laboratórios
DESCRIPTION
SwTRANSCRIPT
Av. França, 735 - Porto Alegre, RS - 90230-220 Suporte Técnico: 51 3358 0122
www.datacom-telematica.com.br Página 1 de 35
Laboratórios DmSwitch 3000 e DM4000
Av. França, 735 - Porto Alegre, RS - 90230-220 Suporte Técnico: 51 3358 0122
www.datacom-telematica.com.br Página 2 de 35
Sumário
Lab 1: Funções de Ajuda do CLI ................................................................................... 3 Lab 2: SNMP ................................................................................................................ 6 Lab 3: ACLs .................................................................................................................. 7 Lab 4: Criação e Autenticação de Usuário .................................................................... 8 Lab 5: VLAN................................................................................................................. 9 Lab 6: RSTP (Rapid Spanning Tree) ............................................................................. 11 Lab 7: MSTP (Multiple STP) ........................................................................................ 14 Lab 8: EAPS................................................................................................................ 22 Lab 9: QinQ (Double Tagging de VLAN) ..................................................................... 29 Lab 10: Link Aggregation ......................................................................................... 32
Av. França, 735 - Porto Alegre, RS - 90230-220 Suporte Técnico: 51 3358 0122
www.datacom-telematica.com.br Página 3 de 35
Lab 1: Funções de Ajuda do CLI
1.1 Logar no DmSwitch como usuário privilegiado usando o login e senha padrão de fábrica
DmSwitch3000 login: admin
Password: admin
DmSwitch3000#
1.2 Digite um ponto de interrogação “?” no prompt para ter acesso a lista de comandos disponíveis com uma breve descrição.
DmSwitch3000#[?]
clear Clear functions clock Manage the system clock configure Configure parameters copy Copy configuration or image data debug Enable process debugging diff Compare configurations erase Erase flash data exit Exit session help Obtain a description of the interactive help system light Light LEDs to show unit information no Override parameters ping Send echo messages reboot Perform a warm restart select Select startup firmware and configuration show Show running system information telnet Open a telnet connection terminal Set terminal line parameters traceroute Traceroute to destination unit Select the default unit to be used in the terminal
1.3 Ou digite duas vezes a tecla “TAB” para ver a lista em um formato simplificado.
DmSwitch3000#[TAB][TAB]
clear debug help reboot terminal clock diff light select traceroute configure erase no show unit copy exit ping telnet
1.4 Acesse o modo de configuração global através do comando configure. O DmSwitch suporta comandos abreviados, ou seja, não é necessário digitar todo o comando, desde que não haja outro comando que inicie com a mesma sintaxe.
DmSwitch3000#con[ENTER]
DmSwitch3000(config)#
1.5 Caso não tenha certeza da sintaxe correta do comando, utilize o “?” ou a tecla “TAB”
DmSwitch3000#co[TAB][TAB]
configure copy
DmSwitch3000#con[TAB]
DmSwitch3000#configure[ENTER]
DmSwitch3000(config)#
1.6 Alterar o nome do DmSwitch para SWA através do comando hostname.
DmSwitch3000(config)#hostname [?]
<text> This system's hostname
Av. França, 735 - Porto Alegre, RS - 90230-220 Suporte Técnico: 51 3358 0122
www.datacom-telematica.com.br Página 4 de 35
DmSwitch3000(config)#hostname SWA [?]
<enter> no further known parameters
DmSwitch3000(config)#hostname SWA [ENTER]
SWA(config)#
1.7 Para visualizar os comandos já digitados, pressione [SETA PARA CIMA] ou Ctrl+P para ver os comandos começando com os mais recentes, [SETA PARA BAIXO] ou Ctrl+N para retornar, ou o comando show history para ver todos já digitados.
SWA(config)#show history
1: configure 2: hostname SWA 3: show history SWA(config)#
1.8 A saída do comando show <parâmetro>, pode ser alterada para apresentar somente as linhas que se deseja visualizar. O “|” (pipe) é usado para modificar a saída.
SWA(config)#show history [?] | Output modifiers <enter> SWA(config)#show history | [?] begin Print lines which beginning matches a pattern exclude Print lines unmatching a pattern include Print lines matching a pattern <enter> SWA(config)#show history | include host [ENTER] 2: hostname SWA 4: show history | include host SWA(config)#
1.9 Por padrão, um terminal de configuração possui 24 linhas, no entanto, o resultado de alguns comandos pode reproduzir mais do que 24 linhas. Neste caso, na última linha aparecerá um “—MORE—“, indicando que há mais informações a serem visualizadas. Para correr mais uma tela, tecle na barra de espaços [SPACE], para correr três telas de uma só vez tecla em [SETA PARA BAIXO], para visualizar as próximas linhas, uma de cada vez tecle [ENTER] e para retornar ao prompt sem exibir o restante das informações tecle a letra [q].
DmSwitch3000(config)#show interfaces status [ENTER] Information of Eth 1/1 Basic information: Port type: 100TX MAC address: 00:04:DF:10:44:86 Configuration: Name: Port admin: Up Speed-duplex: Auto Capabilities: 10M half, 10M full, 100M half, 100M full Flow-control: Disabled MDIX: Auto Slow Protocols MAC: Standard LACP: Disabled OAM: Disabled Loopback Detection: Enabled - Unblock hysteresis: 30 sec Link-Flap Detection: Enabled - Unblock hysteresis: 30 sec Current status: Link status: Down Information of Eth 1/2
Av. França, 735 - Porto Alegre, RS - 90230-220 Suporte Técnico: 51 3358 0122
www.datacom-telematica.com.br Página 5 de 35
Basic information: Port type: 100TX --More--
1.10 A opção de paginação do terminal pode ser desabilitada. Para desabilitar uma configuração em qualquer nível de operação, digite um “no” na frente do comando que ativa essa opção.
DmSwitch3000(config)#no terminal paging
1.11 Configurar o timeout do terminal, ou seja, o tempo em que o terminal ficará inativo antes de
realizar o logoff do usuário. Por padrão não há configuração de timeout, portanto o usuário permanecerá logado indefinidamente mesmo sem atividade.
DmSwitch3000#terminal timeout [?] 15-3600 Timeout in seconds DmSwitch3000#terminal timeout 3600
Av. França, 735 - Porto Alegre, RS - 90230-220 Suporte Técnico: 51 3358 0122
www.datacom-telematica.com.br Página 6 de 35
Lab 2: SNMP
2.1 Configurar a community “datacom” de leitura e escrita, o contato “suporte técnico 51 33580122”, a localização “porto alegre – rs” e o host 192.168.0.1 para receber traps SNMPv2c
DmSwitch3000(config)#ip snmp-server community datacom rw DmSwitch3000(config)#ip snmp-server contact suporte tecnico 51 33580122 DmSwitch3000(config)#ip snmp-server location porto alegre – rs DmSwitch3000(config)#ip snmp-server host 192.168.0.1 version 2c datacom DmSwitch3000(config)#show ip snmp-server SNMP status: Enable Local SNMP engineID: 80000E7D030004DF103931 SNMP Community: public(Read-Only) datacom(Read/Write) SNMPv3 User: USER ACCESS AUTHENTICATION PRIVACY SNMPv(1|2c) Trap Manager: IP COMMUNITY VERSION 192.168.0.1 datacom 2c SNMPv3 Trap Manager: IP USER AUTHENTICATION PRIVACY
Av. França, 735 - Porto Alegre, RS - 90230-220 Suporte Técnico: 51 3358 0122
www.datacom-telematica.com.br Página 7 de 35
Lab 3: ACLs
3.1 Permitir que apenas os endereços IP que pertençam a rede 192.168.0.0/24 possam gerenciar o DmSwitch, com exceção do acesso via HTTP, HTTPS e SNMP que somente será gerenciado pelo endereço IP 192.168.0.1
DmSwitch3000(config)#management snmp-client 192.168.0.1/32 DmSwitch3000(config)#management ssh-client 192.168.0.0/24 DmSwitch3000(config)#management telnet-client 192.168.0.0/24 DmSwitch3000(config)#management http-client 192.168.0.1/32 DmSwitch3000(config)#show management all-client Management IP filter: Telnet client: 192.168.0.0/24 HTTP client: 192.168.0.1/32 SNMP client: 192.168.0.0/24 SSH client: 192.168.0.0/24
Av. França, 735 - Porto Alegre, RS - 90230-220 Suporte Técnico: 51 3358 0122
www.datacom-telematica.com.br Página 8 de 35
Lab 4: Criação e Autenticação de Usuário
4.1 Criar o usuário privilegiado “nmc” com senha “d474c0m”. Criar o usuário normal “operador” sem senha de acesso.
DmSwitch3000(config)#username nmc password 0 d474c0m DmSwitch3000(config)#username nmc access-level 15 DmSwitch3000(config)#username operador nopassword DmSwitch3000(config)#username operador access-level 0 DmSwitch3000(config)#show users Access Username Level Password Hash -------------------------------- ------ ---------------------------------------- admin 15 d033e22ae348aeb5660fc2140aec35850c4da997 guest 0 35675e68f4b5af7b995d9205ad0fc43842f16450 nmc 15 6b8f2e7026c340afb241e17446418165765d599b operador 0 no password
4.2 Configurar autenticação de usuário em um servidor com IP 192.168.0.1 e secret key “datacom”. Habilitar para que o servidor radius seja a primeira opção de autenticação e em seguida, autenticação local.
