthernet 1/20
ib
switchport access vlan 11
oh
switchport mode access
pr
is
n
io
interface GigabitEthernet 1/20
s
switchport access vlan 11
is
switchport mode access
m
switchport voice vlan 12
er
tp
ou
ith
w
Figure 5-5: Cisco PVST+: Which BPDUs are sent on access ports?
rt
pa
On Cisco access ports, standard BPDUs are sent, which allows interoperability to
i n
occur on access ports. However, if the port is a voice over IP (VoIP) port, and if a
or
voice VLAN is defined on that port, no standard BPDUs are sent. This should not be
l e
__________________________________________________________________
n
c tio
du
__________________________________________________________________
ro
ep
.R
__________________________________________________________________
ly
on
__________________________________________________________________
u se
er
__________________________________________________________________
ld
ho
ke
__________________________________________________________________
a
St
&L
__________________________________________________________________
C
P
H
Rev. 11.12
BitSpyder - The Culture of Knowledge
d.
ite
• MAC address: 1) Standard 01:80:c2:00:00:00 2) Cisco 01:00:0c:cc:cc:cd
ib
• BDPU Frame is: A) Tagged B) Untagged
oh
pr
is
BPDU Type:…. MAC @:…… Tagged/Untagged:….
n
sio
BPDU Type:…. MAC @:…… Tagged/Untagged:….
is
m
er
tp
BPDU Type:…. MAC @:…… Tagged/Untagged:….
ou
ith
BPDU Type:…. MAC @:…… Tagged/Untagged:….
w
rt
Figure 5-6: Spanning tree BPDUs—Quiz 1
pa
Answer each question for all VLANs.
in
or
Q1-a: For Cisco Switch 1, what types of BPDUs are sent? (Choose from STP, RSTP,
le
ho
____________________________________________________________________
c tio
du
____________________________________________________________________
ro
ep
.R
Q1-b: For Cisco Switch 1, what MAC address is used, standard, or Cisco?
ly
on
____________________________________________________________________
use
____________________________________________________________________
er
ld
ho
____________________________________________________________________
ake
St
Q1-c: Are the BPDUs that Cisco Switch 1 sends out tagged or untagged?
&L
C
____________________________________________________________________
P
H
____________________________________________________________________
____________________________________________________________________
Rev. 11.12
BitSpyder - The Culture of Knowledge
HP Networking Interoperability
Q2-a: For Cisco Switch 2, what types of BPDUs are sent? (Choose from STP, RSTP,
d.
____________________________________________________________________
ite
ib
oh
____________________________________________________________________
pr
is
____________________________________________________________________
n
sio
is
m
____________________________________________________________________
er
tp
Q2-b: For Cisco Switch 2, what MAC address is used, standard, or Cisco?
ou
ith
____________________________________________________________________
w
rt
pa
____________________________________________________________________
i n
or
____________________________________________________________________
l e
ho
w
____________________________________________________________________
in
n
tio
____________________________________________________________________
c
du
ro
Q2-c: Are the BPDUs that Cisco Switch 2 sends out tagged or untagged?
ep
.R
____________________________________________________________________
ly
on
____________________________________________________________________
u se
er
____________________________________________________________________
ld
ho
ke
____________________________________________________________________
a
St
&L
____________________________________________________________________
C
P
H
Rev. 11.12
BitSpyder - The Culture of Knowledge
d.
ite
BPDU type: PVST+ MAC @: Cisco Tagged VLAN 10
ib
oh
pr
BPDU type: RPVST+ MAC @: Cisco Untagged
is
n
io
BPDU type: STP MAC @: Std Untagged
s
is
m
er
BPDU type: RSTP MAC @: Std Untagged
tp
ou
BPDU type: MSTP MAC @: Std Untagged
ith
w
rt
Figure 5-7: Spanning tree BPDUs—Quiz 2
pa
n
Your goal for this activity is to learn standard and proprietary BPDUs are handled by
i
or
Cisco and HP switches, preparing yourself for the interoperability scenarios that will
e
Q1: For each BPDU in Figure 5-7, specify whether each switch will inspect, drop, or
w
forward a received BPDU of that type. When you are finished, you should have a
in
n
total of 20 answers, but your instructor might assign you and your group to a
tio
The table on the next page provides a space to enter your answers.
ro
ep
.R
ly
on
use
er
ld
ho
ake
St
&L
C
P
H
Rev. 11.12
BitSpyder - The Culture of Knowledge
HP Networking Interoperability
d.
ite
ib
oh
pr
is
B
n
sio
is
m
er
tp
ou
ith
C
w
rt
pa
i n
or
l e
ho
D
w
in
n
c tio
du
ro
ep
E
.R
ly
on
u se
er
ld
ho
a ke
St
&L
C
P
H
Rev. 11.12
BitSpyder - The Culture of Knowledge
d.
ite
ib
stp region-configuration
oh
region-name PCU1
pr
revision-level 1
instance 1 vlan 1 11
is
instance 2 vlan 12 to 13
active region-configuration
n
io
quit
s
is
port-group manual edge-1
m
group-member Gi 1/0/1 to Gi 1/0/44
stp edged-port enable
er
quit
tp
stp enable
ou
ith
Is the MSTP region configuration required?
w
Under what circumstances, would you
rt
configure these settings?
pa
Figure 5-16: Cisco and HP scenario 1: HP A-Series switch configuration
i n
or
Q1: Is the MSTP region configuration required?
l e
ho
_________________________________________________________________
w
in
_________________________________________________________________
n
c tio
du
_________________________________________________________________
ro
ep
.R
_________________________________________________________________
ly
on
_________________________________________________________________
use
er
Q2: Under what circumstances, would you configure the MSTP region settings?
ld
ho
_________________________________________________________________
ake
St
_________________________________________________________________
&L
C
_________________________________________________________________
P
H
_________________________________________________________________
_________________________________________________________________
Rev. 11.12
BitSpyder - The Culture of Knowledge
HP Networking Interoperability
d.
ite
ib
spanning-tree
oh
spanning-tree 1-44 admin-edge-port
pr
is
n
s io
is
In the latest versions of current E-Series
m
software, MSTP is default.
er
With these configurations, what is the region
tp
name?
ou
ith
w
rt
Figure 5-17: Cisco-HP scenario 1: HP E-Series switch configuration
pa
Q1: With these configurations, what is the region name?
i n
or
_________________________________________________________________
l e
ho
w
_________________________________________________________________
in
n
tio
_________________________________________________________________
c
du
ro
_________________________________________________________________
ep
.R
ly
_________________________________________________________________
on
se
_________________________________________________________________
u
er
ld
_________________________________________________________________
ho
ake
St
&L
C
P
H
Rev. 11.12
BitSpyder - The Culture of Knowledge
d.
switches are in aggregation layer with load balancing enabled between them.
ite
ib
oh
pr
is
n
sio
is
m
er
tp
ou
ith
w
rt
pa
i n
or
l e
ho
w
in
n
c tio
du
ro
ep
.R
ly
on
use
er
ld
ho
ake
St
&L
C
P
H
Rev. 11.12
BitSpyder - The Culture of Knowledge
HP Networking Interoperability
PVST+/STP interoperability—Scenario 2
d.
Does traffic from Cisco C
ite
experience the PVST+ load
balancing effect?
ib
oh
Does traffic from HP Switch D
pr
experience this effect?
is
n
Can you obtain load balancing
io
for HP D?
s
is
m
er
tp
ou
Figure 5-18: PVST+/STP interoperability—Scenario 2
ith
w
In Scenario 2, you implement the load balancing that is already in effect in many
rt
Cisco networks for the HP to Cisco links.
pa
Q1: Does traffic from Cisco C experience the PVST+ load balancing effect on uplinks
to the aggregation layer? i n
or
e
_________________________________________________________________
l
ho
w
in
_________________________________________________________________
n
c tio
_________________________________________________________________
du
ro
ep
_________________________________________________________________
ly
on
se
_________________________________________________________________
u
er
ld
_________________________________________________________________
ho
ake
_________________________________________________________________
C
P
_________________________________________________________________
H
_________________________________________________________________
Rev. 11.12
BitSpyder - The Culture of Knowledge
d.
ite
ib
oh
pr
is
n
sio
is
m
er
tp
ou
ith
w
Figure 5-19: Scenario 2—VLAN topologies
rt
pa
In scenario 1, the MSTP/RSTP edge switch did not forward PVST+ BPDUs because
one uplink was physically blocked. i n
or
In this scenario, you will change the configuration so that the blocked port is on the
l e
ho
secondary root instead of the HP switch at the access layer. This topology permits the
w
forwarding of PVST+ BPDUs to the Cisco switch as shown in the figure. From the
in
Cisco switches’ point of view, it seems that the two core switches are connected by a
n
direct cable. Thus the secondary root for each VLAN blocks the link, causing different
tio
Rev. 11.12
BitSpyder - The Culture of Knowledge
HP Networking Interoperability
d.
ite
ib
oh
pr
is
n
sio
is
m
er
tp
ou
ith
w
Figure 5-20: What setup is required in VLAN 1?
rt
pa
How do you configure the switches so that the ports on the secondary root switches
i n
are blocked? You must configure the VLAN 1 topology so that secondary root switch
or
for VLAN 1 (Cisco B) blocks the port that connects to HP C. Therefore, the root path
l e
One way to configure the desired root path cost is to increase the path cost of Cisco
in
B to the root (on PO1) in VLAN 1. The second way is to reduce the path cost on the
n
tio
_________________________________________________________________
ep
.R
ly
_________________________________________________________________
on
se
_________________________________________________________________
u
er
ld
_________________________________________________________________
a
St
&L
_________________________________________________________________
C
P
H
_________________________________________________________________
Rev. 11.12
BitSpyder - The Culture of Knowledge
d.
ite
ib
oh
pr
is
n
sio
is
m
er
tp
ou
ith
w
Figure 5-21: Cisco view in other VLANs
rt
pa
Now that the blocked port has moved from HP C to Cisco B, HP C will forward Cisco
n
PVST+ BPDUs. From the PVST+ or Rapid PVST+ point of view, the two aggregation
i
or
switches seem to be connected together. Consequently, ports that lead to HP switches
e
may become the root port for the Cisco switches in various VLANs, blocking the
l
ho
Q1: On Cisco B, what is the root port in VLANs 11 and13 if the cost is 20000?
n
tio
_________________________________________________________________
c
du
ro
_________________________________________________________________
ep
.R
_________________________________________________________________
ly
on
se
_________________________________________________________________
u
er
ld
Q2: How do you ensure that po1 is selected as the root port?
ho
ke
_________________________________________________________________
a
St
&L
_________________________________________________________________
C
P
_________________________________________________________________
H
_________________________________________________________________
Rev. 11.12
BitSpyder - The Culture of Knowledge
HP Networking Interoperability
d.
ite
ib
spanning-tree mode rapid-pvst
oh
spanning-tree extend system-id
spanning-tree path cost method long
pr
spanning-tree vlan 1,12 priority 0
spanning-tree vlan 11,13 priority 4096
is
interface po 1
n
spanning-tree vlan 1 cost 30000
io
spanning-tree vlan 11-13 cost 10000
s
is
m
spanning-tree mode rapid-pvst
er
spanning-tree extend system-id
tp
spanning-tree path cost method long
spanning-tree vlan 1,12 priority 4096
ou
spanning-tree vlan 11,13 priority 0
ith
interface po 1
spanning-tree vlan 1 cost 30000
w
spanning-tree vlan 11-13 cost 10000
rt
pa
Figure 5-22: Cisco and HP scenario 2: Cisco switch configurations
i n
Pay attention to the cost configured for po1 on Cisco A and B in various VLANs. In
or
VLAN 1, the cost is increased to 30000, and in other VLANs it is decreased to
l e
ho
10000. (If the Cisco switches were not using the long path cost method, the values
w
would be 5 and 3.) These configurations ensure that the proper ports forward and
in
block traffic in each VLAN to implement load balancing and efficient use of the
n
connections.
c tio
_________________________________________________________________
ep
.R
_________________________________________________________________
ly
on
se
_________________________________________________________________
u
er
ld
_________________________________________________________________
ho
ake
_________________________________________________________________
St
&L
C
_________________________________________________________________
P
H
Rev. 11.12
BitSpyder - The Culture of Knowledge
d.
ite
ib
oh
pr
is
n
s io
is
m
er
tp
ou
ith
w
rt
pa
Figure 5-23: What about other Cisco switches in the access layer?
i n
The goal of this page is to point out a drawback of the previous setup when there are
or
also Cisco switches at the edge implementing PVST+ uplinkfast. This feature requires
l e
ho
one uplink (the root port) to be up, and the other one (the alternate port) to be
w
Q1: If Cisco C implements PVST+ uplinkfast, what is the drawback of the setup
n
tio
_________________________________________________________________
ro
ep
_________________________________________________________________
.R
ly
on
_________________________________________________________________
u
er
ld
ho
_________________________________________________________________
ake
St
_________________________________________________________________
C
P
H
_________________________________________________________________
_________________________________________________________________
Rev. 11.12
BitSpyder - The Culture of Knowledge
HP Networking Interoperability
d.
Load sharing of traffic on aggregation devices
ite
•
ib
Name some reasons not to set up load balancing
oh
Complexity
pr
•
Asymmetric routing causing excessive unicast flooding
is
•
n
Suggestions for load balancing traffic include:
sio
Send data traffic on one uplink and VoIP and video on another
is
•
m
In a data center, send data traffic on one uplink and backup traffic on
er
•
another
tp
ou
Figure 5-24: What is the purpose of load balancing?
ith
w
Q1: Name some good reasons to set up load balancing.
rt
pa
_________________________________________________________________
i n
or
_________________________________________________________________
l e
ho
w
_________________________________________________________________
in
n
tio
_________________________________________________________________
c
du
ro
_________________________________________________________________
ep
.R
_________________________________________________________________
ly
on
se
_________________________________________________________________
u
er
ld
_________________________________________________________________
ho
ake
_________________________________________________________________
St
&L
C
_________________________________________________________________
P
H
Rev. 11.12
BitSpyder - The Culture of Knowledge
_________________________________________________________________
d.
ite
ib
_________________________________________________________________
oh
pr
is
_________________________________________________________________
n
sio
is
_________________________________________________________________
m
er
tp
_________________________________________________________________
ou
ith
_________________________________________________________________
w
rt
pa
_________________________________________________________________
i n
or
e
_________________________________________________________________
l
ho
w
_________________________________________________________________
in
n
ctio
_________________________________________________________________
du
ro
ep
_________________________________________________________________
.R
ly
_________________________________________________________________
on
use
_________________________________________________________________
er
ld
ho
_________________________________________________________________
ake
St
_________________________________________________________________
&L
C
_________________________________________________________________
P
H
_________________________________________________________________
Rev. 11.12
BitSpyder - The Culture of Knowledge
HP Networking Interoperability
d.
ite
ib
oh
pr
is
n
sio
is
m
er
tp
ou
ith
Figure 5-25: Lab 5.1: PVST+/MSTP interoperability
w
rt
You will now complete Lab 5.1: Configuring PVST+/MSTP interoperability, in which
pa
you practice configuring the scenarios covered in this module. Use the space below
i n
to record any instructions your facilitator gives you for this lab.
or
e
________________________________________________________________________
l
ho
w
in
________________________________________________________________________
n
c tio
________________________________________________________________________
du
ro
ep
________________________________________________________________________
.R
ly
on
________________________________________________________________________
u se
________________________________________________________________________
er
ld
ho
________________________________________________________________________
ake
St
________________________________________________________________________
&L
C
________________________________________________________________________
P
H
________________________________________________________________________
Rev. 11.12
BitSpyder - The Culture of Knowledge
Lab debrief
– What did you find challenging?
– What do you think is the most important thing you learned
d.
about PVST+-MSTP interoperability?
ite
ib
– Of what you learned in the lab, what will be the most useful
oh
for you in the field?
pr
is
n
Figure 5-26: Lab debrief
sio
is
Record your thoughts about the lab here.
m
er
_________________________________________________________________
tp
ou
ith
_________________________________________________________________
w
rt
pa
_________________________________________________________________
i n
or
_________________________________________________________________
l e
ho
w
_________________________________________________________________
in
n
tio
_________________________________________________________________
c
du
ro
_________________________________________________________________
ep
.R
_________________________________________________________________
ly
on
se
_________________________________________________________________
u
er
ld
_________________________________________________________________
ho
ake
_________________________________________________________________
St
&L
C
P
H
Rev. 11.12
BitSpyder - The Culture of Knowledge
HP Networking Interoperability
d.
ite
ib
oh
pr
is
n
sio
is
m
er
tp
ou
ith
w
rt
pa
i n
or
l e
ho
w
in
n
c tio
du
ro
ep
.R
ly
on
u se
er
ld
ho
ake
St
&L
C
P
H
Rev. 11.12
BitSpyder - The Culture of Knowledge
HP in aggregation—Scenario 3
How would you manage these
redundant connections?
d.
ite
What are your
recommendations for setting up
ib
IRF?
oh
pr
is
n
sio
is
m
er
Prefer IRF to STP based solutions
tp
ou
Figure 5-27: HP in aggregation—Scenario 3
ith
Q1: How would you manage the redundant connections in this scenario?
w
rt
_________________________________________________________________
pa
i n
or
_________________________________________________________________
l e
ho
_________________________________________________________________
w
in
n
tio
_________________________________________________________________
c
du
ro
_________________________________________________________________
ep
.R
_________________________________________________________________
use
_________________________________________________________________
er
ld
ho
_________________________________________________________________
ake
St
_________________________________________________________________
&L
C
P
_________________________________________________________________
H
Rev. 11.12
BitSpyder - The Culture of Knowledge
HP Networking Interoperability
HP in aggregation—Scenario 3 (cont.)
d.
• Both the access and core layers
ite
can use link aggregations to
connect to the IRF in the
ib
aggregation layer.
oh
• Thus you create a redundant
pr
network without an STP
is
requirement.
n
sio
is
m
er
tp
ou
ith
Figure 5-28: HP in aggregation—Scenario 3 (cont.)
w
rt
This slide shows a core layer. Note that both access and core switches can use link
pa
aggregation to connect to the two switches that compose the IRF. In this way, you can
n
create a redundant network without implementing STP of any type.
i
or
l e
ho
w
in
n
c tio
du
ro
ep
.R
ly
on
u se
er
ld
ho
ake
St
&L
C
P
H
Rev. 11.12
BitSpyder - The Culture of Knowledge
d.
Which BPDUs are sent and
ite
received by Cisco switches in
ib
VLAN 1?
oh
Which BPDUs are sent and
pr
received by HP switches?
is
n
If HP A and B are root and
io
secondary root in the CST, what
s
is
are the root port and alternate
m
ports in VLAN1 on Cisco switches?
er
tp
What happens if the long path cost
method is enabled?
ou
ith
w
rt
pa
Figure 5-29: HP in aggregation—Scenario 3: With MSTP and PVST+
i n
or
Examine the scenario. Assume that in this network VLAN 1 is allowed on uplinks so
e
Q1: Which BPDUs are sent and received by Cisco switches in VLAN 1?
in
_________________________________________________________________
n
ctio
du
_________________________________________________________________
ro
ep
.R
_________________________________________________________________
ly
on
_________________________________________________________________
use
er
_________________________________________________________________
ake
St
_________________________________________________________________
&L
C
_________________________________________________________________
P
H
_________________________________________________________________
Rev. 11.12
BitSpyder - The Culture of Knowledge
HP Networking Interoperability
Q3: If HP switches A and B are the roots in the CST, what are the root port and
alternate ports in VLAN 1 on Cisco switches?
_________________________________________________________________
d.
_________________________________________________________________
ite
ib
oh
_________________________________________________________________
pr
is
n
_________________________________________________________________
sio
is
m
_________________________________________________________________
er
tp
ou
_________________________________________________________________
ith
w
Q4: What happens if the long path cost method is not enabled?
rt
pa
_________________________________________________________________
i n
or
e
_________________________________________________________________
l
ho
w
_________________________________________________________________
in
n
c tio
_________________________________________________________________
du
ro
ep
_________________________________________________________________
.R
ly
_________________________________________________________________
on
u se
er
ld
ho
ake
St
&L
C
P
H
Rev. 11.12
BitSpyder - The Culture of Knowledge
d.
Which BPDUs are sent and received
ite
by Cisco switches in other VLANs?
ib
oh
How do HP switches handle the
pr
PVST+ BPDUs?
is
If Cisco C has the lowest bridge ID,
n
what will the topology be in the
io
other VLANs from the Cisco
s
is
switches’ point of view?
m
er
tp
ou
ith
w
rt
pa
Figure 5-30: HP in aggregation—Scenario 3: With MSTP and PVST+ (cont.)
i n
or
Q1: Which BPDUs are sent and received by Cisco switches in other VLANs?
e
_________________________________________________________________
l
ho
w
in
_________________________________________________________________
n
c tio
_________________________________________________________________
du
ro
ep
_________________________________________________________________
.R
ly
on
_________________________________________________________________
use
_________________________________________________________________
er
ld
ho
_________________________________________________________________
&L
C
_________________________________________________________________
P
H
_________________________________________________________________
_________________________________________________________________
Rev. 11.12
BitSpyder - The Culture of Knowledge
HP Networking Interoperability
_________________________________________________________________
_________________________________________________________________
d.
_________________________________________________________________
ite
ib
oh
_________________________________________________________________
pr
is
n
Q3: Having exchanged these BPDUs, what topology do the switches create? Assume
sio
that the Cisco switches are using their default priorities and that Cisco C has the
is
m
lowest MAC address.
er
_________________________________________________________________
tp
ou
ith
_________________________________________________________________
w
rt
pa
_________________________________________________________________
i n
or
_________________________________________________________________
l e
ho
w
_________________________________________________________________
in
n
tio
_________________________________________________________________
c
du
ro
_________________________________________________________________
ep
.R
ly
_________________________________________________________________
on
se
_________________________________________________________________
u
er
ld
_________________________________________________________________
ho
ake
St
&L
C
P
H
Rev. 11.12
BitSpyder - The Culture of Knowledge
HP in aggregation—Scenario 3: Configuration
!Cisco Access configuration:
spanning-tree mode rapid-pvst
d.
spanning-tree extend system-id
spanning-tree path cost method long
ite
ib
! Set Cisco B as the root of other VLANs
oh
spanning-tree vlan 2-6 priority 0
pr
!To get a load balancing effect per VLAN,
different cost are set on uplinks
is
interface GigabitEthernet2/1
n
spanning-tree vlan 1-3 cost 10000
io
spanning-tree vlan 4-6 cost 30000
s
is
interface GigabitEthernet2/2
m
spanning-tree vlan 1-3 cost 30000
er
spanning-tree vlan 4-6 cost 10000
tp
ou
ith
Figure 5-31: HP in aggregation—Scenario 3: Configuration
w
rt
The commands shown in the slide configure Cisco C for the scenario introduced in
pa
the previous slides. The commands would be similar for the other Cisco switches;
i n
however, you would not change their priorities, or you would assign these switches
or
different priorities.
l e
ho
The slide shows how you can set the path costs so that the switch load balances
w
traffic over its two links rather that always selects the port with the lower ID:
in
n
Set the port cost to 10000 to have the uplink port become the root port (or
tio
Set the port cost to 30000 to have the uplink port become the alternate port.
ro
ep
Alternate which ports are set to 10000 and which are set to 30000 in different
.R
VLANs.
ly
This slide does not show the configuration for the HP switches, which are
on
implementing MSTP. Within the MSTP region, HP A is root bridge and VRRP master
se
Rev. 11.12
BitSpyder - The Culture of Knowledge
HP Networking Interoperability
d.
ite
ib
oh
pr
is
n
io
•
s
•
is
•
m
•
er
•
tp
ou
ith
w
rt
Figure 5-32: Lab 5.2: PVST+/MSTP interoperability: HP at the aggregation layer (Optional)
pa
n
In this lab, you practice configuring a scenario like the one that you have just
i
or
examined. You will configure a network with HP A-Series switches at the aggregation
e
layer, implementing MSTP, and Cisco switches at the edge, implementing Rapid
l
ho
PVST+.
w
in
Use the space below to record any instructions your facilitator gives you for this lab.
n
________________________________________________________________________
c tio
du
ro
________________________________________________________________________
ep
.R
________________________________________________________________________
ly
on
se
________________________________________________________________________
u
er
ld
________________________________________________________________________
ho
ke
________________________________________________________________________
a
St
&L
________________________________________________________________________
C
P
H
________________________________________________________________________
________________________________________________________________________
Rev. 11.12
BitSpyder - The Culture of Knowledge
Lab debrief
– What key things did you learn about configuring MSTP with
HP switches at the aggregation layer and Cisco at the
d.
edge?
ite
ib
– What were your greatedst challenges?
oh
– If you had to apply such a design at a customer site, what
pr
to-do list would you create?
is
n
sio
Figure 5-33: Lab debrief
is
m
er
Record your thoughts about the lab here.
tp
_________________________________________________________________
ou
ith
w
_________________________________________________________________
rt
pa
_________________________________________________________________
i n
or
e
_________________________________________________________________
l
ho
w
in
_________________________________________________________________
n
ctio
_________________________________________________________________
du
ro
ep
_________________________________________________________________
.R
ly
on
_________________________________________________________________
use
_________________________________________________________________
er
ld
ho
_________________________________________________________________
ake
St
&L
C
P
H
Rev. 11.12
BitSpyder - The Culture of Knowledge
HP Networking Interoperability
Module 5 summary
– PVST+ or Rapid PVST+ do interoperate with standard STP
protocols. VLAN 1 setup is key.
d.
ite
– Load balancing can be obtained. This requires a careful
ib
setup and understanding of the consequences.
oh
pr
– There are alternatives to enabling STP, such as disabling
is
STP, smart Link, and monitor link.
n
io
– Set your priorities between convergence speed, load-
s
is
balancing and ease of setup.
m
er
– Remember that a solution that is easy to set up is also easy
tp
to maintain.
ou
ith
Figure 5-34: Module 5 summary
w
In this module, you have been introduced to the concept of interoperability, and you
rt
pa
reviewed three practical scenarios in which it was implemented. Record your
n
thoughts here while your facilitator reviews what was covered in this module.
i
or
____________________________________________________________________
l e
ho
w
____________________________________________________________________
in
n
tio
____________________________________________________________________
c
du
ro
____________________________________________________________________
ep
.R
ly
____________________________________________________________________
on
se
____________________________________________________________________
u
er
ld
____________________________________________________________________
ho
ake
St
____________________________________________________________________
&L
C
____________________________________________________________________
P
H
____________________________________________________________________
Rev. 11.12
BitSpyder - The Culture of Knowledge
Learning check
Q1: When does PVST+ interoperate with standard STP? And with RSTP? And with
MSTP?
d.
