Use Only: HP Networking Interoperability
Uploaded by
ivanovUse Only: HP Networking Interoperability
Uploaded by
ivanovHP Networking Interoperability
Learner Guide
Version 11.12
y
nl
O
Se
alU
rn
te
In
P
r H
Fo
Copyright 2010 Hewlett-Packard Development Company, L.P.
The information contained herein is subject to change without notice. The only warranties for HP products and
services are set forth in the express warranty statements accompanying such products and services. Nothing
herein should be construed as constituting an additional warranty. HP shall not be liable for technical or editorial
errors or omissions contained herein.
This is an HP copyrighted work that may not be reproduced without the written permission of HP. You may not use
these materials to deliver training to any person outside of your organization without the written permission of HP.
HP Networking Interoperability
Learner Guide
y
Rev. 11.12
nl
O
Se
a lU
rn
te
In
P
r H
Fo
Contents
Module 1: Introduction to HP Networking Interoperability
Course objectives .......................................................................................... 1-1
Course agenda ............................................................................................. 1-2
Multi-vendor networks—Challenges and opportunities........................................ 1-3
Interoperability goals ..................................................................................... 1-5
Initial information for labs ............................................................................... 1-7
Module 1 summary ....................................................................................... 1-8
Module 2: Switch Management
y
Module 2 objectives ...................................................................................... 2-1
nl
Notes ..............................................................................................2-1
O
Enabling basic remote management ................................................................ 2-2
Notes ..............................................................................................2-2
Se
Management scenario 1 ................................................................................2-3
Management scenario 1a—Cisco ...................................................................2-5
lU
Management scenario 1b—HP A-Series ...........................................................2-6
Management scenario 1c—HP E-Series ............................................................ 2-7
a
Setting up a DHCP server on an HP A-Series switch ...........................................2-8
rn
IMC discovery—1 .........................................................................................2-9
te
IMC discovery—2 ....................................................................................... 2-10
IMC discovery—3 ........................................................................................ 2-11
In
IMC discovery—4 ....................................................................................... 2-13
IMC discovery—5 ....................................................................................... 2-14
P
Advanced and secured management ............................................................. 2-15
H
Notes ............................................................................................ 2-15
Management scenario 2 .............................................................................. 2-16
r
Fo
Management scenario 2 (cont.) ..................................................................... 2-17
Management scenario 2a—Cisco ................................................................. 2-19
Management scenario 2a—Cisco (cont.) ........................................................ 2-21
Management scenario 2a—Cisco (cont.) ........................................................ 2-22
Management scenario 2a—Cisco (cont.) ........................................................ 2-23
Management scenario 2b—HP A-Series ......................................................... 2-24
Information center on HP A-Series switches ..................................................... 2-27
Introduction to information center ...................................................... 2-27
Classification of system information ................................................... 2-27
Eight levels of system information ...................................................... 2-28
Seven output destinations and ten channels of system information ......... 2-28
Ten channels of system information ................................................... 2-29
Default output rules of system information ........................................... 2-29
info-center source ...........................................................................2-30
Rev. 11.12 i
HP Networking Interoperability
Management scenario 2b—HP A-Series (cont.) ............................................... 2-32
Management scenario 2b—HP A-Series (cont.) ...............................................2-34
Management scenario 2b—HP A-Series (cont.) ............................................... 2-35
Configuring SNMP NMS ................................................................. 2-36
Management scenario 2c—HP E-Series .......................................................... 2-37
Management scenario 2c—HP E-Series (cont.) ................................................ 2-39
Management scenario 2c—HP E-Series (cont.) ............................................... 2-40
Management scenario 2c—HP E-Series (cont.) ................................................ 2-41
LLDP and CDP ............................................................................................. 2-42
Notes ............................................................................................ 2-42
IEEE 802.1AB LLDP and CDP ........................................................................2-43
HP E-Series .................................................................................... 2-43
HP A-Series .................................................................................... 2-43
Cisco ............................................................................................2-44
y
Useful show and display commands ..............................................................2-45
nl
Notes ............................................................................................ 2-45
O
Lab 2.1: Management.................................................................................. 2-46
Lab debrief ................................................................................................. 2-47
Se
Module 2 summary .....................................................................................2-49
Module 3: VLANs
lU
Module 3 objectives ...................................................................................... 3-1
a
Notes ............................................................................................. 3-1
rn
Configuring and managing VLANs ..................................................................3-2
te
Notes ............................................................................................. 3-2
Terminology ................................................................................................. 3-3
In
Access, trunk, and hybrid ports on HP A-Series switches ....................... 3-3
VLAN configuration scenario ......................................................................... 3-5
P
VLAN configuration on Cisco: VLAN creation and trunk ports ............................ 3-6
H
VLAN configuration on Cisco: Access and voice ports .......................................3-7
VLAN routing on Cisco ................................................................................ 3-10
r
Fo
DHCP relay on Cisco ....................................................................................3-11
VLAN configuration on HP A-Series: VLAN creation and trunk ports................... 3-12
VLAN configuration on HP A-Series: Access and voice ports ............................. 3-13
VLAN routing on HP A-Series ........................................................................ 3-17
DHCP relay on HP A-Series ........................................................................... 3-18
VLAN configuration on HP E-Series ................................................................ 3-19
VLAN routing on HP E-Series .........................................................................3-20
DHCP relay on HP E-Series ........................................................................... 3-21
Dynamic VLAN creation: VTP and GVRP ........................................................ 3-22
VTP versus GVRP ......................................................................................... 3-23
GVRP and VTP on the same network .............................................................. 3-24
ii Rev. 11.12
Contents
GVRP operations ......................................................................................... 3-25
GVRP general operation ................................................................. 3-25
GVRP ......................................................................................................... 3-27
GVRP and VTP: Pros and cons ...................................................................... 3-28
Trunk and static VLANs: A best practice? ....................................................... 3-30
Lab debrief ................................................................................................ 3-32
Module 3 summary .................................................................................... 3-34
Learning check ........................................................................................... 3-35
Module 4: Link Aggregation
Module 4 objectives ...................................................................................... 4-1
MSTP review ................................................................................................ 4-2
MSTP regions—Review 1 ............................................................................... 4-3
MSTP regions—Review 2 ............................................................................... 4-5
y
Which BPDUs are used?—Review 3 ................................................................ 4-6
nl
MSTP BPDUs—Review 4 ................................................................................ 4-7
O
Additional Information about MSTP .................................................... 4-8
Common spanning tree—Review 5 ................................................................. 4-9
Se
What setup is required to enable load balancing?—Review 6 ........................... 4-10
Mapping VLANs to MST instances—Review 7 ................................................. 4-11
lU
Is MSTP “aware” of the VLAN setup?—Review 8 ............................................. 4-12
MSTP design options .................................................................................... 4-13
a
How do you set up VLANs on uplinks? ........................................................... 4-14
rn
Instances and VLAN settings—Activity ............................................................ 4-16
te
MSTP setting—Activity .................................................................................. 4-17
Adding a new VLAN on a switch implementing MSTP ...................................... 4-19
In
Assigning a VLAN to an MST instance .......................................................... 4-20
Strategies to place VLANs in MSTP instances ..................................................4-22
P
MSTP—Path costs ........................................................................................ 4-24
H
Configuring MSTP ........................................................................................4-25
IOS requirements for MSTP on Cisco .............................................................. 4-27
r
Fo
Cisco and HP MSTP scenario: HP A-Series switch configurations ........................4-29
Cisco and HP MSTP scenario: HP E-Series switch configurations ....................... 4-30
Troubleshooting MSTP .................................................................................. 4-31
Conclusion: MSTP on Cisco and HP switches ................................................. 4-32
Lab 4.1: Configuring MSTP ........................................................................... 4-33
Lab debrief ................................................................................................ 4-34
Module 4 summary .................................................................................... 4-35
Learning check ........................................................................................... 4-36
Rev. 11.12 iii
HP Networking Interoperability
Module 5: Implementing MSTP on Cisco and HP Switches
Module 5 objectives ...................................................................................... 5-1
PVST+ and STP interoperability .......................................................................5-2
How do STP/RSTP and Cisco PVST+/Rapid PVST+ differ? ................................. 5-3
PVST+ versus MSTP ....................................................................................... 5-5
Spanning tree BPDUs .....................................................................................5-7
Cisco PVST+: Which BPDUs are sent on trunk ports? ......................................... 5-9
Cisco PVST+: Which BPDUs are sent on access ports? ..................................... 5-10
Spanning tree BPDUs—Quiz 1 .......................................................................5-11
Spanning tree BPDUs—Quiz 2 ...................................................................... 5-13
Which BPDUs are sent and interpreted? ......................................................... 5-15
Resulting topology ....................................................................................... 5-16
STP—Port cost differences ............................................................................. 5-17
y
PVST+ quiz ................................................................................................. 5-18
nl
Cisco and HP scenario 1 .............................................................................. 5-19
O
PVST+/STP interoperability—Scenario 1.........................................................5-20
Scenario 1—VLAN topologies ...................................................................... 5-21
Se
Considering STP port cost differences ............................................................. 5-22
Considering STP port cost differences (cont.) ................................................... 5-23
lU
Cisco and HP scenario 1: Cisco switch configurations ...................................... 5-24
Cisco and HP scenario 1: HP A-Series switch configuration ............................... 5-25
a
Cisco and HP scenario 1: HP E-Series switch configuration ................................ 5-26
rn
Cisco and HP scenario 2 .............................................................................. 5-27
PVST+/STP interoperability—Scenario 2......................................................... 5-28
te
Scenario 2—VLAN topologies ...................................................................... 5-29
In
What setup is required in VLAN 1? .............................................................. 5-30
Cisco view in other VLANs ........................................................................... 5-31
P
Cisco and HP scenario 2: Cisco switch configurations ..................................... 5-32
H
What about other Cisco switches in the access layer? ..................................... 5-33
What is the purpose of load balancing?........................................................ 5-34
r
Lab 5.1: PVST+/MSTP interoperability............................................................ 5-36
Fo
Lab debrief .................................................................................................5-37
Cisco and HP scenario 3 ............................................................................. 5-38
HP in aggregation—Scenario 3 ................................................................... 5-39
HP in aggregation—Scenario 3 (cont.) .......................................................... 5-40
HP in aggregation—Scenario 3: With MSTP and PVST+ .................................. 5-41
HP in aggregation—Scenario 3: With MSTP and PVST+ (cont.) ........................ 5-43
HP in aggregation—Scenario 3: Configuration .............................................. 5-45
Lab 5.2: PVST+/MSTP interoperability: HP at the aggregation layer
(Optional).................................................................................................. 5-46
Lab debrief .................................................................................................5-47
Module 5 summary .................................................................................... 5-48
Learning check ........................................................................................... 5-49
iv Rev. 11.12
Contents
Module 6: Interoperability among PVST+, Rapid PVST+, and MSTP
Module 6 objectives ...................................................................................... 6-1
Reminder: With IRF, STP is unnecessary ........................................................... 6-2
Disabling STP on HP edge switches ................................................................ 6-3
What happens when STP is disabled on the HP edge switch? ............................ 6-4
What happens when STP is disabled on the HP edge switch? (cont.) .................. 6-5
Configuring the HP switch to disable STP ......................................................... 6-6
Configuring smart link ................................................................................... 6-7
Smart link on HP A-Series switches .................................................................. 6-8
Simple smart link configuration....................................................................... 6-9
Smart link and load balancing ...................................................................... 6-10
Smart link and load balancing (cont.) ............................................................ 6-11
Topology change mechanisms .......................................................... 6-11
y
Smart link status .......................................................................................... 6-13
nl
Configuring monitor link ............................................................................... 6-14
O
Monitor link on HP A-Series switches .............................................................. 6-15
Monitor link on HP A-Series switches (cont.) .................................................... 6-16
Se
Monitor link configuration ............................................................................. 6-17
Lab 6.1: Redundancy without STP ................................................................... 6-18
lU
Lab debrief ................................................................................................ 6-20
Module 6 summary .....................................................................................6-22
a
Learning check ............................................................................................ 6-23
rn
Module 7: Redundancy Without STP
te
Module 7 objectives ...................................................................................... 7-1
In
Spanning tree problems ................................................................................. 7-2
Hardening STP .............................................................................................. 7-3
P
Spanning tree hardening features ....................................................................7-4
H
Setting edge ports and non-edge ports............................................................. 7-5
UDLD and DLDP ............................................................................................ 7-6
r
Fo
Why unidirectional links cause problems .......................................................... 7-7
UDLD and DLDP interoperability ...................................................................... 7-9
STP hardening on edge ports ........................................................................ 7-10
BPDU guard = BPDU protection ...................................................................... 7-11
HP loop protect (HP E-Series) ..........................................................................7-12
TCN guard ..................................................................................................7-13
BPDU filter—Disabling STP on individual ports .................................................7-14
STP hardening on Cisco ................................................................................7-15
STP hardening on HP A-Series ........................................................................7-16
STP hardening on HP E-Series ........................................................................7-17
STP hardening on uplinks ............................................................................. 7-18
Root guard ................................................................................................. 7-19
Spanning tree root guard configuration .......................................................... 7-20
Rev. 11.12 v
HP Networking Interoperability
Loop guard ................................................................................................. 7-21
Spanning tree loop guard configuration ......................................................... 7-22
Lab 7.1: Hardening STP ................................................................................. 7-23
Module 7 summary ..................................................................................... 7-26
Module 8: Link Aggregation
Module 8 Objectives ..................................................................................... 8-1
Link aggregation and interoperability ...............................................................8-2
Link aggregation modes ................................................................................ 8-3
Interoperability between modes: What works? .................................... 8-4
Link aggregation modes (cont.) ...................................................................... 8-5
Link aggregation load balancing options ......................................................... 8-6
IRF, link aggregation, and interoperability: IRF in the distribution layer .................8-7
IRF, link aggregation, and interoperability: IRF in the distribution
y
and access layers ......................................................................................... 8-9
nl
IRF, link aggregation, and interoperability: IRF in the core and
O
distribution layers ........................................................................................ 8-10
Static link aggregation configuration ...............................................................8-11
Se
Static LACP link aggregation configuration ..................................................... 8-12
VLAN trunking and link aggregation .............................................................. 8-13
lU
Troubleshooting link aggregation ................................................................... 8-14
Lab 8.1: Configuring link aggregation and IRF ................................................. 8-15
a
Lab debrief ................................................................................................. 8-16
rn
Module 8 summary ..................................................................................... 8-18
te
Learning check ............................................................................................ 8-19
In
Module 9: Virtual IP Protocols
Module 9 objectives ...................................................................................... 9-1
P
Virtual IP concepts ........................................................................................ 9-3
H
Reference .............................................................................................. 9-5
r
Virtual IP quiz .............................................................................................. 9-6
Fo
HSRP, GLBP, and VRRP comparison ................................................................. 9-9
Interoperability ................................................................................ 9-9
Authentication ................................................................................. 9-9
Preempt delay ................................................................................. 9-9
Load balancing ............................................................................... 9-9
Tracking interface and remote IP ....................................................... 9-10
Stateful NAT ................................................................................... 9-10
Virtual MAC................................................................................... 9-10
Multicast IP .................................................................................... 9-10
Comparing IRF to virtual IP protocols ............................................................... 9-11
VRRP on Cisco ............................................................................................ 9-12
Virtual IP design cases ................................................................................. 9-13
Default gateway redundancy with HSRP and VRRP .......................................... 9-14
vi Rev. 11.12
Contents
Default gateway redundancy with IRF ............................................................ 9-15
Operational planes (control, management, and forwarding) ................ 9-15
Operational planes in IRFv2 ............................................................ 9-16
Load balancing with GLBP and VRRP (HP A-Series devices) ............................... 9-17
Load balancing with IRF ............................................................................... 9-18
Next hop router in static routes—Case 1 ........................................................ 9-19
Next hop router in static routes—Case 2 ........................................................9-20
Next hop router in static routes with IRF .......................................................... 9-21
Preemption and preempt delay ...................................................................... 9-22
No preempt delay needed with IRF ................................................................ 9-23
Tracking interfaces with VRRP or HSRP ........................................................... 9-24
Tracking remote IP addresses ........................................................................ 9-25
Tracking with IRF and NQA .......................................................................... 9-27
Configuring virtual IP protocols ...................................................................... 9-28
y
HSRP configuration example ......................................................................... 9-29
nl
GLBP configuration example ........................................................................ 9-30
O
VRRP configuration example on HP A-Series .................................................... 9-31
VRRP tracking remote IP on HP A-Series ......................................................... 9-32
Se
VRRP tracking remote IP on HP A-Series (cont.) ............................................... 9-33
Example output for display and debugging commands ...................... 9-35
lU
VRRP configuration example on HP E-Series ................................................... 9-38
Lab 9.1: Configuring VRRP (Optional) ............................................................ 9-39
a
Lab debrief ................................................................................................. 9-41
rn
Module 9 summary .................................................................................... 9-44
Learning check ........................................................................................... 9-45
te
Module 10: Routing with OSPF
In
Module 10 objectives ................................................................................... 10-1
P
Scenarios for configuring OSPF neighbors ...................................................... 10-2
H
OSPF neighboring—Scenario 1-1 ...................................................................10-3
Best practices .................................................................................10-4
r
Fo
OSPF DR election—Scenario 1-2 ....................................................................10-5
Other best practices ........................................................................10-6
OSPF authentication..................................................................................... 10-7
OSPF neighbors—Scenario 1-4 .....................................................................10-9
What is the purpose of the configurations displayed in this slide? ......... 10-9
When would you need to initiate a graceful restart? ...........................10-9
What are requirements for implementing graceful restart? ....................10-9
What happens on each router when you initiate a graceful
restart on HP 1? ........................................................................... 10-10
Commands for enabling OSPF graceful restart ................................. 10-10
Rev. 11.12 vii
HP Networking Interoperability
OSPF neighbors—Scenario 1-5 .................................................................... 10-11
Why is it relevant to use BFD between the three routers? .................... 10-11
What BFD transmit timers will be negotiated between HP1
and Cisco3? ................................................................................ 10-11
What values would you recommend for the timers? ........................... 10-12
What will happen if INT VLAN10 fails on HP1? ............................... 10-12
OSFP area scenarios...................................................................................10-13
OSPF area summarization—Scenario 2-1 .......................................................10-14
OSPF area summarization—Scenario 2-1-a ................................................... 10-17
How can the ABR filter networks? ................................................... 10-17
What is the default value for router ID? ........................................... 10-18
How and why would you configure the ABR to send a default route
to routers in an area? .................................................................... 10-18
OSPF area summarization—Scenario 2-1-b ................................................... 10-19
y
OSPF area summarization—Scenario 2-1-c .................................................... 10-21
nl
OSPF area summarization—Scenario 2-2 ..................................................... 10-23
O
OSPF passive interface—Scenario 2-3 .......................................................... 10-26
Use cases .................................................................................... 10-26
Se
OSPF passive interface—Scenario 2-3-a ................................................. 10-27
OSPF area and redistribution scenarios ........................................................ 10-28
lU
OSPF redistribution—Scenario 3-1 ............................................................... 10-29
OSPF redistribution—Scenario 3-1-a ....................................................... 10-31
a
OSPF redistribution—Scenario 3-1-b ....................................................... 10-33
rn
OSPF redistribution—Scenario 3-1-c ....................................................... 10-35
OSPF redistribution—Scenario 3-2 ............................................................... 10-36
te
OSPF redistribution—Scenario 3-2-a ...................................................... 10-37
In
OSPF redistribution—Scenario 3-2-b ...................................................... 10-38
OSPF redistribution—Scenario 3-2-c ...................................................... 10-39
P
OSPF redistribution—Scenario 3-3 ...............................................................10-40
H
OSPF redistribution—Scenario 4-1 ............................................................... 10-42
Use cases .................................................................................... 10-42
r
Fo
OSPF redistribution—Scenario 4-1 implications .......................................10-44
OSPF redistribution—Scenario 4-1 implications (cont) .............................. 10-46
OSPF redistribution—Scenario 4-1 configuration ..................................... 10-47
OSPF redistribution—Scenario 4-1-a ...................................................... 10-48
OSPF redistribution—Scenario 4-1-b ...................................................... 10-49
OSPF redistribution—Scenario 4-1-c ....................................................... 10-50
Configuration for Cisco ................................................................. 10-51
Limitations of the solution ............................................................... 10-51
OSPF redistribution—Scenario 4-2 ............................................................... 10-52
OSPF redistribution and filtering: Scenario 4-2-a ..................................... 10-53
OSPF redistribution and filtering—Scenario 4-2-b .................................... 10-54
Alternate configuration with ip prefix-list ........................................... 10-54
Alternate configuration with filter-policy export ................................. 10-55
viii Rev. 11.12
Contents
OSPF redistribution and filtering—Scenario 4-2-c .................................... 10-56
OSPF redistribution and filtering—Scenario 4-2-d .................................... 10-57
OSPF default route injection—Scenario 5 ..................................................... 10-58
OSPF default route injection—Scenario 5-1 ............................................. 10-59
Additional reference...................................................................... 10-60
OSPF redistribution and filtering—Scenario 5-2 ....................................... 10-61
Labs 10.1 and 10.2: Configuring OSPF ........................................................ 10-62
Lab debrief ...............................................................................................10-64
Module 10 summary .................................................................................. 10-66
Learning check .......................................................................................... 10-67
Module 11: Network Address Translation
Module 11 objectives .................................................................................... 11-1
Internet access with dynamic NAT................................................................... 11-2
y
NAT and Internet access—Scenario 1 .............................................................11-3
nl
NAT and Internet access—Scenario 1a .......................................................... 11-4
O
NAT and Internet access—Scenario 1b ........................................................... 11-5
NAPT configuration on the HP A-Series switch .....................................11-5
Se
Introduction to connection limit .......................................................... 11-6
Internal servers with static NAT ....................................................................... 11-7
lU
Internal servers and NAT—Scenario 2 .............................................................11-8
Internal servers and NAT—Scenario 2a ...........................................................11-9
a
Internal servers and NAT—Scenario 2b ......................................................... 11-10
rn
Internal servers and NAT—Scenario 3 ............................................................ 11-11
te
Internal servers and NAT—Scenario 3a ......................................................... 11-12
Internal servers and NAT—Scenario 3b ..........................................................11-13
In
Internal servers and NAT—Scenario 3c ..........................................................11-14
Using static NAT for overlapping networks ......................................................11-15
P
Overlapping networks—Scenario 4 .............................................................. 11-16
H
Overlapping networks—Scenario 4a ............................................................ 11-18
Overlapping networks—Scenario 4b ............................................................ 11-19
r
Fo
Overlapping networks—Scenario 4c............................................................. 11-20
Overlapping networks—Scenario 4d ............................................................ 11-22
Alternative configuration with dynamic NAT ...................................... 11-22
Module 11 summary ................................................................................... 11-23
Learning check ........................................................................................... 11-24
Appendix A: Learning Check Answers
Rev. 11.12 ix
HP Networking Interoperability
PAGE INTENTIONALLY LEFT BLANK
y
nl
O
Se
lU
a
rn
te
In
P
r H
Fo
x Rev. 11.12
Introduction to HP Networking Interoperability
Module 1
Course objectives
In this course, you will learn how to deploy Cisco and HP devices together in a
network. You will examine Cisco interoperability both with HP A-Series devices,
designed for large and complex enterprises, and with HP E-Series devices, intended
for Small to Medium Businesses (SMBs), which might, nonetheless, have some
sophisticated requirements.
Specifically, you will learn how to:
y
Manage the devices from a single management solution
nl
Extend VLANs across the network in a consistent manner
O
Configure link aggregation groups between HP and Cisco switches
Se
Implement redundant links in a loopless topology using the best method for your
environment
lU
Configure virtual IP protocols for redundant routing
a
Establish OSPF autonomous systems with HP and Cisco switches
rn
Implement NAT on the appropriate devices
te
In
P
r H
Fo
Rev. 11.12 1 –1
HP Networking Interoperability
Course agenda
The agenda for this course is:
Day 1:
Module 1: Introduction to HP Networking Interoperability
Module 2: Switch Management
Lab 2.1: Management
Module 3: VLANs
Lab 3.1: Configuring VLANs
Module 4: Implementing MSTP (beginning)
y
Day 2:
nl
Module 4: Implementing MSTP (end)
O
Lab 4.1: Configuring MSTP
Se
Module 5: Interoperability Among PVST+, Rapid PVST+, and MSTP
Lab 5.1: Configuring PVST+/MSTP Interoperability: Cisco at the
lU
Aggregation Layer
a
Optional Lab 5.2: Configuring PVST+/MSTP Interoperability: HP at the
rn
Aggregation Layer
te
Module 6: Redundancy Without STP
In
Lab 6.1: Implementing Redundant links Without STP
Day 3:
P
H
Optional Module 7: STP Hardening
Lab 7.1: Configuring Spanning Tree Hardening
r
Fo
Module 8: Link Aggregation
Lab 8.1: Configuring Link Aggregation and IRF
Module 9: Virtual IP Protocols
Optional Lab 9.1: Configuring VRRP
Day 4
Module 10: Routing with OSPF
Lab 10.1: Configuring OSPF Areas
Optional Lab 10.2: Configuring OSPF Redistribution
Module 11: Network Address Translation
1 –2 Rev. 11.12
Introduction to HP Networking Interoperability
Multi-vendor networks—Challenges and
opportunities
Why do you want to
What challenges do you
implement a multi-
expect to face?
vendor network?
• Customers want the • Different platforms might
flexibility to purchase the support different protocols and
switches that make features.
economic sense now. • You are unfamiliar with the
• Customers want to continue protocols and configuration
to receive a return on former commands for the new
investments. vendor’s equipment.
y
nl
O
Se
Figure 1-1: Multi-vendor network—Challenges and opportunities
lU
Consider the questions displayed in the table. Why do you want to implement a
multi-vendor network? What benefits do you expect from knowing how to do so? On
a
the other hand, what challenges do you expect to face during the implementation?
rn
What pitfalls must you avoid?
te
The table above gives a couple of general ideas to get you started. Discuss more
ideas with your classmates. Try to make your contributions to the discussion as
In
concrete as possible. Draw on your experiences as a networking professional and
think carefully about why you are attending this course and what you hope to gain
P
from your time here.
H
_______________________________________________________________________
r
Fo
_______________________________________________________________________
_______________________________________________________________________
_______________________________________________________________________
_______________________________________________________________________
_______________________________________________________________________
_______________________________________________________________________
Rev. 11.12 1 –3
HP Networking Interoperability
_______________________________________________________________________
_______________________________________________________________________
_______________________________________________________________________
_______________________________________________________________________
_______________________________________________________________________
_______________________________________________________________________
y
nl
_______________________________________________________________________
O
_______________________________________________________________________
Se
_______________________________________________________________________
a lU
_______________________________________________________________________
rn
te
_______________________________________________________________________
In
_______________________________________________________________________
P
H
_______________________________________________________________________
r
Fo
_______________________________________________________________________
_______________________________________________________________________
_______________________________________________________________________
_______________________________________________________________________
_______________________________________________________________________
1 –4 Rev. 11.12
Introduction to HP Networking Interoperability
Interoperability goals
– What are your goals for the multi-vendor network
deployment?
• Using single management system?
• Providing a consistent, high-quality network experience?
• Implementing open-standard protocols? Making familiar Cisco
protocols interoperate with open-standard protocols?
• Other goals?
y
nl
Figure 1-2: Interoperability goals
O
You have considered the challenges of deploying a multi-vendor network. You must
Se
now set goals to meet those challenges. The figure gives some examples of general
goals that you might set. For example, you might want to deploy a network that uses
lU
a single management solution.
a
Of course, you will need to define your goals more precisely than the ones listed
rn
above. What does a consistent, high-quality network experience mean to you? What
issues are involved in providing it, and what concrete goals can you set to ensure
te
that these issues are resolved? For example, you might need to provide high
In
availability by implementing redundant links between all access layer and
aggregation layer switches.
P
Your goals might differ from others’. For example, you might want to implement open-
H
standard protocols while your neighbor would prefer to implement familiar
proprietary protocols whenever they can interoperate with the open-standard ones.
r
Fo
What are the advantages and disadvantages of either goal?
You can record your ideas and the ideas of your classmates in the space provided.
_______________________________________________________________________
_______________________________________________________________________
_______________________________________________________________________
_______________________________________________________________________
_______________________________________________________________________
Rev. 11.12 1 –5
HP Networking Interoperability
_______________________________________________________________________
_______________________________________________________________________
_______________________________________________________________________
_______________________________________________________________________
_______________________________________________________________________
_______________________________________________________________________
y
nl
_______________________________________________________________________
O
_______________________________________________________________________
Se
_______________________________________________________________________
a lU
_______________________________________________________________________
rn
te
_______________________________________________________________________
In
_______________________________________________________________________
P
H
_______________________________________________________________________
r
Fo
_______________________________________________________________________
_______________________________________________________________________
_______________________________________________________________________
_______________________________________________________________________
1 –6 Rev. 11.12
Introduction to HP Networking Interoperability
Initial information for labs
Cisco-A Cisco-B
IP addressing:
Names: 10.POD.VLAN.X/24
HP-C HP-D •Cisco-A=Catalyst 3750 X=1 on Cisco-A
•Cisco-B=Catalyst 3750 X=2 on Cisco-B
•HP-C=HP A5800 X=3 on HP-C
HP-E HP-F
•HP-D= HP A5800 X=4 on HP-D
•HP-E= HP E3500 X=5 on HP-E
•HP-F=HP E3500 X=6 on HP-F
Server_1 Client_1
IMC XP •Server_1= Windows 2008 Server X=100 on Server_1
•Client_1= Client X=101 on Client_1
y
nl
Figure 1-3: Initial information for labs
O
During this course, you will complete several labs. Each lab includes two or more of
Se
the switches displayed in the slide. The names and IP addresses used throughout the
labs are consistent. For example, the HP A5800 switches are always HP-C and HP-D
lU
and have 3 and 4 in the final octet of their IP addresses. However, some of the labs
include only some of the equipment.
a
You will also use a Windows Server 2008 and a client for the labs.
rn
te
In
P
r H
Fo
Rev. 11.12 1 –7
HP Networking Interoperability
Module 1 summary
You have articulated your goals for a multi-vendor network deployment and seen the
multi-vendor equipment with which you will be practicing such a deployment for the
rest of this course. You are ready to turn your attention to the specific interoperability
issues on which the rest of this course focuses.
y
nl
O
Se
a lU
rn
te
In
P
r H
Fo
1 –8 Rev. 11.12
Switch Management
Module 2
Module 2 objectives
After completing this module, you will be able to:
Configure HP A-Series, HP E-Series, and Cisco switches so that they can be
managed by the HP Intelligent Management Center (IMC) platform
Configure the following features for secure management of HP A-Series, HP E-
Series, and Cisco switches:
Authenticated access
y
nl
Secure Shell (SSH) V2.0
O
Simple Network Management Protocol (SNMP) v2 and v3
Network Time Protocol (NTP)
Syslog
Se
lU
Configure and use Link Layer Discovery Protocol (LLDP) on HP A-Series, HP E-
Series, and Cisco switches
a
rn
Notes
te
_____________________________________________________________________
In
_____________________________________________________________________
P
H
_____________________________________________________________________
r
Fo
_____________________________________________________________________
_____________________________________________________________________
_____________________________________________________________________
_____________________________________________________________________
_____________________________________________________________________
Rev. 11.12 2 –1
HP Networking Interoperability
Enabling basic remote management
This first scenario focuses on how to pre-configure a switch so that it can be
discovered by IMC and accessed through Telnet.
The second scenario shows you how to create secure configuration sessions for a
switch using NTP, Syslog, SSH, and SNMPv3.
Finally, you will review Cisco Discovery Protocol (CDP) and Link Layer Discovery
Protocol (LLDP) and their uses in gathering network information.
Notes
_________________________________________________________________________
y
_________________________________________________________________________
nl
O
_________________________________________________________________________
Se
_________________________________________________________________________
lU
_________________________________________________________________________
a
rn
_________________________________________________________________________
te
In
_________________________________________________________________________
P
_________________________________________________________________________
r H
_________________________________________________________________________
Fo
_________________________________________________________________________
_________________________________________________________________________
_________________________________________________________________________
_________________________________________________________________________
2 –2 Rev. 11.12
Switch Management
Management scenario 1
– You must deploy a number of access-layer
switches:
• HP A-Series, E-Series, and Cisco switches
– You pre-configure switches with a minimal
configuration to allow discovery by IMC.
– With IMC, you create a template configuration that is
secured and operational.
y
nl
What minimal switch parameters should you configure to allow
discovery by IMC?
O
Figure 2-1: Management scenario 1
Se
For the first scenario, you are deploying an HP A-Series switch, HP E-Series switch,
lU
and Cisco switch at the access layer. You need to pre-configure the switches with the
most basic configurations that will allow IMC to discover the switches. You will then
a
use IMC to configure and manage the switches.
rn
Q: What minimal switch parameters does IMC require to discover the switches?
te
_________________________________________________________________________
In
_________________________________________________________________________
P
H
_________________________________________________________________________
r
Fo
_________________________________________________________________________
_________________________________________________________________________
_________________________________________________________________________
_________________________________________________________________________
Rev. 11.12 2 –3
HP Networking Interoperability
Management scenario 1 (cont.)
1 System name (configured by default)
2 IP address + default gateway
3 SNMPv2 community
RW is required for management (RO would be enough for discovery)
4
SNMP trap receiver*
5 Telnet access without authentication
* IMC can set itself as trap receiver
when it discovers devices
Once the switch is discovered, IMC can apply a secured
y
configuration, which will be shown in management
nl
scenario 2.
O
Figure 2-2: Management scenario 1 (cont.)
Se
These are the basic switch parameters necessary for IMC to discover the device:
lU
System name
IP address and default gateway
a
SNMPv2 community—IMC requires only the read-only community to discover
rn
the device, but it needs the read-write community to manage the device.
te
Configuring an SNMP trap receiver is not necessary for the discovery process but
In
can provide useful feedback to IMC regarding the switch. Once IMC discovers a
device, it can set itself as an SNMP trap receiver.
P
Telnet access is also not needed for the discovery process, but you might want to
H
configure it so that you can configure the switches remotely as needed. (SSH is the
r
more secure alternative, covered in the Management Appendix.)
Fo
2 –4 Rev. 11.12
Switch Management
Management scenario
g 1a—Cisco
Conf t
1 System name
hostname corpabc-1-2
2 IP address through DHCP IMC
Interface vlan 1 10.1.1.100
ip address dhcp
no shut
3 SNMP v2c community
snmp-server community imc-access rw
4 SNMP traps
snmp-server enable traps
snmp-server source-interface loopback 0
snmp-server host 10.1.1.100 version 2c public
5 Telnet without authentication
y
line vty 0 4
no login
nl
privilege level 15
O
When is a source-interface useful?
Se
Figure 2-3: Management scenario 1a—Cisco
Q: When is a source interface useful?
lU
_________________________________________________________________________
a
_________________________________________________________________________
rn
te
_________________________________________________________________________
In
_________________________________________________________________________
P
H
_________________________________________________________________________
r
Fo
Note
Setting up Telnet access without authentication, as shown above, will allow you
to access a Cisco switch remotely and log in without a password. This can be
insecure, so in a real-world situation, you would either set a password or set the
privilege level lower for the interface without authentication.
Rev. 11.12 2 –5
HP Networking Interoperability
Management scenario
g 1b—HP A-Series
system-view
1 System name
sysname corpabc-1-3
2 IP address through DHCP
Interface vlan 1
ip address dhcp-alloc
quit
3 SNMP v2c community
snmp-agent trap-source vlan-interface 1
snmp-agent sys-info version v2c
snmp-agent community write imc-access
4 SNMP trap receiver
snmp-agent target-host trap address udp-domain 10.1.1.100
params securityname public V2C
5 Telnet without authentication
telnet server enable
y
user-interface vty 0 15
nl
authentication-mode none
user privilege level 3
O
quit
What does user privilege level 3 mean?
Se
Figure 2-4: Management scenario 1b—HP A-Series
Q: What does user privilege level 3 mean?
lU
_________________________________________________________________________
a
rn
_________________________________________________________________________
te
_________________________________________________________________________
In
_________________________________________________________________________
P
H
Note
r
A-Series switches have four command and privilege levels: visitor, monitor,
Fo
system, and manager. These levels are numbered 0-3, respectively. By default,
the command level for a user console interface is 3, and for all other interfaces it
is 0.
2 –6 Rev. 11.12
Switch Management
Management scenario
g 1c—HP E-Series
1 System name
hostname corpabc-2-4
2 IP address through DHCP
vlan 1 ip address dhcp ! Default
3 SNMP v2c community
no snmp-server community public
snmp-server community imc-access manager unrestricted
4 SNMP trap receiver
snmp-server host 10.1.1.100 public
snmp-server trap-source loopback 0
5 Telnet without authentication
! telnet access is permitted without passwords
! And provide access to privileged level
y
Why not configure a read-only community?
nl
O
Figure 2-5: Management scenario 1c—HP E-Series
Se
Q: Why not configure a read-only community?
_________________________________________________________________________
lU
_________________________________________________________________________
a
rn
_________________________________________________________________________
te
_________________________________________________________________________
In
_________________________________________________________________________
P
H
_________________________________________________________________________
r
Fo
_________________________________________________________________________
In the final setup you will configure:
A read-only community for SNMP management platforms that allows you to view
information and monitor the switch’s status
A read-write community for SNMP management platforms, such as IMC, which
allows you to configure settings, and manage firmware
Rev. 11.12 2 –7
HP Networking Interoperability
Setting up a DHCP server on an HP A-Series switch
dhcp enable
dhcp server ip-pool vlan1-pool
network 10.1.1.0 24
gateway-list 10.1.1.1
dns-list 10.1.1.20
domain-name corpabc.com
quit
dhcp server forbidden-ip 10.1.1.1 10.1.1.4
y
nl
Figure 2-6: Setting up a DHCP server on an HP A-Series switch
O
Q1: Why would you configure a DHCP server on an A-Series switch?
Se
_________________________________________________________________________
lU
_________________________________________________________________________
a
_________________________________________________________________________
rn
_________________________________________________________________________
te
In
Q2: Why would you use a DHCP server to assign IP address to your switches? You
usually configure static IP addresses on switches.
P
H
_________________________________________________________________________
r
_________________________________________________________________________
Fo
_________________________________________________________________________
For example, suppose you need to replace a defective switch. If you preconfigure the
switch with the basic parameters outlined in this scenario, it will automatically
acquire an IP address and be discovered by IMC when it is plugged in to the
network. (The IP address can also be found through the LLDP display.) This will allow
remote configuration and management of the switch.
Later you can apply an IMC configuration template that sets the IP address for all
devices.
2 –8 Rev. 11.12
Switch Management
IMC discovery—1
Add an SNMP Template
1. Add an SNMP template that contains SNMP communities (or
SNMPv3 settings).
y
nl
2. Multiple SNMP templates can be used by Auto-Discovery
mechanisms.
O
Figure 2-7: IMC discovery—1
Se
The next several pages describe the basic steps to set IMC to discover the devices
lU
that have been added to the network.
The first step is to create an SNMP template that contains one of the following:
a
An SNMP v2c communities (read-only and read-write)
rn
An SNMP v3 group, a user associated with that group, and authentication and
te
encryption methods
In
Multiple templates can be created to be used by IMC to discover all devices or those
within a given range of IP addresses
P
H
_________________________________________________________________________
r
_________________________________________________________________________
Fo
_________________________________________________________________________
_________________________________________________________________________
_________________________________________________________________________
_________________________________________________________________________
_________________________________________________________________________
Rev. 11.12 2 –9
HP Networking Interoperability
IMC discovery—2
dhcp enable
dhcp server ip-pool vlan1-pool
network 10.1.1.0 mask 255.255.255.0
gateway-list 10.1.1.1
dns-list 10.1.1.20
domain-name corpabc.com
quit
dhcp server forbidden-ip 10.1.1.1 10.1.1.4
3. Set parameters of SNMP template
y
nl
O
Figure 2-8: IMC discovery—2
Here is a sample SNMP v2c template.
Se
lU
The SNMP v2c template contains:
Read-Only community string
a
rn
Read-Write community string
te
An SNMP v3 template contains:
In
SNMPv3 group
SNMPv3 user
P
Authentication method and password (for example, Message Digest 5 [MD5] or
H
Secure Hash Algorithm [SHA])
r
Fo
Encryption method and password (for example, Advanced Encryption Standard
[AES] 128 or Digital Encryption Standard [DES] 56)
2 –10 Rev. 11.12
Switch Management
IMC discovery—3
Four modes for auto-discovery
4. Select Auto-Discovery method.
y
nl
What are the discovery methods? Pro and cons of each?
O
Figure 2-9: IMC discovery—3
Se
IMC supports four modes of auto discovery, which determine how IMC searches for
lU
devices:
1. Routing-Based
a
rn
IMC reads the routing table of the “seed” router and explores all the nodes in all
IP subnets discovered in the routing table.
te
Pros: Full automatic discovery of the network.
In
Cons: If the routing table is large, discovery could take hours or even days.
P
The routing table may be much larger than the network to be discovered.
H
Recommendation: Use when the network is limited to one, or a few small, IP
subnets.
r
Fo
2. ARP-Based
ARP reads the ARP table of the main device to find nodes.
Pros: The search is restricted to active devices of local IP subnets as found
on a routing switch, so the search is quicker.
Cons: If devices are not active in IP, they may not be found. Also, if the ARP
table is populated with many IP end nodes, the search can be time
consuming.
Recommendation: Use for a quicker search.
Rev. 11.12 2 –11
HP Networking Interoperability
3. IPSec VPN-Based
IMC scans the IP addresses on the remote end of IPSec VPN.
Pros: The search focuses on remote devices related to IPSec VPN.
Cons: May be time consuming if remote networks are large.
Recommendation: Use with IPSec VPN remote networks
4. Network-Segment Based
You enter specific ranges of IP addresses to reduce scope of the IMC search.
Pros: You can target the “management VLAN”IP subnets, the IP ranges in
which devices are set (for example, the first 10 IP addresses of the subnet).
This can increase discovery efficiency
y
Cons: Requires more manual configuration.
nl
Recommendation: Use with large networks. Use when the range of IP
O
addresses of network devices is known. Use to decrease discovery time.
Se
Note
Manual discovery is always possible.
a lU
rn
te
In
P
r H
Fo
2 –12 Rev. 11.12
Switch Management
IMC discovery—4 y
5. How to discover devices:
- IP range
- SNMP templates
- Telnet and SSH templates
dhcp enable
dhcp server ip-pool vlan1-pool
network 10.1.1.0 mask 255.255.255.0
gateway-list 10.1.1.1
dns-list 10.1.1.20
domain-name corpabc.com
quit
dhcp server forbidden-ip 10.1.1.1 10.1.1.4
y
nl
O
Se
Figure 2-10: IMC discovery—4
lU
This figure shows the IMC window on which you define Network Segment-Based
auto-discovery. Configuration tasks include:
a
Configure a range of IP addresses to be discovered. This step is required.
rn
If you want to use your devices’ loopback interface IP addresses as the
te
management addresses, select the check box.
In
Select the Automatically register to receive SNMP traps from supported devices
check box.
P
Configure the type of login: Telnet or SSH.
H
Configure the SNMP settings. You can use pre-defined SNMP templates or
r
Fo
define SNMP parameters manually. This step is required.
Configure the parameters for connecting to the switches using either SSH or
Telnet.
Rev. 11.12 2 –13
HP Networking Interoperability
IMC discovery—5
Devices discovered through SNMP
y
nl
Figure 2-11: IMC discovery—5
O
This is how IMC lists the auto-discovered devices.
Se
a lU
rn
te
In
P
r H
Fo
2 –14 Rev. 11.12
Switch Management
Advanced and secured management
In the next section, you will review how to secure management access to HP A-Series,
HP E-Series, and Cisco switches. In the space provided below, list the management
access methods that are secure and those that are not secure.
Notes
_________________________________________________________________________
_________________________________________________________________________
_________________________________________________________________________
_________________________________________________________________________
y
nl
_________________________________________________________________________
O
_________________________________________________________________________
Se
_________________________________________________________________________
lU
_________________________________________________________________________
a
rn
_________________________________________________________________________
te
_________________________________________________________________________
In
_________________________________________________________________________
P
H
_________________________________________________________________________
r
Fo
_________________________________________________________________________
_________________________________________________________________________
_________________________________________________________________________
_________________________________________________________________________
_________________________________________________________________________
_________________________________________________________________________
Rev. 11.12 2 –15
HP Networking Interoperability
Management scenario 2
– Goals:
• Make devices manageable
• Createa secured infrastructure, which
requires secured devices
y
What settings would you recommend to make switches
nl
manageable and secured?
O
Figure 2-12: Management scenario 2
Se
In scenario 2, you will concentrate on creating secured configurations for switches.
lU
What settings would you recommend to make switches manageable and secured?
_________________________________________________________________________
a
rn
_________________________________________________________________________
te
_________________________________________________________________________
In
P
_________________________________________________________________________
H
_________________________________________________________________________
r
Fo
_________________________________________________________________________
_________________________________________________________________________
_________________________________________________________________________
_________________________________________________________________________
_________________________________________________________________________
_________________________________________________________________________
2 –16 Rev. 11.12
Switch Management
Management scenario
g
2 (cont.)( )
1 Encrypting passwords
2 Time protocol client
3 Syslog services
4 SSH V2.0
5 Secured access
• Local authentication
6 SNMP v3
y
How do you secure management access?
nl
O
Figure 2-13: Management scenario 2 (cont.)
Se
Now you need to select the features needed to complete the configuration.
The device needs to be fully manageable
lU
The access needs to be secure
a
Examine the following features to make the device and the configuration secure:
rn
Encryption of passwords in the configuration process
te
SSH access
In
SNMP v3
P
Authentication of username and passwords, but only at one level
H
Due to the time constraints of the course, only a limited number of features can be
covered. However, you should be aware of some other features, including:
r
Fo
Secure Socket Layer (SSL)
Console access
Access Control Lists (ACLs) to restrict access to devices (access class, ACL with
SNMP communities)
Authentication of NTP
Hardening switch configuration (such as closing ports or disabling switches)
Rev. 11.12 2 –17
HP Networking Interoperability
Consider your own switch management practices:
What management features do you always configure on your devices?
Why do you choose these management features?
To harden configuration?
To make deployment and maintenance easier?
For automation or scalability?
To access more information from the device?
To secure management access?
_________________________________________________________________________
y
_________________________________________________________________________
nl
_________________________________________________________________________
O
Se
_________________________________________________________________________
lU
_________________________________________________________________________
_________________________________________________________________________
a
rn
_________________________________________________________________________
te
In
_________________________________________________________________________
P
_________________________________________________________________________
H
_________________________________________________________________________
r
Fo
_________________________________________________________________________
_________________________________________________________________________
_________________________________________________________________________
_________________________________________________________________________
_________________________________________________________________________
_________________________________________________________________________
2 –18 Rev. 11.12
Switch Management
Management scenario 2a—Cisco
1
Encrypt passwords
Service password-encryption
2 Set time with NTP, time zone, and summertime
ntp server 10.1.1.100 What does this command do?
clock timezone gmt1 1
clock summer-time GMT1 recurring last Sun Mar 1:00 last Sun Oct 1:00 60
3 Setting syslog server and info log level
Logging host 10.1.1.100
Logging alarm notifications
service timestamps log datetime localtime
y
What commands do you use to access logging on the terminal?
nl
Figure 2-14: Management scenario 2a—Cisco
O
In this Cisco switch configuration, note the following command:
clock timezone gmt1 1
Se
lU
This command sets the timezone. Note that gmt1 does not configure the
timezone; rather this option is a name that displays for the timezone setting. You
a
can select any name (up to seven characters.)
rn
The next option actually sets the timezone. In this example, it is the positive offset
te
to the coordinated universal time (UTC). For a negative offset, use the –
character:
In
clock timezone PT -8
P
Use the clock summer-time recurring command to set the system to annually adjust
H
for Daylight Saving Time.
r
In Western Europe, Daylight Saving Time starts on the last Sunday in March and
Fo
ends the last Sunday in October at 1 a.m.
One hour is added when summertime starts and deducted when summertime
ends.
clock summer-time GMT1 recurring last Sun Mar 1:00 last Sun Oct
1:00 60
In the USA, Daylight Saving Time begins the second Sunday in March and ends
the first Sunday in November. (Note that the states of Hawaii and Arizona do
not observe Daylight Saving Time.)
Rev. 11.12 2 –19
HP Networking Interoperability
clock summer-time GMT1 recurring 2 Sun Mar 1:00 first Sun Nov 1:00
60
What command do you use to access logging on the terminal?
_________________________________________________________________________
_________________________________________________________________________
_________________________________________________________________________
Use the following command as a precaution against your input being interrupted by
a large amount of system output:
Cisco# conf t
y
Cisco(config)# line vty 04
nl
Cisco(config)# logging synchronous
O
Cisco(config)# exit
With this feature enabled, you can continue your operations from the point where
Se
you were interrupted.
You should also specify the name or number of the severity level where messages
lU
should be automatically logged by the system. Messages at, or numerically lower,
than the specified level will be logged.
a
rn
Severity values
te
Severity Severity Value Description
In
Emergencies 0 The system is unavailable
Alerts 1 Immediate action required
P
H
Critical 2 Critical information
Errors 3 Error warning
r
Fo
Warnings 4 Warnings
Notifications 5 Information that the system
administrator should be aware of
Informational 6 Information to be recorded
Debugging 7 Debugging information
The default level varies according to the platform you are using, but is generally 7.
Level 7 means that messages at all levels (0-7) are logged to the buffer.
2 –20 Rev. 11.12
Switch Management
Management scenario 2a—Cisco (cont.)
4 Generate key pair, enable SSH server, and disable Telnet access
crypto key generate rsa usage-keys modulus 1024
ip ssh version 2
line vty 0 4
transport input ssh
exit
5 Set authentication mode to AAA – default authentication : local user
line vty 0 4
login local
exit
Define local user and privilege level, associated services
username admin123 privilege 15 password verysecret
How will admin123 log in to the switch?
y
nl
Figure 2-15: Management scenario 2a—Cisco (cont.)
O
Q: How will admin123 log in to the switch?
Se
_________________________________________________________________________
lU
_________________________________________________________________________
a
_________________________________________________________________________
rn
te
_________________________________________________________________________
In
It could be argued that this authentication method is not secure because it uses one
P
password and not two. However, security can be enhanced by implementing the
H
following password policies:
r
Longer passwords—10 characters minimum (or use of a passphrase)
Fo
Regular password rotation
Timeout between failed logins (to reduce the risks of dictionary attacks)
Authentication to a RADIUS server
There is no specific command to disable the Telnet server. To limit remote access to
the switch to SSH, use these commands:
line vty 0 4
transport input ssh
exit
If a user is defined with the embedded level 15, that user directly accesses the enable
level when entering credentials with SSH. The user does not need to enter a
command to move to the enable level.
Rev. 11.12 2 –21
HP Networking Interoperability
Management scenario 2a—Cisco (cont.)
6
SNMP
SNMP trap and trap receiver
snmp-server source-interface trap loopback 0
snmp-server enable trap
snmp-server host 10.1.1.100 version 2c public
Disable trap on link up/down
Interface range GigabitEthernet1/0/1 - 46
no snmp trap link-status
What is the purpose of this command?
y
nl
Figure 2-16: Management scenario 2a—Cisco (cont.)
O
What is the purpose of the no snmp trap link-status command?
Se
_________________________________________________________________________
lU
_________________________________________________________________________
a
_________________________________________________________________________
rn
te
_________________________________________________________________________
In
Should SNMP v2 or SNMP v3 be used to send the trap? SNMP v2 has been used
P
here, but the trap could also be sent using SNMP v3:
H
Cisco(config) # snmp-server host 10.0.100.21 version 3 auth
r
test
Fo
The setup can also be achieved via IMC itself during device discovery (this is an
option in IMC and PCM+) or after.
IMC is the recommended method because:
The setup will be homogeneous for all devices
Passwords can be changed through IMC on a regular basis
IMC maintains synchronization of changed authentication passwords and
methods in devices and its database
2 –22 Rev. 11.12
Switch Management
Management scenario 2a—Cisco (cont.)
6
SNMP v3
snmp-server engine-id local ABCD123456
Create a SNMPv3 group
snmp-server group admin3group v3 auth
Create a SNMPv3 user
snmp-server user clara3 admin3group v3 auth sha verysecret
priv aes 128 supersecret
SNMP contact and location info
snmp-server location “phone-closet,3rd-floor,bldg A”
snmp-server contact “Charly Shapo, 3033”
y
nl
Figure 2-17: Management scenario 2-a—Cisco (cont.)
O
To set up SNMPv3 on a Cisco switch, you must:
Se
Define its engine ID
Create an SNMPv3 group
lU
Then you can specify:
a
A user for the group
rn
The user’s authentication method and password
te
The user’s encryption method and password
In
Below are the options for the SNMPv3 groups:
P
Cisco(config)#snmp-server group admin3group v3 ?
H
Auth group using the authNoPriv Security Level
r
noauth group using the noAuthNoPriv Security Level
Fo
priv group using SNMPv3 authPriv security level
To set an SNMP trap receiver in v3, use the following command:
Cisco(config)#snmp-server host 10.0.100.21 version 3 auth
usm-user
Rev. 11.12 2 –23
HP Networking Interoperability
Management scenario
g 2b—HP A-Series
1 Encrypting passwords
Use “cipher” keyword every time a password is entered
2 Setting time with NTP, timezone, and summertime
ntp-service unicast-server 10.1.1.101 What does this command do?
clock timezone GMT1 add 01:00:00
clock summer-time western-europe repeating 01:00:00 2010 March
last Sunday 01:00:00 2010 October last Sunday 01:00:00
3 Setting syslog server and information log level
info-center enable
info-center loghost 10.1.1.200
info-center source default channel loghost log level information
info-center source default channel loghost trap level information
info-center source default channel loghost debug state off
y
nl
What commands do you use to access logging on terminal
and to set level of information displayed?
O
Figure 2-18: Management scenario 2-b—HP A-Series
Se
Q1: What does the ntp-service unicast-server command do?
lU
_________________________________________________________________________
a
_________________________________________________________________________
rn
te
_________________________________________________________________________
In
You can define multiple NTP servers, specifying the authentication and version levels.
P
You can also set your preferred NTP server with a priority keyword.
H
ntp-service unicast-server 10.1.1.101 priority
r
ntp-service unicast-server 10.1.1.100
Fo
To set the timezone, enter:
clock timezone GMT1 add 1:00:00
Note that GMT1 is an arbitrary timezone name. The add 01:00:00 option in this
command instructs the device to add one hour to the UTC, which is the default time
on the switch. Time changes are specified using the hh:mm:ss format. If you need to
set the clock to a zone that falls before the UTC, use the minus command:
clock timezone PT minus 08:00:00
Q2: What does the clock summer-time command highlighted in this figure do?
_________________________________________________________________________
_________________________________________________________________________
2 –24 Rev. 11.12
Switch Management
Use the clock summer-time repeating command to set the system to annually adjust
for Daylight Saving Time.
In Western Europe, Daylight Saving Time starts on the last Sunday in March and
ends the last Sunday in October at 1:00 a.m.
One hour is added when summertime starts and deducted when it ends.
clock summer-time GMT1 recurring last Sun Mar 1:00 last Sun Oct
1:00 60
In the USA, Daylight Saving Time begins the second Sunday in March and ends
the first Sunday in November. (Note that the states of Hawaii and Arizona do
not observe Daylight Saving Time.)
clock summer-time GMT1 recurring 2 Sun Mar 1:00 first Sun Nov 1:00
60
y
Q3: What commands can you use to access logging on the terminal?
nl
_________________________________________________________________________
O
_________________________________________________________________________
Se
_________________________________________________________________________
lU
_________________________________________________________________________
a
rn
Note the following helpful commands:
te
<hp> info-center synchronous
In
Use this command as a precaution against your input being interrupted by a large
amount of system output. With this feature enabled, you can continue your
P
operations from the point where you were interrupted.
H
To set the level of information, use the following command:
r
Fo
info-center source default channel console log level
informational
To display the buffer log, use this command:
display logbuffer [ reverse ]
You can then explore all the available options by entering ?.
To enable the transmission of syslog messages to the syslog server, enter the
following commands.
info-center enable
info-center loghost <a.b.c.d>
Replace <a.b.c.d> with the IP address of the syslog server. In the example, 10.1.1.100
is the IP address of the syslog server.
Rev. 11.12 2 –25
HP Networking Interoperability
By default, the log level for syslog is set to information. You can change this setting
using the following commands:
info-center source default channel loghost log level alerts
info-center source default channel loghost debug level
debugging
info-center source default channel loghost trap level alerts
You can select from one of the following levels:
0 = emergencies – System is unusable
1 = alerts – Immediate action required
2 = critical – Critical condition
3 = errors – Error conditions exist
y
4 = warnings – Warning condition
nl
5 = notifications – Normal but significant conditions
O
6 = informational – Informational system messages
Se
7 = debugging – Debugging messages
lU
On an A-Series switch, there are ten information channels, ranging from 0 to 9. Each
channel is assigned to a different output destination, as shown in the table below.
a
Output Destination Information Channel Default Channel Name
rn
console 0 console
te
monitor terminal 1 monitor
log hostl 2 loghost
In
trap buffer 3 trapbuffer
log buffer 4 logbuffer 1-2
P
SNMP module 5 snmpagent
H
log file 9 channel9
r
Fo
You will more about these channels as you learn about the information center on the
next slide.
As you did for the Cisco switches, you can prevent ports from generating link
up/down log information. For example, to disable port GigabitEthernet 3/0/1 from
generating link up/down logging information, enter:
<HP-A> system-view
[HP-A] interface GigabitEthernet 3/0/1
[HP-A-GigabitEthernet3/0/1] undo enable log updown
2 –26 Rev. 11.12
Switch Management
Information center on HP A-Series switches
The
The Source The System
Processes Outputs Information
default console
ospf monitor
log level 0-7
info-center source pim channel loghost
debug
stp logbuffer state on |off
trap
. . . logfile
snmpagent
. . .
Figure 2-19: Information center on HP A-Series switches
y
nl
Introduction to information center
O
Acting as the system information hub, the information center classifies and manages
Se
system information, offering powerful support for network administrators and
developers in monitoring network performance and diagnosing network problems.
lU
The following describes the working process of information center:
Receives the log, trap, and debugging information generated by each module
a
rn
Outputs the information according to user-defined parameters
te
Outputs the information to different destinations based on the information
channel-to-destination associations
In
In sum, the information center assigns the log, trap and debugging information to the
P
10 information channels according to the eight severity levels and then outputs the
H
information to different destinations.
The following describes this process in detail:
r
Fo
Classification of system information
The system information of the information center falls into three types:
Log information
Trap information
Debugging information
Rev. 11.12 2 –27
HP Networking Interoperability
Eight levels of system information
The information is classified into eight levels by severity. The severity levels in the
descending order are emergencies, alerts, critical, errors, warnings, notifications,
informational, and debugging. When the system information is output by level, the
information with severity level higher than or equal to the specified level is output. For
example, in the output rule, if you configure to output information with severity level
being notifications, the information with severity level being emergencies through
notifications is logged.
Severity values
Severity Severity Value Description
Emergencies 0 The system is unavailable
Alerts 1 Immediate action required
Critical 2 Critical information
y
Errors 3 Error warning
nl
Warnings 4 Warnings
O
Notifications 5 Information that the system administrator
should be aware of
Se
Informational 6 Information to be recorded
Debugging 7 Debugging information
lU
Seven output destinations and ten channels of system information
a
A-Series switches support seven information output destinations, including the
rn
console, monitor terminal (monitor), log buffer, log host, trap buffer, SNMP module
te
and log file.
In
These switches also support ten channels. The seven channels 0 through 5, and
channel 9 are configured with channel names, output rules, and are associated with
P
output destinations by default. The channel names, output rules and the associations
H
between the channels and output destinations can be changed through commands.
You can configure channels 6, 7, and 8 without changing the default configuration of
r
Fo
the seven channels.
2 –28 Rev. 11.12
Switch Management
Ten channels of system information
Channel Default Default Output Description
Number Channel Name Destination
0 console console Receives log, trap and debugging
information
1 monitor monitor Receives log, trap and debugging
information, facilitating remote
maintenance.
2 loghost log server Receives log, trap and debugging
information and information will be
stored in files for future retrieval
3 trapbuffer trap buffer Receives trap information, a buffer inside
the router for recording information.
4 logbuffer log buffer Receives log and debugging information,
a buffer inside the router for recording
y
information.
nl
5 snmpagant SNMP mod. Receives trap information.
6 channel6 non spec. Receives log, trap, and debugging
O
information.
7 channel7 non spec. Receives log, trap, and debugging
Se
information.
8 channel8 non spec. Receives log, trap, and debugging
lU
information.
9 channel9 non spec. Receives log, trap, and debugging
information.
a
rn
Default output rules of system information
te
All log information is allowed to be output to the log file.
In
Log information with severity level equal to or higher than informational is
P
allowed to be output to the log host.
H
Log information with severity level equal to or higher than warnings is allowed to
r
be output to the console, monitor terminal, and log buffer.
Fo
Log information is not allowed to be output to the trap buffer and the SNMP
module.
All trap information is allowed to be output to the console, monitor terminal, log host
and log file.
Trap information with severity level equal to or higher than warnings is allowed
to be output to the trap buffer and SNMP module.
Trap information is not allowed to be output to the log buffer.
Rev. 11.12 2 –29
HP Networking Interoperability
All debugging information is allowed to be output to the console and monitor
terminal.
Debugging information is not allowed to be output to the log host, log file, log
buffer, trap buffer and the SNMP module.
The default output rules define the source modules allowed to output information on
each output destination, the output information type, and the output information level.
info-center source
To access the information center, use the following command:
info-center source [{ module-name | default } channel {
channel-number | channel-name } [ debug{ level severity |
state state } * | log { level severity | state state } * |
trap { level severity | state state }]*
y
Parameters:
nl
O
module-name
Specifies the output rules of the system information of the specified modules. For
Se
instance, if information on the ARP module is to be output, you can configure
this argument as ARP. You can use the info-center source ? command to view
lU
the modules supported by the device.
default
a
This specifies the output rules of the system information of all the modules
rn
allowed to output the system information, including all modules displayed using
te
the info-center source ? command.
In
debug
Displays debugging information.
P
log
H
Displays log information.
r
trap
Fo
Displays trap information.
level severity
Specifies the severity of system information to be allowed/denied output.
2 –30 Rev. 11.12
Switch Management
You can use the display info-center command to view the operational status of
information center, the configuration of information channels, and the format of the
time stamp.
[S5800(4)]display info-center
Information Center:enabled
Log host:
10.1.1.100, port number : 514, host facility : local0,
channel number : 2, channel name : loghost
Console:
channel number : 0, channel name : console
Monitor:
channel number : 1, channel name : monitor
y
nl
SNMP Agent:
channel number : 5, channel name : snmpagent
O
Log buffer:
Se
enabled,max buffer size 1024, current buffer size 512,
current messages 512, dropped messages 0, overwritten messages
lU
60
channel number : 4, channel name : logbuffer
a
Trap buffer:
rn
enabled,max buffer size 1024, current buffer size 256,
te
current messages 61, dropped messages 0, overwritten messages 0
In
channel number : 3, channel name : trapbuffer
logfile:
P
channel number:9, channel name:channel9
H
syslog:
r
channel number:6, channel name:channel6
Fo
Information timestamp setting:
log - date, trap - date, debug - date,
loghost – date
Rev. 11.12 2 –31
HP Networking Interoperability
Management scenario
g 2b—HP A-Series (cont.)
4 Generate key pair and enable SSH server
public-key local create rsa
ssh server enable Any drawback to disabling Telnet?
Undo telnet server enable
5 Set authentication mode to AAA – Default auth. : local user
user-interface vty 0 4
authentication-mode scheme Is this command required?
protocol inbound ssh
user privilege level 3
What would you recommend?
quit
Define local user and privilege level, associated services
local-user admin123
password cipher verysecret
service-type ssh
y
authorization-attribute level 3
nl
quit
O
What user characteristic is supported on these switches but not on Cisco?
Se
Figure 2-20: Management scenario 2-b—HP A-Series (cont.)
Q1: Is there any drawback to disabling Telnet?
lU
_________________________________________________________________________
a
rn
_________________________________________________________________________
te
_________________________________________________________________________
In
_________________________________________________________________________
P
H
_________________________________________________________________________
r
Fo
To start the SSH V2 client, enter:
<hp> ssh2 10.214.50.51
Q2: Is the user privilege level 3 command required? Explain your answer.
_________________________________________________________________________
_________________________________________________________________________
_________________________________________________________________________
_________________________________________________________________________
_________________________________________________________________________
2 –32 Rev. 11.12
Switch Management
Q3: What would you recommend instead of the user privilege level 3 command?
_________________________________________________________________________
_________________________________________________________________________
_________________________________________________________________________
_________________________________________________________________________
_________________________________________________________________________
Command levels on A-Series switches are divided into four levels, visitor, monitor,
system, and manager, corresponding to the numbers 0-3, respectively. The system
y
administrator can change the command level of a user if necessary. The default
nl
command level for the console user interface is 3, and 0 for the other user interfaces.