DmSwitch3000(config)#radius-server host 1 address 192.168.0.1 DmSwitch3000(config)#radius-server key datacom DmSwitch3000(config)#show radius-server RADIUS configuration: Default Key: ******** Default Auth-port: 1812 Default Acct-port: 1813 Timeout: 5 Retries: 2 Host 1: Authentication: Enable Accounting: Enable Address: 192.168.0.1 Host 2: Host 3: Host 4: Host 5: DmSwitch3000(config)#authentication login radius local DmSwitch3000(config)#show authentication Login authentication method by precedence: (1) RADIUS server (2) Local database
Av. França, 735 - Porto Alegre, RS - 90230-220 Suporte Técnico: 51 3358 0122
www.datacom-telematica.com.br Página 9 de 35
Lab 5: VLAN
5.1 Criar o range de vlans de 2 a 200 e configurar a vlan de gerência em todos os switches com id de vlan 100, nome MANAGEMENT, endereço ip 10.0.100.x/24 ( Se hostname for SW1, então x=1; se hostname for SW2, então x=2, etc.) e ajustar as portas que fazem o entroncamento dos switches como tagged para a vlan 100;
SW1-4004(config)#interface vlan range 2 200 Iterating over 199 VLANs. Next commands may take a while... SW1-4004(config-if-vlan-2-to-200)#exit SW1-4004(config)#interface vlan 100 SW1-4004(config-if-vlan-100)#name MANAGEMENT SW1-4004(config-if-vlan-100)#ip address 10.0.100.1/24 SW1-4004(config-if-vlan-100)#set-member tagged ethernet 3/1 SW1-4004(config-if-vlan-100)#set-member tagged ethernet 3/3 SW1-4004(config-if-vlan-100)#set-member tagged ethernet 3/12 SW2-4001(config)#interface vlan range 2 200 Iterating over 199 VLANs. Next commands may take a while... SW2-4001(config-if-vlan-2-to-200)#exit SW2-4001(config)#interface vlan 100 SW2-4001(config-if-vlan-100)#name MANAGEMENT SW2-4001(config-if-vlan-100)#ip address 10.0.100.2/24 SW2-4001(config-if-vlan-100)#set-member tagged ethernet 1 SW2-4001(config-if-vlan-100)#set-member tagged ethernet 3 SW2-4001(config-if-vlan-100)#set-member tagged ethernet 12 SW2-4001(config-if-vlan-100)#
Av. França, 735 - Porto Alegre, RS - 90230-220 Suporte Técnico: 51 3358 0122
www.datacom-telematica.com.br Página 10 de 35
SW3-3000(config)#interface vlan range 2 200 Iterating over 199 VLANs. Next commands may take a while... SW3-3000(config-if-vlan-2-to-200)#exit SW3-3000(config)#interface vlan 100 SW3-3000(config-if-vlan-100)#name MANAGEMENT SW3-3000(config-if-vlan-100)#ip address 10.0.100.4/24 SW3-3000(config-if-vlan-100)#set-member tagged ethernet range 25 26 SW4-3000(config)#interface vlan range 2 200 Iterating over 199 VLANs. Next commands may take a while... SW4-3000(config-if-vlan-2-to-200)#exit SW4-3000(config)#interface vlan 100 SW4-3000(config-if-vlan-100)#name MANAGEMENT SW4-3000(config-if-vlan-100)#ip address 10.0.100.4/24 SW4-3000(config-if-vlan-100)#set-member tagged Ethernet 25 SW5-3000(config)#interface vlan range 2 200 Iterating over 199 VLANs. Next commands may take a while... SW5-3000(config-if-vlan-2-to-200)#exit SW5-3000(config)#interface vlan 100 SW5-3000(config-if-vlan-100)#name MANAGEMENT SW5-3000(config-if-vlan-100)#ip address 10.0.100.4/24 SW5-3000(config-if-vlan-100)#set-member tagged Ethernet 25
5.2 Nos switches de acesso (SW4-3000 e SW5-3000), configurar uma interface que pertencerá a vlan 100 de gerência e verificar se na tabela de vlans consta a interface que foi associada a vlan 100
SW4-3000(config)#interface ethernet [?] SW4-3000(config-if-eth-1/5)#switchport native vlan 100 SW4-3000#sh vlan table id 100 SW5-3000(config)#interface ethernet [?] SW5-3000(config-if-eth-1/5)#switchport native vlan 100 SW5-3000#sh vlan table id 100
5.3 Ajustar as configurações de rede TCP/IP das máquinas que estarão nas interfaces pertencentes a vlan 100 com ip na faixa 10.0.100.x/24, conectar as mesmas nas interfaces e testar conectividade (ping e telnet) com os switches e outras máquinas na mesma vlan.
Host C:\> ping/telnet 10.0.100.x
5.4 Seguindo o mesmo passo, ajuste as configurações das vlans 10, 20, 30, 110, 120 e 130 em todos os switches e faça testes de conectividade entre os mesmos e outras estações.
Vlan 10 = faixa 10.0.10.x/24 Vlan 20 = faixa 10.0.20.x/24 Vlan 30 = faixa 10.0.30.x/24 Vlan 110 = faixa 10.0.110.x/24 Vlan 120 = faixa 10.0.120.x/24 Vlan 130 = faixa 10.0.130.x/24
Av. França, 735 - Porto Alegre, RS - 90230-220 Suporte Técnico: 51 3358 0122
www.datacom-telematica.com.br Página 11 de 35
Lab 6: RSTP
6.1 Por default, os switches DATACOM trabalham com o modo RSTP habilitado, no entanto é possível habilitar os diferentes modos STP através do comando abaixo:
6.2 SW1-4004(config)#spanning-tree mode [?] mstp Specify spanning-tree mode as MSTP rstp Specify spanning-tree mode as RSTP stp Specify spanning-tree mode as STP
6.3 Crie uma situação de looping de rede fechando o anel entre os switches SW1, SW2 e SW3 e verifique o processo de eleição do switch raiz da topologia RSTP e a reação do protocolo RSTP ao detectar a presença de um looping de rede. A saída dos comandos abaixo demonstra o status do RSTP:
SW1-4004# sh spanning-tree - Role (first letter): (a)lternate, (b)ackup, (r)oot, (d)esignated, (m)aster, (-)disabled - State (second letter): (d)iscarding, (l)earning, (f)orwarding - Uppercase: port-channel member Spanning-tree 1 (RSTP01) information --------------------------------------------------------------------------------
Av. França, 735 - Porto Alegre, RS - 90230-220 Suporte Técnico: 51 3358 0122
www.datacom-telematica.com.br Página 12 de 35
Members: VLAN group 1 Bridge info: 32769.0004df10cfed, priority: 32768 + ID 1 Root info: 32769.0004df104486, port: Eth 3/3, cost: 20000 Bridge times: hello: 2, forward: 15, max age: 20, max hops: 20 Root times: hello: 2, forward: 15, max age: 20 Topology changes: total: 1, last: 891s Unit 3 2 4 6 8 10 12 df rf 1 3 5 7 9 11 13 SW2-4001#sh spanning-tree … Spanning-tree 1 (RSTP01) information -------------------------------------------------------------------------------- Members: VLAN group 1 Bridge info: 32769.0004df10d07d, priority: 32768 + ID 1 Root info: 32769.0004df104486, port: Eth 1/3, cost: 20000 Bridge times: hello: 2, forward: 15, max age: 20, max hops: 20 Root times: hello: 2, forward: 15, max age: 20 Topology changes: total: 1, last: 984s Unit 1 2 4 6 8 10 12 ad rf 1 3 5 7 9 11 13 SW3-3000#sh spanning-tree Spanning-tree 1 (RSTP01) information -------------------------------------------------------------------------------- Members: VLAN group 1 Bridge info: 32769.0004df104486, priority: 32768 + ID 1 Root info: This is the Root Bridge for RSTP01 Bridge times: hello: 2, forward: 15, max age: 20, max hops: 20 Root times: hello: 2, forward: 15, max age: 20 Topology changes: total: 1, last: 856s Unit 1 2 4 6 8 10 12 14 16 18 20 22 24 26 28 df df 1 3 5 7 9 11 13 15 17 19 21 23 25 27
OBS: A análise dos comandos deixa claro que o SW3-3000 foi eleito o switch raiz
(Root Bridge) da topologia RSTP. O processo de eleição foi feito após troca de BPDUs entre os switches e a constatação de que o BID (Bridge Id = Priority/MAC) do SW3-3000 é o menor dentre todos. Pelo fato do SW2-3000 ser o Bridge Root da topologia RSTP, todas as suas portas são designadas e encotram-se em modo forwarding (df). Os outros switches irão eleger a porta de menor custo até o Root Bridge como a porta root (rf). Como apenas uma porta designada pode existir por segmento, a porta 1 do SW1-4004 foi eleita designated port (df), e a porta 1 do SW2-4001 foi eleita alternative port (ad), estando esta em modo discarding. Dessa forma loopings não ocorrerão.