____________________________________________________________________
ite
ib
oh
____________________________________________________________________
pr
is
n
____________________________________________________________________
sio
is
m
____________________________________________________________________
er
tp
ou
Q2: Does an HP switch “understand” (that is process and interpret) tagged PVST+
ith
BPDUs? If not, does it drop them or forward them?
w
____________________________________________________________________
rt
pa
n
____________________________________________________________________
i
or
l e
ho
____________________________________________________________________
w
in
____________________________________________________________________
n
ctio
du
Q3: What is the default cost value in PVST+ and Rapid-PVST+ for a Gigabit port?
ro
ep
____________________________________________________________________
.R
ly
____________________________________________________________________
on
use
____________________________________________________________________
er
ld
ho
mechanisms?
a
St
____________________________________________________________________
&L
C
____________________________________________________________________
P
H
____________________________________________________________________
____________________________________________________________________
Rev. 11.12
H
P
C
&L
St
ake
ho
ld
er
use
on
HP Networking Interoperability
ly
.R
ep
ro
du
c tio
n
in
w
ho
le
or
i
BitSpyder - The Culture of Knowledge
n
pa
rt
w
ith
ou
tp
er
m
is
sio
n
is
Rev. 11.12
pr
oh
ib
ite
d.
BitSpyder - The Culture of Knowledge
d.
Module 6 objectives
ite
ib
oh
After completing this module, you will be able to:
pr
Select and configure features to replace Spanning Tree Protocol (STP) in
is
n
sio
Disable STP on edge switches to integrate them into in a multivendor
is
environment
m
er
Configure smart link on HP A-Series switches
tp
ou
Configure monitor link on HP A-Series switches
ith
w
rt
pa
i n
or
l e
ho
w
in
n
ctio
du
ro
ep
.R
ly
on
use
er
ld
ho
ake
St
&L
C
P
H
Rev. 11.12 –
BitSpyder - The Culture of Knowledge
HP Networking Interoperability
d.
ite
ib
oh
pr
is
n
sio
is
m
er
tp
Figure 6-1: Reminder: With IRF, STP is unnecessary
ou
ith
Q1: What are the key advantages of using IRF for redundancy?
w
___________________________________________________________________
rt
pa
n
___________________________________________________________________
i
or
l e
ho
___________________________________________________________________
w
in
___________________________________________________________________
c
du
ro
___________________________________________________________________
ep
.R
ly
___________________________________________________________________
on
se
___________________________________________________________________
u
er
ld
ho
___________________________________________________________________
a
St
&L
___________________________________________________________________
C
P
H
___________________________________________________________________
___________________________________________________________________
– Rev. 11.12
BitSpyder - The Culture of Knowledge
d.
Record your thoughts here. Once the lecture has started, feel free to ask questions
ite
you may about disabling STP on HP edge switches.
ib
oh
pr
is
____________________________________________________________________
n
io
s
is
____________________________________________________________________
m
er
tp
____________________________________________________________________
ou
ith
w
____________________________________________________________________
rt
pa
n
____________________________________________________________________
i
or
l e
____________________________________________________________________
ho
w
in
____________________________________________________________________
n
c tio
du
____________________________________________________________________
ro
ep
____________________________________________________________________
.R
ly
on
____________________________________________________________________
use
____________________________________________________________________
er
ld
ho
____________________________________________________________________
ake
St
____________________________________________________________________
&L
C
P
____________________________________________________________________
H
____________________________________________________________________
Rev. 11.12 –
BitSpyder - The Culture of Knowledge
HP Networking Interoperability
d.
– What is the resulting topology?
ite
ib
oh
pr
is
n
sio
is
m
er
tp
ou
ith
w
rt
Figure 6-2: What happens when STP is disabled on the HP edge switch?
pa
Q1: What happens to BPDUs sent by Cisco switches? i n
or
____________________________________________________________________
l e
ho
w
____________________________________________________________________
in
n
tio
____________________________________________________________________
c
du
ro
____________________________________________________________________
ep
.R
ly
____________________________________________________________________
u se
er
____________________________________________________________________
ld
ho
ke
____________________________________________________________________
a
St
&L
____________________________________________________________________
C
P
H
____________________________________________________________________
____________________________________________________________________
– Rev. 11.12
BitSpyder - The Culture of Knowledge
d.
How do you make sure this
ite
link is the root port?
ib
oh
pr
is
n
io
s
is
m
er
tp
ou
ith
w
rt
pa
Figure 6-3: What happens when STP is disabled on the HP edge switch? (cont.)
n
Just as in the “HP and Cisco Scenario 2” in Module 5: Interoperability Among
i
or
PVST+, Rapid PVST+, and MSTP, several ports can now be the root port because
l e
their cost maybe equal. Traffic between aggregation switches should be transmitted
ho
on the direct link or link-aggregation between them, and you should avoid having
w
loop. Although you don’t want to enable STP on the edge switch, you can use loop
tio
Q1: How do you make sure the link between Cisco aggregation switches is the root
ro
port?
ep
.R
_____________________________________________________________________
ly
on
_____________________________________________________________________
use
er
_____________________________________________________________________
ld
ho
ke
_____________________________________________________________________
a
St
&L
_____________________________________________________________________
C
P
H
_____________________________________________________________________
_____________________________________________________________________
Rev. 11.12 –
BitSpyder - The Culture of Knowledge
d.
port and blocks a slave port. If the master port fails, smart link enables a rapid
ite
failover.
ib
oh
pr
is
____________________________________________________________________
n
io
s
is
____________________________________________________________________
m
er
tp
____________________________________________________________________
ou
ith
w
____________________________________________________________________
rt
pa
n
____________________________________________________________________
i
or
l e
____________________________________________________________________
ho
w
in
____________________________________________________________________
n
c tio
du
____________________________________________________________________
ro
ep
____________________________________________________________________
.R
ly
on
____________________________________________________________________
use
____________________________________________________________________
er
ld
ho
____________________________________________________________________
ake
St
____________________________________________________________________
&L
C
P
____________________________________________________________________
H
____________________________________________________________________
Rev. 11.12 –
BitSpyder - The Culture of Knowledge
HP Networking Interoperability
d.
Very fast failover (<100 ms)
ite
ib
Does not require STP
oh
– Master and slave roles can be
pr
shared on a per-instance basis.
is
n
sio
is
m
Figure 6-5: Smart link on HP A-Series switches
er
tp
Developed to address STP’s slow convergence, smart link is applied on edge
ou
switches connected with redundant links to upstream switches. It supports link
ith
redundancy and provides fast convergence.
w
A master link connects a switch to the rest of the network. The master link is active
rt
pa
while a slave link is standby. If the master link fails, a slave port becomes active with
n
only a very short delay.
i
or
To summarize, smart link features the following:
l e
ho
Sub-second convergence
in
n
Easy configuration
tio
c
The master and slave roles can be shared among VLAN instances. The master role
du
can also be set to preempt the slave role if the master fails and then comes back up.
ro
ep
.R
ly
on
u se
er
ld
ho
ake
St
&L
C
P
H
– Rev. 11.12
BitSpyder - The Culture of Knowledge
d.
ite
# Create a smart link group 1
[SwitchC] smart-link group 1
ib
oh
# Configure all VLANs mapped to MSTIs 0 -15 as the protected VLANs
pr
[SwitchC-smlk-group1] protected-vlan reference-instance 0 to 15
is
# Configure Gigabit 1/0/1 as the master port
n
[SwitchC-smlk-group1] port gigabitethernet 1/0/1 master
io
s
# Configure Gigabit 1/0/2 as the slave port of smart link group 1
is
m
[SwitchC-smlk-group1] port gigabitethernet 1/0/2 slave
er
# Configure preemption
tp
[SwitchC-smlk-group1] preemption mode role
ou
ith
w
Figure 6-6: Simple smart link configuration
rt
pa
In this simple configuration, the role of the smart link ports is defined for all VLANs
n
(all instances). In the above configuration, port gig 1/0/1 is the master/active, and
i
or
port gig 1/0/2 is the slave.
l e
ho
If the master fails, the slave takes over. If master comes up again, it will preempt the
w
slave.
in
n
c tio
du
ro
ep
.R
ly
on
use
er
ld
ho
ake
St
&L
C
P
H
Rev. 11.12 –
BitSpyder - The Culture of Knowledge
HP Networking Interoperability
d.
ite
ib
oh
pr
# Create 2 instances
is
[SwitchC] vlan 1 to 200
n
[SwitchC] stp region-configuration
io
[SwitchC-mst-region] instance 1 vlan 1 to 100
s
[SwitchC-mst-region] instance 2 vlan 101 to 200
is
[SwitchC-mst-region] active region-configuration
m
er
# Ports are set as trunk and STP is disabled
tp
[SwitchC] interface gigabitethernet 1/0/1
[SwitchC-GigabitEthernet1/0/1] stp disable
ou
[SwitchC-GigabitEthernet1/0/1] port link-type trunk
ith
[SwitchC-GigabitEthernet1/0/1] port trunk permit vlan all
w
rt
pa
Figure 6-7: Smart link and load balancing
i n
This configuration is designed to make best use of both uplinks on the edge switch.
or
The master and slave roles can be configured per VLAN instance.
l e
ho
Instances are configured through MSTP, even though STP is not involved on the port
w
in smart link. The idea is to synchronize the instances configuration with the setup of
in
virtual IPs (using Hot Standby Router Protocol [HSRP] or Virtual Router Redundancy
n
tio
The uplink is set as master for the VLANs on which the HSRP owner is directly
ro
– Rev. 11.12
BitSpyder - The Culture of Knowledge
d.
[SwitchC-smlk-group1] protected-vlan reference-instance 1
ite
# Gigabit 1/0/1 is the master & Gigabit 1/0/2 is the slave
ib
[SwitchC-smlk-group1] port gigabitethernet 1/0/1 master
oh
[SwitchC-smlk-group1] port gigabitethernet 1/0/2 slave
# Enable role preemption in smart link group 1
pr
is
[SwitchC-smlk-group1] preemption mode role
n
# Create smart link group 2
io
s
[SwitchC] smart-link group 2
is
[SwitchC-smlk-group1] protected-vlan reference-instance 2
m
# Gigabit 1/0/2 is the master & Gigabit 1/0/1 the slave
er
tp
[SwitchC-smlk-group1] port gigabitethernet 1/0/1 slave
[SwitchC-smlk-group1] port gigabitethernet 1/0/2 master
ou
# Enable role preemption in smart link group 2
ith
[SwitchC-smlk-group1] preemption mode role
w
Figure 6-8: Smart link and load balancing (cont.)
rt
pa
This configuration includes two smart link groups:
i n
or
Smart link group 1
l e
ho
ro
Because link switchovers can outdate the MAC address forwarding entries and
er
ld
HP Networking Interoperability
d.
associated device will forward the received flush messages directly without any
ite
processing.
ib
oh
Do not remove the control VLANs. Otherwise, flush messages cannot be sent
pr
properly.
is
Make sure that the control VLANs are existing VLANs. You must assign the port
n
io
capable of receiving flush messages to the control VLANs.
s
is
m
er
tp
ou
ith
w
rt
pa
i n
or
l e
ho
w
in
n
c tio
du
ro
ep
.R
ly
on
u se
er
ld
ho
ake
St
&L
C
P
H
– Rev. 11.12
BitSpyder - The Culture of Knowledge
d.
Device ID: 000f-e23d-5af0
ite
Preemption mode: ROLE
Control VLAN: 10
ib
Protected VLAN: Reference Instance 1
oh
Member Role State Flush-count Last-flush-time
pr
------------------------------------------------------------
GigabitEthernet1/0/1 MASTER ACTIVE 5 16:37:20 2010/02/21
is
GigabitEthernet1/0/2 SLAVE STANDBY 1 17:45:20 2010/02/21
n
io
Smart link group 2 information:
s
Device ID: 000f-e23d-5af0
is
Preemption mode: ROLE
m
Control VLAN: 101
er
Protected VLAN: Reference Instance 2
tp
Member Role State Flush-count Last-flush-time
ou
-------------------------------------------------------------
GigabitEthernet1/0/2 MASTER ACTIVE 5 16:37:20 2010/02/21
ith
GigabitEthernet1/0/1 SLAVE STANDBY 1 17:45:20 2010/02/21
w
rt
Figure 6-9: Smart link status
pa
n
You can use the command to view your smart link configuration.
i
or
For example, you can see how many smart link groups are configured and which
e
_______________________________________________________________________
n
ctio
_______________________________________________________________________
du
ro
ep
_______________________________________________________________________
.R
ly
on
_______________________________________________________________________
use
_______________________________________________________________________
er
ld
ho
_______________________________________________________________________
ake
St
_______________________________________________________________________
&L
C
P
_______________________________________________________________________
H
_______________________________________________________________________
Rev. 11.12 –
BitSpyder - The Culture of Knowledge
HP Networking Interoperability
d.
Cisco switches support a similar feature, but on these switches, it is called uplink
ite
failure detection.
ib
oh
pr
is
____________________________________________________________________
n
sio
is
____________________________________________________________________
m
er
tp
____________________________________________________________________
ou
ith
w
____________________________________________________________________
rt
pa
n
____________________________________________________________________
i
or
l e
____________________________________________________________________
ho
w
in
____________________________________________________________________
n
c tio
du
____________________________________________________________________
ro
ep
____________________________________________________________________
.R
ly
on
____________________________________________________________________
u se
____________________________________________________________________
er
ld
ho
____________________________________________________________________
ake
St
____________________________________________________________________
&L
C
P
____________________________________________________________________
H
____________________________________________________________________
– Rev. 11.12
BitSpyder - The Culture of Knowledge
d.
– What happens if the uplink fails?
ite
ib
– When is it an interesting design
oh
option?
pr
is
n
io
s
is
m
er
tp
ou
Figure 6-10: Monitor link on HP A-Series switches
ith
Q1: In this architecture, is there a loop? Why or why not?
w
rt
______________________________________________________________
pa
i n
or
______________________________________________________________
l e
ho
______________________________________________________________
w
in
n
______________________________________________________________
du
ro
ep
______________________________________________________________
.R
ly
on
______________________________________________________________
use
______________________________________________________________
ho
ake
______________________________________________________________
St
&L
C
______________________________________________________________
P
H
______________________________________________________________
Rev. 11.12 –
BitSpyder - The Culture of Knowledge
HP Networking Interoperability
d.
– With monitor link, if an uplink
ite
ib
fails, downlinks are shut down.
oh
– This triggers switchover in NIC
pr
teaming on servers:
is
n
Very fast failover (<100 ms)
sio
Does not require STP
is
m
Easy setup
er
tp
Figure 6-11: Monitor link on HP A-Series switches (cont.)
ou
ith
In this configuration, servers are connected to two switches. The two switches are
w
not connected together. Each server switch is connected with a single link to an
rt
pa
upstream switch. Overall, this does not create a loop because servers don’t bridge
n
the traffic.
i
or
The advantage of such a configuration is the ability to connect servers redundantly
l e
the server cannot sense it. Server traffic will then be lost.
w
in
This is where the monitor link feature can help. With monitor link, the status of the
n
tio
downlink ports is linked with the status of the uplink. If the uplink fails, then
c
downlinks are set to down. In return, this triggers the NIC teaming failover on the
du
servers.
ro
ep
.R
ly
on
u se
er
ld
ho
ake
St
&L
C
P
H
– Rev. 11.12
BitSpyder - The Culture of Knowledge
d.
# Configure Gigabit 1/0/1 as an uplink port
ite
and Gigabit 1/0/2 - 3 as downlink ports.
ib
[SwitchC-mtlk-group1] port gigabitethernet1/0/1 uplink
oh
[SwitchC-mtlk-group1] port gigabitethernet1/0/2 downlink
pr
[SwitchC-mtlk-group1] port gigabitethernet1/0/3 downlink
is
# Check status of monitor link group 1.
n
io
<SwitchC> display monitor-link group 1
s
Monitor link group 1 information:
is
Group status: DOWN
m
Last-up-time: -
er
Last-down-time: -
Member Role Status
tp
------------------------------------------
ou
GigabitEthernet1/0/1 UPLINK DOWN
GigabitEthernet1/0/2 DOWNLINK DOWN
ith
GigabitEthernet1/0/3 DOWNLINK DOWN
w
Figure 6-12: Monitor link configuration
rt
pa
Enabling monitor link is very easy. You must define a monitor link group. Then, you
i n
must configure the uplink port (switch uplink) and downlink ports (server ports).
or
e
To check the status of the monitor link group, use the command,
l
ho
as shown in the figure. In this example, the output shows the uplink is down.
w
in
n
c tio
du
ro
ep
.R
ly
on
use
er
ld
ho
ake
St
&L
C
P
H
Rev. 11.12 –
BitSpyder - The Culture of Knowledge
HP Networking Interoperability
d.
ite
ib
oh
pr
is
n
sio
is
m
er
tp
ou
ith
w
Figure 6-13: Lab 6.1a: Redundancy without STP
rt
pa
In this lab, you will configure the redundancy methods you have learned about in this
n
module. You will first disable STP on an edge switch and observe the effect this has
i
or
on the STP network. The topology for this part of the lab is shown in Figure 6-13.
l e
ho
You will then configure smart link and monitor link on HP A-Series switches. Figures 6-
w
14 and 6-15 illustrate the topologies for these sections of the lab.
in
n
c tio
du
ro
ep
.R
ly
on
u se
er
ld
ho
ake
St
&L
– Rev. 11.12
BitSpyder - The Culture of Knowledge
d.
ite
ib
oh
pr
is
n
io
s
is
m
er
tp
ou
ith
w
Figure 6-15: Lab 6.1c: Monitor link
rt
pa
Use the space below to record any behavior you want to observe or test about these
i n
redundancy methods. Refer back to this list as you complete the lab.
or
________________________________________________________________________
l e
ho
w
________________________________________________________________________
in
n
tio
________________________________________________________________________
c
du
ro
ep
________________________________________________________________________
.R
ly
________________________________________________________________________
on
use
________________________________________________________________________
er
ld
ho
________________________________________________________________________
ake
St
________________________________________________________________________
&L
C
________________________________________________________________________
P
H
Rev. 11.12 –
BitSpyder - The Culture of Knowledge
HP Networking Interoperability
Lab debrief
– What did you learn in this “redundancy without STP” lab?
– What were your challenges?
d.
ite
– What do you think you will apply in the field?
ib
oh
pr
Figure 6-16: Lab debrief
is
n
What did you learn in this “redundancy without STP” lab?
sio
____________________________________________________________________
is
m
er
tp
____________________________________________________________________
ou
ith
____________________________________________________________________
w
rt
pa
____________________________________________________________________
i n
or
____________________________________________________________________
l e
ho
w
____________________________________________________________________
in
n
tio
____________________________________________________________________
ro
ep
.R
____________________________________________________________________
ly
on
____________________________________________________________________
u se
er
____________________________________________________________________
ld
ho
ke
____________________________________________________________________
a
St
&L
____________________________________________________________________
C
P
H
– Rev. 11.12
BitSpyder - The Culture of Knowledge
____________________________________________________________________
d.
ite
ib
____________________________________________________________________
oh
pr
is
____________________________________________________________________
n
io
s
is
____________________________________________________________________
m
er
tp
____________________________________________________________________
ou
ith
____________________________________________________________________
w
rt
pa
____________________________________________________________________
i n
or
e
____________________________________________________________________
l
ho
w
____________________________________________________________________
in
n
c tio
____________________________________________________________________
du
ro
ep
____________________________________________________________________
.R
ly
____________________________________________________________________
on
use
____________________________________________________________________
er
ld
ho
____________________________________________________________________
ake
St
____________________________________________________________________
&L
C
____________________________________________________________________
P
H
____________________________________________________________________
Rev. 11.12 –
BitSpyder - The Culture of Knowledge
HP Networking Interoperability
Module 6 summary
– Remember that a solution that is easy to set up is also easy
to maintain.
d.
ite
ib
oh
Figure 6-17: Module 6 summary
pr
is
In this module, you have been introduced to ways to create network redundancy
n
io
without STP, including disabling STP on edge switches, and also using smart link and
s
monitor link. Record your thoughts here while your facilitator reviews what was
is
m
covered in this module.
er
tp
_________________________________________________________________________
ou
ith
_________________________________________________________________________
w
rt
pa
_________________________________________________________________________
i n
or
e
_________________________________________________________________________
l
ho
w
_________________________________________________________________________
in
n
tio
_________________________________________________________________________
c
du
ro
ep
_________________________________________________________________________
.R
ly
_________________________________________________________________________
on
u se
_________________________________________________________________________
er
ld
ho
_________________________________________________________________________
ake
St
_________________________________________________________________________
&L
C
P
H
– Rev. 11.12
BitSpyder - The Culture of Knowledge
Learning check
– With STP disabled on an HP switch:
Does it forward or drop standard STP BPDUs?
d.
Can you load balance traffic?
ite
What can occur if STP is disabled at the edge?
ib
oh
– What is required to enable the smart link feature?
pr
What do you enable to get load balancing with smart link?
is
n
io
s
Figure 6-18: Learning check
is
m
er
With STP disabled on an HP switch:
tp
Q1a: Does the switch forward or drop standard STP BPDUs?
ou
ith
_____________________________________________________________________
w
rt
pa
_____________________________________________________________________
i n
or
_____________________________________________________________________
l e
ho
w
_____________________________________________________________________
in
n
tio
_____________________________________________________________________
c
du
ro
_____________________________________________________________________
ly
on
_____________________________________________________________________
use
er
_____________________________________________________________________
ld
ho
ke
_____________________________________________________________________
a
St
&L
_____________________________________________________________________
C
P
H
Rev. 11.12 –
BitSpyder - The Culture of Knowledge
HP Networking Interoperability
_____________________________________________________________________
d.
ite
ib
_____________________________________________________________________
oh
pr
is
Q2a: What is required to enable the smart link feature?
n
io
_____________________________________________________________________
s
is
m
er
_____________________________________________________________________
tp
ou
_____________________________________________________________________
ith
w
rt
_____________________________________________________________________
pa
i n
or
Q2b: What do you enable to get load balancing with smart link?
l e
_____________________________________________________________________
ho
w
in
_____________________________________________________________________
n
c tio
du
_____________________________________________________________________
ro
ep
_____________________________________________________________________
.R
ly
on
Q3: With monitor link, if the downlink goes down, does it trigger the uplink to switch
se
to down status?
u
_____________________________________________________________________
er
ld
ho
_____________________________________________________________________
ake
St
_____________________________________________________________________
&L
C
P
_____________________________________________________________________
H
_____________________________________________________________________
– Rev. 11.12
BitSpyder - The Culture of Knowledge
Hardening STP
Module 7
d.
Module 7 objectives
ite
ib
oh
After completing this module, you will be able to:
pr
Set up the features that can be used to stabilize Spanning Tree Protocol (STP) on
is
a LAN:
n
sio
On edge ports--Bridge Protocol Data Unit (BPDU) guard, loop protect, and
is
Topology Change Notification (TCN) guard
m
er
On uplinks—UniDirectional Link Detection (UDLD), root guard, loop guard,
tp
and BPDU filter
ou
ith
w
rt
pa
i n
or
l e
ho
w
in
n
ctio
du
ro
ep
.R
ly
on
use
er
ld
ho
ake
St
&L
C
P
H
Rev. 11.12 7 –1
BitSpyder - The Culture of Knowledge
HP Networking Interoperability
d.
• Unidirectional links
ite
• Rogue devices talking STP
ib
oh
• Continuous STP topology changes due to flapping ports or end-user
pr
ports not set to edge mode (PortFast)
is
• Loops not detected by STP
n
sio
is
Blocked
m
gigabit link
er
tp
Rogue switch
root bridge
ou
ith
w
Figure 7-1: Spanning tree problems
rt
pa
Figure 7-1 shows some of the factors that cause instability in spanning tree.
Hardening STP helps mitigate these problems. i n
or
l e
ho
w
in
n
c tio
du
ro
ep
.R
ly
on
u se
er
ld
ho
ake
St
&L
C
P
H
7 –2 Rev. 11.12
BitSpyder - The Culture of Knowledge
Hardening STP
Hardening STP
BPDU filter: Filters BPDUs in
Tx/Rx on port without loop Loop guard:
d.
(E.g. “routed” port) Prevents loop
ite
situations when
edge switches stop
ib
receiving BPDUs
oh
Root guard: Prevents the
insertion of a “fake” root from upstream
pr
triggering an STP topology switches
is
change
n
sio
is
m
Edge ports
er
BPDU guard: Prevents TCN guard: Prevents
tp
network instability due to Loop protect: Prevents loops excessive TCNs from
switch insertion at the that occur on an external triggering MAC
ou
edge hubs or switches and are not address table aging
ith
detected by STP
w
rt
Figure 7-2: Hardening STP
pa
n
This is a short presentation of the features used to harden STP. The goal of this figure
i
or
is to show where the different features function on the network.
e
Note that on HP E-Series switches, another application of BPDU filter may also be
l
ho
Rev. 11.12 7 –3
BitSpyder - The Culture of Knowledge
HP Networking Interoperability
d.