O
Q4: What user characteristic is supported on HP A-Series switches but is not
available on Cisco?
Se
_________________________________________________________________________
lU
_________________________________________________________________________
a
rn
_________________________________________________________________________
te
_________________________________________________________________________
In
_________________________________________________________________________
P
H
Q5: What is the meaning of “cipher” in “password cipher verysecret”?
r
Fo
_________________________________________________________________________
_________________________________________________________________________
_________________________________________________________________________
_________________________________________________________________________
_________________________________________________________________________
_________________________________________________________________________
Rev. 11.12 2 –33
HP Networking Interoperability
Management scenario 2b—HP A-Series (cont.)
6
SNMP
SNMP trap and trap receiver
snmp-agent trap source loopback 0
snmp-agent trap enable
snmp-agent target-host trap address udp-domain 10.1.1.100
udp-port 5000 params securityname public v3
Disable trap for link up/down
Interface gigabitethernet 1/0/10
Undo enable snmp trap updown
Disable SNMP trap on link up/down globally
Undo snmp-agent trap enable standard linkup-linkdown
y
Extend the standard linkup/linkdown traps defined in RFC
nl
snmp-agent trap if-mib link extended
O
Figure 2-21: Management scenario 2-b—HP A-Series (cont.)
Se
To enable an interface to send linkup/linkdown traps when its state changes, you
need to enable the trap function both on the interface and globally.
lU
Use these commands to enable or disable the trap function on an interface:
a
interface gigabitethernet 1/0/10
rn
enable snmp trap updown
te
undo enable snmp trap updown
In
Use this command to enable this function globally:
snmp-agent trap enable[ standard [ linkdown | linkup ] * ]
P
To extend the standard linkup/linkdown traps defined in RFC:
H
snmp-agent trap if-mib link extended
r
Fo
An extended linkup/linkdown trap is the standard linkup/linkdown trap appended
with interface description and interface type information. IMC supports the extended
messages (if you are using a different network management system [NMS], disable
this function to let the device send standard linkup/linkdown traps.)
2 –34 Rev. 11.12
Switch Management
Management scenario 2b—HP A-Series (cont.)
6
Enable SNMP v3 (continue)
snmp-agent
snmp-agent sys-info version v3
Create a SNMPv3 group
snmp-agent group v3 admin3group
Create a SNMPv3 user
snmp-agent usm-user v3 clara3 admin3group authentication-mode sha
authkey privacy-mode aes128 prikey
SNMP contact and location information
snmp-agent sys-info contact Mr. Smith :+1 510 234 4849
snmp-agent sys-info location phone-closet,3rd-floor,bldg A
y
Figure 2-22: Management scenario 2b—HP A-Series (cont.)
nl
To configure the agent in SNMP v3, complete the following steps:
O
1. Configure an SNMP group.
Se
2. Configure a user associated with that group, authentication mode and
password, and the encryption mode and password.
lU
The configuration is very similar to that on a Cisco switch.
a
snmp-agent group v3 group-name [ authentication | privacy ] [
rn
read-view read-view ] [ write-view write-view ] [ notify-view
notify-view ] [ acl acl-number ]
te
snmp-agent usm-user v3 user-name group-name [ [ cipher ]
In
authentication-mode { md5 | sha } auth-password [ privacy-
mode { 3des | aes128 | des56 } priv-password ] ] [ acl acl-
P
number ]
H
Alternatively you can set a group with restricted MIB right access:
r
For example, the user can read and write the objects under the interface node with
Fo
the OID of 1.3.6.1.2.1.2, and cannot access other MIB objects.
Set the user name to managev3user, authentication protocol to md5, authentication
key to authkey, the privacy protocol to DES56, and the privacy password to prikey.
<Sysname> system-view
[Sysname] undo snmp-agent mib-view ViewDefault
[Sysname] snmp-agent mib-view included test interfaces
[Sysname] snmp-agent group v3 managev3group read-view test
write-view test
[Sysname] snmp-agent usm-user v3 managev3user managev3group
authentication-mode md5 authkey privacy-mode des56 prikey
Rev. 11.12 2 –35
HP Networking Interoperability
Configuring SNMP NMS
SNMPv3 uses an authentication and privacy security model. On the NMS, the user
needs to specify the username and security level, and based on that level, configure
the authentication mode, authentication password, privacy mode, and privacy
password. In addition, the timeout time and number of retries should also be
configured. The user can inquire and configure the device through the NMS.
y
nl
O
Se
a lU
rn
te
In
P
r H
Fo
2 –36 Rev. 11.12
Switch Management
Management scenario 2c—HP E-Series
1 Encrypting passwords
conf t
include-credentials
2 Setting time with SNTP, timezone, and summertime
timesync sntp
sntp unicast
sntp server 10.1.1.100
time timezone 60 daylight-savings western-europe
3 Setting the syslog server and log level
logging server 10.1.1.100
logging severity informational
y
What command displays logging on the terminal? Logging buffer?
nl
Figure 2-23: Management scenario 2c—HP E-Series
O
This slide shows a similar configuration on HP E-Series switches.
Se
The include-credentials command enables various security settings to be included
and viewed in the running-configuration instead of flash only. These settings include:
lU
Local manager/operator usernames and passwords for switch access
a
802.1X port-access username and password for switch access
rn
SSH client public keys for switch access
te
RADIUS and TACACS+ shared secrets
In
When you enter the include-credentials keywords, the following cautions and
P
prompts are displayed:
H
**** CAUTION ****
You have invoked the command 'include-credentials' for the first time. This
r
action will make irreversible changes to the password and ssh public-key
Fo
storage.
It will affect *all* stored configurations, which might need to be updated.
Those credentials will no longer be readable by older software revisions.
It also may break some of your existing user scripts. Continue?[y/n] y
**** CAUTION ****
This will insert possibly sensitive information in switch configuration files,
and as a part of some CLI commands output. It is strongly recommended that you
use sftp rather than tftp for transfer of the configuration over the network,
and that you use the web configuration interface only with SSL enabled.
Proceed?[y/n]y
Rev. 11.12 2 –37
HP Networking Interoperability
Define the time protocol to be SNTP instead of the default, Timep.
timesync sntp
Than configure SNTP to operate in unicast mode (with server):
sntp unicast
Define the SNTP server:
sntp server 10.1.1.100
Configure the timezone:
time timezone 60
Configure the summertime settings for Western Europe:
time daylight-savings western-europe
Configure the summertime settings for the USA:
y
nl
time timezone -480 daylight-time-rule continental-us-and-canada
O
For your reference, the complete syntax for this command is listed below.
time timezone < -720 - 840 > time daylight-time-rule < none |
Se
alaska | continental-us-and-canada | middle-europe-and-portugal |
southern-hemisphere | western-europe | user-defined>
lU
Q1: What command displays logging on the terminal?
_________________________________________________________________________
a
rn
_________________________________________________________________________
te
_________________________________________________________________________
In
_________________________________________________________________________
P
H
You can also send debug messages to a syslog server by entering:
r
Fo
Switch# debug destination logging
By default, an E-Series switch sends debug messages to the logging buffer. If this
default setting has been changed, enter:
Switch# debug destination buffer
Q2: What command displays the logging buffer?
_________________________________________________________________________
_________________________________________________________________________
_________________________________________________________________________
_________________________________________________________________________
2 –38 Rev. 11.12
Switch Management
Management scenario 2c—HP E-Series (cont.)
4
Generate key pair and enable SSH server (default)
crypto key generate ssh rsa
ip ssh (default)
no telnet
5 Set local users (only manager and operator level)
password manager user-name admin123 plaintext verysecret
Figure 2-24: Management scenario 2-c—HP E-Series (cont.)
SSH v2 is enabled by default on HP E-Series switches, but you must generate a key
pair.
y
You can define two password levels on E-Series switches:
nl
operator level (read/monitor/user level)
O
hp (config)# password operator plaintext / sha-1
topsecret
manager level (write/privileged/admin level)
Se
lU
hp (config)# password manager plaintext / sha-1
verysecret
a
The password you enter determines the management level of your session.
rn
te
In
P
r H
Fo
Rev. 11.12 2 –39
HP Networking Interoperability
Management scenario 2c—HP E-Series (cont.)
6 SNMP trap and trap receiver
snmp-server host 10.1.100 public all
snmp-server trap-source vlan 1
Disable trap on link up/down on ports 1 to 46
no snmp-server enable traps link-change 1-46
Disable SNMP trap on all links up/down globally
no snmp-server enable traps link-change all
y
On what port do you want to disable snmp trap link up/down?
nl
O
Figure 2-25: Management scenario 2c—HP E-Series (cont.)
Se
Q: On what port do you want to disable SNMP trap link up/down?
_________________________________________________________________________
lU
_________________________________________________________________________
a
rn
_________________________________________________________________________
te
In
You may choose to disable link traps on all access-layer switch ports, if leaving the
trap active on uplink ports generates too many events, and enable link traps only on
P
distribution or core switches.
r H
Fo
2 –40 Rev. 11.12
Switch Management
Management scenario 2c—HP E-Series (cont.)
6 Remove SNMP V2 community RW public that is default
no snmp-server community public
Enable SNMP V3 – restrict V2 access to read-only
snmpv3 enable
snmpv3 restricted-access
Create a SNMPV3 User and associate with predefined group managerpriv
snmpv3 user clara3 auth sha secret priv aes supersecret
snmpv3 group managerpriv user clara3 sec-model ver3
SNMP contact and location info
snmp-server contact “Lucas Kett :3306”
snmp-server location “telephone-closet,3rd-floor”
y
nl
Figure 2-26: Management scenario 2c—HP E-Series (cont.)
O
The SNMP v3 predefined group managerpriv allows full read-write access and
requires the user profile to be set with authentication and encryption.
Se
There are seven other predefined groups, as shown in the table below. Only the Ver3
lU
groups are intended for SNMPv3 users.
Group Names Group Access Type Group Read Group Write
a
View View
rn
Managerpriv Ver3 Must have ManagerReadView ManagerWriteView
te
Authentication and Privacy
managerauth Ver3 Must have ManagerReadView ManagerWriteView
In
Authentication
Operatorauth Ver3 Must have OperatorReadView DiscoveryView
P
Authentication
H
operatornoauth Ver3 No Authentication OperatorReadView DiscoveryView
commanagerrw Ver2c or Ver1 ManagerReadView ManagerWriteView
r
commanagerr Ver2c or Ver1 ManagerReadView DiscoveryView
Fo
comoperatorrw Ver2c or Ver1 OperatorReadView OperatorReadView
comoperatorr Ver2c or Ver1 OperatorReadView DiscoveryView
To display the SNMP v3 groups, enter:
Switch# show snmpv3 group
Rev. 11.12 2 –41
HP Networking Interoperability
LLDP and CDP
In this section of the module, you will learn about LLDP and CDP.
Which protocol is the industry standard? Are both protocols supported on HP A-
Series, HP E-Series, and Cisco switches?
Notes
_________________________________________________________________________
_________________________________________________________________________
_________________________________________________________________________
y
_________________________________________________________________________
nl
O
_________________________________________________________________________
Se
_________________________________________________________________________
lU
_________________________________________________________________________
a
_________________________________________________________________________
rn
_________________________________________________________________________
te
In
_________________________________________________________________________
P
_________________________________________________________________________
H
_________________________________________________________________________
r
Fo
_________________________________________________________________________
_________________________________________________________________________
_________________________________________________________________________
_________________________________________________________________________
_________________________________________________________________________
_________________________________________________________________________
2 –42 Rev. 11.12
Switch Management
IEEE 802.1AB LLDP and CDP
LLDP
Default
Enabled
LLDP MIB
HP E-Series
LLDP by default Cisco Cisco
CDP
CDP RX only CDP by default HP E-Series LLDP enabled
CDP
LLDP LLDP
LLDP LLDP LLDP
CDP
HP A-Series
HP A-Series
y
LLDP enabled
LLDP not enabled
CDP Enabled
nl
CDP not enabled
X : not interpreted
O
Figure 2-27: IEEE 802.1AB LLDP and CDP
Se
LLDP has become the industry standard and is implemented by all vendors. However,
you may encounter older equipment that uses CDP. The CDP and LLDP support on
lU
each platform is described below.
a
HP E-Series
rn
By default, CDP is enabled on all ports in receive mode only.
te
Transmission of CDP packets is no longer supported.
In
By default, LLDP is enabled on all ports.
P
A Cisco switch is visible in the LLDP and CDP MIBs because entries are cross
H
populated.
r
HP A-Series
Fo
Neither LLDP or CDP is enabled by default.
When enabled, LLDP is enabled on all ports.
CDP can be enabled, as follows:
System-view
lldp compliance cdp
Int gig 1/0/1
lldp compliance admin-status cdp txrx
The CDP feature is meant to be used with Cisco IP phones that support CDP v2 as
provisioning mechanism. When used with a switch neighbor, this feature does not
send CDP frames. With an IP Phone it works in Tx/Rx.
Rev. 11.12 2 –43
HP Networking Interoperability
Cisco
By default, CDP is enabled on all ports.
Support for LLDP has been introduced on Cisco Catalyst switches series 2950,
3760, 3750 switches running 12.2(37)SE without SNMP support and on Cisco
Catalyst 6500 running 12.2(33)SXH.
y
nl
O
Se
a lU
rn
te
In
P
r H
Fo
2 –44 Rev. 11.12
Switch Management
Useful show and display commands
Description Cisco HP A-Series HP E-Series
CDP neighbor
show cdp neighbor / show cdp neighbor
information
Enabled by default
Enabling LLDP lldp run lldp enable
lldp run
display lldp
LLDP neighbor show lldp info
show lldp neighbor neighbor-
information remote
information list
Detailed LLDP display lldp
and LLDP-MED show lldp neighbor show lldp info
neighbor-
neighbor detail remote all
information information
Detailed LLDP display lldp
and LLDP-MED show lldp neighbor neighbor- show lldp info
port specific
neighbor
<port-id> detail information remote <port-id>
y
information interface <port-id>
nl
Figure 2-28: Useful show and display commands
O
Refer to these commands as you set up or troubleshoot LLDP or CDP.
Notes
Se
lU
_________________________________________________________________________
a
_________________________________________________________________________
rn
te
_________________________________________________________________________
In
_________________________________________________________________________
P
_________________________________________________________________________
r H
_________________________________________________________________________
Fo
_________________________________________________________________________
_________________________________________________________________________
_________________________________________________________________________
_________________________________________________________________________
_________________________________________________________________________
_________________________________________________________________________
Rev. 11.12 2 –45
HP Networking Interoperability
Lab 2.1: Management
IP addressing:
10.POD.VLAN.X/24
Cisco-A Cisco-B
P3 P3 X=1 on Cisco-A
P1 P1 P2 X=2 on Cisco-B
P2
VLAN 1 X=3 on HP-C
X=4 on HP-D
P1 P1 P1 P1
HP-C HP-E HP-C HP-E X=5 on HP-E
X=6 on HP-F
X=100 on Server_1
y
Server_1 Client_1 X=101 on Client_1
nl
IMC XP
O
Px=Gigabit Port,
Px= 10 Gigabit port
Se
Figure 2-29: Lab 2.1: Management
lU
This figure shows the configuration for this lab. Your facilitator will assign you a pod
number. Record that number here.__________________________________________
a
rn
te
In
P
r H
Fo
2 –46 Rev. 11.12
Switch Management
Lab debrief
What useful display and show commands did you learn?
____________________________________________________________________
____________________________________________________________________
____________________________________________________________________
____________________________________________________________________
____________________________________________________________________
y
nl
O
What are you key insights? Did you learn anything new?
____________________________________________________________________
Se
lU
____________________________________________________________________
a
____________________________________________________________________
rn
te
____________________________________________________________________
In
____________________________________________________________________
P
H
What were your greatest challenges?
r
___________________________________________________________________
Fo
___________________________________________________________________
___________________________________________________________________
___________________________________________________________________
___________________________________________________________________
Rev. 11.12 2 –47
HP Networking Interoperability
What did you learn that you can apply in a real-world environment?
___________________________________________________________________
___________________________________________________________________
___________________________________________________________________
___________________________________________________________________
___________________________________________________________________
y
___________________________________________________________________
nl
O
___________________________________________________________________
Se
a lU
rn
te
In
P
r H
Fo
2 –48 Rev. 11.12
Switch Management
Module 2 summary
In this module, you have learned how to:
Configure HP A-Series, HP E-Series, and Cisco switches so that they can be
automatically discovered by IMC
Define parameters to secure access and management of these switches
Enable LLDP to permit mutual link layer discovery
Record your key insights below.
_________________________________________________________________________
_________________________________________________________________________
y
nl
_________________________________________________________________________
O
_________________________________________________________________________
Se
_________________________________________________________________________
lU
_________________________________________________________________________
a
rn
_________________________________________________________________________
te
_________________________________________________________________________
In
_________________________________________________________________________
P
H
_________________________________________________________________________
r
Fo
_________________________________________________________________________
_________________________________________________________________________
_________________________________________________________________________
_________________________________________________________________________
_________________________________________________________________________
_________________________________________________________________________
Rev. 11.12 2 –49
HP Networking Interoperability
Learning check
Q1: Describe an HP A-Series switch’s support for LLDP and CDP.
_________________________________________________________________________
_________________________________________________________________________
_________________________________________________________________________
_________________________________________________________________________
_________________________________________________________________________
y
_________________________________________________________________________
nl
O
Q2: Which parameters does a switch require in order for IMC to discover it?
Se
_________________________________________________________________________
_________________________________________________________________________
lU
_________________________________________________________________________
a
rn
_________________________________________________________________________
te
In
_________________________________________________________________________
P
_________________________________________________________________________
H
Q3: You want to force management users for your Cisco and HP A-Series switches to
r
Fo
log in to the CLI using SSH. What steps must you complete on each type of switch?
_________________________________________________________________________
_________________________________________________________________________
_________________________________________________________________________
_________________________________________________________________________
_________________________________________________________________________
_________________________________________________________________________
2 –50 Rev. 11.12
VLANs
Module 3
Module 3 objectives
After completing this module, you will be able to:
Configure and verify VLANs on a multivendor network
Configure HP A-Series and E-Series switches for VLAN interoperability with Cisco
switches
Notes
y
_________________________________________________________________________
nl
O
_________________________________________________________________________
Se
_________________________________________________________________________
lU
_________________________________________________________________________
a
rn
_________________________________________________________________________
te
In
_________________________________________________________________________
P
_________________________________________________________________________
r H
_________________________________________________________________________
Fo
_________________________________________________________________________
_________________________________________________________________________
_________________________________________________________________________
_________________________________________________________________________
Rev. 11.12 3 –1
HP Networking Interoperability
Configuring and managing VLANs
In this section of the module, you will review how to create a VLAN on HP A-Series,
E-Series, and Cisco switches. You may want to take a minute and list any differences
you know about the VLAN configuration on each platform.
Notes
_________________________________________________________________________
_________________________________________________________________________
_________________________________________________________________________
y
nl
_________________________________________________________________________
O
_________________________________________________________________________
Se
_________________________________________________________________________
a lU
_________________________________________________________________________
rn
te
_________________________________________________________________________
In
_________________________________________________________________________
P
H
_________________________________________________________________________
r
Fo
_________________________________________________________________________
_________________________________________________________________________
_________________________________________________________________________
_________________________________________________________________________
_________________________________________________________________________
_________________________________________________________________________
3 –2 Rev. 11.12
VLANs
Terminology
Switch Port
Cisco HP A-Series HP E-Series
Role
End nodes:
PCs, printers, and Access port Access port Untagged port
so on
Access port with Hybrid port Untagged in data
PC + IP Phone auxiliary VLAN VLAN; tagged in
(voice) or trunk port voice VLAN
Switch-to-switch
with multiple Trunk port Trunk port Tagged port
VLANs
Port channel Bridge aggregation
Link aggregation Trunk port
interface interface
y
nl
Figure 3-1: Terminology
O
On HP A-Series switches, access ports and trunk ports have similar definitions as they
Se
do on Cisco switches. However, by default, trunk ports on HP A-Series switches do
not carry any VLANs; they must be permitted.
lU
A hybrid port is a concept specific to HP A-Series switches: like trunk ports, a hybrid
port may be assigned to multiple VLANs. The VLANs can be tagged and untagged.
a
On access ports, however, multiple VLANs can be untagged.
rn
Access, trunk, and hybrid ports on HP A-Series switches
te
Note that the default VLAN on HP A-Series switches is equivalent to the native VLAN
In
on Cisco switches.
P
Access port
H
The following describes how traffic is handled when received and transmitted from
access ports on HP A-Series switches.
r
Fo
Actions in the inbound direction
If a frame is untagged, tag it with the default VLAN tag.
If a frame is tagged:
Receive it if its VLAN ID is the same as the VLAN ID.
Drop it if its VLAN ID is different from the VLAN ID.
Actions in the outbound direction
Remove the default VLAN tag and send the frame.
Rev. 11.12 3 –3
HP Networking Interoperability
Trunk port
The following describes how traffic is handled when received and transmitted from
trunk ports on HP A-Series switches.
Actions in the inbound direction
If the frame is untagged, check whether the default VLAN is permitted on
the port.
If the fame is permitted, tag the frame with the default VLAN tag.
If the frame is not permitted, drop the frame.
If frame is tagged:
Receive the frame if its VLAN is permitted on the port.
y
Drop the frame if its VLAN is not permitted on the port.
nl
Actions in the outbound direction
O
Remove the tag and send the frame if it carries the default VLAN tag and
the port is assigned to the default VLAN.
Se
Send the frame without removing the tag if its VLAN is carried on the port
lU
but is different from the default one.
Hybrid port
a
rn
The following describes how traffic is handled when received and transmitted from
trunk ports on HP A-Series switches.
te
Actions in the inbound direction
In
If the frame is untagged, check whether the default VLAN is permitted on
P
the port.
H
If it is permitted, tag the frame with the default VLAN tag.
r
If it is not permitted, drop the frame.
Fo
If the frame is tagged:
Receive the frame if its VLAN is permitted on the port.
Drop the frame if its VLAN is not permitted on the port.
Actions in the outbound direction
Send the frame if its VLAN is carried on the port. The frame is sent with the
VLAN tag removed or intact depending on your configuration with the port
hybrid VLAN command. This is true of the default VLAN.
3 –4 Rev. 11.12
VLANs
VLAN configuration scenario
2
Trunk ports 47, 48
Native VLAN 99
Allowed VLANs 100, 200-203
1
VLAN creation:
Management 99 4
IP address 10.1.99.10/24 Voice port
Voice 100 Ports 25 - 46
Data 200-203
IP phone PC
PC
PC
3 Access port
Ports 1 – 24
y
Assigned to
nl
VLAN 200
O
Figure 3-2: VLAN configuration scenario
Se
This is a simple scenario to show an identical VLAN configuration on HP A-Series, E-
Series, and Cisco switches. The scenario demonstrates:
lU
Creating multiple VLANs, including a management VLAN for infrastructure
device management address, a voice VLAN for VoIP traffic, and data VLANs for
a
user traffic
rn
Configuring support for multiple VLANs on switch-to-switch links (trunks or
te
tagged ports)
In
Assigning edge ports to a VLAN
Configuring voice ports that support VoIP devices and a workstation behind
P
them
H
Setting up DHCP so that devices in multiple VLAN can receive dynamic
r
addresses from the DHCP server
Fo
Rev. 11.12 3 –5
HP Networking Interoperability
VLAN configuration on Cisco: VLAN creation and
trunk ports
VLAN creation
Cisco(config)# vlan 99
Cisco(vlan-99)# vlan 100
Cisco(vlan-100)# vlan 200
Cisco(vlan-200)# vlan 201
Cisco(vlan-201)# vlan 202
Cisco(vlan-202)# vlan 203
Trunk ports
Cisco(config)# interface range gigabit 0/47 - 48
Cisco(config-if-range)# switchport encapsulation dot1q
Cisco(config-if-range)# switchport mode trunk
Cisco(config-if-range)# switchport trunk native vlan 99
y
Cisco(config-if-range)# switchport trunk allowed vlan 1,100,200-203
nl
O
Figure 3-3: VLAN configuration on Cisco: VLAN creation and trunk ports
Se
To configure a trunk port on Cisco switches, you must specify dot1q encapsulation.
The native VLAN is 1 by default, and all VLANs are permitted by default.
a lU
rn
te
In
P
r H
Fo
3 –6 Rev. 11.12
VLANs
VLAN configuration on Cisco: Access and voice
ports
Access ports
Cisco(config)# interface range gigabit 0/1 - 24
Cisco(config-if-range)# switchport mode access
Cisco(config-if-range)# switchport access vlan 200
Voice ports
Cisco(config)# interface range gigabit 0/25 - 46
Cisco(config-if-range)# switchport mode access
Cisco(config-if-range)# switchport access vlan 200
Cisco(config-if-range)# switchport voice vlan 100
Figure 3-4: VLAN configuration on Cisco: Access and voice ports
y
nl
The slide indicates how you configure a port as an access port in a VLAN. On ports
that connect to voice devices, you must configure the voice VLAN. You also configure
O
the access VLAN. The switch distinguishes the traffic from the phone, which it assigns
Se
to the voice VLAN, from the traffic from a workstation, which it assigns to the access
VLAN.
lU
Q1: How do you list VLANs?
a
_________________________________________________________________________
rn
te
Q2: How do you list trunk ports?
In
_________________________________________________________________________
P
H
_________________________________________________________________________
r
Fo
Q3: How do you list access ports?
_________________________________________________________________________
Examples of these commands are provided on the following page.
Rev. 11.12 3 –7
HP Networking Interoperability
Cisco# sh interface status
Port Name Status Vlan Duplex Speed Type
Gi0/1 connected trunk a-full a-1000 10/100/1000BaseTX
Gi0/2 connected trunk a-full a-1000 10/100/1000BaseTX
Gi0/3 connected trunk a-full a-1000 10/100/1000BaseTX
Gi0/4 connected 100 a-full a-1000 10/100/1000BaseTX
Gi0/5 notconnect 1 auto auto 10/100/1000BaseTX
Cisco#sh int trunk
Port Mode Encapsulation Status Native vlan
Gi0/1 on 802.1q trunking 1
Gi0/2 on 802.1q trunking 1
y
nl
Gi0/3 on 802.1q trunking 1
O
Port Vlans allowed on trunk
Gi0/1 1-4094
Se
Gi0/2 1-4094
Gi0/3 1-4094
lU
Port Vlans allowed and active in management domain
a
Gi0/1 1,10,20,30,40,100,200
rn
Gi0/2 1,10,20,30,40,100,200
te
Gi0/3 1,10,20,30,40,100,200
Port Vlans in spanning tree forwarding state and not pruned
In
Gi0/1 1,10,20,30,40,100,200
P
Gi0/2 1,10,20,30,40,100,200
H
Gi0/3 1,10,20,30,40,100,200
r
Fo
Cisco#sh int switchport
Name: Gi0/1
Switchport: Enabled
Administrative Mode: trunk
Operational Mode: trunk (suspended member of bundle Po1)
Administrative Trunking Encapsulation: dot1q
Operational Trunking Encapsulation: dot1q
Negotiation of Trunking: On
Access Mode VLAN: 1 (default)
Trunking Native Mode VLAN: 1 (default)
Administrative Native VLAN tagging: enabled
Voice VLAN: none
3 –8 Rev. 11.12
VLANs
Administrative private-vlan host-association: none
Administrative private-vlan mapping: none
Administrative private-vlan trunk native VLAN: none
Administrative private-vlan trunk Native VLAN tagging: enabled
Administrative private-vlan trunk encapsulation: dot1q
Administrative private-vlan trunk normal VLANs: none
Administrative private-vlan trunk associations: none
Administrative private-vlan trunk mappings: none
Operational private-vlan: none
Trunking VLANs Enabled: ALL
Pruning VLANs Enabled: 2-1001
Capture Mode Disabled
y
nl
Capture VLANs Allowed: ALL
O
Protected: false
Unknown unicast blocked: disabled
Se
Unknown multicast blocked: disabled
Appliance trust: none
a lU
rn
te
In
P
r H
Fo
Rev. 11.12 3 –9
HP Networking Interoperability
VLAN routing on Cisco
Management VLAN
Cisco(config)# int vlan 99
Cisco(config-if)# ip address 10.1.99.10 255.255.255.0
If not a routing switch:
Cisco(config)# ip default-gateway 10.1.99.1
If a routing switch:
Cisco(config)# ip routing
Cisco(config)# int vlan 100
Cisco(config-if)# ip address 10.1.100.10 255.255.255.0
Cisco(config)# int vlan 200
Cisco(config-if)# ip address 10.1.200.10 255.255.255.0
Cisco(config)# int vlan 201
Cisco(config-if)# ip address 10.1.201.10 255.255.255.0
Cisco(config)# int vlan 202
y
Cisco(config-if)# ip address 10.1.202.10 255.255.255.0
nl
Cisco(config)# int vlan 203
Cisco(config-if)# ip address 10.1.203.10 255.255.255.0
O
Figure 3-5: VLAN routing on Cisco
Se
This slide shows an example routing configuration on a Cisco switch.
lU
To list IP interfaces and IP routes, use the following commands:
Cisco#sh ip int brief
a
rn
Interface IP-Address OK? Method Status Protocol
Vlan1 10.1.1.3 YES NVRAM up up
te
Vlan100 10.1.100.3 YES NVRAM up up
In
Vlan200 10.1.200.3 YES NVRAM up up
P
GigabitEthernet0/1 unassigned YES unset up up
H
Cisco# show ip route
r
Fo
Codes: C - connected, S - static, R - RIP, M - mobile, B - BGP
D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area
...
Gateway of last resort is not set
10.0.0.0/24 is subnetted, 4 subnets
C 10.1.11.0 is directly connected, Vlan11
C 10.1.13.0 is directly connected, Vlan13
C 10.1.12.0 is directly connected, Vlan12
C 10.1.1.0 is directly connected, Vlan1
3 –10 Rev. 11.12
VLANs
DHCP relay on Cisco
IP addresses on interfaces vlan omitted
DHCP relay
Cisco(config)# int vlan 100
Cisco(config-if)# ip helper-address 10.1.1.100
Cisco(config-if)# ip helper-address 10.1.1.101
Cisco(config)# int vlan 200
Cisco(config-if)# ip helper-address 10.1.1.100
Cisco(config-if)# ip helper-address 10.1.1.101
Figure 3-6: DHCP relay on Cisco
In most environments, you need to set up DHCP relay on IP interfaces to allow clients
in that VLAN to receive DHCP addresses from servers in another VLAN. The slide
y
nl
displays the correct commands.
O
To verify the DHCP relay setup, enter this command:
Cisco-A# show ip interface vlan <ID>
Se
The output for VLAN 100 in this example is:
lU
Vlan100 is up, line protocol is up
Internet address is 10.2.3.1/24
a
Broadcast address is 255.255.255.255
rn
Address determined by setup command
te
MTU is 1500 bytes
In
Helper addresses are 10.1.1.101
10.1.1.100
P
Directed broadcast forwarding is disabled
r H
Fo
Rev. 11.12 3 –11
HP Networking Interoperability
VLAN configuration on HP A-Series: VLAN creation
and trunk ports
VLAN creation
[HP]# vlan 99 to 100
[HP]# vlan 200 to 203
Trunk ports
[HP]interface gigabit 1/0/47
[HP-gigabitethernet1/0/47]port link-type trunk
[HP-gigabitethernet1/0/47]port trunk pvid vlan 99
[HP-gigabitethernet1/0/47]undo port trunk permit vlan 1
[HP-gigabitethernet1/0/47]port trunk permit vlan 99 to 100 200 to 203
Figure 3-7: VLAN configuration on HP A-Series: VLAN creation and trunk ports
y
nl
This slide shows how to create VLANs on HP A-Series switches.
O
When you create a trunk port on an HP A-Series switch, VLAN 1 is the only VLAN
enabled by default. All other VLANs have to be permitted as shown in the slide.
Se
a lU
rn
te
In
P
r H
Fo
3 –12 Rev. 11.12
VLANs
VLAN configuration on HP A-Series: Access and
voice ports
Access ports
[HP]port-group manual client1
[HP-port-group-manual-client1] group-member Gi 1/0/1 to Gi 1/0/24
[HP-port-group-manual-client1] port link-type access
[HP-port-group-manual-client1] port access vlan 200
Voice ports
[HP]port-group manual pc-phone-1
[HP-port-group-manual-pc-phone-1]group-member Gi 1/0/25 to Gi 1/0/46
[HP-port-group-manual-pc-phone-1]port link-type hybrid
[HP-port-group-manual-pc-phone-1]port hybrid vlan 200 untagged
[HP-port-group-manual-pc-phone-1]port hybrid vlan 100 tagged
[HP-port-group-manual-pc-phone-1]port hybrid pvid vlan 200
y
[HP-port-group-manual-pc-phone-1]undo port hybrid vlan 1
[HP-port-group-manual-pc-phone-1]voice vlan 100 enable
nl
O
Figure 3-8: VLAN configuration on HP A-Series: Access and voice ports
Se
You can define an access port in one of the following ways. This first method is from
the port:
lU
[HPA]interface gigabit 1/0/1
a
[HPA-gigabitethernet1/0/1] port link-type access
rn
[HPA-gigabitethernet1/0/1] port access vlan 200
The second method from specifying the access port is from the VLAN:
te
In
[HPA]vlan 200
[HPA-vlan200]port gigabitethernet 1/0/1 to gi 1/0/24
P
You need to configure ports that connect to voice devices as hybrid ports.
H
On HP A-Series devices, the Voice VLAN operates by default in automatic mode. In
r
this mode, the switch identifies IP phones by their MAC addresses, which it detects in
Fo
the source MAC address field of the phone’s untagged frames.
The switch matches these addresses against the Organizational Unique Identifers
(OIDs) in its list, which includes those for Cisco, Avaya, 3Com, Siemens, and
Polycom phones. You can also add OID addresses for other vendors. If the device
finds a match, it automatically assigns the port to the voice VLAN, applies ACL rules
to the port, and assigns the port the correct quality of service (QoS) priority. You can
also configure the switch’s voice VLAN aging time, which determines how long the
port is considered part of the VLAN without receiving frames on the device.
For more information on the various features of the Voice VLAN, please refer to the
Access volume and Voice VLAN chapter of your HP A-Series switches’
documentation.
Rev. 11.12 3 –13
HP Networking Interoperability
To display information about the VLANs configured on an A-Series switch, enter:
<HPA>display vlan
Total 32 VLAN exist(s).
The following VLANs exist:
1(default), 10, 20, 30, 40, 99-105, 200-205, 300-306, 400-404
488, 499
To display ports assigned to a particular VLAN, enter:
<HPA>display vlan 100
VLAN ID: 100
VLAN Type: static
Route Interface: not configured
y
Description: VLAN 0100
nl
Name: VLAN 0100
O
Tagged Ports:
Bridge-Aggregation1
Se
GigabitEthernet1/0/1 GigabitEthernet1/0/2 GigabitEthernet1/0/3
lU
GigabitEthernet1/0/4 GigabitEthernet1/0/5 GigabitEthernet1/0/12
Untagged Ports: none
a
rn
To display all ports in all VLANs, enter:
te
<HPA>display vlan all
In
VLAN ID: 1
P
VLAN Type: static
H
Route Interface: configured
IP Address: 10.1.1.10
r
Fo
Subnet Mask: 255.255.255.0
Description: VLAN 0001
Name: VLAN 0001
Tagged Ports: none
Untagged Ports:
Bridge-Aggregation1
GigabitEthernet1/0/1 GigabitEthernet1/0/2 GigabitEthernet1/0/3
GigabitEthernet1/0/4 GigabitEthernet1/0/5 GigabitEthernet1/0/6
GigabitEthernet1/0/7 GigabitEthernet1/0/8 GigabitEthernet1/0/9
GigabitEthernet1/0/10 GigabitEthernet1/0/11 GigabitEthernet1/0/12
GigabitEthernet1/0/13 GigabitEthernet1/0/14 GigabitEthernet1/0/15
GigabitEthernet1/0/16 GigabitEthernet1/0/17 GigabitEthernet1/0/18
3 –14 Rev. 11.12
VLANs
GigabitEthernet1/0/19 GigabitEthernet1/0/20 GigabitEthernet1/0/21
GigabitEthernet1/0/22 GigabitEthernet1/0/23 GigabitEthernet1/0/24
GigabitEthernet1/0/25 GigabitEthernet1/0/26 GigabitEthernet1/0/27
GigabitEthernet1/0/28
VLAN ID: 10
VLAN Type: static
Route Interface: not configured
Description: VLAN 0010
Name: VLAN 0010
Tagged Ports:
Bridge-Aggregation1
GigabitEthernet1/0/1 GigabitEthernet1/0/2 GigabitEthernet1/0/3
y
nl
GigabitEthernet1/0/4 GigabitEthernet1/0/5
O
Untagged Ports: none
VLAN ID: 20
Se
VLAN Type: static
Route Interface: not configured
lU
Description: VLAN 0020
a
Name: VLAN 0020
rn
Tagged Ports:
te
Bridge-Aggregation1
GigabitEthernet1/0/1 GigabitEthernet1/0/2 GigabitEthernet1/0/3
In
GigabitEthernet1/0/4 GigabitEthernet1/0/5
P
Untagged Ports: none
H
VLAN ID: 30….
To display the status and type (trunk, access, hybrid) of all ports, enter:
r
Fo
<HPA>display brief interface
The brief information of interface(s) under route mode:
Interface Link Protocol-link Protocol type Main IP
NULL0 UP UP(spoofing) NULL --
Vlan1 UP UP ETHERNET 10.1.1.10
The brief information of interface(s) under bridge mode:
Interface Link Speed Duplex Link-type PVID
BAGG1 UP 2G(a) full(a) trunk 1
GE1/0/1 UP 1G(a) full(a) trunk 1
GE1/0/2 DOWN auto auto access 100
GE1/0/3 DOWN auto auto access 200
GE1/0/4 UP 1G(a) full(a) access 100
Rev. 11.12 3 –15
HP Networking Interoperability
GE1/0/5 DOWN auto auto access 1
GE1/0/6 DOWN auto auto access 1
GE1/0/7 DOWN auto auto access 1
GE1/0/8 DOWN auto auto access 1
GE1/0/9 DOWN auto auto access 1
GE1/0/10 DOWN auto auto access 1
GE1/0/11 DOWN auto auto access 1
To display all trunk ports and the permitted VLANs on each one, enter:
<HPA>display port trunk
Interface PVID VLAN passing
BAGG1 1 1, 10, 20, 30, 40, 99-105, 200-205, 300-306,
y
400-404, 488, 499
nl
GE1/0/1 1 1, 10, 20, 30, 40, 99-105, 200-205, 300-306,
O
400-404, 488, 499
GE1/0/2 1 1, 10, 20, 30, 40, 99-105, 200-203, 300-306
Se
GE1/0/3 1 1, 10, 20, 30, 40, 99-105, 200-203, 300-306
lU
GE1/0/4 1 1, 10, 20, 30, 40, 99-105, 200-205, 300-306,
400-404, 488, 499
a
GE1/0/5 1 1, 10, 20, 30, 40, 99-105, 200-203, 300-306
rn
GE1/0/12 1 1, 99-100, 200-203
te
[HPA]display port hybrid
In
Interface PVID VLAN passing
GE1/0/13 1 Tagged: 100
P
Untagged:200
H
GE1/0/14 1 Tagged: 100
r
Untagged:200
Fo
GE1/0/15 1 Tagged: 100
Untagged:200
GE1/0/16 1 Tagged: 100
Untagged:200
GE1/0/17 1 Tagged: 100
Untagged:200
GE1/0/18 1 Tagged: 100
Untagged:200
GE1/0/19 1 Tagged: 100
Untagged:200
GE1/0/20 1 Tagged: 100
Untagged:200
3 –16 Rev. 11.12
VLANs
VLAN routing on HP A-Series
IP routing
Management VLAN
[HP]interface vlan 99
[HP-vlan-interface-99] ip address 10.1.99.10 24
If L2 switch to set default gateway
[HP] ip route-static 0.0.0.0 0 10.1.99.1
If routing switch:
[HP] ip routing (enabled by default)
[HP] interface vlan 100
[HP-vlan-interface-100] ip address 10.1.100.10 24
[HP-vlan-interface-100] interface vlan 200
[HP-vlan-interface-200] ip address 10.1.200.10 24
[HP-vlan-interface-200] interface vlan 201
[HP-vlan-interface-201] ip address 10.1.201.10 24
y
[HP-vlan-interface-201] interface vlan 202
[HP-vlan-interface-202] ip address 10.1.202.10 24
nl
[HP-vlan-interface-202] interface vlan 203
[HP-vlan-interface-203] ip address 10.1.203.10 24
O
Figure 3-9: VLAN routing on HP A-Series
Se
This slide shows two example setups for IP routing on an A-Series switch. The first set
lU
of commands configures the management IP address and default gateway for a non-
routing switch.
a
The second set of commands configures a routing switch with IP addresses on each
rn
VLAN interface. The switch can then route between those VLANs as long as routing
is enabled.
te
To view information about the VLAN interfaces that have been assigned IP
In
addresses, enter:
P
<HPA>display ip interface brief
H
*down: administratively down
r
(s): spoofing
Fo
Interface Physical Protocol IP Address Description
Vlan-interface1 up up 10.1.1.10 Vlan-inte...
Vlan-interface200 up down unassigned Vlan-inte...
Rev. 11.12 3 –17
HP Networking Interoperability
DHCP relay on HP A-Series
Specify IP addresses for the interfaces (omitted).
Enable DHCP.
[HP] dhcp enable
Add DHCP server 10.1.1.100 and 101 into DHCP server group 1.
[HP] dhcp relay server-group 1 ip 10.1.1.100
[HP] dhcp relay server-group 1 ip 10.1.1.101
Enable the DHCP relay agent on VLAN-interface 100 and correlate to
DHCP server group 1.
[HP] interface vlan-interface 100
[HP-Vlan-interface100] dhcp select relay
[HP-Vlan-interface100] dhcp relay server-select 1
y
[HP] interface vlan-interface 200
nl
[HP-Vlan-interface200] dhcp select relay
[HP-Vlan-interface200] dhcp relay server-select 1
O
Figure 3-10: DHCP relay on HP A-Series
Se
To configure DHCP relay on HP A-Series switches, you must enable DHCP. Then
lU
create a DHCP server group and specify your servers. Finally, enable DHCP relay on
specific interfaces, indicating the DHCP server group.
a
To verify the VLANs on which you have enabled DHCP relay, enter this command:
rn
[HPA] display dhcp relay all
te
The output for the configuration displayed in the slide is:
In
Interface name Server-group
P
Vlan-interface100 1
H
Vlan-interface200 1
Vlan-interface201 1
r
Fo
To verify the IP addresses of the configured DHCP servers, enter this command:
[HPA] display dhcp relay server-group 1
The output for the configuration displayed in the slide is:
No. Group IP
1 10.1.1.100
2 10.1.1.101
3 –18 Rev. 11.12
VLANs
VLAN configuration on HP E-Series
Management VLAN
ProCurve(config)# vlan 99
ProCurve(vlan-99)# untagged 47-48
Data VLANs access and tagged ports
ProCurve(config)# vlan 200
ProCurve(vlan-200)# name data1
ProCurve(vlan-200)# untagged 1-46
ProCurve(vlan-200)# tagged 47-48
Voice VLAN
ProCurve(config)# vlan 100
ProCurve(vlan-100)# voice vlan
ProCurve(vlan-100)# tagged all
y
Figure 3-11: VLAN configuration on HP E-Series
nl
On HP E-Series switches, you take a slightly different approach toward defining
O
VLANs. You do not define a port as a particular type. Instead, you specify exactly
Se
which VLANs are tagged or untagged on each port. Figure 3-11 shows an example
configuration for several different types of VLAN on an E-Series switch.
a lU
rn
te
In
P
r H
Fo
Rev. 11.12 3 –19
HP Networking Interoperability
VLAN routing on HP E-Series
Management VLAN
ProCurve(config)# vlan 99
ProCurve(vlan-99)# ip address 10.1.99.10/24
ProCurve(vlan-99)# exit
If not routing:
ProCurve(config)# ip default-gateway 10.1.99.1
If routing:
ProCurve(config)# ip routing
ProCurve(config)# vlan 100 ip address 10.1.100.10/24
ProCurve(config)# vlan 200 ip address 10.1.200.10/24
ProCurve(config)# vlan 201 ip address 10.1.201.10/24
ProCurve(config)# vlan 201 ip address 10.1.202.10/24
ProCurve(config)# vlan 201 ip address 10.1.20.10/24
y
nl
Figure 3-12: VLAN routing on HP E-Series
O
On HP E-Series switches:
Se
The IP address is defined in the VLAN itself, playing the role of “int vlan“
IP routing is not enabled by default
lU
If IP routing is not enabled, a default gateway should be defined
a
rn
te
In
P
r H
Fo
3 –20 Rev. 11.12
VLANs
DHCP relay on HP E-Series
DHCP relay
ProCurve(config)# ip routing
ProCurve(config)# ip udp-bcast-forward
ProCurve(config)# vlan 100 ip helper-address 10.1.1.100
ProCurve(config)# vlan 100 ip helper-address 10.1.1.101
ProCurve(config)# vlan 200 ip helper-address 10.1.1.101
ProCurve(config)# vlan 200 ip helper-address 10.1.1.100
ProCurve(config)# vlan 201 ip helper-address 10.1.1.100
ProCurve(config)# vlan 201 ip helper-address 10.1.1.101
…
Figure 3-13: DHCP relay on HP E-Series
y
nl
On HP E-Series switches, you configure DHCP relay by configuring helper addresses
O
in the VLANs that require this feature. You must also enable routing and UDP
broadcast forwarding (the second is enabled by default).
Se
To verify the configuration, enter this command:
lU
HP# show ip helper-address
The output for the configuration shown in the slide is:
a
IP Helper Addresses
rn
VLAN: 1
te
IP Helper Address
In
-----------------
VLAN: 100
P
IP Helper Address
H
-----------------
r
Fo
10.1.1.100
10.1.1.101
VLAN: 200
IP Helper Address
-----------------
10.1.1.100
10.1.1.101
VLAN: 201
IP Helper Address
-----------------
10.1.1.100
10.1.1.101
Rev. 11.12 3 –21
HP Networking Interoperability
Dynamic VLAN creation: VTP and GVRP
In this section, you will examine two protocols that can be used to dynamically create
VLANs on switches: VLAN Trunking Protocol (VTP), a Cisco proprietary protocol, and
GARP VLAN Registration Protocol (GVRP), an industry-standard protocol.
If you have experience implementing either of these protocols, write any thoughts you
have here while your facilitator begins the discussion.
____________________________________________________________________
____________________________________________________________________
____________________________________________________________________
y
nl
____________________________________________________________________
O
Se
____________________________________________________________________
lU
____________________________________________________________________
a
rn
____________________________________________________________________
te
____________________________________________________________________
In
P
____________________________________________________________________
H
____________________________________________________________________
r
Fo
____________________________________________________________________
____________________________________________________________________
____________________________________________________________________
____________________________________________________________________
____________________________________________________________________
3 –22 Rev. 11.12
VLANs
VTP versus GVRP
VTP GVRP
Cisco proprietary Standard 8021Q and 802.1P
On most vendors including HP
On Cisco IOS and CatOS switches
On Cisco CatOS only
Password protected No password protection
VLAN creation and port pruning VLAN creation and port pruning
Requires trunk port (ISL or 802.1Q) Requires trunk ports
y
VTP roles: server, client, transparent GVRP roles: all switches are equal
nl
O
Figure 3-14: VTP versus GVRP
Se
This table compares Cisco’s VLAN Trunking Protocol (VTP) and the industry-standard
GARP VLAN Registration Protocol (GVRP). (GARP stands for Generic Attribute
lU
Registration Protocol.)
a
rn
te
In
P
r H
Fo
Rev. 11.12 3 –23
HP Networking Interoperability
GVRP and VTP on the same network
– GVRP BPDUs go through Cisco switches and also switches that
are not GVRP aware.
– VTP frames go through GVRP devices.
– Both GVRP and VTP require VLAN 1.
Figure 3-15: GVRP & VTP on the same network
Figure 3-15 explains how GVRP and VTP function when they are implemented on the
same network. The protocols both function because their frames pass through devices
that do not understand those frames.
y
nl
O
Se
a lU
rn
te
In
P
r H
Fo
3 –24 Rev. 11.12
VLANs
GVRP operations p
2. Port 2 receives
Switch1 with static
advertisement
VLANs (VID= 1, 2, & 3). 4. A port is
of VIDs 1, 2, & 3 & becomes a
Port 1 is member of VIDs 1, statically configured
member of VIDs 1, 2, & 3.
2, & 3. to be a member of
3. Port 3 advertises VIDs 1,
1. Port 2 advertises VID 3.
2, & 3, but port 3 is NOT a
VIDs 1, 2, and 3.
member of VIDs 1, 2, & 3 at
this point.
Switch1 Switch2 Switch3
GVRP enabled GVRP enabled GVRP enabled
1 2 3 4
y
6. Port 3 receives advertisement
8. Port 1 receives of VID 3 AND becomes
nl
5. Port 4 advertises
advertisement a member of VID 3. (Still not a VID 3.
of VID 3 member of VIDs 1 & 2.)
O
7. Port 2 advertises VID 3.
Se
Figure 3-16: GVRP operations
When a GVRP-aware switch port learns a VLAN ID (VID) through GVRP from another
lU
device, the switch begins advertising that VID out all of its ports except the port on
which the VID was learned.
a
rn
GVRP general operation
te
When GVRP is enabled on a switch, the VID for any static VLANs configured on the
switch is advertised (using Bridge Protocol Data Units [BPDUs]) out all ports,
In
regardless of whether a port is up or assigned to any particular VLAN.
P
A GVRP-aware port on another device that receives the advertisements over a link
H
can dynamically join the advertised VLAN. A dynamic VLAN (that is, a VLAN
learned through GVRP) is tagged on the port on which it was learned. Also, a GVRP-
r
Fo
enabled port can forward an advertisement for a VLAN it learned from other ports
on the same switch (internal source), but the forwarding port will not itself join that
VLAN until an advertisement for that VLAN is received through a link from another
device (external source) on that specific port
A GVRP-aware port receiving advertisements has these options:
If there is not already a static VLAN with the advertised VID on the receiving
port, then the port can dynamically create the VLAN and become a member.
If the switch already has a static VLAN assignment with the same VID as in the
advertisement and the port is configured to Normal (HP A-Series) or Auto (HP E-
series) for that VLAN, then the port will dynamically join the VLAN and begin
handling that VLAN’s traffic.
Ignore the advertisement for that VID.
Don’t participate in that VLAN.
Rev. 11.12 3 –25
HP Networking Interoperability
Note also that a port belonging to a tagged or untagged static VLAN has these
configurable options:
Send VLAN advertisements and also receive advertisements for VLANs on other
ports and dynamically join those VLANs.
Configuration on HP switches: Mode Auto on HP E-Series, Normal on HP A-
Series
Send VLAN advertisements, but ignore advertisements received from other ports.
Configuration on HP switches: Mode Block on HP E-Series, Fixed on HP A-
Series
Avoid GVRP participation by not sending advertisements and dropping any
advertisements received from other devices.
y
Configuration on HP switches: Mode Disable on HP E-Series, Forbidden on
nl
HP A-Series
O
Se
a lU
rn
te
In
P
r H
Fo
3 –26 Rev. 11.12
VLANs
GVRP
– GVRP BPDUs go through Cisco switches and also switches that are not
GVRP aware.
– Requires VLAN 1.
– Trunk port dynamically becomes part of a VLAN when receiving GVRP
join.
– And if VLAN is created locally (that is static)
– If trunk does not enable VLAN, VLANs are not learned via GVRP
HP A-Series:
HP E-Series
Enable GVRP globally and on trunk ports
Enable GVRP globally
y
[HP-A] gvrp
HP-E(config)# gvrp
[HP-A] int gi 1/0/1
nl
[HP-A-gigabitethernet1/0/1] gvrp
O
Figure 3-17: GVRP
Se
When GVRP is enabled on a switch, the VID for any static VLANs configured on the
switch is advertised (using Bridge Protocol Data Units (BPDUs) out all ports,
lU
regardless of whether a port is up or assigned to any particular VLAN.
a
A GVRP-aware port on another device that receives the advertisements over a link
rn
can dynamically join the advertised VLAN. A dynamic VLAN (that is, a VLAN
learned through GVRP) is tagged on the port on which it was learned. Also, a GVRP-
te
enabled port can forward an advertisement for a VLAN it learned about from other
In
ports on the same switch (internal source), but the forwarding port will not itself join
that VLAN until an advertisement for that VLAN is received through a link from
P
another device (external source) on that specific port .
H
On HP A-Series switches, you must enable GVRP on trunk ports. Also make sure all
VLANs are permitted on trunk ports to allow them to learn the GVRP VLAN. The HP
r
Fo
A-Series switch ports support the following modes for VLAN learning:
[HP-A-gigabitethernet1/0/1] gvrp registration normal
[HP-A-gigabitethernet1/0/1] gvrp registration forbidden
[HP-A-gigabitethernet1/0/1] gvrp registration fixed
Normal mode is default.
On the HP E-Series witches, you only need to enable GVRP globally. Then, by
default, ports will learn any VLAN. To forbid the learning of VLANs on edge ports,
you must forbid learning in each VLAN:
HP-E(config)# vlan 100 forbid 3-24
HP-E(config)# vlan 200 forbid 3-24
HP-E(config)# vlan 201 forbid 3-24
Rev. 11.12 3 –27
HP Networking Interoperability
GVRP and VTP: Pros and cons
– Create VLANs automatically from one switch to all others
– Delete VLANs
•VTP puts ports in errdisable: networks stop working
•GVRP deletes a VLAN only if no port is statically attached to it
– Decrease the opportunity for making mistakes when
configuring VLANs on trunk ports
– Static assignment of access ports still requires static VLAN
configuration
– With GVRP, security requires blocking GVRP learning on
y
access ports (default setting on HP A-Series)
nl
Figure 3-18: GVRP and VTP: Pro and cons
O
Figure 3-18 lists some of the pros and cons of using GVRP and VTP.
Se
Create VLANs automatically from one switch to all others:
lU
Pros: Automatic creation saves time and can reduce configuration errors.
Cons: VLANs are created everywhere; there is no control.
a
rn
Broadcast domains are extended everywhere.
te
If there are a lot of VLANs on the network, the VLAN limit on some
switches might be exceeded.
In
Delete VLANs:
P
VTP puts port in errdisable: networks stop working.
H
Pro: Enables cleanup of unused VLANs.
r
Fo
Cons: Accidental deletion is a well-known issue with VTP. This has
made some companies reject VTP.
GVRP only deletes VLAN if no port is statically attached to it.
Decrease the opportunity for making mistakes when configuring VLANs on trunk
ports.
Pro: Configure the VLAN on trunk port
Cons: This can be achieved without GVRP; you can simply allow all VLANs.
(This solution is not an issue on HP switches with MSTP. However, it is a
common issue with Cisco where all VLANs should not be enabled to reduce
number of PVST instances.)
3 –28 Rev. 11.12
VLANs
Static assignment of access ports still requires static VLAN configuration.
Cons: You must still set the VLAN as static to assign ports to VLAN.
With GVRP, security requires blocking GVRP learning on access ports (default
setting on HP A-Series).
GVRP is not protected. If someone can connect a device to a GVRP-enabled
port, he or she can create VLANs on the network.
y
nl
O
Se
a lU
rn
te
In
P
r H
Fo
Rev. 11.12 3 –29
HP Networking Interoperability
Trunk and static VLANs: A best practice?
1 Static VLANs
Static VLANs
10,20,30,40
10,20,30,40
Trunk ports
Permitted VLANs: 10,20,30,40
2 Static VLANs
Static VLANs
10,20,30,40
10,20,30,40
Trunk ports
Permitted VLANs: ALL
3 Static VLANs
Static VLANs
10,20,30,40
10,20,30,40
50,60, 70,80
Trunk ports
Permitted VLANs: ALL
y
nl
What do you think of these three setups? With a
Cisco switch? With an HP switch?
O
Figure 3-19: Trunk and static VLANs: A best practice?
Se
In its best practices for LANs, Cisco recommends allowing only permitted VLANs on
lU
trunk ports, for two reasons.
The first is to reduce broadcast domain extension.
a
rn
The second is to reduce CPU demand. Because of VTP, a switch learns all
VLANs, creating one instance per VLAN in PVST, which is CPU intensive.
te
Is the best practice the same for HP switches? MSTP only uses one BPDU for all
In
instances, so the number of VLANs does not change CPU time for MSTP. Even if all
VLANs are allowed on trunk ports, only the frames of the configured VLANs will be
P
received and transmitted, so broadcast domains are not extended if VLANs are not
H
set on a device. If VLANs are not the same on both sides, as in case 3, broadcast
r
frames for VLANs 50, 60, 70 and 80 will be dropped when received by the right
Fo
switch.
Conclusion: if VLANs are not set dynamically on HP switches, the trunk ports can be
set with all VLANs permitted.
3 –30 Rev. 11.12
VLANs
Lab 3.1: Configuring VLANs
P3 P3
Cisco-A Cisco-B
P1 P2 P1 P2
Uplinks
Untagged in VLAN 1,
Tagged in VLAN 11, 12 & 13
P1 P2
P2
HP-C P1 HP-E
A-Series E-Series
P3 P3
Server_1 Client_1
y
nl
Trunk 802.1q port Trunk/802.1q port
O
Connected Not Connected
To be configured
for later labs
Se
Figure 3-20: Configuring VLANs
lU
You will now complete Lab 3.1: Configuring VLANs. Use the space below to record
any instructions your facilitator gives you for this lab.
a
rn
________________________________________________________________________
te
________________________________________________________________________
In
P
________________________________________________________________________
H
________________________________________________________________________
r
Fo
________________________________________________________________________
________________________________________________________________________
________________________________________________________________________
________________________________________________________________________
________________________________________________________________________
________________________________________________________________________
Rev. 11.12 3 –31
HP Networking Interoperability
Lab debrief
What commands display ports status, port role (access, trunk, hybrid), VLANs, ports
in VLANS?
____________________________________________________________________
____________________________________________________________________
____________________________________________________________________
____________________________________________________________________
y
nl
____________________________________________________________________
O
____________________________________________________________________
What have you learned?
Se
lU
___________________________________________________________________
a
rn
___________________________________________________________________
te
___________________________________________________________________
In
P
___________________________________________________________________
r H
___________________________________________________________________
Fo
___________________________________________________________________
___________________________________________________________________
___________________________________________________________________
___________________________________________________________________
___________________________________________________________________
3 –32 Rev. 11.12
VLANs
What was a challenge?
___________________________________________________________________
___________________________________________________________________
___________________________________________________________________
___________________________________________________________________
___________________________________________________________________
y
___________________________________________________________________
nl
O
___________________________________________________________________
Se
lU
What did you learn that can be applied in the field?
___________________________________________________________________
a
rn
___________________________________________________________________
te
In
___________________________________________________________________
P
___________________________________________________________________
r H
Fo
___________________________________________________________________
___________________________________________________________________
___________________________________________________________________
___________________________________________________________________
___________________________________________________________________
Rev. 11.12 3 –33
HP Networking Interoperability
Module 3 summary
In this module, you have learned how to configure VLANs, configure access, trunk
and voice ports, and compare VTP and GVRP. Write down any thoughts you may
have while your facilitator reviews the content of this module.
_______________________________________________________________________
_______________________________________________________________________
_______________________________________________________________________
_______________________________________________________________________
y
nl
_______________________________________________________________________
O
Se
_______________________________________________________________________
lU
_______________________________________________________________________
a
rn
_______________________________________________________________________
te
_______________________________________________________________________
In
P
_______________________________________________________________________
H
_______________________________________________________________________
r
Fo
_______________________________________________________________________
_______________________________________________________________________
_______________________________________________________________________
_______________________________________________________________________
_______________________________________________________________________
3 –34 Rev. 11.12
VLANs
Learning check
Q1: What is a major difference between trunk ports on Cisco and HP A-Series?
___________________________________________________________________
___________________________________________________________________
___________________________________________________________________
___________________________________________________________________
___________________________________________________________________
y
nl
O
___________________________________________________________________
Se
___________________________________________________________________
lU
___________________________________________________________________
a
rn
Q2: Can you remove VLAN 1 on trunk ports on HP switches? Explain your answer.
te
___________________________________________________________________
In
___________________________________________________________________
P
H
___________________________________________________________________
r
Fo
___________________________________________________________________
___________________________________________________________________
___________________________________________________________________
___________________________________________________________________
___________________________________________________________________
___________________________________________________________________
Rev. 11.12 3 –35
HP Networking Interoperability
Q3: Can you assign a VLAN to an access port with GVRP or VTP?
___________________________________________________________________
___________________________________________________________________
___________________________________________________________________
___________________________________________________________________
___________________________________________________________________
y
___________________________________________________________________
nl
O
___________________________________________________________________
Se
___________________________________________________________________
lU
Q4: Would you enable all VLANs on trunk ports in a mixed environment with HP
a
and Cisco switches?
rn
___________________________________________________________________
te
In
___________________________________________________________________
P
___________________________________________________________________
r H
___________________________________________________________________
Fo
___________________________________________________________________
___________________________________________________________________
___________________________________________________________________
___________________________________________________________________
___________________________________________________________________
___________________________________________________________________
3 –36 Rev. 11.12
Implementing MSTP
on Cisco and HP Switches
Module 4
Module 4 objectives
After completing this module, you will be able to:
Explain key parameters in Multiple Spanning Tree Protocol (MSTP)
implementation and explain how MSTP differs from Cisco’s Per VLAN Spanning
Tree Plus (PVST+)
y
Given specific network environment requirements, differentiate between key
nl
design options and make the right choices when implementing MSTP to create a
redundant network
O
Configure Cisco and HP switches for MSTP interoperability
Se
a lU
rn
te
In
P
r H
Fo
Rev. 11.12 4 –1
HP Networking Interoperability
MSTP review
In this section of the module, you will review basic MSTP concepts such as MSTP
regions, load balancing, and VLAN setup in an MSTP environment. Use the space
below to record your thoughts as your facilitator asks you questions about your
experience in configuring MSTP.
_______________________________________________________________________
_______________________________________________________________________
_______________________________________________________________________
y
_______________________________________________________________________
nl
O
_______________________________________________________________________
Se
_______________________________________________________________________
lU
_______________________________________________________________________
a
rn
_______________________________________________________________________
te
In
_______________________________________________________________________
P
_______________________________________________________________________
r H
Fo
_______________________________________________________________________
_______________________________________________________________________
_______________________________________________________________________
4 –2 Rev. 11.12
Implementing MSTP on Cisco and HP Switches
MSTP regions—Review 1
Region Name = “Region1" Region Name = “Region1"
Revision # = 1 Revision # = 1
Instance 1 = VLANs 1, 12 Instance 1 = VLANs 1, 12
Instance 2 = VLANs 11, 13 Instance 2 = VLANs 11, 13
1. What MSTP
parameters must be set
on all switches to be in
MSTP Region
an MSTP Region?
Region Name = “Region1" Region Name = “Region1"
Revision # = 1 Revision # = 1
Instance 1 = VLANs 1, 12 Instance 1 = VLANs 1, 12
y
Instance 2 = VLANs 11, 13 Instance 2 = VLAN 11, 13 13
nl
2. What are the default 3. What are valid reasons to put
MSTP Region parameters? switches in the same MSTP Region?
O
Figure 4-1: MSTP regions—Review 1
Se
You will now review Multiple Spanning Tree Protocol (MSTP) regions. Configuring the
lU
regions correctly is key to designing networks that include switches from different
vendors.
a
Some important facts to remember are:
rn
MSTP was defined by the IEEE 802.1s standard, which has been incorporated
te
into 802.1Q-2003.
In
MSTP is backward compatible with Rapid Spanning Tree Protocol (RSTP)
(802.1w), which superseded the original Spanning Tree Protocol (STP) standard
P
(802.1D). RSTP has been incorporated into 802.1D-2004.
H
Q1: What MSTP parameters must be set for all switches to be in the same MSTP
r
region?
Fo
_____________________________________________________________________
_____________________________________________________________________
Q2: What are the default MSTP parameters?
_____________________________________________________________________
_____________________________________________________________________
Rev. 11.12 4 –3
HP Networking Interoperability
Q3: Why would you want to put all switches within the same MSTP region?
_____________________________________________________________________
_____________________________________________________________________
_____________________________________________________________________
_____________________________________________________________________
_____________________________________________________________________
y
_____________________________________________________________________
nl
O
Se
a lU
rn
te
In
P
r H
Fo
4 –4 Rev. 11.12
Implementing MSTP on Cisco and HP Switches
MSTP regions—Review 2
Region Name = “Region1 " Region Name = “Region1 "
Revision # = 1 Revision # = 1
Instance 1 = VLANs 1, 12 Instance 1 = VLANs 1, 12
Instance 2 = VLANs 11, 13 Instance 2 = VLANs 11, 13
1. If there is a mistake
Region 1
in the switch‘s MSTP
configuration, what
happens?