6.4 Defina o SW1-4004 como o Root Bridge da topologia RSTP e verifique a reconstrução da mesma. A saída dos comandos abaixo demonstra a nova topologia após o SW1-4004 se tornar o Root Bridge:
Av. França, 735 - Porto Alegre, RS - 90230-220 Suporte Técnico: 51 3358 0122
www.datacom-telematica.com.br Página 13 de 35
SW1-4004(config)#spanning-tree 1 root primary Ou SW1-4004(config)#spanning-tree 1 priority 24576 SW1-4004#sh spanning-tree - Role (first letter): (a)lternate, (b)ackup, (r)oot, (d)esignated, (m)aster, (-)disabled - State (second letter): (d)iscarding, (l)earning, (f)orwarding - Uppercase: port-channel member Spanning-tree 1 (RSTP01) information -------------------------------------------------------------------------------- Members: VLAN group 1 Bridge info: 24577.0004df10cfed, priority: 24576 + ID 1 Root info: This is the Root Bridge for RSTP01 Bridge times: hello: 2, forward: 15, max age: 20, max hops: 20 Root times: hello: 2, forward: 15, max age: 20 Topology changes: total: 2, last: 63s Unit 3 2 4 6 8 10 12 df df 1 3 5 7 9 11 13 SW2-4001#sh spanning-tree Spanning-tree 1 (RSTP01) information -------------------------------------------------------------------------------- Members: VLAN group 1 Bridge info: 32769.0004df10d07d, priority: 32768 + ID 1 Root info: 24577.0004df10cfed, port: Eth 1/1, cost: 20000 Bridge times: hello: 2, forward: 15, max age: 20, max hops: 20 Root times: hello: 2, forward: 15, max age: 20 Topology changes: total: 2, last: 46s Unit 1 2 4 6 8 10 12 rf ad 1 3 5 7 9 11 13 SW3-3000#sh spannin Spanning-tree 1 (RSTP01) information -------------------------------------------------------------------------------- Members: VLAN group 1 Bridge info: 32769.0004df104486, priority: 32768 + ID 1 Root info: 24577.0004df10cfed, port: Eth 1/25, cost: 20000 Bridge times: hello: 2, forward: 15, max age: 20, max hops: 20 Root times: hello: 2, forward: 15, max age: 20 Topology changes: total: 3, last: 12s Unit 1 2 4 6 8 10 12 14 16 18 20 22 24 26 28 dd rf 1 3 5 7 9 11 13 15 17 19 21 23 25 27
Av. França, 735 - Porto Alegre, RS - 90230-220 Suporte Técnico: 51 3358 0122
www.datacom-telematica.com.br Página 14 de 35
Lab 7: MSTP
7.1 Em todos os switches do anel (SW1, 2 e 3), crie dois grupos de vlans (vlan-group 1 e 2) que farão parte das instâncias MSTP 1 e 2. Após criar os grupos, defina o range de vlans de 1 a 100 para o grupo 1 e de 101 a 200 para o grupo 2:
OBS: Por default, todas as vlans encontram-se associadas ao vlan-group 1 e a instância spanning-tree 1. Recomenda-se apagar essa configuração e refazer a instância spanning-tree 1 com as vlans necessárias. SWx(config)#no spanning-tree 1 SWx(config)#no vlan-group 1 SWx(config)#vlan-group 1 SWx(config)#vlan-group 1 vlan range 1 100 SWx(config)#vlan-group 2 SWx(config)#vlan-group 2 vlan range 101 200
7.2 Em todos os switches do anel, crie as instâncias MSTP 1 e 2 e associe os grupos de vlans criados às mesmas:
SWx(config)#spanning-tree 1 SWx(config)#spanning-tree 1 vlan-group 1 SWx(config)#! SWx(config)#spanning-tree 2 SWx(config)#spanning-tree 2 vlan-group 2
Av. França, 735 - Porto Alegre, RS - 90230-220 Suporte Técnico: 51 3358 0122
www.datacom-telematica.com.br Página 15 de 35
7.3 Em todos switches do anel, defina o nome da região como REGION_DATACOM, o número de revisão para 5 e por último habilite o modo MSTP:
SWx(config)#spanning-tree mst name REGION_DATACOM SWx(config)#spanning-tree mst revision 5 SWx(config)#spanning-tree mode mstp
OBS: Ao habilitar o MSTP, a instância spanning-tree 0 será criada
automaticamente, sendo esta a IST0 da topologia MSTP.
7.4 Verifique o status da topologia MSTP. A saída dos comandos abaixo mostrará que o SW3-3000 foi eleito o Root Bridge da topologia MSTP tanto para a IST1 quanto para a IST2, e portanto, todas as suas portas encontram-se em modo forwarding (df). É possível comprovar também que os outros switches calcularam a porta de menor custo (rf) para o Root Bridge tanto para a IST1 quanto para a IST2 e bloquearam uma de suas portas (ad) para evitar loopings.
SW1-4004#show spanning-tree - Role (first letter): (a)lternate, (b)ackup, (r)oot, (d)esignated, (m)aster, (-)disabled - State (second letter): (d)iscarding, (l)earning, (f)orwarding - Uppercase: port-channel member Spanning-tree 0 (CIST) information -------------------------------------------------------------------------------- Bridge info: 32768.0004df10cfed, priority: 32768 + ID 0 Root info: 32768.0004df104486, port: Eth 3/3, cost: 0 Regional root info: 32768.0004df104486, cost: 20000 Bridge times: hello: 2, forward: 15, max age: 20, max hops: 20 Root times: hello: 2, forward: 15, max age: 20 Topology changes: total: 25, last: 2496s Unit 3 2 4 6 8 10 12 df rf 1 3 5 7 9 11 13 Spanning-tree 1 (MSTI01) information -------------------------------------------------------------------------------- Members: VLAN group 1 Bridge info: 32769.0004df10cfed, priority: 32768 + ID 1 Regional root info: 32769.0004df104486, port: Eth 3/3, cost: 20000 Topology changes: total: 17, last: 1603s Unit 3 2 4 6 8 10 12 df rf 1 3 5 7 9 11 13 Spanning-tree 2 (MSTI02) information -------------------------------------------------------------------------------- Members: VLAN group 2 Bridge info: 32770.0004df10cfed, priority: 32768 + ID 2 Regional root info: 32770.0004df104486, port: Eth 3/3, cost: 20000 Topology changes: total: 14, last: 1592s Unit 3 2 4 6 8 10 12 df rf
Av. França, 735 - Porto Alegre, RS - 90230-220 Suporte Técnico: 51 3358 0122
www.datacom-telematica.com.br Página 16 de 35
3 5 7 9 11 13 ... SW2-4001#show spanning-tree - Role (first letter): (a)lternate, (b)ackup, (r)oot, (d)esignated, (m)aster, (-)disabled - State (second letter): (d)iscarding, (l)earning, (f)orwarding - Uppercase: port-channel member Spanning-tree 0 (CIST) information -------------------------------------------------------------------------------- Bridge info: 32768.0004df10d07d, priority: 32768 + ID 0 Root info: 32768.0004df104486, port: Eth 1/3, cost: 0 Regional root info: 32768.0004df104486, cost: 20000 Bridge times: hello: 2, forward: 15, max age: 20, max hops: 20 Root times: hello: 2, forward: 15, max age: 20 Topology changes: total: 19, last: 2664s Unit 1 2 4 6 8 10 12 ad rf 1 3 5 7 9 11 13 Spanning-tree 1 (MSTI01) information -------------------------------------------------------------------------------- Members: VLAN group 1 Bridge info: 32769.0004df10d07d, priority: 32768 + ID 1 Regional root info: 32769.0004df104486, port: Eth 1/3, cost: 20000 Topology changes: total: 12, last: 1634s Unit 1 2 4 6 8 10 12 ad rf 1 3 5 7 9 11 13 Spanning-tree 2 (MSTI02) information -------------------------------------------------------------------------------- Members: VLAN group 2 Bridge info: 32770.0004df10d07d, priority: 32768 + ID 2 Regional root info: 32770.0004df104486, port: Eth 1/3, cost: 20000 Topology changes: total: 15, last: 1624s Unit 1 2 4 6 8 10 12 ad rf 1 3 5 7 9 11 13 ... SW3-3000#sh spanning-tree Spanning-tree 0 (CIST) information -------------------------------------------------------------------------------- Bridge info: 32768.0004df104486, priority: 32768 + ID 0 Root info: This is the Root Bridge for CIST Regional root info: This is the Regional Root Bridge for CIST Bridge times: hello: 2, forward: 15, max age: 20, max hops: 20 Root times: hello: 2, forward: 15, max age: 20 Topology changes: total: 28, last: 2539s Unit 1 2 4 6 8 10 12 14 16 18 20 22 24 26 28 df df 1 3 5 7 9 11 13 15 17 19 21 23 25 27
Av. França, 735 - Porto Alegre, RS - 90230-220 Suporte Técnico: 51 3358 0122
www.datacom-telematica.com.br Página 17 de 35
Spanning-tree 1 (MSTI01) information -------------------------------------------------------------------------------- Members: VLAN group 1 Bridge info: 32769.0004df104486, priority: 32768 + ID 1 Regional root info: This is the Regional Root Bridge for MSTI01 Topology changes: total: 21, last: 1653s Unit 1 2 4 6 8 10 12 14 16 18 20 22 24 26 28 df df 1 3 5 7 9 11 13 15 17 19 21 23 25 27 Spanning-tree 2 (MSTI02) information -------------------------------------------------------------------------------- Members: VLAN group 2 Bridge info: 32770.0004df104486, priority: 32768 + ID 2 Regional root info: This is the Regional Root Bridge for MSTI02 Topology changes: total: 12, last: 1643s Unit 1 2 4 6 8 10 12 14 16 18 20 22 24 26 28 df df 1 3 5 7 9 11 13 15 17 19 21 23 25 27