Unidirectional Link Device Link Detection Unidirectional Link
ite
Detection (UDLD) Protocol (DLDP) Detection (UDLD)
ib
oh
BPDU guard:
BPDU protection BPDU protection
pr
On PortFast ports
is
— — Loop protection
n
io
Root guard Root guard Root guard
s
is
m
Loop guard Loop guard —
er
tp
TCN guard:
TC-BPDU guard TCN-guard
On PortFast ports
ou
ith
Figure 7-3: Spanning tree hardening features
w
rt
Figure 7-3 shows what spanning tree hardening features are called on Cisco, HP A
pa
and E-Series switches. Note that some features are not available for all switches.
i n
or
l e
ho
w
in
n
c tio
du
ro
ep
.R
ly
on
u se
er
ld
ho
ake
St
&L
C
P
H
7 –4 Rev. 11.12
BitSpyder - The Culture of Knowledge
Hardening STP
d.
ite
– Activating those features may only be valid if the port is an
ib
edge port.
oh
pr
is
n
io
Figure 7-4: Setting edge ports and non-edge ports
s
is
m
The STP hardening features such listed above are intended for edge ports.
er
In fact, on some platforms you can only enable these features on edge ports. For
tp
example, on HP A-Series switches, you enable BPDU guard globally, and the feature
ou
takes effect on all edge ports. Similarly, on Cisco switches, you select PortFast ports,
ith
w
and then enable the protection features for PortFast ports globally. (However, you
rt
select the precise ports on which you want to enable these features on HP E-Series
pa
switches.)
i n
For these reasons, before you begin implementing these features, you must carefully
or
check your switches’ configurations and ensure that edge ports are defined as such.
l e
ho
w
in
n
c tio
du
ro
ep
.R
ly
on
use
er
ld
ho
ake
St
&L
C
P
H
Rev. 11.12 7 –5
BitSpyder - The Culture of Knowledge
HP Networking Interoperability
d.
ite
ib
oh
pr
is
n
sio
is
m
er
tp
ou
ith
w
rt
pa
i n
or
l e
ho
w
in
n
c tio
du
ro
ep
.R
ly
on
u se
er
ld
ho
ake
St
&L
C
P
H
7 –6 Rev. 11.12
BitSpyder - The Culture of Knowledge
Hardening STP
d.
Root
designated port connected to root
ite
Switch A Switch B
Switch C’s alternate port TX RX
ib
oh
– Switch C does not receive them so RX TX
it opens the blocked port (*)
pr
RX TX RX TX
is
– As a result, a loop occurs in the
n
network causing the network to go
io
down Unidirectional
s
is
TX RX
link fails
• Troubleshooting can be very difficult
m
TX RX
er
tp
Blocked port
transitions to
ou
Switch C
forwarding
ith
(*) This can be prevented by loop guard
w
Figure 7-5: Why unidirectional links cause problems
rt
pa
A unidirectional link, a link that transmits but does not receive (or vice versa) can
ni
occur in several circumstances, typically on a fiber optic connection:
or
e
ho
w
These types of problems can occur because physical layer protocols do not identify
ro
the ends of the connection; the devices must simply assume that they are receiving
ep
Unidirectional links can cause problems with STP because STP assumes that if a port
ly
on
does not receive BPDUs, it has no connection with another switch or bridge.
However, with a unidirectional link, a device might be able transmit to another switch
se
Examine an example. In the figure, Switch C has blocked its port to Switch B because
ld
ho
Switch A is root but Switch B has a lower ID than C. Then switch C’s receive link
ke
goes down, and switch C no longer receives B’s BPDUs. Switch C therefore
a
difficult.
P
H
Rev. 11.12 7 –7
BitSpyder - The Culture of Knowledge
HP Networking Interoperability
d.
ite
does the same. If a device does not receive an advertisement with the same two
ib
identities that it advertised, it knows a unidirectional link has occurred and shuts
oh
down the port.
pr
is
n
sio
is
m
er
tp
ou
ith
w
rt
pa
i n
or
l e
ho
w
in
n
c tio
du
ro
ep
.R
ly
on
u se
er
ld
ho
ake
St
&L
C
P
H
7 –8 Rev. 11.12
BitSpyder - The Culture of Knowledge
Hardening STP
d.
Cisco Cisco Layer 2
ite
ib
Does not work since Cisco and HP have
different implementations
oh
Cisco HP E-Series or HP A-Series
pr
hello I am switch A, port a1
is
HP E-Series acknowledge hello HP E-Series
n
hello I am switch A, port 1/0/1
s io
HP A-Series acknowledge hello HP A-Series
is
m
er
Figure 7-6: UDLD and DLDP interoperability
tp
Unfortunately, none of the implementations interoperate, because none are standard
ou
ith
and, in fact, a UDLD standard does not yet exist.
w
UDLD on Cisco and UDLD on HP E-Series do not interoperate.
rt
pa
UDLD and DLDP (on HP A-Series) do not interoperate.
i n
or
l e
ho
w
in
n
c tio
du
ro
ep
.R
ly
on
use
er
ld
ho
ake
St
&L
C
P
H
Rev. 11.12 7 –9
BitSpyder - The Culture of Knowledge
HP Networking Interoperability
d.
ite
ib
oh
pr
is
n
sio
is
m
er
tp
ou
ith
w
rt
pa
i n
or
l e
ho
w
in
n
c tio
du
ro
ep
.R
ly
on
u se
er
ld
ho
ake
St
&L
C
P
H
Hardening STP
d.
uncontrolled switches are inserted at the edge of the network.
ite
• Switches are detected by their BPDUs.
ib
oh
—How does it work?
pr
• If a BPDU is received, the port is disabled.
is
− errdisable state (Cisco) or simply disabled (HP)
n
io
• Port recovery may be automatic after timeout, or manual.
s
is
—Where do you enable BPDU protection?
m
er
• On edge ports.
tp
ou
Figure 7-7: BPDU guard = BPDU protection
ith
w
BPDU protection (called BPDU guard on Cisco switches) shuts down a port when it
rt
receives BPDU. Depending on the platform, you can configure the feature such that
pa
the port remains shut down until an administrator re-enables it, or you can have the
i n
port recover after a set lockout period. This feature helps to protect your network from
or
rogue switches and from rogue devices implementing STP exploits (for example,
l e
attempting to become the root and force your network into an inefficient topology).
ho
w
However, BPDU protection is not enough to prevent switches from connecting on the
in
edge, as not all switches generate BPDUs. For example, unmanaged switches and
n
tio
switches with STP disabled do not. Additional measures can be taken to prevent
c
Port security that counts MAC addresses and closes ports if there is more than
ep
Ensure that the port-security setup sets a list of the authorized MAC
ly
on
addresses.
se
802.1X authentication.
u
er
Loop protect can detect if loop conditions occur on the switch but does not
C
HP Networking Interoperability
d.
ite
ib
oh
If BPDU guard is configured, it
pr
will detect it
HP E-Series
is
switch
n
io
Loop is not detected by BPDU
s
guard
is
m
Unmanaged device
HP loop protect can detect these
on the network
er
loop conditions
that drops
tp
spanning tree
ou
packets
ith
w
Figure 7-8: HP loop protect (HP E-Series)
rt
pa
HP E-Series devices support loop protect, which detects loops introduced by devices
n
that do not support STP. Ports that implement loop protect send out packets. If another
i
or
port receives that packet, the loop is detected. If the port that received the packet is
e
configured with the receiver-action send-disable option, the port that sent out the
l
ho
packet is disabled.
w
For example, you enable loop protect on the E-Series switch ports and set the
in
n
receiver-action send-disable option on them. When the E-Series switch sends a loop
tio
protect packet out the port connected to the unmanaged switch shown below, the
c
du
packet moves over the loop, and returns on the port. Therefore, the switch disables
ro
port 1, preventing the switch with the erroneous cabling from causing trouble
ep
You can use loop protect in conjunction with BPDU protection on edge ports. Another
ly
on
way to implement loop protect is to set it in conjunction with BPDU filter. Note that
this feature is supported only on the HP E-Series devices.
u se
er
Note
ld
Do not confuse loop protect with the loop protection feature on HP A-Series
ho
Hardening STP
TCN guard
– STP TCNs causes switches to age out their MAC address
forwarding tables in 15 seconds instead of 5 minutes.
d.
ite
– This helps switches learn the correct new ports for
ib
forwarding traffic more quickly.
oh
– But edge port status changes, which also generate TCNs,
pr
cause unnecessary aging out and flooding.
is
n
– TCN guard (Cisco and HP E-Series) prevents TCNs from
sio
being generated bases on edge port status changes.
is
m
– TC-BPDU guard (HP A-Series) prevents excessive flushing of
er
the tables in response to TCN floods.
tp
ou
Figure 7-9: TCN guard
ith
w
STP defines topology change notification (TCN) BPDU, which are intended to alert
rt
other members of the spanning tree that the topology is changing, so they should
pa
rapidly age out their MAC forwarding table because they might now reach MAC
addresses on different ports. i n
or
e
The switch that originates the TCN ages out its own table and forwards the frame
l
ho
toward the root bridge. Each switch in the path to the root acknowledges the TCN,
w
ages out its own table, and forwards the TCN toward the root bridge. The root
in
bridge does the same, but forwards the TCN to all devices in the spanning tree.
n
tio
TCNs are useful when the topology has actually changed in a significant way.
c
du
However, switches also generate TCNs when edge ports change status—although
ro
such changes do not truly necessitate all switches in the spanning tree flushing their
ep
forwarding tables. The TCN will only cause the switches to flood traffic unnecessarily
.R
TCN guard protects your network from such an occurrence and is available on Cisco
and HP E-Series switches. This feature prevents TCNs from being generated in
use
response to status changes on edge ports. You enable this feature on Cisco and HP
er
intended to guard against TCN floods implemented by hackers. The flood ties up the
a
switch’s resources as the switch flushes its addresses again and again, affecting
St
network stability. When you enable the TC-BPDU guard feature, which is a global
&L
feature on the switch, you can set the maximum number of forwarding address
C
flushes that the switch can perform within a certain period of time after receiving the
P
H
first TCN. For TCNs received in excess of the limit, the switch only performs the
forwarding address entry flush after the time period expires. This feature prevents the
switch’s resources from being consumed.
HP Networking Interoperability
BPDU filter—Disabling
p STP on individual ports
– By default, BPDUs are sent in all VLANs.
– BPDU filter disables the sending and receiving of
d.
BPDUs on selected ports. It is useful for:
ite
ib
• Setting the boundary of your LAN when connecting to
oh
another LAN (e.g. ISP)
pr
• Ports that do not cause loops by the VLAN design
is
• “Routed” ports
n
• Disabling STP on a port when it is required by another
ios
feature (e.g. smart link, RRPP, monitor link)
is
m
er
HP E-Series switches provide a PVST filter to filter PVST
tp
BPDUs, for example on the boundary of your LAN.
ou
ith
Figure 7-10: BPDU filter—Disabling STP on individual ports
w
BPDU filter is very useful for setting the limit of your LAN, and for when you connect
rt
pa
to VLAN and MSTP domains by routed links. When you connect a LAN to a
n
provider’s LAN, you can filter BPDUs (and PVST BPDUs on HP E-Series switches) to
i
or
avoid STP interference from the provider’s switch.
l e
Note that BPDU filter can also be set on edge ports combined with loop protect and
ho
admin-edge on HP E-Series switches. It will filter BPDUs sent by rogue switches set at
w
in
the edge and will play the role of BPDU guard and root guard, although without an
n
Hardening STP
d.
Cisco(config)# spanning-tree portfast default
ite
Enable BPDU guard on the PortFast port globally and set recovery time to seconds
ib
Switch(config)# spanning-tree portfast bpduguard default
oh
Cisco-A(config)# errdisable recovery cause bpduguard
Cisco-A(config)# errdisable recovery interval 30
pr
On Cisco, TCN are not generated when ports are set in PortFast mode
is
n
ios
is
m
BPDU filter on Cisco
Enabled on interface
er
tp
Switch(config)# interface gig1/1
Switch(config-if)# spanning-tree bpdufilter
ou
ith
Figure 7-11: STP hardening on Cisco
w
rt
As you see, on Cisco switches, you define PortFast on access ports. You then activate
pa
BPDU guard on the PortFast ports. With BPDU guard enabled on Cisco switches,
n
MSTP closes PortFast ports that receive BPDUs. The switch will automatically re-enable
i
or
the port after the recovery interval. (If you do not set the interval, an administrator
e
HP Networking Interoperability
d.
[Switch]port-group manual edge-1
ite
[Switch-…] group-member Gi 1/0/1 to Gi 1/0/44
[Switch-…] port link-type access
ib
[Switch-…] port access vlan 11
oh
[Switch-…] stp edged-port enable
pr
# Enable BPDU protection globally. Applies to ports defined as edge
is
[Switch]stp bpdu-protection
n
# Enable TC BPDU guard to limit excessive TCN s– Enabled by default
io
[Switch] stp tc-protection enable
s
# Configure the maximum number of address entry flushes that the device can perform
is
within a specific time period after it receives the first TC-BPDU
m
[Switch] stp tc-protection threshold 2
er
BPDU filtering on HP A-Series switches
tp
# Disable STP on the interface
ou
[DeviceA] interface gigabitethernet 2/0/1
[DeviceA-GigabitEthernet2/0/1] stp disable
ith
# Ignore STP results in VLANs when loop does not exist in VLANs by design
w
[DeviceA] stp ignored vlan 100,200
rt
pa
Figure 7-12: STP hardening on HP A-Series
i
On HP A-Series switches, MSTP will close these ports and notify the Networkn
or
Management System (NMS) that the ports are closed. Only the network
l e
administrator, or an automatic procedure set on the NMS, can restore the ports once
ho
Hardening STP
d.
Switch(config)# spanning-tree
ite
Switch(config)# spanning-tree 1-44 admin-edge-port
ib
BPDU guard
oh
Switch(eth-a1)# spanning-tree 1-44 bpdu-protection
pr
Switch(config)# spanning-tree bpdu-protection-timeout 3600
Loop protect:
is
Switch(config)# loop- protect 1-46 receiver-action send-disable
n
Switch(config)# loop-protect disable-timer 3600
sio
TCN guard
is
Switch(config)# spanning-tree 1-46 tcn-guard
m
er
BPDU and PVST filtering on HP E-Series switches
tp
Apply BPDU filter on the boundary of your LAN on the routed interface
ou
Switch(config)# spanning-tree 46-47 bpdu-filter
Apply PVST-Filter on boundary of your LAN
ith
Switch(config)# spanning-tree 46-47 pvst-filter
w
rt
Figure 7-13: STP hardening on HP E-Series
pa
n
The slide displays the commands for configuring the features discussed earlier on HP
i
or
E-Series switches. As you see, you can set a timeout for BPDU protection, which
e
automatically re-enables the port the specified amount of time after the BPDU is
l
ho
received. If you set the timeout to 0 (the default), the port is never re-enabled until an
w
The slide also shows how to implement loop protect, TCN guard, and BPDU and
tio
HP Networking Interoperability
d.
ite
ib
oh
pr
is
n
sio
is
m
er
tp
ou
ith
w
rt
pa
i n
or
l e
ho
w
in
n
c tio
du
ro
ep
.R
ly
on
u se
er
ld
ho
ake
St
&L
C
P
H
Hardening STP
Root guard
– Root guard prevents a switch from taking the place of the
desired root bridge.
d.
– Root guard is typically set:
ite
ib
• On edge ports (not needed if BPDU guard/protection is already set)
oh
• On the switch-to-switch ports of the root and secondary root switches
pr
− Except the links between roots
is
n
sio
Figure 7-14: Root guard
is
m
er
When root guard is enabled on a port, it cannot be selected as the root port even if
tp
it receives superior STP BPDUs. The port is assigned an alternate port role and enters
ou
a blocking state if it receives superior STP BPDUs. (A superior BPDU contains
ith
information about a root bridge with lower priority and/or a lower path cost to the
w
root bridge.) The superior BPDUs received on a root guard port are ignored. All other
rt
BPDUs are accepted, and the external devices may belong to the spanning tree as
pa
long as they do not claim to be the root device.
i n
or
Typically, you enable this feature on switch-to-switch links on the root and secondary
e
root switches with the exception of the link between these two switches (which
l
ho
You can also configure root guard on the edge ports of Cisco and HP E-Series
n
switches; however, BPDU guard provides the same protection and more, making root
tio
edge ports. The last feature enabled takes effect. You should usually choose defining
ro
edge ports as edge ports, which can be protected by BPDU guard, in preference to
ep
HP Networking Interoperability
d.
Switch(config)# interface gig1/1
ite
Switch(config-if)# spanning-tree guard root
ib
oh
Root guard on HP A-Series switches
# Enabled on interface
pr
[DeviceA] interface gigabitethernet 2/0/1
is
[DeviceA-GigabitEthernet2/0/1] stp root-protection
n
io
Root guard on HP E-Series switches
s
is
Interface specific:
m
Switch(config)# spanning-tree 1-6 root-guard
er
tp
Figure 7-15: Spanning tree root guard configuration
ou
ith
Here is a network configuration with root guard enabled. Remember that root guard
w
is represented by the pink dots.
rt
pa
i n
or
l e
ho
w
in
n
c tio
du
ro
ep
.R
ly
on
u se
er
ld
ho
ake
St
&L
C
P
H
Hardening STP
Loop guard
– Loop guard prevents loops due to STP BPDUs not being
forwarded
d.
• E.g., a unidirectional link that does not transmit BPDUs
ite
ib
oh
pr
Unidirectional
is
link prevents
Loop guard
n
BPDU sending
io
prevents this
s
is
situation
m
Port is set as
er
forwarding
tp
And creates a
loop
ou
ith
w
Figure 7-16: Loop guard
rt
pa
By receiving BPDUs from the upstream device, a device can maintain the state of the
i n
root port and blocked ports. However, due to link congestion or unidirectional link
or
failures, these ports may fail to receive BPDUs from the upstream devices. In this case,
l e
the downstream device will reselect the port roles: Those ports in forwarding state
ho
that failed to receive upstream BPDUs will become designated ports, and the blocked
w
in
ports will transition to the forwarding state, resulting in loops in the switched network.
n
The loop guard function can suppress the occurrence of such loops.
c tio
If a loop guard-enabled port fails to receive BPDUs from the upstream device, and if
du
that port takes part in the STP calculation, all the instances on the port will be set to,
ro
and stay in, the discarding state. This will be true no matter what role the port plays.
ep
.R
HP Networking Interoperability
d.
Switch(config)# interface gig1/1
ite
Switch(config-if)# spanning-tree guard loop
ib
oh
Loop guard on HP A-Series switches
# Enabled on the uplinks interface
pr
[DeviceA] interface gigabitethernet 2/0/1
is
[DeviceA-GigabitEthernet2/0/1] stp loop-protection
n
sio
Loop guard on HP E-Series switches– does not exist
is
m
er
tp
Figure 7-17: Spanning tree loop guard configuration
ou
ith
Here is a network configuration with loop guard enabled. Remember that loop guard
w
is represented by the stars.
rt
pa
i n
or
l e
ho
w
in
n
c tio
du
ro
ep
.R
ly
on
u se
er
ld
ho
ake
St
&L
C
P
H
Hardening STP
d.
Cisco-A Cisco-B
ite
P3 P4 P3 P4
ib
P2 MSTP Region
oh
Name: HP-Cisco
pr
MSTP Revision: 1
MST Instance 1: VLAN 12
is
MST Instance 2: VLAN 1,11,13
n
io
P1 P2 P2
s
P1
is
HP-C HP-E
m
P3 P3
er
tp
ou
HP-D
ith
Figure 7-18: Lab 7.1: Hardening STP
w
rt
You will now complete a lab in which you implement these STP hardening features
pa
on Cisco and HP switches.
i n
or
Use the space below to record any instructions your facilitator gives you for this lab.
l e
________________________________________________________________________
ho
w
in
________________________________________________________________________
n
c tio
du
________________________________________________________________________
ro
ep
________________________________________________________________________
.R
ly
on
________________________________________________________________________
use
________________________________________________________________________
er
ld
ho
________________________________________________________________________
ake
St
________________________________________________________________________
&L
C
P
________________________________________________________________________
H
________________________________________________________________________
HP Networking Interoperability
Lab debrief
What were your key insights into hardening STP?
_________________________________________________________________________
d.
ite
ib
_________________________________________________________________________
oh
pr
_________________________________________________________________________
is
n
sio
_________________________________________________________________________
is
m
er
tp
_________________________________________________________________________
ou
ith
Did you discover anything new? If so, list this discovery below.
w
rt
_________________________________________________________________________
pa
i n
_________________________________________________________________________
or
l e
ho
_________________________________________________________________________
w
in
n
_________________________________________________________________________
c tio
du
_________________________________________________________________________
ro
ep
.R
_________________________________________________________________________
ly
on
_________________________________________________________________________
er
ld
ho
_________________________________________________________________________
ake
St
_________________________________________________________________________
&L
C
P
_________________________________________________________________________
H
_________________________________________________________________________
Hardening STP
_________________________________________________________________________
d.
ite
ib
_________________________________________________________________________
oh
pr
is
_________________________________________________________________________
n
sio
is
_________________________________________________________________________
m
er
tp
_________________________________________________________________________
ou
ith
_________________________________________________________________________
w
rt
pa
_________________________________________________________________________
i n
or
e
_________________________________________________________________________
w
in
n
_________________________________________________________________________
c tio
du
ro
_________________________________________________________________________
ep
.R
_________________________________________________________________________
ly
on
se
_________________________________________________________________________
u
er
ld
_________________________________________________________________________
ho
ke
_________________________________________________________________________
a
St
&L
_________________________________________________________________________
C
P
H
_________________________________________________________________________
_________________________________________________________________________
HP Networking Interoperability
Module 7 summary
In this module, you have been introduced to ways to harden the spanning tree
protocol to reduce instability. Record your thoughts here while your facilitator reviews
d.
what was covered in this module.
ite
____________________________________________________________________
ib
oh
pr
____________________________________________________________________
is
n
io
____________________________________________________________________
s
is
m
er
____________________________________________________________________
tp
ou
ith
____________________________________________________________________
w
rt
pa
____________________________________________________________________
i n
or
____________________________________________________________________
l e
ho
w
____________________________________________________________________
in
n
tio
____________________________________________________________________
c
du
ro
____________________________________________________________________
ep
.R
ly
on
u se
er
ld
ho
ake
St
&L
C
P
H
Hardening STP
Learning check
Q1: What feature(s) prevent loops that can occur on edge ports?
_______________________________________________________________
d.
ite
ib
_______________________________________________________________
oh
pr
_______________________________________________________________
is
n
sio
_______________________________________________________________
is
m
er
tp
_______________________________________________________________
ou
ith
Q2: Are UDLD on Cisco and DLDP on HP-A Series switches interoperable?
w
rt
pa
_______________________________________________________________
i n
or
_______________________________________________________________
l e
ho
w
_______________________________________________________________
in
n
_______________________________________________________________
du
ro
ep
_______________________________________________________________
.R
ly
on
_______________________________________________________________
se
_______________________________________________________________
ld
ho
ke
_______________________________________________________________
a
St
&L
_______________________________________________________________
C
P
_______________________________________________________________
H
_______________________________________________________________
HP Networking Interoperability
_______________________________________________________________
d.
ite
ib
_______________________________________________________________
oh
pr
is
_______________________________________________________________
n
sio
is
_______________________________________________________________
m
er
tp
Q6: What prevents loop in case of unidirectional links?
ou
_______________________________________________________________
ith
w
rt
_______________________________________________________________
pa
i n
or
_______________________________________________________________
l e
ho
_______________________________________________________________
w
in
n
_______________________________________________________________
c tio
du
ro
_______________________________________________________________
ep
.R
ly
on
u se
er
ld
ho
ake
St
&L
C
P
H
Link Aggregation
Module 8
Module 8 Objectives
After completing this module, you will be able to:
Identify and implement link aggregation methods that will interoperate between
Cisco and HP switches
Use link aggregation and the HP Intelligent Resilient Framework (IRF) to build a
redundant network architecture that integrates Cisco and HP switches
Configure link aggregation between Cisco switches and an HP IRF stack
Rev. 11.12 8 –1
BitSpyder - The Culture of Knowledge
HP Networking Interoperability
Naming
Cisco: Ether or port channel
HP E-Series: Trunk
HP A-Series: Bridge or link aggregation
Our convention
Note the different naming conventions for link aggregation between HP and Cisco:
Cisco: EtherChannel or port channel
HP A-Series: bridge or link aggregation
HP E-Series: trunk
Be careful with HP E-Series naming; link trunking can be confused with VLAN
trunking. For the purposes of this training, the term “link aggregation” will be used.
8 –2 Rev. 11.12
BitSpyder - The Culture of Knowledge
Link Aggregation
LACP-BPDUs
Switch MAC address, LACP key > Works if both
Static LACP sides agree
Static LACP
< Switch MAC address, LACP key
LACP-BPDUs
Switch MAC address, LACP key >
Dynamic LACP Set and works
Dynamic LACP if both sides agree
< Switch MAC address, LACP key
Active
Active
Passive
Rev. 11.12 8 –3
BitSpyder - The Culture of Knowledge
HP Networking Interoperability
8 –4 Rev. 11.12
BitSpyder - The Culture of Knowledge
Link Aggregation
Rev. 11.12 8 –5
BitSpyder - The Culture of Knowledge
HP Networking Interoperability
Load balancing does not play a role in interoperability; however, you should
understand how the traffic may be load balanced and the bandwidth may be used
on each platform. You should also understand the benefits of various types of load
balancing.
For example, your network features a link aggregation between two switches, one of
which connects to a server. Traffic destined to this server makes up a significant
portion of the link aggregation’s traffic, and you want to load balance it. The
destination MAC address and IP address (those of the server) are the same for all
traffic. In addition, if the traffic is routed before crossing the link aggregation, the
source MAC address for all traffic is the same. In this case, the only way to load
balance the traffic is using the source IP addresses, which differ for each client.
However, if you are trying to load balance communications between two servers, the
source IP address will be the same for most traffic, and the only way to truly load
balance traffic would be to use a TCP or UDP port. This option is available on the
Comware OS and on HP A-Series switches.
8 –6 Rev. 11.12
BitSpyder - The Culture of Knowledge
Link Aggregation
Static or LACP
link aggregation
Distribution
HP A-Series IRF
Static or LACP
link aggregation
Access layer
Cisco
Figure 8-5: IRF, link aggregation and interoperability: IRF in the distribution layer
IRF stands for Intelligent Resilient Framing. With IRF, two (or N) switches act as one.
IRF is what is conventionally called true stacking. It is available on HP A-Series
switches and requires 10 Gig links for stacking.