Region 2
Region Name = “Region1 "
Region Name = “region"
Revision # = 1
Revision # = 1
Instance 1 = VLANs 1, 12
y
Instance 1 = VLANs 1, 12
Instance 2 = VLANs 11, 13
Instance 2 = VLAN 11 ,1313
nl
Figure 4-2: MSTP regions—Review 2
O
Q1: If there is a mistake in the switch’s MSTP configuration, what happens?
Se
_____________________________________________________________________
lU
_____________________________________________________________________
a
rn
_____________________________________________________________________
te
In
_____________________________________________________________________
P
Q2: Besides mistakes in the region name or revision number, what conditions could
H
result in switches being in different regions?
r
_____________________________________________________________________
Fo
_____________________________________________________________________
_____________________________________________________________________
_____________________________________________________________________
Rev. 11.12 4 –5
HP Networking Interoperability
Which BPDUs are used?—Review 3
– Inside the MSTP region?
– Outside the MSTP region?
MSTP BPDUs
RSTP BPDUs
Compatible
MSTP
Region
This switch could be:
• A Cisco Switch using Rapid
PVST+ or PVST+
CST (operates • A switch in RSTP/STP mode
y
like STP/RSTP) STP/RSTP
• A switch in another MSTP region
nl
(MSTP BPDUs used)
O
Figure 4-3: Which BPDUs are used?—Review 3
Se
Q1: Which Bridge Protocol Data Units (BPDUs) are used inside and outside the MSTP
region?
lU
_____________________________________________________________________
a
rn
_____________________________________________________________________
te
In
_____________________________________________________________________
P
_____________________________________________________________________
r H
_____________________________________________________________________
Fo
_____________________________________________________________________
Note
MSTP is backward compatible with RSTP and STP. A STP- or RSTP-capable switch
can interpret the first part of the MSTP BPDU, which includes CIST parameters,
such as the IST root bridge ID, which are used for the CST root bridge election.
4 –6 Rev. 11.12
Implementing MSTP on Cisco and HP Switches
MSTP BPDUs—Review 4
1. Are MSTP BPDUs tagged?
2. Are they attached to a VLAN?
3. On a trunk port, is it required to set an untagged VLAN
for MSTP BPDUs?
4. What is the destination Mac address of an MSTP BPDU?
5. Does an MSTP BPDU carry information about all
instances?
802.1s Untagged RSTP & MSTP common MSTP-specific
IEEE Dest MAC:
MSTP
y
CIST data IST data MSTI data
01:80:c2:00:00:00
nl
Figure 4-4: MSTP BPDUs—Review 4
O
Q1: Are MSTP BPDUs tagged? ______________________________________________
Se
Q2: Are MSTP BPDUs attached to a VLAN?
lU
_____________________________________________________________________
a
_____________________________________________________________________
rn
te
_____________________________________________________________________
In
_____________________________________________________________________
P
H
Q3: On a trunk port, is it required to set an untagged VLAN for MSTP BPDUs?
r
Fo
_____________________________________________________________________
_____________________________________________________________________
_____________________________________________________________________
_____________________________________________________________________
Rev. 11.12 4 –7
HP Networking Interoperability
Q4: What is the destination MAC address of an MSTP BPDU?
_____________________________________________________________________
_____________________________________________________________________
_____________________________________________________________________
_____________________________________________________________________
_____________________________________________________________________
y
_____________________________________________________________________
nl
O
Note
Se
The switch will not be the BPDU’s destination when MSTP is disabled. In this
case, the MSTP BPDU will be an untagged frame and will be forwarded in the
untagged VLAN. This is true for both HP A-Series and E-Series switches.
lU
Q5: Does each MSTP BPDU include information about all instances? _____________
a
rn
Additional Information about MSTP
te
MSTP was originally introduced in 802.1s, but was later added to the 802.1Q-2001
amendment. MSTP enhances RSTP, enabling switches to establish different spanning
In
tree topologies for different VLANs. Unlike PVST+ and Rapid PVST+, however, MSTP
P
does not create per-VLAN spanning trees. Instead, you assign VLANs to instances,
and MSTP creates per-instance spanning trees. In fact, MSTP is not VLAN aware in
H
that every link participates in every spanning tree instance (unless spanning tree is
r
disabled on it) even if that does not carry any VLANs that are in that instance.
Fo
MSTP BPDUs, which are always sent untagged, include information about all
instances, which means that the protocol sends the same number of BPDUs no matter
how many VLANs a link supports. The MSTP BPDU is backward compatible with
RSTP (and STP BPDU); it simply includes extra fields that contain the MSTP region
and instance information. The portion of the BPDU that is interpreted by RSTP/STP-
capable devices includes common internal spanning tree (CIST) parameters, which
mimic the parameters included by an RSTP switch. However, the parameters are for
the MSTP region’s IST. For example, the switch includes the IST root bridge ID.
The STP/RSTP and MSTP switches (as well as MSTP switches in different regions)
establish a single common spanning tree (CST), which is much like an RSTP topology.
In the CST, each MSTP region appears much like a single bridge.
4 –8 Rev. 11.12
Implementing MSTP on Cisco and HP Switches
Common spanning tree—Review 5
– Which MSTP parameters affect the spanning tree outside of
the MSTP region?
CST IST Instance MSTP Region A
Behaves root priority 0
like RSTP
MSTP boundary port
RSTP
blocked port
MSTP BPDUs
RSTP BPDUs
Compatible
y
IST Instance root MSTP Region B
priority 4096
nl
IST setup is key for interoperability with other switches including Cisco
O
Figure 4-5: Common spanning tree—Review 5
Se
Q: Which MSTP parameters affect the spanning tree outside of the MSTP region?
lU
_____________________________________________________________________
a
rn
_____________________________________________________________________
te
_____________________________________________________________________
In
P
_____________________________________________________________________
H
_____________________________________________________________________
r
Fo
_____________________________________________________________________
IST parameters—in particular the ID (priority and MAC address) of the IST root—are
key to managing interoperability outside an MSTP region, particularly with switches
running PVST+ or Rapid PVST+.
The MSTP region’s IST acts like a single virtual switch in the Common Spanning Tree
(CST), which enables the interoperation of MSTP, STP, and RSTP. In general, the CST
consists of each MSTP region’s IST and the Single Spanning Tree (SST) domains
formed by STP and RSTP switches. The CST creates a single loop-free path between
all of the IST instances and all of the SST domains.
Rev. 11.12 4 –9
HP Networking Interoperability
What setup is required to enable load balancing?—
Review 6
MSTP instance 1 secondary secondary MSTP instance 2 root
root
root root
IST instance
root secondary
root
y
nl
O
Figure 4-6: What setup is required to enable load balancing?—Review 6
Se
Q1: What setup is required to enable load balancing?
lU
_____________________________________________________________________
a
_____________________________________________________________________
rn
te
_____________________________________________________________________
In
_____________________________________________________________________
P
H
Q2: Does the STP topology depend on the VLAN setup?
r
Fo
_____________________________________________________________________
_____________________________________________________________________
_____________________________________________________________________
_____________________________________________________________________
_____________________________________________________________________
4 –10 Rev. 11.12
Implementing MSTP on Cisco and HP Switches
Mapping VLANs to MST instances—Review 7
VLANs
IST Instance 1, 12 MST Instance 1 MST Instance 2
VLANs
1-4094 VLANs
11, 13
IST Instance MST Instance 1 MST Instance 2
VLANs
2-11, VLANs VLANs
14-4094 1, 12 11, 13
y
nl
IST =“Internal Spanning-Tree”= MST Instance 0= Default Instance for VLANs
O
Figure 4-7: Mapping VLANs to MST instances—Review 7
Se
Q1: What happens to the MSTP configuration when VLANs are moved to an
instance?
lU
_____________________________________________________________________
a
rn
_____________________________________________________________________
te
In
_____________________________________________________________________
P
_____________________________________________________________________
r H
_____________________________________________________________________
Fo
_____________________________________________________________________
Rev. 11.12 4 –11
HP Networking Interoperability
Is MSTP “aware” of the VLAN setup?—Review 8
8
Region name = “Region1"
Revision #= 1
Instance 1 = VLANs 1-10
Instance 2 = VLANs 11-20
MSTP instance 1 secondary MSTP instance 1
root secondary root
All VLANs root root All VLANs
VLAN 2,12
VLAN 2,12
If all link costs are equal, in each
instance, which ports are: Port Role is independent of
y
- Root ports? VLAN setup.
nl
- Alternate ports? So is instance topology
O
Figure 4-8: Is MSTP “aware” of the VLAN setup?—Review 8
Se
Q1: Is MSTP “aware” of the VLAN setup? Explain your answer.
_____________________________________________________________________
a lU
_____________________________________________________________________
rn
_____________________________________________________________________
te
In
_____________________________________________________________________
P
H
Q2: If all link costs are equal in each instance, which ports are root ports?
r
_____________________________________________________________________
Fo
_____________________________________________________________________
Q3: If all link costs are equal in each instance, which ports are alternate ports?
_____________________________________________________________________
_____________________________________________________________________
Remember that with MSTP, the port role is entirely independent of VLAN setup, as is
the topology in each instance.
4 –12 Rev. 11.12
Implementing MSTP on Cisco and HP Switches
MSTP design options
MSTP Review
MSTP design options
Addition of VLAN to MSTP instances: strategies
VLAN and MSTP setup: design cases
MSTP port cost on various platforms
Configuring MSTP on HP and Cisco
Figure 4-9: MSTP design options
The next section covers design considerations for implementing MSTP on a
y
multivendor network. Before you discuss best practices, your facilitator will ask you
nl
questions about how you configure VLANs on uplinks when MSTP is enabled on a
O
network. Use the space below to record anything you learn from this discussion.
_______________________________________________________________________
Se
lU
_______________________________________________________________________
a
_______________________________________________________________________
rn
te
_______________________________________________________________________
In
_______________________________________________________________________
P
H
_______________________________________________________________________
r
Fo
_______________________________________________________________________
_______________________________________________________________________
_______________________________________________________________________
Rev. 11.12 4 –13
HP Networking Interoperability
How do you set up VLANs on uplinks?
What are the pros and cons
of setup 1 and setup 2?
Which setup would you suggest?
MSTP instance 1
Setup #2 MSTP instance 1
Setup #1
secondary root secondary
root All VLANs root All VLANs root
All VLANs VLAN 2,12
VLAN 20 VLAN 10 VLAN 20
y
Region name = “Region1"
nl
VLAN 10 VLAN 2,12 VLAN 2,12
Revision #= 1
Instance 1 = VLANs 1-10
O
Instance 2 = VLANs 11-20
Figure 4-10: How do you set up VLANs setup on uplinks?
Se
The goals of this discussion are to put what was learned in the MSTP review into
lU
action and to emphasize some differences between MSTP and Cisco PVST+.
Q1: What are the pros and cons of setup 1and setup 2?
a
rn
_____________________________________________________________________
te
_____________________________________________________________________
In
P
_____________________________________________________________________
H
_____________________________________________________________________
r
Fo
_____________________________________________________________________
_____________________________________________________________________
_____________________________________________________________________
4 –14 Rev. 11.12
Implementing MSTP on Cisco and HP Switches
Q2: Which setup would you suggest?
_____________________________________________________________________
_____________________________________________________________________
_____________________________________________________________________
_____________________________________________________________________
_____________________________________________________________________
y
_____________________________________________________________________
nl
O
If you have experience configuring Cisco switches, you may think setup 2 is more
appropriate, since in PVST+ it would reduce PVST overhead. With MSTP, however,
Se
setup 2 will not reduce overhead.
An intermediary setup could be configuring trunk ports with only the needed VLANs
lU
on aggregation or core switches and configuring trunk ports with all VLANs on edge
switches. This setup can also lead to configuration errors.
a
rn
What about a reversed solution—configuring trunk ports with all VLANs permitted on
core switches and only the needed VLANs on edge switches? This setup would be
te
similar to setup 1 with additional configuration on the trunk ports.
In
P
r H
Fo
Rev. 11.12 4 –15
HP Networking Interoperability
Instances and VLAN settings—Activity
- A link is used for transmitting keepalives between servers
MSTP instance 1
VLANS 10,20
root secondary root
If VLAN 100 is added
T10, T20 to instance 1, will this
link stay active?
How can you ensure
T100 that it does?
y
Figure 4-11: Instances and VLAN settings—Activity
nl
Q1: If VLAN 100 is set in instance 1, will this link forward traffic?
O
_____________________________________________________________________
Se
_____________________________________________________________________
a lU
Q2: How can you ensure that this link forwards traffic?
rn
_____________________________________________________________________
te
In
_____________________________________________________________________
P
H
_____________________________________________________________________
r
Fo
_____________________________________________________________________
_____________________________________________________________________
_____________________________________________________________________
_____________________________________________________________________
4 –16 Rev. 11.12
Implementing MSTP on Cisco and HP Switches
MSTP setting—Activity
- Two links/VLANs separate two MSTP regions.
- IP traffic is routed between regions.
MSTP Region 1
Instance 1 VLAN 1-100
T1-T99
Root secondary root
Is MSTP active on these
routed links?
U200
U100
Which link is blocked?
Why?
secondary root
What is the solution to keep
root
both links up?
T101-199
y
nl
MSTP Region 2
Instance 1 VLAN 101-200
O
Figure 4-12: MSTP setting—Activity
Se
The goal of this implementation is to limit the extension of the VLANs’ broadcast
lU
domains and also to split one MSTP region in two, creating two MSTP regions and a
simpler setup per region.
a
Q1: Is MSTP active on the links that carry routed traffic on VLANs 100 and 200?
rn
____________________________________
te
On Cisco switches, you would call these routed links. However, today there is no
strict concept of routed links on HP switches. In other words, you cannot set an IP
In
address on an interface to make it routed. You create a routed link by assigning the
P
physical interface to a unique VLAN reserved for it (100 and 200 in this example)
and assigning the VLAN an IP address.
H
Q2: Which link is blocked? Why?
r
Fo
_____________________________________________________________________
_____________________________________________________________________
_____________________________________________________________________
_____________________________________________________________________
_____________________________________________________________________
_____________________________________________________________________
Rev. 11.12 4 –17
HP Networking Interoperability
Q3: How do you keep both links active?
_____________________________________________________________________
_____________________________________________________________________
_____________________________________________________________________
_____________________________________________________________________
_____________________________________________________________________
y
_____________________________________________________________________
nl
O
_____________________________________________________________________
Se
_____________________________________________________________________
lU
_____________________________________________________________________
a
rn
te
In
P
r H
Fo
4 –18 Rev. 11.12
Implementing MSTP on Cisco and HP Switches
Adding a new VLAN on a switch implementing
MSTP
– What happens if you add VLAN 14 on switch D?
Switch_A Switch_B
Switch_C Region 1 Switch_D
Config name = “Region1“
y
Revision #= 1
Instance 1 = VLANs 1, 12
nl
Instance 2 = VLANs 11, 13
IST instance = VLANs 2-10, 14-4094
O
Figure 4-13: Adding a new VLAN on a switch implementing MSTP
Q1: What happens if you add VLAN 14 on switch D?
Se
lU
_____________________________________________________________________
a
rn
_____________________________________________________________________
te
_____________________________________________________________________
In
P
_____________________________________________________________________
H
_____________________________________________________________________
r
Fo
Rev. 11.12 4 –19
HP Networking Interoperability
Assigning a VLAN to an MST instance
1. What happens if you add VLAN 14 on switch D?
2. What happens if you move VLAN 14 to instance 2 on D?
3. What can you do to limit the MSTP region changes?
Switch_A Switch_B
Region 1 Use IST
parameters to establish
the spanning tree
MSTP BPDUs
Switch_C Switch_D
Region 2
Config name = “Region1" Config name = “Region1"
y
Revision number = 1 Revision number = 1
nl
Instance 1 = VLANs 1 12 Instance 1 = VLANs 1 12
Instance 2 = VLANs 11 13 Instance 2 = VLANs 11 13 14
O
IST instance = VLANs 2 - 10 14 - 4094 IST instance = VLANs 2 - 10 15 - 4094
Figure 4-14: Assigning a VLAN to an MST instance
Se
Every time you add or delete a VLAN from an MST instance other than 0, it changes
lU
the mapping of the VLAN to instances, and then it changes the region of that switch.
Q1: What happens if you add VLAN 14 on switch D? (You learned on the previous
a
slide.)
rn
_____________________________________________________________________
te
In
_____________________________________________________________________
P
_____________________________________________________________________
r H
Fo
_____________________________________________________________________
Q2: What happens when you define VLAN 14 on switch D in instance 2?
_____________________________________________________________________
_____________________________________________________________________
_____________________________________________________________________
_____________________________________________________________________
_____________________________________________________________________
4 –20 Rev. 11.12
Implementing MSTP on Cisco and HP Switches
Note that the average failover timeout when moving from MSTP to RSTP may not be
longer than 1 to 3 seconds.
Q3: What can you do to limit the MSTP region changes?
_____________________________________________________________________
_____________________________________________________________________
_____________________________________________________________________
_____________________________________________________________________
y
_____________________________________________________________________
nl
O
_____________________________________________________________________
Se
The following page presents two strategies.
a lU
rn
te
In
P
r H
Fo
Rev. 11.12 4 –21
HP Networking Interoperability
Strategies to place VLANs in MSTP instances
Strategy 1 Strategy 2
Preset all VLANs in Move newly created VLANs to instances
instances at initial setup during a defined maintenance window
MSTP instance 1 MSTP instance 1
VLANs 11-2000 VLANs 1-100
Move newly
MSTP instance 2 MSTP instance 2 created VLANs
Every 6 months
VLANs 2001-4094 VLANs 101-200
IST instance IST instance
y
VLANs 1-10 VLANs 200-4094
nl
O
Figure 4-15: Strategies to place VLANs in MSTP instances
Se
These two strategies are designed to reduce:
Failover due to changes in MSTP instances
lU
Configuration overhead due to adding and deleting VLANs from MST instances
a
Strategy 1: Preset all VLANs in instances at initial setup.
rn
Pros:
te
In this strategy, you complete the setup all at once.
In
This strategy reduces the risks of misconfiguration.
P
Cons:
H
If VLANs exist and HSRP/VRRP gateways are already defined, instance
r
setup may be complex.
Fo
You might find it complex to implement setups that do not use a range of
VLANs per instance.
4 –22 Rev. 11.12
Implementing MSTP on Cisco and HP Switches
Strategy 2: Do not move VLANs when they are created. Leave them in instance 0
and make all during the planning maintenance window.
Pros:
In this strategy, you can add VLANs and downtime is limited to once every
“n” months.
This strategy reduces the number of changes that need to be made at once.
This strategy does not require you to set up instances in advance.
Cons:
While setup requirements are minimized, this strategy still requires changes
and some failover time every “n” months.
y
nl
O
Se
a lU
rn
te
In
P
r H
Fo
Rev. 11.12 4 –23
HP Networking Interoperability
MSTP—Path costs
Default on HP Default on Default on HP
E-Series Cisco A-Series
Fast Ethernet 200 000 200 000 200
Gigabit 20 000 20 000 20
10 Gigabit 2 000 2 000 2
Enabling MSTP stp pathcost-
y
Default Default
standard cost standard dot1t
nl
O
Figure 4-16: MSTP—Path costs
Se
Figure 4-16 shows the default path costs for HP A-Series, E-Series, and Cisco switches.
While the slide covers MSTP implementations, note that both RSTP and MSTP utilize
lU
the 20000 cost value.
On both HP E-Series switches and Cisco switches, MSTP implements the IEEE
a
802.1s/802.1t cost value by default. (Note that on switches that implement
rn
PVST+/Rapid PVST+, the long option for spanning-tree path costs can change the
te
costs to the RSTP/MSTP standard values.)
In
HP-A-Series switches are somewhat different. By default, they implement a private
legacy cost. If you need to use the standard MSTP cost calculation for full
P
compatibility, you can use the following command:
H
stp pathcost-standard dot1t
Another option for this command (stp pathcost-standard dot1t-1988) configures the
r
Fo
HP A-Series switches to use the costs in the STP 802.1D standard version. You might
select this option when you use the HP A-Series switches with Cisco switches that
implement PVST+ and do not support the long option for path cost calculation.
4 –24 Rev. 11.12
Implementing MSTP on Cisco and HP Switches
Configuring MSTP
MSTP review
MSTP design options
Configuring MSTP
On Cisco switches
On HP E-Series switches
On HP A-Series switches
Figure 4-17: Configuring MSTP
y
nl
In this section, you will learn about the key differences in configuring MSTP on HP A-
O
Series, E-Series, and Cisco switches.
Se
a lU
rn
te
In
P
r H
Fo
Rev. 11.12 4 –25
HP Networking Interoperability
Configuring MSTP—Major steps
1.
1 Set MSTP as the spanning-tree mode, if it is not the default
STP version.
2.
2 Define region parameters.
• Config name, revision number, and instances
3.
3 Set root and secondary root in each MST instance.
4.
4 Set edge and non-edge ports.
5.
5 Enable spanning-tree.
6 Connect the switches.
y
Figure 4-18: Configuring MSTP—Major steps
nl
O
This slide summarizes the major steps in configuring MSTP. As you configure MSTP,
keep in mind the following default settings:
Se
HP E-Series switches use MSTP as the default STP version, but it is not enabled by
default. When MSTP is manually enabled, all ports are auto-edge-ports by
lU
default. Auto-edge ports send and listen for BPDUs for three seconds. If they do
not receive any BPDUs, they become edge ports.
a
rn
On HP A-Series switches, MSTP is the default STP version. By default, MSTP is
not enabled, and all ports are non-edge ports.
te
Cisco uses Per VLAN Spanning Tree Plus (PVST+) as the default STP version, and
In
it is enabled by default. When you change the mode to MSTP, all ports are non-
edge ports by default.
P
r H
Fo
4 –26 Rev. 11.12
Implementing MSTP on Cisco and HP Switches
IOS requirements for MSTP on Cisco
To be compliant with the IEEE 802.1s-2002 standard, Cisco switches
must run the following (or newer) software versions:
•Catalyst 2950, 3550, 3560, 3750: IOS 12.2(25)SEC
•Catalyst 2955: supported on all versions
•Catalyst 4000, 2948G and 2980G: CatOS 12.2(25)SG
•Catalyst 4000: IOS12.2(25)SG
•Catalyst 6000: native IOS 12.2(18)SXF or CatOS 8.3
•MSTP is not supported on following: Catalyst 2900XL, 3500XL,
2948G-L3, 4908G-L3, 5000, 5500, 8500
– Earlier versions than the ones specified implement a pre-standard of MSTP
that is not compliant with 802.1s.
y
nl
– The pre-standard and standard commands look the same, so do not use
them to check for support.
O
Figure 4-19: IOS requirements for MSTP on Cisco
Se
Some Cisco switches, such as the 2900 XL and the others mentioned above, do not
support MSTP. On others, double check the IOS version.
lU
You must double check the IOS version because the commands will not tell you
a
whether your switch is capable of implementing MSTP. (They are the same as
rn
standard MSTP commands.) Pre-standard MSTP looks identical in the CLI but is not
compatible with 802.1s. It will use RSTP, however, to interoperate with the MSTP
te
switches.
In
P
r H
Fo
Rev. 11.12 4 –27
HP Networking Interoperability
Cisco and HP MSTP scenario: Cisco switch
configurations
!Enable MSTP mode and define MSTP parameters
Cisco(config)# spanning-tree mode mst Root Backup root
Cisco(config)# spanning-tree mst configuration for instance 0,1 for instance 2
Cisco(config-mst)# instance 1 vlan 1,12 Cisco A Cisco B
Cisco(config-mst)# instance 2 vlan 11,13 MSTP
Cisco(config-mst)# name Region1 po1
Cisco(config-mst)# revision 1
Cisco(config-mst)# ! EXIT Required to validate config
gig1/1 gig1/1
Cisco(config-mst)# exit
!Set CiscoA as root of instance 0 and 1
CiscoA(config)# spanning-tree mst 0 priority 0
CiscoA(config)# spanning-tree mst 1 priority 0
CiscoA(config)# spanning-tree mst 2 priority 4096
!Set CiscoB as root of instance 2 HP C
y
CiscoB(config)# spanning-tree mst 0 priority 4096
MSTP
nl
CiscoB(config)# spanning-tree mst 1 priority 4096
CiscoB(config)# spanning-tree mst 2 priority 0
O
!Enable PortFast on all access ports
Cisco(config)# spanning-tree portfast default
Se
Figure 4-20: Cisco and HP MSTP scenario: Cisco switch configurations
lU
The slide displays the commands for configuring the Cisco switches to implement
MSTP. Note the following aspects of the configuration:
a
You must set MSTP mode because it is not the default mode.
rn
You must also define the region parameters. In this example these are:
te
Region name: Region1 (it is case sensitive)
In
Revision number: 1
P
Instance 1: VLAN 1 and 12
H
Instance 2: VLAN 11 and 13
r
Fo
Cisco A is defined as root in Instance 0 and 1 and secondary root in instance 2
Cisco B is defined as Root in Instance 2 and secondary root in instance 0 and
1.
The spanning-tree portfast default command sets all ports that not trunks and
that do not receive BPDUs as edge ports.
You must type exit for the MSTP region commands to take effect.
4 –28 Rev. 11.12
Implementing MSTP on Cisco and HP Switches
Cisco and HP MSTP scenario: HP A-Series switch
configurations
#MSTP is default Root Backup root
#Enable MSTP standard cost (not default) for instance 0, 1 for instance 2
[Switch] stp pathcost-standard dot1t Cisco A Cisco B
MSTP
#Define MSTP region parameters po1
[Switch]stp region-configuration
[Switch-mst-region] region-name Region1
gig1/1 gig1/1
[Switch-mst-region] revision-level 1
[Switch-mst-region] instance 1 vlan 1 11
[Switch-mst-region] instance 2 vlan 12 to 13
[Switch-mst-region] active region-configuration
#STP is not enabled by default
[Switch] stp enable
HP C
y
#Define edge ports using a port group
[Switch]port-group manual edge-1
MSTP
nl
[Switch-…] group-member Gi 1/0/1 to Gi 1/0/40
[Switch-…] port link-type access
O
[Switch-…] port access vlan 11
[Switch-…] stp edged-port enable
Se
Figure 4-21: Cisco and HP MSTP scenario: HP A-Series switch configurations
lU
As you learned earlier, on HP A-Series switches, the default path cost does not
adhere to the 802.1t-2001 standard. Unless you configure the dot1t standard in this
a
scenario, the alternate port will not be on the access layer side but rather on the
rn
secondary root side. This error arises because the legacy values of the HP A-Series
for MSTP default to lower ones than the standard values:
te
Fast-Ethernet:200
In
Gigabit: 20
P
10 Gig: 2
r H
Fo
Rev. 11.12 4 –29
HP Networking Interoperability
Cisco and HP MSTP scenario: HP E-Series switch
configurations
#MSTP is the default on most HP E-Series switches Root Backup root
#Define MSTP region parameters for instance 0,1 for instance 2
Switch(config)# spanning-tree config-name “Region1” Cisco A Cisco B
Switch(config)# spanning-tree config-revision 1 MSTP
Switch(config)# spanning-tree instance 1 vlan 1,11 po1
Switch(config)# spanning-tree instance 2 vlan 12-13
gig1/1 gig1/1
#A port is set automatically as edge if no BPDUs are
received within 3 seconds
#Edge port can be set manually for faster transition
Switch(config)# spanning-tree 1-44 admin-edge-port
#STP is NOT enabled by default
HP C
Switch(config)# spanning-tree
y
MSTP
nl
O
Se
Figure 4-22: Cisco and HP MSTP scenario: HP E-Series switch configurations
Here you see the configuration commands for HP E-Series switches.
a lU
rn
te
In
P
r H
Fo
4 –30 Rev. 11.12
Implementing MSTP on Cisco and HP Switches
Troubleshooting MSTP
Use the following guidelines for troubleshoot MSTP in a multivendor environment:
If a switch is the root in an instance when it should not be, and its priority is
correct, the switch probably belongs to another MSTP region.
Verify the MSTP configuration parameters.
If an edge switch can no longer forward traffic when its root port is down, verify
the VLAN configuration on the alternate port.
The alternate and root ports should carry the same VLANs (untagged or
tagged).
If MSTP does not converge quickly, check that uplinks are set as non-edge and
point-to-point.
y
nl
O
Se
a lU
rn
te
In
P
r H
Fo
Rev. 11.12 4 –31
HP Networking Interoperability
Conclusion: MSTP on Cisco and HP switches
In conclusion, follow these guidelines when configuring MSTP on Cisco and HP
switches:
Check that Cisco switches can support MSTP and upgrade IOS if required.
Schedule downtime for changing the STP mode.
The step-by-step transition might introduce some downtime.
Carefully plan MSTP instances:
Possibly preset all VLANs in instances.
Pay attention to instance 0 for interoperability with non-MSTP switches.
Analyze the location of your region boundaries, if any.
y
nl
Disable STP on routed links or when the VLAN topology prevents loops.
O
Se
a lU
rn
te
In
P
r H
Fo
4 –32 Rev. 11.12
Implementing MSTP on Cisco and HP Switches
Lab 4.1: Configuring MSTP
Root Root
for Instances 0 and 1 for Instance 2
MSTP Region
Name: HP-Cisco
P1 P1
Revision: 1
Cisco-A Cisco-B
MST Instance 1: VLAN 12
P3 P4 P3 P4
MST Instance 2: VLAN 1,11,13
MSTP IP addressing:
10.POD.VLAN.X/24
X=1 on Cisco-A
X=2 on Cisco-B
P1 P2 P1 P2 X=3 on HP-C
HP-C HP-E X=4 on HP-D
X=5 on HP-E
P3 P3 X=6 on HP-F
X=100 on Server_1
y
X=101 on Client_1
nl
Server_1 Client_1
Figure 4-23: Lab 4.1: Configuring MSTP
O
You will now complete a lab in which you configure Cisco, HP A-Series, and HP E-
Se
Series switches to implement MSTP.
lU
Use the space below to record any instructions your facilitator gives you for this lab.
________________________________________________________________________
a
rn
________________________________________________________________________
te
In
________________________________________________________________________
P
________________________________________________________________________
r H
________________________________________________________________________
Fo
________________________________________________________________________
________________________________________________________________________
________________________________________________________________________
________________________________________________________________________
________________________________________________________________________
Rev. 11.12 4 –33
HP Networking Interoperability
Lab debrief
1. What are your key insights about MSTP?
a. Did you discover something new?
b. Did you discover something that surprised you?
_______________________________________________________________________
_______________________________________________________________________
_______________________________________________________________________
y
_______________________________________________________________________
nl
O
2. What were your greatest challenges?
Se
a. Did you learn something that helped you to address the challenges?
_______________________________________________________________________
lU
_______________________________________________________________________
a
rn
_______________________________________________________________________
te
In
_______________________________________________________________________
P
H
3. What did you learn of practical value?
a. What did you discover that you can apply in the field?
r
Fo
_______________________________________________________________________
_______________________________________________________________________
_______________________________________________________________________
_______________________________________________________________________
_______________________________________________________________________
_______________________________________________________________________
4 –34 Rev. 11.12
Implementing MSTP on Cisco and HP Switches
Module 4 summary
In this module, you reviewed MSTP concepts such as regions, instances, and
interoperability with RSTP and STP. If you were more familiar with PVST+ when you
began the module you should now understand how MSTP operates in a slightly
different way.
You also learned the steps and commands for implementing MSTP on Cisco, HP A-
Series, and HP E-Series switches. You analyzed the problems that might occur if you
do not set up consistent path costs across the platforms and also studied several
scenarios and best practices for MSTP design. Finally, you learned a little about
troubleshooting MSTP in a multi-vendor environment.
y
nl
O
Se
a lU
rn
te
In
P
r H
Fo
Rev. 11.12 4 –35
HP Networking Interoperability
Learning check
Q1: Is the MSTP region name case sensitive?
_________________________________________________________________________
Q2: Is MSTP aware of VLAN configuration? Explain your answer.
_________________________________________________________________________
_________________________________________________________________________
_________________________________________________________________________
y
_________________________________________________________________________
nl
O
Q3: Which parameters are applied outside of an MSTP region?
Se
_________________________________________________________________________
lU
_________________________________________________________________________
a
_________________________________________________________________________
rn
te
_________________________________________________________________________
In
Q4: Can a switch that implements STP be the root of the CST?
P
H
_________________________________________________________________________
Q5: How should you configure VLANs on uplink ports?
r
Fo
_________________________________________________________________________
_________________________________________________________________________
_________________________________________________________________________
_________________________________________________________________________
_________________________________________________________________________
_________________________________________________________________________
4 –36 Rev. 11.12
Implementing MSTP on Cisco and HP Switches
Q6: Does a Cisco switch implementing PVST+ interoperate with a switch
implementing MSTP? If so, how?
_________________________________________________________________________
_________________________________________________________________________
_________________________________________________________________________
_________________________________________________________________________
_________________________________________________________________________
y
nl
_________________________________________________________________________
O
_________________________________________________________________________
Se
a lU
rn
te
In
P
r H
Fo
Rev. 11.12 4 –37
HP Networking Interoperability
PAGE INTENTIONALLY LEFT BLANK
y
nl
O
Se
lU
a
rn
te
In
P
r H
Fo
4 –38 Rev. 11.12
Interoperability Among PVST+,
Rapid PVST+, and MSTP
Module 5
Module 5 objectives
After this module, you will be able to:
Explain the interoperability capabilities and limits of Cisco’s Per VLAN Spanning
Tree Plus protocol (PVST+) and Rapid PVST+ with Spanning Tree Protocol (STP),
Rapid Spanning Tree Protocol (RSTP), and Multiple Spanning Tree Protocol
(MSTP)
y
nl
Select an STP option to integrate HP switches and Cisco switches based on
customer constraints and the existing network
O
Configure STP on HP switches and PVST+ with Cisco switches for integration in a
Se
redundant network
a lU
rn
te
In
P
r H
Fo
Rev. 11.12 5–1
HP Networking Interoperability
PVST+ and STP interoperability
In this section of the module, you will review basic interoperability concepts. You will
compare Spanning Tree Protocol (STP), Rapid Spanning Tree Protocol (RSTP), and
Multiple Spanning Tree Protocol (MSTP) with Cisco’s Per VLAN Spanning Tree Plus
(PVST+), and learn about the BPDUs that are exchanged. Use the space below to
record your thoughts as your facilitator explains the information covered in this
section. You may also want to write down any questions you have, so you can be
pay particular attention to that section of the module.
_______________________________________________________________________
_______________________________________________________________________
y
nl
_______________________________________________________________________
O
_______________________________________________________________________
Se
_______________________________________________________________________
a lU
_______________________________________________________________________
rn
te
_______________________________________________________________________
In
_______________________________________________________________________
P
H
_______________________________________________________________________
r
Fo
_______________________________________________________________________
_______________________________________________________________________
_______________________________________________________________________
_______________________________________________________________________
5–2 Rev. 11.12
Interoperability Among PVST+, Rapid PVST+, and MSTP
How do STP/RSTP and Cisco PVST+/Rapid PVST+
differ?
STP and RSTP PVST+ and Rapid PVST+
VLAN 1 VLAN 1
VLAN 11 VLAN 11
VLAN 12 VLAN 12
Root for Root for
Root Secondary root VLANs 1, 11 VLAN 12
y
Standard Proprietary based on standard
nl
Single instance One STP instance per VLAN
One STP topology One STP topology per VLAN
O
Untagged BPDUs Tagged BPDUs per VLAN
Figure 5-1: How do STP/RSTP and Cisco PVST+/Rapid PVST+ differ?
Se
It is important to understand the key differences between STP/RSTP and
lU
PVST+/Rapid PVST+.
With STP and RSTP:
a
rn
There is only a single instance of spanning tree.
te
Blocked ports are physically blocked, blocking all VLANs configured on that
port.
In
Standard BPDUs are sent untagged and are not attached to any VLAN.
P
The BPDUs are always sent no matter which VLANs are configured on
H
the link. They are untagged (even if the link has only a tagged
r
membership).
Fo
The MAC address of a BPDU is a standard bridge multicast MAC address:
01:80:c2:00:00:00.
A bridge that implements standard STP uses this MAC address to
determine that it must check the content of the frame.
With PVST+ and Rapid PVST+:
There is one instance of STP per VLAN.
Port roles are defined on a per-VLAN basis.
PVST+ BPDUs are set tagged on ports when the VLAN is tagged on a port
and untagged when VLANs are untagged.
Rev. 11.12 5–3
HP Networking Interoperability
The forwarding and reception of PVST BPDUs directly depends on whether
a VLAN exists on a particular link.
PVST+ is based on standard spanning tree 802.1D mechanisms but is a
proprietary implementation, with the exception of VLAN 1. (See later slides.)
Backbonefast, uplinkfast and portfast are specific mechanisms to speed
STP convergence on Cisco platforms.
Rapid PVST+ uses the same principles as PVST+ but is based on RSTP
(802.1w) for its fast convergence mechanisms.
With Rapid PVST+, link cost is based on 802.1D calculations:
Fast Ethernet: 19
Gigabit: 4
y
10 Gigabit: 2
nl
When you enter the global spanning tree pathcost method long
O
command, the switch uses RSTP and MSTP standard costs:
Se
Fast Ethernet: 200 000
Gigabit: 20 000
lU
10 Gigabit: 2000
a
rn
te
In
P
r H
Fo
5–4 Rev. 11.12
Interoperability Among PVST+, Rapid PVST+, and MSTP
PVST+ versus MSTP
PVST+ & Rapid PVST+ MSTP
MSTI 1 = VLANs 1-100
MSTI 2 = VLANs 101-200
VLAN 1 VLANs
VLAN 11 1,100
VLAN 12 VLAN
101-200
Root for Root for
VLANs 1, 11 VLAN 12 Root MSTI 1 Root MSTI 2
One STP topology per VLAN One STP Topology per instance
Proprietary Standard
y
Fast convergence with Rapid PVST+ Fast convergence included
nl
High overhead Reduced overhead
Config per VLAN Config per instance
O
PVST+ aware of VLAN topology MSTP not aware of VLAN topology
Figure 5-2: PVST+ versus MSTP
Se
Very often there are misconceptions about MSTP versus PVST+. MSTP is not the
lU
standard version of PVST+ or Rapid PVST+. Here are the key differences between
MSTP and PVST+:
a
MSTP
rn
There is one spanning tree topology per instance.
te
Each instance is defined as a set of VLANs.
In
MSTP is the IEEE 802.1s standard.
P
For fast convergence it uses RSTP mechanisms.
H
It is backward compatible with RSTP or STP.
r
Fo
Ports are blocked or forwarding on a per instance basis.
What is really blocked or forwarding are the VLANs of the given
instance.
Standard MSTP BPDUs are sent untagged and are not attached to any
VLAN.
BPDUs are sent for whatever VLAN setup exists on a port.
MSTP BPDUs contain information about all instances. (See the BPDU
page.)
This reduces overhead for BPDU management.
There is no need to restrict the number of VLANs created per switch.
Rev. 11.12 5–5
HP Networking Interoperability
The MAC address of a BPDU is a standard bridge multicast MAC address:
01:80:c2:00:00:0.
PVST+ and Rapid PVST+
These protocols not standard despite being interoperable with standard STP.
(See the following pages.)
There is only one instance of STP per VLAN.
BPDUs are sent in each VLAN, which creates overhead.
The port role is defined on a per VLAN basis.
A design recommendation is to reduce the number of VLANs on the
switch to reduce overhead due to BPDUs per VLAN.
PVST+ BPDUs are sent tagged on ports when a VLAN is tagged on the
y
port, and untagged when a VLAN untagged.
nl
Forwarding and reception of PVST BPDUs directly depends on a VLAN’s
O
existence on the link.
Se
The MAC address of a BPDU is a standard bridge multicast MAC address:
01:80:c2:00:00:0.
a lU
rn
te
In
P
r H
Fo
5–6 Rev. 11.12
Interoperability Among PVST+, Rapid PVST+, and MSTP
Spanning tree BPDUs
802.1D Untagged
IEEE Dest MAC:
STP 01:80:c2:00:00:00
802.1w Untagged
IEEE Dest MAC:
RSTP 01:80:c2:00:00:00
802.1s Untagged RSTP & MSTP common MSTP-specific
MSTP IEEE Dest MAC:
CIST data IST data MSTI data
01:80:c2:00:00:00
PVST+ Untagged for Untagged for Tagged for
on Cisco VLAN 1 native VLAN other VLANs
y
IEEE Dest MAC: Cisco Dest MAC: Cisco Dest MAC:
Trunks
nl
01:80:c2:00:00:00 01:00:0c:cc:cc:cd 01:00:0c:cc:cc:cd
True if VLAN 1 is ALLOWED on the trunk.
O
VLAN 1 may or may not be the native VLAN
Figure 5-3: Spanning tree BPDUs
Se
STP, RST, MSTP and PVST+ use different types of BPDUs. Understanding what BPDUs
lU
are generated by a switch and what received BPDUs are interpreted by a switch
helps manage STP interoperability.
a
Some important things to know about BPDUs are:
rn
Standard BPDUs
te
802.1D/802.1w/802.1s BPDUs use a standard bridge multicast MAC
In
address: 01:80:c2:00:00:00, so the BPDUs will be looked through by
switches where STP or RSTP or MSTP is enabled.
P
H
RSTP BPDUs are backward compatible with STP BPDUs, and MSTP BPDUs
are backward compatible with both. When a device that supports only
r
Fo
RSTP or STP receives an MSTP BPDU, it can interpret all of the BPDU except
the MSTP-specific data. The CIST data includes the ID for the region’s IST
root bridge, which is the ID for the region as a whole acting like a single
logical bridge.
There are three kinds of PVST+ Cisco BPDUs:
When VLAN 1 is allowed on a trunk, PVST+ sends standard STP BPDUs.
BPDUs carry the parameters set in VLAN 1.
Note that VLAN 1 does not need to be the native VLAN for standard
BPDUs to be sent. It only needs to be enabled.
In any case, the Cisco switch sends an untagged, standard BPDU.
Rev. 11.12 5–7
HP Networking Interoperability
If Rapid PVST+ is enabled, then RSTP BPDUs are sent instead of STP BPDUs.
In an untagged/native VLAN (if different than 1), PVST+ BPDUs with Cisco
MAC addresses are sent.
PVST+ BPDUs are only understood by switches running PVST+.
In tagged VLANs, PVST BPDUs are tagged and use Cisco MAC addresses.
PVST+ BPDUs are only understood by switches running PVST+.
y
nl
O
Se
a lU
rn
te
In
P
r H
Fo
5–8 Rev. 11.12
Interoperability Among PVST+, Rapid PVST+, and MSTP
Cisco PVST+: Which BPDUs are sent on trunk ports?
Standard STP BPDUs for untagged VLAN 11
interface GigabitEthernet 1/20 * In older version BPDU may NOT be standard
switchport access vlan 11
switchport mode access
interface GigabitEthernet 1/20
PVST+ BPDUs for untagged VLAN 11 and
switchport access vlan 11 tagged VLAN 12
switchport mode access
switchport voice vlan 12
Which setup would you
recommend for VoIP Ports?
y
nl
Figure 5-4: Cisco PVST+: Which BPDUs are sent on trunk ports?
O
Standard BPDUs are sent if VLAN 1 is allowed on the trunk port. If VLAN 1 is not
allowed, no standard BPDUs are sent, and interoperability with standard-based
Se
switches cannot occur.
a lU
rn
te
In
P
r H
Fo
Rev. 11.12 5–9
HP Networking Interoperability
Cisco PVST+: Which BPDUs are sent on access
ports?
Standard STP BPDUs for untagged VLAN 11
interface GigabitEthernet 1/20 * In older version BPDU may NOT be standard
switchport access vlan 11
switchport mode access
interface GigabitEthernet 1/20
PVST BPDUs for untagged VLAN 11 and
switchport access vlan 11 tagged VLAN 12
switchport mode access
switchport voice vlan 12
y
Which setup would you
nl
recommend for VoIP Ports?
O
Figure 5-5: Cisco PVST+: Which BPDUs are sent on access ports?
Se
On Cisco access ports, standard BPDUs are sent, which allows interoperability to
occur on access ports. However, if the port is a voice over IP (VoIP) port, and if a
lU
voice VLAN is defined on that port, no standard BPDUs are sent. This should not be
an issue as no switch should be connected on the access port.
a
rn
Q1: Which setup would you recommend for VoIP ports?
te
__________________________________________________________________
In
__________________________________________________________________
P
H
__________________________________________________________________
r
Fo
__________________________________________________________________
__________________________________________________________________
__________________________________________________________________
__________________________________________________________________
5 – 10 Rev. 11.12
Interoperability Among PVST+, Rapid PVST+, and MSTP
Spanning tree BPDUs—Quiz 1
For each case, find BPDU characteristics:
• BDPU Type is: A) STP B) RSTP C) MSTP D) PVST+ E) Rapid PVST+
• MAC address: 1) Standard 01:80:c2:00:00:00 2) Cisco 01:00:0c:cc:cc:cd
• BDPU Frame is: A) Tagged B) Untagged
1) Cisco Switch
PVST+ Enabled Out of VLAN 1 BPDU Type:…. MAC @:…… Tagged/Untagged:….
Trunk Allowed VLANs:
1,10,20,30
Native VLAN 10 Out of VLAN 10 BPDU Type:…. MAC @:…… Tagged/Untagged:….
2) Cisco Switch
y
Rapid PVST+ Enabled Out of VLAN 10 BPDU Type:…. MAC @:…… Tagged/Untagged:….
Trunk Allowed VLANs:
nl
10,20,30
Native VLAN 10 Out of VLAN 20 BPDU Type:…. MAC @:…… Tagged/Untagged:….
O
Figure 5-6: Spanning tree BPDUs—Quiz 1
Answer each question for all VLANs.
Se
lU
Q1-a: For Cisco Switch 1, what types of BPDUs are sent? (Choose from STP, RSTP,
a
MSTP, PVST+, Rapid PVST+)____________________________________________
rn
te
____________________________________________________________________
In
____________________________________________________________________
P
H
Q1-b: For Cisco Switch 1, what MAC address is used, standard, or Cisco?
r
____________________________________________________________________
Fo
____________________________________________________________________
____________________________________________________________________
Q1-c: Are the BPDUs that Cisco Switch 1 sends out tagged or untagged?
____________________________________________________________________
____________________________________________________________________
____________________________________________________________________
Rev. 11.12 5 – 11
HP Networking Interoperability
Q2-a: For Cisco Switch 2, what types of BPDUs are sent? (Choose from STP, RSTP,
MSTP, PVST+, Rapid PVST+)____________________________________________
____________________________________________________________________
____________________________________________________________________
____________________________________________________________________
____________________________________________________________________
y
Q2-b: For Cisco Switch 2, what MAC address is used, standard, or Cisco?
nl
____________________________________________________________________
O
Se
____________________________________________________________________
lU
____________________________________________________________________
a
rn
____________________________________________________________________
te
____________________________________________________________________
In
P
Q2-c: Are the BPDUs that Cisco Switch 2 sends out tagged or untagged?
H
____________________________________________________________________
r
Fo
____________________________________________________________________
____________________________________________________________________
____________________________________________________________________
____________________________________________________________________
5 – 12 Rev. 11.12
Interoperability Among PVST+, Rapid PVST+, and MSTP
Spanning tree BPDUs—Quiz 2
For each received BPDU and for each switch config, specify if the switch will:
1 Inspect it 2)
1) 2 Drop it 3)
3 Forward it
1- Cisco Switch
What BPDUs will the switch send on the same port? PVST+ Enabled
Trunk Allowed VLANs:
A BPDU type: PVST+ MAC @: Cisco Tagged VLAN 10 10,20,30
Native VLAN 1
2- Cisco Switch
B BPDU type: RPVST+ MAC @: Cisco Untagged Rapid PVST+ Enabled
Trunk Allowed VLANs:
1,10,20,30
C BPDU type: STP MAC @: Std Untagged Native VLAN 10
3- HP Switch
D BPDU type: RSTP MAC @: Std Untagged
MSTP enabled
Trunk all VLANs allowed
y
E BPDU type: MSTP MAC @: Std
nl
4- HP Switch
Untagged
RSTP enabled
O
Access in VLAN 10
Figure 5-7: Spanning tree BPDUs—Quiz 2
Se
Your goal for this activity is to learn standard and proprietary BPDUs are handled by
lU
Cisco and HP switches, preparing yourself for the interoperability scenarios that will
be presented later in this module.
a
Q1: For each BPDU in Figure 5-7, specify whether each switch will inspect, drop, or
rn
forward a received BPDU of that type. When you are finished, you should have a
te
total of 20 answers, but your instructor might assign you and your group to a
particular set of answers.
In
The table on the next page provides a space to enter your answers.
P
r H
Fo
Rev. 11.12 5 – 13
HP Networking Interoperability
Spanning tree BPDUs—Quiz 2
BPDU Cisco switch 1 Cisco switch 2 HP switch 3 HP switch 4
A
y
nl
C
O
Se
a lU
D
rn
te
In
P
H
E
r
Fo
5 – 14 Rev. 11.12
Interoperability Among PVST+, Rapid PVST+, and MSTP
Which BPDUs are sent and interpreted?
Rapid PVST+ Rapid PVST+
Root in VLAN 1 Secondary root in
VLAN 1
Trunk U1, T11, T12, T13
Cisco A Cisco B
RSTP BPDU What BPDUs are sent by
PVST+ BPDUs for
for VLAN 1 the Cisco switch and by the
VLAN 11, 12, 13
HP switch?
What is the effect of an
RSTP BPDU being sent to
HP C?
Uplink 1 Uplink 2
HP C
Are the PVST+ BPDUs
PVST+ BPDUs
MSTP transmitted by HP C ?
MSTP BPDUs
y
Compatible
RSTP BPDUs
nl
Figure 5-8: Which BPDUs are sent and interpreted?
O
Now you will see how interactivity between Cisco and HP switches affects port state.
Se
Here are some questions to consider:
lU
Q1: What BPDUs are sent by the Cisco switch and by the HP switch?
_________________________________________________________________
a
rn
_________________________________________________________________
te
In
_________________________________________________________________
P
Q2: What is the effect of an RSTP BPDU being sent to HP C?
H
_________________________________________________________________
r
Fo
_________________________________________________________________
_________________________________________________________________
Q3: Are the PVST+ BPDUs transmitted by HP C?
_________________________________________________________________
_________________________________________________________________
_________________________________________________________________
Rev. 11.12 5 – 15
HP Networking Interoperability
Resulting topology
Rapid PVST+ Rapid PVST+
Root in VLAN 1 Secondary root in
VLAN 1
Trunk U1, T11, T12, T13
Cisco A Cisco B
RSTP BPDU
PVST+ BPDUs for
for VLAN 1
This port is blocked in response
VLAN 11, 12, 13 to BPDUs in VLAN 1.
The PVST+ BPDU could have
been transmitted by HP C.
But they are blocked because the
HP C
port is physically blocked.
MSTP PVST+ BPDUs
MSTP BPDUs
y
Compatible
RSTP BPDUs
nl
Figure 5-9: Resulting topology
O
This is the final topology resulting from the switches’ configuration. Note that:
Se
The HP C switch sends MSTP BPDUs, and the Cisco switches send RSTP BPDUs,
but this does not cause an issue. The Cisco and HP switches establish a topology
lU
as if they were communicating using RSTP.
a
On HP C, the switch port is physically blocked because the switches
rn
communicate in the CST, which has a single instance.
te
In
P
r H
Fo
5 – 16 Rev. 11.12
Interoperability Among PVST+, Rapid PVST+, and MSTP
STP—Port cost differences
STP, PVST & PVST & Rapid PVST
Port Cost RSTP/MSTP Rapid PVST with path cost
Default method long
Fast Ethernet 200 000 19 200 000
Gigabit 20 000 4 20 000
10 Gigabit 2 000 2 2 000
spanning-tree
Default to 802.1t- Default to 802.1D-
y
Enabling pathcost method
2001 standard* 1998 standard
nl
long
* On the HP A-Series, the “stp pathcost-standard dot1t” command is required
O
Figure 5-10: STP—Port cost differences
Se
STP and PVST+, as well as Rapid PVST+, use the 19/4/2 cost values defined by the
802.1D-1998 standard. RSTP and MSTP use the 802.1t-2001 standard. However, you
lU
can configure Cisco switches implementing PVST+/Rapid PVST+ (IOS 12.1 and later)
to use the long option (spanning-tree pathcost method long command).
a
rn
As you learned in the previous module, on the HP A-Series, the default type for path
cost is “legacy,” which is proprietary. In legacy mode, the port calculation is:
te
Fast Ethernet = 200
In
Gigabit = 20
P
10 Gig =2
H
To set the path costs to the 802.1t-2001 standard, on HP A-Series switches, enter the
r
global command stp pathcost-standard dot1t.
Fo
When you are configuring Rapid PVST+ and RSTP/MSTP to interoperate, it is
recommended to use the 200 000/20 000/2 000 values on each switch (long
option on the Cisco switches, dot1t option on the HP A-Series switches, default
setting on HP E-Series switches). Using the standard values ensures a more logical
topology. If an HP A-Series switch is at the access layer, the legacy value may move
the alternate port, which is typically set on the edge side, to the secondary root side.
Several scenarios later in this module review some of the issues raised by cost
differences.
Rev. 11.12 5 – 17
HP Networking Interoperability
PVST+ quiz
Q1: What is the cost of a gigabit link in PVST+?
_________________________________________________________________
_________________________________________________________________
_________________________________________________________________
_________________________________________________________________
_________________________________________________________________
y
nl
O
Q2: Why does Cisco recommend not allowing all VLANs on a trunk port when
running PVST+?
Se
_________________________________________________________________
lU
_________________________________________________________________
a
rn
_________________________________________________________________
te
_________________________________________________________________
In
P
_________________________________________________________________
r H
Q3: Does Rapid PVST+ implement the “uplinkfast,” or “backbonefast,” Cisco’s fast
Fo
STP feature?
_________________________________________________________________
_________________________________________________________________
_________________________________________________________________
_________________________________________________________________
_________________________________________________________________
5 – 18 Rev. 11.12
Interoperability Among PVST+, Rapid PVST+, and MSTP
Cisco and HP scenario 1
Now that you have learned about the basics of interoperability between PVST+,
Rapid PVST+ and MSTP, you will be introduced to a practical scenario that will help
you put your theoretical knowledge into practice in the field. In this scenario, HP
switches are in edge, and Cisco switches are in aggregation.
y
nl
O
Se
a lU
rn
te
In
P
r H
Fo
Rev. 11.12 5 – 19
HP Networking Interoperability
PVST+/STP interoperability—Scenario 1
Cisco switch runs PVST+ or Rapid PVST+
Can you say what the resulting
Root for Backup root for
VLANs 1, 11, 12, 13 VLANs 1, 11, 12, 13
topologies are in all VLANs?
Cisco A Cisco B
blocked port
HP C
HP switch runs MSTP
y
nl
Figure 5-11:PVST+/STP interoperability—Scenario 1
O
This scenario illustrates the insertion of an HP switch at the edge of an existing Cisco
Se
network.
Cisco switches are running PVST+ or Rapid PVST+.
lU
Cisco A is the root for all VLANS.
a
Cisco B is the secondary root for all VLANs.
rn
HP Switches are running MSTP.
te
What topology is established in this scenario? (The next page presents the answer.)
In
P
r H
Fo
5 – 20 Rev. 11.12
Interoperability Among PVST+, Rapid PVST+, and MSTP
Scenario 1—VLAN topologies
Topology for VLAN 1 Physical topology for VLANs 11, 12, 13
Root
for VLAN 1 Root for
VLANs 11, 12, 13
Cisco B Cisco B
Cisco A
Cisco A
Port is physically
blocked PVST+ BPDUs are
not transmitted
HP C HP C
PVST+ topology in VLANs 11, 12, 13
PVST+ BPDUs for all VLANs except VLAN 1
y
MSTP BPDUs
nl
Compatible
RSTP BPDUs
O
Figure 5-12: Scenario 1—VLAN topologies
Se
In VLAN 1, Cisco switches and the HP switch interact in RSTP or STP (the HP switch
lU
sends MSTP BPDUs, which are backward compatible with RSTP and STP). The
resulting topology is as shown in Figure 5-12. Note that on the HP access switch, the
blocked port is “physically” blocked. In other words, traffic for all VLANs is blocked
a
on the port.
rn
In other VLANs, PVST+ or Rapid PVST+ BPDUs, which use a Cisco multicast MAC
te
address, are forwarded by the HP switch, which does not examine their content but
In
treats them like any other frame. However, because the HP switch blocks one uplink,
the PVST+ BPDUs from one Cisco switch do not reach the other. From the viewpoint
P
of PVST+, Cisco A and B can only reach each other on the direct connection.
H
Here are some things to consider with this topology:
r
Fo
Even if the root and secondary root or set up to provide load balancing between
VLANs, the blocked port on HP C is the same for all VLANs.
You might be implementing HSRP such that the primary router for each VLAN
matches the root bridge for that VLAN. However, the HP switch blocks the same
link for all VLANs. Traffic that needs to be routed in the VLANs for which Cisco
B is the default router will have to cross the link between Cisco A and Cisco B.
This configuration is not as efficient as it could be, but it has no other
adverse consequences as long the link between Cisco A and B is able to
support the additional traffic load.
Rev. 11.12 5 – 21
HP Networking Interoperability
Considering STP port cost differences
Default values With the Cisco path cost method set to long
PVST+ PVST+ PVST+ PVST+
ROOT in VLAN 1 2ry ROOT in VLAN 1 ROOT in VLAN 1 2ry ROOT in VLAN 1
4 4
20 000 20 000
Gigabit
4 4
Cisco B 20 000 20 000 Cisco B
Cisco A Cisco A
20 000 20 000
20 000 20 000
Uplink 1 Uplink 2
Uplink 1 Uplink 2
HP C HP C
y
Is the actual topology as it is
nl
shown here? Does this change the topology?
O
Figure 5-13: Considering STP port cost differences
Se
Here, the Gigabit cost is 20 000 on HP C and 4 on Cisco switches that run PVST+.
Q1: The picture shows the desired topology. Is the actual topology the desired one?
lU
_________________________________________________________________
a
rn
_________________________________________________________________
te
In
_________________________________________________________________
P
_________________________________________________________________
r H
_________________________________________________________________
Fo
Q2: Does this change the topology?
_________________________________________________________________
_________________________________________________________________
_________________________________________________________________
_________________________________________________________________
_________________________________________________________________
5 – 22 Rev. 11.12
Interoperability Among PVST+, Rapid PVST+, and MSTP
Considering STP port cost differences (cont.)
Cisco path cost method LONG Identify the root port and blocked
ports for B, C, and D.
Root
RP Cisco B
for VLAN 1 What do you conclude?
20 000 A-20 000
Cisco A
B- 20 000
C-20 000
20 000
RP
Take care when enabling path
D-4
RP G-20 000 cost method long on Cisco
E-4 F-20 000 aggregation switches.
Cisco C HP D It may impact the topology on
Cisco path cost other Cisco access switches.
y
method SHORT Legend:
nl
Port name-cost value
E.g. G-20 000
O
Figure 5-14: Considering STP port cost differences (cont.)
Se
What happens if you configure the Cisco switches to use the long path cost method,
which matches the HP switch’s MSTP/RSTP cost values? Are there consequences for
lU
Cisco switches already in the access layer?
Q1: Identify the root port and blocked ports for switches B, C, and D.
a
rn
_________________________________________________________________
te
_________________________________________________________________
In
P
_________________________________________________________________
H
_________________________________________________________________
r
Fo
Q2: What do you conclude?
_________________________________________________________________
_________________________________________________________________
_________________________________________________________________
_________________________________________________________________
_________________________________________________________________
Rev. 11.12 5 – 23
HP Networking Interoperability
Cisco and HP scenario 1: Cisco switch
configurations
Cisco A configuration Backup root
Root
for VLANs for VLANs
spanning-tree mode rapid-pvst 1, 11, 12, 13 1, 11, 12, 13
spanning-tree
spanning-tree
extend system-id
path cost method long
Rapid-PVST+
spanning-tree vlan 1-4094 priority 0
po1 po1
interface GigabitEthernet1/1 gig1/1 gig1/1 Cisco B
Cisco A
switchport mode trunk
switchport trunk allowed vlan 1,11-13
Cisco B configuration
y
spanning-tree mode rapid-pvst Blocked port
spanning-tree extend system-id HP C
nl
spanning-tree path cost method long
spanning-tree vlan 1-4094 priority 4096
STP, RSTP,
O
or MSTP
Se
Figure 5-15: Cisco and HP scenario 1: Cisco switch configurations
Your facilitator will not spend much time explaining configurations right now. This
lU
slide is here for your reference. You will have the opportunity to explore the
commands more thoroughly in this module’s lab.
a
rn
te
In
P
r H
Fo
5 – 24 Rev. 11.12
Interoperability Among PVST+, Rapid PVST+, and MSTP
Cisco and HP scenario 1: HP A-Series switch
configuration
Root Backup root
for VLANs for VLANs
HP C configuration 1, 11, 12, 13 1, 11, 12, 13
Rapid-PVST+
stp region-configuration
region-name PCU1 po1 po1
revision-level 1
Cisco gig1/1 gig1/1 Cisco
instance 1 vlan 1 11 B
A
instance 2 vlan 12 to 13
active region-configuration
quit
port-group manual edge-1 Blocked por
group-member Gi 1/0/1 to Gi 1/0/44
stp edged-port enable Gi 1/0/47 Gi 1/0/48
MSTP
quit
HP A-Series C
y
stp enable
nl
Gi 1/0/1-44
Is the MSTP region configuration required?
O
Under what circumstances, would you
configure these settings?
Se
Figure 5-16: Cisco and HP scenario 1: HP A-Series switch configuration
lU
Q1: Is the MSTP region configuration required?
_________________________________________________________________
a
rn
_________________________________________________________________
te
In
_________________________________________________________________
P
H
_________________________________________________________________
r
Fo
_________________________________________________________________
Q2: Under what circumstances, would you configure the MSTP region settings?
_________________________________________________________________
_________________________________________________________________
_________________________________________________________________
_________________________________________________________________
_________________________________________________________________
Rev. 11.12 5 – 25
HP Networking Interoperability
Cisco and HP scenario 1: HP E-Series switch
configuration
Root Backup root
for VLANs for VLANs
HP C configuration 1, 11, 12, 13 1, 11, 12, 13
Rapid-PVST+
spanning-tree
spanning-tree 1-44 admin-edge-port
Cisco A Cisco B
Blocked port
In the latest versions of current E-Series 47 48
software, MSTP is default.
With these configurations, what is the region HP C
MSTP
y
name?
nl
1 - 44
O
Figure 5-17: Cisco-HP scenario 1: HP E-Series switch configuration
Se
Q1: With these configurations, what is the region name?
lU
_________________________________________________________________
a
rn
_________________________________________________________________
te
_________________________________________________________________
In
P
_________________________________________________________________
H
_________________________________________________________________
r
Fo
_________________________________________________________________
_________________________________________________________________
5 – 26 Rev. 11.12
Interoperability Among PVST+, Rapid PVST+, and MSTP
Cisco and HP scenario 2
Now you will learn about another practical interoperability scenario. This scenario
introduces load balancing. HP switches are at the access layer, and the Cisco
switches are in aggregation layer with load balancing enabled between them.
y
nl
O
Se
a lU
rn
te
In
P
r H
Fo
Rev. 11.12 5 – 27
HP Networking Interoperability
PVST+/STP interoperability—Scenario 2
PVST+ or Rapid-PVST+
Root and HSRP master Root and HSRP master
for VLANs 1, 11 for VLANs 12, 13 Does traffic from Cisco C
Backup root and HSRP standby Backup root and HSRP standby
for VLANs 12, 13 for VLANs 1, 11
experience the PVST+ load
balancing effect?
Does traffic from HP Switch D
Cisco B
Cisco A experience this effect?
Can you obtain load balancing
Blocked port for HP D?
Cisco C HP D
PVST+ or Rapid-PVST+ MSTP
y
nl
Figure 5-18: PVST+/STP interoperability—Scenario 2
O
In Scenario 2, you implement the load balancing that is already in effect in many
Cisco networks for the HP to Cisco links.
Se
Q1: Does traffic from Cisco C experience the PVST+ load balancing effect on uplinks
lU
to the aggregation layer?
_________________________________________________________________
a
rn
_________________________________________________________________
te
In
_________________________________________________________________
P
Q2: Does traffic from HP Switch D experience this effect?
H
_________________________________________________________________
r
Fo
_________________________________________________________________
_________________________________________________________________
Q3: Can you obtain load balancing for HP D?
_________________________________________________________________
_________________________________________________________________
_________________________________________________________________
5 – 28 Rev. 11.12
Interoperability Among PVST+, Rapid PVST+, and MSTP
Scenario 2—VLAN topologies
If blocked port in VLAN 1 is here Then PVST+ BPDUs are transmitted by the HP switch
root root for
for VLAN 1 root for
VLANs 12 VLANs 11,13
Cisco A Cisco B Cisco B
Cisco A
blocked port
PVST+ BPDUs are
transmitted
HP C HP C
Topology in VLAN 1
Topology in VLANs 11, 12, 13
y
nl
MSTP BPDUs Compatible
STP or RSTP BPDUs Cisco PVST+ BPDUs for all VLANs except 1
O
Figure 5-19: Scenario 2—VLAN topologies
Se
In scenario 1, the MSTP/RSTP edge switch did not forward PVST+ BPDUs because
one uplink was physically blocked.
lU
In this scenario, you will change the configuration so that the blocked port is on the
secondary root instead of the HP switch at the access layer. This topology permits the
a
forwarding of PVST+ BPDUs to the Cisco switch as shown in the figure. From the
rn
Cisco switches’ point of view, it seems that the two core switches are connected by a
te
direct cable. Thus the secondary root for each VLAN blocks the link, causing different
In
links to be active for different VLANs.