7.5 Habilite o “debug stp” e force a eleição do SW1-4004 como o Root Bridge da topologia MSTP para as instâncias 1 e 2.
SW1-4004#debug stp SW1-4004#conf SW1-4004(config)#spanning-tree 1 root primary ou SW1-4004(config)#spanning-tree 1 priority 24576 ... SW1-4004(config)#spanning-tree 2 root primary Ou SW1-4004(config)#spanning-tree 2 priority 24576
7.6 A saída dos commandos abaixo demostra as alterações da topologia MSTP após o processo de reeleição do Root Bridge para as IST1 e IST2:
SW1-4004#sh spanning-tree - Role (first letter): (a)lternate, (b)ackup, (r)oot, (d)esignated, (m)aster, (-)disabled - State (second letter): (d)iscarding, (l)earning, (f)orwarding - Uppercase: port-channel member Spanning-tree 0 (CIST) information -------------------------------------------------------------------------------- Bridge info: 32768.0004df10cfed, priority: 32768 + ID 0 Root info: 32768.0004df104486, port: Eth 3/3, cost: 0 Regional root info: 32768.0004df104486, cost: 20000 Bridge times: hello: 2, forward: 15, max age: 20, max hops: 20 Root times: hello: 2, forward: 15, max age: 20 Topology changes: total: 25, last: 2707s Unit 3 2 4 6 8 10 12
Av. França, 735 - Porto Alegre, RS - 90230-220 Suporte Técnico: 51 3358 0122
www.datacom-telematica.com.br Página 18 de 35
df rf 1 3 5 7 9 11 13 Spanning-tree 1 (MSTI01) information -------------------------------------------------------------------------------- Members: VLAN group 1 Bridge info: 24577.0004df10cfed, priority: 24576 + ID 1 Regional root info: This is the Regional Root Bridge for MSTI01 Topology changes: total: 18, last: 54s Unit 3 2 4 6 8 10 12 df df 1 3 5 7 9 11 13 Spanning-tree 2 (MSTI02) information -------------------------------------------------------------------------------- Members: VLAN group 2 Bridge info: 24578.0004df10cfed, priority: 24576 + ID 2 Regional root info: This is the Regional Root Bridge for MSTI02 Topology changes: total: 15, last: 4s Unit 3 2 4 6 8 10 12 df df 1 3 5 7 9 11 13 SW2-4001#sh spanning-tree - Role (first letter): (a)lternate, (b)ackup, (r)oot, (d)esignated, (m)aster, (-)disabled - State (second letter): (d)iscarding, (l)earning, (f)orwarding - Uppercase: port-channel member Spanning-tree 0 (CIST) information -------------------------------------------------------------------------------- Bridge info: 32768.0004df10d07d, priority: 32768 + ID 0 Root info: 32768.0004df104486, port: Eth 1/3, cost: 0 Regional root info: 32768.0004df104486, cost: 20000 Bridge times: hello: 2, forward: 15, max age: 20, max hops: 20 Root times: hello: 2, forward: 15, max age: 20 Topology changes: total: 19, last: 2867s Unit 1 2 4 6 8 10 12 ad rf 1 3 5 7 9 11 13 Spanning-tree 1 (MSTI01) information -------------------------------------------------------------------------------- Members: VLAN group 1 Bridge info: 32769.0004df10d07d, priority: 32768 + ID 1 Regional root info: 24577.0004df10cfed, port: Eth 1/1, cost: 20000 Topology changes: total: 13, last: 82s Unit 1 2 4 6 8 10 12 rf ad 1 3 5 7 9 11 13 Spanning-tree 2 (MSTI02) information --------------------------------------------------------------------------------
Av. França, 735 - Porto Alegre, RS - 90230-220 Suporte Técnico: 51 3358 0122
www.datacom-telematica.com.br Página 19 de 35
Members: VLAN group 2 Bridge info: 32770.0004df10d07d, priority: 32768 + ID 2 Regional root info: 24578.0004df10cfed, port: Eth 1/1, cost: 20000 Topology changes: total: 16, last: 62s Unit 1 2 4 6 8 10 12 rf ad 1 3 5 7 9 11 13 SW3-3000#sh spanning-tree Spanning-tree 0 (CIST) information -------------------------------------------------------------------------------- Bridge info: 32768.0004df104486, priority: 32768 + ID 0 Root info: This is the Root Bridge for CIST Regional root info: This is the Regional Root Bridge for CIST Bridge times: hello: 2, forward: 15, max age: 20, max hops: 20 Root times: hello: 2, forward: 15, max age: 20 Topology changes: total: 28, last: 2796s Unit 1 2 4 6 8 10 12 14 16 18 20 22 24 26 28 df df 1 3 5 7 9 11 13 15 17 19 21 23 25 27 Spanning-tree 1 (MSTI01) information -------------------------------------------------------------------------------- Members: VLAN group 1 Bridge info: 32769.0004df104486, priority: 32768 + ID 1 Regional root info: 24577.0004df10cfed, port: Eth 1/25, cost: 20000 Topology changes: total: 23, last: 157s Unit 1 2 4 6 8 10 12 14 16 18 20 22 24 26 28 df rf 1 3 5 7 9 11 13 15 17 19 21 23 25 27 Spanning-tree 2 (MSTI02) information -------------------------------------------------------------------------------- Members: VLAN group 2 Bridge info: 32770.0004df104486, priority: 32768 + ID 2 Regional root info: 24578.0004df10cfed, port: Eth 1/25, cost: 20000 Topology changes: total: 14, last: 108s Unit 1 2 4 6 8 10 12 14 16 18 20 22 24 26 28 df rf 1 3 5 7 9 11 13 15 17 19 21 23 25 27
OBS: A análise dos comandos deixa claro que o SW1-4004 passou a ser o Root
Bridge da topologia MSTP para as instâncias 1 e 2. Observa-se também que tanto o SW2-4001 quanto o SW3-3000 escolheram as portas 1 e 25 respectivamente como root port para as instâncias 1 e 2. Assim sendo, todo tráfego das vlans mapeadas para as instâncias 1 e 2 nos dois switches supramencionados sairá por essas portas.
7.7 Através da manipulação do custo até o Root Bridge da topologia MSTP em anel, defina que todo tráfego da instância 1 nos switches deverá seguir um percurso anti-horário até o Root Bridge, ao passo que o tráfego da instância 2 deverá seguir um percurso horário. Dessa forma, estaremos distribuindo o tráfego da instâncias de vlans através do anel, não deixando nenhuma parte do mesmo ociosa. A saída dos comandos abaixo demostra a manipulação dos custos e como a topologia MSTP reagiu após a mudança dos mesmos.