IRF is supported on these HP A-Series switches: A12500, A9500, A7500, A5820,
A5800, A5500, and A5120 (10GbE models). With IRF, two switches can be
combined together as a single virtual switch. The HP A-Series stackable switches
A3600, A5500-EI, and A5800/5810/5820 families support IRF with up to eight or
nine members.
A typical redundant connection is achieved using link aggregation in static or LACP
mode. Link aggregation to IRF can be static or dynamic (LACP). Switches from all
vendors can connect to an IRF using link aggregation, eliminating the need for STP.
Q1: Would you enable STP?
______________________________________________________________________
______________________________________________________________________
______________________________________________________________________
______________________________________________________________________
Rev. 11.12 8 –7
BitSpyder - The Culture of Knowledge
HP Networking Interoperability
______________________________________________________________________
______________________________________________________________________
______________________________________________________________________
______________________________________________________________________
______________________________________________________________________
______________________________________________________________________
______________________________________________________________________
______________________________________________________________________
______________________________________________________________________
______________________________________________________________________
______________________________________________________________________
______________________________________________________________________
______________________________________________________________________
______________________________________________________________________
______________________________________________________________________
______________________________________________________________________
______________________________________________________________________
______________________________________________________________________
______________________________________________________________________
8 –8 Rev. 11.12
BitSpyder - The Culture of Knowledge
Link Aggregation
L3 Cisco
Core
Static or LACP
Link Aggregation
L2
HP A-Series
Access layer
Figure 8-6: IRF, link aggregation, and interoperability: IRF in the distribution and access layers
______________________________________________________________________
______________________________________________________________________
______________________________________________________________________
______________________________________________________________________
______________________________________________________________________
Link aggregation becomes a way to integrate the different layers. In the above
design, IRF is put in the aggregation/distribution and access layer. The Cisco core
connects to the distribution layer via link aggregation.
Rev. 11.12 8 –9
BitSpyder - The Culture of Knowledge
HP Networking Interoperability
Core HP A-Series
Access layer
Cisco
stacking
Figure 8-7: IRF, link aggregation, and interoperability: IRF in the core and distribution layers
Again, link aggregation can integrate the different layers. In the above design, IRF is
put in the aggregation/distribution and core layers. The Cisco stack in access
connects to the distribution layer via link aggregation.
Note
Cisco suggests stacking on its Catalyst 6500 and Catalyst 3750 switches, as well
as others.
Link Aggregation
This slide provides a quick comparison of the static link aggregation configuration on
each platform.
Use the following commands to check the configuration:
On Cisco:
Cisco# show interface port-channel 1 etherchannel
On HP A-Series
<HP-A> display link-aggregation verbose
On HP E-Series
HP-E# show trunk
Link Aggregation
______________________________________________________________________
______________________________________________________________________
______________________________________________________________________
______________________________________________________________________
______________________________________________________________________
______________________________________________________________________
______________________________________________________________________
______________________________________________________________________
______________________________________________________________________
HP Networking Interoperability
Link Aggregation
P3 P4 X=1 on Cisco-A
PO2
X=3 on IRF
P1 trk1 P2
HP-E
P3
Client_1
You will now complete a lab in which you create link aggregation groups between
Cisco and HP A-Series switches, as well as Cisco and HP E-Series switches.
Use the space below to record any instructions your facilitator gives you for this lab.
________________________________________________________________________
________________________________________________________________________
________________________________________________________________________
________________________________________________________________________
________________________________________________________________________
________________________________________________________________________
________________________________________________________________________
________________________________________________________________________
________________________________________________________________________
HP Networking Interoperability
Lab debrief
Did you find any useful show and display commands during the lab?
______________________________________________________________
______________________________________________________________
______________________________________________________________
______________________________________________________________
______________________________________________________________
What were the main things you learned about link aggregation?
______________________________________________________________
______________________________________________________________
______________________________________________________________
______________________________________________________________
______________________________________________________________
______________________________________________________________
______________________________________________________________
______________________________________________________________
______________________________________________________________
______________________________________________________________
Link Aggregation
Did you learn anything that you will apply in the field?
______________________________________________________________
______________________________________________________________
______________________________________________________________
______________________________________________________________
______________________________________________________________
______________________________________________________________
______________________________________________________________
______________________________________________________________
______________________________________________________________
HP Networking Interoperability
Module 8 summary
In this module, you have learned about the benefits of using link aggregation, and
how when combined with IRF, it provides a redundant architecture without STP. Write
down any thoughts you may have while your facilitator reviews the content of this
module.
_______________________________________________________________________
_______________________________________________________________________
_______________________________________________________________________
_______________________________________________________________________
_______________________________________________________________________
_______________________________________________________________________
_______________________________________________________________________
_______________________________________________________________________
_______________________________________________________________________
_______________________________________________________________________
_______________________________________________________________________
_______________________________________________________________________
_______________________________________________________________________
_______________________________________________________________________
Link Aggregation
Learning check
Q1: In what circumstances can you create an LACP link aggregation in which one
switch connects to two different switches?
_______________________________________________________________________
_______________________________________________________________________
_______________________________________________________________________
_______________________________________________________________________
Q2: Can you create a link aggregation between a Cisco switch port in on mode and
an HP E-Series switch port in trunk mode?
_______________________________________________________________________
_______________________________________________________________________
_______________________________________________________________________
_______________________________________________________________________
Q3: Can you create a link aggregation between a Cisco switch in active mode and
an HP A-Series switch in dynamic mode?
_______________________________________________________________________
_______________________________________________________________________
_______________________________________________________________________
_______________________________________________________________________
_______________________________________________________________________
_______________________________________________________________________
_______________________________________________________________________
HP Networking Interoperability
Virtual IP Protocols
Module 9
Module 9 objectives
After completing this module, you will be able to:
Describe the differences and similarities between several virtual IP protocols,
including:
Cisco Hot Standby Router Protocol (HSRP)
Cisco Gateway Load Balancing Protocol (GBLP)
Industry-standard Virtual Router Redundancy Protocol (VRRP)
Assess the advantages and disadvantages of virtual IP protocols as compared to
HP Intelligent Resilient Framework (IRF) solutions
Implement the appropriate protocol options such as:
Preemption
Preempt delay timer
Tracking of interface or IP object
Load-balancing
Support of stateful Network Address Translation (NAT)
Rev. 11.12 9 –1
BitSpyder - The Culture of Knowledge
HP Networking Interoperability
_________________________________________________________________________
_________________________________________________________________________
_________________________________________________________________________
_________________________________________________________________________
_________________________________________________________________________
_________________________________________________________________________
_________________________________________________________________________
_________________________________________________________________________
_________________________________________________________________________
_________________________________________________________________________
9 –2 Rev. 11.12
BitSpyder - The Culture of Knowledge
Virtual IP Protocols
________________________________________________________________________
________________________________________________________________________
________________________________________________________________________
________________________________________________________________________
________________________________________________________________________
________________________________________________________________________
________________________________________________________________________
________________________________________________________________________
________________________________________________________________________
________________________________________________________________________
________________________________________________________________________
________________________________________________________________________
________________________________________________________________________
________________________________________________________________________
________________________________________________________________________
________________________________________________________________________
HP Networking Interoperability
VIP1=10.1.1.1 VIP2=10.1.2.1
Mx Master Bx
Backup
Here you see the main use case for HSRP and VRRP: providing redundancy for the
default gateways of VLANs. Typically, a VLAN has one master and one backup
router. The master owns the virtual IP address that the DHCP server distributes as the
VLAN’s default gateway.
Note that you should synchronize the roles between VRRP or HSRP and MSTP to
ensure that the topology is used efficiently. As you see, the VRRP or HSRP master for
a particular VLAN is the MSTP root for the instance that includes that root.
Virtual IP Protocols
3
1
1
4
10.1.2.1
10.1.2.1
IRF
10.1.1.1
10.1.1.1
3
1
1
4 IP: 10.1.1.51/24
Def GWY : 10.1.1.1
With IRF, you do not need to configure a virtual IP protocol to ensure redundancy for
the default gateway; IRF itself ensures such redundancy and more.
The IRF system acts as one single Layer 3 device. The master device or fabric
completes routing calculations. Its Forwarding Information Base (FIB) table is
synchronized across the IRF system. The other member or members of the IRF group
store the routing status in real-time to ensure that the IRF group continues to function
seamlessly while the master fails.
IRF supports all unicast and multicast routing protocols and implements distributed
resilient routing:
No single-point routing failure
Routing forwarding without interrupt
HP Networking Interoperability
Note
Currently, an IRF virtual device supports a maximum of two modular switches
with a maximum of four SRPUs. Only one SRPU becomes active while the others
(including another on the same switch) stay in standby.
Consider ARP. In an IRF virtual device, ARP runs in a distributed manner but as if on
a single switch:
Static ARP entries are automatically synchronized through the shared
configuration.
Each device sends its ARP requests independently. But when a device receives
an ARP response packet, it transmits this packet to all devices through the IUC to
prevent other devices from sending the same ARP requests.
When the IRP virtual device receives an ARP request packet, the master responds
at once. The ARP request packet is broadcast, and it is automatically
synchronized to each device so that the entry can be learned by everyone.
However, each device ages its own ARP entry independently.
Virtual IP Protocols
M1 B1
VIP1=10.1.1.1
Figure 9-8: Load balancing with GLBP and VRRP (HP A-Series devices)
In this use case, you need to implement load balancing. On HP A-Series devices,
VRRP load balancing mode provides the necessary functionality. On Cisco devices,
GLBP provides load-balancing. However, this particular use case focuses on VRRP
load-balancing on HP A-Series devices.
When VRRP works in the standard protocol mode, only the master can forward
packets and the backups remain in a listening state. Although you can create
multiple VRRP groups to implement load balancing among multiple routers, this
solution would require endpoints in the VLAN to have different gateways,
complicating the configuration.
When VRRP works in the load balancing mode, however, the group gains load
balancing in addition to virtual gateway redundancy.
The virtual IP address is associated with multiple virtual MAC addresses, one for
each router in the VRRP group. The master allocates virtual MAC addresses to routers
in the VRRP group. It then replies to ARP requests (for the IPv4 network) or Neighbor
Discovery (ND) requests (for the IPv6 network) from different endpoints with different
virtual MAC addresses, using a load balancing algorithm. The backup routers,
however, do not reply to the ARP or ND requests.
In this way, each router in the group can forward packets. Because you only need to
create one VRRP group to implement load balancing among multiple routers, you
avoid the configuration issues but fully utilize your network resources rather than
leave backup routers in the idle state.
The VRRP load-balancing mode is based on the VRRP standard protocol mode, so
mechanisms, such as master election, preemption, and tracking functions, in the
standard protocol mode are also supported in the load-balancing mode.
HP Networking Interoperability
IRF
10.1.1.1
The IRF architecture itself provides load balancing between the Layer 3 switches.
Unlike an MSTP/VRRP or PVST/HSRP architecture, it provides symmetric connections
between edge switches and the IRF, in which all links are used.
As the figure shows, traffic between the edge and core switches is load balanced by
the algorithm applied on the aggregated link.
When a packet arrives on a port on one of the IRF’s routing-switches, the packet is
forwarded locally because routing and switching are truly distributed among IRF
members and line card—as long as the destination is connected to a switch which is
also connected with link-aggregation.
MAC addresses as well as the ARP cache are distributed and synchronized among
IRF members. When forwarding the traffic to an aggregated link, the IRF virtual
device always chooses the closest link in the aggregation (preferably, directly
connected).
Virtual IP Protocols
M2
M1 VIP2 M2 VIP2
VIP1 VIP1 M1
B2 B1
HP Networking Interoperability
M3 M4
M1 M2
VIP1 VIP2
B2 B1
This example is similar to the previous one except that it features a pair of WAN
routers or firewalls. The two pairs of routers—the pair of routing switches and the
pair of WAN routers—are not directly connected and use static routes to exchange IP
packets.
In this use model, you can build redundancy into the WAN routers as well as the
routing switches, again by using a virtual IP protocol. The WAN routers share a
virtual IP address, which serves as the next hop for the default route set on the routing
switches. As in the previous example, the WAN routers have a static route to the
local network using the routing switch’s virtual IP address as the next hop.
If you create two virtual IP addresses and two static routes on each side, you can
provide full load balancing.
Virtual IP Protocols
Wan router M3 M4
or Firewall
B4 VIP3 VIP4 B3
In this example, the WAN routers only have one Ethernet interface that is connected
to the LAN. They are connected to an access switch, which is connected to the IRP
with an aggregated link. This configuration provides the WAN router with symmetric
access to both IRF members.
Each WAN router could also be connected directly with a single interface to one of
the IRF member. This configuration would still ensure redundancy but the IRP links
would need to carry more traffic.
Each WAN router could also have two Ethernet interfaces and then form a port
channel or aggregated link to the IRF.
HP Networking Interoperability
Wan router
or Firewall
R R R
S2 S1 S2 S1
S2
S1 B1
M1 M1 M1
VIP1 VIP1 VIP2 VIP1
VIP2 M2 B2 M2 VIP2 M2
B2 B1
Virtual IP Protocols
IP1
IP1 IP2
IP2
Consider the previous scenario with IRF. In this example, the router is connected to
the IRF with an aggregated link.
A link failure would only cause less bandwidth; Layer 2 and Layer 3 connectivity
would remain, protecting packets from being dropped. Even if an IRF member fails
completely, Layer 2 and Layer 3 connectivity would be maintained.
Because the IRF virtual device uses a single routing table, there is no need for the
router to delay resuming its role in the IRF virtual device when it reboots.
HP Networking Interoperability
WAN router
or Firewall
M1 M2
M2
B1
VIP1 VIP2 B1 VIP1 M1
B2 B2
VIP2 Priority 90
Priority 100 Priority 90 Priority 80
- 20
When the interface that the master router uses to connect to the WAN router or
firewall goes down, the master loses its IP routes to remote IP networks.
If the system uses routing protocols, the master can learn new routes to the remote
networks. Or the master might have a floating static route. In either case, however,
the next hop for new routes is typically a backup router in the VRRP group. The
master has become an unnecessary hop for traffic destined to remote IP networks, so
routing traffic directly through the backup would be more efficient.
VRRP or HSRP tracking enables the router to lower its priority if a particular interface
goes down so that its priority becomes lower than that of a backup. The backup can
then preempt the role of master for the virtual IP.
In this typical case, tracking is usually set for VLANs. So that routers can preempt the
master role when necessary, you should usually configure preempt mode with
tracking. Note, however, that tracking is optional; sometimes you might decide that
eliminating a potential extra hop is not worth the additional configuration.
Virtual IP Protocols
M1 M2
M2
B1
VIP1 VIP2 B1 VIP1 M1
B2 B2
VIP2 Prior 90
Priority 105 Priority 90 Priority 85
- 2*10
Note
Make sure that the router can ping the IP address that you select and that there is
no firewall that can block the ping packets.
HP Networking Interoperability
When a router detects that it cannot reach tracked IP address through the tracked
interface, the result is the same as in the simple tracked interface scenario.
In this example, the routers in the VRRP or HSRP group track two remote IP addresses;
thus they avoid relying on a single IP address (which might itself fail) to test an access
to remote networks. Failure of each node can lower priority—by 10 and by 15, for
example. However, only losing connectivity with both tracked addresses will truly
indicate a failure and lower the master’s priority enough to become lower than that
of the backup.
Virtual IP Protocols
IP3 IP4
0.0.0.0/0 -> IP3 pref 1 -> 100 0.0.0.0/0 -> IP 4 pref 10
Network Quality Analyzer (NQA) allows a switch or an IRF, as shown in the figure
above, to track the status of a remote IP address. Based on connectivity to this
address, the router can change the preference of a static route. (On HP E-Series
switches and Cisco switches, the preference is the administrative distance.)
In the examples illustrated above, each WAN router has two static routes: a primary
route and a backup one with a lower preference (called a floating static route).
When the router fails to reach the tracked remote IP address, it increases the
preference of the main route (lower preference value is preferred). As a result, the
backup route is placed in the routing table.
HP Networking Interoperability
NOTES
_________________________________________________________________________
_________________________________________________________________________
_________________________________________________________________________
_________________________________________________________________________
_________________________________________________________________________
_________________________________________________________________________
_________________________________________________________________________
_________________________________________________________________________
_________________________________________________________________________
_________________________________________________________________________
_________________________________________________________________________
_________________________________________________________________________
_________________________________________________________________________
_________________________________________________________________________
_________________________________________________________________________
_________________________________________________________________________
_________________________________________________________________________
_________________________________________________________________________
_________________________________________________________________________
Virtual IP Protocols
This slide shows the commands for configuring HSRP and the HSRP options discussed
earlier in this module on Cisco devices.
HP Networking Interoperability
These are the commands for configuring GLBP and the GLBP options discussed
earlier on Cisco devices.
Virtual IP Protocols
Virtual router ID
Preempt delay of 45 sec to allow OSPF
network to be in routing table
These are the commands for configuring VRRP and the VRRP options discussed
earlier in this module on HP A-Series devices. For example, the preempt delay has
been set to 45 seconds so that the router can identify its Open Shortest Path First
(OSPF) neighbors and update its routing table with OSPF routes.
HP Networking Interoperability
To configure tracking with VRRP on HP A-Series devices, you must set up NQA tests
and a track to bind the test to the VRRP priority reduction function.
The specific commands are outlined in this figure and the one on the following page.
Virtual IP Protocols
To finish the configuration, you specify the track in the VRRP configuration.
In another example, you can configure two IP addresses for the router to track. If the
router loses contact with one of the addresses, it decreases its priority by 30 to 110,
which is still higher than the backup. If the router loses contact with the other
address, it decreases its priority by 20—a different value from the first so that you
can look at the priority and instantly determine which IP addresses are accessible.
Only if the router loses contact with both addresses does the priority decrease
enough for the backup to become master. This setup helps to reduce the false
positives that can occur if you only ping one IP address.
Follow these steps to set up the two tracks:
1. First, define an NQA test. You need to specify the name of the administrative
user who creates the test and also assign the test a name.
[Switch] nqa entry admin pingtest1
2. Configure the test. In this example, the test sends echo requests to 10.1.1.1 every
200 ms, waiting for a 10 ms timeout. The test triggers a reaction when five
probes fail in a row.
[Switch-nqa-admin- pingtest1] type icmp-echo
[Switch-nqa-admin- pingtest1-icmp-echo] destination ip 1.1.1.1
[Switch-nqa-admin- pingtest1-icmp-echo] frequency 200
[Switch-nqa-admin- pingtest1-icmp-echo] probe timeout 10
[Switch-nqa-admin- pingtest1-icmp-echo] reaction 1 checked-
element probe-fail threshold-type consecutive 5 action-type
trigger-only
HP Networking Interoperability
3. Define a second test. In this example, the second test sends echo requests to
10.2.2.2 every 200 ms, waiting for a 10 ms timeout and triggering reaction
when 5 probes failed
[Switch] nqa entry admin pingtest2
[Switch-nqa-admin- pingtest2] type icmp-echo
[Switch-nqa-admin- pingtest2-icmp-echo] destination ip 2.2.2.2
[Switch-nqa-admin- pingtest2-icmp-echo] frequency 200
[Switch-nqa-admin- pingtest2-icmp-echo] probe timeout 10
[Switch-nqa-admin- pingtest2-icmp-echo] reaction 1 checked-
element probe-fail threshold-type consecutive 5 action-type
trigger-only
4. Define tracks, which you use to link the NQA tests to applications such as static
routes or VRRP. The track specifies both the test and the reaction to monitor.
[Switch] track 1 nqa entry admin pingtest1 reaction 1
[Switch] track 2 nqa entry admin pingtest2 reaction 1
Note
If you want to stop a test, enter undo nqa schedule <admin-name> <test-name>.
For example, enter undo nqa schedule admin pingtest1.
6. Configure VRRP to base the priority on the track. In this example, the virtual IP is
172.21.1.10 and the priority is 140. As described earlier, you will configure a
slightly different reduction for the two tracks, and only the combined reductions
make the priority lower than the backup’s priority (90 compared to 100 on the
backup).
[Switch] interface Vlan-interface201
[Switch-Vlan-interface201] ip address 172.21.1.2 255.255.255.0
[Switch-Vlan-interface201] vrrp vrid 1 virtual-ip 172.21.1.10
[Switch-Vlan-interface201] vrrp vrid 1 priority 140
[Switch-Vlan-interface201] vrrp vrid 1 track 1 reduced 30
[Switch-Vlan-interface201] vrrp vrid 1 track 2 reduced 20
Virtual IP Protocols
7. You can test the topology and configuration by activating debugging on the
switch.
<Switch> terminal debugging
<Switch> debugging nqa reaction
<Switch> debugging track
The next example shows the debug output (debugging nqa reaction and debugging
track) when the router loses contact with one of the remote IP addresses.
<Switch1>
*May 2 21:37:19:385 2000 Switch1 TRACK/7/TRACK Debug: Receive the
notification that the status of NQA(admin-pingtest1) reaction(1)
has changed to 2.
HP Networking Interoperability
Below is the output for the display vrrp verbose command when the router has lost
contact with one of the remote IP addresses. As you see, the priority has been
reduced, but the router is still master.
<Switch> display vrrp verbose
IPv4 Standby Information:
Run Method : VIRTUAL-MAC
Total number of virtual routers: 1
Interface : Vlan-interface201
VRID : 1 Adver. Timer : 1
Admin Status : UP State : Master
Config Pri : 140 Run Pri : 110
Preempt Mode : YES Delay Time : 0
Auth Type : NONE
Track Object : 1 Pri Reduced : 30
Track Object : 2 Pri Reduced : 20
Virtual IP : 172.21.1.10
Virtual MAC : 0000-5e00-0101
Master IP : 172.21.1.2
Here is the debugging output when the router’s link to the second tracked IP address
goes down:
*May 2 21:40:08:203 2000 Switch1 TRACK/7/TRACK Debug: Receive the
notification that the status of NQA(admin-pingtest2) reaction(1)
has changed to 2.
*May 2 21:40:08:395 2000 Switch1 TRACK/7/TRACK Debug: Notify
application module(0x5230000) that the status of track entry 2 has
changed from 2 to 3.
Virtual IP Protocols
Here is the output for the display VRRP verbose command after the link to the second
remote IP address goes down. As you see, the priority has been further reduced, and
the former backup router (which must be configured separately) is now master.
<Switch> display vrrp verbose
IPv4 Standby Information:
Run Method : VIRTUAL-MAC
Total number of virtual routers: 1
Interface : Vlan-interface201
VRID : 1 Adver. Timer : 1
Admin Status : UP State : Master
Config Pri : 140 Run Pri : 90
Preempt Mode : YES Delay Time : 0
Auth Type : NONE
Track Object : 1 Pri Reduced : 30
Track Object : 2 Pri Reduced : 20
Virtual IP : 172.21.1.10
Virtual MAC : 0000-5e00-0101
Master IP : 172.21.1.3
HP Networking Interoperability
These are the commands for configuring VRRP and the VRRP options discussed
earlier on HP E-Series devices.
Note the virtual IP ping option.
When VRRP functions in compliance with RFC 3768, only the owner of the virtual IP
address replies to pings (ICMP echo requests) to the virtual IP address. When you
enable the virtual IP ping feature is enabled, a backup router operating as the master
can respond to ping requests made to the virtual IP address. This makes it possible to
test the availability of the default gateway with ping. A non-owner and non-master
member of the VRRP group still drops all packets to the VIP.
Virtual IP Protocols
Cisco-A Cisco-B
HSRP IP addressing:
P1 P1
10.POD.VLAN.X/24
X=1 on Cisco-A
P3 P4 P3 P4 X=2 on Cisco-B
Trunks X=3 on HP-C
VLANs1, 11,
X=4 on HP-D
12, 13
X=5 on HP-E
P1 P2 P1 P2 X=6 on HP-F
X=100 on Server_1
X=DHCP on Client_1
P3 HP-E P3 HP-F
Edge Edge
VLAN 1 VLAN 12
Server_1 Client_1
Server_1 Client_1
HP Networking Interoperability
Figure 9-26 shows your network as you add the second HP switch, finish
implementing VRRP, and migrate the access layer switches.
MSTP Region
Name: HP-Cisco
Revision: 1
MST Instance 1: VLAN 12
MST Instance 2: VLAN 1,11,13
Finally, Figure 9-27 illustrates the topology after the migration is complete.
MSTP Region
Name: HP-Cisco
Revision: 1
MST Instance 1: VLAN 12
MST Instance 2: VLAN 1,11,13
_________________________________________________________________________
_________________________________________________________________________
_________________________________________________________________________
_________________________________________________________________________
Virtual IP Protocols
Lab debrief
What were your key insights and discoveries about virtual IP protocols?
_________________________________________________________________________
d.
ite
ib
_________________________________________________________________________
oh
pr
_________________________________________________________________________
is
n
sio
_________________________________________________________________________
is
m
er
tp
_________________________________________________________________________
ou
ith
_________________________________________________________________________
w
rt
pa
Did you encounter any difficulties?
i n
_________________________________________________________________________
or
l e
ho
_________________________________________________________________________
n
c tio
_________________________________________________________________________
du
ro
ep
_________________________________________________________________________
.R
ly
on
_________________________________________________________________________
use
_________________________________________________________________________
er
ld
ho
_________________________________________________________________________
ake
St
_________________________________________________________________________
&L
C
P
_________________________________________________________________________
H
_________________________________________________________________________
HP Networking Interoperability
_________________________________________________________________________
d.
ite
ib
_________________________________________________________________________
oh
pr
is
_________________________________________________________________________
n
sio
is
_________________________________________________________________________
m
er
tp
_________________________________________________________________________
ou
ith
_________________________________________________________________________
w
rt
pa
_________________________________________________________________________
i n
or
e
_________________________________________________________________________
l
ho
w
Did any of your mistakes teach you something that you would like to you would like
in
n
to share?
c tio
_________________________________________________________________________
du
ro
ep
_________________________________________________________________________
.R
ly
_________________________________________________________________________
on
u se
_________________________________________________________________________
er
ld
ho
_________________________________________________________________________
ake
St
_________________________________________________________________________
&L
C
_________________________________________________________________________
P
H
Virtual IP Protocols
Have you learned a practice that you will apply in the field?