P
r H
Fo
Rev. 11.12 5 – 29
HP Networking Interoperability
What setup is required in VLAN 1?
30 000
root 3 or 10 000 backup root
Cisco A Cisco B
po1 po1
gig1/1 gig1/1 1) On Cisco B, what can you do
to block port gig1/1 in VLAN 1?
47 48
2) What can you do on HP C HP C
to block that port on Cisco B?
1 - 44
y
nl
What are the pros and cons of each solution?
O
Figure 5-20: What setup is required in VLAN 1?
Se
How do you configure the switches so that the ports on the secondary root switches
are blocked? You must configure the VLAN 1 topology so that secondary root switch
lU
for VLAN 1 (Cisco B) blocks the port that connects to HP C. Therefore, the root path
cost of Cisco B must be higher than the root path cost of HP C.
a
rn
One way to configure the desired root path cost is to increase the path cost of Cisco
B to the root (on PO1) in VLAN 1. The second way is to reduce the path cost on the
te
link between HP C and Cisco A.
In
Q1: On Cisco B, what can you do to block port gig1/1 on VLAN 1?
P
_________________________________________________________________
H
_________________________________________________________________
r
Fo
_________________________________________________________________
Q2: What can you do on HP C to block the same port on Cisco B?
_________________________________________________________________
_________________________________________________________________
_________________________________________________________________
5 – 30 Rev. 11.12
Interoperability Among PVST+, Rapid PVST+, and MSTP
Cisco view in other VLANs
On Cisco B, which port is
10 000* the root port in VLANs 11,13
root 20 000* backup root if po1 cost is 20000?
Cisco A Cisco B
po1 po1 If all path costs are
gig1/1 gig1/1
equal, then the lowest
port ID is selected.
How do you ensure
po1 is the root port?
20 000**
Decrease the cost for the
port channel.
y
nl
*These values are for the long path cost method.
*The default po1 cost is 10000.
O
Figure 5-21: Cisco view in other VLANs
Se
Now that the blocked port has moved from HP C to Cisco B, HP C will forward Cisco
PVST+ BPDUs. From the PVST+ or Rapid PVST+ point of view, the two aggregation
lU
switches seem to be connected together. Consequently, ports that lead to HP switches
may become the root port for the Cisco switches in various VLANs, blocking the
a
higher-bandwidth link aggregation between the two Cisco switches.
rn
Q1: On Cisco B, what is the root port in VLANs 11 and13 if the cost is 20000?
te
_________________________________________________________________
In
_________________________________________________________________
P
H
_________________________________________________________________
r
Fo
_________________________________________________________________
Q2: How do you ensure that po1 is selected as the root port?
_________________________________________________________________
_________________________________________________________________
_________________________________________________________________
_________________________________________________________________
Rev. 11.12 5 – 31
HP Networking Interoperability
Cisco and HP scenario 2: Cisco switch
configurations
root for root for
Cisco A VLANs 1, 12 VLANs 11, 13
Cisco A configuration Rapid-PVST+
spanning-tree mode rapid-pvst
spanning-tree extend system-id po1 po1
spanning-tree path cost method long Cisco B
gig1/1 gig1/1
spanning-tree vlan 1,12 priority 0
spanning-tree vlan 11,13 priority 4096
interface po 1
spanning-tree vlan 1 cost 30000
blocked for blocked for
spanning-tree vlan 11-13 cost 10000 VLANs 1, 12
VLANs 11, 13
Cisco B configuration 48
47
spanning-tree mode rapid-pvst
spanning-tree extend system-id HP C STP, RSTP,
spanning-tree path cost method long or MSTP
y
spanning-tree vlan 1,12 priority 4096 1 - 44
nl
spanning-tree vlan 11,13 priority 0
interface po 1
O
spanning-tree vlan 1 cost 30000 What is the setup for
spanning-tree vlan 11-13 cost 10000
HP C?
Se
Figure 5-22: Cisco and HP scenario 2: Cisco switch configurations
Pay attention to the cost configured for po1 on Cisco A and B in various VLANs. In
lU
VLAN 1, the cost is increased to 30000, and in other VLANs it is decreased to
10000. (If the Cisco switches were not using the long path cost method, the values
a
would be 5 and 3.) These configurations ensure that the proper ports forward and
rn
block traffic in each VLAN to implement load balancing and efficient use of the
te
connections.
In
Q1: What is the setup for HP C?
_________________________________________________________________
P
H
_________________________________________________________________
r
Fo
_________________________________________________________________
_________________________________________________________________
_________________________________________________________________
_________________________________________________________________
5 – 32 Rev. 11.12
Interoperability Among PVST+, Rapid PVST+, and MSTP
What about other Cisco switches in the access
layer?
Root for Root for
VLANs 1,12 VLANs 11,13
10 000
Cisco B
Cisco A
Cisco C HP D
If Cisco C implements PVST+ uplinkfast, what is the
y
drawback of this setup?
nl
What do you suggest to resolve the problem?
If Cisco C implements Rapid PVST+, do the setup
O
requirements change?
Se
Figure 5-23: What about other Cisco switches in the access layer?
The goal of this page is to point out a drawback of the previous setup when there are
lU
also Cisco switches at the edge implementing PVST+ uplinkfast. This feature requires
one uplink (the root port) to be up, and the other one (the alternate port) to be
a
blocked for fast convergence.
rn
Q1: If Cisco C implements PVST+ uplinkfast, what is the drawback of the setup
te
illustrated in the slide?
In
_________________________________________________________________
P
H
_________________________________________________________________
r
Fo
Q2: What setup do you suggest to resolve this issue?
_________________________________________________________________
_________________________________________________________________
Q3: If Cisco C implements Rapid PVST+, do the setup requirements change?
_________________________________________________________________
_________________________________________________________________
_________________________________________________________________
Rev. 11.12 5 – 33
HP Networking Interoperability
What is the purpose of load balancing?
Name some good reasons to set up load balancing
• Better use of uplink bandwidth
• Load sharing of traffic on aggregation devices
Name some reasons not to set up load balancing
• Complexity
• Asymmetric routing causing excessive unicast flooding
Suggestions for load balancing traffic include:
• Send data traffic on one uplink and VoIP and video on another
• In a data center, send data traffic on one uplink and backup traffic on
another
y
nl
Figure 5-24: What is the purpose of load balancing?
O
Q1: Name some good reasons to set up load balancing.
Se
_________________________________________________________________
lU
_________________________________________________________________
a
_________________________________________________________________
rn
te
_________________________________________________________________
In
P
_________________________________________________________________
H
_________________________________________________________________
r
Fo
_________________________________________________________________
_________________________________________________________________
_________________________________________________________________
_________________________________________________________________
5 – 34 Rev. 11.12
Interoperability Among PVST+, Rapid PVST+, and MSTP
Q2: What might be some reasons to not set up load balancing?
_________________________________________________________________
_________________________________________________________________
_________________________________________________________________
_________________________________________________________________
_________________________________________________________________
y
_________________________________________________________________
nl
O
_________________________________________________________________
Se
_________________________________________________________________
lU
_________________________________________________________________
a
rn
_________________________________________________________________
te
In
_________________________________________________________________
P
_________________________________________________________________
r H
_________________________________________________________________
Fo
_________________________________________________________________
_________________________________________________________________
_________________________________________________________________
_________________________________________________________________
_________________________________________________________________
Rev. 11.12 5 – 35
HP Networking Interoperability
Lab 5.1: PVST+/MSTP interoperability
Root Root
For VLANs 1,11,13 for VLANs 12
Rapid-PVST+
P1 P1
Cisco-A Cisco-B
P4 P3
P3 P4
MSTP Region
P1 P2 Name: HP-Cisco
P2 P1 Revision: 1
HP-C HP-E
MSTP MST Instance 1: VLAN 12
P3 P3 MST Instance 2: VLAN 1,11,13
y
nl
Server_1 Client_1
O
Figure 5-25: Lab 5.1: PVST+/MSTP interoperability
You will now complete Lab 5.1: Configuring PVST+/MSTP interoperability, in which
Se
you practice configuring the scenarios covered in this module. Use the space below
to record any instructions your facilitator gives you for this lab.
lU
________________________________________________________________________
a
rn
________________________________________________________________________
te
In
________________________________________________________________________
P
________________________________________________________________________
r H
________________________________________________________________________
Fo
________________________________________________________________________
________________________________________________________________________
________________________________________________________________________
________________________________________________________________________
________________________________________________________________________
5 – 36 Rev. 11.12
Interoperability Among PVST+, Rapid PVST+, and MSTP
Lab debrief
– What did you find challenging?
– What do you think is the most important thing you learned
about PVST+-MSTP interoperability?
– Of what you learned in the lab, what will be the most useful
for you in the field?
Figure 5-26: Lab debrief
Record your thoughts about the lab here.
_________________________________________________________________
y
nl
_________________________________________________________________
O
Se
_________________________________________________________________
lU
_________________________________________________________________
a
_________________________________________________________________
rn
te
_________________________________________________________________
In
_________________________________________________________________
P
H
_________________________________________________________________
r
Fo
_________________________________________________________________
_________________________________________________________________
_________________________________________________________________
Rev. 11.12 5 – 37
HP Networking Interoperability
Cisco and HP scenario 3
This is the final scenario in this module. In this scenario, Cisco switches are at the
access layer and HP switches are at the aggregation layer.
y
nl
O
Se
a lU
rn
te
In
P
r H
Fo
5 – 38 Rev. 11.12
Interoperability Among PVST+, Rapid PVST+, and MSTP
HP in aggregation—Scenario 3
How would you manage these
redundant connections?
HP A IRF HP B What are your
recommendations for setting up
IRF?
Link-
aggregation
HP A Cisco in access
Cisco C Cisco D
Prefer IRF to STP based solutions
y
nl
Figure 5-27: HP in aggregation—Scenario 3
O
Q1: How would you manage the redundant connections in this scenario?
Se
_________________________________________________________________
lU
_________________________________________________________________
a
_________________________________________________________________
rn
te
_________________________________________________________________
In
_________________________________________________________________
P
H
Q2: What are your recommendations for setting up IRF?
r
Fo
_________________________________________________________________
_________________________________________________________________
_________________________________________________________________
_________________________________________________________________
_________________________________________________________________
Rev. 11.12 5 – 39
HP Networking Interoperability
HP in aggregation—Scenario 3 (cont.)
Cisco E Cisco F
Cisco in core
• Both the access and core layers
can use link aggregations to
connect to the IRF in the
HP in aggregation aggregation layer.
• Thus you create a redundant
network without an STP
IRF HP B requirement.
HP A
Link-
aggregation
Cisco in access
y
Cisco C Cisco D
nl
Figure 5-28: HP in aggregation—Scenario 3 (cont.)
O
This slide shows a core layer. Note that both access and core switches can use link
Se
aggregation to connect to the two switches that compose the IRF. In this way, you can
create a redundant network without implementing STP of any type.
a lU
rn
te
In
P
r H
Fo
5 – 40 Rev. 11.12
Interoperability Among PVST+, Rapid PVST+, and MSTP
HP in aggregation—Scenario 3: With MSTP and
PVST+
Which BPDUs are sent and
VLAN 1
received by Cisco switches in
HP in aggregation VLAN 1?
MSTP
Root Secondary root
Which BPDUs are sent and
received by HP switches?
HP A HP B
If HP A and B are root and
secondary root in the CST, what
are the root port and alternate
1
2 1 2
2 ports in VLAN1 on Cisco switches?
1
What happens if the long path cost
y
Cisco C
Cisco D Cisco E method is not enabled?
nl
Cisco in access
PVST+ BPDUs
O
Rapid PVST+ —path cost method long MSTP BPDUs
Compatible
RSTP BPDUs
Se
Figure 5-29: HP in aggregation—Scenario 3: With MSTP and PVST+
lU
Examine the scenario. Assume that in this network VLAN 1 is allowed on uplinks so
Cisco switches can send and receive standard BPDUs.
a
Q1: Which BPDUs are sent and received by Cisco switches in VLAN 1?
rn
_________________________________________________________________
te
In
_________________________________________________________________
P
H
_________________________________________________________________
r
Fo
_________________________________________________________________
Q2: Which BPDUs are sent and received by the HP switches?
_________________________________________________________________
_________________________________________________________________
_________________________________________________________________
_________________________________________________________________
Rev. 11.12 5 – 41
HP Networking Interoperability
Q3: If HP switches A and B are the roots in the CST, what are the root port and
alternate ports in VLAN 1 on Cisco switches?
_________________________________________________________________
_________________________________________________________________
_________________________________________________________________
_________________________________________________________________
_________________________________________________________________
y
nl
_________________________________________________________________
O
Q4: What happens if the long path cost method is not enabled?
Se
_________________________________________________________________
lU
_________________________________________________________________
a
rn
_________________________________________________________________
te
In
_________________________________________________________________
P
_________________________________________________________________
r H
_________________________________________________________________
Fo
5 – 42 Rev. 11.12
Interoperability Among PVST+, Rapid PVST+, and MSTP
HP in aggregation—Scenario 3: With MSTP and
PVST+ (cont.)
Which BPDUs are sent and received
Other VLANs
by Cisco switches in other VLANs?
HP in aggregation
MSTP How do HP switches handle the
PVST+ BPDUs?
HP A HP B
If Cisco C has the lowest bridge ID,
what will the topology be in the
other VLANs from the Cisco
switches’ point of view?
1 2
2 1 2
1 For PVST+, the HP switches
do not exist. They are seen
y
Cisco C as a hub.
nl
Cisco D Cisco E
PVST+ BPDUs
Cisco in access
O
MSTP BPDUs
Rapid PVST+ —path-cost method long RSTP BPDUs
Compatible
Se
Figure 5-30: HP in aggregation—Scenario 3: With MSTP and PVST+ (cont.)
lU
Q1: Which BPDUs are sent and received by Cisco switches in other VLANs?
_________________________________________________________________
a
rn
_________________________________________________________________
te
In
_________________________________________________________________
P
_________________________________________________________________
r H
Fo
_________________________________________________________________
_________________________________________________________________
Q2: How do the HP switches handle the PVST+ BPDUs?
_________________________________________________________________
_________________________________________________________________
_________________________________________________________________
_________________________________________________________________
Rev. 11.12 5 – 43
HP Networking Interoperability
_________________________________________________________________
_________________________________________________________________
_________________________________________________________________
_________________________________________________________________
Q3: Having exchanged these BPDUs, what topology do the switches create? Assume
that the Cisco switches are using their default priorities and that Cisco C has the
lowest MAC address.
_________________________________________________________________
y
nl
_________________________________________________________________
O
Se
_________________________________________________________________
lU
_________________________________________________________________
a
rn
_________________________________________________________________
te
_________________________________________________________________
In
P
_________________________________________________________________
H
_________________________________________________________________
r
Fo
_________________________________________________________________
_________________________________________________________________
5 – 44 Rev. 11.12
Interoperability Among PVST+, Rapid PVST+, and MSTP
HP in aggregation—Scenario 3: Configuration
HP in aggregation HP B
HP A
!Cisco Access configuration: MSTP
spanning-tree mode rapid-pvst
spanning-tree extend system-id
spanning-tree path cost method long
! Set Cisco B as the root of other VLANs
spanning-tree vlan 2-6 priority 0
!To get a load balancing effect per VLAN,
different cost are set on uplinks 1 2
2 1 2
interface GigabitEthernet2/1 1
spanning-tree vlan 1-3 cost 10000
spanning-tree vlan 4-6 cost 30000
Cisco C Cisco D Cisco E
interface GigabitEthernet2/2
spanning-tree vlan 1-3 cost 30000 Root in all VLANs
spanning-tree vlan 4-6 cost 10000 except 1
Rapid PVST+
y
In VLANs 1-3
nl
In VLANS 4-6
O
Figure 5-31: HP in aggregation—Scenario 3: Configuration
The commands shown in the slide configure Cisco C for the scenario introduced in
Se
the previous slides. The commands would be similar for the other Cisco switches;
however, you would not change their priorities, or you would assign these switches
lU
different priorities.
a
The slide shows how you can set the path costs so that the switch load balances
rn
traffic over its two links rather that always selects the port with the lower ID:
te
Set the port cost to 10000 to have the uplink port become the root port (or
designated port on the root bridge).
In
Set the port cost to 30000 to have the uplink port become the alternate port.
P
Alternate which ports are set to 10000 and which are set to 30000 in different
H
VLANs.
r
This slide does not show the configuration for the HP switches, which are
Fo
implementing MSTP. Within the MSTP region, HP A is root bridge and VRRP master
on VLANs 1 to 3, and HP B is root bridge and VRRP master on VLANs 4 to 6. You
have seen similar configurations in other scenarios.
Rev. 11.12 5 – 45
HP Networking Interoperability
Lab 5.2: PVST+/MSTP interoperability: HP at the
aggregation layer (Optional)
MSTP MSTP region
Name: HP-Cisco
HP C HP D Revision: 1
A-Series A-Series MST instance 1: VLAN 12
MST instance 2: VLANs 1, 11, 13
IP addressing
10.1.VLAN.X/24
•X=1 on Cisco A
•X=2 on Cisco B
•X=254 for Virtual IP
•X=3 on HP C
•X=4 on HP D
y
Rapid-PVST+
nl
Cisco A Cisco B
O
Figure 5-32: Lab 5.2: PVST+/MSTP interoperability: HP at the aggregation layer (Optional)
Se
In this lab, you practice configuring a scenario like the one that you have just
lU
examined. You will configure a network with HP A-Series switches at the aggregation
layer, implementing MSTP, and Cisco switches at the edge, implementing Rapid
a
PVST+.
rn
Use the space below to record any instructions your facilitator gives you for this lab.
te
________________________________________________________________________
In
________________________________________________________________________
P
H
________________________________________________________________________
r
Fo
________________________________________________________________________
________________________________________________________________________
________________________________________________________________________
________________________________________________________________________
________________________________________________________________________
________________________________________________________________________
5 – 46 Rev. 11.12
Interoperability Among PVST+, Rapid PVST+, and MSTP
Lab debrief
– What key things did you learn about configuring MSTP with
HP switches at the aggregation layer and Cisco at the
edge?
– What were your greatedst challenges?
– If you had to apply such a design at a customer site, what
to-do list would you create?
Figure 5-33: Lab debrief
Record your thoughts about the lab here.
y
_________________________________________________________________
nl
O
_________________________________________________________________
Se
_________________________________________________________________
lU
_________________________________________________________________
a
rn
_________________________________________________________________
te
In
_________________________________________________________________
P
_________________________________________________________________
r H
_________________________________________________________________
Fo
_________________________________________________________________
_________________________________________________________________
Rev. 11.12 5 – 47
HP Networking Interoperability
Module 5 summary
– PVST+ or Rapid PVST+ do interoperate with standard STP
protocols. VLAN 1 setup is key.
– Load balancing can be obtained. This requires a careful
setup and understanding of the consequences.
– There are alternatives to enabling STP, such as disabling
STP, smart Link, and monitor link.
– Set your priorities between convergence speed, load-
balancing and ease of setup.
– Remember that a solution that is easy to set up is also easy
y
to maintain.
nl
Figure 5-34: Module 5 summary
O
In this module, you have been introduced to the concept of interoperability, and you
Se
reviewed three practical scenarios in which it was implemented. Record your
thoughts here while your facilitator reviews what was covered in this module.
lU
____________________________________________________________________
a
rn
____________________________________________________________________
te
____________________________________________________________________
In
P
____________________________________________________________________
H
____________________________________________________________________
r
Fo
____________________________________________________________________
____________________________________________________________________
____________________________________________________________________
____________________________________________________________________
____________________________________________________________________
5 – 48 Rev. 11.12
Interoperability Among PVST+, Rapid PVST+, and MSTP
Learning check
Q1: When does PVST+ interoperate with standard STP? And with RSTP? And with
MSTP?
____________________________________________________________________
____________________________________________________________________
____________________________________________________________________
____________________________________________________________________
y
nl
Q2: Does an HP switch “understand” (that is process and interpret) tagged PVST+
BPDUs? If not, does it drop them or forward them?
O
____________________________________________________________________
Se
____________________________________________________________________
lU
____________________________________________________________________
a
rn
____________________________________________________________________
te
In
Q3: What is the default cost value in PVST+ and Rapid-PVST+ for a Gigabit port?
P
____________________________________________________________________
r H
____________________________________________________________________
Fo
____________________________________________________________________
Q4: What STP protocol is a proprietary Cisco protocol based on 802.1w
mechanisms?
____________________________________________________________________
____________________________________________________________________
____________________________________________________________________
____________________________________________________________________
Rev. 11.12 5 – 49
HP Networking Interoperability
PAGE INTENTIONALLY LEFT BLANK
y
nl
O
Se
lU
a
rn
te
In
P
r H
Fo
5 – 50 Rev. 11.12
Redundancy Without STP
Module 6
Module 6 objectives
After completing this module, you will be able to:
Select and configure features to replace Spanning Tree Protocol (STP) in
redundant networks while maintaining interoperability
Disable STP on edge switches to integrate them into in a multivendor
environment
Configure smart link on HP A-Series switches
y
nl
Configure monitor link on HP A-Series switches
O
Se
a lU
rn
te
In
P
r H
Fo
Rev. 11.12 6 –1
HP Networking Interoperability
Reminder: With IRF, STP is unnecessary
IRF implemented on HP A-Series switches
at the aggregation layer
What are the key advantages of
using IRF for redundancy?
Why would you enable STP in
an IRF topology?
Link aggregation What setup would you
recommend?
Cisco switches at the edge
y
Figure 6-1: Reminder: With IRF, STP is unnecessary
nl
Q1: What are the key advantages of using IRF for redundancy?
O
___________________________________________________________________
Se
___________________________________________________________________
lU
___________________________________________________________________
a
rn
Q2: Why would you enable STP in an IRF topology?
te
___________________________________________________________________
In
P
___________________________________________________________________
H
___________________________________________________________________
r
Fo
___________________________________________________________________
Q3: What STP setup would you recommend?
___________________________________________________________________
___________________________________________________________________
___________________________________________________________________
___________________________________________________________________
6 –2 Rev. 11.12
Redundancy Without STP
Disabling STP on HP edge switches
The first section in this module introduces an unconventional method for integrating
Cisco and HP switches. Based on the title of this slide, do you have any misgivings?
Record your thoughts here. Once the lecture has started, feel free to ask questions
you may about disabling STP on HP edge switches.
NOTES
____________________________________________________________________
____________________________________________________________________
y
____________________________________________________________________
nl
O
____________________________________________________________________
Se
____________________________________________________________________
lU
____________________________________________________________________
a
rn
____________________________________________________________________
te
In
____________________________________________________________________
P
____________________________________________________________________
r H
Fo
____________________________________________________________________
____________________________________________________________________
____________________________________________________________________
____________________________________________________________________
____________________________________________________________________
____________________________________________________________________
Rev. 11.12 6 –3
HP Networking Interoperability
What happens when STP is disabled on the HP
edge switch?
– What happens to BPDUs sent by Cisco switches?
– What is the resulting topology?
Root Root for
for VLAN 1 Root for
VLAN 12 VLANs 11, 13
Cisco B Cisco B
Cisco A Cisco A
y
HP C HP C
nl
Standard BPDUs are transmitted by HP C. PVST BPDUs are transmitted by HP C.
O
STP or RSTP BPDUs Cisco PVST BPDUs for all VLANs except 1
Figure 6-2: What happens when STP is disabled on the HP edge switch?
Q1: What happens to BPDUs sent by Cisco switches?
Se
lU
____________________________________________________________________
a
rn
____________________________________________________________________
te
____________________________________________________________________
In
P
____________________________________________________________________
H
Q2: What is the resulting topology?
r
Fo
____________________________________________________________________
____________________________________________________________________
____________________________________________________________________
____________________________________________________________________
____________________________________________________________________
____________________________________________________________________
6 –4 Rev. 11.12
Redundancy Without STP
What happens when STP is disabled on the HP
edge switch? (cont.)
How do you make sure this
link is the root port?
Root Root for
for VLAN 1 Root for
VLAN 12 VLANs 11, 13
Cisco A Cisco B
Cisco A Cisco B
HP C
y
HP C
nl
Loop protection prevents local loops on edge ports and is
available on the HP E-Series only.
O
STP or RSTP BPDUs Cisco PVST BPDUs for all VLANs except 1
Se
Figure 6-3: What happens when STP is disabled on the HP edge switch? (cont.)
Just as in the “HP and Cisco Scenario 2” in Module 5: Interoperability Among
lU
PVST+, Rapid PVST+, and MSTP, several ports can now be the root port because
their cost maybe equal. Traffic between aggregation switches should be transmitted
a
on the direct link or link-aggregation between them, and you should avoid having
rn
this traffic transmitted on an edge switch. On HP C there is always a risk of a local
te
loop. Although you don’t want to enable STP on the edge switch, you can use loop
protection on an HP E-Series switch to prevent local loops.
In
Q1: How do you make sure the link between Cisco aggregation switches is the root
P
port?
H
_____________________________________________________________________
r
Fo
_____________________________________________________________________
_____________________________________________________________________
_____________________________________________________________________
_____________________________________________________________________
_____________________________________________________________________
_____________________________________________________________________
Rev. 11.12 6 –5
HP Networking Interoperability
Configuring the HP switch to disable STP
Root for Root for
Cisco A & B configuration VLANs 1, 12 VLANs 11, 13
Rapid-PVST+
spanning-tree mode rapid-pvst
spanning-tree extend system-id
po1 po1
spanning-tree pathcost method long
spanning-tree vlan 1,12 priority 0 Cisco A gig1/1 gig1/1 Cisco B
spanning-tree vlan 11,13 priority 4096
interface po 1
spanning-tree cost 10000
Blocked for Blocked for
VLANs 11, 13 VLANs 1, 12
48
47
HP E-Series configuration
STP
HP C
no spanning-tree
loop-protect 1-44
Disabled
1 - 44
loop-protect disable-timer 300
y
How should you configure HP C?
nl
O
Figure 6-4: Configuring the HP switch to disable STP
To make po1 the root port on the Cisco switches, its cost is reduced to 10000 in all
Se
VLANs. Note that by default, the Cisco IOS sets the cost of po1 to10000. However,
this won’t be true if the interface is a Gigabit interface.
lU
Q1: How should you configure HP C?
a
_____________________________________________________________________
rn
te
_____________________________________________________________________
In
_____________________________________________________________________
P
H
_____________________________________________________________________
r
Fo
_____________________________________________________________________
_____________________________________________________________________
_____________________________________________________________________
_____________________________________________________________________
_____________________________________________________________________
6 –6 Rev. 11.12
Redundancy Without STP
Configuring smart link
Next, you will learn about smart link, which is available on HP A-Series switches.
Smart link enables redundancy while preventing network loops. It opens a master
port and blocks a slave port. If the master port fails, smart link enables a rapid
failover.
NOTES
____________________________________________________________________
____________________________________________________________________
y
____________________________________________________________________
nl
O
____________________________________________________________________
Se
____________________________________________________________________
lU
____________________________________________________________________
a
rn
____________________________________________________________________
te
In
____________________________________________________________________
P
____________________________________________________________________
r H
Fo
____________________________________________________________________
____________________________________________________________________
____________________________________________________________________
____________________________________________________________________
____________________________________________________________________
____________________________________________________________________
Rev. 11.12 6 –7
HP Networking Interoperability
Smart link on HP A-Series switches
– When the master port fails, the
slave port becomes active.
• Very fast failover (<100 ms) Cisco A Cisco B
• Does not require STP
– Master and slave roles can be
Master= Slave=
shared on a per-instance basis. active standby
HP C
Figure 6-5: Smart link on HP A-Series switches
Developed to address STP’s slow convergence, smart link is applied on edge
y
nl
switches connected with redundant links to upstream switches. It supports link
redundancy and provides fast convergence.
O
A master link connects a switch to the rest of the network. The master link is active
Se
while a slave link is standby. If the master link fails, a slave port becomes active with
only a very short delay.
lU
To summarize, smart link features the following:
a
Dedicated to dual uplink networks
rn
Sub-second convergence
te
Easy configuration
In
The master and slave roles can be shared among VLAN instances. The master role
can also be set to preempt the slave role if the master fails and then comes back up.
P
r H
Fo
6 –8 Rev. 11.12
Redundancy Without STP
Simple smart link configuration
Cisco A Cisco B
# Create a smart link group 1 Gi 1/0/1 Gi 1/0/2
[SwitchC] smart-link group 1 Master Slave
# Configure all VLANs mapped to MSTIs 0 -15 as the protected VLANs HP C
[SwitchC-smlk-group1] protected-vlan reference-instance 0 to 15
# Configure Gigabit 1/0/1 as the master port
[SwitchC-smlk-group1] port gigabitethernet 1/0/1 master
# Configure Gigabit 1/0/2 as the slave port of smart link group 1
[SwitchC-smlk-group1] port gigabitethernet 1/0/2 slave
# Configure preemption
y
[SwitchC-smlk-group1] preemption mode role
nl
O
Figure 6-6: Simple smart link configuration
Se
In this simple configuration, the role of the smart link ports is defined for all VLANs
(all instances). In the above configuration, port gig 1/0/1 is the master/active, and
lU
port gig 1/0/2 is the slave.
If the master fails, the slave takes over. If master comes up again, it will preempt the
a
slave.
rn
te
In
P
r H
Fo
Rev. 11.12 6 –9
HP Networking Interoperability
Smart link and load balancing
HSRP HSRP
Owner Owner
Instance 1 Instance 2
Master Slave Slave Master
Gi 1/0/1 Gi 1/0/2 Gi 1/0/1 Gi 1/0/2
HP C HP C
# Create 2 instances
[SwitchC] vlan 1 to 200
[SwitchC] stp region-configuration
[SwitchC-mst-region] instance 1 vlan 1 to 100
[SwitchC-mst-region] instance 2 vlan 101 to 200
[SwitchC-mst-region] active region-configuration
# Ports are set as trunk and STP is disabled
[SwitchC] interface gigabitethernet 1/0/1
y
[SwitchC-GigabitEthernet1/0/1] stp disable
nl
[SwitchC-GigabitEthernet1/0/1] port link-type trunk
[SwitchC-GigabitEthernet1/0/1] port trunk permit vlan all
O
Se
Figure 6-7: Smart link and load balancing
lU
This configuration is designed to make best use of both uplinks on the edge switch.
The master and slave roles can be configured per VLAN instance.
a
Instances are configured through MSTP, even though STP is not involved on the port
rn
in smart link. The idea is to synchronize the instances configuration with the setup of
virtual IPs (using Hot Standby Router Protocol [HSRP] or Virtual Router Redundancy
te
Protocol [VRRP]) on Layer 3 switches.
In
The uplink is set as master for the VLANs on which the HSRP owner is directly
P
connected to the edge switch.
r H
Fo
6 –10 Rev. 11.12
Redundancy Without STP
Smart link and load balancing (cont.)
# Create smart link group 1
[SwitchC] smart-link group 1
[SwitchC-smlk-group1] protected-vlan reference-instance 1
# Gigabit 1/0/1 is the master & Gigabit 1/0/2 is the slave Instance 1
[SwitchC-smlk-group1] port gigabitethernet 1/0/1 master
Master Slave
[SwitchC-smlk-group1] port gigabitethernet 1/0/2 slave Gi 1/0/1 Gi 1/0/2
# Enable role preemption in smart link group 1 HP C
[SwitchC-smlk-group1] preemption mode role
# Create smart link group 2
[SwitchC] smart-link group 2
[SwitchC-smlk-group1] protected-vlan reference-instance 2
# Gigabit 1/0/2 is the master & Gigabit 1/0/1 the slave
Instance 2
[SwitchC-smlk-group1] port gigabitethernet 1/0/1 slave
y
Slave Master
[SwitchC-smlk-group1] port gigabitethernet 1/0/2 master Gi 1/0/1
nl
Gi 1/0/2
# Enable role preemption in smart link group 2 HP C
[SwitchC-smlk-group1] preemption mode role
O
Figure 6-8: Smart link and load balancing (cont.)
This configuration includes two smart link groups:
Se
lU
Smart link group 1
This group is associated with instance 1.
a
rn
Int Gig 1/0/1 is the master.
te
Int Gig 1/0/2 is the slave.
In
Smart link group 2
This group is associated with instance 2.
P
H
Int Gig 1/0/2 is the master.
Int Gig 1/0/1 is the slave.
r
Fo
Topology change mechanisms
Because link switchovers can outdate the MAC address forwarding entries and
Address Resolution Protocol (ARP) or Neighbor Discovery (ND) entries on all
devices, you need a forwarding entry update mechanism to ensure proper
transmission. The following two update mechanisms are provided:
Uplink traffic-triggered MAC address learning—An update is triggered by uplink
traffic. This mechanism is applicable to environments with devices that do not
support smart link, including devices from other vendors.
Flush update—A smart link-enabled device updates its information by
transmitting flush messages over the backup link to its upstream devices. This
mechanism requires the upstream devices to be capable of recognizing smart
link flush messages to update its MAC address forwarding entries and ARP/ND
entries.
Rev. 11.12 6 –11
HP Networking Interoperability
Caution: If no control VLAN is specified for processing flush messages, the device
forwards the received flush messages directly without processing them.
Make sure that the receive control VLAN is the same as the transmit control
VLAN configured on the smart link device. If they are not the same, the
associated device will forward the received flush messages directly without any
processing.
Do not remove the control VLANs. Otherwise, flush messages cannot be sent
properly.
Make sure that the control VLANs are existing VLANs. You must assign the port
capable of receiving flush messages to the control VLANs.
y
nl
O
Se
a lU
rn
te
In
P
r H
Fo
6 –12 Rev. 11.12
Redundancy Without STP
Smart link status
[SwitchC] display smart-link group all
Smart link group 1 information:
Device ID: 000f-e23d-5af0
Preemption mode: ROLE
Control VLAN: 10
Protected VLAN: Reference Instance 1
Member Role State Flush-count Last-flush-time
------------------------------------------------------------
GigabitEthernet1/0/1 MASTER ACTIVE 5 16:37:20 2010/02/21
GigabitEthernet1/0/2 SLAVE STANDBY 1 17:45:20 2010/02/21
Smart link group 2 information:
Device ID: 000f-e23d-5af0
Preemption mode: ROLE
Control VLAN: 101
Protected VLAN: Reference Instance 2
y
Member Role State Flush-count Last-flush-time
-------------------------------------------------------------
nl
GigabitEthernet1/0/2 MASTER ACTIVE 5 16:37:20 2010/02/21
GigabitEthernet1/0/1 SLAVE STANDBY 1 17:45:20 2010/02/21
O
Figure 6-9: Smart link status
Se
You can use the display smart-link command to view your smart link configuration.
lU
For example, you can see how many smart link groups are configured and which
links are the master and slave for each group.
a
What other information can you view using this command?
rn
_______________________________________________________________________
te
In
_______________________________________________________________________
P
_______________________________________________________________________
r H
Fo
_______________________________________________________________________
_______________________________________________________________________
_______________________________________________________________________
_______________________________________________________________________
_______________________________________________________________________
_______________________________________________________________________
Rev. 11.12 6 –13
HP Networking Interoperability
Configuring monitor link
Now you will be introduced to monitor link, which is a useful technique for
connecting servers in datacenters. Monitor link is available on HP A-Series switches.
Cisco switches support a similar feature, but on these switches, it is called uplink
failure detection.
NOTES
____________________________________________________________________
____________________________________________________________________
y
____________________________________________________________________
nl
O
____________________________________________________________________
Se
____________________________________________________________________
lU
____________________________________________________________________
a
rn
____________________________________________________________________
te
In
____________________________________________________________________
P
____________________________________________________________________
r H
Fo
____________________________________________________________________
____________________________________________________________________
____________________________________________________________________
____________________________________________________________________
____________________________________________________________________
____________________________________________________________________
6 –14 Rev. 11.12
Redundancy Without STP
Monitor link on HP A-Series switches
– In this architecture, is there a loop?
• Why or why not?
– What happens if the uplink fails? Cisco A Cisco B
– When is it an interesting design
Uplink Uplink
option?
Downlinks
HP C HP D
NIC teaming
NLB, TLB…
y
Figure 6-10: Monitor link on HP A-Series switches
nl
O
Q1: In this architecture, is there a loop? Why or why not?
______________________________________________________________
Se
lU
______________________________________________________________
a
______________________________________________________________
rn
te
Q2: What will happen if an uplink fails?
In
______________________________________________________________
P
______________________________________________________________
r H
______________________________________________________________
Fo
Q3: When might it be appropriate to use this architecture?
______________________________________________________________
______________________________________________________________
______________________________________________________________
______________________________________________________________
Rev. 11.12 6 –15
HP Networking Interoperability
Monitor link on HP A-Series switches (cont.)
– On HP C or D, if the uplink
fails, servers cannot sense it.
Cisco B
– With monitor link, if an uplink Cisco A
fails, downlinks are shut down. No loop; no
Uplink need for Uplink
– This triggers switchover in NIC STP
teaming on servers: Downlinks
HP C HP D
• Very fast failover (<100 ms)
• Does not require STP
• Easy setup NIC teaming
NLB, TLB…
y
Figure 6-11: Monitor link on HP A-Series switches (cont.)
nl
O
In this configuration, servers are connected to two switches. The two switches are
not connected together. Each server switch is connected with a single link to an
Se
upstream switch. Overall, this does not create a loop because servers don’t bridge
the traffic.
lU
The advantage of such a configuration is the ability to connect servers redundantly
to an existing network without the need to enable spanning-tree. If an uplink fails,
a
the server cannot sense it. Server traffic will then be lost.
rn
This is where the monitor link feature can help. With monitor link, the status of the
te
downlink ports is linked with the status of the uplink. If the uplink fails, then
In
downlinks are set to down. In return, this triggers the NIC teaming failover on the
servers.
P
r H
Fo
6 –16 Rev. 11.12
Redundancy Without STP
Monitor link configuration
# Create monitor link group 1.
[SwitchC] monitor-link group 1
Cisco A Cisco B
# Configure Gigabit 1/0/1 as an uplink port
No loop -
and Gigabit 1/0/2 - 3 as downlink ports. Uplink No STP
[SwitchC-mtlk-group1] port gigabitethernet1/0/1 uplink
HP C
Downlinks
[SwitchC-mtlk-group1] port gigabitethernet1/0/2 downlink HP D
[SwitchC-mtlk-group1] port gigabitethernet1/0/3 downlink
NIC
teaming
# Check status of monitor link group 1. NLB, TLB…
<SwitchC> display monitor-link group 1
Monitor link group 1 information:
Group status: DOWN
Last-up-time: -
Last-down-time: -
Member Role Status
y
------------------------------------------
GigabitEthernet1/0/1 UPLINK DOWN
nl
GigabitEthernet1/0/2 DOWNLINK DOWN
GigabitEthernet1/0/3 DOWNLINK DOWN
O
Figure 6-12: Monitor link configuration
Se
Enabling monitor link is very easy. You must define a monitor link group. Then, you
must configure the uplink port (switch uplink) and downlink ports (server ports).
lU
To check the status of the monitor link group, use the display monitor-link command,
a
as shown in the figure. In this example, the output shows the uplink is down.
rn
te
In
P
r H
Fo
Rev. 11.12 6 –17
HP Networking Interoperability
Lab 6.1: Redundancy without STP
Root Root
For VLANs 1,11,13 for VLANs 12
Rapid-PVST+
P1 P1
Cisco-A Cisco-B
P4 P3
P3 P4
IP addressing:
10.POD.VLAN.X/24
X=1 on Cisco-A
X=2 on Cisco-B
X=3 on HP-C
X=4 on HP-D
P1 P2
P2 P1 X=5 on HP-E
HP-C HP-E
STP X=6 on HP-F
P3 disabled P3
X=100 on Server_1
PC1
X=101 on Client_1
PC2
y
nl
Server_1
PC& Client_1
PC2
O
Figure 6-13: Lab 6.1a: Redundancy without STP
Se
In this lab, you will configure the redundancy methods you have learned about in this
module. You will first disable STP on an edge switch and observe the effect this has
lU
on the STP network. The topology for this part of the lab is shown in Figure 6-13.
You will then configure smart link and monitor link on HP A-Series switches. Figures 6-
a
14 and 6-15 illustrate the topologies for these sections of the lab.
rn
Root Root
te
For VLANs 1,11,13 for VLANs 12
Rapid-PVST+
In
P1 P1
Cisco-A Cisco-B
P4 P3
P
P3 P4
r H
Fo
Smart Link
group 1 & 2
P1 P2
HP-C P2 P1 HP-E
HP-E
P3 P3
P3
Server_1 Client_1
Figure 6-14: Lab 6:1b: Smart link
6 –18 Rev. 11.12
Redundancy Without STP
Root Root
For VLANs 1,11,13 for VLANs 12
Rapid-PVST+
P1 P1
Cisco-A Cisco-B
P4 P3
P3 P4
Uplink
P1 P2
HP-C P2 P1 HP-E
P3 Downlink P3
y
nl
Server_1
PC1 Client_1
PC2
O
Figure 6-15: Lab 6.1c: Monitor link
Se
Use the space below to record any behavior you want to observe or test about these
redundancy methods. Refer back to this list as you complete the lab.
lU
________________________________________________________________________
a
rn
________________________________________________________________________
te
In
________________________________________________________________________
P
________________________________________________________________________
r H
________________________________________________________________________
Fo
________________________________________________________________________
________________________________________________________________________
________________________________________________________________________
________________________________________________________________________
Rev. 11.12 6 –19
HP Networking Interoperability
Lab debrief
– What did you learn in this “redundancy without STP” lab?
– What were your challenges?
– What do you think you will apply in the field?
Figure 6-16: Lab debrief
What did you learn in this “redundancy without STP” lab?
____________________________________________________________________
____________________________________________________________________
y
nl
O
____________________________________________________________________
Se
____________________________________________________________________
lU
____________________________________________________________________
a
rn
____________________________________________________________________
te
What challenges did you experience?
In
____________________________________________________________________
P
H
____________________________________________________________________
r
Fo
____________________________________________________________________
____________________________________________________________________
____________________________________________________________________
____________________________________________________________________
6 –20 Rev. 11.12
Redundancy Without STP
What do you think you will apply in the field?
____________________________________________________________________
____________________________________________________________________
____________________________________________________________________
____________________________________________________________________
____________________________________________________________________
y
____________________________________________________________________
nl
O
____________________________________________________________________
Se
____________________________________________________________________
lU
____________________________________________________________________
a
rn
____________________________________________________________________
te
In
____________________________________________________________________
P
____________________________________________________________________
r H
____________________________________________________________________
Fo
____________________________________________________________________
____________________________________________________________________
____________________________________________________________________
____________________________________________________________________
____________________________________________________________________
Rev. 11.12 6 –21
HP Networking Interoperability
Module 6 summary
– Remember that a solution that is easy to set up is also easy
to maintain.
Figure 6-17: Module 6 summary
In this module, you have been introduced to ways to create network redundancy
without STP, including disabling STP on edge switches, and also using smart link and
monitor link. Record your thoughts here while your facilitator reviews what was
covered in this module.
_________________________________________________________________________
y
nl
O
_________________________________________________________________________
Se
_________________________________________________________________________
lU
_________________________________________________________________________
a
rn
_________________________________________________________________________
te
In
_________________________________________________________________________
P
_________________________________________________________________________
r H
_________________________________________________________________________
Fo
_________________________________________________________________________
_________________________________________________________________________
_________________________________________________________________________
6 –22 Rev. 11.12
Redundancy Without STP
Learning check
– With STP disabled on an HP switch:
• Does it forward or drop standard STP BPDUs?
• Can you load balance traffic?
• What can occur if STP is disabled at the edge?
– What is required to enable the smart link feature?
• What do you enable to get load balancing with smart link?
Figure 6-18: Learning check
With STP disabled on an HP switch:
y
Q1a: Does the switch forward or drop standard STP BPDUs?
nl
_____________________________________________________________________
O
Se
_____________________________________________________________________
lU
_____________________________________________________________________
a
_____________________________________________________________________
rn
te
_____________________________________________________________________
In
P
Q1b: Can you load balance traffic?
H
_____________________________________________________________________
r
Fo
_____________________________________________________________________
_____________________________________________________________________
_____________________________________________________________________
_____________________________________________________________________
Rev. 11.12 6 –23
HP Networking Interoperability
Q1c: What can occur if STP is disabled at the edge?
_____________________________________________________________________
_____________________________________________________________________
_____________________________________________________________________
Q2a: What is required to enable the smart link feature?
_____________________________________________________________________
_____________________________________________________________________
y
nl
_____________________________________________________________________
O
_____________________________________________________________________
Se
lU
Q2b: What do you enable to get load balancing with smart link?
_____________________________________________________________________
a
rn
_____________________________________________________________________
te
In
_____________________________________________________________________
P
_____________________________________________________________________
r H
Fo
Q3: With monitor link, if the downlink goes down, does it trigger the uplink to switch
to down status?
_____________________________________________________________________
_____________________________________________________________________
_____________________________________________________________________
_____________________________________________________________________
_____________________________________________________________________
6 –24 Rev. 11.12
Hardening STP
Module 7
Module 7 objectives
After completing this module, you will be able to:
Set up the features that can be used to stabilize Spanning Tree Protocol (STP) on
a LAN:
On edge ports--Bridge Protocol Data Unit (BPDU) guard, loop protect, and
Topology Change Notification (TCN) guard
On uplinks—UniDirectional Link Detection (UDLD), root guard, loop guard,
y
and BPDU filter
nl
O
Se
a lU
rn
te
In
P
r H
Fo
Rev. 11.12 7 –1
HP Networking Interoperability
Spanning tree problems
– Unstable spanning tee operation can be caused by factors
and conditions that include:
• Unidirectional links
• Rogue devices talking STP
• Continuous STP topology changes due to flapping ports or end-user
ports not set to edge mode (PortFast)
• Loops not detected by STP
Blocked
gigabit link
Rogue switch
y
root bridge
nl
O
Figure 7-1: Spanning tree problems
Se
Figure 7-1 shows some of the factors that cause instability in spanning tree.
Hardening STP helps mitigate these problems.
a lU
rn
te
In
P
r H
Fo
7 –2 Rev. 11.12
Hardening STP
Hardening STP
BPDU filter: Filters BPDUs in
Tx/Rx on port without loop Loop guard:
(E.g. “routed” port) Prevents loop
situations when
edge switches stop
Root guard: Prevents the receiving BPDUs
insertion of a “fake” root from upstream
triggering an STP topology switches
change
Edge ports
BPDU guard: Prevents TCN guard: Prevents
network instability due to Loop protect: Prevents loops excessive TCNs from
y
switch insertion at the that occur on an external triggering MAC
nl
edge hubs or switches and are not address table aging
detected by STP
O
Figure 7-2: Hardening STP
Se
This is a short presentation of the features used to harden STP. The goal of this figure
lU
is to show where the different features function on the network.
Note that on HP E-Series switches, another application of BPDU filter may also be
a
used on edge ports combined with loop protect.
rn
te
In
P
r H
Fo
Rev. 11.12 7 –3
HP Networking Interoperability
Spanning tree hardening features
Cisco HP A-Series HP E-Series
Unidirectional Link Device Link Detection Unidirectional Link
Detection (UDLD) Protocol (DLDP) Detection (UDLD)
BPDU guard:
BPDU protection BPDU protection
On PortFast ports
— — Loop protection
Root guard Root guard Root guard
Loop guard Loop guard —
TCN guard:
y
TC-BPDU guard TCN-guard
On PortFast ports
nl
O
Figure 7-3: Spanning tree hardening features
Figure 7-3 shows what spanning tree hardening features are called on Cisco, HP A
Se
and E-Series switches. Note that some features are not available for all switches.
a lU
rn
te
In
P
r H
Fo
7 –4 Rev. 11.12
Hardening STP
Setting edge ports and non-edge ports
– STP hardening features such as BPDU guard, loop protect,
and TCN-guard are set on edge ports.
– Activating those features may only be valid if the port is an
edge port.
Figure 7-4: Setting edge ports and non-edge ports
The STP hardening features such listed above are intended for edge ports.
In fact, on some platforms you can only enable these features on edge ports. For
y
example, on HP A-Series switches, you enable BPDU guard globally, and the feature
nl
takes effect on all edge ports. Similarly, on Cisco switches, you select PortFast ports,
O
and then enable the protection features for PortFast ports globally. (However, you
select the precise ports on which you want to enable these features on HP E-Series
Se
switches.)
For these reasons, before you begin implementing these features, you must carefully
lU
check your switches’ configurations and ensure that edge ports are defined as such.
a
rn
te
In
P
r H
Fo
Rev. 11.12 7 –5
HP Networking Interoperability
UDLD and DLDP
You will now be introduced to the UDLD and DLDP protocols and learn how they can
solve the problems caused by unidirectional links.
y
nl
O
Se
a lU
rn
te
In
P
r H
Fo
7 –6 Rev. 11.12
Hardening STP
Why unidirectional links cause problems
– Switch B (secondary root) is
transmitting BPDUs on a Secondary
Root
designated port connected to root
Switch A Switch B
Switch C’s alternate port TX RX
– Switch C does not receive them so RX TX
it opens the blocked port (*)
RX TX RX TX
– As a result, a loop occurs in the
network causing the network to go
down Unidirectional
TX RX
link fails
• Troubleshooting can be very difficult TX RX
Blocked port
y
transitions to
Switch C
nl
forwarding
(*) This can be prevented by loop guard
O
Figure 7-5: Why unidirectional links cause problems
Se
A unidirectional link, a link that transmits but does not receive (or vice versa) can
lU
occur in several circumstances, typically on a fiber optic connection:
One of the fibers fails
a
One of the transceivers fails
rn
The fibers are incorrectly connected so that a device transmits to a different
te
device from which it receives traffic
In
These types of problems can occur because physical layer protocols do not identify
the ends of the connection; the devices must simply assume that they are receiving
P
traffic from the device to which they transmit.
H
Unidirectional links can cause problems with STP because STP assumes that if a port
r
does not receive BPDUs, it has no connection with another switch or bridge.
Fo
However, with a unidirectional link, a device might be able transmit to another switch
or bridge but not to receive its BPDUs.
Examine an example. In the figure, Switch C has blocked its port to Switch B because
Switch A is root but Switch B has a lower ID than C. Then switch C’s receive link
goes down, and switch C no longer receives B’s BPDUs. Switch C therefore
transitions its port to forwarding state (designated), creating a loop.
Finding the origin of such a problem and troubleshooting it can sometimes be
difficult.
Rev. 11.12 7 –7
HP Networking Interoperability
UDLD, on Cisco and HP E-Series switches, and DLDP, on HP A-Series switches,
address this problem by helping the ends of a link to identify each other—thus
removing the problem of a device transmitting to a device from which it cannot
receive. A UDLD-capable device advertises its identity and its neighbor’s identity (the
device from it receives traffic). The connected device, which must also support UDLD,
does the same. If a device does not receive an advertisement with the same two
identities that it advertised, it knows a unidirectional link has occurred and shuts
down the port.
y
nl
O
Se
a lU
rn
te
In
P
r H
Fo
7 –8 Rev. 11.12
Hardening STP
UDLD and DLDP interoperability
hello I am switch A, port 1/1
UDLD
acknowledge hello operates at
Cisco Cisco Layer 2
Does not work since Cisco and HP have
different implementations
Cisco HP E-Series or HP A-Series
hello I am switch A, port a1
HP E-Series acknowledge hello HP E-Series
hello I am switch A, port 1/0/1
HP A-Series acknowledge hello HP A-Series
Figure 7-6: UDLD and DLDP interoperability
y
Unfortunately, none of the implementations interoperate, because none are standard
nl
and, in fact, a UDLD standard does not yet exist.
O
UDLD on Cisco and UDLD on HP E-Series do not interoperate.
Se
UDLD and DLDP (on HP A-Series) do not interoperate.
lU
a
rn
te
In
P
r H
Fo
Rev. 11.12 7 –9
HP Networking Interoperability
STP hardening on edge ports
Now you will learn in detail about the STP hardening features on edge ports: BPDU
guard, loop protection, TCN guard, and BPDU filter.
y
nl
O
Se
a lU
rn
te
In
P
r H
Fo
7 –10 Rev. 11.12
Hardening STP
BPDU guard = BPDU protection
—What is the purpose of BPDU protection?
• Prevents
network instability and network attacks that can occur when
uncontrolled switches are inserted at the edge of the network.
• Switches are detected by their BPDUs.
—How does it work?
• If a BPDU is received, the port is disabled.
− errdisable state (Cisco) or simply disabled (HP)
• Port recovery may be automatic after timeout, or manual.
—Where do you enable BPDU protection?
• On edge ports.
y
nl
Figure 7-7: BPDU guard = BPDU protection
O
BPDU protection (called BPDU guard on Cisco switches) shuts down a port when it
receives BPDU. Depending on the platform, you can configure the feature such that
Se
the port remains shut down until an administrator re-enables it, or you can have the
port recover after a set lockout period. This feature helps to protect your network from
lU
rogue switches and from rogue devices implementing STP exploits (for example,
attempting to become the root and force your network into an inefficient topology).
a
rn
However, BPDU protection is not enough to prevent switches from connecting on the
edge, as not all switches generate BPDUs. For example, unmanaged switches and
te
switches with STP disabled do not. Additional measures can be taken to prevent
In
switches from connecting on the edge:
Port security that counts MAC addresses and closes ports if there is more than
P
one address on a given port.
H
Ensure that the port-security setup sets a list of the authorized MAC
r
addresses.
Fo
802.1X authentication.
Only authorized users or devices can connect to the network.
However, this feature requires an AAA infrastructure and careful setup.
Detecting switch connections at the edge may not be in itself a sufficient
reason to set 802.1X.
Loop protect can detect if loop conditions occur on the switch but does not
prevent the connection of a switch.
Rev. 11.12 7 –11
HP Networking Interoperability
HP loop protect (HP E-Series)
Unmanaged device
that does not block If BPDU guard is configured, it
any packets will detect it
If BPDU guard is configured, it
will detect it
HP E-Series
switch
Loop is not detected by BPDU
guard
Unmanaged device
HP loop protect can detect these
on the network
loop conditions
that drops
y
spanning tree
nl
packets
O
Figure 7-8: HP loop protect (HP E-Series)
Se
HP E-Series devices support loop protect, which detects loops introduced by devices
that do not support STP. Ports that implement loop protect send out packets. If another
lU
port receives that packet, the loop is detected. If the port that received the packet is
configured with the receiver-action send-disable option, the port that sent out the
a
packet is disabled.
rn
For example, you enable loop protect on the E-Series switch ports and set the
te
receiver-action send-disable option on them. When the E-Series switch sends a loop
protect packet out the port connected to the unmanaged switch shown below, the
In
packet moves over the loop, and returns on the port. Therefore, the switch disables
port 1, preventing the switch with the erroneous cabling from causing trouble
P
throughout the network.
H
You can use loop protect in conjunction with BPDU protection on edge ports. Another
r
way to implement loop protect is to set it in conjunction with BPDU filter. Note that
Fo
this feature is supported only on the HP E-Series devices.
Note
Do not confuse loop protect with the loop protection feature on HP A-Series
switches, which is equivalent to loop guard on Cisco.
7 –12 Rev. 11.12
Hardening STP
TCN guard
– STP TCNs causes switches to age out their MAC address
forwarding tables in 15 seconds instead of 5 minutes.
– This helps switches learn the correct new ports for
forwarding traffic more quickly.
– But edge port status changes, which also generate TCNs,
cause unnecessary aging out and flooding.
– TCN guard (Cisco and HP E-Series) prevents TCNs from
being generated bases on edge port status changes.
– TC-BPDU guard (HP A-Series) prevents excessive flushing of
the tables in response to TCN floods.
y
nl
Figure 7-9: TCN guard
O
STP defines topology change notification (TCN) BPDU, which are intended to alert
other members of the spanning tree that the topology is changing, so they should
Se
rapidly age out their MAC forwarding table because they might now reach MAC
addresses on different ports.
lU
The switch that originates the TCN ages out its own table and forwards the frame
a
toward the root bridge. Each switch in the path to the root acknowledges the TCN,
rn
ages out its own table, and forwards the TCN toward the root bridge. The root
bridge does the same, but forwards the TCN to all devices in the spanning tree.
te
TCNs are useful when the topology has actually changed in a significant way.
In
However, switches also generate TCNs when edge ports change status—although
such changes do not truly necessitate all switches in the spanning tree flushing their
P
forwarding tables. The TCN will only cause the switches to flood traffic unnecessarily
H
while they rebuild their forwarding tables.
r
TCN guard protects your network from such an occurrence and is available on Cisco
Fo
and HP E-Series switches. This feature prevents TCNs from being generated in
response to status changes on edge ports. You enable this feature on Cisco and HP
E-Series edge ports.
HP A-Series switches have a slightly different feature, TC-BPDU guard, which is
intended to guard against TCN floods implemented by hackers. The flood ties up the
switch’s resources as the switch flushes its addresses again and again, affecting
network stability. When you enable the TC-BPDU guard feature, which is a global
feature on the switch, you can set the maximum number of forwarding address
flushes that the switch can perform within a certain period of time after receiving the
first TCN. For TCNs received in excess of the limit, the switch only performs the
forwarding address entry flush after the time period expires. This feature prevents the
switch’s resources from being consumed.
Rev. 11.12 7 –13
HP Networking Interoperability
BPDU filter—Disabling
p STP on individual ports
– By default, BPDUs are sent in all VLANs.
– BPDU filter disables the sending and receiving of
BPDUs on selected ports. It is useful for:
• Setting the boundary of your LAN when connecting to
another LAN (e.g. ISP)
• Ports that do not cause loops by the VLAN design
• “Routed” ports
• Disabling STP on a port when it is required by another
feature (e.g. smart link, RRPP, monitor link)
HP E-Series switches provide a PVST filter to filter PVST
y
BPDUs, for example on the boundary of your LAN.
nl
Figure 7-10: BPDU filter—Disabling STP on individual ports
O
BPDU filter is very useful for setting the limit of your LAN, and for when you connect
Se
to VLAN and MSTP domains by routed links. When you connect a LAN to a
provider’s LAN, you can filter BPDUs (and PVST BPDUs on HP E-Series switches) to
lU
avoid STP interference from the provider’s switch.
Note that BPDU filter can also be set on edge ports combined with loop protect and
a
admin-edge on HP E-Series switches. It will filter BPDUs sent by rogue switches set at
rn
the edge and will play the role of BPDU guard and root guard, although without an
te
alarm. Loop protect will detect loop conditions.
In
P
r H
Fo
7 –14 Rev. 11.12
Hardening STP
STP hardening on Cisco
Hardening STP on a Cisco switch on the edge
Enable PortFast and BPDU guard on all access ports
Cisco(config)# spanning-tree portfast default
Enable BPDU guard on the PortFast port globally and set recovery time to seconds
Switch(config)# spanning-tree portfast bpduguard default
Cisco-A(config)# errdisable recovery cause bpduguard
Cisco-A(config)# errdisable recovery interval 30
On Cisco, TCN are not generated when ports are set in PortFast mode
BPDU filter on Cisco
Enabled on interface
Switch(config)# interface gig1/1
y
Switch(config-if)# spanning-tree bpdufilter
nl
Figure 7-11: STP hardening on Cisco
O
As you see, on Cisco switches, you define PortFast on access ports. You then activate
Se
BPDU guard on the PortFast ports. With BPDU guard enabled on Cisco switches,
MSTP closes PortFast ports that receive BPDUs. The switch will automatically re-enable
lU
the port after the recovery interval. (If you do not set the interval, an administrator
must re-enable the port.)
a
rn
The PortFast configuration also enables the TCN guard.
You can also see the command for BPDU filtering.
te
In
P
r H
Fo
Rev. 11.12 7 –15
HP Networking Interoperability
STP hardening on HP A-Series
Hardening edge ports on HP A-Series switches
#All ports are non-edge by default
# if an edge port receives a BPDU, it becomes non-edge automatically
[Switch]port-group manual edge-1
[Switch-…] group-member Gi 1/0/1 to Gi 1/0/44
[Switch-…] port link-type access
[Switch-…] port access vlan 11
[Switch-…] stp edged-port enable
# Loop protect is not supported.
# Enable BPDU protection globally. Applies to ports defined as edge
[Switch]stp bpdu-protection
# Enable TC BPDU guard to limit excessive TCN s– Enabled by default
[Switch] stp tc-protection enable
# Configure the maximum number of address entry flushes that the device can perform
within a specific time period after it receives the first TC-BPDU
[Switch] stp tc-protection threshold 2
BPDU filtering on HP A-Series switches
y
# Disable STP on the interface
nl
[DeviceA] interface gigabitethernet 2/0/1
[DeviceA-GigabitEthernet2/0/1] stp disable
O
# Ignore STP results in VLANs when loop does not exist in VLANs by design
[DeviceA] stp ignored vlan 100,200
Se
Figure 7-12: STP hardening on HP A-Series
On HP A-Series switches, MSTP will close these ports and notify the Network
lU
Management System (NMS) that the ports are closed. Only the network
administrator, or an automatic procedure set on the NMS, can restore the ports once
a
they have been closed.
rn
te
In
P
r H
Fo
7 –16 Rev. 11.12
Hardening STP
STP hardening on HP E-Series
Hardening STP on the edge on HP E-Series switches
Edge ports are discovered automatically but can be set manually
Switch(config)# spanning-tree
Switch(config)# spanning-tree 1-44 admin-edge-port
BPDU guard
Switch(eth-a1)# spanning-tree 1-44 bpdu-protection
Switch(config)# spanning-tree bpdu-protection-timeout 3600
Loop protect:
Switch(config)# loop- protect 1-46 receiver-action send-disable
Switch(config)# loop-protect disable-timer 3600
TCN guard
Switch(config)# spanning-tree 1-46 tcn-guard
BPDU and PVST filtering on HP E-Series switches
y
Apply BPDU filter on the boundary of your LAN on the routed interface
Switch(config)# spanning-tree 46-47 bpdu-filter
nl
Apply PVST-Filter on boundary of your LAN
Switch(config)# spanning-tree 46-47 pvst-filter
O
Figure 7-13: STP hardening on HP E-Series
Se
The slide displays the commands for configuring the features discussed earlier on HP
lU
E-Series switches. As you see, you can set a timeout for BPDU protection, which
automatically re-enables the port the specified amount of time after the BPDU is
a
received. If you set the timeout to 0 (the default), the port is never re-enabled until an
rn
administrator enables it.
te
The slide also shows how to implement loop protect, TCN guard, and BPDU and
PVST BPDU filtering.
In
P
r H
Fo
Rev. 11.12 7 –17
HP Networking Interoperability
STP hardening on uplinks
Now you will learn about the STP hardening features loop guard and root guard,
which are configured on uplinks.
y
nl
O
Se
a lU
rn
te
In
P
r H
Fo
7 –18 Rev. 11.12
Hardening STP
Root guard
– Root guard prevents a switch from taking the place of the
desired root bridge.
– Root guard is typically set:
• On edge ports (not needed if BPDU guard/protection is already set)
• On the switch-to-switch ports of the root and secondary root switches
− Except the links between roots
Figure 7-14: Root guard
When root guard is enabled on a port, it cannot be selected as the root port even if
it receives superior STP BPDUs. The port is assigned an alternate port role and enters
y
nl
a blocking state if it receives superior STP BPDUs. (A superior BPDU contains
information about a root bridge with lower priority and/or a lower path cost to the
O
root bridge.) The superior BPDUs received on a root guard port are ignored. All other
BPDUs are accepted, and the external devices may belong to the spanning tree as
Se
long as they do not claim to be the root device.
lU
Typically, you enable this feature on switch-to-switch links on the root and secondary
root switches with the exception of the link between these two switches (which
a
typically alternate roles in different MSTP instances).
rn
You can also configure root guard on the edge ports of Cisco and HP E-Series
te
switches; however, BPDU guard provides the same protection and more, making root
guard redundant. On HP A-Series switches, you cannot implement root guard on
In
edge ports. The last feature enabled takes effect. You should usually choose defining
edge ports as edge ports, which can be protected by BPDU guard, in preference to
P
enabling root guard on them.
r H
Fo
Rev. 11.12 7 –19
HP Networking Interoperability
Spanning tree root guard configuration
Root guard on Cisco switches
Or interface specific
Switch(config)# interface gig1/1
Switch(config-if)# spanning-tree guard root
Root guard on HP A-Series switches
# Enabled on interface
[DeviceA] interface gigabitethernet 2/0/1
[DeviceA-GigabitEthernet2/0/1] stp root-protection
Root guard on HP E-Series switches
Interface specific:
Switch(config)# spanning-tree 1-6 root-guard
y
Figure 7-15: Spanning tree root guard configuration
nl
Here is a network configuration with root guard enabled. Remember that root guard
O
is represented by the pink dots.