Av. França, 735 - Porto Alegre, RS - 90230-220 Suporte Técnico: 51 3358 0122
www.datacom-telematica.com.br Página 20 de 35
SW2-4001(config)#interface ethernet 1 SW2-4001(config-if-eth-1/1)#spanning-tree 2 cost 40001 SW2-4001#sh spanning-tree - Role (first letter): (a)lternate, (b)ackup, (r)oot, (d)esignated, (m)aster, (-)disabled - State (second letter): (d)iscarding, (l)earning, (f)orwarding - Uppercase: port-channel member Spanning-tree 0 (CIST) information -------------------------------------------------------------------------------- Bridge info: 32768.0004df10d07d, priority: 32768 + ID 0 Root info: 32768.0004df104486, port: Eth 1/3, cost: 0 Regional root info: 32768.0004df104486, cost: 20000 Bridge times: hello: 2, forward: 15, max age: 20, max hops: 20 Root times: hello: 2, forward: 15, max age: 20 Topology changes: total: 19, last: 3202s Unit 1 2 4 6 8 10 12 ad rf 1 3 5 7 9 11 13 Spanning-tree 1 (MSTI01) information -------------------------------------------------------------------------------- Members: VLAN group 1 Bridge info: 32769.0004df10d07d, priority: 32768 + ID 1 Regional root info: 24577.0004df10cfed, port: Eth 1/1, cost: 20000 Topology changes: total: 14, last: 98s Unit 1 2 4 6 8 10 12 rf df 1 3 5 7 9 11 13 Spanning-tree 2 (MSTI02) information -------------------------------------------------------------------------------- Members: VLAN group 2 Bridge info: 32770.0004df10d07d, priority: 32768 + ID 2 Regional root info: 24578.0004df10cfed, port: Eth 1/3, cost: 40000 Topology changes: total: 17, last: 48s Unit 1 2 4 6 8 10 12 ad rf 1 3 5 7 9 11 13 ... SW3-3000(config)#interface ethernet 25 SW3-3000(config-if-eth-1/25)#spanning-tree 1 cost 400001 SW3-3000#sh spanning-tree Spanning-tree 0 (CIST) information -------------------------------------------------------------------------------- Bridge info: 32768.0004df104486, priority: 32768 + ID 0 Root info: This is the Root Bridge for CIST Regional root info: This is the Regional Root Bridge for CIST Bridge times: hello: 2, forward: 15, max age: 20, max hops: 20 Root times: hello: 2, forward: 15, max age: 20 Topology changes: total: 28, last: 3099s
Av. França, 735 - Porto Alegre, RS - 90230-220 Suporte Técnico: 51 3358 0122
www.datacom-telematica.com.br Página 21 de 35
Unit 1 2 4 6 8 10 12 14 16 18 20 22 24 26 28 df df 1 3 5 7 9 11 13 15 17 19 21 23 25 27 Spanning-tree 1 (MSTI01) information -------------------------------------------------------------------------------- Members: VLAN group 1 Bridge info: 32769.0004df104486, priority: 32768 + ID 1 Regional root info: 24577.0004df10cfed, port: Eth 1/26, cost: 40000 Topology changes: total: 23, last: 460s Unit 1 2 4 6 8 10 12 14 16 18 20 22 24 26 28 rf ad 1 3 5 7 9 11 13 15 17 19 21 23 25 27 Spanning-tree 2 (MSTI02) information -------------------------------------------------------------------------------- Members: VLAN group 2 Bridge info: 32770.0004df104486, priority: 32768 + ID 2 Regional root info: 24578.0004df10cfed, port: Eth 1/25, cost: 20000 Topology changes: total: 15, last: 100s Unit 1 2 4 6 8 10 12 14 16 18 20 22 24 26 28 df rf 1 3 5 7 9 11 13 15 17 19 21 23 25 27
OBS: A análise dos comandos deixa claro que no SW2-4001 o tráfego das vlans
mapeadas para a instância 1 sairá pela root port 1, ao passo que o tráfego das vlans mapeadas para a instância 2 sairá pela root port 3. Já no SW3-3000, o tráfego das vlans mapeadas para a instância 1 sairá pela root port 26, ao passo que o tráfego das vlans mapeadas para a intância 2 sairá pela root port 25.
7.8 Após este laboratório, exclua as configurações MSTP de todos os switches usando os comandos abaixo e por último, habilite o modo default RSTP.
SWx(config)#no spanning-tree mst name SWx(config)#no spanning-tree mst revision SWx(config)#no spanning-tree 0 SWx(config)#no spanning-tree 1 SWx(config)#no spanning-tree 2 SWx(config)#no vlan-group 1 SWx(config)#no vlan-group 2 SWx(config)#vlan-group 1 SWx(config)#vlan-group 1 vlan all SWx(config)#spanning-tree 1 SWx(config)#spanning-tree 1 vlan-group 1 SWx(config)#spanning-tree mode rstp
Av. França, 735 - Porto Alegre, RS - 90230-220 Suporte Técnico: 51 3358 0122
www.datacom-telematica.com.br Página 22 de 35
Lab 8: EAPS
8.1 Em todos os switches do anel EAPS, crie os grupos de vlans que serão protegidas pelos domínios EAPS 1 e 2. O domínio EAPS 1 (DM1) irá fazer a proteção do vlan-group 1 onde estarão mapeadas as vlans de 1 a 100 e, o domínio EAPS 2 (DM2) irá fazer a proteção do vlan-group 2 onde estarão mapeadas as vlans de 101 a 200.
SWx(config)#vlan-group 1 SWx(config)#vlan-group 1 vlan range 1 100 SWx(config)#vlan-group 2 SWx(config)#vlan-group 2 vlan range 101 200
8.2 Em todos os switches do anel EAPS, crie as vlans de controles EAPS. A vlan de controle do domínio EAPS 1 (DM1) será a vlan 4001 e receberá o nome CONTROL_DM1. A vlan de controle do domínio EAPS 2 (DM2) será a vlan 4002 e receberá o nome CONTROL_DM2. Não esqueça de inserir como “tagged” as vlans que circularão pelo anel nos links que entrocam o switches.
SW1-4004(config)#interface vlan range 2 200 SW1-4004(config-if-vlan-2-to-200)#set-member tagged Ethernet 3/1 SW1-4004(config-if-vlan-2-to-200)#set-member tagged Ethernet 3/3 SW1-4004(config)#interface vlan 4001 SW1-4004(config-if-vlan-4001)#name CONTROL_DM1 SW1-4004(config-if-vlan-4001)#set-member tagged ethernet 3/1 SW1-4004(config-if-vlan-4001)#set-member tagged ethernet 3/3 SW1-4004(config-if-vlan-4001)#interface vlan 4002 SW1-4004(config-if-vlan-4002)#name CONTROL_DM2 SW1-4004(config-if-vlan-4002)#set-member tagged ethernet 3/1
Av. França, 735 - Porto Alegre, RS - 90230-220 Suporte Técnico: 51 3358 0122
www.datacom-telematica.com.br Página 23 de 35
SW1-4004(config-if-vlan-4002)#set-member tagged ethernet 3/3 SW2-4001(config)#interface vlan range 2 200 SW2-4001(config-if-vlan-2-to-200)#set-member tagged Ethernet 1 SW2-4001(config-if-vlan-2-to-200)#set-member tagged Ethernet 3 SW2-4001(config)#interface vlan 4001 SW2-4001(config-if-vlan-4001)#name CONTROL_DM1 SW2-4001(config-if-vlan-4001)#set-member tagged ethernet 1 SW2-4001(config-if-vlan-4001)#set-member tagged ethernet 3 SW2-4001(config-if-vlan-4001)#interface vlan 4002 SW2-4001(config-if-vlan-4002)#name CONTROL_DM2 SW2-4001(config-if-vlan-4002)#set-member tagged ethernet 1 SW2-4001(config-if-vlan-4002)#set-member tagged ethernet 3 SW3-3000(config)#interface vlan range 2 200 SW3-3000(config-if-vlan-2-to-200)#set-member tagged Ethernet 25 SW3-3000(config-if-vlan-2-to-200)#set-member tagged Ethernet 26 SW3-3000(config)#interface vlan 4001 SW3-3000(config-if-vlan-4001)#name CONTROL_DM1 SW3-3000(config-if-vlan-4001)#set-member tagged ethernet 25 SW3-3000(config-if-vlan-4001)#set-member tagged ethernet 26 SW3-3000(config)#interface vlan 4002 SW3-3000(config-if-vlan-4002)#name CONTROL_DM2 SW3-3000(config-if-vlan-4002)#set-member tagged ethernet 25 SW3-3000(config-if-vlan-4002)#set-member tagged ethernet 26
8.3 Em todos os switches do anel, crie os domínios EAPS 1 e 2 e, atribua o nome DM1 e DM2 respectivamente:
SWx(config)#eaps 1 SWx(config)#eaps 1 name DM1 SWx(config)#eaps 2 SWx(config)#eaps 2 name DM2
8.4 Defina o switch SW1-4004 como o MASTER do anel EAPS para os domínios 1 e 2 e, deixe os outros switches no modo default TRANSIT:
SW1-4004(config)#eaps 1 mode master SW1-4004(config)#eaps 2 mode master
8.5 Em todos os switches do anel, associe o vlan-group 1 ao domínio EAPS 1 e o vlan-group 2 ao domínio EAPS 2. Dessa forma, o DM1 irá fazer a proteção das vlans de 1 a 100 e o DM2 fará a proteção das vlans de 101 a 200:
SWx(config)#eaps 1 protected-vlans vlan-group 1 SWx(config)#eaps 2 protected-vlans vlan-group 2
8.6 Em todos os switches do anel, associe a vlan de controle 4001 ao anel domínio EAPS 1 e a vlan de controle 4002 ao domínio EAPS 2:
SWx(config)#eaps 1 control-vlan id 4001 SWx(config)#eaps 2 control-vlan id 4002
8.7 Em todos os switches do anel, defina a porta primária e secundária do anel EAPS para os domínios EAPS 1 e 2, de tal maneira que as portas primárias do domínio EAPS 1 sigam o sentido horário, ao passo que as portas primárias do domínio EAPS 2 sigam o sentido anti-horário. Dessa forma, estaremos fazendo a distribuição do tráfego das vlans através de todo anel, não deixando partes ociosas do mesmo.