_________________________________________________________________________
_________________________________________________________________________
d.
ite
ib
_________________________________________________________________________
oh
pr
is
_________________________________________________________________________
n
sio
is
_________________________________________________________________________
m
er
tp
_________________________________________________________________________
ou
ith
_________________________________________________________________________
w
rt
pa
_________________________________________________________________________
i n
or
e
_________________________________________________________________________
l
ho
w
_________________________________________________________________________
ctio
du
ro
_________________________________________________________________________
ep
.R
_________________________________________________________________________
ly
on
se
_________________________________________________________________________
u
er
ld
_________________________________________________________________________
ho
ke
_________________________________________________________________________
a
St
&L
_________________________________________________________________________
C
P
H
_________________________________________________________________________
_________________________________________________________________________
HP Networking Interoperability
Module 9 summary
In this module, you have learned:
Differences between various virtual IP protocols and the options that they support
d.
ite
How to implement virtual IP protocols to support several different redundancy
ib
situations, including a default gateway and a next hop in a static route
oh
How virtual IP protocols compare with IRF
pr
is
How to configure virtual IP protocols
n
sio
is
m
er
tp
ou
ith
w
rt
pa
i n
or
l e
ho
w
in
n
c tio
du
ro
ep
.R
ly
on
u se
er
ld
ho
ake
St
&L
C
P
H
Virtual IP Protocols
Learning check
As usual, the answers to these questions are given in the appendix. The answers to
the quiz that you took earlier are also included for your reference.
d.
Q1: How does an IP endpoint learn its default gateway’s virtual IP and virtual MAC
ite
addresses?
ib
oh
_________________________________________________________________________
pr
is
n
_________________________________________________________________________
sio
is
m
_________________________________________________________________________
er
tp
ou
_________________________________________________________________________
ith
w
_________________________________________________________________________
rt
pa
n
Q2: Can a HP Layer 3 switch back up a Cisco Layer 3 switch using HSRP?
i
or
_________________________________________________________________________
l e
ho
w
_________________________________________________________________________
in
n
tio
_________________________________________________________________________
c
du
ro
ep
_________________________________________________________________________
.R
ly
_________________________________________________________________________
on
use
Q3: Can you use VRRP and HSRP in the same LAN?
er
_________________________________________________________________________
ld
ho
ke
_________________________________________________________________________
a
St
&L
_________________________________________________________________________
C
P
H
_________________________________________________________________________
_________________________________________________________________________
HP Networking Interoperability
Q4: What is the purpose of the preempt delay purpose? When would you set it?
_________________________________________________________________________
_________________________________________________________________________
d.
ite
ib
_________________________________________________________________________
oh
pr
is
_________________________________________________________________________
n
sio
is
_________________________________________________________________________
m
er
tp
Q5: In what situations is load balancing desirable?
ou
_________________________________________________________________________
ith
w
rt
_________________________________________________________________________
pa
i n
or
_________________________________________________________________________
l e
ho
_________________________________________________________________________
w
in
n
_________________________________________________________________________
c tio
du
ro
_________________________________________________________________________
ep
.R
Q6: When a pair of core routing switches connect to a WAN router, is VRRP
ly
_________________________________________________________________________
u
er
ld
_________________________________________________________________________
ho
ke
_________________________________________________________________________
a
St
&L
_________________________________________________________________________
C
P
H
_________________________________________________________________________
_________________________________________________________________________
d.
Module 10 objectives
ite
ib
oh
Because OSPF is an open standard, Cisco and HP devices running this protocol
pr
interoperate well. You simply need to know which version your devices run and
is
which versions support the features that you require. In particular, you should check
n
for the newer features such as BFD and graceful restart. Of course, you must also
sio
know the process for implementing OSPF on both types of devices. This module
is
m
teaches you about setting up the key features in an HP and Cisco environment.
er
After completing this module, you will be able to:
tp
ou
Set up HP and Cisco devices as OSPF neighbors
ith
Configure OSPF’s BFD feature to support fast convergence and graceful restart
w
for non-stop forwarding
rt
pa
Configure OSPF in a multi-area environment
i n
Design an OSPF topology that is appropriate to your environment
or
e
ho
w
in
n
ctio
du
ro
ep
.R
ly
on
use
er
ld
ho
ake
St
&L
C
P
H
Rev. 11.12 10 –1
BitSpyder - The Culture of Knowledge
HP Networking Interoperability
d.
Conditions for becoming OSPF neighbors
ite
ib
Authentication
oh
BFD for fast convergence
pr
is
Graceful restart for non-stop forwarding
n
sio
is
m
er
tp
ou
ith
w
rt
pa
i n
or
l e
ho
w
in
n
c tio
du
ro
ep
.R
ly
on
u se
er
ld
ho
ake
St
&L
C
P
H
10 –2 Rev. 11.12
BitSpyder - The Culture of Knowledge
d.
ite
IP: 10.1.2.1/24 IP: 10.1.2.3/24
ib
OSPF Area 0 OSPF Area 1
Hello timer: 10 s
oh
Hello timer: 10 s R1 R4
Dead interval: 40 sec Dead interval: 40 sec
pr
Network Type=Broadcast Network Type=Broadcast
is
n
sio
is
m
IP: 10.1.2.2/30
er
IP: 10.1.2.4/24
OSPF Area 0
tp
OSPF Area 0
Hello timer: 10 s R2 R3 Hello timer: 10 s
ou
Dead interval: 40 sec
Dead interval: 30 sec
Network Type=P2P
ith
Network Type=Broadcast
w
Figure 10-1: OSPF Neighboring—Scenario 1-1
rt
pa
Examine the figure and then answer this question:
i n
or
What conditions must two routers meet to become OSPF neighbors? For each
e
condition that you list, check that setting on the routers in this example. Circle any
l
ho
________________________________________________________________________
n
c tio
________________________________________________________________________
du
ro
ep
________________________________________________________________________
.R
ly
on
________________________________________________________________________
use
________________________________________________________________________
er
ld
ho
________________________________________________________________________
ake
St
________________________________________________________________________
&L
C
________________________________________________________________________
P
H
________________________________________________________________________
Rev. 11.12 10 –3
BitSpyder - The Culture of Knowledge
HP Networking Interoperability
________________________________________________________________________
________________________________________________________________________
d.
________________________________________________________________________
ite
ib
oh
________________________________________________________________________
pr
is
n
________________________________________________________________________
sio
is
m
________________________________________________________________________
er
tp
ou
________________________________________________________________________
ith
w
________________________________________________________________________
rt
pa
i n
________________________________________________________________________
or
l e
ho
________________________________________________________________________
w
in
n
________________________________________________________________________
c tio
du
Best practices
ro
ep
This scenario does not show the most highly recommended topology. It is
.R
For example, with four routers, the number of required connections is 4x3/2 =
ld
ho
Each link should support its own VLAN and subnet (one link = one VLAN = one
a
St
subnet).
&L
If the routing switches do not have enough Ethernet interfaces, on the other hand,
C
you might have to connect them through a common Layer 2 switch—or preferably,
P
H
two Layer 2 switches for redundancy. In this case, you can implement BFD for faster
convergence.
10 –4 Rev. 11.12
BitSpyder - The Culture of Knowledge
d.
ite
ib
oh
IP: 10.1.2.1/24 R1 R4 IP: 10.1.2.3/24
OSPF Area 0 OSPF Area 0
pr
Priority 0 Priority 1
is
n
s io
is
m
er
IP: 10.1.2.2/24 IP: 10.1.2.4/24
tp
OSPF Area 0 OSPF Area 0
Priority 255 R2 R3
ou
Priority 4
ith
Figure 10-2: OSPF DR election—Scenario 1-2
w
rt
Examine the figure and then answer these questions:
pa
n
Q1: How do devices in a multi-access (such as Broadcast) network determine which
i
or
devices become DR and Backup DR (BDR)? What role does priority 0 play in this
e
________________________________________________________________________
w
in
n
tio
________________________________________________________________________
c
du
ro
________________________________________________________________________
ep
.R
________________________________________________________________________
ly
on
se
________________________________________________________________________
u
er
ld
________________________________________________________________________
ho
ke
________________________________________________________________________
a
St
&L
________________________________________________________________________
C
P
H
________________________________________________________________________
Rev. 11.12 10 –5
BitSpyder - The Culture of Knowledge
HP Networking Interoperability
Q2: Can you determine which routers in this figure become DR and BDR?
________________________________________________________________________
________________________________________________________________________
d.
ite
ib
________________________________________________________________________
oh
pr
is
________________________________________________________________________
n
sio
is
________________________________________________________________________
m
er
tp
Q3: How can you force two routers to become DR and BDR?
ou
________________________________________________________________________
ith
w
rt
________________________________________________________________________
pa
i n
or
________________________________________________________________________
l e
ho
________________________________________________________________________
w
in
n
________________________________________________________________________
c tio
du
ro
________________________________________________________________________
ep
.R
________________________________________________________________________
ly
on
se
________________________________________________________________________
u
er
ld
Multi-access network type interfaces always select a DR and BDR—even if you have
a
designed the topology as discussed on the previous slide (each routing switch
St
connects directly to each other routing switch on a VLAN and subnet that is unique to
&L
the point-to-point connection).In this case, one side becomes DR and the other BDR.
C
P
To prevent the election and speed convergence, you must manually set the interfaces’
H
network type to P2P. However, make sure that all network administrators understand
this practice; otherwise, the type might not match on both switches, so they will not
become neighbors.
10 –6 Rev. 11.12
BitSpyder - The Culture of Knowledge
OSPF authentication
Will the two OSPF adjacencies work?
HP1 gi1/0/2 HP3
d.
gi1/0/1
ite
Vlan 20
Vlan 10 port gigabit 1/0/2
ib
port gigabit 1/0/1 ospf 22
oh
ospf 11 Area 10
pr
Area 0 authentication-mode md5
authentication-mode simple network 10.6.0.2 0.0.0.0
is
network 192.168.1.1 0.0.0.0 interface vlan 20
interface vlan 10 ip address 10.6.0.2 24
n
ip address 192.168.1.1 24 ospf authentication-mode md5 1…
io
ospf authentication-mode simple… cipher cant_find
s
cipher very-secret
is
m
Cisco2 gi0/1 gi0/2
er
interface gigabitethernet 0/1
tp
router ospf 2
ip address 192.168.1.2 255.255.255.0 network 10.6.0.2 0.0.0.0 area 10
ou
ip ospf authentication-key very-secret network 192.168.0.0 0.0.255.255 area 0
interface gigabitethernet 0/2 area 10 authentication message-digest
ith
ip address 10.6.0.1 255.255.255.0 area 0 authentication
w
ip ospf message-digest-key 1 md5 cant_find
rt
Figure 10-3: OSPF authentication
pa
n
Examine the figure and then answer these questions (note that there is a fifth question
i
or
on the next page):
l e
ho
Q1: If you ignore the authentication settings, which routers become OSPF neighbors
w
________________________________________________________________________
n
c tio
du
________________________________________________________________________
ro
ep
________________________________________________________________________
.R
ly
on
________________________________________________________________________
use
er
________________________________________________________________________
ld
ho
ke
________________________________________________________________________
C
P
H
________________________________________________________________________
________________________________________________________________________
Rev. 11.12 10 –7
BitSpyder - The Culture of Knowledge
HP Networking Interoperability
Q3: On HP 1, the password is specified with the cipher keyword. What purpose
does this keyword serve?
________________________________________________________________________
d.
________________________________________________________________________
ite
ib
oh
________________________________________________________________________
pr
is
n
________________________________________________________________________
sio
is
m
________________________________________________________________________
er
tp
ou
Q4: Do the authentication settings match between HP 3 and Cisco 2?
ith
________________________________________________________________________
w
rt
pa
________________________________________________________________________
i n
or
e
________________________________________________________________________
l
ho
w
________________________________________________________________________
in
n
c tio
________________________________________________________________________
du
ro
ep
Q5: What role does the key ID play (beyond being another matching setting)?
.R
________________________________________________________________________
ly
on
se
________________________________________________________________________
u
er
ld
________________________________________________________________________
ho
ke
________________________________________________________________________
a
St
&L
________________________________________________________________________
C
P
H
________________________________________________________________________
________________________________________________________________________
10 –8 Rev. 11.12
BitSpyder - The Culture of Knowledge
d.
ite
ospf 1
ib
opaque-capability enable router ospf 1
oh
graceful-restart ietf nsf ietf restart-interval 200
graceful-restart interval 120
pr
is
HP 1 Cisco 2
n
sio
is
m
er
Cisco 3 HP 4
tp
ou
router ospf 1 ospf 1
opaque-capability enable
ith
nsf ietf restart-interval 200
graceful-restart ietf
w
Figure 10-4: OSPF neighbors—Scenario 1-4
rt
pa
What is the purpose of the configurations displayed in this slide?
i n
or
These routers are implementing OSPF graceful restart, which is defined in RFC 3623.
l e
This feature allows you to restart OSPF processes without disturbing the OSPF
ho
You would initiate a graceful restart whenever you need to restart an OSPF process
c
du
to clean out or update information. You will find this feature particularly useful when
ro
a component fails (for example, a Route Processor [RP] has crashed and a backup RP
ep
has taken over) or when you are performing a scheduled hitless software upgrade.
.R
They have independent control planes and forwarding planes. Cisco devices
er
require Cisco Express Forwarding (CEF). HP A-Series devices also meet the
ld
ho
requirement. While OSP processes restart on the control plane, the FIBs that
ke
The slide shows the commands for configuring the graceful restart interval on
H
Rev. 11.12 10 –9
BitSpyder - The Culture of Knowledge
HP Networking Interoperability
d.
ite
clear ip ospf <process ID>.)
ib
After you enter the command, HP1 announces to all neighbors that it is going to
oh
reload its OSPF processes. While it restarts, HP1 continues to forward packets based
pr
on information in its routing table at the time that the restart initiated.
is
n
The other routers start their graceful restart timer. The default interval is 120 seconds,
sio
but the routers in this example have a 200 second interval. These routers freeze their
is
m
Link State (LS) database and routing table during this interval.
er
tp
After the interval expires (at which time HP 1 should have finished reloading its
ou
processes), all routers synchronize their databases.
ith
Commands for enabling OSPF graceful restart
w
rt
You must enter these commands on HP A-Series devices to enable graceful restart:
pa
n
ospf 1
i
or
opaque-capability enable
l e
graceful-restart ietf
ho
w
router ospf 1
n
tio
For more details on command syntax, refer to the configuration manual for your
ro
device.
ep
.R
ly
on
u se
er
ld
ho
ake
St
&L
C
P
H
d.
•What values would you recommend for the timers?
ite
•What will happen if INT VLAN10 fails on HP1?
ib
oh
bfd session init-mode active
interface vlan-interface 10
pr
ip address 10.1.1.1 24 interface GigabitEthernet2/1
ospf bfd enable ip address 10.1.1.2 255.255.255.0
is
bfd min-transmit-interval 25 ip ospf bfd
n
bfd min-receive-interval 150 bfd interval 50 min_rx 50 multiplier 3
io
bfd detect-multiplier 3
s
router ospf 1
is
ospf 1 bfd all-interfaces
m
area 0 network 10.1.1.2 0.0.0.0 area 0
network 10.1.1.0 0.0.0.255
er
Cisco 3
tp
HP 1
ou
ith
w
HP 2
rt
Figure 10-5: OSPF neighbors—Scenario 1-5
pa
n
Examine the figure and consider the questions and answers below.
i
or
e
Note
l
ho
For this scenario, assume that HP2, which provides an alternate path to the same
w
remote networks as HP1, has a similar BFD and OSPF configuration to HP1’s.
in
n
In this configuration, the three routers do not connect directly but instead through a
ro
Layer 2 switch. When a router or an interface fails, the routers cannot immediately
ep
detect the failure using the traditional OSPF hello and dead timers. BDF is another
.R
interval that helps the routers detect the failure more quickly.
ly
on
What BFD transmit timers will be negotiated between HP1 and Cisco3?
se
This scenario illustrates what can happen when two routers propose radically
u
2. Cisco3 receives the packet and compares the requested RX interval of 150ms to
a
throttles back its own transmit frequency and sends BFD control packets at
&L
150ms intervals.
C
P
3. Similarly, HP1 compares the Cisco’s requested RX interval of 50ms to its own
H
d.
It is important that you understand how to divide your system into areas to make the
ite
routing protocol operate more efficiently. Within an area all routers must synchronize
ib
oh
their link state databases, but areas allow you to filter routes at the ABR. (It is
pr
possible to configure individual routers to prevent the advertisement of certain LSAs;
is
however, this type of filtering is not what is typically meant by filtering routes.)
n
sio
is
m
er
tp
ou
ith
w
rt
pa
i n
or
l e
ho
w
in
n
ctio
du
ro
ep
.R
ly
on
use
er
ld
ho
ake
St
&L
C
P
H
HP Networking Interoperability
d.
ite
R1 R4
ib
10.0.0.0/16 Area 0
oh
.4
.1
pr
10.0.10.0/24
is
10.1.1.0/24
n
10.1.3.0/24
io
.2
s
R2 .3
is
R3
m
Area 1 What is R1 configuration when R1 is:
er
10.1.2.0/24 •Cisco
tp
10.1.4.0/24 •HP A-Series
ou
•HP E-Series
ith
w
Figure 10-6: OSPF area summarization—Scenario 2-1
rt
pa
i n
or
Q1: What kind of OSPF router is R1?
l e
_______________________________________________________________________
ho
w
in
_______________________________________________________________________
n
c tio
du
_______________________________________________________________________
ro
ep
_______________________________________________________________________
.R
ly
on
_______________________________________________________________________
u
er
ld
_______________________________________________________________________
ho
ake
_______________________________________________________________________
St
&L
C
_______________________________________________________________________
P
H
_______________________________________________________________________
_______________________________________________________________________
d.
ite
ib
_______________________________________________________________________
oh
pr
is
Q4: Why would you configure an area range?
n
io
_______________________________________________________________________
s
is
m
er
_______________________________________________________________________
tp
ou
_______________________________________________________________________
ith
w
rt
_______________________________________________________________________
pa
i n
or
Q5: What are the key advantages of summarization?
l e
_______________________________________________________________________
ho
w
in
_______________________________________________________________________
n
ctio
du
_______________________________________________________________________
ro
ep
_______________________________________________________________________
.R
ly
on
_______________________________________________________________________
use
_______________________________________________________________________
ho
ake
_______________________________________________________________________
St
&L
C
_______________________________________________________________________
P
H
_______________________________________________________________________
HP Networking Interoperability
Q7: Why can you enable summarization on R1 and not on R2, R3, and R4?
_______________________________________________________________________
_______________________________________________________________________
d.
ite
ib
_______________________________________________________________________
oh
pr
is
_______________________________________________________________________
n
sio
is
Q8: What other tasks can you perform on an ABR related to area summarization?
m
er
_______________________________________________________________________
tp
ou
_______________________________________________________________________
ith
w
rt
_______________________________________________________________________
pa
i n
or
_______________________________________________________________________
l e
ho
Q9: Where can you see the results of the area summarization?
w
in
_______________________________________________________________________
n
c tio
du
_______________________________________________________________________
ro
ep
_______________________________________________________________________
.R
ly
on
_______________________________________________________________________
u se
er
ld
ho
ake
St
&L
C
P
H
d.
ite
R1 Area 0 R4
10.0.0.0/16
ib
.4
.1
oh
10.0.10.0/24
pr
10.1.1.0/24 R1= Cisco
is
10.1.3.0/24 interface gigabitethernet 0/1
n
ip address 10.0.10.1 255.255.255.0
.2
io
R2 .3 interface gigabitethernet 0/2
R3
s
ip address 10.1.1.1 255.255.255.0
is
Area 1 interface gigabitethernet 0/3
m
ip address 10.1.3.1 255.255.255.0
10.1.2.0/24
er
10.1.4.0/24 router ospf 1
tp
router-id 1.1.1.1
? 0
ou
network 10.0.0.0 0.0.255.255 area
network 10.1.0.0 0.0.255.255 area? 1
ith
area 0? range 10.0.0.0 255.255.0.0
area 1? range 10.1.0.0 255.255.0.0
w
rt
Figure 10-7: OSPF area summarization—Scenario 2-1-a
pa
n
The figure above displays the network commands for enabling OSPF on interfaces
i
or
on Router 1, a Cisco router acting as ABR, and placing those interfaces in an area.
e
The last two commands configure area summaries (or aggregated routes) that the
l
ho
The commands are missing some keywords. Fill in the commands, using the figure for
n
information:
c tio
If you do not know the exact syntax, do not worry. You will learn it in a moment.
on
se
Also fill in the blanks to indicate how the ABR (R1) will summarize the routes.
u
This command would prevent the ABR from advertising networks within the
10.0.2.0/24 space.
HP Networking Interoperability
d.
that is up.
ite
ib
How and why would you configure the ABR to send a default route to
oh
routers in an area?
pr
is
You must configure the area as a totally stubby area. In the Cisco IOS, the command
n
io
is:
s
is
area <ID> stub no-summary
m
er
Often an area at a branch office or other remote site connects only to an ABR in
tp
area 0. The routers at the branch office do not require a detailed view of the
ou
networks at the main office. A default route is enough.
ith
w
rt
pa
i n
or
l e
ho
w
in
n
c tio
du
ro
ep
.R
ly
on
u se
er
ld
ho
ake
St
&L
C
P
H
d.
R1 Area 0 R4
ite
10.0.0.0/16
ib
.4
.1
oh
10.0.10.0/24
R1= HP A-Series
pr
10.1.1.0/24 interface vlan 10
ip address 10.0.10.1 24
10.1.3.0/24
is
interface vlan 11
n
R2 .2 ip address 10.1.1.1 24
.3
io
R3 interface vlan 12
s
ip address 10.1.3.1 24
Area 1
is
m
10.1.2.0/24 ospf 1 router-id 1.1.1.1
er
10.1.4.0/24 area? 0
description backbone area
tp
network 10.0.0.0 16
ou
abr-summary 10.0.0.0 16 ?
? 1
area
ith
description asian area
network 10.1.0.0 16
w
abr-summary 10.1.0.0 16 ?
rt
pa
Figure 10-8: OSPF area summarization—Scenario 2-1-b
i n
This scenario presents a similar situation to the previous one. However, the ABR is an
or
HP A-Series switch. You configure this switch in a very similar manner to the Cisco
le
switches.
ho
w
The commands are missing some keywords. Fill in the commands, using the figure for
in
information:
n
tio
_______________
ro
______________
se
HP Networking Interoperability
Summarization
Inter-Area 10.1.0.0/16
R1 Area 0 R4
10.0.0.0/16
d.
.4
.1
ite
10.0.10.0/24
R1= HP A-Series
ib
10.1.1.0/24 interface vlan 10
oh
ip address 10.0.10.1 24
10.1.3.0/24 interface vlan 11
pr
R2 .2 ip address 10.1.1.1 24
.3 R3
is
interface vlan 12
ip address 10.1.3.1 24
Area 1
n
io
10.1.2.0/24 ospf 1 router-id 1.1.1.1
s
10.1.4.0/24 area 0
is
description backbone area
m
network 10.0.0.0 0.0.255.255
er
abr-summary 10.0.0.0 16
tp
area 1
description asian area
ou
network 10.1.0.0 0.0.255.255
14 Rev. 10.41 abr-summary 10.1.0.0 16
ith
w
Figure 10-9: OSPF area summarization—Scenario 2-1-b
rt
pa
Figure 10-9 shows the commands in full.
in
Pretend that you have established this configuration on R1. On which routers could
or
you best verify the route summarization?
el
ho
You would verify it on routers in a different area from the summarized route. That is,
w
routers within area 1 receive the advertised summaries for area 0 and vice versa.
in
You should view the routing table on these routers to verify that they have received
n
tio
The tables indicate the correct syntax on Cisco, HP A-Series, and HP E-Series
ep
commands that you could use to verify summarization. Because the aggregation
.R
creates a new Type 3 LSA, you can view the LSA database and look for the new LSA.
ly
on
Cisco switches also create a route to null0 for the summarized network, so you can
look for that route in the routing table.
u se
View the routing table. show ip route display ip routing-table show ip route
ke
View Type 3 LSAs in the show ip ospf database display ospf lsdb show ip ospf link-state
LSA database. summary summary summary
&L
d.
ite
R1 Area 0 R4
10.0.0.0/16
ib
.4
oh
.1
10.0.10.0/24 R1= HP E-Series
pr
vlan 10
10.1.1.0/24 ip address 10.0.10.1/24
is
10.1.3.0/24 ip ospf area 0?
n
vlan 11
io
R2 .2 ip address 10.1.1.1/24
.3 R3
s
ip ospf area 1?
is
Area 1 vlan 12
m
ip address 10.1.3.1/24
10.1.2.0/24 ip ospf area 1?
er
10.1.4.0/24 ip routing
tp
ip router-id 1.1.1.1
ou
router ospf
area 0
ith
?
area 0 range 10.0.0.0/16
area 1
w
?
area 1 range 10.1.0.0/16
rt
pa
Figure 10-10: OSPF area summarization—Scenario 2-1-c
i n
This scenario presents the same topology as the previous two, but an HP E-Series
or
switch is the ABR. Try to fill in the blanks in the configuration:
e l
ho
vlan 10
w
ip address 10.0.10.1/24
in
n
vlan 11
c
du
ip address 10.1.1.1/24
ro
ep
vlan 12
ly
ip address 10.1.3.1/24
on
ip ospf area 1
use
ip routing
er
ip router-id 1.1.1.1
ld
ho
router ospf
ke
area 0
a
St
area 1
C
d.
ite
R1 Area 0 R4
10.0.0.0/16
ib
oh
.4
.1
10.0.10.0/24
pr
10.1.1.0/24
is
10.1.3.0/24
n
io
R2 .2
.3
s
R3
is
Area 1 What are the IP subnets in the routing
m
tables of R1, R4, R2 and R3?
er
10.1.2.0/24
10.1.4.0/24 What is the type for each route?
tp
ou
ith
Figure 10-12: OSPF area summarization—Scenario 2-2
w
rt
pa
The figure displays an OSPF topology in which R1 is an ABR that advertises route
summaries 10.0.0.0/16 and 10.1.0.0/16 for areas 0 and 1.
in
or
You should now be able to predict the result of this configuration. For each router, fill
e
tio
For Type, indicate the type of route using the Cisco abbreviations:
c
du
C = Connected networks
ro
ep
Note
ke
All OSPF networks except external ones are indicated by: 0_ASE.
a
St
To see the type on HP A-series routers, you must enter display ospf routing-table.