Se
a lU
rn
te
In
P
r H
Fo
7 –20 Rev. 11.12
Hardening STP
Loop guard
– Loop guard prevents loops due to STP BPDUs not being
forwarded
• E.g., a unidirectional link that does not transmit BPDUs
Unidirectional
link prevents
BPDU sending Loop guard
prevents this
situation
Port is set as
forwarding
And creates a
y
loop
nl
O
Figure 7-16: Loop guard
Se
By receiving BPDUs from the upstream device, a device can maintain the state of the
root port and blocked ports. However, due to link congestion or unidirectional link
lU
failures, these ports may fail to receive BPDUs from the upstream devices. In this case,
the downstream device will reselect the port roles: Those ports in forwarding state
a
that failed to receive upstream BPDUs will become designated ports, and the blocked
rn
ports will transition to the forwarding state, resulting in loops in the switched network.
te
The loop guard function can suppress the occurrence of such loops.
In
If a loop guard-enabled port fails to receive BPDUs from the upstream device, and if
that port takes part in the STP calculation, all the instances on the port will be set to,
P
and stay in, the discarding state. This will be true no matter what role the port plays.
H
Make this configuration on the root port or an alternate port of a device.
r
Fo
Rev. 11.12 7 –21
HP Networking Interoperability
Spanning tree loop guard configuration
Loop guard on Cisco switches
! Enabled on the uplinks interface
Switch(config)# interface gig1/1
Switch(config-if)# spanning-tree guard loop
Loop guard on HP A-Series switches
# Enabled on the uplinks interface
[DeviceA] interface gigabitethernet 2/0/1
[DeviceA-GigabitEthernet2/0/1] stp loop-protection
Loop guard on HP E-Series switches– does not exist
y
Figure 7-17: Spanning tree loop guard configuration
nl
Here is a network configuration with loop guard enabled. Remember that loop guard
O
is represented by the stars.
Se
a lU
rn
te
In
P
r H
Fo
7 –22 Rev. 11.12
Hardening STP
Lab 7.1: Hardening STP
Root Root
for Instances 0 and 1 for Instance 2
P1 P1
Cisco-A Cisco-B
P3 P4 P3 P4
P2 MSTP Region
Name: HP-Cisco
MSTP Revision: 1
MST Instance 1: VLAN 12
MST Instance 2: VLAN 1,11,13
P1 P2 P2
P1
HP-C HP-E
P3 P3
y
nl
HP-D
O
Figure 7-18: Lab 7.1: Hardening STP
Se
You will now complete a lab in which you implement these STP hardening features
on Cisco and HP switches.
lU
Use the space below to record any instructions your facilitator gives you for this lab.
________________________________________________________________________
a
rn
________________________________________________________________________
te
In
________________________________________________________________________
P
H
________________________________________________________________________
r
Fo
________________________________________________________________________
________________________________________________________________________
________________________________________________________________________
________________________________________________________________________
________________________________________________________________________
________________________________________________________________________
Rev. 11.12 7 –23
HP Networking Interoperability
Lab debrief
What were your key insights into hardening STP?
_________________________________________________________________________
_________________________________________________________________________
_________________________________________________________________________
_________________________________________________________________________
_________________________________________________________________________
y
nl
O
Did you discover anything new? If so, list this discovery below.
_________________________________________________________________________
Se
lU
_________________________________________________________________________
a
_________________________________________________________________________
rn
te
_________________________________________________________________________
In
_________________________________________________________________________
P
H
_________________________________________________________________________
r
Fo
Did anything you learned surprise you?
_________________________________________________________________________
_________________________________________________________________________
_________________________________________________________________________
_________________________________________________________________________
_________________________________________________________________________
7 –24 Rev. 11.12
Hardening STP
What were your greatest challenges?
_________________________________________________________________________
_________________________________________________________________________
_________________________________________________________________________
_________________________________________________________________________
_________________________________________________________________________
y
_________________________________________________________________________
nl
O
_________________________________________________________________________
Se
_________________________________________________________________________
lU
What will you apply in the field?
a
_________________________________________________________________________
rn
te
_________________________________________________________________________
In
_________________________________________________________________________
P
H
_________________________________________________________________________
r
Fo
_________________________________________________________________________
_________________________________________________________________________
_________________________________________________________________________
_________________________________________________________________________
_________________________________________________________________________
_________________________________________________________________________
Rev. 11.12 7 –25
HP Networking Interoperability
Module 7 summary
In this module, you have been introduced to ways to harden the spanning tree
protocol to reduce instability. Record your thoughts here while your facilitator reviews
what was covered in this module.
____________________________________________________________________
____________________________________________________________________
____________________________________________________________________
____________________________________________________________________
y
nl
____________________________________________________________________
O
Se
____________________________________________________________________
lU
____________________________________________________________________
a
rn
____________________________________________________________________
te
____________________________________________________________________
In
P
____________________________________________________________________
r H
Fo
7 –26 Rev. 11.12
Hardening STP
Learning check
Q1: What feature(s) prevent loops that can occur on edge ports?
_______________________________________________________________
_______________________________________________________________
_______________________________________________________________
_______________________________________________________________
_______________________________________________________________
y
nl
O
Q2: Are UDLD on Cisco and DLDP on HP-A Series switches interoperable?
Se
_______________________________________________________________
lU
_______________________________________________________________
a
rn
_______________________________________________________________
te
Q3: Would you set root guard on edge ports?
In
_______________________________________________________________
P
_______________________________________________________________
r H
_______________________________________________________________
Fo
Q4: Would you set BPDU filter on edge ports?
_______________________________________________________________
_______________________________________________________________
_______________________________________________________________
_______________________________________________________________
_______________________________________________________________
Rev. 11.12 7 –27
HP Networking Interoperability
Q5: Would you set BPDU guard on uplinks?
_______________________________________________________________
_______________________________________________________________
_______________________________________________________________
_______________________________________________________________
_______________________________________________________________
y
Q6: What prevents loop in case of unidirectional links?
nl
_______________________________________________________________
O
_______________________________________________________________
Se
lU
_______________________________________________________________
a
_______________________________________________________________
rn
te
_______________________________________________________________
In
_______________________________________________________________
P
r H
Fo
7 –28 Rev. 11.12
Link Aggregation
Module 8
Module 8 Objectives
After completing this module, you will be able to:
Identify and implement link aggregation methods that will interoperate between
Cisco and HP switches
Use link aggregation and the HP Intelligent Resilient Framework (IRF) to build a
redundant network architecture that integrates Cisco and HP switches
Configure link aggregation between Cisco switches and an HP IRF stack
y
nl
O
Se
a lU
rn
te
In
P
r H
Fo
Rev. 11.12 8 –1
HP Networking Interoperability
Link aggregation and interoperability
– Link aggregation increases bandwidth + redundancy
– Link-aggregation interoperability is easy
Naming
y
Cisco: Ether or port channel
nl
HP E-Series: Trunk
HP A-Series: Bridge or link aggregation
Our convention
O
Figure 8-1: Link aggregation and interoperability
Se
Note the different naming conventions for link aggregation between HP and Cisco:
lU
Cisco: EtherChannel or port channel
HP A-Series: bridge or link aggregation
a
rn
HP E-Series: trunk
te
Be careful with HP E-Series naming; link trunking can be confused with VLAN
trunking. For the purposes of this training, the term “link aggregation” will be used.
In
P
r H
Fo
8 –2 Rev. 11.12
Link Aggregation
Link aggregation modes
Recommended combinations
Static Always works
Static
LACP-BPDUs
Switch MAC address, LACP key > Works if both
Static LACP sides agree
Static LACP
< Switch MAC address, LACP key
LACP-BPDUs
Switch MAC address, LACP key >
Dynamic LACP Set and works
Dynamic LACP if both sides agree
< Switch MAC address, LACP key
y
Active
Active
nl
Passive
O
Figure 8-2: Link aggregation modes
Se
Static link aggregation
In static link aggregation, there is no exchange of frames between the two switches.
lU
Each side manages its own link aggregation. Each side load balances outgoing
frames according to that platform’s rules. Each side accepts the incoming frames as
a
they are sent from the other side. Of course, neither side ever forwards incoming
rn
frames back out the other ports in the link aggregation group because the switch
te
considers the ports one virtual port.
In
Benefits: Static link aggregation is very interoperable. It can be used between all
vendors.
P
Drawbacks: There is no control to guarantee that your link aggregation cabling
H
is correct For example, you wouldn’t be able to tell if the wrong ports were
connected. In an environment with many aggregated links, LACP gives you more
r
Fo
information for troubleshooting.
Static LACP
In static LACP, the link aggregation virtual port (port channel on Cisco, trunk on HP E-
Series, or bridge-aggregation on HP A-Series) is formed whether or not the other side
agrees. However, ports in the link aggregation will be selected (active/up) only if
both sides agree. The remote side must send the same switch MAC address and the
same operation key (which shows that the ports belong to same link aggregation). In
other words, the switch checks that LACP-BPDUs come from the same switch and from
same remote link aggregation.
Rev. 11.12 8 –3
HP Networking Interoperability
Benefits: LACP is a standard (802.3ad), which Cisco and HP switches support.
LACP gives information about the remote side and a way to control that cabling
has been correctly.
Drawbacks: LACP negotiation may sometimes lead to unselected ports on both
sides.
Dynamic LACP
Both sides negotiate the link aggregation with LACP. Link aggregation will only be
formed if both sides agree. One side must be active LACP (initiates LACP
negotiation) and the other side can be either passive (does not initiate LACP
negotiation) or active. The active side sends LACP-BPDUs across all of the links of the
link aggregation. LACP-BPDUs contain the switch’s MAC address, a priority value,
and a port number. Although the priority value can be configured on Cisco switches,
on HP E-Series switches, it cannot be changed. On HP E-Series switches, dynamic
y
nl
LACP supports hot-standby links. For example, out of ten lines, eight would be
actively used, and two lines would be in standby mode.
O
Benefits: Allows a link aggregation to be initiated by one side only. However,
Se
that requires the other side to be pre-set in passive mode. Most vendors do not
allow this pre-setting because it causes issues.
lU
Drawbacks: On HP E-Series switches, dynamic LACP trunks cannot be statically
assigned to a VLAN. VLAN assignments can be made only through GVRP.
a
rn
Interoperability between modes: What works?
te
Interoperability works well with the following combinations, so they are
recommended for smooth interoperability:
In
Static on both sides
P
Static LACP on both sides
H
Interoperability usually works with dynamic LACP on both sides as long one side is
r
active. There are limitations on the HP E-Series for configuring the dynamic trunk
Fo
(Remember that dynamic trunk is the name for link aggregation on HP E-Series
switches.)
Other combinations include:
Static LACP and dynamic LACP (passive or active), which also works most of the
time
Static and static LACP, which do not usually work well together
Although a virtual port is created, the static LACP side requires the identity of the
remote side to be sent on all links to select the ports in link aggregation. One port
maybe selected but not the others.
8 –4 Rev. 11.12
Link Aggregation
Link aggregation modes (cont.)
Mode Cisco HP A-Series HP E-Series
Etherchannel Bridge
Trunk
mode aggregation
Static On Not specified Trunk
Static LACP Active Dynamic LACP
Dynamic LACP Active
Passive /
LACP LACP Passive
Preferred combinations:
Static-Static
y
Static LACP-Static LACP
nl
Figure 8-3: Link aggregation modes (cont.)
O
Depending on a switch’s platform, link aggregation modes will be called different
Se
names. Remember that the Static-Static and Static LACP-Static LACP are the
combinations you are recommended to use.
lU
Apart from modes, there are other common requirements for link aggregation to
work. The links in a link aggregation must:
a
rn
Be coterminous—begin together and end together
te
Use same speed, although they may use different media types
In
Have the same duplex setting
LACP requires full-duplex
P
Have the same VLANs assigned
H
The maximum number of links that can comprise a link aggregation is usually eight,
r
Fo
but can be more or less, depending on the platform. The maximum number of link
aggregations per switch also varies on a per platform basis.
Rev. 11.12 8 –5
HP Networking Interoperability
Link aggregation load balancing options
Load balancing option Cisco HP A-Series HP E-Series
Source-Destination MAC Y Y Y
Source MAC Y Y N
Destination MAC Y Y N
Source-Destination IP Y Y Y
Source IP Y Y N
Destination IP Y Y N
Destination UDP/TCP Port Y Y N
Figure 8-4: Link aggregation load balancing options
y
nl
Load balancing does not play a role in interoperability; however, you should
O
understand how the traffic may be load balanced and the bandwidth may be used
on each platform. You should also understand the benefits of various types of load
Se
balancing.
For example, your network features a link aggregation between two switches, one of
lU
which connects to a server. Traffic destined to this server makes up a significant
portion of the link aggregation’s traffic, and you want to load balance it. The
a
destination MAC address and IP address (those of the server) are the same for all
rn
traffic. In addition, if the traffic is routed before crossing the link aggregation, the
te
source MAC address for all traffic is the same. In this case, the only way to load
In
balance the traffic is using the source IP addresses, which differ for each client.
However, if you are trying to load balance communications between two servers, the
P
source IP address will be the same for most traffic, and the only way to truly load
H
balance traffic would be to use a TCP or UDP port. This option is available on the
Comware OS and on HP A-Series switches.
r
Fo
8 –6 Rev. 11.12
Link Aggregation
IRF, link aggregation, and interoperability: IRF in the
distribution layer
Physical view Logical view
Core
Cisco
Static or LACP
link aggregation
Distribution
HP A-Series IRF
Static or LACP
link aggregation
Access layer
y
Cisco
nl
O
Would you enable STP?
Se
Figure 8-5: IRF, link aggregation and interoperability: IRF in the distribution layer
lU
IRF stands for Intelligent Resilient Framing. With IRF, two (or N) switches act as one.
IRF is what is conventionally called true stacking. It is available on HP A-Series
a
switches and requires 10 Gig links for stacking.
rn
IRF is supported on these HP A-Series switches: A12500, A9500, A7500, A5820,
te
A5800, A5500, and A5120 (10GbE models). With IRF, two switches can be
In
combined together as a single virtual switch. The HP A-Series stackable switches
A3600, A5500-EI, and A5800/5810/5820 families support IRF with up to eight or
P
nine members.
H
A typical redundant connection is achieved using link aggregation in static or LACP
mode. Link aggregation to IRF can be static or dynamic (LACP). Switches from all
r
Fo
vendors can connect to an IRF using link aggregation, eliminating the need for STP.
Q1: Would you enable STP?
______________________________________________________________________
______________________________________________________________________
______________________________________________________________________
______________________________________________________________________
Rev. 11.12 8 –7
HP Networking Interoperability
______________________________________________________________________
______________________________________________________________________
______________________________________________________________________
______________________________________________________________________
______________________________________________________________________
______________________________________________________________________
y
nl
______________________________________________________________________
O
______________________________________________________________________
Se
______________________________________________________________________
a lU
______________________________________________________________________
rn
te
______________________________________________________________________
In
______________________________________________________________________
P
H
______________________________________________________________________
r
Fo
______________________________________________________________________
______________________________________________________________________
______________________________________________________________________
______________________________________________________________________
______________________________________________________________________
______________________________________________________________________
8 –8 Rev. 11.12
Link Aggregation
IRF, link aggregation, and interoperability: IRF in the
distribution and access layers
Physical view Logical view
L3 Cisco
Core
Static or LACP
Link Aggregation
L2/L3 HP A-Series IRF
Distribution
L2
HP A-Series
Access layer
y
nl
O
Do you need to configure VRRP the distribution layer?
Se
Figure 8-6: IRF, link aggregation, and interoperability: IRF in the distribution and access layers
lU
Q1: Do you need to configure VRRP?
a
______________________________________________________________________
rn
te
______________________________________________________________________
In
______________________________________________________________________
P
H
______________________________________________________________________
r
Fo
______________________________________________________________________
______________________________________________________________________
Link aggregation becomes a way to integrate the different layers. In the above
design, IRF is put in the aggregation/distribution and access layer. The Cisco core
connects to the distribution layer via link aggregation.
Rev. 11.12 8 –9
HP Networking Interoperability
IRF, link aggregation, and interoperability: IRF in the
core and distribution layers y
Physical view Logical view
Core HP A-Series
Distribution HP A-Series IRF
Access layer
Cisco
y
stacking
nl
O
Would you enable STP?
Se
Figure 8-7: IRF, link aggregation, and interoperability: IRF in the core and distribution layers
lU
Again, link aggregation can integrate the different layers. In the above design, IRF is
a
put in the aggregation/distribution and core layers. The Cisco stack in access
rn
connects to the distribution layer via link aggregation.
te
Note
Cisco suggests stacking on its Catalyst 6500 and Catalyst 3750 switches, as well
In
as others.
P
r H
Fo
8 –10 Rev. 11.12
Link Aggregation
Static link aggregation configuration
– HP A-Series bridge aggregation configuration
Interface Bridge-aggregation 1
Interface gigabitethernet 1/0/1
Port link-aggregation group 1
Interface gigabitethernet 1/0/2
Port link-aggregation group 1
– HP E-Series trunk configuration
trunk 47-48 trk1 trunk
– Cisco port channel configuration
interface Port-channel 1
interface GigabitEthernet 1/20
y
channel-group 1 mode on
nl
interface GigabitEthernet 1/21
channel-group 1 mode on
O
Figure 8-8: Static link aggregation configuration
Se
This slide provides a quick comparison of the static link aggregation configuration on
each platform.
lU
Use the following commands to check the configuration:
a
On Cisco:
rn
Cisco# show interface port-channel 1 etherchannel
te
On HP A-Series
In
<HP-A> display link-aggregation verbose
P
On HP E-Series
H
HP-E# show trunk
r
Fo
Rev. 11.12 8 –11
HP Networking Interoperability
Static LACP link aggregation configuration
– HP A-Series bridge aggregation configuration
Interface Bridge-aggregation 1
link-aggregation mode dynamic
Interface gigabitethernet 1/0/1
Port link-aggregation group 1
Interface gigabitethernet 1/0/2
Port link-aggregation group 1
– HP E-Series trunk configuration
trunk 47-48 trk1 lacp
– Cisco port channel configuration
interface Port-channel 1
interface GigabitEthernet 1/20
y
channel-group 1 mode active
nl
interface GigabitEthernet 1/21
channel-group 1 mode active
O
Figure 8-9: Static LACP link aggregation configuration
Se
This slide provides a quick comparison of the LACP link aggregation configuration on
each platform.
lU
To check the configuration, use these commands:
a
On Cisco:
rn
Cisco# show lacp neighbors
te
On HP A-Series
In
<HP-A> display link-aggregation verbose
P
On HP E-Series
H
HP-E# show trunk
r
HP-E# show lacp
Fo
8 –12 Rev. 11.12
Link Aggregation
VLAN trunking and link aggregation
– Trunk ports for HP A-Series bridge aggregation
Interface Bridge-aggregation 1
port link-type trunk
port trunk permit vlan All
– VLAN tagging for HP E-Series trunk Do you have to set
Vlan 11 tagged trk1 VLAN trunking on
Vlan 12 tagged trk1 physical ports as well?
Vlan 13 tagged trk1
– VLAN trunking for Cisco port channel
interface Port-channel 1
y
Switchport trunk encapsulation dot1q
Switchport mode trunk
nl
Switchport trunk allowed vlan 1,11-13
O
Figure 8-10: VLAN trunking and link aggregation
Se
Q1: Do you have to set VLAN trunking on physical ports as well?
lU
______________________________________________________________________
a
______________________________________________________________________
rn
te
______________________________________________________________________
In
______________________________________________________________________
P
H
______________________________________________________________________
r
Fo
______________________________________________________________________
______________________________________________________________________
______________________________________________________________________
______________________________________________________________________
______________________________________________________________________
Rev. 11.12 8 –13
HP Networking Interoperability
Troubleshooting link aggregation
Here are some strategies you can use if you ever need to troubleshoot link
aggregation. Check the following:
The local and remote links are connected together and truly associated with the
right link-aggregation.
The ports are in full duplex mode, with same setup and not shut down.
Both sides are either in static mode or in LACP mode:
Active mode on Cisco
Dynamic on HP A-Series
Trunk LACP on HP E-Series switches
y
VLAN trunking has been set on link aggregation ports and not on physical
nl
ports.
O
If link aggregation still does not come up, try the following:
Se
Shut down and undo shut down of physical ports at the same time
lU
Repeat these operations in order:
1. Create link aggregation.
a
2. Assign physical ports.
rn
3. Configure VLAN trunking on the link aggregation ports.
te
In
P
r H
Fo
8 –14 Rev. 11.12
Link Aggregation
Lab 8.1: Configuring link aggregation and IRF
Server_1 IP addressing:
10.POD.VLAN.X/24
Cisco-A
P3 P4 X=1 on Cisco-A
PO2
X=3 on IRF
P1 BR3 P1 X=5 on HP-E
XP1 XP1
HP-C
XP2 XP2
HP-D X=100 on Server_1
IRF IRF X=101 on Client_1
P2 P2
Master BR4 Slave
XP1: Ten GIG ports
y
P1 trk1 P2
nl
HP-E
O
P3
Se
Client_1
Figure 8-11: Lab 8.1: Configuring link aggregation and IRF
lU
You will now complete a lab in which you create link aggregation groups between
Cisco and HP A-Series switches, as well as Cisco and HP E-Series switches.
a
rn
Use the space below to record any instructions your facilitator gives you for this lab.
te
________________________________________________________________________
In
________________________________________________________________________
P
H
________________________________________________________________________
r
Fo
________________________________________________________________________
________________________________________________________________________
________________________________________________________________________
________________________________________________________________________
________________________________________________________________________
________________________________________________________________________
Rev. 11.12 8 –15
HP Networking Interoperability
Lab debrief
Did you find any useful show and display commands during the lab?
______________________________________________________________
______________________________________________________________
______________________________________________________________
______________________________________________________________
______________________________________________________________
y
nl
O
What were the main things you learned about link aggregation?
______________________________________________________________
Se
lU
______________________________________________________________
a
______________________________________________________________
rn
te
______________________________________________________________
In
______________________________________________________________
P
H
______________________________________________________________
r
Fo
What were your greatest challenges?
______________________________________________________________
______________________________________________________________
______________________________________________________________
______________________________________________________________
______________________________________________________________
8 –16 Rev. 11.12
Link Aggregation
Did you learn anything that you will apply in the field?
______________________________________________________________
______________________________________________________________
______________________________________________________________
______________________________________________________________
______________________________________________________________
y
______________________________________________________________
nl
O
______________________________________________________________
Se
______________________________________________________________
lU
______________________________________________________________
a
rn
te
In
P
r H
Fo
Rev. 11.12 8 –17
HP Networking Interoperability
Module 8 summary
In this module, you have learned about the benefits of using link aggregation, and
how when combined with IRF, it provides a redundant architecture without STP. Write
down any thoughts you may have while your facilitator reviews the content of this
module.
_______________________________________________________________________
_______________________________________________________________________
_______________________________________________________________________
y
_______________________________________________________________________
nl
O
_______________________________________________________________________
Se
_______________________________________________________________________
lU
_______________________________________________________________________
a
rn
_______________________________________________________________________
te
In
_______________________________________________________________________
P
_______________________________________________________________________
r H
Fo
_______________________________________________________________________
_______________________________________________________________________
_______________________________________________________________________
_______________________________________________________________________
8 –18 Rev. 11.12
Link Aggregation
Learning check
Q1: In what circumstances can you create an LACP link aggregation in which one
switch connects to two different switches?
_______________________________________________________________________
_______________________________________________________________________
_______________________________________________________________________
_______________________________________________________________________
y
nl
Q2: Can you create a link aggregation between a Cisco switch port in on mode and
an HP E-Series switch port in trunk mode?
O
_______________________________________________________________________
Se
_______________________________________________________________________
lU
_______________________________________________________________________
a
rn
_______________________________________________________________________
te
In
Q3: Can you create a link aggregation between a Cisco switch in active mode and
P
an HP A-Series switch in dynamic mode?
H
_______________________________________________________________________
r
Fo
_______________________________________________________________________
_______________________________________________________________________
_______________________________________________________________________
_______________________________________________________________________
_______________________________________________________________________
_______________________________________________________________________
Rev. 11.12 8 –19
HP Networking Interoperability
PAGE INTENTIONALLY LEFT BLANK
y
nl
O
Se
lU
a
rn
te
In
P
r H
Fo
8 –20 Rev. 11.12
Virtual IP Protocols
Module 9
Module 9 objectives
After completing this module, you will be able to:
Describe the differences and similarities between several virtual IP protocols,
including:
Cisco Hot Standby Router Protocol (HSRP)
Cisco Gateway Load Balancing Protocol (GBLP)
y
Industry-standard Virtual Router Redundancy Protocol (VRRP)
nl
Assess the advantages and disadvantages of virtual IP protocols as compared to
O
HP Intelligent Resilient Framework (IRF) solutions
Implement the appropriate protocol options such as:
Se
Preemption
lU
Preempt delay timer
a
Tracking of interface or IP object
rn
Load-balancing
te
Support of stateful Network Address Translation (NAT)
In
P
r H
Fo
Rev. 11.12 9 –1
HP Networking Interoperability
Comparing HSRP, GLBP, VRRP, and IRF
This module covers options for providing router redundancy, principally by
implementing one of these protocols:
HSRP
GLBP
VRRP
Although the protocols do not interoperate, often the lack of compatibility does not
create an issue. Typically the devices that provide redundancy for each other are
identical models from the same vendor. Therefore, this section focuses on comparing
the options provided by these protocols. You will also learn about the HP A-Series IRF
technology, which offers an attractive alternative to using these protocols.
y
nl
Use the space below to record your experience in implementing any of these
protocols.
O
NOTES
Se
_________________________________________________________________________
lU
_________________________________________________________________________
a
rn
_________________________________________________________________________
te
_________________________________________________________________________
In
P
_________________________________________________________________________
r H
_________________________________________________________________________
Fo
_________________________________________________________________________
_________________________________________________________________________
_________________________________________________________________________
_________________________________________________________________________
_________________________________________________________________________
9 –2 Rev. 11.12
Virtual IP Protocols
Virtual IP concepts
– A group of routers share one Static route
10.0.0.0/8 -> VIP1
virtual IP address and one Router
virtual MAC address.
Virtual IP 2
– As far as endpoints are Virtual MAC 1
concerned, one router exists: Master Backup
• They
send an ARP request for the Backup
Master
MAC address of their gateway IP Virtual IP 1
Virtual MAC 1
address (the virtual IP address).
• They address all traffic to be routed to
the virtual MAC address at Layer 2. Client
y
IP: 10.POD.1.51
nl
GW IP: Virtual IP 1
GW MAC: Virtual Mac 1
O
Figure 9-1: Virtual IP concepts
Se
Examine the figure and discuss the questions on this and the next page. Reference
material is also included after the questions.
lU
Q1: List the virtual protocols with which you are familiar. State which are proprietary
and which are industry-standard protocols.
a
rn
_________________________________________________________________________
te
_________________________________________________________________________
In
P
_________________________________________________________________________
r H
_________________________________________________________________________
Fo
Q2: What is the purpose of implementing HSRP and VRRP?
_________________________________________________________________________
_________________________________________________________________________
_________________________________________________________________________
_________________________________________________________________________
_________________________________________________________________________
Rev. 11.12 9 –3
HP Networking Interoperability
Q3: Do the endpoints that use the virtual IP as their default router need to be aware
of HSRP or VRRP?
_________________________________________________________________________
_________________________________________________________________________
_________________________________________________________________________
_________________________________________________________________________
Q4: What are the different roles of routers in HSRP and VRRP?
y
_________________________________________________________________________
nl
O
_________________________________________________________________________
Se
_________________________________________________________________________
lU
_________________________________________________________________________
a
rn
_________________________________________________________________________
te
In
_________________________________________________________________________
P
_________________________________________________________________________
r H
_________________________________________________________________________
Fo
Q5: In what circumstances are the virtual IP and virtual MAC addresses used?
_________________________________________________________________________
_________________________________________________________________________
_________________________________________________________________________
_________________________________________________________________________
_________________________________________________________________________
9 –4 Rev. 11.12
Virtual IP Protocols
Q6: For which common protocols might the virtual IP protocols not provide
redundancy without interruption? Explain.
_________________________________________________________________________
_________________________________________________________________________
_________________________________________________________________________
_________________________________________________________________________
_________________________________________________________________________
y
nl
_________________________________________________________________________
O
_________________________________________________________________________
Se
_________________________________________________________________________
a lU
_________________________________________________________________________
rn
te
Reference
In
A group of routers function as one virtual router by sharing one virtual IP address
and one virtual MAC address. Only one router actively performs packet forwarding
P
for local hosts while the other routers remain in backup mode. If the active router
H
fails, one of the backup routers will be elected as the new active router and assume
the ownership of the virtual IP and MAC addresses.
r
Fo
When a backup router assumes the role of master, it sends a gratuitous ARP, which is
a response for which there was no request. The gratuitous ARP updates the ARP table
of endpoints in the broadcast domain. The gratuitous ARP also updates the MAC
address table of switches within the broadcast domain, speeding the convergence.
Note that endpoints that use the virtual IP address as their default router IP do not
have to support or be compatible with the virtual IP protocol. These endpoints simply
send an ARP request for their default router’s IP address and receive in response the
group’s virtual MAC address. They can then use this address as the destination MAC
address for traffic that needs to be routed.
The virtual MAC address is owned by the master, but if the master fails, the new
master then owns the address. The endpoints continue to send traffic that needs to be
routed to the same virtual MAC address, so the failover is entirely transparent for the
client.
Rev. 11.12 9 –5
HP Networking Interoperability
Virtual IP quiz
– What is the difference between VRRP and HSRP?
– What is the difference between GLBP and HSRP?
– What message does a backup router usually send when it
becomes the master?
– What function does preemption serve?
– What function does preempt delay serve?
– What function does tracking serve?
Figure 9-2: Virtual IP quiz
y
nl
Take a quick pretest to assess what you know about virtual IP protocols. The rest of
O
this module will provide answers to any questions that you do not know.
Q1: What is the difference between VRRP and HSRP?
Se
_________________________________________________________________________
lU
_________________________________________________________________________
a
rn
_________________________________________________________________________
te
In
_________________________________________________________________________
P
_________________________________________________________________________
r H
_________________________________________________________________________
Fo
_________________________________________________________________________
_________________________________________________________________________
_________________________________________________________________________
_________________________________________________________________________
_________________________________________________________________________
9 –6 Rev. 11.12
Virtual IP Protocols
Q2: What is the difference between GLBP and HSRP?
_________________________________________________________________________
_________________________________________________________________________
_________________________________________________________________________
_________________________________________________________________________
_________________________________________________________________________
y
_________________________________________________________________________
nl
O
_________________________________________________________________________
Se
_________________________________________________________________________
lU
_________________________________________________________________________
a
rn
_________________________________________________________________________
te
In
Q3: What message does a backup router usually send when it becomes master?
_________________________________________________________________________
P
H
_________________________________________________________________________
r
Fo
_________________________________________________________________________
_________________________________________________________________________
_________________________________________________________________________
_________________________________________________________________________
_________________________________________________________________________
_________________________________________________________________________
Rev. 11.12 9 –7
HP Networking Interoperability
Q4: What function does preemption serve?
_________________________________________________________________________
_________________________________________________________________________
_________________________________________________________________________
_________________________________________________________________________
_________________________________________________________________________
y
Q5: What function does preempt delay serve?
nl
_________________________________________________________________________
O
_________________________________________________________________________
Se
lU
_________________________________________________________________________
a
_________________________________________________________________________
rn
te
_________________________________________________________________________
In
_________________________________________________________________________
P
H
Q6: What function does tracking serve?
r
Fo
_________________________________________________________________________
_________________________________________________________________________
_________________________________________________________________________
_________________________________________________________________________
_________________________________________________________________________
_________________________________________________________________________
9 –8 Rev. 11.12
Virtual IP Protocols
HSRP, GLBP, and VRRP comparison
VRRP VRRP
Options Cisco HSRP* Cisco GLBP*
HP A-Series HP E-Series
Interoperable N N Y Y
Authentication Y Y Y N
Preempt Delay Y Y Y Y
Load Balancing N Y Y* N
Tracking Interface Y Y Y Y
Tracking Remote IP Y Y Y N
NAT stateful Y (SNAT) Y N** N**
Virtual Mac 00-0-00-c0-7-acxx 00-07.b4-00-01-xx 00-00-5E-00-01-XX 00-00-5E-00-01-XX
224.0.0.2 224.0.0.102 224.0.0.12 224.0.0.12
Multicast IP UDP 1985 UDP 3222 protocol 112 protocol 112
y
RFC
nl
RFC 2281 No RFC RFC 3768 RFC 3768
O
* Proprietary **available with IRF
Figure 9-3: HSRP, GLBP and VRRP compared
The table compares the virtual IP protocols.
Se
lU
Interoperability
a
HSRP and GLBP are Cisco proprietary. VRRP is interoperable with the exception of
rn
the load balancing version on HP A-Series devices.
te
Authentication
In
Both HSRP and VRRP allow the partners (routers) to authenticate each other.
Authentication prevents a rogue router from posing as the master in a subnet and
P
collecting users’ traffic or implementing a denial of service (DoS) by failing to route
H
the traffic.
r
Preempt delay
Fo
All virtual IP protocols support preemption and preempt delay.
Load balancing
The load balancing function distributes traffic destined to a VLAN’s (or broadcast
domain’s) default gateway between multiple routers. GLBP and the HP A-Series load
balancing version of VRRP both support this feature. Both protocols are proprietary.
How is traffic load balanced? The single virtual IP address is associated with one
virtual MAC address per member. The master receives ARP requests and sends
replies that specify different virtual MAC addresses, taking turns among the different
virtual MAC addresses in order to distribute traffic among them. If one router in the
group fails, one of the other routers assumes the failed member’s virtual MAC
address as well as its own.
Rev. 11.12 9 –9
HP Networking Interoperability
Tracking interface and remote IP
All of the virtual IP protocols support tracking an interface. HSRP, GLBP, and VRRP on
HP A-Series devices also support tracking a remote IP address.
Stateful NAT
If a router that implements a virtual IP protocol and NAT fails, the router’s table of
NAT sessions is usually lost.
With Cisco Stateful Failover of Network Address Translation (SNAT), routers
implementing HSRP can share the NAT session table between them.
VRRP does not support the sharing of NAT sessions. However, IRF on HP A-Series
devices can provide IP redundancy with the assurance that no NAT sessions are lost
when a single member fails.
y
Virtual MAC
nl
O
All of the virtual IP protocols use a similar virtual MAC address, in which the last
octet is defined by the group ID of the virtual router; however, the precise address
Se
varies among the protocols.
Remember that GLBP and VRRP load balancing mode use multiple virtual MAC
lU
addresses—one for each member router.
Multicast IP
a
rn
The table shows the multicast IP addresses, which the router members in the virtual
te
router use to exchange messages.
In
P
r H
Fo
9 –10 Rev. 11.12
Virtual IP Protocols
Comparing IRF to virtual IP protocols
– With IRF, multiple routing switches truly act as one, giving
you high functionality with simple implementation and
maintenance:
• No need for virtual IP protocols
• Sharing of all IP addresses as well as routing table, MAC address
table, and ARP caches
• Full load balancing
• NAT sessions state maintenance
Figure 9-4: IRF compared to virtual IP protocols
y
With IRF, multiple routing switches operate as one virtual switch. The switches do not
nl
need to use virtual IP protocols. Instead, all switches in the IRF group share all IP
O
addresses, MAC address tables, ARP caches, routing information, and NAT sessions
states. The traffic is fully load balanced between all routers in the IRF group.
Se
You will see several design cases in which IRF provides high availability and
lU
bandwidth with a simple implementation.
a
rn
te
In
P
r H
Fo
Rev. 11.12 9 –11
HP Networking Interoperability
VRRP on Cisco
– VRRP is not widely implemented in IOS on Catalyst, but is
supported on Catalyst 4500, 4900 and 6500.
– VRRP is implemented in IOS on many routers—minimum
version 12.2 (X).
– Verify the necessary IOS version with the Cisco Feature
Navigator.
Figure 9-5: VRRP on Cisco
Although VRRP support is not widely supported in the Cisco product line, some Cisco
y
devices do support VRRP:
nl
7600 router family with IOS version 12.2(13)ZP4 or later
O
Catalyst 4500 family with IOS version 12.2(53)SG2 or later
Se
Catalyst 6000 with SUP2/MSFC2 and IOS version 12.2(18)SXF17a or later
Catalyst 6500 with VS-S720-10G/MSFC3 and IOS version 12.2(33)SXI3 or
lU
later
a
(To verify which IOS versions support VRRP, please consult the Cisco Navigator
rn
feature.)
te
In
P
r H
Fo
9 –12 Rev. 11.12
Virtual IP Protocols
Virtual IP design cases
The next section guides you through designing virtual IP implementations for various
use cases.
If you have designed virtual IP protocol solutions, note some of the problems that you
have encountered below. After you complete the design cases, return to this page
and see if any of the solutions you discussed could have helped you resolve these
problems.
NOTES
________________________________________________________________________
________________________________________________________________________
y
nl
________________________________________________________________________
O
________________________________________________________________________
Se
________________________________________________________________________
lU
________________________________________________________________________
a
________________________________________________________________________
rn
te
________________________________________________________________________
In
________________________________________________________________________
P
H
________________________________________________________________________
r
________________________________________________________________________
Fo
________________________________________________________________________
________________________________________________________________________
________________________________________________________________________
________________________________________________________________________
________________________________________________________________________
________________________________________________________________________
Rev. 11.12 9 –13
HP Networking Interoperability
Default gateway redundancy with HSRP and VRRP
Root Secondary Root Secondary Root Root
M1 B1 B2 M2
VIP1=10.1.1.1 VIP2=10.1.2.1
MSTP Instance 1 MSTP Instance 2
IP: 10.1.1.51/24 IP: 10.1.2.5/24
DEF GWY=10.1.1.1 Def GWY=10.1.2.1
VIRTUALMAC: 0000-0c07-ac01– HSRP VIRTUAL MAC: 0000-0c07-ac02– HSRP
0000-5e00-0101-VRRP 0000-5e00-0102-VRRP
y
nl
Mx Master Bx
Backup
O
Figure 9-6: Default gateway redundancy with HSRP and VRRP
Se
Here you see the main use case for HSRP and VRRP: providing redundancy for the
default gateways of VLANs. Typically, a VLAN has one master and one backup
lU
router. The master owns the virtual IP address that the DHCP server distributes as the
VLAN’s default gateway.
a
Note that you should synchronize the roles between VRRP or HSRP and MSTP to
rn
ensure that the topology is used efficiently. As you see, the VRRP or HSRP master for
te
a particular VLAN is the MSTP root for the instance that includes that root.
In
P
r H
Fo
9 –14 Rev. 11.12
Virtual IP Protocols
Default gateway redundancy with IRF
IP: 10.1.2.5/24
Def GWY: 10.1.2.1
3
1
1
4
10.1.2.1
10.1.2.1
IRF
10.1.1.1
10.1.1.1
3
1
1
y
IP: 10.1.1.51/24
nl
Def GWY : 10.1.1.1
O
Figure 9-7: Default gateway redundancy with IRF
Se
With IRF, you do not need to configure a virtual IP protocol to ensure redundancy for
the default gateway; IRF itself ensures such redundancy and more.
lU
The IRF system acts as one single Layer 3 device. The master device or fabric
a
completes routing calculations. Its Forwarding Information Base (FIB) table is
rn
synchronized across the IRF system. The other member or members of the IRF group
store the routing status in real-time to ensure that the IRF group continues to function
te
seamlessly while the master fails.
In
IRF supports all unicast and multicast routing protocols and implements distributed
resilient routing:
P
H
No single-point routing failure
Routing forwarding without interrupt
r
Fo
Operational planes (control, management, and forwarding)
Modern switches and routers segregate their functions into different groups called
operational planes or simply planes.
The most common planes are:
Control Plane: This plane includes all internal monitoring and control functions
related to power, temperature, and hardware state in general.
Management plane: This functional group provides the user interface and the
platform for all protocols run (for example, STP in Layer 2 and OSPF in layer 3).
The routing table is built in this plane. This plane’s functions are software based
to allow for upgrades.
Rev. 11.12 9 –15
HP Networking Interoperability
Forwarding plane: The group of functions includes Layer 2 and Layer 3
forwarding, packet filtering, and quality of service (QoS) policies. This plane’s
functions actually use the routing table. Functions in this plane are hardware
based because of speed requirements.
In stackable switches, the distribution of these planes is simple: a general purpose
CPU runs the management and control planes, and one or two ASICs are in charge
of actual packet processing and forwarding.
A modular switch centralizes the management and control planes in Switching and
Routing Processing Units (SRPUs) while they distribute the forwarding plane in two or
more Line Processing Units (LPUs). All modular switches support the installation of two
SRPUs for redundancy.
Operational planes in IRFv2
y
When you combine several HP A-Series devices to form an IRF virtual device, the
nl
management and control planes of one of the devices becomes active while those of
O
the other devices stay in standby. However, every switch retains its active forwarding
planes, which the active management and control planes draw on as necessary.
Se
In other words, an IRF system acts like a modular switch with centralized
management and control planes and a distributed forwarding plane.
lU
Note
a
Currently, an IRF virtual device supports a maximum of two modular switches
rn
with a maximum of four SRPUs. Only one SRPU becomes active while the others
(including another on the same switch) stay in standby.
te
In
Consider ARP. In an IRF virtual device, ARP runs in a distributed manner but as if on
a single switch:
P
Static ARP entries are automatically synchronized through the shared
H
configuration.
r
Each device sends its ARP requests independently. But when a device receives
Fo
an ARP response packet, it transmits this packet to all devices through the IUC to
prevent other devices from sending the same ARP requests.
When the IRP virtual device receives an ARP request packet, the master responds
at once. The ARP request packet is broadcast, and it is automatically
synchronized to each device so that the entry can be learned by everyone.
However, each device ages its own ARP entry independently.
9 –16 Rev. 11.12
Virtual IP Protocols
Load balancing with GLBP and VRRP (HP A-Series
devices)
In a given IP subnet, one virtual IP and several virtual
MAC addresses are assigned by the master.
M1 B1
VIP1=10.1.1.1
y
nl
IP: 10.1.1.45/24 IP: 10.1.1.24/24
O
IP Def Gwy 10.1.1.1 IP Def Gwy: 10.1.1.1
MAC Def Gwy:000f-e2ff-0011 MAC Def Gwy: 000f-e2ff-0012
Se
Figure 9-8: Load balancing with GLBP and VRRP (HP A-Series devices)
In this use case, you need to implement load balancing. On HP A-Series devices,
lU
VRRP load balancing mode provides the necessary functionality. On Cisco devices,
GLBP provides load-balancing. However, this particular use case focuses on VRRP
a
load-balancing on HP A-Series devices.
rn
When VRRP works in the standard protocol mode, only the master can forward
te
packets and the backups remain in a listening state. Although you can create
In
multiple VRRP groups to implement load balancing among multiple routers, this
solution would require endpoints in the VLAN to have different gateways,
P
complicating the configuration.
H
When VRRP works in the load balancing mode, however, the group gains load
r
balancing in addition to virtual gateway redundancy.
Fo
The virtual IP address is associated with multiple virtual MAC addresses, one for
each router in the VRRP group. The master allocates virtual MAC addresses to routers
in the VRRP group. It then replies to ARP requests (for the IPv4 network) or Neighbor
Discovery (ND) requests (for the IPv6 network) from different endpoints with different
virtual MAC addresses, using a load balancing algorithm. The backup routers,
however, do not reply to the ARP or ND requests.
In this way, each router in the group can forward packets. Because you only need to
create one VRRP group to implement load balancing among multiple routers, you
avoid the configuration issues but fully utilize your network resources rather than
leave backup routers in the idle state.
The VRRP load-balancing mode is based on the VRRP standard protocol mode, so
mechanisms, such as master election, preemption, and tracking functions, in the
standard protocol mode are also supported in the load-balancing mode.
Rev. 11.12 9 –17
HP Networking Interoperability
Load balancing with IRF
Architecture is symmetric and Layer 2/Layer 3 forwarding is
distributed. Then load balancing is included
IRF
10.1.1.1
IP: 10.1.1.45/24 IP: 10.1.1.24/24
IP Def Gwy 10.1.1.1
y
IP Def Gwy: 10.1.1.1
nl
Figure 9-9: Load balancing with IRF
O
The IRF architecture itself provides load balancing between the Layer 3 switches.
Se
Unlike an MSTP/VRRP or PVST/HSRP architecture, it provides symmetric connections
between edge switches and the IRF, in which all links are used.
lU
As the figure shows, traffic between the edge and core switches is load balanced by
the algorithm applied on the aggregated link.
a
rn
When a packet arrives on a port on one of the IRF’s routing-switches, the packet is
forwarded locally because routing and switching are truly distributed among IRF
te
members and line card—as long as the destination is connected to a switch which is
In
also connected with link-aggregation.
MAC addresses as well as the ARP cache are distributed and synchronized among
P
IRF members. When forwarding the traffic to an aggregated link, the IRF virtual
H
device always chooses the closest link in the aggregation (preferably, directly
connected).
r
Fo
9 –18 Rev. 11.12
Virtual IP Protocols
Next hop router in
p static routes—Case 1
Static route
WAN router 10.0.0.0/8 -> VIP1
or firewall Static route
10.0.0.0/8 -> VIP 2
Static route Static route
10.0.0.0/8 -> VIP1 10.0.0.0/8 -> VIP 2
M2
M1 VIP2 M2 VIP2
VIP1 VIP1 M1
B2 B1
y
nl
O
Figure 9-10: Next hop router in static routes—Case 1
Se
In some environments, static routing is a convenient solution for routing between a
lU
WAN router or a firewall and a pair of routing switches. For example, the switches
might not support a common routing protocol, or the equipment might be managed
a
by different companies such as an Internet Service Provider (ISP) and a private
rn
company.
te
You can use HSRP or VRRP to build redundancy into the static routes. Simply
configure the virtual IP address as the next hop IP address in the static routes to
In
subnets connected to that virtual router group.
P
Configuring the virtual IP address as the next hop in the static route provides more
H
redundancy than configuring two static routes that point to different real IP addresses.
Why? When you use real IP addresses, if the device that is the next hop for the
r
Fo
active route fails, the router must wait for the table to update. But with a single route
to the virtual IP address, the same route remains accurate if the master fails. The
backup simply takes ownership of the virtual IP address and the virtual MAC
address. As in the case of a failover for endpoints and their default gateway, the
router with the static route is not aware of the change.
For load-balancing purpose, you can create two static routes that point to two virtual
IP address.
Rev. 11.12 9 –19
HP Networking Interoperability
Next hop router in static routes—Case 2
10.0.0.0/8 -> VIP1 10.0.0.0/8 -> VIP1
10.0.0.0/8 -> VIP 2 10.0.0.0/8 -> VIP 2
M3 M4
Wan router B4 VIP3 VIP4 B3
or Firewall
M1 M2
VIP1 VIP2
B2 B1
0.0.0.0/0 -> VIP3 0.0.0.0/0 -> VIP3
0.0.0.0/0 -> VIP 4 0.0.0.0/0 -> VIP 4
y
nl
* Or GLBP or VRRP Load balancing
O
Figure 9-11: Next hop router in static routes—Case 2
Se
This example is similar to the previous one except that it features a pair of WAN
routers or firewalls. The two pairs of routers—the pair of routing switches and the
lU
pair of WAN routers—are not directly connected and use static routes to exchange IP
packets.
a
In this use model, you can build redundancy into the WAN routers as well as the
rn
routing switches, again by using a virtual IP protocol. The WAN routers share a
te
virtual IP address, which serves as the next hop for the default route set on the routing
switches. As in the previous example, the WAN routers have a static route to the
In
local network using the routing switch’s virtual IP address as the next hop.
P
If you create two virtual IP addresses and two static routes on each side, you can
H
provide full load balancing.
r
Fo
9 –20 Rev. 11.12
Virtual IP Protocols
Next hop router in static routes with IRF
10.0.0.0/8 -> IP1 10.0.0.0/8 -> IP1
Wan router M3 M4
or Firewall
B4 VIP3 VIP4 B3
IP1 0.0.0.0/0 -> VIP3
IRF
0.0.0.0/0 -> VIP 4
y
nl
O
Figure 9-12: Next hop router in static routes with IRF
Se
In this example, the WAN routers only have one Ethernet interface that is connected
to the LAN. They are connected to an access switch, which is connected to the IRP
lU
with an aggregated link. This configuration provides the WAN router with symmetric
access to both IRF members.
a
Each WAN router could also be connected directly with a single interface to one of
rn
the IRF member. This configuration would still ensure redundancy but the IRP links
te
would need to carry more traffic.
In
Each WAN router could also have two Ethernet interfaces and then form a port
channel or aggregated link to the IRF.
P
r H
Fo
Rev. 11.12 9 –21
HP Networking Interoperability
Preemption and preempt delay
t=0 t=n t=n+ preempt delay
Failure of S1 S1 is rebooted S1 preempt VIP1
Wan router
or Firewall
R R R
S2 S1 S2 S1
S2
S1 B1
M1 M1 M1
VIP1 VIP1 VIP2 VIP1
VIP2 M2 B2 M2 VIP2 M2
B2
y
B1
nl
O
Figure 9-13: Preemption and preempt delay
The figure illustrates the preempt delay feature.
Se
lU
At time 0, the master router fails. Then the backup then takes ownership of VIP1.
a
At time n, when the master is restored or rebooted, it could preempt the role of
rn
master. It may not be ready to route IP packets to remote networks because HSRP
and VRRP often converge much faster than routing protocols; even though the master
te
can route packets to directly connected networks immediately, it has not yet learned
In
routes via OSPF, RIP, or BGP. VRRP or HSRP usually converge faster than the routing
protocols.
P
The preempt delay setting solves this problem: it adds a delay time between when
H
the master comes back on line and when it preempts its role of master.
r
In the example, at time n+ preempt delay, the former master has waited for
Fo
convergence of its routing protocols, it can now preempt the role of master.
9 –22 Rev. 11.12
Virtual IP Protocols
No preempt delay needed with IRF
t=0 t=n
Failure of S1 S1 is Rebooted
IP1
IP1 IP2
IP2
y
nl
O
Figure 9-14: No preempt delay needed with IRF
Se
Consider the previous scenario with IRF. In this example, the router is connected to
lU
the IRF with an aggregated link.
A link failure would only cause less bandwidth; Layer 2 and Layer 3 connectivity
a
would remain, protecting packets from being dropped. Even if an IRF member fails
rn
completely, Layer 2 and Layer 3 connectivity would be maintained.
te
Because the IRF virtual device uses a single routing table, there is no need for the
In
router to delay resuming its role in the IRF virtual device when it reboots.
P
r H
Fo
Rev. 11.12 9 –23
HP Networking Interoperability
Tracking interfaces with VRRP or HSRP
WAN router
or Firewall
M1 M2
M2
B1
VIP1 VIP2 B1 VIP1 M1
B2 B2
VIP2 Priority 90
Priority 100 Priority 90 Priority 80
- 20
y
nl
Figure 9-15: Tracking interfaces with VRRP or HSRP
O
When the interface that the master router uses to connect to the WAN router or
Se
firewall goes down, the master loses its IP routes to remote IP networks.
lU
If the system uses routing protocols, the master can learn new routes to the remote
networks. Or the master might have a floating static route. In either case, however,
a
the next hop for new routes is typically a backup router in the VRRP group. The
rn
master has become an unnecessary hop for traffic destined to remote IP networks, so
routing traffic directly through the backup would be more efficient.
te
VRRP or HSRP tracking enables the router to lower its priority if a particular interface
In
goes down so that its priority becomes lower than that of a backup. The backup can
then preempt the role of master for the virtual IP.
P
H
In this typical case, tracking is usually set for VLANs. So that routers can preempt the
master role when necessary, you should usually configure preempt mode with
r
tracking. Note, however, that tracking is optional; sometimes you might decide that
Fo
eliminating a potential extra hop is not worth the additional configuration.
9 –24 Rev. 11.12
Virtual IP Protocols
Tracking remote IP addresses
N1 N2
N1 N2
M1 M2
M2
B1
VIP1 VIP2 B1 VIP1 M1
B2 B2
VIP2 Prior 90
Priority 105 Priority 90 Priority 85
- 2*10
y
nl
O
Figure 9-16: Tracking remote IP addresses
Se
A router’s access to remote IP networks may depend on a series of connections and
devices, including several routers, firewalls, and switches. Simply because the router’s
Internet-facing interface is up does not rule out a problem on another upstream
lU
device.
a
HSRP and VRRP on HP A-Series devices offer the ability to track connectivity to a
rn
remote IP address through a specific interface. (You must specify the interface;
otherwise, a router might not realize that its interface has gone down, and it is
te
reaching the remote IP addresses through the group’s backup.)
In
You would typically choose an IP address on the Internet or other remote network—
for example, the IP address of:
P
H
A remote site router or server
A router or server at headquarters
r
Fo
A remote endpoint of an IPsec VPN tunnel
A service provider device
An Internet server with a stable IP address
Note
Make sure that the router can ping the IP address that you select and that there is
no firewall that can block the ping packets.
Rev. 11.12 9 –25
HP Networking Interoperability
When a router detects that it cannot reach tracked IP address through the tracked
interface, the result is the same as in the simple tracked interface scenario.
In this example, the routers in the VRRP or HSRP group track two remote IP addresses;
thus they avoid relying on a single IP address (which might itself fail) to test an access
to remote networks. Failure of each node can lower priority—by 10 and by 15, for
example. However, only losing connectivity with both tracked addresses will truly
indicate a failure and lower the master’s priority enough to become lower than that
of the backup.
y
nl
O
Se
a lU
rn
te
In
P
r H
Fo
9 –26 Rev. 11.12
Virtual IP Protocols
Tracking with IRF and NQA
N1 N2
N1 N2
IP3 IP4
0.0.0.0/0 -> IP3 pref 1 -> 100 0.0.0.0/0 -> IP 4 pref 10
0.0.0.0/0 -> IP 4 pref 10
IP1 IP1
IP2 IP2
y
nl
O
Figure 9-17: Tracking with IRF and NQA
Network Quality Analyzer (NQA) allows a switch or an IRF, as shown in the figure
Se
above, to track the status of a remote IP address. Based on connectivity to this
address, the router can change the preference of a static route. (On HP E-Series
lU
switches and Cisco switches, the preference is the administrative distance.)
a
In the examples illustrated above, each WAN router has two static routes: a primary
rn
route and a backup one with a lower preference (called a floating static route).
te
When the router fails to reach the tracked remote IP address, it increases the
preference of the main route (lower preference value is preferred). As a result, the
In
backup route is placed in the routing table.
P
r H
Fo
Rev. 11.12 9 –27
HP Networking Interoperability
Configuring virtual IP protocols
You will now evaluate example configurations for the various virtual IP protocols.
Which virtual IP protocols do you want to know more about?
NOTES
_________________________________________________________________________
_________________________________________________________________________
_________________________________________________________________________
_________________________________________________________________________
y
_________________________________________________________________________
nl
O
_________________________________________________________________________
Se
_________________________________________________________________________
lU
_________________________________________________________________________
a
_________________________________________________________________________
rn
te
_________________________________________________________________________
In
_________________________________________________________________________
P
_________________________________________________________________________
r H
_________________________________________________________________________
Fo
_________________________________________________________________________
_________________________________________________________________________
_________________________________________________________________________
_________________________________________________________________________
_________________________________________________________________________
_________________________________________________________________________
9 –28 Rev. 11.12
Virtual IP Protocols
HSRP configuration example
Active HSRP router
Real IP address used
interface vlan1
among HSRP routers
ip address 10.1.1.2 255.255.255.0
standby 1 ip 10.1.1.1
standby 1 priority 105
standby 1 preempt
Virtual IP address used
standby 1 tracking serial0
by local hosts
Highest priority wins By default, if
election, if equal tracked interface
then the highest real failovers, priority
IP address wins is reduced by 10
Standby HSRP Router
election interface vlan1
ip address 10.1.1.3 255.255.255.0
standby 1 ip 10.1.1.1
y
standby 1 preempt
standby 1 tracking serial0
nl
O
Default HSRP priority is 100
Se
Figure 9-18: HSRP configuration example
This slide shows the commands for configuring HSRP and the HSRP options discussed
lU
earlier in this module on Cisco devices.
a
rn
te
In
P
r H
Fo
Rev. 11.12 9 –29
HP Networking Interoperability
GLBP configuration example
Real IP address used
Master GLBP Router among HSRP routers
interface vlan 10
ip address 172.18.10.2 255.255.255.0
glbp 10 priority 110
glbp 10 preempt Authentication
glbp 10 authentication md5 key-string s!a863
glbp 10 ip 172.18.10.1
exit
Group number Virtual IP address used
by local hosts
Backup GLBP Router
interface vlan 10
ip address 172.18.10.3 255.255.255.0
y
glbp 10 authentication md5 key-string s!a863
nl
glbp 10 ip 172.18.10.1
exit
O
Figure 9-19: GLBP configuration example
Se
These are the commands for configuring GLBP and the GLBP options discussed
lU
earlier on Cisco devices.
a
rn
te
In
P
r H
Fo
9 –30 Rev. 11.12
Virtual IP Protocols
VRRP configuration example on HP A-Series
Master VRRP Router
interface vlan 100
ip address 202.38.160.1 255.255.255.0
vrrp vrid 1 virtual-ip 202.38.160.111
vrrp vrid 1 priority 110
vrrp vrid 1 preempt-mode timer delay 45
vrrp vrid 1 track interface gigabit 2/0/24
Virtual router ID
Preempt delay of 45 sec to allow OSPF
network to be in routing table
Backup VRRP Router
VRRP priority is 100 Interface vlan 100
y
if not specified ip address 202.38.160.2 255.255.255.0
nl
vrrp vrid 1 virtual-ip 202.38.160.111
O
Figure 9-20: VRRP configuration example on HP A-Series
Se
These are the commands for configuring VRRP and the VRRP options discussed
earlier in this module on HP A-Series devices. For example, the preempt delay has
lU
been set to 45 seconds so that the router can identify its Open Shortest Path First
(OSPF) neighbors and update its routing table with OSPF routes.
a
rn
te
In
P
r H
Fo
Rev. 11.12 9 –31
HP Networking Interoperability
VRRP tracking remote IP on HP A-Series
Defined tracked entity with Network Quality Analyzer (NQA)
# Define Ping tests 1 and 2
# send echo request to 1.1.1.1 and to 2.2.2.2 every 300 ms,
# wait for timeout for 300 ms and trigger reaction when 5 pings to probes have failed
nqa entry internetlink test-ping1
type icmp-echo
destination ip 1.1.1.1
frequency 300
probe timeout 300
reaction 11 checked-element probe-fail threshold-type consecutive 5 action-
type trigger-only
# Define track entity #1; this object is used from applications: static route, vrrp, and so on
# The track object refers to the actual NQA test and the reaction which should be monitored.
track 1 nqa entry internetlink test-ping1 reaction 11
# Start the actual nqa processes:
nqa schedule internetlink test-ping1 start-time now lifetime forever
y
nl
O
Figure 9-21: VRRP tracking remote IP on HP A-Series
Se
To configure tracking with VRRP on HP A-Series devices, you must set up NQA tests
and a track to bind the test to the VRRP priority reduction function.
lU
The specific commands are outlined in this figure and the one on the following page.
a
rn
te
In
P
r H
Fo
9 –32 Rev. 11.12
Virtual IP Protocols
VRRP tracking remote IP on HP A-Series (cont.)
Associate VRRP and NQA-tracked entity VRRP router
# Configure vrrp as a test application
# define to track test-ping1 object,
# When remote host ping fails, the priority is reduced by 50 (from 140 to 90)
# the backup vrrp host can preempt this host and take control of the link
interface Vlan-interface201
ip address 172.21.1.2 255.255.255.0
vrrp vrid 1 virtual-ip 172.21.1.10
vrrp vrid 1 priority 140
vrrp vrid 1 track 1 reduced 50
#
Figure 9-22: VRRP tracking remote IP on HP A-Series (cont.)
y
To finish the configuration, you specify the track in the VRRP configuration.
nl
In another example, you can configure two IP addresses for the router to track. If the
O
router loses contact with one of the addresses, it decreases its priority by 30 to 110,
which is still higher than the backup. If the router loses contact with the other
Se
address, it decreases its priority by 20—a different value from the first so that you
can look at the priority and instantly determine which IP addresses are accessible.
lU
Only if the router loses contact with both addresses does the priority decrease
enough for the backup to become master. This setup helps to reduce the false
a
positives that can occur if you only ping one IP address.
rn
Follow these steps to set up the two tracks:
te
1. First, define an NQA test. You need to specify the name of the administrative
In
user who creates the test and also assign the test a name.
[Switch] nqa entry admin pingtest1
P
2. Configure the test. In this example, the test sends echo requests to 10.1.1.1 every
H
200 ms, waiting for a 10 ms timeout. The test triggers a reaction when five
r
probes fail in a row.
Fo
[Switch-nqa-admin- pingtest1] type icmp-echo
[Switch-nqa-admin- pingtest1-icmp-echo] destination ip 1.1.1.1
[Switch-nqa-admin- pingtest1-icmp-echo] frequency 200
[Switch-nqa-admin- pingtest1-icmp-echo] probe timeout 10
[Switch-nqa-admin- pingtest1-icmp-echo] reaction 1 checked-
element probe-fail threshold-type consecutive 5 action-type
trigger-only
Rev. 11.12 9 –33
HP Networking Interoperability
3. Define a second test. In this example, the second test sends echo requests to
10.2.2.2 every 200 ms, waiting for a 10 ms timeout and triggering reaction
when 5 probes failed
[Switch] nqa entry admin pingtest2
[Switch-nqa-admin- pingtest2] type icmp-echo
[Switch-nqa-admin- pingtest2-icmp-echo] destination ip 2.2.2.2
[Switch-nqa-admin- pingtest2-icmp-echo] frequency 200
[Switch-nqa-admin- pingtest2-icmp-echo] probe timeout 10
[Switch-nqa-admin- pingtest2-icmp-echo] reaction 1 checked-
element probe-fail threshold-type consecutive 5 action-type
trigger-only
4. Define tracks, which you use to link the NQA tests to applications such as static
routes or VRRP. The track specifies both the test and the reaction to monitor.
y
nl
[Switch] track 1 nqa entry admin pingtest1 reaction 1
O
[Switch] track 2 nqa entry admin pingtest2 reaction 1
5. Start the actual NQA processes:
Se
[Switch] nqa schedule admin pingtest1 start-time now lifetime
forever
lU
[Switch] nqa schedule admin pingtest1 start-time now lifetime
forever
a
rn
Note
If you want to stop a test, enter undo nqa schedule <admin-name> <test-name>.
te
For example, enter undo nqa schedule admin pingtest1.
In
6. Configure VRRP to base the priority on the track. In this example, the virtual IP is
P
172.21.1.10 and the priority is 140. As described earlier, you will configure a
slightly different reduction for the two tracks, and only the combined reductions
H
make the priority lower than the backup’s priority (90 compared to 100 on the
r
backup).
Fo
[Switch] interface Vlan-interface201
[Switch-Vlan-interface201] ip address 172.21.1.2 255.255.255.0
[Switch-Vlan-interface201] vrrp vrid 1 virtual-ip 172.21.1.10
[Switch-Vlan-interface201] vrrp vrid 1 priority 140
[Switch-Vlan-interface201] vrrp vrid 1 track 1 reduced 30
[Switch-Vlan-interface201] vrrp vrid 1 track 2 reduced 20
9 –34 Rev. 11.12
Virtual IP Protocols
7. You can test the topology and configuration by activating debugging on the
switch.
<Switch> terminal debugging
<Switch> debugging nqa reaction
<Switch> debugging track
To deactivate debugging after the tests, enter these commands:
<Switch> undo debugging all
<Switch> undo terminal debugging
Example output for display and debugging commands
Below is the output when you view VRRP functionality when the router can contact
both remote IP addresses:
y
<Switch> display vrrp verbose
nl
IPv4 Standby Information:
O
Run Method : VIRTUAL-MAC
Se
Total number of virtual routers: 1
Interface : Vlan-interface201
lU
VRID : 1 Adver. Timer : 1
Admin Status : UP State : Master
a
Config Pri : 140 Run Pri : 140
rn
Preempt Mode : YES Delay Time : 0
te
Auth Type : NONE
In
Track Object : 1 Pri Reduced : 30
Track Object : 2 Pri Reduced : 20
P
Virtual IP : 172.21.1.10
H
Virtual MAC : 0000-5e00-0101
r
Fo
Master IP : 172.21.1.2
The next example shows the debug output (debugging nqa reaction and debugging
track) when the router loses contact with one of the remote IP addresses.
<Switch1>
*May 2 21:37:19:385 2000 Switch1 TRACK/7/TRACK Debug: Receive the
notification that the status of NQA(admin-pingtest1) reaction(1)
has changed to 2.
*May 2 21:37:19:577 2000 Switch1 TRACK/7/TRACK Debug: Notify
application module(0x5230000) that the status of track entry 1 has
changed from 2 to 3.
*May 2 21:37:19:770 2000 Switch1 NQA/7/NQA_Reaction: Reaction:
Sending NQA reaction status change or stop schedule event to
module(0x5370000).