SW1-4004(config)#eaps 1 port primary ethernet 3/1 SW1-4004(config)#eaps 1 port secondary ethernet 3/3
Av. França, 735 - Porto Alegre, RS - 90230-220 Suporte Técnico: 51 3358 0122
www.datacom-telematica.com.br Página 24 de 35
SW1-4004(config)#eaps 2 port primary ethernet 3/3 SW1-4004(config)#eaps 2 port secondary ethernet 3/1 SW2-4001(config)#eaps 1 port primary ethernet 1/3 SW2-4001(config)#eaps 1 port secondary ethernet 1/1 SW2-4001(config)#eaps 2 port primary ethernet 1/1 SW2-4001(config)#eaps 2 port secondary ethernet 1/3 SW3-3000(config)#eaps 1 port primary ethernet 25 SW3-3000(config)#eaps 1 port secondary ethernet 26 SW3-3000(config)#eaps 2 port primary ethernet 26 SW3-3000(config)#eaps 2 port secondary ethernet 25
8.8 Verifique as configurações EAPS que foram armazenadas na running-config em todos os switches do anel e salve as mesmas posteriormente.
SW1-4004(config)#sh run | beg eaps Building configuration... eaps 1 eaps 1 mode master eaps 1 name DM1 eaps 1 port primary ethernet 3/1 eaps 1 port secondary ethernet 3/3 eaps 1 control-vlan id 4001 eaps 1 protected-vlans vlan-group 1 eaps 2 eaps 2 mode master eaps 2 name DM2 eaps 2 port primary ethernet 3/3 eaps 2 port secondary ethernet 3/1 eaps 2 control-vlan id 4002 eaps 2 protected-vlans vlan-group 2 SW2-4001(config)#sh run | beg eaps Building configuration... eaps 1 eaps 1 name DM1 eaps 1 port primary ethernet 1/3 eaps 1 port secondary ethernet 1/1 eaps 1 control-vlan id 4001 eaps 1 protected-vlans vlan-group 1 ! eaps 2 eaps 2 name DM2 eaps 2 port primary ethernet 1/1 eaps 2 port secondary ethernet 1/3 eaps 2 control-vlan id 4002 eaps 2 protected-vlans vlan-group 2 SW3-3000(config)#sh run | beg eaps Building configuration... eaps 1 eaps 1 name DM1 eaps 1 port primary ethernet 1/25 eaps 1 port secondary ethernet 1/26 eaps 1 control-vlan id 4001 eaps 1 protected-vlans vlan-group 1 ! eaps 2 eaps 2 name DM2 eaps 2 port primary ethernet 1/26 eaps 2 port secondary ethernet 1/25 eaps 2 control-vlan id 4002
Av. França, 735 - Porto Alegre, RS - 90230-220 Suporte Técnico: 51 3358 0122
www.datacom-telematica.com.br Página 25 de 35
eaps 2 protected-vlans vlan-group 2 ... SWx(config)#copy run start [1-4] <text>
8.9 Verifique o status do anel em todos os switches usando os comandos abaixo: SW1-4004#sh eaps ID Domain State M Pri Sec Ctrl Protected# --- --------------- --------------- --- ----- ----- ------ ----------- 1 DM1 Complete M 3/1 3/3 4001 1 2 DM2 Complete M 3/3 3/1 4002 1 SW1-4004#sh eaps detail Domain ID: 1 Domain Name: DM1 State: Complete Mode: Master Hello Timer interval: 1 sec Fail Timer interval: 3 sec Pre-forwarding Timer: 6 sec (learned) Remaining: 0 sec Last update from: 00:04:DF:10:98:93, Eth 3/3, Thu Jan 1 10:10:31 1970 Primary port: Eth3/1 Port status: Up Secondary port: Eth3/3 Port status: Blocked Control VLAN ID: 4001 Protected VLAN group IDs: 1 Domain ID: 2 Domain Name: DM2 State: Complete Mode: Master Hello Timer interval: 1 sec Fail Timer interval: 3 sec Pre-forwarding Timer: 6 sec (learned) Remaining: 0 sec Last update from: 00:04:DF:10:98:93, Eth 3/1, Thu Jan 1 10:10:31 1970 Primary port: Eth3/3 Port status: Up Secondary port: Eth3/1 Port status: Blocked Control VLAN ID: 4002 Protected VLAN group IDs: 2 ... SW2-4001#sh eaps ID Domain State M Pri Sec Ctrl Protected# --- --------------- --------------- --- ----- ----- ------ ----------- 1 DM1 Links-Up T 1/3 1/1 4001 1 2 DM2 Links-Up T 1/1 1/3 4002 1 SW2-4001#sh eaps detail Domain ID: 1 Domain Name: DM1 State: Links-Up Mode: Transit Hello Timer interval: 1 sec Fail Timer interval: 3 sec Pre-forwarding Timer: 6 sec (learned) Remaining: 0 sec Last update from: 00:04:DF:10:98:93, Eth 1/1, Thu Jan 1 10:10:54 1970 Primary port: Eth1/3 Port status: Up Secondary port: Eth1/1 Port status: Up Control VLAN ID: 4001 Protected VLAN group IDs: 1 Domain ID: 2 Domain Name: DM2
Av. França, 735 - Porto Alegre, RS - 90230-220 Suporte Técnico: 51 3358 0122
www.datacom-telematica.com.br Página 26 de 35
State: Links-Up Mode: Transit Hello Timer interval: 1 sec Fail Timer interval: 3 sec Pre-forwarding Timer: 6 sec (learned) Remaining: 0 sec Last update from: 00:04:DF:10:98:93, Eth 1/3, Thu Jan 1 10:10:54 1970 Primary port: Eth1/1 Port status: Up Secondary port: Eth1/3 Port status: Up Control VLAN ID: 4002 Protected VLAN group IDs: 2 ... SW3-3000#sh eaps ID Domain State M Pri Sec Ctrl Protected# --- --------------- --------------- --- ----- ----- ------ ----------- 1 DM1 Links-Up T 1/25 1/26 4001 1 2 DM2 Links-Up T 1/26 1/25 4002 1 SW3-3000#sh eaps detail Domain ID: 1 Domain Name: DM1 State: Links-Up Mode: Transit Hello Timer interval: 1 sec Fail Timer interval: 3 sec Pre-forwarding Timer: 6 sec (learned) Remaining: 0 sec Last update from: 00:04:DF:10:98:93, Eth 1/26, Wed Jan 7 13:49:53 1970 Primary port: Eth1/25 Port status: Up Secondary port: Eth1/26 Port status: Up Control VLAN ID: 4001 Protected VLAN group IDs: 1 Domain ID: 2 Domain Name: DM2 State: Links-Up Mode: Transit Hello Timer interval: 1 sec Fail Timer interval: 3 sec Pre-forwarding Timer: 6 sec (learned) Remaining: 0 sec Last update from: 00:04:DF:10:98:93, Eth 1/25, Wed Jan 7 13:49:53 1970 Primary port: Eth1/26 Port status: Up Secondary port: Eth1/25 Port status: Up Control VLAN ID: 4002 Protected VLAN group IDs: 2
OBS: Conforme a saída dos comandos, é constatado que o status do anel está
completo (complete state)e todos os links estão funcionais (up).
8.10 Habilite a depuração do EAPS no SW1-4004 (MASTER) de modo a verificar a troca de mensagens de controle (Type=HEALTH_CHECK) que irão garantir o status operacional do anel e em seguida derrube a interface 3/1 (Porta primária do domínio EAPS 1 e secundária do domínio EAPS 2). Será observado que o status do anel passará para o modo “failed” no switch MASTER do anel EAPS tanto para o domínio EAPS 1 quanto para o 2, embora a redundância esteja garantida pelo caminho do anel que não foi interrompido.