&L
C
P
H
HP Networking Interoperability
R2 Routing Table
IP network Next hop Type
d.
ite
ib
oh
pr
is
n
sio
is
m
er
tp
ou
ith
R3 Routing Table
w
IP network Next hop Type
rt
pa
i n
or
l e
ho
w
in
n
c tio
du
ro
ep
.R
ly
on
u se
er
ld
ho
ake
St
&L
C
P
H
R4 Routing Table
IP network Next hop Type
d.
ite
ib
oh
pr
is
n
sio
is
m
er
tp
ou
ith
Assume that R1 is a Cisco router.
w
rt
R1 Routing Table
pa
n
IP network Next hop Type
i
or
l e
ho
w
in
n
c tio
du
ro
ep
.R
ly
on
use
er
ld
ho
ake
St
&L
C
P
H
HP Networking Interoperability
d.
ite
R1 Area 0 R4
10.0.0.0/16
ib
.4
oh
.1
10.0.10.0/24
pr
10.1.1.0/24
is
10.1.3.0/24
n
io
R2 .2
.3
s
R3
is
Area 1 What command can you use on R2 and R3
m
to avoid an OSPF neighboring on LANs
er
10.1.2.0/24
10.1.4.0/24 10.1.2.0/24 and 10.1.4.0/24?
tp
ou
ith
Figure 10-13: OSPF passive interface—Scenario 2-3
w
rt
pa
Examine the topology displayed in the figure. Assume that you want to prevent R2
and R3 from becoming OSPF neighbors with any routers in their locally connected
networks, 10.1.2.0/24 and 10.1.4.0/24. How could you do so? i n
or
e
You can simply prevent the routers from sending OSPF packets on these interfaces by
l
ho
Note
n
tio
Use cases
.R
ly
You can implement the passive interface feature on any LAN in which your router
on
should not have any OSPF neighbors. A typical use case is a network with two
se
routing switches connected to the same VLANs. Instead of making the routers OSPF
u
neighbors on all IP interfaces (VLANs), you can simply make them neighbors on two
er
or three IP interfaces. Then you configure OSPF on all other interfaces (so these
ld
ho
_______________________________________________________________________
&L
C
P
_______________________________________________________________________
H
_______________________________________________________________________
d.
ite
R1 Area 0 R4
10.0.0.0/16
ib
.4
.1
oh
R3= Cisco
10.0.10.0/24
pr
interface gigabit 0/1
10.1.1.0/24 ip address 10.1.4.3 255.255.255.0
is
10.1.3.0/24 router ospf 1
passive-interface gigabitethernet 0/1
n
.2
io
R2 .3 R3 R3= HP A-series
s
is
Area 1 interface vlan-interface 14
m
ip address 10.1.4.3 24
10.1.2.0/24
er
10.1.4.0/24 ospf 1
tp
silent-interface vlan-interface 14
R3= HP A-series
ou
vlan 14
ith
ip address 10.1.4.3/24
w
ip ospf area 1
21 Rev. 10.41 ip ospf passive
rt
pa
Figure 10-14: OSPF passive interface—Scenario 2-3-a
i n
or
The figure displays the commands for configuring OSPF passive interfaces.
e
To verify which interfaces are passive, enter this command on Cisco and HP E-Series
l
ho
devices:
w
in
On Cisco and HP A-Series devices, you can alternatively enable the passive interface
ep
feature globally (all OSPF interfaces are passive). Then you can enable individual
.R
interfaces as active OSPF interfaces. This configuration option for the example in the
ly
router ospf 1
u
passive-interface all
er
ld
On HP A-Series devices, this configuration option for the example in the figure would
ke
be as follows:
a
St
ospf1
&L
silent-interface all
C
P
HP Networking Interoperability
d.
ite
ib
oh
pr
is
n
sio
is
m
er
tp
ou
ith
w
rt
pa
i n
or
l e
ho
w
in
n
c tio
du
ro
ep
.R
ly
on
u se
er
ld
ho
ake
St
&L
C
P
H
d.
.4
.1
ite
10.0.10.0/24
10.1.1.0/24 Area 2
ib
10.2.1.0/24
oh
Area 1
pr
R2 .2 .5 R5
is
n
io
.3 R3
10.1.2.0/24
s
is
What is R2 configuration
m
when R2 is:
er
10.1.3.0/24
•Cisco
tp
• Redistribute (import) static and direct •HP A-Series
ou
routes •HP E-Series
ith
• Summarize the redistributed routes
w
• Make the cost increment as advertised
23 Rev. 10.41
rt
pa
Figure 10-15: OSPF redistribution—Scenario 3-1
i n
Examine the figure above. R2, which is part of the OSPF system, is connected to R3,
or
which is not. In a moment, you will discuss how to advertise the 10.1.10.0/24 and
e l
tio
Configure the cost for the redistributed routes to increment as they are advertised
c
du
Q1: Why would you redistribute routes to directly connected networks instead of
.R
_______________________________________________________________________
use
_______________________________________________________________________
er
ld
ho
_______________________________________________________________________
ake
St
_______________________________________________________________________
&L
C
P
_______________________________________________________________________
H
_______________________________________________________________________
HP Networking Interoperability
_______________________________________________________________________
d.
ite
ib
_______________________________________________________________________
oh
pr
is
_______________________________________________________________________
n
sio
is
_______________________________________________________________________
m
er
tp
_______________________________________________________________________
ou
ith
Q3: Which type of OSPF LSA is created for the redistributed route?
w
rt
_______________________________________________________________________
pa
i n
or
_______________________________________________________________________
l e
ho
_______________________________________________________________________
w
in
n
_______________________________________________________________________
c tio
du
ro
_______________________________________________________________________
ep
.R
_______________________________________________________________________
ly
on
se
_______________________________________________________________________
er
ld
ho
_______________________________________________________________________
ake
St
_______________________________________________________________________
&L
C
P
_______________________________________________________________________
H
_______________________________________________________________________
R1 Area 0 R4
.4
d.
.1
10.0.10.0/24
ite
10.1.1.0/24 Area 2
ib
10.2.1.0/24
Area 1
oh
pr
R2 .2 .5 R5
is
n
.3 R3
io
10.1.2.0/24
s
is
m
10.1.3.0/24
er
R2= Cisco
tp
ip route 10.1.3.0 255.255.255.0 10.1.10.3
router ospf 1
ou
network 10.1.1.0 0.0.0.255 area 1
? ?
ith
redistribute static metric 10 metric-type 1 subnets
?
redistribute ?
connected metric 10 metric-type 1 subnets
w
?
summary-address 10.1.2.0 255.255.254.0
rt
Figure 10-16: OSPF redistribution—Scenario 3-1-a
pa
Examine the figure and answer these questions. i n
or
e
Note
l
ho
You will discuss the answers as a class, and the correct answers are also listed at
w
Q1: Fill in the blanks to show the proper configuration for R2 when it is a Cisco
c
router. R2 must:
du
ro
ly
Configure the cost for the redistributed routes to increment as they are advertised
on
router ospf 1
er
Q2: What command can you enter to verify that the Cisco R2 has properly
C
_______________________________________________________________________
R1 Area 0 R4
.4
d.
.1
10.0.10.0/24
ite
10.1.1.0/24 Area 2
ib
10.2.1.0/24
Area 1
oh
pr
R2 .2 .5 R5
is
n
.3 R3
io
10.1.2.0/24
s
R2= HP A-Series
is
m
ip route-static 10.1.3.0 24 10.1.10.3
10.1.3.0/24 ospf 1
er
area 1
tp
network 10.1.1.0 0.0.0.255
?
import-route static cost 10 type 1
ou
import-route direct cost 10 type 1
?
ith
asbr-summary 10.1.2.0 23
w
Figure 10-17: OSPF redistribution—Scenario 3-1-b
rt
pa
Examine the figure and answer these questions.
i n
or
Note
e
You will discuss the answers as a class, and the correct answers are also listed at
l
ho
Q1: Fill in the blanks to show the proper configuration for R2 when it is an HP A-
n
tio
.R
Configure the cost for the redistributed routes to increment as they are advertised
ly
ospf 1
u se
area 1
er
HP Networking Interoperability
Q2: This configuration sets metric type 1 for the redistributed routes. What purpose
does this configuration serve? Why might you select type 1 rather than type 2?
_______________________________________________________________________
d.
_______________________________________________________________________
ite
ib
oh
_______________________________________________________________________
pr
is
n
_______________________________________________________________________
sio
is
m
_______________________________________________________________________
er
tp
ou
_______________________________________________________________________
ith
w
_______________________________________________________________________
rt
pa
i n
_______________________________________________________________________
or
l e
ho
_______________________________________________________________________
w
in
n
_______________________________________________________________________
c tio
du
_______________________________________________________________________
ro
ep
.R
_______________________________________________________________________
ly
on
_______________________________________________________________________
u se
er
_______________________________________________________________________
ld
ho
ke
_______________________________________________________________________
a
St
&L
_______________________________________________________________________
C
P
H
_______________________________________________________________________
R1 Area 0 R4
.4
d.
.1
10.0.10.0/24
ite
10.1.1.0/24 Area 2
ib
10.2.1.0/24
Area 1
oh
pr
R2 .2 .5 R5
is
n
.3 R3
io
10.1.2.0/24 R2= HP A-Series
s
is
ip route 10.1.3.0/24 10.1.10.3
m
vlan 10
10.1.3.0/24
er
ip address 10.1.1.2/24
ip ospf area 1
tp
Router ospf
ou
area 1
?
redistribute connected
ith
?
redistribute static
default-metric 20
w
metric-type 1
rt
pa
Figure 10-18: OSPF redistribution—Scenario 3-1-c
in
or
Fill in the blanks to show the proper configuration for R2 when it is an HP E-Series
e
device. R2 must:
l
ho
in
Configure the cost for the redistributed routes to increment as they are advertised
n
tio
Note
c
du
vlan 10
se
ip address 10.1.1.2/24
u
er
ip ospf area 1
ld
Router ospf
ho
ke
area 1
a
______________ connected
St
______________ static
&L
C
default-metric 20
P
metric-type 1
H
Note
You will discuss the answers as a class, and the correct answers are also listed at
the end of this scenario.
HP Networking Interoperability
d.
.4
.1
ite
10.0.10.0/24
10.1.1.0/24 Area 2
ib
10.2.1.0/24
oh
Area 1
pr
R2 .2 .5 R5
is
n
.3
io
10.1.2.0/24 R3
s
is
m
What can you do for R5 to have
er
10.1.3.0/24 a Default Route via OSPF
tp
for ALL networks outside of its own Area?
ou
Figure 10-19: OSPF redistribution—Scenario 3-2
ith
w
You now understand how R2 redistributes the external routes. You will now turn to
rt
pa
another part of the network: area 2.
n
In this scenario, you want to hide networks outside of area 2 to routers within area 2.
i
or
R5 does not need to store the complexities of the network topology because it has
e
only one connection to the rest of the network. (Perhaps R5 is a router at a branch
l
ho
functionally equivalent to many routes through the same forwarding interface and
in
To hide the non-area 2 networks in this way, you must define the area type. Typically,
c
du
you would define the area as a totally stubby area. The ABR for a totally stubby area
ro
You could also configure the area as a totally stubby NSSA, which allows routers
on
within the area to redistribute routes themselves, providing more flexibility for the
se
configuration.
u
er
ld
ho
ake
St
&L
C
P
H
R1 Area 0 R4
.4 0.0.0.0/0
d.
.1
10.0.10.0/24
ite
10.1.1.0/24 Area 2
ib
10.2.1.0/24
Area 1
oh
pr
R2 .2 .5 R5
R4=Cisco
is
router ospf 1
n
network 10.0.0.0 0.0.255.255 area 0
network.310.2.0.0
R3 0.0.255.255 area 2
io
10.1.2.0/24
s
area 2 stub no-summary
is
or
m
area 2 nssa no-summary
area 10.1.3.0/24
R5=Cisco
er
2 default-information originate
tp
router ospf 1
network 10.2.0.0 0.0.255.255 area 2
ou
area 2 stub
or
ith
area 2 nssa
w
Figure 10-20: OSPF redistribution—Scenario 3-2-a
rt
pa
As you learned, to configure the ABR to generate the default route for the area (and
i n
filter out other inter-area LSAs), you can define the area as either a totally stubby
or
area or a totally NSSA area.
l e
ho
The figure displays the configuration on a Cisco device that is acting as ABR (R4).
w
On a Cisco device that is an internal router in the totally stubby area or NSSA, you
ro
enter either:
ep
.R
The area type must match the type on the internal router and the ABR. However, you
se
do not specify the no-summary option on the internal router. Only the ABR—or
u
er
Note that, when you disable summaries for a stubby area, the ABR automatically
ke
generates a default route. However, you must use the area <ID> default-information
a
originate command to generate this route for an NSSA, which does not receive it by
St
default. (This enables the NSSA to use its own default route if it has an external
&L
connection.)
C
P
H
HP Networking Interoperability
R1 Area 0 R4
.4 0.0.0.0/0
d.
.1
10.0.10.0/24
ite
10.1.1.0/24 Area 2
ib
10.2.1.0/24
Area 1
oh
pr
R2 .2 .5 R5
R4=HP A-series
is
ospf 1
n
area 2
.3 10.2.0.0
R3
io
network 0.0.255.255
10.1.2.0/24
s
stub no-summary
is
or
m
area 2
10.1.3.0/24
er
network 10.2.0.0 16
nssa no-summary default-route-advertise
tp
R5=HP A-Series
ou
ospf 1
area 2
ith
network 10.2.0.0 0.0.255.255
stub
w
or
rt
nssa
pa
Figure 10-21: OSPF redistribution—Scenario 3-2-b
i n
or
The figure displays the correct configuration for this scenario when the ABR (R4) and
e
internal router in the stubby area (R5) are HP A-Series devices. As you see it is quite
l
ho
similar to the Cisco configuration. Again, note that the generation of the default route
w
is not automatic for the NSSA; you must add the default-route-advertise option.
in
n
c tio
du
ro
ep
.R
ly
on
u se
er
ld
ho
ake
St
&L
C
P
H
R1 Area 0 R4
.4 0.0.0.0/0
d.
.1
10.0.10.0/24
ite
10.1.1.0/24 Area 2
ib
10.2.1.0/24
Area 1
oh
pr
R2 .2 R4=HP E-series .5 R5
is
router ospf
area 2 stub 10 no-summary
n
.3 or
R3area 2 nssa 10 no-summary
io
10.1.2.0/24
s
is
m
10.1.3.0/24 R5=HP E-Series
er
router ospf
tp
area 2 stub 10
ou
or
area 2 nssa 10
ith
Figure 10-22: OSPF redistribution—Scenario 3-2-c
w
rt
pa
Here you see the configuration for the ABR (R4) and internal stub router (R5) when
they are HP E-Series devices. The main difference in the configuration is that the ABR
in
or
automatically generates a default route for both stubby areas and NSSAs whenever
e
HP Networking Interoperability
d.
.1
10.0.10.0/24
ite
10.1.1.0/24 Area 2
ib
10.2.1.0/24
Area 1
oh
pr
R2 .2 .5 R5
is
n
.3
io
10.1.2.0/24 R3
s
is
What routes are listed in R4
m
10.1.3.0/24 and R5’s routing tables?
er
tp
Figure 10-23: OSPF redistribution—Scenario 3-3
ou
ith
You should now be able to predict the result of this configuration. For R4 and R5, fill
w
in the routing table:
rt
pa
Routes to directly connected networks
i n
Routes discovered through OSPF (remember to consider redistributed routes,
or
For Type, indicate the type of route using the Cisco abbreviations:
w
in
C = Connected networks
n
tio
.R
R4 Routing Table
u
er
R5 Routing Table
IP network Next hop Type
d.
ite
ib
oh
pr
is
n
sio
is
m
er
tp
ou
ith
w
rt
pa
i n
or
l e
ho
w
in
n
c tio
du
ro
ep
.R
ly
on
se
u
er
ld
ho
ake
St
&L
C
P
H
HP Networking Interoperability
d.
ite
R1
ib
Why create two OSPF
oh
domains?
pr
is
R3 R4
10.1.N.0/24 10.2.N.0/24
n
io
s
is
m
R2
er
tp
.2
ou
10.1.N.0/24
ith
1 2
10.1.N.0/24
w
Figure 10-24: OSPF redistribution—Scenario 4-1
rt
pa
The figure represents two OSPF domains with two ASBRs that are implementing two
i n
OSPF processes and redistributing routes from one process to another. This scenario
or
is completely different from a single OSPF domain with two areas but one OSPF
le
ho
process.
w
Use cases
in
n
tio
Why might you configure two OSPF domains rather than two areas within a single
c
domain? In a large and complicated network, you might have several reasons:
du
ro
You want to filter networks between the two regions. Redistributing routes
ep
between two domains offers filtering capabilities that are not possible into an
.R
OSPF domain:
ly
on
Within an area, you cannot filter routes because all routers in the area must
share a link-state database. (Although you can prevent individual routers
se
from representing certain LSAs in their local routing table, this function is not
u
er
true filtering.)
ld
ho
Between areas, as you learned in earlier scenarios, you can configure some
ke
on ABRs.
St
&L
areas in the domain and cannot be filtered except in stub areas and
P
NSSAs.
H
Two corporate networks with separate OSPF domains have now merged under
one administration.
Your network has complexities that do not fit within the OSPF area design
constraints.
d.
OSPF imposes a network design with Area 0 as the backbone area. All other
ite
ib
areas must connect to Area 0, which in same large networks results in a very
oh
large area 0 without any filtering capabilities. In an environment such as this,
pr
you can create multiple OSPF domains (or a hierarchy of OSPF domains), which
is
offers more flexibility for the topology and more filtering capabilities.
n
sio
Note
is
The multiple domain topology can introduce some issues. For example, the ASBR
m
er
will flood Type 5 LSAs throughout the remote domain every time Type 1 and 2
tp
LSAs indicate a change in its local area. Thus, instability in one domain can lead
ou
to a constant injection and withdrawal of Type 5 LSAs in the other domain.
ith
Many companies with complex topologies and extensive filtering requirements
w
prefer to establish multiple OSPF domains that connect through BGP. Such a
rt
deployment provides a great deal of control and flexibility. In addition, inter-
pa
OSPF domain communications must pass through BGP. Because BGP provides
n
dampening, the instability in one domain will be less visible to other domains.
i
or
l e
ho
w
in
n
c tio
du
ro
ep
.R
ly
on
use
er
ld
ho
ake
St
&L
C
P
H
HP Networking Interoperability
d.
ite
What happens when R1
ib
10.1.N.0/24
10.1.N.0/24
2 and R2:
oh
R3 R4
10.1.N.0/24 10.2.N.0/24 1 • Learn 10.1.N.0/24 as an
pr
internal route in OSPF1
2
is
• Learn 10.1.N.0/24 as an
n
R2 2 external route in OSPF 2
1
io
10.1.N.0/24
s
is
.2
m
er
tp
Figure 10-25: OSPF redistribution—Scenario 4-1 implications
ou
ith
A scenario such as this, in which two ASBRs run two OSPF processes and redistribute
w
routes between them, introduces some concerns. (The same concerns would not
rt
apply if you had only one ASBR running two OSPF processes.)
pa
Consider what happens with 10.1.N.0/24, a domain 1 network. First, R1 and R2
i n
learn a route to this network as an internal route in OSPF process 1. Then the routers
or
redistribute the internal route from OSPF process 1 to OSPF process 2. OSPF process
le
ho
2 learns the route as a route to an external network. Because you have two ASBRs,
w
the routers advertise the external routes to each other in OSPF process 2.
in
words, an external route to the network from OSPF process 2 is competing with an
ro
On each router, OSPF must now choose between the routes. It has rules for doing so,
ly
However, this rule only applies to routes within a single process. In other words,
u
OSPF does not prefer internal routes from one process to external routes from
er
ld
another process.
ho
However, in effect, it might not help to distinguish the routes because different
&L
processes use the same administrative distance by default. (You should manually
C
configure the administrative distance for different OSPF processes to force OSPF
P
Cost—When routes have the same administrative distance, OSPF can use cost
as a tie breaker—but only within in a single process.
Thus OSPF might not be able to choose between the routes correctly. On Cisco
devices, if two processes propose routes to the same network with the same
administrative distance, the first process to execute the Shortest Path First algorithm
wins. This process places its route into the routing-table (although if the forwarding
interface for that route goes down, the other process can place its route). In short,
you cannot reliably predict which route OSPF will select.
Note
Some earlier software versions might behave differently. Refer to your devices’
documentation for their functionality.
HP Networking Interoperability
Here you see what might happen in the scenario that you have been examining.
R1 has selected the external route to network 10.2.3.0/24 known by OSPF process
2. The next hop for this route is R2 because R1 received the Type 5 LSA with this
route from R2. Similarly, R2 has selected the external route to 10.2.3.0/24 with R1
as the next hop. The routers have a routing loop that will prevent traffic from reaching
its destination.
Although OSPF might select the internal route from the original process, you cannot
rely on that.
R2
You will now learn how to configure this scenario. You will see the commands for
Cisco devices and for HP A-Series devices. (HP E-Series devices do not support
multiple OSPF processes.)
HP Networking Interoperability
Redistribute:
•OSPF 2 in OSPF 1
R4 •OSPF 1 in OSPF 2
R3
10.1.N.0/24 10.2.N.0/24
R2 R1= Cisco
router ospf 1
network 10.1.0.0 0.0.255.255 area 0
redistribute ospf 2 subnets
router ospf 2
network 10.2.0.0 0.0.255.255 area 0
redistribute ospf 1 subnets
The figure shows the commands for redistributing OSFP process 2 in OSPF process 1
and vice versa. The subnets option is required on Cisco when you need to
redistribute the non-classful IPv4 networks (Class A, B, C). If you do not include this
option, routes to subnets within the classful network are not redistributed.
Important
! This scenario is progressive. These first commands introduce the possibility of
routing loops. You will learn the commands for preventing the loops a bit later.
Redistribute:
•OSPF 2 in OSPF 1
R4 •OSPF 1 in OSPF 2
R3
10.1.N.0/24 10.2.N.0/24
R1= HP A-Series
ospf 1 router-id 1.1.1.1
area 0
R2
network 10.1.0.0 16
import-route ospf 2
Here you see the configuration for the same router in the same scenario when the
router is an HP A-Series device.
HP Networking Interoperability
OSPF 1 OSPF 2
R1
ospf 1
R4
R1= HP A-Series
R3 area 0
10.1.N.0/24 10.2.N.0/24
network 10.1.0.0 0.0.255.255
import-route ospf 2 cost 1000 type 1
preference ase 200
ospf 2 R2
area 0
network 10.2.0.0 0.0.255.255
import-route ospf 1 cost 1000 type 1
preference ase 200
The slide displays commands that you can enter on an HP A-Series device to avoid
the routing loop issues you learned about earlier. (The commands for Cisco are listed
at the end of the notes for this slide.)
Consider how this configuration resolves the problem.
As you learned earlier, OSPF can use administrative distance to choose between
routes learned by different processes. Here you have configured external networks
that are redistributed into OSPF to have a higher administrative distance than the
default.
Return to the earlier example: both R1 and R2 redistribute routes to network
10.1.N.0/24 from OSPF process 1 into OSPF process 2. They now advertise the
redistributed routes on OSPF process 2 with an administrative distance of 200.
Because the internal routes from OSPF process 1 have a lower administrative
distance, both routers select the internal routes for their routing tables.
The ASBRs will now prefer all internal routes to all external routes redistributed from
another process. In other words, the ASBRs will reach all networks in one domain
through that domain’s routers.
HP Networking Interoperability
10.2.N.0/24
10.1.N.0/24
Whenever two routers redistribute routes between OSPF processes, they might
redistribute the route received from one process back into that process again,
potentially creating a routing loop. This scenario presents one of the best solutions:
filters that remove particular routes from redistribution.
Typically, when configuring redistribution from one process to another, you would
filter out the routes that should originate, as far as OSPF is concerned, in the
destination process (these routes might be internal or external). For example, when
redistributing from OSPF 1 to OSPF 2, filter out OSPF 2 networks.
You can achieve this goal in different ways:
Typically, you create filters that map to ACLs or prefix lists, each of which lists all
networks in a particular OSPF domain. The drawback of this method is that you
must maintain these lists carefully.
For a more dynamic setup, switches can automatically mark routes as associated
with a domain. When you set up the redistribution of routes into that domain,
you configure the filters based on the tag.
10.2.N.0/24
route-map ospf2-only permit 10
10.1.N.0/24
match ip address 11
First examine the Cisco commands for one method of filtering routes that belong to a
specific domain out of the routes redistributed back into the domain.
You specify a route map with the redistribution command. The route map is
associated with an ACL that selects the networks that are part of the OSPF domain to
which routes are being distributed.
Note the distance ospf external 200 command, which you learned about in the
previous scenario. Why is this command still necessary when you have configured
filtering? Remember: the filtering prevents routes that belong to one OSPF process
from being redistributed back into that process. The raised administrative distance
deals with routes that have been properly redistributed into another process but
should not be preferred to the original routes on the router running both processes.
You must configure both a filter and a raised administrative distance.
HP Networking Interoperability
10.1.N.0/24
OSPF
10.2.N.0/24
OSPF 2 R1= HP A-Series
ospf1 1
…
import-route R1
ospf 2 route-policy ospf2-only
preference ase 200
quit
acl number 2002
rule permit source 10.2.0.0 0.0.255.255
rule deny source any
R3
route-policy
R4
ospf2-only permit node 10
10.1.N.0/24 if-match acl 2002 10.2.N.0/24
ospf 2
… R2
import-route ospf 1 route-policy ospf1-only
preference ase 200
quit
acl number 2001
rule permit source10.2.N.0/24
10.1.0.0 0.0.255.255
rule deny source any
10.1.N.0/24
route-policy ospf1-only permit node 10
if-match acl 2001
The figure displays the commands to configure similar filters on HP A-Series devices.