Rev. 11.12 9 –35
HP Networking Interoperability
Owner: admin Tag: pingtest1
Reaction entry number: 1
Previous status: 3
Current status: 2
Below is the output for the display vrrp verbose command when the router has lost
contact with one of the remote IP addresses. As you see, the priority has been
reduced, but the router is still master.
<Switch> display vrrp verbose
IPv4 Standby Information:
Run Method : VIRTUAL-MAC
Total number of virtual routers: 1
Interface : Vlan-interface201
y
nl
VRID : 1 Adver. Timer : 1
Admin Status : UP State : Master
O
Config Pri : 140 Run Pri : 110
Se
Preempt Mode : YES Delay Time : 0
Auth Type : NONE
lU
Track Object : 1 Pri Reduced : 30
Track Object : 2 Pri Reduced : 20
a
rn
Virtual IP : 172.21.1.10
Virtual MAC : 0000-5e00-0101
te
Master IP : 172.21.1.2
In
Here is the debugging output when the router’s link to the second tracked IP address
goes down:
P
H
*May 2 21:40:08:203 2000 Switch1 TRACK/7/TRACK Debug: Receive the
notification that the status of NQA(admin-pingtest2) reaction(1)
r
has changed to 2.
Fo
*May 2 21:40:08:395 2000 Switch1 TRACK/7/TRACK Debug: Notify
application module(0x5230000) that the status of track entry 2 has
changed from 2 to 3.
*May 2 21:40:08:588 2000 Switch1 NQA/7/NQA_Reaction: Reaction:
Sending NQA reaction status change or stop schedule event to
module(0x5370000).
Owner: admin Tag: linktest2
Reaction entry number: 1
Previous status: 3
Current status: 2
9 –36 Rev. 11.12
Virtual IP Protocols
Here is the output for the display VRRP verbose command after the link to the second
remote IP address goes down. As you see, the priority has been further reduced, and
the former backup router (which must be configured separately) is now master.
<Switch> display vrrp verbose
IPv4 Standby Information:
Run Method : VIRTUAL-MAC
Total number of virtual routers: 1
Interface : Vlan-interface201
VRID : 1 Adver. Timer : 1
Admin Status : UP State : Master
Config Pri : 140 Run Pri : 90
Preempt Mode : YES Delay Time : 0
y
nl
Auth Type : NONE
Track Object : 1 Pri Reduced : 30
O
Track Object : 2 Pri Reduced : 20
Se
Virtual IP : 172.21.1.10
Virtual MAC : 0000-5e00-0101
lU
Master IP : 172.21.1.3
a
rn
te
In
P
r H
Fo
Rev. 11.12 9 –37
HP Networking Interoperability
VRRP configuration example on HP E-Series
Virtual IP is not pingable when
router vrrp owned by backup in
router vrrp virtual-ip-ping compliance with RFC 3768
Master VRRP interface vlan1 Start with Release K.14.47
router ip address 10.1.1.2 255.255.255.0
vrrp vrid 1
backup
virtual-ip-address 10.1.1.1 255.255.255.0
priority 255
By default virtual IP is equal enable
to real IP of the master. exit
To set a virtual IP as a 3rd
exit
address, both sides are set
as backup.
router vrrp
router vrrp virtual-ip-ping
interface vlan1
ip address 10.1.1.3 255.255.255.0
vrrp vrid 1
y
Backup VRRP
backup
virtual-ip-address 10.1.1.1 255.255.255.0
router
nl
priority 100
enable
O
exit
exit
Se
Figure 9-23: VRRP configuration example on HP E-Series
These are the commands for configuring VRRP and the VRRP options discussed
lU
earlier on HP E-Series devices.
a
Note the virtual IP ping option.
rn
When VRRP functions in compliance with RFC 3768, only the owner of the virtual IP
te
address replies to pings (ICMP echo requests) to the virtual IP address. When you
enable the virtual IP ping feature is enabled, a backup router operating as the master
In
can respond to ping requests made to the virtual IP address. This makes it possible to
test the availability of the default gateway with ping. A non-owner and non-master
P
member of the VRRP group still drops all packets to the VIP.
r H
Fo
9 –38 Rev. 11.12
Virtual IP Protocols
Lab 9.1: Configuring VRRP (Optional)
MSTP Region
Name: HP-Cisco
Revision: 1
MST Instance 1: VLAN 12
MST Instance 2: VLAN 1,11,13
Cisco-A Cisco-B
HSRP IP addressing:
P1 P1
10.POD.VLAN.X/24
X=1 on Cisco-A
P3 P4 P3 P4 X=2 on Cisco-B
Trunks X=3 on HP-C
VLANs1, 11,
X=4 on HP-D
12, 13
X=5 on HP-E
P1 P2 P1 P2 X=6 on HP-F
X=100 on Server_1
X=DHCP on Client_1
P3 HP-E P3 HP-F
y
Edge Edge
VLAN 1 VLAN 12
nl
Server_1 Client_1
O
Figure 9-24: Lab 9.1: Configuring VRRP (Optional) Step 1
Se
This lab is optional. Complete it if your facilitator tells you to do so.
In this lab you will replace a Cisco aggregation switch that is using HSRP, a
lU
proprietary protocol, with an HP A-Series aggregation switch that is using VRRP, an
industry standard protocol.
a
rn
Figure 9-24 shows the lab configuration before the migration begins.
te
As you begin to add the first HP switch, your network will resemble Figure 9-25.
In
MSTP Region
Name: HP-Cisco
Revision: 1
P
MST Instance 1: VLAN 12
H
MST Instance 2: VLAN 1,11,13
r
Cisco-A HP-C VRRP HP-D
Fo
P2 P1 XP1 XP1 IP addressing:
10.POD.VLAN.X/24
P2 P3 P2 P3 X=1 on Cisco-A
X=2 on Cisco-B
Trunks X=3 on HP-C
VLANs1, 11, 12, 13
X=4 on HP-D
P1 P2 P1 P2 X=5 on HP-E
X=6 on HP-F
HP-E HP-F X=100 on Server_1
P3 P3 X=DHCP on Client_1
Server_1 Client_1
Figure 9-25: Lab 9.1: Configuring VRRP (Optional) Step 2
Rev. 11.12 9 –39
HP Networking Interoperability
Figure 9-26 shows your network as you add the second HP switch, finish
implementing VRRP, and migrate the access layer switches.
MSTP Region
Name: HP-Cisco
Revision: 1
MST Instance 1: VLAN 12
MST Instance 2: VLAN 1,11,13
Cisco-A Cisco-B HP-C HP-D
HSRP VRRP
P1 P1 XP1 XP1
P1
P4 P3 P4 P3 IP addressing:
P3 P2 P2 P3
P2 10.POD.VLAN.X/24
Trunks X=1 on Cisco-A
VLANs 1, 11, X=2 on Cisco-B
12, 13 P1 P2 X=3 on HP-C
P1 P2 P1 P2 P2 P1 X=4 on HP-D
X=5 on HP-E
HP-E P3 HP-E X=6 on HP-F
P3 P3 HP-F P3 HP-F
X=100 on Server_1
X=DHCP on Client_1
y
Server_1
nl
Server_1 Client_1 Client_1
Figure 9-26: Lab 9.1: Configuring VRRP (Optional) Step 3
O
Finally, Figure 9-27 illustrates the topology after the migration is complete.
MSTP Region
Se
lU
Name: HP-Cisco
Revision: 1
MST Instance 1: VLAN 12
MST Instance 2: VLAN 1,11,13
a
rn
Cisco-A Cisco-B HP-C HP-D
HSRP VRRP
P1 P1 XP1 XP1
te
P1
P3 P3 P4 P2 P3 P2 P3
In
IP addressing: Trunks
10.POD.VLAN.X/24 VLANs 1, 11, 12, 13
X=1 on Cisco-A P1 P2
P
X=2 on Cisco-B P2 P1
X=3 on HP-C HP-E HP-F
H
X=4 on HP-D
X=5 on HP-E P3 P3
X=6 on HP-F
r
X=100 on Server_1
Fo
X=DHCP on Client_1 Server_1 Client_1
Figure 9-27: Lab 9.1: Configuring VRRP (Optional) Step 4
Record your notes in the space provided below.
_________________________________________________________________________
_________________________________________________________________________
_________________________________________________________________________
_________________________________________________________________________
_________________________________________________________________________
9 –40 Rev. 11.12
Virtual IP Protocols
Lab debrief
What were your key insights and discoveries about virtual IP protocols?
_________________________________________________________________________
_________________________________________________________________________
_________________________________________________________________________
_________________________________________________________________________
_________________________________________________________________________
y
nl
O
_________________________________________________________________________
Se
Did you encounter any difficulties?
lU
_________________________________________________________________________
a
Did you encounter difficulties in configuring or verifying the configuration?
rn
_________________________________________________________________________
te
In
_________________________________________________________________________
P
_________________________________________________________________________
r H
_________________________________________________________________________
Fo
_________________________________________________________________________
_________________________________________________________________________
_________________________________________________________________________
_________________________________________________________________________
_________________________________________________________________________
Rev. 11.12 9 –41
HP Networking Interoperability
How did you troubleshoot? Did you encounter difficulties troubleshooting?
_________________________________________________________________________
_________________________________________________________________________
_________________________________________________________________________
_________________________________________________________________________
_________________________________________________________________________
y
_________________________________________________________________________
nl
O
_________________________________________________________________________
Se
_________________________________________________________________________
lU
_________________________________________________________________________
a
rn
Did any of your mistakes teach you something that you would like to you would like
te
to share?
In
_________________________________________________________________________
P
_________________________________________________________________________
r H
_________________________________________________________________________
Fo
_________________________________________________________________________
_________________________________________________________________________
_________________________________________________________________________
_________________________________________________________________________
9 –42 Rev. 11.12
Virtual IP Protocols
Have you learned a practice that you will apply in the field?
_________________________________________________________________________
_________________________________________________________________________
_________________________________________________________________________
_________________________________________________________________________
_________________________________________________________________________
y
_________________________________________________________________________
nl
O
_________________________________________________________________________
Se
_________________________________________________________________________
lU
_________________________________________________________________________
a
rn
Did you find any show or display commands particularly useful?
te
_________________________________________________________________________
In
_________________________________________________________________________
P
H
_________________________________________________________________________
r
Fo
_________________________________________________________________________
_________________________________________________________________________
_________________________________________________________________________
_________________________________________________________________________
_________________________________________________________________________
_________________________________________________________________________
Rev. 11.12 9 –43
HP Networking Interoperability
Module 9 summary
In this module, you have learned:
Differences between various virtual IP protocols and the options that they support
How to implement virtual IP protocols to support several different redundancy
situations, including a default gateway and a next hop in a static route
How virtual IP protocols compare with IRF
How to configure virtual IP protocols
y
nl
O
Se
a lU
rn
te
In
P
r H
Fo
9 –44 Rev. 11.12
Virtual IP Protocols
Learning check
As usual, the answers to these questions are given in the appendix. The answers to
the quiz that you took earlier are also included for your reference.
Q1: How does an IP endpoint learn its default gateway’s virtual IP and virtual MAC
addresses?
_________________________________________________________________________
_________________________________________________________________________
_________________________________________________________________________
y
nl
_________________________________________________________________________
O
_________________________________________________________________________
Se
Q2: Can a HP Layer 3 switch back up a Cisco Layer 3 switch using HSRP?
lU
_________________________________________________________________________
a
rn
_________________________________________________________________________
te
_________________________________________________________________________
In
P
_________________________________________________________________________
r H
_________________________________________________________________________
Fo
Q3: Can you use VRRP and HSRP in the same LAN?
_________________________________________________________________________
_________________________________________________________________________
_________________________________________________________________________
_________________________________________________________________________
_________________________________________________________________________
Rev. 11.12 9 –45
HP Networking Interoperability
Q4: What is the purpose of the preempt delay purpose? When would you set it?
_________________________________________________________________________
_________________________________________________________________________
_________________________________________________________________________
_________________________________________________________________________
_________________________________________________________________________
y
Q5: In what situations is load balancing desirable?
nl
_________________________________________________________________________
O
_________________________________________________________________________
Se
lU
_________________________________________________________________________
a
_________________________________________________________________________
rn
te
_________________________________________________________________________
In
_________________________________________________________________________
P
H
Q6: When a pair of core routing switches connect to a WAN router, is VRRP
r
tracking always required?
Fo
_________________________________________________________________________
_________________________________________________________________________
_________________________________________________________________________
_________________________________________________________________________
_________________________________________________________________________
_________________________________________________________________________
9 –46 Rev. 11.12
Routing Using OSPF
Module 10
Module 10 objectives
Because OSPF is an open standard, Cisco and HP devices running this protocol
interoperate well. You simply need to know which version your devices run and
which versions support the features that you require. In particular, you should check
for the newer features such as BFD and graceful restart. Of course, you must also
know the process for implementing OSPF on both types of devices. This module
teaches you about setting up the key features in an HP and Cisco environment.
After completing this module, you will be able to:
y
Set up HP and Cisco devices as OSPF neighbors
nl
Configure OSPF’s BFD feature to support fast convergence and graceful restart
O
for non-stop forwarding
Se
Configure OSPF in a multi-area environment
Design an OSPF topology that is appropriate to your environment
lU
Configure OSPF redistribution between Cisco and HP devices
a
rn
te
In
P
r H
Fo
Rev. 11.12 10 –1
HP Networking Interoperability
Scenarios for configuring OSPF neighbors
The following scenarios review how to configure HP and Cisco devices as OSPF
neighboring. In specific, they cover these topics:
Conditions for becoming OSPF neighbors
Authentication
BFD for fast convergence
Graceful restart for non-stop forwarding
y
nl
O
Se
a lU
rn
te
In
P
r H
Fo
10 –2 Rev. 11.12
Routing Using OSPF
OSPF neighboring—Scenario 1-1
Which routers will become OSPF neighbors? Why?
IP: 10.1.2.1/24 IP: 10.1.2.3/24
OSPF Area 0 OSPF Area 1
Hello timer: 10 s R4 Hello timer: 10 s
R1
Dead interval: 40 sec Dead interval: 40 sec
Network Type=Broadcast Network Type=Broadcast
IP: 10.1.2.2/30
IP: 10.1.2.4/24
OSPF Area 0
OSPF Area 0
y
Hello timer: 10 s R2 R3 Hello timer: 10 s
nl
Dead interval: 40 sec
Dead interval: 30 sec
Network Type=P2P
Network Type=Broadcast
O
Figure 10-1: OSPF Neighboring—Scenario 1-1
Se
Examine the figure and then answer this question:
lU
What conditions must two routers meet to become OSPF neighbors? For each
condition that you list, check that setting on the routers in this example. Circle any
a
incorrect settings and replace them with the correct setting.
rn
________________________________________________________________________
te
In
________________________________________________________________________
P
________________________________________________________________________
r H
________________________________________________________________________
Fo
________________________________________________________________________
________________________________________________________________________
________________________________________________________________________
________________________________________________________________________
________________________________________________________________________
Rev. 11.12 10 –3
HP Networking Interoperability
________________________________________________________________________
________________________________________________________________________
________________________________________________________________________
________________________________________________________________________
________________________________________________________________________
________________________________________________________________________
y
nl
________________________________________________________________________
O
________________________________________________________________________
Se
________________________________________________________________________
a lU
________________________________________________________________________
rn
te
________________________________________________________________________
In
Best practices
P
This scenario does not show the most highly recommended topology. It is
H
recommended to connect routing switches directly when possible:
r
If possible, create a mesh topology in which every routing switch connects to
Fo
every other routing switch. The formula for determining the required number of
connections is: (N x (N-1))/2.
For example, with four routers, the number of required connections is 4x3/2 =
12/2 = 6. With six routers, the number is 6x5/2 = 15 connections.
Each link should support its own VLAN and subnet (one link = one VLAN = one
subnet).
If the routing switches do not have enough Ethernet interfaces, on the other hand,
you might have to connect them through a common Layer 2 switch—or preferably,
two Layer 2 switches for redundancy. In this case, you can implement BFD for faster
convergence.
10 –4 Rev. 11.12
Routing Using OSPF
OSPF DR election—Scenario 1-2
What router becomes DR? BDR?
IP: 10.1.2.1/24 R1 R4 IP: 10.1.2.3/24
OSPF Area 0 OSPF Area 0
Priority 0 Priority 1
IP: 10.1.2.2/24 IP: 10.1.2.4/24
OSPF Area 0
y
OSPF Area 0
Priority 255 R2 R3
Priority 4
nl
O
Figure 10-2: OSPF DR election—Scenario 1-2
Examine the figure and then answer these questions:
Se
Q1: How do devices in a multi-access (such as Broadcast) network determine which
lU
devices become DR and Backup DR (BDR)? What role does priority 0 play in this
process? What role do other priorities play?
a
________________________________________________________________________
rn
te
________________________________________________________________________
In
________________________________________________________________________
P
H
________________________________________________________________________
r
Fo
________________________________________________________________________
________________________________________________________________________
________________________________________________________________________
________________________________________________________________________
________________________________________________________________________
Rev. 11.12 10 –5
HP Networking Interoperability
Q2: Can you determine which routers in this figure become DR and BDR?
________________________________________________________________________
________________________________________________________________________
________________________________________________________________________
________________________________________________________________________
________________________________________________________________________
y
Q3: How can you force two routers to become DR and BDR?
nl
________________________________________________________________________
O
________________________________________________________________________
Se
lU
________________________________________________________________________
a
________________________________________________________________________
rn
te
________________________________________________________________________
In
________________________________________________________________________
P
H
________________________________________________________________________
r
Fo
________________________________________________________________________
Other best practices
Multi-access network type interfaces always select a DR and BDR—even if you have
designed the topology as discussed on the previous slide (each routing switch
connects directly to each other routing switch on a VLAN and subnet that is unique to
the point-to-point connection).In this case, one side becomes DR and the other BDR.
To prevent the election and speed convergence, you must manually set the interfaces’
network type to P2P. However, make sure that all network administrators understand
this practice; otherwise, the type might not match on both switches, so they will not
become neighbors.
10 –6 Rev. 11.12
Routing Using OSPF
OSPF authentication
Will the two OSPF adjacencies work?
HP1 gi1/0/2 HP3
gi1/0/1 Vlan 20
Vlan 10 port gigabit 1/0/2
port gigabit 1/0/1 ospf 22
ospf 11 Area 10
Area 0 authentication-mode md5
authentication-mode simple network 10.6.0.2 0.0.0.0
network 192.168.1.1 0.0.0.0 interface vlan 20
interface vlan 10 ip address 10.6.0.2 24
ip address 192.168.1.1 24 ospf authentication-mode md5 1…
ospf authentication-mode simple… cipher cant_find
cipher very-secret
Cisco2 gi0/1 gi0/2
interface gigabitethernet 0/1 router ospf 2
y
ip address 192.168.1.2 255.255.255.0 network 10.6.0.2 0.0.0.0 area 10
ip ospf authentication-key very-secret
nl
network 192.168.0.0 0.0.255.255 area 0
interface gigabitethernet 0/2 area 10 authentication message-digest
ip address 10.6.0.1 255.255.255.0 area 0 authentication
O
ip ospf message-digest-key 1 md5 cant_find
Figure 10-3: OSPF authentication
Se
Examine the figure and then answer these questions (note that there is a fifth question
lU
on the next page):
Q1: If you ignore the authentication settings, which routers become OSPF neighbors
a
and on which subnets and areas?
rn
________________________________________________________________________
te
In
________________________________________________________________________
P
H
________________________________________________________________________
r
Fo
________________________________________________________________________
________________________________________________________________________
Now examine the authentication settings.
Q2: Do the authentication settings match between HP 1 and Cisco 2?
________________________________________________________________________
________________________________________________________________________
________________________________________________________________________
Rev. 11.12 10 –7
HP Networking Interoperability
Q3: On HP 1, the password is specified with the cipher keyword. What purpose
does this keyword serve?
________________________________________________________________________
________________________________________________________________________
________________________________________________________________________
________________________________________________________________________
________________________________________________________________________
y
nl
Q4: Do the authentication settings match between HP 3 and Cisco 2?
O
________________________________________________________________________
Se
________________________________________________________________________
lU
________________________________________________________________________
a
rn
________________________________________________________________________
te
In
________________________________________________________________________
P
Q5: What role does the key ID play (beyond being another matching setting)?
H
________________________________________________________________________
r
Fo
________________________________________________________________________
________________________________________________________________________
________________________________________________________________________
________________________________________________________________________
________________________________________________________________________
________________________________________________________________________
10 –8 Rev. 11.12
Routing Using OSPF
OSPF neighbors—Scenario 1-4
What happen on the different routers when
“reset ospf 1 process graceful-restart” is entered on HP1?
ospf 1
opaque-capability enable router ospf 1
graceful-restart ietf nsf ietf restart-interval 200
graceful-restart interval 120
HP 1 Cisco 2
Cisco 3 HP 4
y
nl
router ospf 1 ospf 1
nsf ietf restart-interval 200 opaque-capability enable
O
graceful-restart ietf
Figure 10-4: OSPF neighbors—Scenario 1-4
Se
What is the purpose of the configurations displayed in this slide?
lU
These routers are implementing OSPF graceful restart, which is defined in RFC 3623.
This feature allows you to restart OSPF processes without disturbing the OSPF
a
neighboring status nor the forwarding of IP traffic.
rn
When would you need to initiate a graceful restart?
te
You would initiate a graceful restart whenever you need to restart an OSPF process
In
to clean out or update information. You will find this feature particularly useful when
P
a component fails (for example, a Route Processor [RP] has crashed and a backup RP
has taken over) or when you are performing a scheduled hitless software upgrade.
H
What are requirements for implementing graceful restart?
r
Fo
Your routers or routing switches must meet these requirements:
They have independent control planes and forwarding planes. Cisco devices
require Cisco Express Forwarding (CEF). HP A-Series devices also meet the
requirement. While OSP processes restart on the control plane, the FIBs that
reside on line cards continue to forward IP packets.
In addition to supporting graceful restart themselves, their OSPF neighbors must
also support the feature. While one device reboots, its neighbors maintain their
neighbor relationship with it during a grace period (the restart interval).
The slide shows the commands for configuring the graceful restart interval on
Cisco and HP devices.
Rev. 11.12 10 –9
HP Networking Interoperability
What happens on each router when you initiate a graceful restart on
HP 1?
You initiate the graceful restart by entering reset ospf <process ID> process
graceful-restart. (On a Cisco device, you initiate the graceful restart by entering
clear ip ospf <process ID>.)
After you enter the command, HP1 announces to all neighbors that it is going to
reload its OSPF processes. While it restarts, HP1 continues to forward packets based
on information in its routing table at the time that the restart initiated.
The other routers start their graceful restart timer. The default interval is 120 seconds,
but the routers in this example have a 200 second interval. These routers freeze their
Link State (LS) database and routing table during this interval.
After the interval expires (at which time HP 1 should have finished reloading its
y
processes), all routers synchronize their databases.
nl
O
Commands for enabling OSPF graceful restart
You must enter these commands on HP A-Series devices to enable graceful restart:
ospf 1
Se
lU
opaque-capability enable
graceful-restart ietf
a
You must enter these commands on Cisco devices:
rn
router ospf 1
te
nsf ietf restart-interval 200
In
For more details on command syntax, refer to the configuration manual for your
device.
P
r H
Fo
10 –10 Rev. 11.12
Routing Using OSPF
OSPF neighbors—Scenario 1-5
•Why is it relevant to use BFD between the 3 routers?
•What BFD transmit timers will be negotiated between HP1 and Cisco3?
•What values would you recommend for the timers?
•What will happen if INT VLAN10 fails on HP1?
bfd session init-mode active
interface vlan-interface 10
ip address 10.1.1.1 24 interface GigabitEthernet2/1
ospf bfd enable ip address 10.1.1.2 255.255.255.0
bfd min-transmit-interval 25 ip ospf bfd
bfd min-receive-interval 150 bfd interval 50 min_rx 50 multiplier 3
bfd detect-multiplier 3
router ospf 1
ospf 1 bfd all-interfaces
area 0 network 10.1.1.2 0.0.0.0 area 0
network 10.1.1.0 0.0.0.255
HP 1 Cisco 3
y
nl
O
HP 2
Figure 10-5: OSPF neighbors—Scenario 1-5
Se
Examine the figure and consider the questions and answers below.
lU
Note
a
For this scenario, assume that HP2, which provides an alternate path to the same
rn
remote networks as HP1, has a similar BFD and OSPF configuration to HP1’s.
te
Why is it relevant to use BFD between the three routers?
In
In this configuration, the three routers do not connect directly but instead through a
Layer 2 switch. When a router or an interface fails, the routers cannot immediately
P
detect the failure using the traditional OSPF hello and dead timers. BDF is another
H
interval that helps the routers detect the failure more quickly.
r
What BFD transmit timers will be negotiated between HP1 and Cisco3?
Fo
This scenario illustrates what can happen when two routers propose radically
different timers for BFD. Examine what happens step by step:
1. HP1 sends its request for the timers.
2. Cisco3 receives the packet and compares the requested RX interval of 150ms to
its own TX interval of 50ms. The requested RX interval is larger, so Cisco3
throttles back its own transmit frequency and sends BFD control packets at
150ms intervals.
3. Similarly, HP1 compares the Cisco’s requested RX interval of 50ms to its own
desired TX interval of 25ms. The requested RX interval is larger, so HP1 sends at
50ms intervals.
Rev. 11.12 10 –11
HP Networking Interoperability
4. The timer negotiation is complete:
HP1 sends at 50ms intervals and receives at 150 ms intervals.
Cisco3 sends at 150ms intervals and receives at 50ms.
As you see, routers align their TX timers to the highest requested RX timers. The
negotiation provides some configuration flexibility and protection against
misconfiguration. Even if one peer sets an absurdly low TX or RX timer, the value will
be negotiated upwards by a correctly configured peer.
Nonetheless, it is recommended that you configure identical timer settings on BFD
peers sharing the same media types.
What values would you recommend for the timers?
A common setup for BFD timers is:
y
TX and RX = 50 or 100ms
nl
O
Detect-multiplier = 3 or 4
Routers also communicate the detect multiplier in BFD control packets, but they do not
Se
negotiate this setting. Therefore, it is possible to have different detect-timer values on
either side of the BFD session.
lU
What will happen if INT VLAN10 fails on HP1?
a
Once the BFD session and appropriate timers have been negotiated, the BFD peers
rn
send BFD control packets to each other at the negotiated intervals. (At least, BFD
te
asynchronous mode functions in this manner; BFD demand mode functions
differently.) These control packets act as a heartbeat much like an IGP hello protocol
In
but at an accelerated rate.
P
As long as each BFD peer receives a BFD control packet within the detect-timer
H
period, the BFD session remains up and any routing protocol associated with BFD
maintains its adjacencies. If a BFD peer does not receive a control packet within the
r
detect interval, it informs any clients of that BFD session (that is, the routing protocols
Fo
associated with it) of the failure. Each routing protocol determines the appropriate
response to that information. Typically, it terminates the routing protocol peering
session with the failed router so that routers can reconverge, bypassing the failed
peer.
The preceding information brings up an important point: BFD simply detects liveness.
It does not-in itself-determine the correct reaction to a detected failure.
10 –12 Rev. 11.12
Routing Using OSPF
OSFP area scenarios
The following scenarios review OSPF area configuration, focusing in particular on the
role of the Area Border Router (ABR).
It is important that you understand how to divide your system into areas to make the
routing protocol operate more efficiently. Within an area all routers must synchronize
their link state databases, but areas allow you to filter routes at the ABR. (It is
possible to configure individual routers to prevent the advertisement of certain LSAs;
however, this type of filtering is not what is typically meant by filtering routes.)
y
nl
O
Se
a lU
rn
te
In
P
r H
Fo
Rev. 11.12 10 –13
HP Networking Interoperability
OSPF area summarization—Scenario 2-1
Summarization
Inter-Area 10.1.0.0/16
R1 Area 0 R4
10.0.0.0/16
.4
.1
10.0.10.0/24
10.1.1.0/24
10.1.3.0/24
R2 .2
.3 R3
Area 1 What is R1 configuration when R1 is:
10.1.2.0/24 •Cisco
10.1.4.0/24 •HP A-Series
y
•HP E-Series
nl
O
Figure 10-6: OSPF area summarization—Scenario 2-1
Se
lU
Q1: What kind of OSPF router is R1?
_______________________________________________________________________
a
rn
_______________________________________________________________________
te
In
_______________________________________________________________________
P
H
_______________________________________________________________________
r
Fo
Q2: What kind of LSAs are generated by R1?
_______________________________________________________________________
_______________________________________________________________________
_______________________________________________________________________
_______________________________________________________________________
_______________________________________________________________________
10 –14 Rev. 11.12
Routing Using OSPF
Q3: What function does configuring an area range serve?
_______________________________________________________________________
_______________________________________________________________________
_______________________________________________________________________
Q4: Why would you configure an area range?
_______________________________________________________________________
_______________________________________________________________________
y
nl
_______________________________________________________________________
O
_______________________________________________________________________
Se
lU
Q5: What are the key advantages of summarization?
_______________________________________________________________________
a
rn
_______________________________________________________________________
te
In
_______________________________________________________________________
P
_______________________________________________________________________
r H
Fo
_______________________________________________________________________
Q6: Does summarization have some disadvantages?
_______________________________________________________________________
_______________________________________________________________________
_______________________________________________________________________
_______________________________________________________________________
Rev. 11.12 10 –15
HP Networking Interoperability
Q7: Why can you enable summarization on R1 and not on R2, R3, and R4?
_______________________________________________________________________
_______________________________________________________________________
_______________________________________________________________________
_______________________________________________________________________
Q8: What other tasks can you perform on an ABR related to area summarization?
_______________________________________________________________________
y
nl
_______________________________________________________________________
O
_______________________________________________________________________
Se
lU
_______________________________________________________________________
a
Q9: Where can you see the results of the area summarization?
rn
_______________________________________________________________________
te
In
_______________________________________________________________________
P
_______________________________________________________________________
r H
Fo
_______________________________________________________________________
10 –16 Rev. 11.12
Routing Using OSPF
OSPF area summarization—Scenario 2-1-a
Summarization
Inter-Area 10.1.0.0/16
R1 Area 0 R4
10.0.0.0/16
.4
.1
10.0.10.0/24
10.1.1.0/24 R1= Cisco
10.1.3.0/24 interface gigabitethernet 0/1
ip address 10.0.10.1 255.255.255.0
R2 .2
.3 R3
interface gigabitethernet 0/2
ip address 10.1.1.1 255.255.255.0
Area 1 interface gigabitethernet 0/3
ip address 10.1.3.1 255.255.255.0
10.1.2.0/24
10.1.4.0/24 router ospf 1
y
router-id 1.1.1.1
network 10.0.0.0 0.0.255.255 area? 0
nl
network 10.1.0.0 0.0.255.255 area? 1
area 0? range 10.0.0.0 255.255.0.0
O
area 1? range 10.1.0.0 255.255.0.0
Figure 10-7: OSPF area summarization—Scenario 2-1-a
Se
The figure above displays the network commands for enabling OSPF on interfaces
lU
on Router 1, a Cisco router acting as ABR, and placing those interfaces in an area.
The last two commands configure area summaries (or aggregated routes) that the
a
ABR advertises to routers in other areas.
rn
The commands are missing some keywords. Fill in the commands, using the figure for
te
information:
In
network 10.0.0.0 0.0.255.255 __________________
network 10.1.0.0 0.0.255.255 _________________
P
______________ 10.0.0.0 255.255.0.0
H
_____________ 10.1.0.0 255.255.0.0
r
If you do not know the exact syntax, do not worry. You will learn it in a moment.
Fo
Also fill in the blanks to indicate how the ABR (R1) will summarize the routes.
R1 aggregates the routes in area 0 into a single route to ________________ and
advertises this route to routers in ____________.
R1 aggregates the routes in area 1 into a single route to ________________ and
advertises this route to routers in ____________.
How can the ABR filter networks?
You can configure a non-advertised route summarization. An example on the Cisco
ABR (R1) would be:
area-range 10.0.2.0 0.0.0.255 not-advertise
This command would prevent the ABR from advertising networks within the
10.0.2.0/24 space.
Rev. 11.12 10 –17
HP Networking Interoperability
What is the default value for router ID?
In the Cisco IOS, if you do not explicitly set the OSPF router ID, the router uses the
value of the highest IP address on a loopback interface. If the router does not have a
loopback interface, its ID becomes the value of the highest IP address on an interface
that is up.
How and why would you configure the ABR to send a default route to
routers in an area?
You must configure the area as a totally stubby area. In the Cisco IOS, the command
is:
area <ID> stub no-summary
Often an area at a branch office or other remote site connects only to an ABR in
y
area 0. The routers at the branch office do not require a detailed view of the
nl
networks at the main office. A default route is enough.
O
Se
a lU
rn
te
In
P
r H
Fo
10 –18 Rev. 11.12
Routing Using OSPF
OSPF area summarization—Scenario 2-1-b
Summarization
10.1.0.0/16
Inter-Area
R1 Area 0 R4
10.0.0.0/16
.4
.1
10.0.10.0/24
R1= HP A-Series
10.1.1.0/24 interface vlan 10
ip address 10.0.10.1 24
10.1.3.0/24 interface vlan 11
R2 .2 ip address 10.1.1.1 24
.3 R3 interface vlan 12
ip address 10.1.3.1 24
Area 1
10.1.2.0/24 ospf 1 router-id 1.1.1.1
10.1.4.0/24 area? 0
description backbone area
y
network 10.0.0.0 16
abr-summary 10.0.0.0 16 ?
nl
? 1
area
description asian area
O
network 10.1.0.0 16
abr-summary 10.1.0.0 16 ?
Se
Figure 10-8: OSPF area summarization—Scenario 2-1-b
This scenario presents a similar situation to the previous one. However, the ABR is an
lU
HP A-Series switch. You configure this switch in a very similar manner to the Cisco
switches.
a
rn
The commands are missing some keywords. Fill in the commands, using the figure for
information:
te
ospf 1 router-id 1.1.1.1
In
_______________
P
description backbone area
H
network 10.0.0.0 0.0.255.255
abr-summary 10.0.0.0 _________________
r
Fo
______________
description asian area
network 10.1.0.0 0.0.255.255
abr-summary 10.1.0.0 _________________
Rev. 11.12 10 –19
HP Networking Interoperability
Summarization
Inter-Area 10.1.0.0/16
R1 Area 0 R4
10.0.0.0/16
.4
.1
10.0.10.0/24
R1= HP A-Series
10.1.1.0/24 interface vlan 10
ip address 10.0.10.1 24
10.1.3.0/24 interface vlan 11
R2 .2 ip address 10.1.1.1 24
.3 R3 interface vlan 12
ip address 10.1.3.1 24
Area 1
10.1.2.0/24 ospf 1 router-id 1.1.1.1
10.1.4.0/24 area 0
description backbone area
network 10.0.0.0 0.0.255.255
abr-summary 10.0.0.0 16
area 1
y
description asian area
nl
network 10.1.0.0 0.0.255.255
14 Rev. 10.41 abr-summary 10.1.0.0 16
O
Figure 10-9: OSPF area summarization—Scenario 2-1-b
Se
Figure 10-9 shows the commands in full.
Pretend that you have established this configuration on R1. On which routers could
lU
you best verify the route summarization?
a
You would verify it on routers in a different area from the summarized route. That is,
rn
routers within area 1 receive the advertised summaries for area 0 and vice versa.
You should view the routing table on these routers to verify that they have received
te
the summarized (aggregated) routes.
In
You can also verify the summarization on the ABR itself.
P
The tables indicate the correct syntax on Cisco, HP A-Series, and HP E-Series
H
commands that you could use to verify summarization. Because the aggregation
creates a new Type 3 LSA, you can view the LSA database and look for the new LSA.
r
Cisco switches also create a route to null0 for the summarized network, so you can
Fo
look for that route in the routing table.
Commands for verifying summarization
Description Cisco command HP A-Series command HP E-Series command
View the routing table. show ip route display ip routing-table show ip route
display ospf routing
View Type 3 LSAs in the show ip ospf database display ospf lsdb show ip ospf link-state
LSA database. summary summary summary
display ospf lsdb brief
10 –20 Rev. 11.12
Routing Using OSPF
OSPF area summarization—Scenario 2-1-c
Summarization
Inter-Area 10.1.0.0/16
R1 Area 0 R4
10.0.0.0/16
.4
.1
10.0.10.0/24 R1= HP E-Series
vlan 10
10.1.1.0/24 ip address 10.0.10.1/24
10.1.3.0/24 ip ospf area 0?
vlan 11
R2 .2 ip address 10.1.1.1/24
.3 R3 ip ospf area 1?
Area 1 vlan 12
ip address 10.1.3.1/24
10.1.2.0/24 ip ospf area 1?
10.1.4.0/24 ip routing
y
ip router-id 1.1.1.1
router ospf
nl
area 0
?
area 0 range 10.0.0.0/16
O
area 1
?
area 1 range 10.1.0.0/16
Se
Figure 10-10: OSPF area summarization—Scenario 2-1-c
This scenario presents the same topology as the previous two, but an HP E-Series
lU
switch is the ABR. Try to fill in the blanks in the configuration:
a
vlan 10
rn
ip address 10.0.10.1/24
te
ip ospf area _____
In
vlan 11
ip address 10.1.1.1/24
P
ip ospf area ____
H
vlan 12
r
ip address 10.1.3.1/24
Fo
ip ospf area 1
ip routing
ip router-id 1.1.1.1
router ospf
area 0
area 0 range 10.0.0.0/16
area 1
area 1 range 10.1.0.0/16
Rev. 11.12 10 –21
HP Networking Interoperability
Summarization
Inter-Area 10.1.0.0/16
R1 Area 0 R4
10.0.0.0/16
.4
.1
10.0.10.0/24 R1= HP E-Series
vlan 10
10.1.1.0/24 ip address 10.0.10.1 24
10.1.3.0/24 ip ospf area 0
vlan 11
R2 .2 ip address 10.1.1.1 24
.3 R3 ip ospf area 1
Area 1 vlan 12
ip address 10.1.3.1 24
10.1.2.0/24 ip ospf area 1
10.1.4.0/24 ip routing
ip router-id 1.1.1.1
router ospf
y
area 0
area 0 range 10.0.0.0/16
nl
area 1
area 1 range 10.1.0.0/16
O
Figure 10-11: OSPF area summarization—Scenario 2-1-c
Se
Figure 10-11 shows the commands in full.
a lU
rn
te
In
P
r H
Fo
10 –22 Rev. 11.12
Routing Using OSPF
OSPF area summarization—Scenario 2-2
Summarization
Inter-Area 10.1.0.0/16
R1 Area 0 R4
10.0.0.0/16
.4
.1
10.0.10.0/24
10.1.1.0/24
10.1.3.0/24
R2 .2
.3 R3
Area 1 What are the IP subnets in the routing
10.1.2.0/24 tables of R1, R4, R2 and R3?
10.1.4.0/24 What is the type for each route?
y
nl
O
Figure 10-12: OSPF area summarization—Scenario 2-2
Se
The figure displays an OSPF topology in which R1 is an ABR that advertises route
summaries 10.0.0.0/16 and 10.1.0.0/16 for areas 0 and 1.
lU
You should now be able to predict the result of this configuration. For each router, fill
in the routing table:
a
Routes to directly connected networks
rn
Routes discovered through OSPF, remembering to consider the summaries
te
For Type, indicate the type of route using the Cisco abbreviations:
In
C = Connected networks
P
O = OSPF networks internal to the area (Type 1and Type 2 LSAs)
H
O IA = Inter-area OSPF networks (Type 3 LSA)
r
Fo
O E1 or O E2: External (redistributed) OSPF networks
O n1 or O N2: External (redistributed) OSPF networks in an NSSA
You do not necessarily have to fill in every row in every table.
Note
All OSPF networks except external ones are indicated by: 0_ASE.
To see the type on HP A-series routers, you must enter display ospf routing-table.
Rev. 11.12 10 –23
HP Networking Interoperability
R2 Routing Table
IP network Next hop Type
y
nl
R3 Routing Table
O
IP network Next hop Type
Se
a lU
rn
te
In
P
r H
Fo
10 –24 Rev. 11.12
Routing Using OSPF
R4 Routing Table
IP network Next hop Type
y
nl
O
Assume that R1 is a Cisco router.
R1 Routing Table
IP network Next hop
Se
Type
a lU
rn
te
In
P
r H
Fo
Rev. 11.12 10 –25
HP Networking Interoperability
OSPF passive interface—Scenario 2-3
Summarization
Inter-Area 10.1.0.0/16
R1 Area 0 R4
10.0.0.0/16
.4
.1
10.0.10.0/24
10.1.1.0/24
10.1.3.0/24
R2 .2
.3 R3
Area 1 What command can you use on R2 and R3
10.1.2.0/24 to avoid an OSPF neighboring on LANs
10.1.4.0/24 10.1.2.0/24 and 10.1.4.0/24?
y
nl
O
Figure 10-13: OSPF passive interface—Scenario 2-3
Se
Examine the topology displayed in the figure. Assume that you want to prevent R2
and R3 from becoming OSPF neighbors with any routers in their locally connected
lU
networks, 10.1.2.0/24 and 10.1.4.0/24. How could you do so?
You can simply prevent the routers from sending OSPF packets on these interfaces by
a
configuring these interfaces as passive interfaces.
rn
Note
te
You can alternatively configure OSPF authentication to prevent undesired
In
neighboring. However, in stub networks such as the ones in this example, it is
best to configure passive interfaces.
P
Use cases
H
You can implement the passive interface feature on any LAN in which your router
r
Fo
should not have any OSPF neighbors. A typical use case is a network with two
routing switches connected to the same VLANs. Instead of making the routers OSPF
neighbors on all IP interfaces (VLANs), you can simply make them neighbors on two
or three IP interfaces. Then you configure OSPF on all other interfaces (so these
networks are advertises) but configure them as passive interfaces.
Can you think of other use cases?
_______________________________________________________________________
_______________________________________________________________________
_______________________________________________________________________
10 –26 Rev. 11.12
Routing Using OSPF
OSPF passive interface—Scenario 2-3-a
Summarization
Inter-Area 10.1.0.0/16
R1 Area 0 R4
10.0.0.0/16
.4
.1 R3= Cisco
10.0.10.0/24
interface gigabit 0/1
10.1.1.0/24 ip address 10.1.4.3 255.255.255.0
10.1.3.0/24 router ospf 1
passive-interface gigabitethernet 0/1
R2 .2
.3 R3 R3= HP A-series
Area 1 interface vlan-interface 14
ip address 10.1.4.3 24
10.1.2.0/24
10.1.4.0/24 ospf 1
silent-interface vlan-interface 14
y
R3= HP A-series
nl
vlan 14
O
ip address 10.1.4.3/24
ip ospf area 1
21 Rev. 10.41 ip ospf passive
Se
Figure 10-14: OSPF passive interface—Scenario 2-3-a
lU
The figure displays the commands for configuring OSPF passive interfaces.
To verify which interfaces are passive, enter this command on Cisco and HP E-Series
a
devices:
rn
show ip ospf interface
te
Enter this command on HP A-Series devices:
In
display ip ospf interfaces
On Cisco and HP A-Series devices, you can alternatively enable the passive interface
P
feature globally (all OSPF interfaces are passive). Then you can enable individual
H
interfaces as active OSPF interfaces. This configuration option for the example in the
r
figure would be as follows on Cisco devices:
Fo
router ospf 1
passive-interface all
no passive-interface gigabit 0/2
On HP A-Series devices, this configuration option for the example in the figure would
be as follows:
ospf1
silent-interface all
undo silent-interface Vlan-interface1
Rev. 11.12 10 –27
HP Networking Interoperability
OSPF area and redistribution scenarios
In the next section, you will practice designing OSPF for various environments with
multiple areas and the need for route redistribution.
y
nl
O
Se
a lU
rn
te
In
P
r H
Fo
10 –28 Rev. 11.12
Routing Using OSPF
OSPF redistribution—Scenario 3-1
R1 Area 0 R4
.4
.1
10.0.10.0/24
10.1.1.0/24 Area 2
10.2.1.0/24
Area 1
R2 .2 .5 R5
.3 R3
10.1.2.0/24
What is R2 configuration
10.1.3.0/24
when R2 is:
•Cisco
y
• Redistribute (import) static and direct •HP A-Series
nl
routes •HP E-Series
• Summarize the redistributed routes
O
• Make the cost increment as advertised
23 Rev. 10.41
Se
Figure 10-15: OSPF redistribution—Scenario 3-1
Examine the figure above. R2, which is part of the OSPF system, is connected to R3,
lU
which is not. In a moment, you will discuss how to advertise the 10.1.10.0/24 and
10.1.3.0/24 in OSPF using redistribution:
a
rn
Redistribute the static and connected routes
te
Summarize the redistributed routes
In
Configure the cost for the redistributed routes to increment as they are advertised
First, however, discuss why you would implement route redistribution.
P
Q1: Why would you redistribute routes to directly connected networks instead of
H
configuring those networks as passive interface OSPF networks?
r
_______________________________________________________________________
Fo
_______________________________________________________________________
_______________________________________________________________________
_______________________________________________________________________
_______________________________________________________________________
_______________________________________________________________________
Rev. 11.12 10 –29
HP Networking Interoperability
Q2: What conditions must be met on a router for it to redistribute routes?
_______________________________________________________________________
_______________________________________________________________________
_______________________________________________________________________
_______________________________________________________________________
_______________________________________________________________________
y
_______________________________________________________________________
nl
O
Q3: Which type of OSPF LSA is created for the redistributed route?
_______________________________________________________________________
Se
lU
_______________________________________________________________________
a
_______________________________________________________________________
rn
te
_______________________________________________________________________
In
_______________________________________________________________________
P
H
_______________________________________________________________________
r
Fo
Q4: What are some reasons for not redistributing routes?
_______________________________________________________________________
_______________________________________________________________________
_______________________________________________________________________
_______________________________________________________________________
_______________________________________________________________________
10 –30 Rev. 11.12
Routing Using OSPF
OSPF redistribution—Scenario 3-1-a
R1 Area 0 R4
.4
.1
10.0.10.0/24
10.1.1.0/24 Area 2
10.2.1.0/24
Area 1
R2 .2 .5 R5
.3 R3
10.1.2.0/24
10.1.3.0/24
R2= Cisco
y
ip route 10.1.3.0 255.255.255.0 10.1.10.3
router ospf 1
nl
network 10.1.1.0 0.0.0.255 area 1
?
redistribute ?
static metric 10 metric-type 1 subnets
O
?
redistribute ?
connected metric 10 metric-type 1 subnets
?
summary-address 10.1.2.0 255.255.254.0
Se
Figure 10-16: OSPF redistribution—Scenario 3-1-a
Examine the figure and answer these questions.
lU
Note
a
You will discuss the answers as a class, and the correct answers are also listed at
rn
the end of this module in your guide.
te
Q1: Fill in the blanks to show the proper configuration for R2 when it is a Cisco
In
router. R2 must:
Redistribute static and connected routes
P
Summarize the redistributed routes
H
Configure the cost for the redistributed routes to increment as they are advertised
r
Fo
ip route 10.1.3.0 255.255.255.0 10.1.10.3
router ospf 1
network 10.1.1.0 0.0.0.255 area 1
___________ static metric 10 metric-type 1 __________
___________ connected metric 10 metric-type 1 __________
___________ 10.1.2.0 255.255.254.0
Q2: What command can you enter to verify that the Cisco R2 has properly
redistributed (or imported) the routes?
_______________________________________________________________________
Rev. 11.12 10 –31
HP Networking Interoperability
Q3: What command can you enter to verify that the routes to the external networks
have been summarized?
_______________________________________________________________________
Q4: This configuration sets metric type 1 for the redistributed routes. What purpose
does this configuration serve, and how could you change the metric type?
_______________________________________________________________________
_______________________________________________________________________
_______________________________________________________________________
y
_______________________________________________________________________
nl
O
_______________________________________________________________________
Se
_______________________________________________________________________
a lU
rn
te
In
P
r H
Fo
10 –32 Rev. 11.12
Routing Using OSPF
OSPF redistribution—Scenario 3-1-b
R1 Area 0 R4
.4
.1
10.0.10.0/24
10.1.1.0/24 Area 2
10.2.1.0/24
Area 1
R2 .2 .5 R5
.3 R3
10.1.2.0/24
R2= HP A-Series
ip route-static 10.1.3.0 24 10.1.10.3
10.1.3.0/24 ospf 1
area 1
y
network 10.1.1.0 0.0.0.255
?
import-route static cost 10 type 1
nl
import-route direct cost 10 type 1
?
asbr-summary 10.1.2.0 23
O
Figure 10-17: OSPF redistribution—Scenario 3-1-b
Se
Examine the figure and answer these questions.
lU
Note
You will discuss the answers as a class, and the correct answers are also listed at
a
the end of this scenario.
rn
Q1: Fill in the blanks to show the proper configuration for R2 when it is an HP A-
te
Series device. R2 must:
In
Redistribute static and connected routes
P
Summarize the redistributed routes
H
Configure the cost for the redistributed routes to increment as they are advertised
r
ip route-static 10.1.3.0 24 10.1.10.3
Fo
ospf 1
area 1
network 10.1.1.0 0.0.255.255
___________ static cost 10 type 1
___________ direct cost 10 type 1
asbr-summary 10.1.2.0 ______
Rev. 11.12 10 –33
HP Networking Interoperability
Q2: This configuration sets metric type 1 for the redistributed routes. What purpose
does this configuration serve? Why might you select type 1 rather than type 2?
_______________________________________________________________________
_______________________________________________________________________
_______________________________________________________________________
_______________________________________________________________________
_______________________________________________________________________
y
nl
_______________________________________________________________________
O
_______________________________________________________________________
Se
_______________________________________________________________________
a lU
_______________________________________________________________________
rn
te
_______________________________________________________________________
In
_______________________________________________________________________
P
H
_______________________________________________________________________
r
Fo
_______________________________________________________________________
_______________________________________________________________________
_______________________________________________________________________
_______________________________________________________________________
_______________________________________________________________________
10 –34 Rev. 11.12
Routing Using OSPF
OSPF redistribution—Scenario 3-1-c
R1 Area 0 R4
.4
.1
10.0.10.0/24
10.1.1.0/24 Area 2
10.2.1.0/24
Area 1
R2 .2 .5 R5
.3 R3
10.1.2.0/24 R2= HP A-Series
ip route 10.1.3.0/24 10.1.10.3
vlan 10
10.1.3.0/24 ip address 10.1.1.2/24
ip ospf area 1
y
Router ospf
area 1
nl
?
redistribute connected
?
redistribute static
O
default-metric 20
metric-type 1
Se
Figure 10-18: OSPF redistribution—Scenario 3-1-c
lU
Fill in the blanks to show the proper configuration for R2 when it is an HP E-Series
device. R2 must:
a
Redistribute static and connected routes
rn
Configure the cost for the redistributed routes to increment as they are advertised
te
In
Note
HP E-Series devices do not support summarization for
P
redistributed (external) routes.
H
ip route 10.1.3.0/24 10.1.10.3
r
Fo
vlan 10
ip address 10.1.1.2/24
ip ospf area 1
Router ospf
area 1
______________ connected
______________ static
default-metric 20
metric-type 1
Note
You will discuss the answers as a class, and the correct answers are also listed at
the end of this scenario.
Rev. 11.12 10 –35
HP Networking Interoperability
OSPF redistribution—Scenario 3-2
R1 Area 0 R4
.4 0.0.0.0/0
.1
10.0.10.0/24
10.1.1.0/24 Area 2
10.2.1.0/24
Area 1
R2 .2 .5 R5
.3 R3
10.1.2.0/24
What can you do for R5 to have
10.1.3.0/24 a Default Route via OSPF
for ALL networks outside of its own Area?
y
nl
Figure 10-19: OSPF redistribution—Scenario 3-2
O
You now understand how R2 redistributes the external routes. You will now turn to
Se
another part of the network: area 2.
In this scenario, you want to hide networks outside of area 2 to routers within area 2.
lU
R5 does not need to store the complexities of the network topology because it has
only one connection to the rest of the network. (Perhaps R5 is a router at a branch
a
office, and R4 is a router at the headquarters or a regional office). A default route is
rn
functionally equivalent to many routes through the same forwarding interface and
much more efficient.
te
To hide the non-area 2 networks in this way, you must define the area type. Typically,
In
you would define the area as a totally stubby area. The ABR for a totally stubby area
P
generates a default route (Type 3 LSA) to replace inter-area route summarizations
(other Type 3 LSAs) and routes to external networks (Type 5 LSAs).
H
You could also configure the area as a totally stubby NSSA, which allows routers
r
Fo
within the area to redistribute routes themselves, providing more flexibility for the
configuration.
10 –36 Rev. 11.12
Routing Using OSPF
OSPF redistribution—Scenario 3-2-a
R1 Area 0 R4
.4 0.0.0.0/0
.1
10.0.10.0/24
10.1.1.0/24 Area 2
10.2.1.0/24
Area 1
R2 .2 .5 R5
R4=Cisco
router ospf 1
network 10.0.0.0 0.0.255.255 area 0
network.310.2.0.0
R3 0.0.255.255 area 2
10.1.2.0/24 area 2 stub no-summary
or
area 2 nssa no-summary
area 10.1.3.0/24
R5=Cisco
2 default-information originate
router ospf 1
y
network 10.2.0.0 0.0.255.255 area 2
nl
area 2 stub
or
area 2 nssa
O
Figure 10-20: OSPF redistribution—Scenario 3-2-a
Se
As you learned, to configure the ABR to generate the default route for the area (and
filter out other inter-area LSAs), you can define the area as either a totally stubby
lU
area or a totally NSSA area.
a
The figure displays the configuration on a Cisco device that is acting as ABR (R4).
rn
You enter either:
te
area <ID> stub no-summary
In
area <ID> nssa no-summary
On a Cisco device that is an internal router in the totally stubby area or NSSA, you
P
enter either:
H
area <ID> stub
r
area <ID> nssa
Fo
The area type must match the type on the internal router and the ABR. However, you
do not specify the no-summary option on the internal router. Only the ABR—or
ABRs—require that option to tell them to generate the default route.
Note that, when you disable summaries for a stubby area, the ABR automatically
generates a default route. However, you must use the area <ID> default-information
originate command to generate this route for an NSSA, which does not receive it by
default. (This enables the NSSA to use its own default route if it has an external
connection.)
Rev. 11.12 10 –37
HP Networking Interoperability
OSPF redistribution—Scenario 3-2-b
R1 Area 0 R4
.4 0.0.0.0/0
.1
10.0.10.0/24
10.1.1.0/24 Area 2
10.2.1.0/24
Area 1
R2 .2 .5 R5
ospf 1 R4=HP A-series
area 2
.3 10.2.0.0
network R3 0.0.255.255
10.1.2.0/24 stub no-summary
or
area 2
10.1.3.0/24
network 10.2.0.0 16
nssa no-summary default-route-advertise
R5=HP A-Series
y
ospf 1
nl
area 2
network 10.2.0.0 0.0.255.255
O
stub
or
nssa
Se
Figure 10-21: OSPF redistribution—Scenario 3-2-b
lU
The figure displays the correct configuration for this scenario when the ABR (R4) and
internal router in the stubby area (R5) are HP A-Series devices. As you see it is quite
a
similar to the Cisco configuration. Again, note that the generation of the default route
rn
is not automatic for the NSSA; you must add the default-route-advertise option.
te
In
P
r H
Fo
10 –38 Rev. 11.12
Routing Using OSPF
OSPF redistribution—Scenario 3-2-c
R1 Area 0 R4
.4 0.0.0.0/0
.1
10.0.10.0/24
10.1.1.0/24 Area 2
10.2.1.0/24
Area 1
R2 .2 R4=HP E-series .5 R5
router ospf
area 2 stub 10 no-summary
.3 or
R3area 2 nssa 10 no-summary
10.1.2.0/24
10.1.3.0/24 R5=HP E-Series
router ospf
y
area 2 stub 10
or
nl
area 2 nssa 10
O
Figure 10-22: OSPF redistribution—Scenario 3-2-c
Se
Here you see the configuration for the ABR (R4) and internal stub router (R5) when
they are HP E-Series devices. The main difference in the configuration is that the ABR
lU
automatically generates a default route for both stubby areas and NSSAs whenever
you specify the no-summary option.
a
rn
te
In
P
r H
Fo
Rev. 11.12 10 –39
HP Networking Interoperability
OSPF redistribution—Scenario 3-3
R1 Area 0 R4
.4 0.0.0.0/0
.1
10.0.10.0/24
10.1.1.0/24 Area 2
10.2.1.0/24
Area 1
R2 .2 .5 R5
.3 R3
10.1.2.0/24
What routes are listed in R4
10.1.3.0/24 and R5’s routing tables?
y
Figure 10-23: OSPF redistribution—Scenario 3-3
nl
O
You should now be able to predict the result of this configuration. For R4 and R5, fill
in the routing table:
Se
Routes to directly connected networks
lU
Routes discovered through OSPF (remember to consider redistributed routes,
summarized routes, and default routes)
a
For Type, indicate the type of route using the Cisco abbreviations:
rn
C = Connected networks
te
O = OSPF networks internal to the area (Type 1and Type 2 LSAs)
In
O IA = Inter-area OSPF networks (Type 3 LSAs)
P
O E1 or O E2: External (redistributed) OSPF networks
H
O N1 or O N2: External (redistributed) OSPF networks in an NSSA
r
You do not necessarily have to fill in every row in every table.
Fo
R4 Routing Table
IP network Next hop Type
10 –40 Rev. 11.12
Routing Using OSPF
R5 Routing Table
IP network Next hop Type
y
nl
O
Se
a lU
rn
te
In
P
r H
Fo
Rev. 11.12 10 –41
HP Networking Interoperability
OSPF redistribution—Scenario 4-1
10.1.N.0/24
1 2
10.1.N.0/24
OSPF 1 OSPF 2
R1
Why create two OSPF
domains?
R3 R4
10.1.N.0/24 10.2.N.0/24
R2
.2
y
nl
10.1.N.0/24
1 2
O
10.1.N.0/24
Figure 10-24: OSPF redistribution—Scenario 4-1
Se
The figure represents two OSPF domains with two ASBRs that are implementing two
lU
OSPF processes and redistributing routes from one process to another. This scenario
is completely different from a single OSPF domain with two areas but one OSPF
process.
a
rn
Use cases
te
Why might you configure two OSPF domains rather than two areas within a single
In
domain? In a large and complicated network, you might have several reasons:
You want to filter networks between the two regions. Redistributing routes
P
between two domains offers filtering capabilities that are not possible into an
H
OSPF domain:
r
Within an area, you cannot filter routes because all routers in the area must
Fo
share a link-state database. (Although you can prevent individual routers
from representing certain LSAs in their local routing table, this function is not
true filtering.)
Between areas, as you learned in earlier scenarios, you can configure some
route filtering. You create non-advertised route summarizations (Type 3 LSAs)
on ABRs.
Redistributed routes to external networks (Type 5 LSAs) are distributed in all
areas in the domain and cannot be filtered except in stub areas and
NSSAs.
10 –42 Rev. 11.12
Routing Using OSPF
Two corporate networks with separate OSPF domains have now merged under
one administration.
Your network has complexities that do not fit within the OSPF area design
constraints.
OSPF imposes a network design with Area 0 as the backbone area. All other
areas must connect to Area 0, which in same large networks results in a very
large area 0 without any filtering capabilities. In an environment such as this,
you can create multiple OSPF domains (or a hierarchy of OSPF domains), which
offers more flexibility for the topology and more filtering capabilities.
Note
The multiple domain topology can introduce some issues. For example, the ASBR
will flood Type 5 LSAs throughout the remote domain every time Type 1 and 2
LSAs indicate a change in its local area. Thus, instability in one domain can lead
y
nl
to a constant injection and withdrawal of Type 5 LSAs in the other domain.
Many companies with complex topologies and extensive filtering requirements
O
prefer to establish multiple OSPF domains that connect through BGP. Such a
deployment provides a great deal of control and flexibility. In addition, inter-
Se
OSPF domain communications must pass through BGP. Because BGP provides
dampening, the instability in one domain will be less visible to other domains.
a lU
rn
te
In
P
r H
Fo
Rev. 11.12 10 –43
HP Networking Interoperability
OSPF redistribution—Scenario 4-1 implications
OSPF 1 OSPF 2
R1
1
10.1.N.0/24
What happens when R1
10.1.N.0/24
10.1.N.0/24
2 and R2:
R3 R4
10.1.N.0/24 10.2.N.0/24 1 • Learn 10.1.N.0/24 as an
internal route in OSPF1
2
• Learn 10.1.N.0/24 as an
R2 2 external route in OSPF 2
1
10.1.N.0/24
.2
y
Figure 10-25: OSPF redistribution—Scenario 4-1 implications
nl
A scenario such as this, in which two ASBRs run two OSPF processes and redistribute
O
routes between them, introduces some concerns. (The same concerns would not
apply if you had only one ASBR running two OSPF processes.)
Consider what happens with 10.1.N.0/24, a domain 1 network. First, R1 and R2
Se
lU
learn a route to this network as an internal route in OSPF process 1. Then the routers
redistribute the internal route from OSPF process 1 to OSPF process 2. OSPF process
a
2 learns the route as a route to an external network. Because you have two ASBRs,
rn
the routers advertise the external routes to each other in OSPF process 2.
What happens then?
te
On each router, both processes propose a route to 10.1.N.0/24 to OSPF. In other
In
words, an external route to the network from OSPF process 2 is competing with an
P
internal route to the same network from OSPF process 1.
H
On each router, OSPF must now choose between the routes. It has rules for doing so,
but they might not lead to the desired result:
r
Fo
Route type—OSPF prefers intra-area routes to inter-area routes to external routes.
However, this rule only applies to routes within a single process. In other words,
OSPF does not prefer internal routes from one process to external routes from
another process.
Administrative distance—Routes with lower administrative distance are
preferred. This rule does apply to routes learned by different processes.
However, in effect, it might not help to distinguish the routes because different
processes use the same administrative distance by default. (You should manually
configure the administrative distance for different OSPF processes to force OSPF
to select routes correctly.)
Cost—When routes have the same administrative distance, OSPF can use cost
as a tie breaker—but only within in a single process.
10 –44 Rev. 11.12
Routing Using OSPF
Thus OSPF might not be able to choose between the routes correctly. On Cisco
devices, if two processes propose routes to the same network with the same
administrative distance, the first process to execute the Shortest Path First algorithm
wins. This process places its route into the routing-table (although if the forwarding
interface for that route goes down, the other process can place its route). In short,
you cannot reliably predict which route OSPF will select.
Note
Some earlier software versions might behave differently. Refer to your devices’
documentation for their functionality.
y
nl
O
Se
a lU
rn
te
In
P
r H
Fo
Rev. 11.12 10 –45
HP Networking Interoperability
OSPF redistribution—Scenario 4-1 implications (cont)
2
IP Network Next Hop Type
OSPF 1 OSPF 2
10.1.1.0/24 0.0.0.0 C
10.2.1.0/24 0.0.0.0 C
R1 10.1.2.0/24 10.1.1.2 O
10.1.3.0/24 10.1.1.2 O
10.2.2.0/24 10.2.1.2 O E2
10.2.3.0/24 10.2.1.2 O E2
10.1.1.0/24 10.2.1.0/24
R3 R4
• Local networks learned
10.1.3.0/24 10.2.3.0/24
as external networks
10.1.2.0/24 10.2.2.0/24 • Routing loop
R2
IP Network Next Hop Type
.2 10.1.2.0/24 0.0.0.0 C
10.2.2.0/24 0.0.0.0 C
10.1.1.0/24 10.1.2.2 O
y
10.1.3.0/24 10.1.2.2 O
nl
10.2.1.0/24 10.1.2.2 O E2
10.2.3.0/24 10.1.2.2 O E2
O
Figure 10- 26: OSPF redirection—Scenario 4-1 implications (cont.)
Se
Here you see what might happen in the scenario that you have been examining.
R1 has selected the external route to network 10.2.3.0/24 known by OSPF process
lU
2. The next hop for this route is R2 because R1 received the Type 5 LSA with this
route from R2. Similarly, R2 has selected the external route to 10.2.3.0/24 with R1
a
as the next hop. The routers have a routing loop that will prevent traffic from reaching
rn
its destination.
te
Although OSPF might select the internal route from the original process, you cannot
In
rely on that.
P
r H
Fo
10 –46 Rev. 11.12
Routing Using OSPF
OSPF redistribution—Scenario 4-1 configuration
Redistribution /Import
OSPF 1 OSPF 2
R1
How do you configure
redistribution on R1:
R3 R4 • Cisco
10.1.N.0/24 10.2.N.0/24 • HP A-Series
R2
y
nl
You will now learn how to configure this scenario. You will see the commands for
O
Cisco devices and for HP A-Series devices. (HP E-Series devices do not support
multiple OSPF processes.)
Se
a lU
rn
te
In
P
r H
Fo
Rev. 11.12 10 –47
HP Networking Interoperability
OSPF redistribution—Scenario 4-1-a
OSPF 1 OSPF 2
R1
Redistribute:
•OSPF 2 in OSPF 1
R4 •OSPF 1 in OSPF 2
R3
10.1.N.0/24 10.2.N.0/24
R2 R1= Cisco
router ospf 1
network 10.1.0.0 0.0.255.255 area 0
redistribute ospf 2 subnets
router ospf 2
network 10.2.0.0 0.0.255.255 area 0
y
redistribute ospf 1 subnets
nl
Figure 10-27: OSPF redistribution—Scenario 4-1-a
O
The figure shows the commands for redistributing OSFP process 2 in OSPF process 1
Se
and vice versa. The subnets option is required on Cisco when you need to
redistribute the non-classful IPv4 networks (Class A, B, C). If you do not include this
lU
option, routes to subnets within the classful network are not redistributed.