SW1-4004#debug eaps ... SW1-4004(config)#interface ethernet 3/1 SW1-4004(config-if-eth-3/1)#shut ... SW1-4004(config)#sh eaps ID Domain State M Pri Sec Ctrl Protected# --- --------------- --------------- --- ----- ----- ------ -----------
Av. França, 735 - Porto Alegre, RS - 90230-220 Suporte Técnico: 51 3358 0122
www.datacom-telematica.com.br Página 27 de 35
1 DM1 Failed M 3/1 3/3 4001 1 2 DM2 Failed M 3/3 3/1 4002 1 SW1-4004(config)#sh eaps detail Domain ID: 1 Domain Name: DM1 State: Failed Mode: Master Hello Timer interval: 1 sec Fail Timer interval: 3 sec Pre-forwarding Timer: 6 sec (learned) Remaining: 0 sec Last update from: 00:04:DF:10:98:93, Eth 3/3, Thu Jan 1 10:22:06 1970 Primary port: Eth3/1 Port status: Down Secondary port: Eth3/3 Port status: Up Control VLAN ID: 4001 Protected VLAN group IDs: 1 Domain ID: 2 Domain Name: DM2 State: Failed Mode: Master Hello Timer interval: 1 sec Fail Timer interval: 3 sec Pre-forwarding Timer: 6 sec (learned) Remaining: 0 sec Last update from: 00:04:DF:10:98:93, Eth 3/1, Thu Jan 1 10:22:06 1970 Primary port: Eth3/3 Port status: Up Secondary port: Eth3/1 Port status: Down Control VLAN ID: 4002 Protected VLAN group IDs: 2 ... SW2-4001#sh eaps ID Domain State M Pri Sec Ctrl Protected# --- --------------- --------------- --- ----- ----- ------ ----------- 1 DM1 Links-Down T 1/3 1/1 4001 1 2 DM2 Links-Down T 1/1 1/3 4002 1 SW2-4001#sh eaps detail Domain ID: 1 Domain Name: DM1 State: Links-Down Mode: Transit Hello Timer interval: 1 sec Fail Timer interval: 3 sec Pre-forwarding Timer: 6 sec (learned) Remaining: 0 sec Last update from: 00:04:DF:10:98:93, Eth 1/1, Thu Jan 1 10:28:04 1970 Primary port: Eth1/3 Port status: Up Secondary port: Eth1/1 Port status: Down Control VLAN ID: 4001 Protected VLAN group IDs: 1 Domain ID: 2 Domain Name: DM2 State: Links-Down Mode: Transit Hello Timer interval: 1 sec Fail Timer interval: 3 sec Pre-forwarding Timer: 6 sec (learned) Remaining: 0 sec Last update from: 00:04:DF:10:98:93, Eth 1/3, Thu Jan 1 10:28:29 1970 Primary port: Eth1/1 Port status: Down Secondary port: Eth1/3 Port status: Up Control VLAN ID: 4002 Protected VLAN group IDs: 2 ...
Av. França, 735 - Porto Alegre, RS - 90230-220 Suporte Técnico: 51 3358 0122
www.datacom-telematica.com.br Página 28 de 35
SW3-3000#sh eaps ID Domain State M Pri Sec Ctrl Protected# --- --------------- --------------- --- ----- ----- ------ ----------- 1 DM1 Links-Up T 1/25 1/26 4001 1 2 DM2 Links-Up T 1/26 1/25 4002 1 SW3-3000#sh eaps detail Domain ID: 1 Domain Name: DM1 State: Links-Up Mode: Transit Hello Timer interval: 1 sec Fail Timer interval: 3 sec Pre-forwarding Timer: 6 sec (learned) Remaining: 0 sec Last update from: 00:04:DF:10:98:93, Eth 1/26, Wed Jan 7 13:49:53 1970 Primary port: Eth1/25 Port status: Up Secondary port: Eth1/26 Port status: Up Control VLAN ID: 4001 Protected VLAN group IDs: 1 Domain ID: 2 Domain Name: DM2 State: Links-Up Mode: Transit Hello Timer interval: 1 sec Fail Timer interval: 3 sec Pre-forwarding Timer: 6 sec (learned) Remaining: 0 sec Last update from: 00:04:DF:10:98:93, Eth 1/25, Wed Jan 7 13:49:53 1970 Primary port: Eth1/26 Port status: Up Secondary port: Eth1/25 Port status: Up Control VLAN ID: 4002 Protected VLAN group IDs: 2
Av. França, 735 - Porto Alegre, RS - 90230-220 Suporte Técnico: 51 3358 0122
www.datacom-telematica.com.br Página 29 de 35
Lab 9: QinQ (Double Tagging de VLAN)
9.1 Em todos os switches do cenário de rede, crie a vlan 200 com o nome de METRO_TAG. A vlan 200 será a “Double tagging vlan”. Em seguida, insira como “tagged” na vlan 200 as interfaces que entroncam os switches do cenário e habilite o modo “vlan qinq” globalmente.
SW1-4004(config)#interface vlan 200 SW1-4004(config-if-vlan-200)#name METRO_TAG SW1-4004(config-if-vlan-200)#set-member tagged ethernet 3/3 SW1-4004(config-if-vlan-200)#set-member tagged ethernet 3/1 SW1-4004(config-if-vlan-200)#set-member tagged ethernet 3/12 SW1-4004(config-if-vlan-200)#exit SW1-4004(config)#vlan qinq SW2-4001(config)#interface vlan 200 SW2-4001(config-if-vlan-200)#name METRO_TAG SW2-4001(config-if-vlan-200)#set-member tagged ethernet 1 SW2-4001(config-if-vlan-200)#set-member tagged ethernet 3 SW2-4001(config-if-vlan-200)#set-member tagged ethernet 12 SW2-4001(config-if-vlan-200)#exit SW2-4001(config)#vlan qinq SW3-3000(config)#interface vlan 200 SW3-3000(config-if-vlan-200)#name METRO_TAG SW3-3000(config-if-vlan-200)#set-member tagged ethernet 25 SW3-3000(config-if-vlan-200)#set-member tagged ethernet 26 SW3-3000(config-if-vlan-200)#exit SW3-3000(config)#vlan qinq
Av. França, 735 - Porto Alegre, RS - 90230-220 Suporte Técnico: 51 3358 0122
www.datacom-telematica.com.br Página 30 de 35
SW4-3000(config)#interface vlan 200 SW4-3000(config-if-vlan-200)#name METRO_TAG SW4-3000(config-if-vlan-200)#set-member tagged ethernet 25 SW5-3000(config)#interface vlan 200 SW5-3000(config-if-vlan-200)#name METRO_TAG SW5-3000(config-if-vlan-200)#set-member tagged ethernet 25
9.2 Por default, as portas combo dos switches da série 3000 são internas para qinq e o restante das portas são externas. Já nos switches da série 4000, todas as portas são internas para qinq. Nos switches SW4-3000 E SW5-3000 do cenário de rede, configure a interface 5 para o modo “switchport qinq internal” e nativa para a vlan 200, de tal maneira que o segundo tag=200 (Outer Tag) seja inserido em todos os quadros que chegam na interface, independente dos quadros chegarem com ou sem tag.
SW4-3000(config)#interface ethernet 5 SW4-3000(config-if-eth-1/5)#switchport qinq external SW4-3000(config-if-eth-1/5)#switchport native vlan 200 SW4-3000(config)#interface vlan 200 SW4-3000(config-if-vlan-200)#set-member untagged ethernet 5 ... SW5-3000(config)#interface ethernet 5 SW5-3000(config-if-eth-1/5)#switchport qinq external SW5-3000(config-if-eth-1/5)#switchport native vlan 200 SW5-3000(config)#interface vlan 200 SW5-3000(config-if-vlan-200)#set-member untagged ethernet 5
9.3 Verifique o modo qinq das portas nos switches: SWx-400x#sh qinq Port Mode TPID QinQ Tag Membership ---------------------------------------------------------- 3/ 1 Internal 0x8100 1 untagged 3/ 2 Internal 0x8100 1 untagged 3/ 3 Internal 0x8100 1 untagged ... 3/11 Internal 0x8100 1 untagged 3/12 Internal 0x8100 1 untagged 3/13 Internal 0x8100 1 untagged SW4-3000#sh qinq Port Mode TPID QinQ Tag Membership ------------------------------------------------------------- 1/ 1 External 0x8100 1 untagged 1/ 2 External 0x8100 1 untagged 1/ 3 External 0x8100 1 untagged 1/ 4 External 0x8100 1 untagged 1/ 5 External 0x8100 200 - 1/ 6 External 0x8100 1 untagged ... 1/25 Internal 0x8100 1 untagged 1/26 Internal 0x8100 1 untagged 1/27 Internal 0x8100 1 untagged 1/28 Internal 0x8100 1 untagged SW5-3000#sh qinq
Av. França, 735 - Porto Alegre, RS - 90230-220 Suporte Técnico: 51 3358 0122
www.datacom-telematica.com.br Página 31 de 35
Port Mode TPID QinQ Tag Membership ------------------------------------------------------------- 1/ 1 External 0x8100 1 untagged 1/ 2 External 0x8100 1 untagged 1/ 3 External 0x8100 1 untagged 1/ 4 External 0x8100 1 untagged 1/ 5 External 0x8100 200 - 1/ 6 External 0x8100 1 untagged ... 1/25 Internal 0x8100 1 untagged 1/26 Internal 0x8100 1 untagged 1/27 Internal 0x8100 1 untagged 1/28 Internal 0x8100 1 untagged
9.4 Conecte uma estação com ip na faixa 10.0.200.x/24 na interface 5 dos switches SW4-3000 e SW5-3000 e, verifique a conectividade entre ambas usando o comando ping.