These devices also allow you to associate the filters with prefix lists instead of ACLs.
In another option, you can configure filter policies instead of router policy filters. Use
filter policies when you only need to apply filtering to the redistribution command.
Use route policies when you need to apply filters and potentially other actions.
The sections below give the commands for the alternate configurations for your
reference.
ospf 2
…
import-route ospf 1 route-policy filter_ospf2
preference ase 200
quit
ip ip-prefix n2 permit 10.2.0.0 16 greater-equal 16 less-equal 30
route-policy filter_ospf2 permit node 10
if-match ip-prefix n2
ospf 2
…
filter-policy 2002 export
preference ase 200
quit
Acl number 2001
rule permit source 10.1.0.0 0.0.255.255
rule deny source any
HP Networking Interoperability
R1= Cisco
router ospf 1
R3 redistribute ospf 2R4subnet tag 22 route-map filter_ospf1
10.1.N.0/24 distance ospf external 10.2.N.0/24
200
!
route-map filter_ospf1 deny 10
match tag 11
R2 filter_ospf1 permit 20
route-map
router ospf 2
redistribute ospf 1 subnet tag 11 route-map filter_ospf2
distance ospf external 200
! 10.2.N.0/24
10.1.N.0/24
route-map filter_ospf2 deny 10
match tag 22
route-map filter_ospf2 permit 20
In this configuration, you filter routes based on a tag. The configuration relies on
several components:
When you configure redistribution from OSPF process 1 to process 2 (the bottom
box in the figure), you configure the router to tag the redistributed routes as
belonging to process 1 (tag 11).
You also configure a route map filter that denies routes with that tag but permits
all other routes.
When you configure redistribution from OSPF process 2 to OSPF process 1, you
specify the route map filter that denies all routes marked with process 1’s tag
(11).
You follow the same steps to filter routes redistributed from OSPF process 1 to process
2. Thus each redistribute command specifies a tag and a route map filter.
This method does not necessarily solve all problems. For example, each domain
might have another ASBR, which redistribute some of the same routes. The external
routes received from these ASBRs will not be tagged, and so they will be
redistributed to the other domain. You might need to configure prefix-based
administrative distances as discussed earlier.
You can also configure filtering based on tags on HP A-Series switches. The
configuration is very similar to the Cisco configuration.
HP Networking Interoperability
BGP
R1 R2
0.0.0.0/0 0.0.0.0/0 Both R1 and R2 use OSPF
to inject a default route
into corporate network
OSPF
R3 Area 0 R4
In this scenario, R1 and R2 are connected to the Internet and use BGP to
communicate with the ISP routers. (They could also have a static default route to the
Internet for a similar scenario.)
Both routers inject a default route into the OSPF network.
10.1.N.0/24
If the cost of IP OSPF
OSPF
interfaces is 10, which
Area 0
R3 R4 default route will R3 and R4
add to their routing tables?
50 ospf
router Rev. 10.41
1 R2 = Cisco
network 10.1.0.0 0.0.255.255 area 0
default-information originate metric 100 metric-type 1
This figure presents a scenario in which R1 (an HP A-Series router) and R2 (a Cisco
router) both
What is the metric for the default routes advertised by R1 and R2? What is the
default route’s metric type?
Both the Cisco and the HP A-Series devices have commands that define the default
cost (metric) and default metric type for routes advertised by OSPF. The figure shows
the commands that configure these settings for default routes injected into OSPF:
Metric (cost) = 100
Metric type = 1
Refer to the section at the end of the notes for this slide to see more commands for
changing these settings as well as the default settings when the commands are not
defined.
Continue to examine the configuration shown in the figure. If the cost on IP OSPF
interfaces is 10, which default route will R3 and R4 add to their routing table?
In this configuration, both R1 and R2 inject the default route with metric 100 and
metric type 1. Metric type 1 means that each router interface that advertises the route
will increment the cost.
Trace the routes from R1 and R2 to R3:
When R3 receives the default route set by R1, its cost will be 100+10 =110.
When R3 receives the default route set by R2, its cost will be 100+10 + 10
=120.
HP Networking Interoperability
R3 will select the route from R1 as the route through the closest router. The default
route from R2 will serve as a backup in case R1 or the link to R1 fails; however, the
backup route is not part of the active routing table.
Also trace the routes from R1 and R2 to R4:
When R3 receives the default route set by R1, its cost will be 100+10 + 10
=120.
When R4 receives the default route set by R2, its cost will be 100+10 =110.
Thus R4 will add the route from R2 to its routing table; the route from R1 serves a
backup.
In conclusion, when the redistributed route uses metric type 1, other OSPF routers can
choose the route with the least cost.
Additional reference
On Cisco devices, you can specify the default metric and metric type for redistributed
routes when you enter the redistribute commands. Similarly, you specify the default
metric and metric type for a default route injected into an NSSA or totally stubby
area when you enter the default-information or area commands.
On HP A-Series devices, the commands for changing the default metric and metric
type are:
ospf <process ID>
default cost <metric> type [1 | 2]
But you can also override those commands for particular redistributed routes or route
summaries configured for areas.
If you have not configured these commands, the default settings are:
On Cisco devices:
Default cost is 20.
Default external route type is 2.
On HP A-Series devices:
Default cost is 1.
Default external route type is 2.
d.
BGP bandwidth reference.
ite
R1 R2
ib
0.0.0.0/0 0.0.0.0/0
oh
Which default route will R3
10.1.N.0/24
pr
and R4 add to their routing
OSPF
tables?
is
Area 0
R3 R4
n
sio
R1= HP A-Series
is
ospf 1
m
bandwidth-reference 10000
Area 0
er
network 10.1.0.0 0.0.255.255
tp
default-route advertise always cost 100 type 2
ou
router ospf 1 R2 = Cisco
ith
auto-cost reference-bandwidth 10000
network 10.1.0.0 0.0.255.255 area 0
w
default-information originate metric 100 metric-type 2
rt
pa
Figure 10-37: OSPF redistribution and filtering—Scenario 5-2
i n
Now consider the same scenario except that the injected default routes use type 2
or
metrics. In this case, which default routes to R3 and R4 add to their routing table.
l e
ho
First examine R3. Both R1 and R2 assign the same cost (100) to the default route, so
w
R3 cannot choose between the routes based on cost. Therefore, R3 selects the default
in
route from the ASBR to which it has the lowest cost path.
n
tio
10000/1000). R3’s path cost to R1 is 10 and its path cost to R2 is 20. Therefore, R1
ro
Similarly, R4 receives both default routes with the same cost. R4’s path cost to R1 is
20 and to R2, 10. Therefore, R4 selects the default route from R2.
ly
on
Again, both R3 and R4 can use the non-selected route as a backup, which is added
se
to the routing table if they can no longer reach the next-hop router in the selected
u
route.
er
ld
In conclusion, when routers inject default routes with type 2 metrics, other routers
ho
choose the default route of the closest ASBR (which is often the same route that would
ke
HP Networking Interoperability
P3
VLAN 101
d.
HP-E
ite
P1
ib
VLAN 100 Area 1
P3
oh
Cisco-B OSPF Router-Id:
pr
POD.X.X.X
P1 P2
is
VLAN 2 VLAN 3
n
IP addressing:
P1
io
P1
HP-C Cisco-A 10.POD.VLAN.X/24
s
Area 0
is
P2 P2 X=1 on Cisco-A
X=2 on Cisco-B
m
X=3 on HP-C
er
VLAN 4 VLAN 5
P1 P2 X=4 on HP-D
tp
X=5 on HP-E
HP-D X=6 on HP-F
ou
X=100 on Server_1
P3 X=101 on Client_1
ith
VLAN 200 P1 Area 2
w
HP-F P3
Client_1
rt
VLAN 201
pa
Figure 10-38: Lab 10.1: Configuring OSPF areas
i n
or
Server_1
l e
P3
ho
VLAN 101
w
HP-E
in
P1
VLAN 100
n
P3
OSPF1 Area 0
tio
Cisco-B
OSPF Router-Id:
POD.X.X.X
c
du
P1 P2
VLAN 2 VLAN 3
ro
P1
IP addressing:
P1
ep
P2 X=1 on Cisco-A
X=2 on Cisco-B
ly
VLAN 4
X=3 on HP-C
VLAN 5 X=4 on HP-D
on
P1 P2
X=5 on HP-E
X=6 on HP-F
OSPF2
se
HP-D
Area 0 X=100 on Server_1
P3 X=101 on Client_1
u
VLAN 200 P1
er
HP-F P3
ld
Client_1
ho
VLAN 201
ke
You will now complete two labs. In the first lab, illustrated in Figure 10-38, you
&L
establish a multi-area OSPF system, in which a Cisco switch is one ABR and a HP A-
C
In the second lab, illustrated in Figure 10-39, you configure redistribution of routes
from one OSPF AS to another. In this lab, a Cisco switch is one ASBR and an HP A-
Series switch is another ASBR.
You can proceed directly from one lab to the next at your own pace.
10 –62 Rev. 11.12
BitSpyder - The Culture of Knowledge
Use the space below to record any instructions your facilitator gives you for
these labs.
________________________________________________________________________
d.
________________________________________________________________________
ite
ib
oh
________________________________________________________________________
pr
is
n
________________________________________________________________________
sio
is
m
________________________________________________________________________
er
tp
ou
________________________________________________________________________
ith
w
________________________________________________________________________
rt
pa
i n
________________________________________________________________________
or
l e
ho
________________________________________________________________________
w
in
n
________________________________________________________________________
ctio
du
________________________________________________________________________
ro
ep
.R
________________________________________________________________________
ly
on
________________________________________________________________________
use
er
________________________________________________________________________
ld
ho
ke
________________________________________________________________________
a
St
&L
________________________________________________________________________
C
P
H
________________________________________________________________________
________________________________________________________________________
HP Networking Interoperability
Lab debrief
Did you find useful show and display commands?
_______________________________________________________________________
d.
ite
ib
_______________________________________________________________________
oh
pr
_______________________________________________________________________
is
n
sio
_______________________________________________________________________
is
m
er
tp
_______________________________________________________________________
ou
ith
_______________________________________________________________________
w
rt
pa
_______________________________________________________________________
i n
or
What are your key insights about OSPF? Have you discovered something new?
l e
ho
_______________________________________________________________________
w
in
n
_______________________________________________________________________
c tio
du
_______________________________________________________________________
ro
ep
.R
_______________________________________________________________________
ly
on
_______________________________________________________________________
u se
er
_______________________________________________________________________
ld
ho
ke
_______________________________________________________________________
a
St
&L
C
P
H
d.
_______________________________________________________________________
ite
ib
oh
pr
_______________________________________________________________________
is
n
sio
is
m
_______________________________________________________________________
er
tp
ou
_______________________________________________________________________
ith
w
rt
pa
_______________________________________________________________________
i n
or
l e
ho
_______________________________________________________________________
n
c tio
_______________________________________________________________________
du
ro
ep
_______________________________________________________________________
.R
ly
on
_______________________________________________________________________
use
_______________________________________________________________________
er
ld
ho
_______________________________________________________________________
ake
St
_______________________________________________________________________
&L
C
P
H
HP Networking Interoperability
Module 10 summary
In this module, you have learned how to:
Configure OSPF routing on HP and Cisco switches
d.
ite
Enable OSPF’s BFD and graceful restart features
ib
Configure areas and summarization
oh
pr
Configure redistribution and filtering
is
Generate default routes to inject into OSPF
n
sio
is
m
er
tp
ou
ith
w
rt
pa
i n
or
l e
ho
w
in
n
ctio
du
ro
ep
.R
ly
on
u se
er
ld
ho
ake
St
&L
C
P
H
Learning check
Q1: What parameters must match for OSPF neighbors?
_______________________________________________________________________
d.
ite
ib
_______________________________________________________________________
oh
pr
_______________________________________________________________________
is
n
sio
_______________________________________________________________________
is
m
er
tp
_______________________________________________________________________
ou
ith
_______________________________________________________________________
w
rt
pa
Q2: What purpose does BFD serve in OSPF?
i n
_______________________________________________________________________
or
l e
ho
_______________________________________________________________________
w
in
n
_______________________________________________________________________
ctio
du
_______________________________________________________________________
ro
ep
.R
_______________________________________________________________________
ly
on
_______________________________________________________________________
use
er
Q3: Which type of area conceals the networks in all other areas from routers within
ld
ho
that area?
ke
_______________________________________________________________________
a
St
&L
_______________________________________________________________________
C
P
H
_______________________________________________________________________
_______________________________________________________________________
HP Networking Interoperability
Q4: What options can you set when you redistribute routes into OSPF?
_______________________________________________________________________
_______________________________________________________________________
d.
ite
ib
_______________________________________________________________________
oh
pr
is
_______________________________________________________________________
n
sio
is
_______________________________________________________________________
m
er
tp
Q5: Why would you tag IP routes when you redistribute them?
ou
_______________________________________________________________________
ith
w
rt
_______________________________________________________________________
pa
i n
or
_______________________________________________________________________
l e
ho
_______________________________________________________________________
w
in
n
_______________________________________________________________________
c tio
du
ro
_______________________________________________________________________
ep
.R
_______________________________________________________________________
ly
on
se
Q6: When you implement graceful restart, do all routers need to be aware of the
u
_______________________________________________________________________
ho
ke
_______________________________________________________________________
a
St
&L
_______________________________________________________________________
C
P
H
_______________________________________________________________________
_______________________________________________________________________
_______________________________________________________________________
d.
ite
ib
_______________________________________________________________________
oh
pr
is
_______________________________________________________________________
n
sio
is
_______________________________________________________________________
m
er
tp
_______________________________________________________________________
ou
ith
_______________________________________________________________________
w
rt
pa
_______________________________________________________________________
i n
or
e
_______________________________________________________________________
l
ho
w
Q8: How can you set up one router as the main router and the other router as a
in
n
_______________________________________________________________________
du
ro
ep
_______________________________________________________________________
.R
ly
_______________________________________________________________________
on
use
_______________________________________________________________________
er
ld
ho
_______________________________________________________________________
ake
St
_______________________________________________________________________
&L
C
_______________________________________________________________________
P
H
_______________________________________________________________________
HP Networking Interoperability
d.
ite
ib
oh
pr
is
n
sio
is
m
er
tp
ou
ith
w
rt
pa
i n
or
l e
ho
w
in
n
c tio
du
ro
ep
.R
ly
on
u se
er
ld
ho
ake
St
&L
C
P
H
d.
Module 11 objectives
ite
ib
oh
After completing this module, you will be able to configure network address
pr
translation (NAT) to:
is
Connect users with private addresses to the Internet
n
sio
Allow external access to internal servers with private addresses
is
m
Interconnect networks with overlapping addresses
er
tp
NOTES
ou
_________________________________________________________________________
ith
w
rt
_________________________________________________________________________
pa
i n
or
_________________________________________________________________________
l e
ho
_________________________________________________________________________
w
in
n
_________________________________________________________________________
c tio
du
_________________________________________________________________________
ro
ep
.R
_________________________________________________________________________
ly
on
se
_________________________________________________________________________
u
er
ld
_________________________________________________________________________
ho
ke
_________________________________________________________________________
a
St
&L
_________________________________________________________________________
C
P
H
_________________________________________________________________________
Rev. 11.12 11 –1
BitSpyder - The Culture of Knowledge
HP Networking Interoperability
d.
ite
Many-to-one NAT, also called Network Address Port Translation (NAPT) or
ib
Port Address Translation (PAT)
oh
pr
Many-to-many: NAT without PAT
is
Accessing internal servers with private addresses from the outside, using a NAT
n
io
interface
s
is
Managing overlapping networks with NAT
m
er
tp
Note
ou
NAT support is very limited on HP E-Series devices, so this module will cover
ith
NAT for Cisco and the HP A-Series devices. NAT is supported on most HP and
w
Cisco routers, but only on a limited number of switches. If working with a switch,
rt
be sure to verify that it supports NAT.
pa
i n
or
l e
ho
w
in
n
c tio
du
ro
ep
.R
ly
on
u se
er
ld
ho
ake
St
&L
C
P
H
11 –2 Rev. 11.12
BitSpyder - The Culture of Knowledge
d.
ite
10.1.1.18
ib
10.1.0.0/16
oh
S=15.6.7.8 :2001 D=X
S=10.1.1.18 :1031 D=X
pr
S=15.6.7.8 :2002 D=Y
is
10.1.7.13 S=15.6.7.8 :2003 D=Z
n
S=10.1.7.13 :1028 D=Y 15.6.7.8
io
Internet
s
is
10.1.8.22
m
S=10.1.8.22 :1027 D=Z
er
tp
Intranet
ou
ith
Figure 11-1: NAT and Internet access—Scenario 1
w
rt
pa
Dynamic NAT or NAPT is a variation of NAT. Because it allows multiple internal
addresses to be mapped to the same public IP address, it is called many-to-one NAT
i n
or address multiplexing. NAPT is based on both the IP address and the port number.
or
With NAPT, multiple IP source addresses are translated to the same public IP
l e
ho
(ACL). The NAT device determines the address to which source addresses are
n
tio
translated by either:
c
du
Selecting the IP address from pool of IP addresses, which might contain one or
several IP addresses
ly
on
NAPT has enabled companies to better utilize their IP address resources, providing
se
many internal devices access to the external network at the same time using only one
u
Rev. 11.12 11 –3
BitSpyder - The Culture of Knowledge
HP Networking Interoperability
d.
ite
Gig 1/1 Gig 1/2
10.1.1.254 15.6.7.8 Internet
ib
Intranet
oh
R1= Cisco
pr
interface gigabitethernet 1/1
ip address 10.1.1.254 255.255.255.0
is
ip nat inside
n
io
interface gigabitethernet 1/2
ip address 15.6.7.8 255.255.255.252
s
is
ip nat outside
m
access-list 10 permit 10.1.0.0 0.0.255.255
er
tp
ip nat inside source list 10 interface gig 1/2 overload
or
ou
ip nat inside source list 10 pool pool-corp123 overload
ith
ip nat pool pool-corp123 15.6.7.8 15.6.7.8 prefix 30
w
Figure 11-2: NAT and internet access—Scenario 1a
rt
pa
Figure 11-2 shows the Cisco commands for configuring NAT for this scenario.
in
or
e
l
ho
w
in
n
c tio
du
ro
ep
.R
ly
on
u se
er
ld
ho
ake
St
&L
C
P
H
11 –4 Rev. 11.12
BitSpyder - The Culture of Knowledge
d.
R1
ite
Int VLAN 100 Int VLAN 200
10.1.1.254 15.6.7.8 Internet
ib
Intranet
oh
pr
R1= HP A -Series
is
interface vlan-interface 100
ip address 10.1.1.254 24
n
io
OR
interface vlan-interface 200
s
interface vlan-interface 200
is
ip address 15.6.7.8 30 ip address 15.6.7.8 30
nat outbound 2001
m
nat outbound 2001 address-group 1
er
quit
nat address-group 1 15.6.7.8 15.6.7.8
tp
acl number 2001
rule permit source 10.1.0.0 0.0.255.255
ou
rule deny
ith
Figure 11-3: NAT and Internet access—Scenario 1-b
w
rt
pa
These are the commands for configuring NAT on an HP A-Series switch in a similar
scenario.
i n
or
NAPT configuration on the HP A-Series switch
l e
ho
The IP address to be translated, 10.1.0.0/16, is defined by the ACL. You can set the
w
c tio
You must then configure outbound NAT on the interface on which the traffic to
ro
be translated is forwarded after being routed. When you do, you specify the
ep
address group:
.R
ly
To the IP address of the interface to which you apply outbound NAT (this option
ld
Note
P
H
Rev. 11.12 11 –5
BitSpyder - The Culture of Knowledge
HP Networking Interoperability
d.
within a short time cannot process them quickly enough and cannot accept other
ite
normal connection requests. To avoid these situations, you can configure a
ib
oh
connection limit policy to limit the number of connections, connection rate, and
pr
connection bandwidth.
is
The limits to the connection rate and bandwidth cannot be specified at the same
n
io
time.
s
is
If an option is not configured in the connection limit policy, the global
m
er
configuration settings will be used instead.
tp
For user connections not covered in the connection limit policy, the global
ou
ith
w
Follow these steps to configure this option:
rt
pa
1. Configure a connection limit policy. In this example, the policy limits user
n
connections from 10.1.10.100. Set the upper and lower limits to 1000 and 200
i
or
respectively.
l e
ho
[HP-A-acl-basic-2002] quit
c
du
[HP-A-connection-limit-policy-1] quit
ly
11 –6 Rev. 11.12
BitSpyder - The Culture of Knowledge
d.
internal servers with private IP addresses. The external devices contact the internal
ite
servers at public IP addresses, and the NAT device translates the destination address
ib
to the internal server’s actual private IP address. The first scenario features one-to-one
oh
destination NAT, and the second features one-to-many destination NAT.
pr
is
n
sio
is
m
er
tp
ou
ith
w
rt
pa
i n
or
l e
ho
w
in
n
ctio
du
ro
ep
.R
ly
on
use
er
ld
ho
ake
St
&L
C
P
H
Rev. 11.12 11 –7
BitSpyder - The Culture of Knowledge
HP Networking Interoperability
d.
ite
FTP 10.1.1.101
10.1.0.0/16
ib
S=X D=15.6.7.1:21
oh
S=X D=10.1.1.101:21 S=Y D=15.6.7.2:80
pr
Web 1 10.1.1.102
S=Z D=15.6.7.3:8080
is
S=Y D=10.1.1.102:80 15.6.7.1
n
io
15.6.7.2 Internet
s
Web 2 10.1.1.103 15.6.7.3
is
m
S=Z D=10.1.103:80
er
tp
Intranet
ou
ith
Figure 11-4: Internal servers and NAT—Scenario 2
w
rt
This scenario features static destination NAT, which you must sometimes use with
pa
dynamic source NAT.
i n
Dynamic source NAT hides the internal network structure, including the identities of
or
internal hosts. However, in practice, external hosts often need to access internal hosts
l e
ho
With this form of NAT, you can deploy an internal server easily and flexibly. For
in
instance, you can use 15.6.7.1 as the Web server’s external address and 15.6.7.2 as
n
tio
the FTP server’s external address. You can even use an address like 15.6.7.3:8080
c
When a packet intended for an internal server arrives, NAT translates the destination
ep
address in the packet to the private IP address of the internal server. When a
.R
response packet from the internal server arrives, NAT translates the source address (a
ly
private IP address) of the packet into a public IP addresses mapped to the same
on
11 –8 Rev. 11.12
BitSpyder - The Culture of Knowledge
HP Networking Interoperability
R1= HP A -Series
interface vlan-interface 100
ip address 10.1.1.254 24
This slide shows the same NAT configuration on an HP A-Series device. Notice that
the NAT commands are configured on the VLAN interface that faces the Internet. (If
you were configuring NAT on an HP A-Series router, you would configure the NAT
commands on the routed physical interface.)
You indicate that you are configuring static destination NAT by using the nat server
command shown in the slide. As you see, you specify the publically known IP
address for the global address and the server’s actual IP address for the inside
address.
The HP A-Series devices automatically implement source NAT for the reverse traffic
from the servers to the Internet clients.
S=Z D=15.6.7.8:8080
Intranet
Internet
IP NAT port forwarding is typically used in small networks or small divisions of larger
networks when only one public IP is available. The IP address of the router facing the
Internet becomes the “Internet interface.”
When a packet intended for an internal server arrives, NAT translates the destination
address in the packet to the private IP address of the Internet interface of the router.
When a response packet from the internal server arrives, NAT translates the source
address (a private IP address) of the packet into a public IP addresses mapped to the
same external IP address with different port numbers.
HP Networking Interoperability
10.1.3.140
10.1.0.0/16
DNS request for DNS response
www.corp123.com 15.6.7.8
DNS response DNS server
10.1.1.101 15.6.7.8:21
15.6.7.8:80
15.6.7.8:25 Internet
www.corp123.com 15.6.7.8:8080
10.1.1.101
Intranet
Internal server
Very often servers get their IP addresses from an external DNS server that belongs to
an Internet Service Provider (ISP) or to another company.
DNS mapping
You can specify an external IP address and port number for an internal server on the
public network interface of a NAT gateway, so that external users can access the
internal server using its domain name or pubic IP address.
An internal host may want to access an internal server on the same private network
by using its domain name, while the DNS server is located on the public network.
Typically, the DNS server will reply with the public address of the internal server to
the host. However, without relevant processing of the NAT device, the host cannot
access the internal server using its domain name. In this case, the DNS mapping
feature can solve the problem.
A DNS mapping entry records the domain name, public address, public port
number, and protocol type of an internal server. Upon receiving a DNS reply, the
NAT-enabled device matches the domain name in the message against the DNS
mapping entries. If a match is found, the private address of the internal server is
found and NAT replaces the public IP address in the reply with the private IP
address. Then, the host can use the private address to access the internal server.
R1= Cisco
interface gigabitethernet 1/1 interface gigabitethernet 1/2
ip address 10.1.1.254 255.255.255.0 ip address 15.6.7.8 255.255.255.252
ip nat inside ip nat outside
HP Networking Interoperability
With DNS mapping, an internal host can access an internal server on the same
private network by using the domain name of the internal server when the DNS
server resides on the Internet.
Use the nat dns-map command to map the domain name to the public network
information of an internal server.
Use the undo nat dns-map command to remove a DNS mapping. Currently, the
device supports up to 16 DNS mappings.
display nat dns-map is a related command.
HP Networking Interoperability
Overlapping networks—Scenario 4
10.1/16 10.1/16
S 10.111.3.18
1 S 10.1.3.18 D 10.222.2.200 S 10.111.3.18
D 10.222.2.200 D 10.1.2.200
When two networks are merged, they may have overlapping IP subnets.
Consequently, the two networks cannot be joined without causing IP address
conflicts. Rather than changing IP addressing, companies may want to use NAT
translate IP addresses so that each network appears to be unique.