Important
a
! This scenario is progressive. These first commands introduce the possibility of
rn
routing loops. You will learn the commands for preventing the loops a bit later.
te
In
P
r H
Fo
10 –48 Rev. 11.12
Routing Using OSPF
OSPF redistribution—Scenario 4-1-b
OSPF 1 OSPF 2
R1
Redistribute:
•OSPF 2 in OSPF 1
R4 •OSPF 1 in OSPF 2
R3
10.1.N.0/24 10.2.N.0/24
R1= HP A-Series
ospf 1 router-id 1.1.1.1
area 0
R2
network 10.1.0.0 16
import-route ospf 2
ospf 2 router-id 2.1.1.1
area 0
network 10.2.0.0 16
y
import-route ospf 1
nl
Figure 10-28: OSPF redistribution—Scenario 4-1-b
O
Here you see the configuration for the same router in the same scenario when the
Se
router is an HP A-Series device. lU
a
rn
te
In
P
r H
Fo
Rev. 11.12 10 –49
HP Networking Interoperability
OSPF redistribution—Scenario 4-1-c
OSPF 1 OSPF 2
R1
ospf 1
R4
R1= HP A-Series
R3 area 0
10.1.N.0/24 10.2.N.0/24
network 10.1.0.0 0.0.255.255
import-route ospf 2 cost 1000 type 1
preference ase 200
ospf 2 R2
area 0
network 10.2.0.0 0.0.255.255
import-route ospf 1 cost 1000 type 1
y
preference ase 200
nl
What is the effect of changing
O
preference/administrative distance of
external networks?
Se
Figure 10-29: OSPF redistribution—Scenario 4-1-c
lU
The slide displays commands that you can enter on an HP A-Series device to avoid
the routing loop issues you learned about earlier. (The commands for Cisco are listed
a
at the end of the notes for this slide.)
rn
Consider how this configuration resolves the problem.
te
As you learned earlier, OSPF can use administrative distance to choose between
In
routes learned by different processes. Here you have configured external networks
that are redistributed into OSPF to have a higher administrative distance than the
P
default.
H
Return to the earlier example: both R1 and R2 redistribute routes to network
r
10.1.N.0/24 from OSPF process 1 into OSPF process 2. They now advertise the
Fo
redistributed routes on OSPF process 2 with an administrative distance of 200.
Because the internal routes from OSPF process 1 have a lower administrative
distance, both routers select the internal routes for their routing tables.
The ASBRs will now prefer all internal routes to all external routes redistributed from
another process. In other words, the ASBRs will reach all networks in one domain
through that domain’s routers.
10 –50 Rev. 11.12
Routing Using OSPF
Configuration for Cisco
The configuration if R1 were a Cisco device would be:
router ospf 1
network 10.1.0.0 0.0.255.255 area 0
redistribute ospf 2 subnets
distance ospf external 200
router ospf 2
network 10.2.0.0 0.0.255.255 area 0
redistribute ospf 1 subnets
distance ospf external 200
Limitations of the solution
y
nl
This solution only resolves routing loops for routes that are internal to one of the OSPF
domains. It is possible that both ASBRs receive external routes to the same subnets
O
from other redistribution points. In this case, routing loops can still occur when the
ASBRs advertise the same routes to each other over the other OSPF process. Because
Se
the routes in both processes are external, they have the same administrative distance,
and OSPF cannot select between them.
lU
You can attempt to resolve that problem by configuring different administrative
a
distances for redistributed routes in different domains. However, this configuration
rn
would only solve the problem for routes that are originally distributed into the domain
with the lower administrative distance. To ensure that a particular route is always
te
advertised with a lower administrative distance in the proper domain, you would
In
need to set up prefix-specific administrative distances, which are supported by both
Cisco and HP A-Series devices.
P
You could also attempt to configure the more reliable redistribution points to
H
advertise external routes with a lower administrative distance than that used by the
r
ASBRs running two OSPF processes. In that case, these ASBRs would prefer external
Fo
routes that they receive from the original, more reliable distribution points to the
routes that they redistribute into the other process and receive from each other.
Rev. 11.12 10 –51
HP Networking Interoperability
OSPF redistribution—Scenario 4-2
10.1.N.0/24
10.2.N.0/24
OSPF 1 OSPF 2
R1
R3 R4 On R1, import all OSPF1
10.1.N.0/24 10.2.N.0/24 networks into OSPF 2
but not OSPF 2 networks.
R2 What filtering method s
do you know?
y
10.2.N.0/24
nl
10.1.N.0/24
O
Figure 10-30: OSPF redistribution—Scenario 4-2
Se
Whenever two routers redistribute routes between OSPF processes, they might
redistribute the route received from one process back into that process again,
lU
potentially creating a routing loop. This scenario presents one of the best solutions:
filters that remove particular routes from redistribution.
a
Typically, when configuring redistribution from one process to another, you would
rn
filter out the routes that should originate, as far as OSPF is concerned, in the
te
destination process (these routes might be internal or external). For example, when
In
redistributing from OSPF 1 to OSPF 2, filter out OSPF 2 networks.
You can achieve this goal in different ways:
P
Typically, you create filters that map to ACLs or prefix lists, each of which lists all
H
networks in a particular OSPF domain. The drawback of this method is that you
r
must maintain these lists carefully.
Fo
For a more dynamic setup, switches can automatically mark routes as associated
with a domain. When you set up the redistribution of routes into that domain,
you configure the filters based on the tag.
10 –52 Rev. 11.12
Routing Using OSPF
OSPF redistribution and filtering: Scenario 4-2-a
10.1.N.0/24 Filter a domain’s networks
10.2.N.0/24
OSPF 1 OSPF 2 when redistributing networks
R1
into that same domain
R1= Cisco
router ospf 1
redistribute ospf 2 subnet route-map ospf2-only
distance ospf external 200
R3 R4
10.1.N.0/24 10.2.N.0/24
route-map ospf2-only permit 10
match ip address 22
access-list 22 permit 10.2.0.0 0.0.255.255
R2
y
router ospf 2
nl
redistribute ospf 1 subnet route-map ospf1-only
distance ospf external 200
O
10.2.N.0/24
route-map ospf2-only permit 10
10.1.N.0/24
match ip address 11
Se
access-list 11 permit 10.1.0.0 0.0.255.255
lU
Figure 10-31: OSPF redistribution and filtering: Scenario 4-2-a
First examine the Cisco commands for one method of filtering routes that belong to a
a
specific domain out of the routes redistributed back into the domain.
rn
You specify a route map with the redistribution command. The route map is
te
associated with an ACL that selects the networks that are part of the OSPF domain to
In
which routes are being distributed.
Note the distance ospf external 200 command, which you learned about in the
P
previous scenario. Why is this command still necessary when you have configured
H
filtering? Remember: the filtering prevents routes that belong to one OSPF process
r
from being redistributed back into that process. The raised administrative distance
Fo
deals with routes that have been properly redistributed into another process but
should not be preferred to the original routes on the router running both processes.
You must configure both a filter and a raised administrative distance.
Rev. 11.12 10 –53
HP Networking Interoperability
OSPF redistribution and filtering—Scenario 4-2-b
10.1.N.0/24
OSPF
10.2.N.0/24
OSPF 2 R1= HP A-Series
ospf1 1
…
import-route R1
ospf 2 route-policy ospf2-only
preference ase 200
quit
acl number 2002
rule permit source 10.2.0.0 0.0.255.255
rule deny source any
R3
route-policy
R4
ospf2-only permit node 10
10.1.N.0/24 if-match acl 2002 10.2.N.0/24
ospf 2
… R2
import-route ospf 1 route-policy ospf1-only
y
preference ase 200
nl
quit
acl number 2001
rule permit source10.2.N.0/24
10.1.0.0 0.0.255.255
O
rule deny source any
10.1.N.0/24
route-policy ospf1-only permit node 10
if-match acl 2001
Se
Figure 10-32: OSPF redistribution and filtering—Scenario 4-2-b
lU
The figure displays the commands to configure similar filters on HP A-Series devices.
a
These devices also allow you to associate the filters with prefix lists instead of ACLs.
rn
In another option, you can configure filter policies instead of router policy filters. Use
filter policies when you only need to apply filtering to the redistribution command.
te
Use route policies when you need to apply filters and potentially other actions.
In
The sections below give the commands for the alternate configurations for your
reference.
P
H
Alternate configuration with ip prefix-list
r
ospf 1
Fo
…
import-route ospf 2 route-policy filter_ospf1
preference ase 200
quit
ip ip-prefix n1 permit 10.1.0.0 16 greater-equal 16 less-equal 30
route-policy filter_ospf1 permit node 10
if-match ip-prefix n1
10 –54 Rev. 11.12
Routing Using OSPF
ospf 2
…
import-route ospf 1 route-policy filter_ospf2
preference ase 200
quit
ip ip-prefix n2 permit 10.2.0.0 16 greater-equal 16 less-equal 30
route-policy filter_ospf2 permit node 10
if-match ip-prefix n2
Alternate configuration with filter-policy export
ospf 1
…
y
filter-policy 2001 export
nl
preference ase 200
O
quit
acl number 2001
Se
rule permit source 10.1.0.0 0.0.255.255
lU
rule deny source any
a
rn
ospf 2
te
…
In
filter-policy 2002 export
preference ase 200
P
quit
H
Acl number 2001
r
rule permit source 10.1.0.0 0.0.255.255
Fo
rule deny source any
Rev. 11.12 10 –55
HP Networking Interoperability
OSPF redistribution and filtering—Scenario 4-2-c
10.1.N.0/24
OSPF 1
10.2.N.0/24
OSPF 2 Mark redistributed networks with
a tag and filter based on tag.
R1
R1= Cisco
router ospf 1
R3 redistribute ospf 2R4subnet tag 22 route-map filter_ospf1
10.1.N.0/24 distance ospf external 10.2.N.0/24
200
!
route-map filter_ospf1 deny 10
match tag 11
R2 filter_ospf1 permit 20
route-map
router ospf 2
redistribute ospf 1 subnet tag 11 route-map filter_ospf2
y
distance ospf external 200
10.2.N.0/24
nl
!
10.1.N.0/24
route-map filter_ospf2 deny 10
match tag 22
O
route-map filter_ospf2 permit 20
Se
Figure 10-33: OSPF redistribution and filtering—Scenario 4-2-c
In this configuration, you filter routes based on a tag. The configuration relies on
lU
several components:
a
When you configure redistribution from OSPF process 1 to process 2 (the bottom
rn
box in the figure), you configure the router to tag the redistributed routes as
belonging to process 1 (tag 11).
te
You also configure a route map filter that denies routes with that tag but permits
In
all other routes.
P
When you configure redistribution from OSPF process 2 to OSPF process 1, you
H
specify the route map filter that denies all routes marked with process 1’s tag
(11).
r
Fo
You follow the same steps to filter routes redistributed from OSPF process 1 to process
2. Thus each redistribute command specifies a tag and a route map filter.
This method does not necessarily solve all problems. For example, each domain
might have another ASBR, which redistribute some of the same routes. The external
routes received from these ASBRs will not be tagged, and so they will be
redistributed to the other domain. You might need to configure prefix-based
administrative distances as discussed earlier.
10 –56 Rev. 11.12
Routing Using OSPF
OSPF redistribution and filtering—Scenario 4-2-d
10.1.N.0/24
OSPF 1
10.2.N.0/24
OSPF 2 Mark redistributed networks with
a tag and filter based on tag.
R1
ospf 1 R1= HP A-Series
…
R3
import-route R4 route-policy filter_ospf1
ospf 2 tag 22
10.1.N.0/24 preference ase 200 10.2.N.0/24
quit
route-policy filter_ospf1 deny node 10
if-match tag 11
route-policy filter_ospf1 permit node 20
R2
ospf 2
…
y
import-route ospf 1 tag 11 route-policy filter_ospf2
preference ase 200
nl
quit 10.2.N.0/24
10.1.N.0/24
route-policy filter_ospf2 deny node 10
O
if-match tag 22
route-policy filter_ospf2 permit node 20
Se
Figure 10-34: OSPF redistribution and filtering—Scenario 4-2-d
lU
You can also configure filtering based on tags on HP A-Series switches. The
configuration is very similar to the Cisco configuration.
a
rn
te
In
P
r H
Fo
Rev. 11.12 10 –57
HP Networking Interoperability
OSPF default route injection—Scenario 5
Internet
BGP
R1 R2
0.0.0.0/0 0.0.0.0/0 Both R1 and R2 use OSPF
to inject a default route
into corporate network
OSPF
R3 Area 0 R4
y
nl
Figure 10-35: OSP default route injection—Scenario 5
O
In this scenario, R1 and R2 are connected to the Internet and use BGP to
communicate with the ISP routers. (They could also have a static default route to the
Se
Internet for a similar scenario.)
Both routers inject a default route into the OSPF network.
a lU
rn
te
In
P
r H
Fo
10 –58 Rev. 11.12
Routing Using OSPF
OSPF default route injection—Scenario 5-1
Internet For the default route:
•What is the metric?
BGP
R2
•What is the metric type?
R1
0.0.0.0/0 0.0.0.0/0
10.1.N.0/24
If the cost of IP OSPF
OSPF
interfaces is 10, which
Area 0
R3 R4 default route will R3 and R4
add to their routing tables?
ospf 1 R1= HP A-Series
Area 0
network 10.1.0.0 0.0.255.255
y
default-route advertise always cost 100 type 1
R2 = Cisco
nl
50 ospf
router Rev. 10.41
1
network 10.1.0.0 0.0.255.255 area 0
O
default-information originate metric 100 metric-type 1
Figure 10-36: OSPF default route injection—Scenario 5-1
Se
This figure presents a scenario in which R1 (an HP A-Series router) and R2 (a Cisco
lU
router) both
What is the metric for the default routes advertised by R1 and R2? What is the
a
default route’s metric type?
rn
Both the Cisco and the HP A-Series devices have commands that define the default
te
cost (metric) and default metric type for routes advertised by OSPF. The figure shows
In
the commands that configure these settings for default routes injected into OSPF:
Metric (cost) = 100
P
H
Metric type = 1
Refer to the section at the end of the notes for this slide to see more commands for
r
Fo
changing these settings as well as the default settings when the commands are not
defined.
Continue to examine the configuration shown in the figure. If the cost on IP OSPF
interfaces is 10, which default route will R3 and R4 add to their routing table?
In this configuration, both R1 and R2 inject the default route with metric 100 and
metric type 1. Metric type 1 means that each router interface that advertises the route
will increment the cost.
Trace the routes from R1 and R2 to R3:
When R3 receives the default route set by R1, its cost will be 100+10 =110.
When R3 receives the default route set by R2, its cost will be 100+10 + 10
=120.
Rev. 11.12 10 –59
HP Networking Interoperability
R3 will select the route from R1 as the route through the closest router. The default
route from R2 will serve as a backup in case R1 or the link to R1 fails; however, the
backup route is not part of the active routing table.
Also trace the routes from R1 and R2 to R4:
When R3 receives the default route set by R1, its cost will be 100+10 + 10
=120.
When R4 receives the default route set by R2, its cost will be 100+10 =110.
Thus R4 will add the route from R2 to its routing table; the route from R1 serves a
backup.
In conclusion, when the redistributed route uses metric type 1, other OSPF routers can
choose the route with the least cost.
y
Additional reference
nl
On Cisco devices, you can specify the default metric and metric type for redistributed
O
routes when you enter the redistribute commands. Similarly, you specify the default
metric and metric type for a default route injected into an NSSA or totally stubby
Se
area when you enter the default-information or area commands.
lU
On HP A-Series devices, the commands for changing the default metric and metric
type are:
a
ospf <process ID>
rn
default cost <metric> type [1 | 2]
te
But you can also override those commands for particular redistributed routes or route
summaries configured for areas.
In
If you have not configured these commands, the default settings are:
P
On Cisco devices:
H
Default cost is 20.
r
Fo
Default external route type is 2.
On HP A-Series devices:
Default cost is 1.
Default external route type is 2.
10 –60 Rev. 11.12
Routing Using OSPF
OSPF redistribution and filtering—Scenario 5-2
Internet All links are gigabit
and all routers use the
BGP
R2
bandwidth reference.
R1
0.0.0.0/0 0.0.0.0/0
Which default route will R3
10.1.N.0/24
and R4 add to their routing
OSPF
Area 0 tables?
R3 R4
ospf 1 R1= HP A-Series
bandwidth-reference 10000
Area 0
network 10.1.0.0 0.0.255.255
y
default-route advertise always cost 100 type 2
nl
router ospf 1 R2 = Cisco
auto-cost reference-bandwidth 10000
O
network 10.1.0.0 0.0.255.255 area 0
default-information originate metric 100 metric-type 2
Se
Figure 10-37: OSPF redistribution and filtering—Scenario 5-2
lU
Now consider the same scenario except that the injected default routes use type 2
metrics. In this case, which default routes to R3 and R4 add to their routing table.
a
First examine R3. Both R1 and R2 assign the same cost (100) to the default route, so
rn
R3 cannot choose between the routes based on cost. Therefore, R3 selects the default
route from the ASBR to which it has the lowest cost path.
te
In this example, the cost for a gigabit link is 10 (bandwidth reference/bandwidth =
In
10000/1000). R3’s path cost to R1 is 10 and its path cost to R2 is 20. Therefore, R1
P
selects the default route from R1.
H
Similarly, R4 receives both default routes with the same cost. R4’s path cost to R1 is
20 and to R2, 10. Therefore, R4 selects the default route from R2.
r
Fo
Again, both R3 and R4 can use the non-selected route as a backup, which is added
to the routing table if they can no longer reach the next-hop router in the selected
route.
In conclusion, when routers inject default routes with type 2 metrics, other routers
choose the default route of the closest ASBR (which is often the same route that would
be selected with type 1 metrics).
Rev. 11.12 10 –61
HP Networking Interoperability
Labs 10.1 and 10.2: Configuring OSPF
Server_1
P3
VLAN 101
HP-E
P1
VLAN 100 Area 1
P3
Cisco-B OSPF Router-Id:
POD.X.X.X
VLAN 2 P1 P2
VLAN 3
IP addressing:
P1 P1
HP-C Area 0 Cisco-A 10.POD.VLAN.X/24
P2 P2 X=1 on Cisco-A
X=2 on Cisco-B
VLAN 4
X=3 on HP-C
VLAN 5 X=4 on HP-D
P1 P2
X=5 on HP-E
y
HP-D X=6 on HP-F
X=100 on Server_1
nl
P3 X=101 on Client_1
VLAN 200 P1 Area 2
O
HP-F P3
Client_1
VLAN 201
Se
Figure 10-38: Lab 10.1: Configuring OSPF areas
lU
Server_1
P3
a
VLAN 101
rn
HP-E
P1
VLAN 100
te
P3
OSPF1 Area 0
Cisco-B
OSPF Router-Id:
In
POD.X.X.X
P1 P2
VLAN 2 VLAN 3
IP addressing:
P
P1
P1
HP-C Cisco-A 10.POD.VLAN.X/24
H
P2 X=1 on Cisco-A
P2
X=2 on Cisco-B
VLAN 4
X=3 on HP-C
r
VLAN 5 X=4 on HP-D
P1 P2
Fo
X=5 on HP-E
X=6 on HP-F
OSPF2 HP-D
Area 0 X=100 on Server_1
P3 X=101 on Client_1
VLAN 200 P1
HP-F P3
Client_1
VLAN 201
Figure 10- 39: Lab 10.2: Configuring OSPF redistribution
You will now complete two labs. In the first lab, illustrated in Figure 10-38, you
establish a multi-area OSPF system, in which a Cisco switch is one ABR and a HP A-
Series switch is another ABR.
In the second lab, illustrated in Figure 10-39, you configure redistribution of routes
from one OSPF AS to another. In this lab, a Cisco switch is one ASBR and an HP A-
Series switch is another ASBR.
You can proceed directly from one lab to the next at your own pace.
10 –62 Rev. 11.12
Routing Using OSPF
Use the space below to record any instructions your facilitator gives you for
these labs.
________________________________________________________________________
________________________________________________________________________
________________________________________________________________________
________________________________________________________________________
________________________________________________________________________
y
nl
________________________________________________________________________
O
________________________________________________________________________
Se
________________________________________________________________________
a lU
________________________________________________________________________
rn
te
________________________________________________________________________
In
________________________________________________________________________
P
H
________________________________________________________________________
r
Fo
________________________________________________________________________
________________________________________________________________________
________________________________________________________________________
________________________________________________________________________
________________________________________________________________________
________________________________________________________________________
Rev. 11.12 10 –63
HP Networking Interoperability
Lab debrief
Did you find useful show and display commands?
_______________________________________________________________________
_______________________________________________________________________
_______________________________________________________________________
_______________________________________________________________________
_______________________________________________________________________
y
nl
O
_______________________________________________________________________
Se
_______________________________________________________________________
lU
What are your key insights about OSPF? Have you discovered something new?
a
_______________________________________________________________________
rn
te
_______________________________________________________________________
In
_______________________________________________________________________
P
H
_______________________________________________________________________
r
Fo
_______________________________________________________________________
_______________________________________________________________________
_______________________________________________________________________
10 –64 Rev. 11.12
Routing Using OSPF
What were your greatest challenges?
_______________________________________________________________________
_______________________________________________________________________
_______________________________________________________________________
_______________________________________________________________________
y
nl
_______________________________________________________________________
O
Se
_______________________________________________________________________
a lU
What practical discoveries do you plan to apply in the field?
rn
_______________________________________________________________________
te
In
_______________________________________________________________________
P
_______________________________________________________________________
r H
_______________________________________________________________________
Fo
_______________________________________________________________________
_______________________________________________________________________
_______________________________________________________________________
Rev. 11.12 10 –65
HP Networking Interoperability
Module 10 summary
In this module, you have learned how to:
Configure OSPF routing on HP and Cisco switches
Enable OSPF’s BFD and graceful restart features
Configure areas and summarization
Configure redistribution and filtering
Generate default routes to inject into OSPF
y
nl
O
Se
a lU
rn
te
In
P
r H
Fo
10 –66 Rev. 11.12
Routing Using OSPF
Learning check
Q1: What parameters must match for OSPF neighbors?
_______________________________________________________________________
_______________________________________________________________________
_______________________________________________________________________
_______________________________________________________________________
_______________________________________________________________________
y
nl
O
_______________________________________________________________________
Se
Q2: What purpose does BFD serve in OSPF?
lU
_______________________________________________________________________
a
_______________________________________________________________________
rn
te
_______________________________________________________________________
In
_______________________________________________________________________
P
H
_______________________________________________________________________
r
Fo
_______________________________________________________________________
Q3: Which type of area conceals the networks in all other areas from routers within
that area?
_______________________________________________________________________
_______________________________________________________________________
_______________________________________________________________________
_______________________________________________________________________
Rev. 11.12 10 –67
HP Networking Interoperability
Q4: What options can you set when you redistribute routes into OSPF?
_______________________________________________________________________
_______________________________________________________________________
_______________________________________________________________________
_______________________________________________________________________
_______________________________________________________________________
y
Q5: Why would you tag IP routes when you redistribute them?
nl
_______________________________________________________________________
O
_______________________________________________________________________
Se
lU
_______________________________________________________________________
a
_______________________________________________________________________
rn
te
_______________________________________________________________________
In
_______________________________________________________________________
P
H
_______________________________________________________________________
r
Fo
Q6: When you implement graceful restart, do all routers need to be aware of the
graceful restart feature?
_______________________________________________________________________
_______________________________________________________________________
_______________________________________________________________________
_______________________________________________________________________
_______________________________________________________________________
10 –68 Rev. 11.12
Routing Using OSPF
Q7: Why would you configure an OSPF interface as passive or silent?
_______________________________________________________________________
_______________________________________________________________________
_______________________________________________________________________
_______________________________________________________________________
_______________________________________________________________________
y
_______________________________________________________________________
nl
O
_______________________________________________________________________
Se
_______________________________________________________________________
lU
_______________________________________________________________________
a
rn
Q8: How can you set up one router as the main router and the other router as a
te
backup for a given network?
In
_______________________________________________________________________
P
_______________________________________________________________________
r H
_______________________________________________________________________
Fo
_______________________________________________________________________
_______________________________________________________________________
_______________________________________________________________________
_______________________________________________________________________
_______________________________________________________________________
Rev. 11.12 10 –69
HP Networking Interoperability
PAGE INTENTIONALLY LEFT BLANK
y
nl
O
Se
lU
a
rn
te
In
P
r H
Fo
10 –70 Rev. 11.12
Network Address Translation
Module 11
Module 11 objectives
After completing this module, you will be able to configure network address
translation (NAT) to:
Connect users with private addresses to the Internet
Allow external access to internal servers with private addresses
Interconnect networks with overlapping addresses
NOTES
y
nl
_________________________________________________________________________
O
_________________________________________________________________________
Se
lU
_________________________________________________________________________
a
_________________________________________________________________________
rn
te
_________________________________________________________________________
In
_________________________________________________________________________
P
H
_________________________________________________________________________
r
Fo
_________________________________________________________________________
_________________________________________________________________________
_________________________________________________________________________
_________________________________________________________________________
_________________________________________________________________________
Rev. 11.12 11 –1
HP Networking Interoperability
Internet access with dynamic NAT
This module focuses on the following scenarios:
Using dynamic NAT to provide users with Internet access
Many-to-one NAT, also called Network Address Port Translation (NAPT) or
Port Address Translation (PAT)
Many-to-many: NAT without PAT
Accessing internal servers with private addresses from the outside, using a NAT
interface
Managing overlapping networks with NAT
y
Note
nl
NAT support is very limited on HP E-Series devices, so this module will cover
NAT for Cisco and the HP A-Series devices. NAT is supported on most HP and
O
Cisco routers, but only on a limited number of switches. If working with a switch,
be sure to verify that it supports NAT.
Se
a lU
rn
te
In
P
r H
Fo
11 –2 Rev. 11.12
Network Address Translation
NAT and Internet access—Scenario 1
MANY to ONE
10.1.0.0/16 translated into 15.6.7.8
10.1.1.18
10.1.0.0/16
S=15.6.7.8 :2001 D=X
S=10.1.1.18 :1031 D=X
S=15.6.7.8 :2002 D=Y
10.1.7.13 S=15.6.7.8 :2003 D=Z
S=10.1.7.13 :1028 D=Y 15.6.7.8
Internet
10.1.8.22
S=10.1.8.22 :1027 D=Z
y
Intranet
nl
O
Figure 11-1: NAT and Internet access—Scenario 1
Se
Dynamic NAT or NAPT is a variation of NAT. Because it allows multiple internal
addresses to be mapped to the same public IP address, it is called many-to-one NAT
or address multiplexing. NAPT is based on both the IP address and the port number.
lU
With NAPT, multiple IP source addresses are translated to the same public IP
address, but each NAT session is assigned a unique source port.
a
rn
Typically, the IP addresses to be translated are defined by an access control list
(ACL). The NAT device determines the address to which source addresses are
te
translated by either:
In
Using the IP address of a specific interface (the Internet-facing interface or the
forwarding interface in the packet’s route)
P
H
Selecting the IP address from pool of IP addresses, which might contain one or
several IP addresses
r
Fo
NAPT has enabled companies to better utilize their IP address resources, providing
many internal devices access to the external network at the same time using only one
or a few public IP addresses.
Rev. 11.12 11 –3
HP Networking Interoperability
NAT and Internet access—Scenario 1a
LAN Defined by ACL Interface or NAT Pool
10.1.0.0/16 R1
Gig 1/1 Gig 1/2
10.1.1.254 15.6.7.8 Internet
Intranet
interface gigabitethernet 1/1 R1= Cisco
ip address 10.1.1.254 255.255.255.0
ip nat inside
interface gigabitethernet 1/2
ip address 15.6.7.8 255.255.255.252
ip nat outside
access-list 10 permit 10.1.0.0 0.0.255.255
ip nat inside source list 10 interface gig 1/2 overload
y
or
nl
ip nat inside source list 10 pool pool-corp123 overload
ip nat pool pool-corp123 15.6.7.8 15.6.7.8 prefix 30
O
Figure 11-2: NAT and internet access—Scenario 1a
Se
Figure 11-2 shows the Cisco commands for configuring NAT for this scenario.
a lU
rn
te
In
P
r H
Fo
11 –4 Rev. 11.12
Network Address Translation
NAT and Internet access—Scenario 1b
LAN Defined by the ACL Interface or NAT Pool
10.1.0.0/16
R1
Int VLAN 100 Int VLAN 200
10.1.1.254 15.6.7.8 Internet
Intranet
R1= HP A -Series
interface vlan-interface 100
ip address 10.1.1.254 24
OR
interface vlan-interface 200 interface vlan-interface 200
ip address 15.6.7.8 30 ip address 15.6.7.8 30
nat outbound 2001 nat outbound 2001 address-group 1
quit
nat address-group 1 15.6.7.8 15.6.7.8
acl number 2001
y
rule permit source 10.1.0.0 0.0.255.255
nl
rule deny
O
Figure 11-3: NAT and Internet access—Scenario 1-b
Se
These are the commands for configuring NAT on an HP A-Series switch in a similar
scenario.
lU
NAPT configuration on the HP A-Series switch
a
The IP address to be translated, 10.1.0.0/16, is defined by the ACL. You can set the
rn
NAT address (the address after translation) in one of two ways:
te
To a pool of IP addresses by entering:
In
[HP-A] nat address group <first IP address> <last IP address>
You must then configure outbound NAT on the interface on which the traffic to
P
be translated is forwarded after being routed. When you do, you specify the
H
address group:
r
[HP-A] interface vlan-interface 200
Fo
[HP-A-Vlan-interface200] ip address 15.6.7.8 30
[HP-A-Vlan-interface200] nat outbound 2001 address-group 1
To the IP address of the interface to which you apply outbound NAT (this option
is called easy IP):
[Device] interface vlan-interface 200
[Device-Vlan-interface200] ip address 15.6.7.8 30
[Device-Vlan-interface200] nat outbound 2001
Note
By default, the IP NAT outbound setting is NAPT or PAT (many-to-one NAT). To
specify one-to-one NAT, you should add no-pat to the command:
nat outbound 2001 address-group1 no-pat
Rev. 11.12 11 –5
HP Networking Interoperability
Introduction to connection limit
A user that initiates a large quantity of connections in a short period of time occupies
large amounts of system resources, preventing other users from accessing network
resources. An internal server that receives large numbers of connection requests
within a short time cannot process them quickly enough and cannot accept other
normal connection requests. To avoid these situations, you can configure a
connection limit policy to limit the number of connections, connection rate, and
connection bandwidth.
The limits to the connection rate and bandwidth cannot be specified at the same
time.
If an option is not configured in the connection limit policy, the global
configuration settings will be used instead.
y
For user connections not covered in the connection limit policy, the global
nl
configurations take effect.
O
Follow these steps to configure this option:
Se
1. Configure a connection limit policy. In this example, the policy limits user
connections from 10.1.10.100. Set the upper and lower limits to 1000 and 200
lU
respectively.
[HP-A] acl number 2002
a
rn
[HP-A-acl-basic-2002] rule permit source 10.1.10.100 0.0.0.0
[HP-A-acl-basic-2002] rule deny
te
[HP-A-acl-basic-2002] quit
In
[HP-A] connection-limit policy 1
[HP-A-connection-limit-policy-1] limit 0 acl 2002 per-
P
destination amount 1000 200
H
[HP-A-connection-limit-policy-1] quit
r
2. Bind the connection limit policy to NAT.
Fo
[HP-A] nat connection-limit-policy 1
11 –6 Rev. 11.12
Network Address Translation
Internal servers with static NAT
Now that you considered a scenario involving dynamic NAT, you discuss two
scenarios for destination NAT. In these scenarios, external devices need to reach
internal servers with private IP addresses. The external devices contact the internal
servers at public IP addresses, and the NAT device translates the destination address
to the internal server’s actual private IP address. The first scenario features one-to-one
destination NAT, and the second features one-to-many destination NAT.
y
nl
O
Se
a lU
rn
te
In
P
r H
Fo
Rev. 11.12 11 –7
HP Networking Interoperability
Internal servers and NAT—Scenario 2
ONE to ONE
Server seen as 15.6.7.1 and
is translated into 10.1.1.101
FTP 10.1.1.101
10.1.0.0/16
S=X D=15.6.7.1:21
S=X D=10.1.1.101:21 S=Y D=15.6.7.2:80
Web 1 10.1.1.102
S=Z D=15.6.7.3:8080
S=Y D=10.1.1.102:80 15.6.7.1
15.6.7.2 Internet
Web 2 10.1.1.103 15.6.7.3
S=Z D=10.1.103:80
y
Intranet
nl
Figure 11-4: Internal servers and NAT—Scenario 2
O
This scenario features static destination NAT, which you must sometimes use with
Se
dynamic source NAT.
Dynamic source NAT hides the internal network structure, including the identities of
lU
internal hosts. However, in practice, external hosts often need to access internal hosts
such as Web or FTP servers. Destination NAT enables them to do so.
a
rn
With this form of NAT, you can deploy an internal server easily and flexibly. For
instance, you can use 15.6.7.1 as the Web server’s external address and 15.6.7.2 as
te
the FTP server’s external address. You can even use an address like 15.6.7.3:8080
In
as the Web server’s external address.
When a packet intended for an internal server arrives, NAT translates the destination
P
address in the packet to the private IP address of the internal server. When a
H
response packet from the internal server arrives, NAT translates the source address (a
r
private IP address) of the packet into a public IP addresses mapped to the same
Fo
external IP address with different port numbers.
11 –8 Rev. 11.12
Network Address Translation
Internal servers and NAT—Scenario 2a
ftp 10.1.1.101 15.6.7.1:21
www 10.1.1.102 15.6.7.2:80
smtp 10.1.1.103 15.6.7.3:25
R1
Gig 1/1 Gig 1/2
10.1.1.254 15.6.7.8 Internet
Intranet
R1= Cisco
interface gigabitethernet 1/1
ip address 10.1.1.254 255.255.255.0
ip nat inside
interface gigabitethernet 1/2
ip address 15.6.7.8 255.255.255.252
ip nat outside
y
ip nat inside source static tcp 10.1.1.101 21 15.6.7.1 21
nl
ip nat inside source static tcp 10.1.1.102 80 15.6.7.2 80
ip nat inside source static tcp 10.1.1.103 25 15.6.7.3 25
O
Figure 11-5: Internal servers and NAT—Scenario 2a
Se
These commands show how a Cisco device can implement static destination NAT
with optional port forwarding to a different private destination. On Cisco switches,
lU
you must specify ip nat inside on the interface that faces the private network and ip
nat outside on the interface that faces the Internet. Then, instead of setting up
a
destination NAT for outside traffic, you set up static source NAT entries for inside
rn
traffic. The device automatically implements destination NAT for the reverse traffic on
the interface enabled for outside NAT.
te
The configuration in the slide functions in this way:
In
Any packet received on the inside interface with a source IP address of
P
10.1.1.101:21 will be translated to 15.6.7.1:21. Any packet received on the outside
H
interface with a destination IP address of 15.6.7.1:21 will be translated to
destination 10.1.1.101:21.
r
Fo
Any packet received on the inside interface with a source IP address of
10.1.1.102:80 will be translated to 15.6.7.2:80. Any packet received on the
outside interface with a destination IP address of 15.6.7.2:80 will be translated
to destination 10.1.1.102:80.
Any packet received on the inside interface with a source IP address of
10.1.1.103:25 will be translated to 15.6.7.3:25. Any packet received on the
outside interface with a destination IP address of 15.6.7.3:25 will be translated
to destination 10.1.1.103:25.
Rev. 11.12 11 –9
HP Networking Interoperability
Internal servers and NAT—Scenario 2b
FTP 10.1.1.101 15.6.7.1:21
Web 10.1.1.102 15.6.7.2:80
SMTP 10.1.1.103 15.6.7.3:25
R1
Int vlan 100 Int vlan200
10.1.1.254 15.6.7.8 Internet
Intranet
R1= HP A -Series
interface vlan-interface 100
ip address 10.1.1.254 24
interface vlan-interface 200
ip address 15.6.7.8 30
nat server protocol tcp global 15.6.7.1 21 inside 10.1.1.101 ftp
nat server protocol tcp global 15.6.7.2 80 inside 10.1.1.102 www
nat server protocol tcp global 15.6.7.3 smtp inside 10.1.1.103 smtp
y
nl
Figure 11-6: Internal servers and NAT—Scenario 2b
O
This slide shows the same NAT configuration on an HP A-Series device. Notice that
Se
the NAT commands are configured on the VLAN interface that faces the Internet. (If
you were configuring NAT on an HP A-Series router, you would configure the NAT
commands on the routed physical interface.)
lU
You indicate that you are configuring static destination NAT by using the nat server
a
command shown in the slide. As you see, you specify the publically known IP
rn
address for the global address and the server’s actual IP address for the inside
address.
te
The HP A-Series devices automatically implement source NAT for the reverse traffic
In
from the servers to the Internet clients.
P
r H
Fo
11 –10 Rev. 11.12
Network Address Translation
Internal servers and NAT—Scenario 3
ONE to MANY
Servers all seen in15.6.7.8:X
translated into 10.1.1.101-104:Y
ftp 10.1.1.101:21
www 10.1.1.102:80
15.6.7.8:21
smtp 10.1.1.103:25
15.6.7.8:80
www2 10.1.1.104:80
15.6.7.8:25
S=X D=10.1.1.101:21 15.6.7.8:8080
S=X D=15.6.7.8:21
S=Y D=10.1.1.102:80
S=Y D=15.6.7.8:80
S=Z D=10.1.103:25
S=Z D=10.1.104:80 S=Z D=15.6.7.8:25
S=Z D=15.6.7.8:8080
Intranet
y
Internet
nl
O
Figure 11-7: Internal servers and NAT—Scenario 3
IP NAT port forwarding is typically used in small networks or small divisions of larger
Se
networks when only one public IP is available. The IP address of the router facing the
Internet becomes the “Internet interface.”
lU
When a packet intended for an internal server arrives, NAT translates the destination
a
address in the packet to the private IP address of the Internet interface of the router.
rn
When a response packet from the internal server arrives, NAT translates the source
address (a private IP address) of the packet into a public IP addresses mapped to the
te
same external IP address with different port numbers.
In
P
r H
Fo
Rev. 11.12 11 –11
HP Networking Interoperability
Internal servers and NAT—Scenario 3a
The server’s public IP address is translated
to a private IP address in the DNS response
10.1.3.140
10.1.0.0/16
DNS request for DNS response
www.corp123.com 15.6.7.8
DNS response DNS server
10.1.1.101 15.6.7.8:21
15.6.7.8:80
15.6.7.8:25 Internet
www.corp123.com 15.6.7.8:8080
10.1.1.101
y
Intranet
nl
O
Figure 11-8: Internal servers and NAT—Scenario 3a
Se
Internal server
Very often servers get their IP addresses from an external DNS server that belongs to
lU
an Internet Service Provider (ISP) or to another company.
a
DNS mapping
rn
You can specify an external IP address and port number for an internal server on the
te
public network interface of a NAT gateway, so that external users can access the
internal server using its domain name or pubic IP address.
In
An internal host may want to access an internal server on the same private network
P
by using its domain name, while the DNS server is located on the public network.
H
Typically, the DNS server will reply with the public address of the internal server to
the host. However, without relevant processing of the NAT device, the host cannot
r
access the internal server using its domain name. In this case, the DNS mapping
Fo
feature can solve the problem.
A DNS mapping entry records the domain name, public address, public port
number, and protocol type of an internal server. Upon receiving a DNS reply, the
NAT-enabled device matches the domain name in the message against the DNS
mapping entries. If a match is found, the private address of the internal server is
found and NAT replaces the public IP address in the reply with the private IP
address. Then, the host can use the private address to access the internal server.
11 –12 Rev. 11.12
Network Address Translation
Internal servers and NAT—Scenario 3b
ftp 10.1.1.101:21 15.6.7.8:21
DNS server
www 10.1.1.102:80 15.6.7.8:80
smtp 10.1.1.103:25 15.6.7.8:25 corp123.com
www2 10.1.1.104:80 R1 15.6.7.8:8080 ftp 15.6.7.8
www 15.6.7.8
Gig 1/1 Gig 1/2
web2 15.6.7.8
10.1.1.254 15.6.7.8 Internet smtp 15.6.7.8
Intranet
R1= Cisco
interface gigabitethernet 1/1 interface gigabitethernet 1/2
ip address 10.1.1.254 255.255.255.0 ip address 15.6.7.8 255.255.255.252
ip nat inside ip nat outside
ip nat inside source static tcp 10.1.1.101 21 15.6.7.8
15.6.7.0 21
ip nat inside source static tcp 10.1.1.102 80 15.6.7.8
15.6.7.1 80
ip nat inside source static tcp 10.1.1.103 25 15.6.7.8
15.6.7.2 25
ip nat inside source static tcp 10.1.1.104 80 15.6.7.8
15.6.7.3 8080
y
ip nat outside source static tcp 10.1.1.101 21 15.6.7.8 21
nl
ip nat outside source static tcp 10.1.1.102 80 15.6.7.8 80
ip nat outside source static tcp 10.1.1.103 25 15.6.7.8 25
O
ip nat outside source static tcp 10.1.1.104 80 15.6.7.8 8080
Figure 11-9: Internal servers and NAT—Scenario 3b
Se
The ip nat inside source command creates a translation, if necessary. It
lU
translates:
The source IP address for packets going from inside to outside
a
rn
The destination IP address for packets going from outside to inside
te
The ip nat outside source command creates a translation, if necessary as well. It
translates:
In
The source IP address for packets going from outside to inside
P
The destination IP address for packets going from inside to outside
H
In the above configuration, the ip nat inside source static tcp 10.1.1.101 21 15.6.7.8 21
r
command translates the source IP in packets coming from server 10.1.1.101:21 to the
Fo
public IP address 15.6.7.8:21 when the packets are transmitted from inside (intranet)
to outside (internet).
The ip nat outside source static tcp 10.1.1.101 21 15.6.7.8 21 command translates the
source IP in packets coming from server 10.1.1.101:21 to the public IP address
15.6.7.8:21 when packets are transmitted from inside (intranet) to outside (internet).
In this case the ip nat outside command is not used to translate packets but only to
translate the embedded IP address into a DNS response.
Rev. 11.12 11 –13
HP Networking Interoperability
Internal servers and NAT—Scenario 3c
ftp10.1.1.101:21 15.6.7.8:21 DNS server
www 10.1.1.102:80 15.6.7.8:80
smtp 10.1.1.10:25 15.6.7.8:25 corp123.com
www2 10.1.1.104:80 R1 15.6.7.8:8080 ftp 15.6.7.8
www 15.6.7.8
Gig 1/1 Gig 1/2
web2 15.6.7.8
10.1.1.254 15.6.7.8 Internet smtp 15.6.7.8
Intranet
interface vlan-interface 100 R1= HP A -Series
ip address 10.1.1.254 24
interface vlan-interface 200
ip address 15.6.7.8 30
nat server protocol tcp global 15.6.7.8 21 inside 10.1.1.101 ftp
nat server protocol tcp global 15.6.7.8 80 inside 10.1.1.102 www
nat server protocol tcp global 15.6.7.8 smtp inside 10.1.1.103 smtp
nat server protocol tcp global 15.6.7.8 8080 inside 10.1.1.104 80
y
Quit
nl
nat dns-map domain ftp.corp123.com protocol tcp ip 15.6.7.8 port ftp
nat dns-map domain www.corp123.com protocol tcp ip 15.6.7.8 port www
nat dns-map domain www2.corp123.com protocol tcp ip 15.6.7.8 port 8080
O
nat dns-map domain smtp.corp123.com protocol tcp ip 15.6.7.8 port 25
Se
Figure 11-10: Internal servers and NAT—Scenario 3c
With DNS mapping, an internal host can access an internal server on the same
lU
private network by using the domain name of the internal server when the DNS
server resides on the Internet.
a
rn
Use the nat dns-map command to map the domain name to the public network
information of an internal server.
te
Use the undo nat dns-map command to remove a DNS mapping. Currently, the
In
device supports up to 16 DNS mappings.
P
display nat dns-map is a related command.
r H
Fo
11 –14 Rev. 11.12
Network Address Translation
Using static NAT for overlapping networks
Typically, people consider NAT for the scenarios discussed thus far in this module:
translating IP addresses between a company’s private network and the Internet.
However, NAT can also be useful for problems that arise on a private network when
a company or two companies must merge two networks that have overlapping IP
addresses. The rest of this module explains how to use NAT to resolve this issue
without reconfiguring the IP addresses on one of the networks being merged.
y
nl
O
Se
a lU
rn
te
In
P
r H
Fo
Rev. 11.12 11 –15
HP Networking Interoperability
Overlapping networks—Scenario 4
10.1/16 10.1/16
S 10.111.3.18
1 S 10.1.3.18 D 10.222.2.200 S 10.111.3.18
D 10.222.2.200 D 10.1.2.200
S 10.1 10.111 D 10.222 10.1
10.1.2.200
10.1.3.18 R1 R2
Network1
Network2
D 10.1 10.111 S 10.222 10.1
S 10.222.2.200 S 10.1.2.200 2
D 10.1.3.18 S 10.222.2.200 D 10.111.3.18
D 10.111.3.18
As seen by Network2 : As seen by Network 1:
10.111/16 10.222/16
y
nl
Figure 11-11: Overlapping networks—Scenario 4
O
When two networks are merged, they may have overlapping IP subnets.
Se
Consequently, the two networks cannot be joined without causing IP address
conflicts. Rather than changing IP addressing, companies may want to use NAT
lU
translate IP addresses so that each network appears to be unique.
In the above figure, Network 1 and 2 have the same IP subnet 10.1.0.0/16. With
a
NAT, Network 1 can “see” Network 2 as a unique network (10.222/16), and
rn
Network 2 can “see” Network 1 as a unique network (10.111/16).
te
In the example above, node 10.1.3.18 in Network 1 tries to reach a server in
Network 2, which it sees the network as10.222.2.200. (The server is really
In
10.1.2.200 in its own network.) The server IP address may be provided by the DNS
P
response and translated by NAT if the DNS server is in Network 2. Or the server’s
address in Network 2 can already be assigned a “NATed” address in the local
H
DNS.
r
Fo
When a packet is routed by R1, source 10.1.3.18 is NATed to 10.111.3.18 and
forwarded to R2. When a packet is routed by R2, the destination 10.222.2.200 is
NATed to 10.1.2.200 and forwarded in Network 2.
Note that while you are applying NAT, you can start changing your IP addresses.
You can pick IP addresses in the range you use for NAT. This will make use of the
static routes you have to put in place for routing from Network 1’s real IP addresses
to Network 2’s NATed IP addresses and vice-versa.
For example, if you start changing IP addresses in Network 2, you can use some
subnets of 10.222/16 to start replacing the IP addresses of the node. These subnets
must not overlap with the pool you use on R2 to NAT addresses. They won’t be
NATed by R2 when routed, but they will be when entering R1. Or you can use a new
range of IPs for each side and then you must create new IP routes.
11 –16 Rev. 11.12
Network Address Translation
If each side has its own DNS server, NAT can also translate the DNS response when
sent to the other network.
For example, if a server account corp123.com with IP 10.1.1.100 is in Network 1,
when the DNS on Network 1 side responds to the DNS request coming from
Network 2, the IP address 10.1.1.100 will be translated by R1 to 10.111.1.100. So
server account corp123.com will appear to Network 2 with the IP address
10.111.1.100.
y
nl
O
Se
a lU
rn
te
In
P
r H
Fo
Rev. 11.12 11 –17
HP Networking Interoperability
Overlapping networks—Scenario
pp g 4a
10.1/16 translated into 10.11/16
10.1/16 10.1/16
S 10.222.4.77
S 10.222.4.77 D=10.111.1.100 S 10.1.4.77 2
D=10.1.1.100 D=10.111.1.100
D=10.1 10.111 S 10.222 10.1
10.1.1.100 R1 R2 10.1.4.77
Network1 Network2
S 10.1 10.111 D=10.222 10.1
1 S 10.1.1.100 S 10.111.1.100
D=10.222.4.77 S 10.111.1.100 D=10.1.4.77
D=10.222.4.77
y
As seen by Network2 : As seen by Network 1:
10.222/16
nl
10.111/16
10.1/16 translated into
10.222/16
O
Figure 11-12: Overlapping networks—Scenario 4a
Se
In the example above, node 10.1.4.77 in Network 2 tries to reach a server in
lU
Network 1, which it sees as 10.111.1.100 (the server is really 10.1.1.100 in its own
Network 1). The server’s IP address may be provided by the DNS response and
a
translated by NAT if the DNS server is in Network 2.
rn
When a packet is routed by R2, the source IP 10.1.4.77 is NATed to 10.222.4.77
te
and forwarded to R1. When a packet is routed by R1, the destination 10.111.1.100 is
NATed to 10.1.1.100 and forwarded in Network 1.
In
P
r H
Fo
11 –18 Rev. 11.12
Network Address Translation
Overlapping networks—Scenario 4b
As seen by Network 1:
10.1/16 10.222/16
R1 R2
Network1 Network2 1
As seen by Network2 : 10.1/16
10.111/16
Gig 1/0/1 Gig 1/0/2 Int vlan 100 Int vlan 200
10.1.1.254 10.3.1.1/24 10.3.1.2/24 10.1.1.2
IP Network Next Hop Type IP Network Next Hop Type
10.1.1.0/24 0.0.0.0 C 10.1.1.0/24 0.0.0.0 C
10.1.3.0/24 0.0.0.0 C 10.1.3.0/24 0.0.0.0 C
10.1.0.0/16 10.1.1.253 S 10.1.0.0/16 10.1.1.1 S
10.222.0.0/16 10.3.1.2 S 10.111.0.0/16 10.3.1.1 S
Static route to the network as seen when NATed, is required
y
nl
R1-Cisco(config)#ip route 10.222.0.0 255.255.0.0 10.3.1.2
O
R2-HP(config)#ip route-static 10.111.0.0 255.255.0.0 10.3.1.1
Figure 11-13: Overlapping networks—Scenario 4b
Se
For Network1 to send a packet to Network 2, R1 needs to have a route to
lU
10.222/16, which is the IP subnet of Network 2 as it seen by Network1.
Symmetrically, R2 needs to have a route to 10.111/16, which is the IP subnet of
a
Network1 as it seen by Network2.
rn
te
In
P
r H
Fo
Rev. 11.12 11 –19
HP Networking Interoperability
Overlapping networks—Scenario 4c
As seen by Network 1:
10.1/16 10.222/16
R1 R2
Network 1 Network 2 1
As seen by Network 2 : 10.1/16
10.111/16 Gig 1/1 Gig 1/2 Gig 1/2
10.1.1.254 10.3.1.1 10.3.1.2
interface gigabitethernet 1/1
R1=Cisco
ip address 10.1.1.254 255.255.255.0
ip nat inside
interface gigabitethernet 1/2
ip address 10.3.1.1 255.255.255.0
ip nat outside
ip route 10.222.0.0 255.255.0.0 10.3.1.2
y
nl
ip nat inside source static network 10.1.0.0 10.111.0.0 /16
ip nat outside source static network 10.1.0.0 10.111.0.0 /16
O
Figure 11-14: Overlapping networks—Scenario 4c
Se
This slide shows the configuration of R1 in the example network.
On Cisco devices, the command ip nat inside source static network 10.1.0.0
lU
10.111.0.0 /16 translates all source addresses on the inside interface 10.1 into 10.111,
keeping the node part instead of selecting IP addresses from a pool.
a
rn
The command ip nat outside source static network 10.1.0.0 10.111.0.0 /16 translates
all source addresses embedded in the DNS entry coming from outside (for example
te
from Network 2) into the inside.
In
Let’s say Network1 has a domain name of corp1.com, and Network 2’s domain
name is corp2.com. Each side has its own DNS server. You will have to configure the
P
DNS server in Network1so that the corp2.com domain is translated by the DNS
H
server in Network 2. The IP address you will have to provide will be the NATed
address of the DNS server in Network 1. In other words, if the real IP of the DNS
r
Fo
server in Network2 is 10.1.1.100, you will have to configure it as 10.222.1.100 in
DNS Network1.
You will reverse the operation for Network 2; on the DNS server, configure
corp1.com to be translated as such: Real IP = 10.1.1.222, NATed = 10.111.1.222.
11 –20 Rev. 11.12
Network Address Translation
The configuration of R2 is shown below.
interface gigabit 1/1
ip address 10.1.10.254 255.255.255.0
ip nat inside
interface gigabit 1/2
ip address 10.3.1.2 255.255.255.0
ip nat outside
ip route 10.111.0.0 255.255.0.0 10.3.1.1
y
ip nat inside source static network 10.1.0.0 10.222.0.0 /16
nl
ip nat outside source static network 10.1.0.0 10.222.0.0 /16
O
Se
a lU
rn
te
In
P
r H
Fo
Rev. 11.12 11 –21
HP Networking Interoperability
Overlapping networks—Scenario
g 4d
As seen by Network 1:
10.1/16 10.222/16
R1 R2
Network1 Network2 1
As seen by Network2 : 10.1/16
10.111/16
Int vlan 100 Int vlan 200 Int vlan 100
Int vlan 200
10.1.1.254 10.3.1.1 10.1.10.254
10.3.1.2
interface vlan-interface 100
ip address 10.1.1.254 24 R1= HP A -Series
interface vlan-interface 200
ip address 10.3.1.1 30
nat outbound 2001 address-group 1 no-pat
ip route-static 10.222.0.0 16 10.3.1.2
acl number 2001
y
rule permit source 10.1.0.0 0.0.255.255
nl
rule deny
nat address-group 1 10.111.0.1 10.111.254.254
O
Figure 11-15: Overlapping networks—Scenario 4d
This figure shows the configuration for R1.
Se
lU
For this scenario, you implement source NAT for all traffic selected by an ACL, which
specifies the private IP addresses that overlap between Network 1 and Network 2
a
(10.1/16). R1 translates each selected source address to one of the IP addresses in
rn
address group 1. These are a range of Network 1 IP addresses as seen by Network
te
2 (10.111.0.1 to 10.111.254.254). As usual, R1 automatically performs the proper
translation on return traffic to forward the return traffic to the correct Network 1
In
device.
P
You must configure R2 in a similar manner. The configuration is:
H
interface vlan-interface 100
r
ip address 10.1.10.254 24
Fo
interface vlan-interface 200
ip address 10.3.1.2 30
nat outbound static
ip route-static 10.21.0.0 16 10.3.1.1
nat static net-to-net 10.1.0.1 10.1.255.254 global 10.21.0.0 16
Alternative configuration with dynamic NAT
You can implement a similar configuration for the same scenario, in which, instead of
each device having a different NAT IP address, all devices share a NAT address. You
learned the commands for configuring dynamic NAT in this way earlier in this
module.
11 –22 Rev. 11.12
Network Address Translation
Module 11 summary
In this module, you have learned how to configure NAT for various practical
scenarios. Write down any thoughts you may have while your facilitator reviews the
content of this module.
_______________________________________________________________________
_______________________________________________________________________
_______________________________________________________________________
_______________________________________________________________________
y
nl
_______________________________________________________________________
O
Se
_______________________________________________________________________
lU
_______________________________________________________________________
a
rn
_______________________________________________________________________
te
_______________________________________________________________________
In
P
_______________________________________________________________________
H
_______________________________________________________________________
r
Fo
_______________________________________________________________________
_______________________________________________________________________
_______________________________________________________________________
_______________________________________________________________________
_______________________________________________________________________
Rev. 11.12 11 –23
HP Networking Interoperability
Learning check
Q1: What is the difference between dynamic NAT and NAPT?
___________________________________________________________________
___________________________________________________________________
___________________________________________________________________
___________________________________________________________________
___________________________________________________________________
y
nl
O
___________________________________________________________________
Se
___________________________________________________________________
lU
___________________________________________________________________
a
rn
Q2: What is required to access (from the outside) an internal server set with a
private address?
te
___________________________________________________________________
In
P
___________________________________________________________________
r H
___________________________________________________________________
Fo
___________________________________________________________________
___________________________________________________________________
___________________________________________________________________
___________________________________________________________________
___________________________________________________________________
___________________________________________________________________
11 –24 Rev. 11.12
Network Address Translation
Q3: What is the benefit of such a configuration?
___________________________________________________________________
___________________________________________________________________
___________________________________________________________________
___________________________________________________________________
___________________________________________________________________
y
___________________________________________________________________
nl
O
___________________________________________________________________
Se
___________________________________________________________________
lU
Q4: In what situation would you use static NAT?
a
___________________________________________________________________
rn
te
___________________________________________________________________
In
___________________________________________________________________
P
H
___________________________________________________________________
r
Fo
___________________________________________________________________
___________________________________________________________________
___________________________________________________________________
___________________________________________________________________
___________________________________________________________________
___________________________________________________________________
Rev. 11.12 11 –25
HP Networking Interoperability
PAGE INTENTIONALLY LEFT BLANK
y
nl
O
Se
lU
a
rn
te
In
P
r H
Fo
11 –26 Rev. 11.12
Learning Check Answers
Appendix A
Module 2
Activity and discussion question answers
Management scenario 1
Q: What minimal switch parameters should you configure to allow discovery by
IMC?
A: The switch must be configured with:
y
System name, or hostname (all switches have a name by default)
nl
IP address, preferably dynamic
O
SNMP communities
Se
Although open Telnet access is not necessary for IMC to discover the device, it can
be helpful to enable Telnet access so that you can easily access and configure the
lU
switch.
a
Management scenario 1a—Cisco
rn
Q: When is a source-interface useful?
te
A: The source interface specifies the source for traps, which is useful when the switch,
In
typically a routing switch, has multiple IP interfaces. Such a switch could send traps
from a different source address from the one at which IMC discovered it, causing the
P
trap to be misidentified.
H
Management scenario 1b—HP A-Series
r
Fo
Q: What does user privilege level 3 mean?
A: On HP A-Series switch, the highest privilege level is level 3.
Management scenario 1c—HP E-Series
Q: Why not configure a read-only community?
A: A read-write community (configured as “manager unrestricted“ on HP E-Series) will
allow you to configure both a read-only and a read-write community.
Rev 11.12 A–1
Setting up a DHCP server on an HP A-Series switch
Q1: Why would you configure a DHCP server on an A-Series switch?
A1: Unix/Linux/Windows 2003 or 2008 servers can function as the network DHCP
server. If such a server is not available or if it is dedicated to end nodes, an HP A-
Series switch can provide dynamic addresses for network infrastructure devices.
Q2: Why would you use a DHCP server to assign IP address to your switches? You
usually configure static IP addresses on switches.
A2: To simplify the deployment of switches
Management scenario 2a—Cisco
Q: What commands do you use to access logging on the terminal?
A: In the terminal session:
y
nl
Cisco# terminal monitor
O
Management scenario 2a—Cisco (cont.)
Se
Q: How will admin123 login to the switch?
A: This user will use SSH to access the switch and will be prompted to enter:
lU
-Username
a
-Password
rn
This user will access the switch as a level 15 privilege user at the enable level. The
te
user does not need to enter a command to move to the enable level.
In
Q: What is the purpose of the no snmp trap link-status command?
A: Reduce number of traps sent linked with end node interface going up and down.
P
H
Most of the time this is a nonevent for the network administrator.
On the other end that may be a key event for uplinks or key services.
r
Fo
Management scenario 2b—HP A-Series
Q1: What does the ntp-service unicast-server command do?
A1: It configures the switch as an NTP client, which can reach the NTP server through
unicast 10.1.1.101in order to set the time automatically. Automatically setting the time
is very useful to time stamp all system events.
Q2: What does the clock summer-time command highlighted in this figure do?
A2: The clock summer-time repeating command set the system to annually adjust for
Daylight Saving Time.
Rev 11.12 A–2
Q3: What commands can you use to access logging on the terminal?
A3: In the terminal session at user view level:
<hp>terminal monitor
You can select what display is shown with:
<hp>terminal logging
Enabled by default
<hp>terminal debugging
Disabled by default
<hp>terminal trapping
Enabled by default
y
Management scenario 2b—HP A-Series (cont.)
nl
Q1: Is there any drawback to disabling Telnet?
O
A1: When troubleshooting or configuring the network, it is convenient to access one
Se
switch from another. If no SSH client exists on a switch’s platform (as with HP E-
Series), you cannot establish an SSH session between switches. (SSH is supported by
lU
the HP A-Series switches.)
Q2: Is the user privilege level 3 command required?
a
rn
A2: No. This command provides a default user privilege level for users connecting
via telnet. However the privilege for authenticated is the privilege level associated
te
with their user parameters. It overwrites the level define in user-interface. If not
In
defined, level defaults to 0.
Q3: What would you recommend instead of the user privilege level 3 command?
P
A3: No default privilege level.
H
Q4: What user characteristic is supported on HP A-Series switches but is not
r
Fo
available on Cisco?
A4: Service-type, which defines how users can communicate with the switch
Q5: What is the meaning of “cipher“ in “password cipher verysecret”?
A5: It means password will be encrypted during configuration
Management scenario 2c—HP E-Series
Q1: What command displays logging on the terminal?
A1: By default no logging message is displayed on terminal. You must enter:
Switch# debug destination session
Rev 11.12 A–3
Q2: What command displays the logging buffer?
A2: The following command displays the logging buffer:
show logging [-a, -r] [<search-text>]
By default, the show logging command displays the log messages recorded in
chronological order since the last reboot. You use the –a and –r options as follows:
The -a option displays all recorded log massages, including those before the last
reboot.
The -r option displays all recorded log messages, with the most recent entries
listed first.
The <search-text> option displays all event log entries that contain the specified
text.
y
You can use a <search-text> value with –a or –r to further filter your search.
nl
Management scenario 2c—HP E-Series (cont.)
O
Q: On what port do you want to disable snmp trap link up/down?
Se
A: Disable traps link up/down on ports that are not key such as access-layer ports
but leave the trap active for uplink ports.
lU
Learning check answers
a
rn
Q1: Describe an HP A-Series switch’s support for LLDP and CDP.
The switch supports both protocols, but neither is enabled by default. When you do
te
enable LLDP, it is enabled on all ports by default. CDP is intended for use with Cisco
In
IP phones. When used with a switch neighbor, the A-Series switch does not send
CDP frames. However, CDP transmits and receives frames when used with an IP
P
phone.
H
Q2: Which parameters does a switch require in order for IMC to discover it?
r
Fo
The switch requires:
A system name (which is set by default)
IP connectivity to the IMC (an IP address and sometimes a default gateway)
The correct SNMP read-only community (and the correct SNMP read-write
community for IMC to manage it)
Setting IMC as the trap server is optional and so is configuring Telnet access.
Rev 11.12 A–4
Q3: You want to force management users for your Cisco and HP A-Series switches to
log in to the CLI using SSH. What steps must you complete on each type of switch?
The steps are similar on both switches. You must generate a public/private keypair,
enable SSH, and specify SSH as the protocol for the virtual management interfaces
(VTY). You should also configure an authentication method for management access.
You could configure the management users to authenticate to a local list of users, as
you learned in this module, or you can have users enter a password or authenticate
to a RADIUS server. And you should also set the privilege level for the management
users (if they authenticate locally).
Module 3
Activity and discussion question answers
y
VLAN configuration on Cisco: Access and voice ports
nl
O
Q1: How do you list VLANs?
Se
A1: The command is show vlans.
Q2: How do you list trunk ports?
lU
A2: For a quick view on port status, enter show interface status. For a more detailed
a
view, enter show interface switchport.
rn
te
Q3: How do you list access ports?
In
A3: Enter show interface status.
P
Learning check answers
H
Q1: What is a major difference between trunk ports on Cisco and HP A-Series?
r
Fo
A1: On Cisco switches, all VLANs are allowed on trunk ports. On HP A-Series
switches, only VLAN 1 is enabled by default. On HP E-series switches, VLANs have
to be assigned one by one.
Q2: Can you remove VLAN 1 on trunk ports on HP switches?
A2: Unlike on Cisco switches, VLAN 1 only plays the role of default VLAN on HP
switches. If a port is not specifically assigned to a VLAN, it is assigned to VLAN 1.In
most cases it does not play a role in L2 protocols such as LLDP, STP, and LACP.
BPDUs for these protocols are sent anyway, as untagged frames, and are not
attached to any specific VLAN since their destination is a switch. If the switch is
disabled for the protocol, it will recognize the frames as untagged and will attach it
to the native VLAN or untagged on a trunk.
Q3: Can you assign a VLAN to an access port with GVRP or VTP?
A3: VTP and GVRP only dynamically assign VLANs to trunk ports.
Rev 11.12 A–5
Q4: Would you enable all VLANs on trunk ports in a mixed environment with HP
and Cisco switches?
A4: The main issue with assigning all VLANs on trunk ports is that it extends the
broadcast domain VLANs to the overall LAN. That will not be an issue if not all
VLANs are created on all switches; it happens in the case of dynamic learning with
VTP and GVRP. With static configuration, the learning can be better controlled and
then all VLANs can be permitted on trunk ports.