Host C:\>ping 10.0.200.x
Av. França, 735 - Porto Alegre, RS - 90230-220 Suporte Técnico: 51 3358 0122
www.datacom-telematica.com.br Página 32 de 35
Lab 10: Link Aggregation
10.1 No segmento do anel EAPS entre os switches SW1-4004 e SW2-4001 será inserido outro link de tal maneira que os dois links farão parte de uma única “interface port-channel”, totalizando um canal de 2Giga. Para tanto, crie a ‘interface port-channel 1”em ambos switches do segmento, atrelando as interfaces 3/1 e 3/2 do SW1-4004 e as interfaces 1 e 2 do SW2/4001 à mesma. Antes de configurar o port-channel, derrube as interfaces que farão parte do mesmo e em seguida configure-o.
SW1-4004(config)#interface ethernet 3/1 SW1-4004(config-if-eth-3/1)#shut SW1-4004(config-if-eth-3/1)#interface ethernet 3/2 SW1-4004(config-if-eth-3/2)#shut SW1-4004(config-if-eth-3/2)#interface port-channel 1 SW1-4004(config-if-port-ch-1)#set-member ethernet 3/1 SW1-4004(config-if-port-ch-1)#set-member ethernet 3/2 SW2-4001(config)#interface ethernet range 1 2 SW2-4001(config-if-eth-1/1-to-1/2)#shut SW2-4001(config)#interface port-channel 1 SW2-4001(config-if-port-ch-1)#set-member ethernet range 1 2
10.2 Ajuste as configurações de portas primárias e secundárias dos domínios EAPS criados, uma vez que o segmento do anel agora será identificado pela “interface port-channel 1” e não mais pelas interfaces físicas.
SW1-4004(config)#no eaps 1 port primary SW1-4004(config)#eaps 1 port primary port-channel 1
Av. França, 735 - Porto Alegre, RS - 90230-220 Suporte Técnico: 51 3358 0122
www.datacom-telematica.com.br Página 33 de 35
SW1-4004(config)#no eaps 2 port secondary SW1-4004(config)#eaps 2 port secondary port-channel 1 SW2-4001(config)#no eaps 1 port secondary SW2-4001(config)#eaps 1 port secondary port-channel 1 SW2-4001(config)#no eaps 2 port primary SW2-4001(config)#eaps 2 port primary port-channel 1
10.3 Suba as interfaces que agora fazem parte do “port-channel” e verifique o status da “interface port-channel 1”, observando as interfaces físicas membros do “port-channel” e se a mesma subiu.
SW1-4004(config)#interface port-channel 1 SW1-4004(config-if-port-ch-1)#no shut SW2-4001(config)#interface port-channel 1 SW2-4001(config-if-port-ch-1)#no shut SW1-4004#sh interfaces status port-channel 1 Information of Port-Channel 1 Basic information: Port type: SFP MAC address: 00:04:DF:10:CF:ED Configuration: Name: ***Link_SW2-4001*** Port admin: Up Speed-duplex: Auto Capabilities: 10M half, 10M full, 100M half, 100M full, 1000M full Flow-control: Disabled MDIX: Normal Slow Protocols MAC: Standard OAM: Disabled Loopback Detection: Enabled - Unblock hysteresis: 30 sec Link-Flap Detection: Enabled - Unblock hysteresis: 30 sec Load Balance Method: MAC (source and destination) Current status: Created by: User Link status: Up Operation speed-duplex: 1000M full Flow control: Disabled MDIX: Normal Members: Eth3/1 to Eth3/2 SW2-4001#sh interfaces status port-channel 1 Information of Port-Channel 1 Basic information: Port type: SFP MAC address: 00:04:DF:10:D0:7D Configuration: Name: ***LINK_SW1-4004*** Port admin: Up Speed-duplex: Auto Capabilities: 10M half, 10M full, 100M half, 100M full, 1000M full Flow-control: Disabled MDIX: Normal Slow Protocols MAC: Standard OAM: Disabled Loopback Detection: Enabled - Unblock hysteresis: 30 sec Link-Flap Detection: Enabled - Unblock hysteresis: 30 sec Load Balance Method: MAC (source and destination) Current status: Created by: User Link status: Up Operation speed-duplex: 1000M full
Av. França, 735 - Porto Alegre, RS - 90230-220 Suporte Técnico: 51 3358 0122
www.datacom-telematica.com.br Página 34 de 35
Flow control: Disabled MDIX: Normal Members: Eth1/1 to Eth1/2
10.4 Verifique o status do anel EAPS e observe que o segmento entre os switches SW1-4004 e SW2-4001 será agora identificado pela “interface port-channel 1”.
SW1-4004#sh eaps ID Domain State M Pri Sec Ctrl Protected# --- --------------- --------------- --- ----- ----- ------ ----------- 1 DM1 Complete M Ch1 3/3 4001 1 2 DM2 Complete M 3/3 Ch1 4002 1 SW1-4004#sh eaps detail Domain ID: 1 Domain Name: DM1 State: Complete Mode: Master Hello Timer interval: 1 sec Fail Timer interval: 3 sec Pre-forwarding Timer: 6 sec (learned) Remaining: 0 sec Last update from: 00:04:DF:10:98:93, Eth 3/3, Thu Jan 1 02:32:36 1970 Primary port: PortCh1 Port status: Up Secondary port: Eth3/3 Port status: Blocked Control VLAN ID: 4001 Protected VLAN group IDs: 1 Domain ID: 2 Domain Name: DM2 State: Complete Mode: Master Hello Timer interval: 1 sec Fail Timer interval: 3 sec Pre-forwarding Timer: 6 sec (learned) Remaining: 0 sec Last update from: 00:04:DF:10:98:93, PortCh 1, Thu Jan 1 02:32:36 1970 Primary port: Eth3/3 Port status: Up Secondary port: PortCh1 Port status: Blocked Control VLAN ID: 4002 Protected VLAN group IDs: 2 ... SW2-4001#sh eaps ID Domain State M Pri Sec Ctrl Protected# --- --------------- --------------- --- ----- ----- ------ ----------- 1 DM1 Links-Up T 1/3 Ch1 4001 1 2 DM2 Links-Up T Ch1 1/3 4002 1 SW2-4001#sh eaps detail Domain ID: 1 Domain Name: DM1 State: Links-Up Mode: Transit Hello Timer interval: 1 sec Fail Timer interval: 3 sec Pre-forwarding Timer: 6 sec (learned) Remaining: 0 sec Last update from: 00:04:DF:10:98:93, PortCh 1, Thu Jan 1 03:47:08 1970 Primary port: Eth1/3 Port status: Up Secondary port: PortCh1 Port status: Up Control VLAN ID: 4001 Protected VLAN group IDs: 1 Domain ID: 2 Domain Name: DM2
Av. França, 735 - Porto Alegre, RS - 90230-220 Suporte Técnico: 51 3358 0122
www.datacom-telematica.com.br Página 35 de 35
State: Links-Up Mode: Transit Hello Timer interval: 1 sec Fail Timer interval: 3 sec Pre-forwarding Timer: 6 sec (learned) Remaining: 0 sec Last update from: 00:04:DF:10:98:93, Eth 1/3, Thu Jan 1 03:47:08 1970 Primary port: PortCh1 Port status: Up Secondary port: Eth1/3 Port status: Up Control VLAN ID: 4002 Protected VLAN group IDs: 2
10.5 No SW1-4004, derrube a interface 3/1 e verifique se o anel continuará completo (complete state). Após, derrube a interface 3/2 e verifique que o anel será interrompido (failed state). Em ambas as situações, deixe tráfego rodando entre as vlans criadas e verifique que a redundância irá assegurar o fluxo do mesmo.