In the above figure, Network 1 and 2 have the same IP subnet 10.1.0.0/16. With
NAT, Network 1 can “see” Network 2 as a unique network (10.222/16), and
Network 2 can “see” Network 1 as a unique network (10.111/16).
In the example above, node 10.1.3.18 in Network 1 tries to reach a server in
Network 2, which it sees the network as10.222.2.200. (The server is really
10.1.2.200 in its own network.) The server IP address may be provided by the DNS
response and translated by NAT if the DNS server is in Network 2. Or the server’s
address in Network 2 can already be assigned a “NATed” address in the local
DNS.
When a packet is routed by R1, source 10.1.3.18 is NATed to 10.111.3.18 and
forwarded to R2. When a packet is routed by R2, the destination 10.222.2.200 is
NATed to 10.1.2.200 and forwarded in Network 2.
Note that while you are applying NAT, you can start changing your IP addresses.
You can pick IP addresses in the range you use for NAT. This will make use of the
static routes you have to put in place for routing from Network 1’s real IP addresses
to Network 2’s NATed IP addresses and vice-versa.
For example, if you start changing IP addresses in Network 2, you can use some
subnets of 10.222/16 to start replacing the IP addresses of the node. These subnets
must not overlap with the pool you use on R2 to NAT addresses. They won’t be
NATed by R2 when routed, but they will be when entering R1. Or you can use a new
range of IPs for each side and then you must create new IP routes.
If each side has its own DNS server, NAT can also translate the DNS response when
sent to the other network.
For example, if a server account corp123.com with IP 10.1.1.100 is in Network 1,
when the DNS on Network 1 side responds to the DNS request coming from
Network 2, the IP address 10.1.1.100 will be translated by R1 to 10.111.1.100. So
server account corp123.com will appear to Network 2 with the IP address
10.111.1.100.
HP Networking Interoperability
Overlapping networks—Scenario
pp g 4a
10.1/16 translated into 10.11/16
10.1/16 10.1/16
S 10.222.4.77
S 10.222.4.77 D=10.111.1.100 S 10.1.4.77 2
D=10.1.1.100 D=10.111.1.100
1 S 10.1.1.100 S 10.111.1.100
D=10.222.4.77 S 10.111.1.100 D=10.1.4.77
D=10.222.4.77
Overlapping networks—Scenario 4b
As seen by Network 1:
10.1/16 10.222/16
R1 R2
Network1 Network2 1
As seen by Network2 : 10.1/16
10.111/16
Gig 1/0/1 Gig 1/0/2 Int vlan 100 Int vlan 200
10.1.1.254 10.3.1.1/24 10.3.1.2/24 10.1.1.2
HP Networking Interoperability
Overlapping networks—Scenario 4c
As seen by Network 1:
10.1/16 10.222/16
R1 R2
Network 1 Network 2 1
As seen by Network 2 : 10.1/16
10.111/16 Gig 1/1 Gig 1/2 Gig 1/2
10.1.1.254 10.3.1.1 10.3.1.2
HP Networking Interoperability
Overlapping networks—Scenario
g 4d
As seen by Network 1:
10.1/16 10.222/16
R1 R2
Network1 Network2 1
As seen by Network2 : 10.1/16
10.111/16
Int vlan 100 Int vlan 200 Int vlan 100
Int vlan 200
10.1.1.254 10.3.1.1 10.1.10.254
10.3.1.2
interface vlan-interface 100
ip address 10.1.1.254 24 R1= HP A -Series
interface vlan-interface 200
ip address 10.3.1.1 30
nat outbound 2001 address-group 1 no-pat
Module 11 summary
In this module, you have learned how to configure NAT for various practical
scenarios. Write down any thoughts you may have while your facilitator reviews the
content of this module.
_______________________________________________________________________
_______________________________________________________________________
_______________________________________________________________________
_______________________________________________________________________
_______________________________________________________________________
_______________________________________________________________________
_______________________________________________________________________
_______________________________________________________________________
_______________________________________________________________________
_______________________________________________________________________
_______________________________________________________________________
_______________________________________________________________________
_______________________________________________________________________
_______________________________________________________________________
_______________________________________________________________________
_______________________________________________________________________
HP Networking Interoperability
Learning check
Q1: What is the difference between dynamic NAT and NAPT?
___________________________________________________________________
___________________________________________________________________
___________________________________________________________________
___________________________________________________________________
___________________________________________________________________
___________________________________________________________________
___________________________________________________________________
___________________________________________________________________
Q2: What is required to access (from the outside) an internal server set with a
private address?
___________________________________________________________________
___________________________________________________________________
___________________________________________________________________
___________________________________________________________________
___________________________________________________________________
___________________________________________________________________
___________________________________________________________________
___________________________________________________________________
___________________________________________________________________
11 –24 Rev. 11.12
BitSpyder - The Culture of Knowledge
___________________________________________________________________
___________________________________________________________________
___________________________________________________________________
___________________________________________________________________
___________________________________________________________________
___________________________________________________________________
___________________________________________________________________
___________________________________________________________________
___________________________________________________________________
___________________________________________________________________
___________________________________________________________________
___________________________________________________________________
___________________________________________________________________
___________________________________________________________________
___________________________________________________________________
___________________________________________________________________
HP Networking Interoperability
Module 2
Activity and discussion question answers
Management scenario 1
Q: What minimal switch parameters should you configure to allow discovery by
IMC?
A: The switch must be configured with:
System name, or hostname (all switches have a name by default)
IP address, preferably dynamic
SNMP communities
Although open Telnet access is not necessary for IMC to discover the device, it can
be helpful to enable Telnet access so that you can easily access and configure the
switch.
Rev 11.12
BitSpyder - The Culture of Knowledge
Q3: What commands can you use to access logging on the terminal?
A3: In the terminal session at user view level:
<hp>terminal monitor
You can select what display is shown with:
<hp>terminal logging
Enabled by default
<hp>terminal debugging
Disabled by default
<hp>terminal trapping
Enabled by default
Rev 11.12
BitSpyder - The Culture of Knowledge
Rev 11.12
BitSpyder - The Culture of Knowledge
Q3: You want to force management users for your Cisco and HP A-Series switches to
log in to the CLI using SSH. What steps must you complete on each type of switch?
The steps are similar on both switches. You must generate a public/private keypair,
enable SSH, and specify SSH as the protocol for the virtual management interfaces
(VTY). You should also configure an authentication method for management access.
You could configure the management users to authenticate to a local list of users, as
you learned in this module, or you can have users enter a password or authenticate
to a RADIUS server. And you should also set the privilege level for the management
users (if they authenticate locally).
Module 3
Activity and discussion question answers
VLAN configuration on Cisco: Access and voice ports
Q1: How do you list VLANs?
A2: For a quick view on port status, enter . For a more detailed
view, enter .
A3: Enter .
Q4: Would you enable all VLANs on trunk ports in a mixed environment with HP
and Cisco switches?
A4: The main issue with assigning all VLANs on trunk ports is that it extends the
broadcast domain VLANs to the overall LAN. That will not be an issue if not all
VLANs are created on all switches; it happens in the case of dynamic learning with
VTP and GVRP. With static configuration, the learning can be better controlled and
then all VLANs can be permitted on trunk ports.
Module 4
Activity and discussion question answers
MSTP regions—Review 1
Q1: What MSTP parameters must be set consistently on all switches for them to be in
the same MSTP region?
A1: The region name (case sensitive), the revision number, and the mapping between
instances and VLANs must match EXACTLY.
Q2: What are the default MSTP parameters?
A2: Region name: MAC address of the switch; revision number: 0; mapping of
instance to VLAN: all VLANs in instance 0.
Q3: Why would you want all switches to be in the same MSTP region?
A3: The main reason for placing all switches in the same region is to get load
balancing on uplinks on a per-instance basis. If you are not worried about load-
balancing because you have enough network bandwidth, you might also put all
switches in the same region to keep the configuration consistent.
MSTP regions—Review 2
Q1: If there is a mistake in the switch’s MSTP configuration, what happens?
A1: When region parameters do not match between switches, each switch becomes
its own region, and they interoperate in the common spanning tree, which functions
like RSTP.
Q2: Besides mistakes in the region name or revision number, what conditions could
result in switches being in different regions?
A2: The following situations result in switches being in different regions:
When MSTP is enabled on a switch but MSTP parameters have not been
configured, the region name is by default the MAC address of the switch. This
can be a valid setup if the load balancing effect between instances is not
desired.
The VLAN mapping to instances do not match—a situation that occurs if VLANs
are added or deleted and have not been mapped to an instance in advance. A
best practice is to set the mapping in advance to avoid this situation.
Rev 11.12
BitSpyder - The Culture of Knowledge
MSTP BPDUs—Review 4
Q1: Are MSTP BPDUs tagged?
A1: No, they are untagged. This is very different from PVST. Note that RSTP and STP
BPDUs are also untagged.
Q2: Are MSTP BPDUs attached to a VLAN?
A2: Absolutely not. The MSTP BPDUs are non-VLAN specific, and an untagged VLAN
may or may not exist on the link over which MSPT BPDUs are sent.
Q3: On a trunk port, is it required to set an untagged VLAN for MSTP BPDUs?
A3: No. MSTP BPDUs, as well as RSTP and STP BPDUs, will be sent on the link
whether or not a native VLAN or untagged VLAN exist on the link.
Q4: What is the destination MAC address of an MSTP BPDU?
A4: 01:80:c2:00:00:00 is a bridge MAC address. The switch is the destination for
that MAC address when MSTP is enabled.
Q5: Does each MSTP BPDU carry information about all instances?
A5: Yes. Switches outside of the MSTP region will only use the CIST parameters,
which are included in the STP/RSTP backward-compatible portion of the BPDU, but
the MSTP BPDU includes information about all instances.
Rev 11.12
BitSpyder - The Culture of Knowledge
Rev 11.12
BitSpyder - The Culture of Knowledge
Rev 11.12
BitSpyder - The Culture of Knowledge
Q2: How can you ensure that this link stays active?
There are several solutions:
Because VLAN 100 is on a unique link and does not create any loops, one idea
is to disable MSTP on that link only. However, this opens the risk that, if
someone later extends VLAN 100 to the rest of network or creates a trunk that
permits all VLANs, a loop will develop in VLAN 100. In other words, you can
disable MSTP only if you carefully control the VLANs permitted on each trunk.
Instead of disabling MSTP on the link, on HP A-Series switches, you can ignore
the STP results for the VLANs in which you are sure loops do not exist:
[HP-A] stp ignored vlan 100,200
Because the topology is instance based, you can create a dedicated instance to
VLAN 100 with both switches at the end of the link being the root and
secondary root.
Pros of this solution:
Easy to setup
Cons of this solution:
You must create this instance on all switches in the MSTP region, which
is not scalable. If multiple links in the datacenter require this setup for
keepalives, it will require setup of many instances. In addition to being
inconvenient, there is also a capacity issue, as the number of instances
is limited to 16 or 32, depending on the platform.
You can include this link in an existing instance, and then change the
cost to make sure the root port of the instance is on that link. Note that
all other VLANs of the instance should be defined on that link as well.
If instance 0 does not contain any of your “active VLANs,” you may
leave VLAN 100 on that link in instance 0 and change only the cost
setup for instance 0.
Why dedicate a link for keepalives? Why not make that VLAN
dedicated to keepalives part of the other uplinks and of an existing
instance? That would drastically simplify instance setup. A simpler and
safer solution is to remove that dedicated link.
MSTP setting—Activity
Q1: Is MSTP active on the links that carry routed traffic on VLANs 100 and 200?
A1: Yes, MSTP is active on all links once spanning tree is enabled (MSTP is the
default version for spanning tree). Those ports are boundary ports for both MSTP
regions.
Rev 11.12
BitSpyder - The Culture of Knowledge
Rev 11.12
BitSpyder - The Culture of Knowledge
Module 5
Activity and discussion question answers
Cisco PVST+: Which BPDUs are sent on access ports?
Q1: Which setup would you recommend for Voice over IP (VoIP) ports?
A1: Because VoIP ports do not send BPDUs, you might need to protect against loops
in case a standard switch is connected to such a port. You can either define the port
as a trunk instead of a VoIP port, or you can define it as a VoIP port and set BPDU
guard on it.
Rev 11.12
BitSpyder - The Culture of Knowledge
Rev 11.12
BitSpyder - The Culture of Knowledge
BPDU B:
Cisco switch 1 inspects BPDU B and sends a PVST+ BPDU, forcing the other
side to fall back to this type.
Cisco switch 2 inspects BPDU B and sends the same type of BPDU.
HP switch 3 forwards BPDU B without inspecting it because the BPDU does
not have a MAC address that the switch recognizes for STP BPDU. For its
part, the switch sends untagged MSTP BPDUs.
HP switch 4 forwards BPDU B without inspecting it because the BPDU does
not have a MAC address that the switch recognizes for STP BPDU. For its
part, the switch sends untagged RSTP BPDUs.
BPDU C:
Cisco switch 1 drops BPDU C because VLAN 1 is not allowed on this port.
This switch does not send standard STP BPDUs either.
Cisco switch 2 inspects BPDU C because VLAN 1 is allowed on this port.
For its part, it sends untagged RSTP BPDUs.
HP switch 3 inspects BPDU C and sends an MSTP BPDU, which is backward
compatible with STP.
HP switch 4 inspects BPDU C and sends an RSTP BPDU, which is backward
compatible with STP.
BPDU D:
Cisco switch 1 drops BPDU D because VLAN 1 is not allowed on this port.
This switch does not send standard RSTP BPDUs either.
Cisco switch 2 inspects BPDU D because VLAN 1 is allowed on this port. It
also sends untagged RSTP BPDUs.
HP switch 3 inspects BPDU D and sends an MSTP BPDU, which is backward
compatible with RSTP.
HP switch 4 inspects BPDU D and sends an RSTP BPDU.
BPDU E:
Cisco switch 1 drops BPDU E because VLAN 1 is not allowed on this port.
This switch does not send any standard STP/RSTP/MSTP BPDUs.
Cisco switch 2 inspects BPDU E because VLAN 1 is allowed on this port (it
inspects only the CIST parameters included in the RSTP backward-
compatible portion of the BPDU). For its part, it sends untagged RSTP
BPDUs.
HP switch 3 inspects BPDU E and sends an MSTP BPDU.
HP switch 4 inspects BPDU E (only the CIST parameters) and sends an RSTP
BPDU.
Rev 11.12
BitSpyder - The Culture of Knowledge
PVST+ quiz
Q1: What is the cost of a gigabit link in PVST+?
A1: The cost is 4 for a Gigabit link, 19 for Fast Ethernet, and 2 for10 Gig. Note that
the costs are the same in Rapid PVST+. To be aligned with standard RSTP and MSTP
(Gig: 20 000), you must use the command.
Q2: Why does Cisco recommend not allowing all VLANs on a trunk port when
running PVST+?
A2: If trunks are configured with all VLANs permitted, then PVST is going to run as
many STP instances as there are VLANs created on the switch, even if that switch
does not contain any edge ports in that VLAN. Cisco recommends only allowing
VLANs that exist on the switch onto the trunk in order to reduce the CPU overhead
due to BPDU per VLAN. Note that in MSTP this overhead does not exist.
Q3: Does Rapid PVST+ implement the “uplinkfast,” or “backbonefast,” Cisco’s fast
STP feature?
A3: No, Rapid PVST+ implements the fast convergent and imbedded mechanisms of
RSTP.
Rev 11.12
BitSpyder - The Culture of Knowledge
Q2: Does setting the path cost method on the Cisco switches to long change the
topology?
A2: When you configure this option on the Cisco switches, all costs in this scenario
are now 20 000.
The root path cost for HP C will be 20 000 on uplink 1 and 20 000 + 20
000= 40 000 on uplink 2.
Therefore, the root port is uplink 1, and the alternate port is uplink 2.
The topology is the same as in the previous case.
Rev 11.12
BitSpyder - The Culture of Knowledge
Q2: Under what circumstances, would you configure the MSTP region settings?
A2: If you plan to convert Cisco switches to MSTP later, it makes sense to enter the
right configuration on the HP switches now.
PVST+/STP interoperability—Scenario 2
Q1: Does traffic from Cisco C experience the PVST+ load balancing effect on uplinks
to the aggregation layer?
A1: Yes. Cisco C’s root port is different for different VLANs, so it forwards traffic over
different links in those VLANs.
Q2: Does traffic from HP Switch D experience this effect?
A2: With the configuration left as it is, the HP switch’s traffic does not experience the
load balancing effect. The blocked port blocks traffic in all ports, so one link carries
all traffic.
The drawback of this setup is the added burden on the link between Cisco A and
Cisco B. In order for VLAN 12 and 13 traffic to reach the default gateway that
resides on Cisco B, the traffic has to cross the link between Cisco A and B.
Q3: Can you obtain load balancing for HP D?
A3: Yes. (The rest of the scenario taught you how; see the next questions and
answers.)
Rev 11.12
BitSpyder - The Culture of Knowledge
Rev 11.12
BitSpyder - The Culture of Knowledge
Rev 11.12
BitSpyder - The Culture of Knowledge
Rev 11.12
BitSpyder - The Culture of Knowledge
Q3: If HP A and B are root and secondary root in the CST, what are the root port
and alternate ports in VLAN1 on Cisco switches?
A3: The root ports are the ports that connect to the HP A, which is the root in the IST.
Assuming that the links have equal bandwidth, each link has the same path cost
(because the Cisco switches are using the long option for path cost method).
Therefore, the path to the neighbor with the higher priority, in this case HP B for each
Cisco switch, is preferred. Thus the Cisco switches block their ports that connect to
HP B.
Q4: What happens if the long path cost method is not enabled?
A4: If the Cisco switches do not use the long path cost method, their ports have a
lower path cost than the HP B switch ports. Therefore, the HP B switch would block
the ports that connect to the Cisco switches rather than the opposite.
Rev 11.12
BitSpyder - The Culture of Knowledge
Module 6
Activity and discussion question answers
Reminder: With IRF STP is unnecessary
Q1: What are the key advantages of using IRF for redundancy?
A1: There is no need to implement STP. Logically, this solution looks like a single
star topology.
IRF is easy to configure, easy to manage, and easy to maintain.
IRF makes the switches in the stack look like one virtual switch.
IRF interoperates well with most managed switches: link aggregation to IRF can
be static or LACP based.
Q2: Why would you enable STP in an IRF architecture?
A2: IRF typically creates an architecture without loops because links to different
switches within the IRF are treated as aggregated links. However, if someone
accidently connects cables to the wrong ports, it is possible for loops to emerge.
Therefore, you might want to implement STP with the IRF architecture.
Rev 11.12
BitSpyder - The Culture of Knowledge
Rev 11.12
BitSpyder - The Culture of Knowledge
Module 7
Learning check answers
Q1: What feature(s) prevent loops that can occur on edge ports?
A1: Loop protection (or loop protect) on HP E-Series devices.
Q2: Are UDLD on Cisco and DLDP on HP-A series switches interoperable?
A2: No.
Rev 11.12
BitSpyder - The Culture of Knowledge
Module 8
Activity and discussion question answers
IRF, Link aggregation and interoperability: IRF in the distribution level
Q1: Would you enable STP?
A1: The overall design with IRF does not require STP. However, the IRF design does
not prevent local loops due to incorrect cabling. Enabling MSTP as well as hardening
STP on the edge with BDPU guard may prevent accidental loops at the edge.
To keep STP functionality at the edge and to avoid compatibility issues due to a
different form of STP (such as Cisco PVST or MSTP) being used, you can filter BPDUs
with BPDU filter or by disabling STP per port.
In the scenario, IRF is set in the aggregation, or distribution, layer. Although IRF can
be placed at all levels, in the distribution layer, IRF provides a way to link to Cisco
devices either in access or in core, allowing you to completely remove STP.
Rev 11.12
BitSpyder - The Culture of Knowledge
IRF, link aggregation and interoperability: IRF in the distribution and access
layers
Q1: Do you need to configure VRRP?
A1: An IRF acts as a single L2 and L3 switch. There is no need for VRRP because the
IP addresses and the IP forwarding table are fully distributed on IRF members. The IP
forwarding plane is fully managed by line cards hardware based on the FIB table
that is loaded from the master switch. On the control plane, the routing table (RIB) is
set by the master switch using local networks, static routes and routing protocols.
Module 9
Activity and discussion question answers
Virtual IP concepts
Q1: List the virtual protocols with which you are familiar. State which are proprietary
and which are industry-standard.
A1: Virtual IP protocols include:
Cisco HSRP
Cisco GLPB
VRRP
Both HSRP and GLBP are proprietary protocols implemented in Cisco devices. VRRP
is standard based, so various vendors’ equipment can interoperate.
Rev 11.12
BitSpyder - The Culture of Knowledge
Rev 11.12
BitSpyder - The Culture of Knowledge
Rev 11.12
BitSpyder - The Culture of Knowledge
Rev 11.12
BitSpyder - The Culture of Knowledge
Rev 11.12
BitSpyder - The Culture of Knowledge
Module 10
Activity and discussion question answers
OSPF neighboring—Scenario 1-1
Q1: What conditions must two routers meet to become OSPF neighbors? For each
condition that you list, check that setting on the routers in this example. Circle any
incorrect settings and replace them with the correct setting.
A1: For two routers to become OSPF neighbors, they must meet the following
conditions on the communicating IP interfaces:
Same IP subnet
A subnet contained within a larger subnet also applied. For example, R2 has a
/30 IP address within the space of the other routers’ /24 subnet. It can still
become those routers’ neighbor.
Same OSPF area
In this example, all routers have their IP interfaces in area 0 except R3. (Circle
that setting on R3 and change it to area 0.)
Same timers
All of the routers except R4 are using the default Hello and Dead interval timers:
Hello = 10 seconds
Dead Interval = 40 seconds
R4 has a Dead Interval of 30 seconds, so it would not become a neighbor with
the other routers. (Circle that setting on R4 and change it to 40 seconds.)
Same network type
On Ethernet interfaces, the default setting is Broadcast. All of the routers in this
example are using this setting except R2, which is set to Point to Point (P2P).
(Circle that setting on R2 and change it to Broadcast.)
The network type depends on the Layer 2 protocol:
Ethernet interfaces—As mentioned, the default setting is Broadcast, which
indicates that Layer 2 network includes broadcast traffic. You can also
configure Ethernet interfaces as P2P, which indicates that the network
includes only two devices connected on a single routed Ethernet interface.
The P2P setting speeds convergence because the routers do not need to
elect a designated router.
Rev 11.12
BitSpyder - The Culture of Knowledge
Layer2 networks such as ATM and Frame Relay, provide more options for
the type:
P2P
Non Broadcast Multi Access (NBMA)
Point to Multipoint in Multicast (P2MP)
Unicast (P2PM In Unicast)
Same authentication method and password
None of these routers implement authentication, so all of them meet this
condition.
Rev 11.12
BitSpyder - The Culture of Knowledge
Rev 11.12
BitSpyder - The Culture of Knowledge
Rev 11.12
BitSpyder - The Culture of Knowledge
Also fill in the blanks to indicate how the ABR (R1) will summarize the routes:
R1 aggregates the routes in area 0 into a single route to 10.0.0.0/16 and advertises
this route to routers in area 1.
R1 aggregates the routes in area 1 into a single route to 10.1.0.0/16 and advertises
this route to routers in area 0
Rev 11.12
BitSpyder - The Culture of Knowledge
Rev 11.12
BitSpyder - The Culture of Knowledge
Q2: What command can you enter to verify that the Cisco R2 has properly
redistributed (or imported) the routes?
A2: show ip ospf database external
Q3: What command can you enter to verify that the routes to the external networks
have been summarized?
A3: You can enter show ip route on R1 to verify that this router received the
summarized route. On Cisco switches, the router that summarizes the route (R2 in this
example) also creates a route for the summarized networks with null as the
forwarding interface. You can enter show ip route on R2 to look for that route.
Q4: This configuration sets metric type 1 for the redistributed routes. What purpose
does this configuration serve, and how could you change the metric type?
A4: This configuration indicates that routers will increment the cost for the
redistributed (external) route as it is advertised. You can change the metric type with
these commands:
Router ospf 1
redistribute connected metric-type 2 subnets
Rev 11.12
BitSpyder - The Culture of Knowledge
Q2: This configuration sets metric type 1 for the redistributed routes. What purpose
does this configuration serve? Why might you select type 1 rather than type 2?
A2: Metric type 1 means that the cost for the route is incremented as it is advertised.
With type 2, the redistributed (external) route is assigned an initial cost that never
changes.
The type does not matter if only one path exists for the route. If multiple paths for a
specific network exist, then using type 1 metrics for redistributed routes to that
network enables routers to select the shortest path. If you use type 2, the cost is equal
for all paths. (However, routers will still select the path through the closest ASBR that
redistributed the route.)
Rev 11.12
BitSpyder - The Culture of Knowledge
Rev 11.12
BitSpyder - The Culture of Knowledge
Module 11
Learning check answers
Q1: What is the difference between dynamic NAT and NAPT?
A1: NAPT or PAT (port address translation) is a variation of dynamic NAT. To
configure dynamic NAT (many to many), you define a pool of IP addresses for the
NAT addresses. Each inside IP address is translated to an IP address of the pool.
With PAT or NAPT, there are a few inside source IP addresses and a source port that
is translated to the external IP address –usually the Internet or Public IP of the
router/firewall/gateway. This helps save a lot of public IP addresses, while enabling
Internet access for corporate clients.
Rev 11.12
BitSpyder - The Culture of Knowledge
Q2: What is required to access (from the outside) an internal server set with a
private address?
A2: A NAT setting is required that is going to translate the packets coming from
Internet clients: the few destination IP ports will be translated to an internal
destination IP port that defines the service on the server. When the DNS server is
outside and some inside nodes want to access the server, NAT translation of the
DNS payload can also be enabled.
Q3: What is the benefit of such a configuration?
A3: NAT and forwarding to the inside is restricted to the IP and ports for which NAT
has been defined.
Q4: In what situation would you use static NAT?
A4: Static NAT is used for accessing servers that are set with their private address
and for overlapping networks.
Rev 11.12
BitSpyder - The Culture of Knowledge
Rev 11.12
BitSpyder - The Culture of Knowledge