Module 4
Activity and discussion question answers
MSTP regions—Review 1
y
Q1: What MSTP parameters must be set consistently on all switches for them to be in
nl
the same MSTP region?
O
A1: The region name (case sensitive), the revision number, and the mapping between
instances and VLANs must match EXACTLY.
Se
Q2: What are the default MSTP parameters?
lU
A2: Region name: MAC address of the switch; revision number: 0; mapping of
instance to VLAN: all VLANs in instance 0.
a
Q3: Why would you want all switches to be in the same MSTP region?
rn
A3: The main reason for placing all switches in the same region is to get load
te
balancing on uplinks on a per-instance basis. If you are not worried about load-
In
balancing because you have enough network bandwidth, you might also put all
switches in the same region to keep the configuration consistent.
P
MSTP regions—Review 2
H
Q1: If there is a mistake in the switch’s MSTP configuration, what happens?
r
Fo
A1: When region parameters do not match between switches, each switch becomes
its own region, and they interoperate in the common spanning tree, which functions
like RSTP.
Q2: Besides mistakes in the region name or revision number, what conditions could
result in switches being in different regions?
A2: The following situations result in switches being in different regions:
When MSTP is enabled on a switch but MSTP parameters have not been
configured, the region name is by default the MAC address of the switch. This
can be a valid setup if the load balancing effect between instances is not
desired.
The VLAN mapping to instances do not match—a situation that occurs if VLANs
are added or deleted and have not been mapped to an instance in advance. A
best practice is to set the mapping in advance to avoid this situation.
Rev 11.12 A–6
Which BPDUs are used?—Review 3
Q1: Which Bridge Protocol Data Units (BPDUs) are used inside and outside the MSTP
region?
A1: The MSTP switches send these BPDUs:
Inside the MSTP region, switches send MSTP BPDUs.
Outside the MSTP region, the MSTP-capable switches also send MSTP BPDUs.
Switches that are capable only of RSTP or STP can interpret the first part of the
MSTP BPDUs, which is backward compatible with these protocols.
MSTP BPDUs—Review 4
Q1: Are MSTP BPDUs tagged?
A1: No, they are untagged. This is very different from PVST. Note that RSTP and STP
y
nl
BPDUs are also untagged.
O
Q2: Are MSTP BPDUs attached to a VLAN?
A2: Absolutely not. The MSTP BPDUs are non-VLAN specific, and an untagged VLAN
Se
may or may not exist on the link over which MSPT BPDUs are sent.
lU
Q3: On a trunk port, is it required to set an untagged VLAN for MSTP BPDUs?
A3: No. MSTP BPDUs, as well as RSTP and STP BPDUs, will be sent on the link
a
whether or not a native VLAN or untagged VLAN exist on the link.
rn
Q4: What is the destination MAC address of an MSTP BPDU?
te
A4: 01:80:c2:00:00:00 is a bridge MAC address. The switch is the destination for
In
that MAC address when MSTP is enabled.
P
Q5: Does each MSTP BPDU carry information about all instances?
H
A5: Yes. Switches outside of the MSTP region will only use the CIST parameters,
which are included in the STP/RSTP backward-compatible portion of the BPDU, but
r
Fo
the MSTP BPDU includes information about all instances.
Common spanning tree—Review 5
Q: Which MSTP parameters affect the spanning tree at the boundaries of the MSTP
region?
A: Switches within an MSTP region send the same MSTP BPDUs within and outside of
the region. However, MSTP switches in another region, as well as RSTP and STP (and
PVST+) switches, interpret only the first part of the MSTP BPDUs, which includes
parameters for the CST. These parameters are obtained from the MSTP region’s root
bridge in the IST.
Rev 11.12 A–7
What setup is required to enable load balancing—Review 6
Q1: What MSTP setup is required to enable load balancing?
A1: You must create a different topology for each instance to create a load-balancing
effect. The STP topology primarily depends on which switch acts as Root Bridge
within the instance and on port costs; therefore, you adjust these parameters for each
instance to create a load-balancing effect.
Q2: Does the MSTP topology depend on VLAN setup?
A2: No. The MSTP topology does not depend on the VLAN setup but solely on root
setup and link cost. Whether or not the VLAN exists on the port, a port role (root
port, alternate port or designated port) will be assigned to the port within an MSTP
instance. If VLANs of the given instance exist on that port, they will be blocked.
Mapping VLANs to MST instances—Review 7
y
nl
Q1: What happens to the MSTP configuration when VLANs are moved to an
O
instance?
Se
A1: By default all VLANs are assigned to instance 0 (the IST instance). When a
VLAN is assigned to an MST instance X, that VLAN is removed from instance 0.
lU
Is MSTP “aware” of the VLAN setup—Review 8
Q1: Is MSTP “aware” of the VLANs setup?
a
rn
A1: No. This is a key difference between Cisco PVST+ and MSTP. When creating the
spanning tree topology, MSTP is does consider which VLANs are supported on
te
which links. If a port must be blocked in instance X, then all VLANs in instance X that
In
exist on that port will be blocked.
P
Q2: If all link costs are equal in each instance, which ports are root ports?
H
A2: The root ports are ports that lead to the shortest path to the root bridge. If two
paths are the same, the port that leads to the switch with the higher priority (lower
r
Fo
value) is preferred. If two ports lead to the same switch, the tie is broken by the port
ID.
Q3: If all link costs are equal in each instance, which ports are alternate ports?
A3: The alternate ports are uplinks other than the root ports. Note that on edge
switches with more than two uplinks, only one port per-instance can be the alternate
port. The alternate port is then the second-best port in the selection process.
Rev 11.12 A–8
How do you set up VLANs on uplinks?
Q1: What are the pros and cons of setup 1and setup 2?
A1: In setup 1, all VLANs are permitted on all links.
Pros:
Easy setup
Reduces risk of configuration errors
No VLANs are forgotten in setup
Easy maintenance
Cons:
The setup extends the broadcast domain to all edge switches.
y
nl
There are some nuances to this point: if VLAN X is not created on a switch,
broadcasts in VLAN X will simply be dropped before being checked. In other words,
O
if VLANs are not defined on a switch, then this does not extend the VLAN to the
Se
switch trunk port.
Unlike PVST+, this setup does not create overhead on the CPU due to BPDUs
lU
because MSTP does not require one BPDU per VLAN or instance.
Conclusion: Setup of trunk with all permitted VLANs is simple and does not create
a
overhead.
rn
In Setup 2, only VLANs defined on the edge are permitted on the trunk.
te
Pros:
In
The broadcast domain is not extended to all edge switches.
P
Better control of VLANs.
H
Cons:
r
Fo
More complex setup
More risk of configuration errors
Q2: Which setup would you suggest?
A2: Setup 1 because it is much simpler to put in place and does not really extend
the VLAN domains.
MSTP instances and VLAN settings
Q1: If VLAN 100 is set in instance 1, will this link stay active (forwarding traffic on
both sides)?
A1: If VLAN 100 is part of instance 1, then the link will be blocked on one side in the
instance that contains VLAN 100.
Rev 11.12 A–9
Q2: How can you ensure that this link stays active?
There are several solutions:
Because VLAN 100 is on a unique link and does not create any loops, one idea
is to disable MSTP on that link only. However, this opens the risk that, if
someone later extends VLAN 100 to the rest of network or creates a trunk that
permits all VLANs, a loop will develop in VLAN 100. In other words, you can
disable MSTP only if you carefully control the VLANs permitted on each trunk.
Instead of disabling MSTP on the link, on HP A-Series switches, you can ignore
the STP results for the VLANs in which you are sure loops do not exist:
[HP-A] stp ignored vlan 100,200
Because the topology is instance based, you can create a dedicated instance to
VLAN 100 with both switches at the end of the link being the root and
secondary root.
y
nl
Pros of this solution:
O
Easy to setup
Se
Cons of this solution:
You must create this instance on all switches in the MSTP region, which
lU
is not scalable. If multiple links in the datacenter require this setup for
keepalives, it will require setup of many instances. In addition to being
a
inconvenient, there is also a capacity issue, as the number of instances
rn
is limited to 16 or 32, depending on the platform.
te
You can include this link in an existing instance, and then change the
In
cost to make sure the root port of the instance is on that link. Note that
all other VLANs of the instance should be defined on that link as well.
P
If instance 0 does not contain any of your “active VLANs,” you may
H
leave VLAN 100 on that link in instance 0 and change only the cost
setup for instance 0.
r
Fo
Why dedicate a link for keepalives? Why not make that VLAN
dedicated to keepalives part of the other uplinks and of an existing
instance? That would drastically simplify instance setup. A simpler and
safer solution is to remove that dedicated link.
MSTP setting—Activity
Q1: Is MSTP active on the links that carry routed traffic on VLANs 100 and 200?
A1: Yes, MSTP is active on all links once spanning tree is enabled (MSTP is the
default version for spanning tree). Those ports are boundary ports for both MSTP
regions.
Rev 11.12 A – 10
Q2: Which link is blocked? Why?
A2: Because each end of the links in VLAN 100 and VLAN 200 belongs to a
different region, the switches interoperate as if using RSTP. If the root switch of the
CST is the root in region 1, then the root port will be the port in region 2 on the
VLAN 100 link. The blocked port will be on the VLAN 200 link on the secondary
root of region 2. The decision about which link to block simply depends on the cost
of the path to the root switch.
Q3: How do you keep both links active?
A3: The simplest solution is to disable STP on both “routed links.” You could create
one unique MSTP region with separate dedicated instances for VLANs 100 and 200
and set a different root for each instance on either side of the link. However, this
design is rather more complicated than simply disabling STP.
y
Adding a new VLAN on a switch implementing MSTP
nl
Q1: What happens if you add VLAN 14 on switch D?
O
A1: Because VLAN 14 is already in an instance (instance 0, by default and in this
Se
example), no change will be made to the MSTP configuration, and it should not
affect the MSTP.
lU
In general, creating a VLAN does not modify the instances. It is adding or removing
a VLAN from an instance that modifies the parameters of the MSTP region,
a
potentially causing the switch to be removed from other switches’ MSTP region.
rn
Assigning a VLAN to an MST instance
te
Q1: What happens if you add VLAN 14 on switch D?
In
A1: The answer is the same as the answer on the previous slide; the MSTP topology
P
remains the same.
H
Q2: What happens when you define VLAN 14 on switch D in instance 2?
r
A1: The switch will be removed from the region that A, B and C belong to and will
Fo
be placed in its own region. Switch D will interact with the other switches in RSTP. To
put the switch back in the same region, you will have to update all the other switches.
Q3: What can you do to limit the MSTP region changes?
A3: A possible suggestion is leaving new VLANs in instance 0 until a scheduled
time. You can then move the VLANs to new instances on all switches at the same
time.
Rev 11.12 A – 11
Learning check answers
Q1: Is the MSTP region name case sensitive?
A1: Yes, it is.
Q2: Is MSTP aware of VLAN configuration? Explain your answer.
A2: No. MSTP BPDUs are sent untagged no matter what VLAN configuration is on
link. In addition, a link is blocked or not blocked simply based on the lowest path
cost to the instance root switch without regard to which VLANs are enabled on the
links.
Q3: Which parameters are applied outside of an MSTP region?
A3: The parameters applied in the CST are the parameters set in each region’s IST
instance/instance 0. The region’s bridge ID is the ID of the IST root bridge.
y
nl
Q4: Can a switch that implements STP be the root of the CST?
O
A4: Yes.
Q5: How should you configure VLANs on uplink ports?
Se
A5: There is no specific correct setup for uplinks. You can configure either all VLANs
lU
or only allowed VLANs; either configuration can work well. The choice has no
impact on the way MSTP operates. However, you need to be careful to specify
a
VLANs on all ports that might have to carry traffic in case a link fails and the
rn
topology changes.
In addition, you should remember that Cisco uplink ports must be trunk ports and not
te
access ports.
In
Q6: Does a Cisco switch implementing PVST+ interoperate with a switch
P
implementing MSTP? If so, how?
H
A6: Yes they do interoperate. Cisco switches send standard untagged RSTP BPDUs
on access ports or on trunks that allow VLAN 1. The HP switch implementing MSTP
r
Fo
send MSTP BPDUs, which are compatible with RSTP.
Module 5
Activity and discussion question answers
Cisco PVST+: Which BPDUs are sent on access ports?
Q1: Which setup would you recommend for Voice over IP (VoIP) ports?
A1: Because VoIP ports do not send BPDUs, you might need to protect against loops
in case a standard switch is connected to such a port. You can either define the port
as a trunk instead of a VoIP port, or you can define it as a VoIP port and set BPDU
guard on it.
Rev 11.12 A – 12
Spanning tree BPDUs—Quiz 1
Q1-a: For Cisco Switch 1, what types of BPDUs are sent? (Choose from STP, RSTP,
MSTP, PVST+, Rapid PVST)
A1-a: VLAN 1 sends out STP BPDUs. VLANs 10, 20 and 30 send out PVSTP BPDUs.
Q1-b: For Cisco Switch 1, what MAC address is used, standard, or Cisco?
A1-b: VLAN 1 uses a standard MAC address (01:80:c2:00:00:00). VLANs 10, 20
and 30 use a Cisco MAC address (01:00:0c:cc:cc:cd).
Q1-c: Are the BPDUs that Cisco Switch 1 sends out tagged or untagged?
A1-c: VLAN 1 frames are untagged, as all are standard STP frames. Frames are
tagged in VLAN 10.
Q2-a: For Cisco Switch 2, what types of BPDUs are sent? (Choose from STP, RSTP,
y
MSTP, PVST+, Rapid PVST)
nl
A2-a: VLAN 10 sends out PVST+ BPDUs. VLANs 20 and 30 send out PVSTP BPDUs.
O
Q2-b: For Cisco Switch 2, what MAC address is used, standard, or Cisco?
Se
A2-b: All VLANs use a Cisco MAC address (01:00:0c:cc:cc:cd).
lU
Q2-c: Are the BPDUs that Cisco Switch 2 sends out tagged or untagged?
A2-c: VLAN 10 frames are untagged. VLAN 20 frames are tagged.
a
rn
Spanning tree BPDUs—Quiz 2
te
Q1: For each BPDU in Figure 6-7, specify whether each switch will inspect, drop, or
forward a received BPDU of that type.
In
BPDU A:
P
Cisco switch 1 inspects BPDU A and sends the same type of BPDU.
H
Cisco switch 2 inspects BPDU A and falls back to sending PVST+ BPDU.
r
Fo
HP switch 3 forwards BPDU A without inspecting it because the BPDU does
not have a MAC address that the switch recognizes for STP BPDU. For its
part, the switch sends untagged MSTP BPDUs.
HP switch 4 forwards BPDU A without inspecting it because the BPDU does
not have a MAC address that the switch recognizes for STP BPDU. For its
part, the switch sends untagged RSTP BPDUs.
Rev 11.12 A – 13
BPDU B:
Cisco switch 1 inspects BPDU B and sends a PVST+ BPDU, forcing the other
side to fall back to this type.
Cisco switch 2 inspects BPDU B and sends the same type of BPDU.
HP switch 3 forwards BPDU B without inspecting it because the BPDU does
not have a MAC address that the switch recognizes for STP BPDU. For its
part, the switch sends untagged MSTP BPDUs.
HP switch 4 forwards BPDU B without inspecting it because the BPDU does
not have a MAC address that the switch recognizes for STP BPDU. For its
part, the switch sends untagged RSTP BPDUs.
BPDU C:
y
Cisco switch 1 drops BPDU C because VLAN 1 is not allowed on this port.
nl
This switch does not send standard STP BPDUs either.
O
Cisco switch 2 inspects BPDU C because VLAN 1 is allowed on this port.
For its part, it sends untagged RSTP BPDUs.
Se
HP switch 3 inspects BPDU C and sends an MSTP BPDU, which is backward
lU
compatible with STP.
HP switch 4 inspects BPDU C and sends an RSTP BPDU, which is backward
a
compatible with STP.
rn
BPDU D:
te
Cisco switch 1 drops BPDU D because VLAN 1 is not allowed on this port.
In
This switch does not send standard RSTP BPDUs either.
P
Cisco switch 2 inspects BPDU D because VLAN 1 is allowed on this port. It
also sends untagged RSTP BPDUs.
H
HP switch 3 inspects BPDU D and sends an MSTP BPDU, which is backward
r
Fo
compatible with RSTP.
HP switch 4 inspects BPDU D and sends an RSTP BPDU.
BPDU E:
Cisco switch 1 drops BPDU E because VLAN 1 is not allowed on this port.
This switch does not send any standard STP/RSTP/MSTP BPDUs.
Cisco switch 2 inspects BPDU E because VLAN 1 is allowed on this port (it
inspects only the CIST parameters included in the RSTP backward-
compatible portion of the BPDU). For its part, it sends untagged RSTP
BPDUs.
HP switch 3 inspects BPDU E and sends an MSTP BPDU.
HP switch 4 inspects BPDU E (only the CIST parameters) and sends an RSTP
BPDU.
Rev 11.12 A – 14
What BPDUs are sent and interpreted?
Q1: What BPDUs are sent by the Cisco switch and by the HP switch?
A1: The Cisco switch sends tagged Rapid PVST+ BPDUs in VLANs 11, 12, and 13,
and standard RSTP BPDUs in VLAN 1. The HP switch sends an MSTP BPDU, which
the Cisco switch interprets like an RSTP BPDU.
Q2: What is the effect of an RSTP BPDU being sent to HP C?
A2: The HP and Cisco switch can establish a spanning tree as if using RSTP. Because
Cisco A is the root in VLAN 1, the root port will be uplink 1 and the alternate port
will be uplink 2.
Q3: Are the PVST+ BPDUs transmitted by HP C?
A3: Yes, they will be forwarded on all ports as the MAC address is multicast.
y
However, as uplink 2 is blocked, they will not be forwarded on that port. Cisco B will
nl
not receive any PVST BPDUs on that port.
O
PVST+ quiz
Se
Q1: What is the cost of a gigabit link in PVST+?
A1: The cost is 4 for a Gigabit link, 19 for Fast Ethernet, and 2 for10 Gig. Note that
lU
the costs are the same in Rapid PVST+. To be aligned with standard RSTP and MSTP
(Gig: 20 000), you must use the spanning-tree pathcost method long command.
a
rn
Q2: Why does Cisco recommend not allowing all VLANs on a trunk port when
running PVST+?
te
A2: If trunks are configured with all VLANs permitted, then PVST is going to run as
In
many STP instances as there are VLANs created on the switch, even if that switch
does not contain any edge ports in that VLAN. Cisco recommends only allowing
P
VLANs that exist on the switch onto the trunk in order to reduce the CPU overhead
H
due to BPDU per VLAN. Note that in MSTP this overhead does not exist.
r
Q3: Does Rapid PVST+ implement the “uplinkfast,” or “backbonefast,” Cisco’s fast
Fo
STP feature?
A3: No, Rapid PVST+ implements the fast convergent and imbedded mechanisms of
RSTP.
Considering STP port cost differences
Q1: The picture shows the desired topology. Is the actual topology the desired one?
A1: The root path cost for HP C is 20 000 on uplink 1 and 20 004 on uplink 2.
Therefore, the root port is uplink 1, and the alternate port is uplink 2.
The actual topology is the one that is shown.
Rev 11.12 A – 15
Q2: Does setting the path cost method on the Cisco switches to long change the
topology?
A2: When you configure this option on the Cisco switches, all costs in this scenario
are now 20 000.
The root path cost for HP C will be 20 000 on uplink 1 and 20 000 + 20
000= 40 000 on uplink 2.
Therefore, the root port is uplink 1, and the alternate port is uplink 2.
The topology is the same as in the previous case.
Considering STP port cost differences (cont.)
Q1: Identify the root port and blocked ports for switches B, C, and D.
A1-a: The root ports are:
y
nl
Switch Cisco B: The root port in VLAN 1 is A (shortest root path cost).
O
Switch Cisco C: The root port in VLAN 1 is D (shortest root path cost).
Se
Switch Cisco B: The root port in VLAN 1 is F (shortest root path cost).
A1-b: The blocked ports are:
lU
Switch Cisco B: The blocked port in VLAN 1 is B.
a
Why? Because the root path cost of Cisco B is higher than the root
rn
path cost of Cisco C, Cisco B blocks its port.
te
Switch Cisco C: There is no alternate port as Cisco C is closer to the root
than Cisco B.
In
Switch HP D: The blocked port in VLAN 1 is G.
P
Q2: What do you conclude?
H
A2: If the Cisco aggregation switches use the long option for path cost calculation
r
method, and if the Cisco edge switches do not support this method (because of an
Fo
old firmware version, for example), the secondary root switch, rather that the access
layer switch, might have the alternate (blocked) port. Cisco uplinkfast requires that
the root port and alternate ports be on the access switch, so this feature would not
work when access layer switches did not support the long path-cost calculation
method.
Cisco and HP scenario 1: HP A-Series switch configuration
Q1: Is the MSTP region configuration required?
A1: No, because the Cisco switches will not read these settings in the BPDU that they
exchange with the HP switches. The switches will interoperate in VLAN 1 as if using
RSTP.
Rev 11.12 A – 16
Q2: Under what circumstances, would you configure the MSTP region settings?
A2: If you plan to convert Cisco switches to MSTP later, it makes sense to enter the
right configuration on the HP switches now.
Cisco and HP scenario 1: HP E-Series switch configuration
Q1: With these configurations, what is the region name?
A1: When not specified, the region name is set to the switch’s MAC address by
default. Again, setting the same MSTP region parameters for all access layer switches
makes sense if the Cisco switches will also be migrated to MSTP in the near future.
PVST+/STP interoperability—Scenario 2
Q1: Does traffic from Cisco C experience the PVST+ load balancing effect on uplinks
to the aggregation layer?
y
nl
A1: Yes. Cisco C’s root port is different for different VLANs, so it forwards traffic over
different links in those VLANs.
O
Q2: Does traffic from HP Switch D experience this effect?
Se
A2: With the configuration left as it is, the HP switch’s traffic does not experience the
load balancing effect. The blocked port blocks traffic in all ports, so one link carries
lU
all traffic.
a
The drawback of this setup is the added burden on the link between Cisco A and
rn
Cisco B. In order for VLAN 12 and 13 traffic to reach the default gateway that
resides on Cisco B, the traffic has to cross the link between Cisco A and B.
te
Q3: Can you obtain load balancing for HP D?
In
A3: Yes. (The rest of the scenario taught you how; see the next questions and
P
answers.)
H
What setup is required in VLAN 1?
r
Q1: On Cisco B, what can you do to block port gig1/1?
Fo
A1: Increase the cost of PO1 in VLAN 1 on Cisco B to be greater than the root path
cost of HP C. Then, if the root path cost of HP C is 20000, for example, choose 30
000 on PO1 on Cisco B in VLAN 1. Note that it is a per VLAN cost setup. If you do
not specify the spanning-tree pathcost method long command, the default cost would
be 4 and you would increase the value to 5.
The pro of this solution is in setting this cost once, which will work for all HP
edge switches.
The con is if there are Cisco switches at the edge, it is also going to move the
blocked port in VLAN 1 to the secondary root switch, which prevents uplinkfast
from working. See the discussion 2 slides from here for more detail.
Rev 11.12 A – 17
Q2: What can you do on HP C to get the same result?
A2: Simply change the path cost of uplink 47 to make HP C have a lower cost path
to the root than Cisco B. For example, change the uplink cost value to 3 or 10 000,
which is lower than the root path cost of Cisco B, which is either 4 or 20 000
(depending on which path cost method the Cisco switch is using).
The pro of this solution is that you do not change the path cast on the secondary
root, which ensures the correct topology for any Cisco switches at the access
layer.
The con is the setup has to be done on all HP switches in the edge.
PVST+ view in other VLANs
Q1: On Cisco B, what is the root port in VLANs 11 and13 if the cost is 20000?
y
A1: Gig 1/1 and po1 will have a root path cost of 20000. If there are more HP
nl
switches on the edge with an equivalent setup, there will be even more ports. In that
O
case, the port with the lower neighbor port ID will “win.” It could be Gig 1/1. This
would not be a good situation as po1 would be blocked in those VLANs. With as
Se
much traffic that has to flow between Cisco A and Cisco B, this is not a desired
result.
lU
Q2: How do you ensure that po1 is selected the root port?
a
A2: By decreasing the cost of po1 to a value lower than the root path cost of uplink
rn
to the access switches (the cost of Gig1/1). If you specify the spanning-tree pathcost
method long command, you would have to set the cost of po1 to10000, as the cost
te
of Gig1/1 would be 20000. If you did not enter this command, you would set the
In
cost of po1 to 3 since the cost of Gig1/1 would be 4.
Cisco and HP scenario 2: Cisco switch configurations
P
H
Q1: What is the setup for HP C?
A1: You could configure HP C in the simplest way possible, simply enabling
r
Fo
spanning tree and defining the edge ports. The setup would be the same as that in
scenario 1.
What about other Cisco switches in the access layer?
Q1: If Cisco C implements PVST+ uplinkfast, what is the drawback of the setup
illustrated in the slide?
A1: When you change the cost of the link between the Cisco aggregation switches,
the alternate port moves to the secondary root switch not only for the HP switches but
also for the Cisco access layer switches. This change prevents uplinkfast from
working because this feature requires the access layer switches to have the alternate
port.
Rev 11.12 A – 18
Q2: What setup do you suggest to resolve this issue?
A2: Change the port cost on the HP access switch rather than on the Cisco
aggregation switch.
Q3: If Cisco C implements Rapid PVST+, do the setup requirements change?
A3: When Cisco D implements Rapid PVST+, it has fast convergence without the
need for uplinkfast. Therefore, having the alternate port on the secondary root switch
has fewer consequences. You could choose to change the port cost on the Cisco
aggregation switch instead of the HP access switches.
What is the purpose of load balancing?
Q1: Name some good reasons to set up load balancing.
A1: Load balancing can provide better use of uplinks.
y
You can load balance the routing function between aggregation switches.
nl
O
The customer might want you to implement load balancing.
Cisco emphasizes load balancing as a good use of uplinks in their training.
Se
Q2: What might be some reasons to not set up load balancing?
lU
A2: Load balancing can be more complicated to set up.
Load balancing can lead to asymmetric routing situations, which can cause
a
excessive flooding of unicast traffic.
rn
On small networks, this issue is quite minor. On large networks,
te
however, it can cause major problems.
In
You can resolve this problem by raising the MAC address timeout
values to match the ARP timeout (for example, set both to one hour).
P
H
Load balancing routing might slow network traffic because more traffic
needs to traverse the link between the core devices, which adds hops. In
r
addition, load balancing increases the number of ARP requests for each
Fo
conversation.
Instead of always deciding to use load balancing, you should carefully consider
whether load balancing is required.
Most customers find a psychological appeal in load balancing, but the
benefits are not always worth the added complexity.
Because both switches are in use instead of being one active and one
standing by, customers feel that they are maximizing their resources.
However, load balancing is only truly required if you cannot obtain the
necessary bandwidth or performance from one switch.
Rev 11.12 A – 19
Load balancing is also perceived as a “safe” thing to do. Customers
often believe that even if they do not fully use the resources of one
switch, load balancing traffic cannot cause any harm. But this is not
always true, as indicated above; you should think through why load
balancing would be better in this particular environment.
However, if customers have been educated one way, it might not be easy to
change their minds.
You might need to give them some proof. For example, demonstrate
how much of the uplink bandwidth is used. End nodes typically use less
than 10 percent of Gigabit bandwidth. In data centers, however, end
nodes would often use more.
HP at the aggregation layer—Scenario 3
y
Q1: How would you manage the redundant connections in this scenario?
nl
A1: IRF provides an easy way to integrate Cisco access switches without requiring
O
STP between Cisco and HP switches. Link aggregation –static or LACP based- can be
implemented.
Se
Q2: What are your recommendations for setting up IRF?
lU
A2: Recommendations include:
a
Add a second 10 Gigabit link for IRF redundancy and to avoid splitting the
rn
stack, which would create a loop.
te
Enable IRF Mode, define the IRF member number (1 and 2 here) and the roles of
master and slave (by means of IRF priority), and set the IRF ports.
In
Implement MAD in case of a split.
P
Set link aggregation from Cisco access switches to the two HP switches that are
H
members of the IRF.
r
To avoid a local loop, STP can be enabled locally. In addition, on Cisco
Fo
switches, loop guard can be enabled on edge ports.
HP at the aggregation layer—Scenario 3: MSTP and PVST+
Q1: Which BPDUs are sent and received by Cisco switches in VLAN 1?
A1: As Rapid PVST+ is enabled, Cisco switches send standard RSTP BPDUs in
VLAN 1.
Q2: Which BPDUs are sent and received by the HP switches?
A2: The HP switches exchange MSTP BPDUs between them. They send MSTP BPDUs
to the Cisco switches, which interpret these BPDUs like RSTP BPDUs, reading the CIST
parameters. For example, these parameters indicate the ID of the root bridge in the
MSTP IST, which is used in the election of the CST root.
Rev 11.12 A – 20
Q3: If HP A and B are root and secondary root in the CST, what are the root port
and alternate ports in VLAN1 on Cisco switches?
A3: The root ports are the ports that connect to the HP A, which is the root in the IST.
Assuming that the links have equal bandwidth, each link has the same path cost
(because the Cisco switches are using the long option for path cost method).
Therefore, the path to the neighbor with the higher priority, in this case HP B for each
Cisco switch, is preferred. Thus the Cisco switches block their ports that connect to
HP B.
Q4: What happens if the long path cost method is not enabled?
A4: If the Cisco switches do not use the long path cost method, their ports have a
lower path cost than the HP B switch ports. Therefore, the HP B switch would block
the ports that connect to the Cisco switches rather than the opposite.
y
HP at the aggregation layer—Scenario 3: With MSTP and PVST+
nl
Q1: Which BPDUs are sent and received by Cisco switches in other VLANs?
O
A1: The Cisco switches send PVST BPDUs that are tagged for those VLANs.
Se
Q2: How do the HP switches handle the PVST BPDUs?
lU
A2: HP switches forward the tagged PVST BPDUs like any other frame without
processing them. From the point of view of PVST+, the HP switches do not exist. They
a
are seen as a hub.
rn
Q3 Having exchanged these BPDUs, what topology do the switches create? Assume
that the Cisco switches are using their default priorities and that Cisco C has the
te
lowest MAC address.
In
A3: The Cisco switches that implement PVST elect one root per-VLAN (besides VLAN
P
1, in which, as determined in the previous slide, the HP switch was elected root). The
switch with the lowest bridge ID in each VLAN is elected.
H
Often, as in this example, the access layer switches use the default priority. Therefore,
r
Fo
the switch with the lowest MAC address is the root for all VLANs besides VLAN 1 in
PVST+.
Because, as far as PVST+ is concerned, the Cisco switches connect as if through a
hub, the topology is slightly unusual:
Cisco C, the root bridge, has only one designated port, which is the port with
the lower ID. The other port is a backup port, which is blocked. Typically, all
ports on the root bridge are designated.
On the other switches, one port is the root port (the one that connects to Cisco C
with the lowest ID). The other port is blocked. (This behavior is more usual.)
Rev 11.12 A – 21
Learning check answers
Q1: When does PVST+ interoperate with standard STP? And with RSTP? And with
MSTP?
A1: PVST+ interoperates on access ports because these ports send standard STP
BPDUs—except if a voice VLAN is activated. On trunks, it interoperates if VLAN 1 is
allowed on the trunk. PVST+ also interoperates with switches in RSTP or MSTP,
because those protocols are backward compatible with STP.
Q2: Does an HP switch “understand” tagged PVST+ BPDUs? If not, does it drop them
or forward them?
A2: No, an HP switch does not understand Cisco tagged PVST BPDUs. An HP switch
will not be the destination of the Cisco multicast MAC address. The HP switch
forwards tagged PVST BPDUs.
y
nl
Q3: What is the default cost value in PVST+ and Rapid-PVST+ for a Gigabit port?
O
A3: 4. If path cost method long is enabled then value is 20 000.
Q4: What STP protocol is a proprietary Cisco protocol based on 802.1w
Se
mechanisms?
lU
A4: Rapid-PVST+.
Module 6
a
rn
Activity and discussion question answers
te
Reminder: With IRF STP is unnecessary
In
Q1: What are the key advantages of using IRF for redundancy?
P
A1: There is no need to implement STP. Logically, this solution looks like a single
H
star topology.
r
Fo
IRF is easy to configure, easy to manage, and easy to maintain.
IRF makes the switches in the stack look like one virtual switch.
IRF interoperates well with most managed switches: link aggregation to IRF can
be static or LACP based.
Q2: Why would you enable STP in an IRF architecture?
A2: IRF typically creates an architecture without loops because links to different
switches within the IRF are treated as aggregated links. However, if someone
accidently connects cables to the wrong ports, it is possible for loops to emerge.
Therefore, you might want to implement STP with the IRF architecture.
Rev 11.12 A – 22
Q3: What STP setup would you recommend?
A3: STP can be enabled globally. In addition, you should always define a root
bridge. If you have an IRF stack, it should be the root bridge.
You may choose to disable STP on uplinks. You can enable loop guard or loop
protection on the edge ports of switches that support this feature (Cisco or HP E-
Series). Loop guard provides additional protection in case a poorly configured
device does not forward the BPDUs and, therefore, fails to recognize loops.
What happens when STP is disabled on the HP edge switch
Q1: What happens to BPDUs sent by Cisco switches?
A1: When STP is disabled on an HP switch, it will forward standard BPDUs and
PVST+ BPDUs. The HP switch is no longer the destination for the multicast MAC
address 01:80:c2:00:00:00, and it has never been destination for the Cisco MAC
y
nl
address, so all BPDUs are forwarded. Everything looks as if the two aggregation
switches were connected directly together by a simple link. HP switches are
O
“transparent.” Loops between switches are solved by running PVST+ on Cisco
switches. While disabling STP on a device is unconventional, it may work perfectly
Se
when you integrate HP switches into an existing Cisco network.
lU
Q2: What is the resulting topology?
A2: Cisco A and Cisco B send and receive BPDUs from each other. It is like two
a
switches connected together by multiple links. In this specific topology, one link is up
rn
(the designated port on the root side and the root port on the other side).Other links
te
are designated on one side and blocked on the other side.
In
Note that the link between Cisco A and B is active only if:
It has shortest path cost. This is not true if all link s are the same. If the link is a
P
port-channel, the Cisco IOS defines cost value as:
H
3 or 10000 for two GbE links (4 or 20000 for a 1 GbE link)
r
Fo
1 or 1000 for two 10 GbE links (2 or 2000 for one 10 GbE link)
All port costs are equal, if the link is in front of the port with the lowest port ID.
Configuring the HP switch to disable STP
Q1: How should you configure HP C?
A1: Disable STP and enable loop protection on edge switches.
Monitor link on HP A-Series switches
Q1: In this architecture, is there a loop? Why or why not?
A1: In this configuration, servers are connected to two switches. The two switches
are not connected together. Each server switch is connected with a single link to the
upstream switch. Overall, this does not create a loop because servers don’t bridge
the traffic.
Rev 11.12 A – 23
Q2: What will happen if an uplink fails?
A2: If an uplink fails, the server cannot sense it. Server traffic will then be lost.
Q3: When might it be appropriate to use this architecture?
A3: The advantage of such a configuration is the ability to connect servers
redundantly to an existing network without the need to enable spanning-tree.
Whenever you don’t want to interact with the customer’s configuration, this design
can fit very well.
Learning check answers
Q1: With STP disabled on an HP switch:
Q1a: Does it forward or drop standard STP BPDUs?
A1a: The switch forwards all BPDUs.
y
nl
Q1b: Can you load balance traffic?
O
A1b: Yes, load balancing is provided by PVST+ or MSTP on aggregation switches.
Se
Q1c: What can occur if STP is disabled at the edge?
A1c: Local loops. With HP E-Series switch, you can enable loop-protection to prevent
lU
local loops.
Q2a: What is required to enable the smart link feature?
a
rn
A2a: An edge switch connected to an upstream network with two uplinks. STP must
be disabled on the two uplinks.
te
Q2b: What do you enable to get load balancing with smart link?
In
A2b: You create MSTP instances, create two smart link groups, and associate each
P
group with an MSTP instance.
H
Module 7
r
Fo
Learning check answers
Q1: What feature(s) prevent loops that can occur on edge ports?
A1: Loop protection (or loop protect) on HP E-Series devices.
Q2: Are UDLD on Cisco and DLDP on HP-A series switches interoperable?
A2: No.
Rev 11.12 A – 24
Q3: Would you set root guard on edge ports?
A3: You can, but this feature is redundant when BPDU guard is enabled. In addition,
on HP A-Series switches, root guard cannot be implemented on edge ports. The last
feature enabled takes effect. You should usually choose defining edge ports as edge
ports, which can be protected by BPDU guard, in preference to enabling root guard
on them.
It is usually recommended to configure root guard on the ports of aggregation
switches that lead to edge switches.
Q4: Would you set BPDU filter on edge ports?
A4: You can. This feature filters any BPDUs on the edge port, which would block
BPDU attacks on the edge. BPDU filter also prevents another switch being inserted
into the network and pretending to be the root. However, BPDU filter does not stop
y
the switch –sending BPDU from connecting like BPDU guard but only filters the BPDU.
nl
Q5: Would you set BPDU guard on uplinks?
O
A5: No, as this is where you would want your switch to interact with others to form
Se
the STP.
Q6: What prevents loop in case of unidirectional links?
lU
A6: Loop guard or UDLD. If you cannot configure UDLD (perhaps because you are
connecting two different platforms), then you can configure loop guard on an edge
a
switch. With loop guard, when the switch does not receive BPDUs from an upstream
rn
switch on its root or alternate port, the switch recognizes the abnormal situation and
te
disables one port, leaving the other one in forwarding state.
In
Module 8
P
Activity and discussion question answers
H
IRF, Link aggregation and interoperability: IRF in the distribution level
r
Fo
Q1: Would you enable STP?
A1: The overall design with IRF does not require STP. However, the IRF design does
not prevent local loops due to incorrect cabling. Enabling MSTP as well as hardening
STP on the edge with BDPU guard may prevent accidental loops at the edge.
To keep STP functionality at the edge and to avoid compatibility issues due to a
different form of STP (such as Cisco PVST or MSTP) being used, you can filter BPDUs
with BPDU filter or by disabling STP per port.
In the scenario, IRF is set in the aggregation, or distribution, layer. Although IRF can
be placed at all levels, in the distribution layer, IRF provides a way to link to Cisco
devices either in access or in core, allowing you to completely remove STP.
Rev 11.12 A – 25
IRF, link aggregation and interoperability: IRF in the distribution and access
layers
Q1: Do you need to configure VRRP?
A1: An IRF acts as a single L2 and L3 switch. There is no need for VRRP because the
IP addresses and the IP forwarding table are fully distributed on IRF members. The IP
forwarding plane is fully managed by line cards hardware based on the FIB table
that is loaded from the master switch. On the control plane, the routing table (RIB) is
set by the master switch using local networks, static routes and routing protocols.
VLAN trunking and link aggregation
Q1: Do you have to set VLAN trunking on physical ports as well?
A1: A virtual port set by link aggregation, is a port should be configured as such.
y
There is no need to configure individual ports.
nl
Learning check answers
O
Q1: In what circumstances can you create an LACP link aggregation in which one
Se
switch connects to two different switches?
lU
A1: When switches are set in a stack such as with HP A-Series IRF or Cisco VSS.
Q2: Can you create a link aggregation between a Cisco switch port in on mode and
a
an HP E-Series switch port in trunk mode?
rn
A2: Both modes mean static and will interoperate together.
te
Q3: Can you create a link aggregation between a Cisco switch in active mode and
In
an HP A-Series switch in dynamic mode?
A3: Both modes mean static LACP and will interoperate together.
P
H
Module 9
r
Fo
Activity and discussion question answers
Virtual IP concepts
Q1: List the virtual protocols with which you are familiar. State which are proprietary
and which are industry-standard.
A1: Virtual IP protocols include:
Cisco HSRP
Cisco GLPB
VRRP
Both HSRP and GLBP are proprietary protocols implemented in Cisco devices. VRRP
is standard based, so various vendors’ equipment can interoperate.
Rev 11.12 A – 26
Q2: What is the purpose of implementing HSRP and VRRP?
A2: Redundancy for the default gateway is the most well-known and commonly used
function. You can also use HSRP or VRRP to provide redundancy for the next hop in
static routes.
Q3: Do the endpoints that use the virtual IP as their default router need to be aware
of HSRP or VRRP?
A3: No. Devices for which the virtual IP address is the default router act just as they
would if their default router were not implementing a Virtual IP protocol. When they
need their traffic to be routed, they set the virtual MAC address, which they receive in
response to their ARP requests, as the destination MAC address for the Layer 2
Ethernet frames.
Q4: What are the different roles of routers in HSRP and VRRP?
y
A4: The master router owns the virtual IP address and virtual MAC address. It routes
nl
traffic for endpoints for which the virtual IP address is the default router; it also routes
O
traffic for devices with state routes in which the virtual IP address is the next hop. The
backup routers monitor whether the master is up, and if the master fails, one of them
Se
becomes the new master.
Q5: In what circumstances are the virtual IP and virtual MAC addresses used?
lU
A5: Usually devices do not send traffic to the virtual IP at Layer 3. Devices can ping
a
this address, and SNMP devices can contact the address. Endpoints for which the
rn
virtual IP is the default gateway, and routers for which the virtual IP is the next hop,
address frames with packets to be routed to the virtual MAC address.
te
Q6: For which common protocols might the virtual IP protocols not provide
In
redundancy without interruption?
P
A6: Some protocols do not experience seamless redundancy without interruption
H
unless the routers also implement state sharing between them. For example, NAT and
IP Security (IPsec) (a virtual private network, or VPN, protocol) are stateful functions.
r
Fo
When two routers share a virtual IP address that is configured as a gateway for an
IPsec VPN tunnel, they do not naturally share the states of the other’s IPsec (and
Internet Key Exchange, or IKE) SAs. Therefore, if the master router fails, the remote
endpoints of any active tunnels must establish new security associations (SAs) with the
new master.
Similarly, the routers implementing the virtual IP protocol do not share a NAT
translation table. If the master router fails, the NAT sessions are lost and must be
reestablished.
Rev 11.12 A – 27
Virtual IP quiz answers
Q1: What is the difference between VRRP and HSRP?
A1: Both VRRP and HSRP provide the same functionality; however, some differences
exist:
VRRP is standard based while HSRP is proprietary.
In HSRP, the owner and standby routers exchange frames. In VRRP, the master
router sends VRRP frames to backup routers, but the backup routers are silent.
However, in enhanced forms of VRRP that implement more functions that those
required by the standard, such as the VRRP load balancing function supported
by HP A-Series switches, both master and backup exchange frames.
The timers are different. The HSRP default hello time is 5 seconds and the hold
time is three times the hello time. The VRRP default hello time is 1 second, but
y
nl
the hold time is also three times the hello time.
O
HSRP uses the Cisco virtual MAC address of 00-00-0c-07-AC-XX while VRRP
uses 00-00-5E-00-01-XX. In both, XX is the group ID.
Se
Q2: What is the difference between GLBP and HSRP?
lU
A2: The main difference is that GLBP allows the load balancing of traffic among the
master and standby routers while in HSRP (and VRRP) the standby routers do not help
a
handle traffic. With GLBP, the single virtual IP address is associated with one virtual
rn
MAC address per GLBP member. The master receives ARP requests and sends replies
that specify different virtual MAC addresses, taking turns among the different virtual
te
MAC addresses in order to distribute traffic among them.
In
Note that HP A-Series devices support a VRRP load balancing function which is very
similar to GLBP. However VRRP load balancing is a proprietary implementation of
P
VRRP and uses specific MAC addresses for that purpose.
H
Q3: What message does a backup router usually send when it becomes master?
r
Fo
A3: When the backup router becomes the master, it owns the virtual IP address and
the virtual MAC address. It usually sends a gratuitous ARP (ARP response without a
request in which the source MAC is the virtual MAC) that:
Updates the ARP cache of the endpoints in the broadcast domain (usually not
necessary as the virtual MAC is not changed
Updates the MAC address table of switches
Rev 11.12 A – 28
Q4: What function does preemption serve?
A4: Preemption allows the router with the higher priority for a given virtual IP to
preempt the role of master when booted or rebooted; that is, the router can take the
role away from another device. Preemption based on priority is particularly useful for
synching HSRP/VRRP master roles with STP roles so that the network makes best use
of the STP topology. Preemption is also useful when a tracking situation occurs, in
which the master decreases its priority and the backup router gains a higher priority.
Preemption allows the backup to become the new master.
Q6: What function does the preempt delay serve?
A6: When a router preempts the master role, it may not be ready to route IP packets
to remote networks because HSRP and VRRP often converge much faster than routing
protocols; even though the master can route packets to directly connected networks
immediately, it has not yet learned routes via OSPF, RIP, or BGP.
y
nl
With the preempt delay, it waits until it is ready before preempting its master role.
O
Preempt delay is not enabled by default; you must remember to set it to a value
greater than the time required for routing protocol convergence in your environment.
Q7: What function does tracking serve?
Se
lU
A7: If the master router loses an interface connection, it might lose connectivity with
other routers that are next hops in its routes to remote networks. The master will lose
a
these routes and no longer be able to route packets to these destinations.
rn
Tracking enables the router to lower its priority if a particular interface goes down so
te
that its priority becomes lower than that of a backup router. The backup router
becomes the new master, and traffic can reach its destination.
In
Note that sometimes when the master loses one interface connection, routing
P
protocols converge and provide different routes to the remote networks. In this case,
H
tracking might not be necessary. However, it might still be useful because often the
backup route is through the backup router in the VRRP/HSRP protocol. The backup
r
Fo
partner might as well become the master so that the traffic is routed through it
directly.
An enhanced version of tracking, which is available with HSRP and VRRP on HP A-
Series devices, allows routers to tracking a remote IP address (for example, an
address on Internet) rather than an interface. This feature tests the router’s overall
connectivity more completely.
Rev 11.12 A – 29
Learning check answers
Q1: How does an IP endpoint learn the Virtual Router’s virtual IP and virtual MAC
addresses?
A1: It learns the virtual IP address from its default gateway IP address either through
DHCP or a manual configuration. The endpoint learns the virtual MAC address by
sending an ARP request for the virtual IP. The master responds to the request with the
virtual MAC address, which the endpoint can then use to send Layer 2 frames to its
default gateway.
Q2: Can a HP Layer 3 switch back up a Cisco Layer 3 switch using HSRP?
A2: No. For the HP switch to back up the Cisco switch, the Cisco switch would need
to implement VRRP, which is quite rare in the field as most Cisco devices implement
HSRP.
y
nl
Q3: Can you use VRRP and HSRP in the same LAN?
O
A3: As long as the two implementations do not use the same virtual IP address, you
can. For example, two HP routing switches implement VRRP, and two Cisco WAN
Se
routers implement HSRP. Both virtual IP groups have a static route in which the next
hop is the other group’s virtual IP.
lU
The IP endpoints do not pose a concern because they are not aware of either
protocol. They only need to send ARP requests for their default gateway as always.
a
rn
Q4: What is the purpose of the preempt delay purpose? When would you set it?
te
A4: When a master preempts its role, it may not be ready to route IP packets to
remote networks. With the preempt delay, it waits until it is ready before preempting
In
the master role.
P
Preempt delay is not enabled by default. You should enable it whenever the master
H
uses routing protocols, setting the delay to a value that is greater than the time for
routing protocol convergence.
r
Fo
Q5: In what situations is load balancing desirable?
A5: Whenever you want to divide traffic for a given VLAN/IP subnet between the
routing switches. You might enable this feature when both routers offer an equally
attractive path (MSTP does not block links).
Q6: When a pair of core routing switches connect to a WAN router, is VRRP always
tracking required?
A6: No, depending on your environment, it might not be required. If the switches run
a routing protocol, routing protocols convergence may be enough by itself to
preserve routes to the remote network. A floating static route might also serve this
purpose. Although these options might add an extra hop if one of the master’s
interfaces goes down, you might consider a simpler configuration worth that cost.
Rev 11.12 A – 30
Module 10
Activity and discussion question answers
OSPF neighboring—Scenario 1-1
Q1: What conditions must two routers meet to become OSPF neighbors? For each
condition that you list, check that setting on the routers in this example. Circle any
incorrect settings and replace them with the correct setting.
A1: For two routers to become OSPF neighbors, they must meet the following
conditions on the communicating IP interfaces:
Same IP subnet
A subnet contained within a larger subnet also applied. For example, R2 has a
y
/30 IP address within the space of the other routers’ /24 subnet. It can still
nl
become those routers’ neighbor.
O
Same OSPF area
Se
In this example, all routers have their IP interfaces in area 0 except R3. (Circle
that setting on R3 and change it to area 0.)
lU
Same timers
a
All of the routers except R4 are using the default Hello and Dead interval timers:
rn
Hello = 10 seconds
te
Dead Interval = 40 seconds
In
R4 has a Dead Interval of 30 seconds, so it would not become a neighbor with
the other routers. (Circle that setting on R4 and change it to 40 seconds.)
P
Same network type
H
On Ethernet interfaces, the default setting is Broadcast. All of the routers in this
r
Fo
example are using this setting except R2, which is set to Point to Point (P2P).
(Circle that setting on R2 and change it to Broadcast.)
The network type depends on the Layer 2 protocol:
Ethernet interfaces—As mentioned, the default setting is Broadcast, which
indicates that Layer 2 network includes broadcast traffic. You can also
configure Ethernet interfaces as P2P, which indicates that the network
includes only two devices connected on a single routed Ethernet interface.
The P2P setting speeds convergence because the routers do not need to
elect a designated router.
Rev 11.12 A – 31
Layer2 networks such as ATM and Frame Relay, provide more options for
the type:
P2P
Non Broadcast Multi Access (NBMA)
Point to Multipoint in Multicast (P2MP)
Unicast (P2PM In Unicast)
Same authentication method and password
None of these routers implement authentication, so all of them meet this
condition.
OSPF DR Election—Scenario 1-2
y
Q1: How do devices in a multi-access (such as Broadcast) network determine which
nl
devices become DR and Backup DR (BDR)? What role does priority 0 play in this
O
process? What role do other priorities play?
A1: The OSPF router that starts its processes first becomes the DR. The router that
Se
starts second becomes the BDR. However, if a router’s priority is set to 0, it does not
participate to the elections. So, more precisely, the first OSPF router to start that does
lU
not have priority 0 is the DR.
Other priorities only affect the process if an election must occur:
a
rn
More than one router starts its OSPF processes at the same time. In this case, the
router with the highest priority value becomes DR, and the router with the second
te
highest priority becomes BDR. In this example, those would be R2 and R4,
In
respectively. But it is relatively rare for multiple routers to start their processes at
once. Usually routers start one at a time as they are configured and brought up.
P
The DR’s or BDR’s connection (Layer 1/Layer 2) goes down or goes down and
H
then comes back up. In this case, an election begins when all routers are
r
already running their OSPF processes when the election starts. They use
Fo
priorities to elect the DR or BDR.
Q2: Can you determine which routers in this figure become DR and BDR?
A2: No. You know R1 will not become DR or BDR because its priority is 0, but any
of the other three routers could become DR or BDR depending on when they start.
Q3: How can you force two routers to become DR and BDR?
A3: Set the priority on all other routers to 0.
Rev 11.12 A – 32
OSPF authentication—Scenario 1-3
Q1: If you ignore the authentication settings, which routers become OSPF neighbors
and on which subnets and areas?
A1: Cisco 2 and HP 1 are neighbors on IP subnet 192.168.1.0/24 and area 0.
Cisco 2 and HP 3 similarly become neighbors on IP subnet 10.6.0.0/24 and area
10.
Q2: Do the authentication settings match between HP 1 and Cisco 2?
A2: Yes. Both sides use the simple password authentication method and the same
password, “very-secret.” Note that authentication method must be enabled for the
Area, but the specific settings are configured on a per-interface basis.
Q3: On HP 1, the password is specified with the cipher keyword. What purpose
y
does this keyword serve?
nl
A3: This keyword encrypts the password in the configuration to protect it from
O
unauthorized detection. However, it does not encrypt the password when HP 1
transmits it on the LAN. (Use the plain keyword to display the password in plaintext
Se
in the configuration.)
lU
Q4: Do the authentication settings match between HP 3 and Cisco 2?
A4: Yes. Both sides use the md5 password authentication method and the same
a
password, “cant_find.” In addition, the key ID matches.
rn
Q5: What role does the key ID play (beyond being another matching setting)?
te
A5: The key ID helps you to rotate passwords. As with any password, it is best
In
practice to change OSPF MD5 passwords on a regular basis. However, if you start
by changing the password on one router, this router loses its neighbor relationships.
P
Instead, you should create the new password with a new key ID without removing the
H
first key. After you have configured the new password on every router, you can
remove the old password.
r
Fo
OSPF area summarization—Scenario 2-1
Q1: What kind of OSPF router is R1?
A1: R1 is an Area Border Router (ABR). It has interfaces in different areas.
Q2: What kind of LSAs are generated by R1?
A2: ABRs generate Type 3 LSAs, which are Inter Area LSAs or Summary LSAs. The
ABR generates the Type 3 LSA for an area based on its database of Type 1 and Type
2 LSAs for that area. The ABR advertises the Type 3 LSA for one area in other areas.
Q3: What function does configuring an area range serve?
A3: Configuring the area range configures the ABR to summarize a range of Inter
Area LSAs into a single LSA. Note also that you can configure an area range to
exclude a range of Inter-Area LSAs from the Summary LSA.
Rev 11.12 A – 33
Q4: Why would you configure an area range?
A4: Configuring the area range reduces the size of the LSA table for devices in other
areas that receive the Summary LSAs, thus simplifying these devices’ routing tables.
Configuring the area range also reduces the number of LSA updates exchanged in
an OSPF network.
For example, you can include several remote sites in one area. If IP subnetting is
configured appropriately, you can then summarize all the remote sites’ networks in
one short list of IP networks.
Q5: What are the key advantages of summarization?
A5: Summarization simplifies the routing table because one area is seen as one
network.
In addition, by generating a default route (summarization of the rest of the network),
y
an ABR hides the rest of the network from routers in areas that do not need this
nl
information (totally stubby areas and NSSA totally stubby areas).
O
Q6: Does summarization have some disadvantages?
Se
A6: With summarization, you lose granularity. On a router in an area that receives a
summary for other areas, you cannot see when an individual network in another
lU
area loses connectivity. You would typically have to access the ABR to see this
information.
a
You can only summarize Type 1 and Type 2 LSAs. Routes to external networks (Type
rn
5 and Type 7 LSAs) are summarized by the ASBR and are not included with the Type
te
3 LSAs (except the default route advertised in totally stubby areas and NSSA totally
stubby areas).
In
Q7: Why can you enable summarization on R1 and not on R2, R3, and R4?
P
A7: Because R2, R3, and R4 are not ABRs and cannot generate Type 3 LSAs.
H
Q8: What other tasks can you perform on an ABR related to area summarization?
r
Fo
A8: You can filter some networks or blocks of network so that they are not seen in
other areas. You can generate a default route and advertise only that route in
selected non-backbone areas (totally stubby areas and NSSA totally stubby areas),
hiding unnecessary complexity from routers in the stub areas.
Q9: Where can you see the results of the area summarization?
A9: You see the results on routers in different areas from the one that is summarized.
On R4, you can check the summarization of area 1 (10.1.0.0/16). On Router R2 and
R3, the summarization of area 0 (10.0.0.0/16) is visible. On the ABR, you might also
see a summary to null 0 interface.
Rev 11.12 A – 34
OSPF area summarization: Scenario 2-1-a
The commands are missing some keywords. Fill in the commands, using the figure for
information:
network 10.0.0.0 0.0.255.255 area 0
network 10.1.0.0 0.0.255.255 area 1
area 0 range 10.0.0.0 255.255.0.0
area 1 range 10.1.0.0 255.255.0.0
Also fill in the blanks to indicate how the ABR (R1) will summarize the routes:
R1 aggregates the routes in area 0 into a single route to 10.0.0.0/16 and advertises
this route to routers in area 1.
R1 aggregates the routes in area 1 into a single route to 10.1.0.0/16 and advertises
y
this route to routers in area 0
nl
OSPF area summarization: Scenario 2-2
O
Q1: For each router, fill in the routing table:
Se
Routes to directly connected networks
lU
Routes discovered through OSPF, remembering to consider the summaries
For Type, indicate the type of route using the Cisco abbreviations.
a
A1: The figure displays the answers for the activity.
rn
te
In
P
r H
Fo
Rev 11.12 A – 35
OSPF redistribution—Scenario 3-1
Q1: Why would you redistribute routes to directly connected networks instead of
configuring those networks as OSPF networks?
A1: First, you might not be able to (or you might not want to) establish OSPF
neighboring with other routers on the network. For example, these routers might
belong to another company or to an ISP. A firewall might block OSPF
communications, or the connection might be over an IPsec VPN that does not support
OSPF communications.
You could configure the network as a passive interface OSPF network; however, often
redistribution provides a simpler configuration. For example, when two routing
switches are connected to more than 50 VLANs, you can redistribute connected with
fewer commands than enabling OSPF on all 50 VLANs.
y
In addition, redistributing the networks allows the router to aggregate them into fewer
nl
routes, which can be crucial to simplifying the routing table on other routers.
O
Q2: What conditions must be met on a router for it to redistribute routes?
Se
A2: For a router to redistribute a route, that route must be active in the routing table.
The connected interface must be up for a connected route, or the forwarding
lU
interface must be up for a remote router. In addition, the router’s OSPF area must not
be stub or totally stubby.
a
Q3: Which type of OSPF LSA is created for the redistributed route?
rn
A3: External network LSAs are created: Type 5 LSAs or, in an NSSA, Type 7 LSAs.
te
Q4: What are some reasons for not redistributing routes?
In
A4: Redistributed routes are always advertised as external networks. These networks
P
cannot be aggregated with other OSPF networks on an ABR. Therefore, if the
networks could fit in the range of a route summarization on the ABR, you might want
H
to advertise them as directly connected OSPF networks.
r
Fo
In addition, routers in stub and totally stub areas cannot receive advertisements for
the external networks created by route redistribution. (However, typically they do not
need these specific routes.)
OSPF redistribution—Scenario 3-1-a
Q1: Fill in the blanks to show the proper configuration for R2 when it is a Cisco
router.
A1: The figure gives the answer.
Rev 11.12 A – 36
y
nl
Q2: What command can you enter to verify that the Cisco R2 has properly
O
redistributed (or imported) the routes?
Se
A2: show ip ospf database external
Q3: What command can you enter to verify that the routes to the external networks
lU
have been summarized?
a
A3: You can enter show ip route on R1 to verify that this router received the
rn
summarized route. On Cisco switches, the router that summarizes the route (R2 in this
example) also creates a route for the summarized networks with null as the
te
forwarding interface. You can enter show ip route on R2 to look for that route.
In
Q4: This configuration sets metric type 1 for the redistributed routes. What purpose
does this configuration serve, and how could you change the metric type?
P
H
A4: This configuration indicates that routers will increment the cost for the
redistributed (external) route as it is advertised. You can change the metric type with
r
these commands:
Fo
Router ospf 1
redistribute connected metric-type 2 subnets
OSPF redistribution—Scenario 3-1-b
Q1: Fill in the blanks to show the proper configuration for R2 when it is a HP A-
Series router.
A1: The figure gives the answer.
Rev 11.12 A – 37
R1 Area 0 R4
.4
.1
10.0.10.0/24
10.1.1.0/24 Area 2
10.2.1.0/24
Area 1
R2 .2 .5 R5
.3 R3
10.1.2.0/24
R2= HP A-Series
ip route-static 10.1.3.0 24 10.1.10.3
10.1.3.0/24 ospf 1
area 1
network 10.1.1.0 24
import-route static cost 10 type 1
import-route direct cost 10 type 1
y
asbr-summary 10.1.2.0 23
nl
Q2: This configuration sets metric type 1 for the redistributed routes. What purpose
O
does this configuration serve? Why might you select type 1 rather than type 2?
Se
A2: Metric type 1 means that the cost for the route is incremented as it is advertised.
With type 2, the redistributed (external) route is assigned an initial cost that never
lU
changes.
The type does not matter if only one path exists for the route. If multiple paths for a
a
specific network exist, then using type 1 metrics for redistributed routes to that
rn
network enables routers to select the shortest path. If you use type 2, the cost is equal
te
for all paths. (However, routers will still select the path through the closest ASBR that
redistributed the route.)
In
OSPF redistribution—Scenario 3-1-c
P
Q1: Fill in the blanks to show the proper configuration for R2 when it is a HP E-Series
H
router.
r
Fo
A1: The figure gives the answer.
Rev 11.12 A – 38
R1 Area 0 R4
.4
.1
10.0.10.0/24
10.1.1.0/24 Area 2
10.2.1.0/24
Area 1
R2 .2 .5 R5
.3 R3
10.1.2.0/24 R2= HP A-Series
ip route 10.1.3.0/24 10.1.10.3
vlan 10
10.1.3.0/24 ip address 10.1.1.2/24
ip ospf area 1
Router ospf
area 1
redistribute connected
redistribute static
y
default-metric 20
nl
29 Rev. 10.41 metric-type 1
O
OSPF redistribution—Scenario 3-3
Q1: For R4 and R5, fill in the routing table:
Routes to directly connected networks
Se
lU
Routes discovered through OSPF (remember to consider redistributed routes,
summarized routes, and default routes)
a
rn
For Type, indicate the type of route using the Cisco abbreviations.
A1: The figure below displays the answers for the activity.
te
In
R1 Area 0 R4
P
.4 0.0.0.0/0
.1
10.0.10.0/24
H
10.1.1.0/24 Area 2
R4 1 10.2.1.0/24
Area
r
IP Network Next Hop Type
Fo
10.0.10.0/24 0.0.0.0 C
R2 .2 10.1.2.0/23 10.0.10.1 O E1 .5 R5
10.1.1.0/24 10.0.10.1 O IA
10.2.1.0/24 0.0.0.0 C
.3 R3
10.1.2.0/24
R5 with Area 2=Stub
10.1.3.0/24 IP Network Next Hop Type
0.0.0.0/0 10.2.1.4 O IA
10.2.1.0/24 0.0.0.0 C
R5 with Area 2=NSSA
IP Network Next Hop Type
36 Rev. 10.41 0.0.0.0/0 10.2.1.4 O N2
10.2.1.0/24 0.0.0.0 C
Rev 11.12 A – 39
Learning check answers
Q1: What parameters must match for OSPF neighbors?
A1: These parameters must match:
IP subnet
Hello and dead timers
Area ID
Area type (such as stub or NSSA)
Network type
Q2: What purpose does BFD serve in OSPF?
A2: BFD speeds convergence to millisecond level. It enables routers to detect failures
y
when they are connected to same network but cannot sense the failure of the other
nl
routers’ interfaces directly. That is, they are connected through a Layer 2 switch.
O
Q3: Which type of area conceals the networks in all other areas from routers within
Se
that area?
A3: This is a totally stubby area (a stub or NSSA area with the no-summary
lU
configured on the ABR). This type of area receives a single default route instead of
all Type 3 LSAs (inter-area route summarizations) and External Type 5 LSAs.
a
Q4: What options can you set when you redistribute routes into OSPF?
rn
A4: You can change the metric and the metric type (1 or 2). You can tag the routes.
te
You can filter the networks that are imported.
In
Q5: Why would you tag IP routes when you redistribute them?
P
A5: Tagging a route marks (or “colors” it) so that you later select it for actions such
H
as filtering the route or changing its preference.
Module 11
r
Fo
Learning check answers
Q1: What is the difference between dynamic NAT and NAPT?
A1: NAPT or PAT (port address translation) is a variation of dynamic NAT. To
configure dynamic NAT (many to many), you define a pool of IP addresses for the
NAT addresses. Each inside IP address is translated to an IP address of the pool.
With PAT or NAPT, there are a few inside source IP addresses and a source port that
is translated to the external IP address –usually the Internet or Public IP of the
router/firewall/gateway. This helps save a lot of public IP addresses, while enabling
Internet access for corporate clients.
Rev 11.12 A – 40
Q2: What is required to access (from the outside) an internal server set with a
private address?
A2: A NAT setting is required that is going to translate the packets coming from
Internet clients: the few destination IP ports will be translated to an internal
destination IP port that defines the service on the server. When the DNS server is
outside and some inside nodes want to access the server, NAT translation of the
DNS payload can also be enabled.
Q3: What is the benefit of such a configuration?
A3: NAT and forwarding to the inside is restricted to the IP and ports for which NAT
has been defined.
Q4: In what situation would you use static NAT?
A4: Static NAT is used for accessing servers that are set with their private address
y
and for overlapping networks.
nl
O
Se
a lU
rn
te
In
P
r H
Fo
Rev 11.12 A – 41
PAGE INTENTIONALLY LEFT BLANK
y
nl
O
Se
lU
a
rn
te
In
P
r H
Fo
Rev 11.12 A – 42
PAGE INTENTIONALLY LEFT BLANK
y
nl
O
Se
a lU
rn
te
In
P
r H
Fo
y
nl
O
Se
a lU
rn
te
In
P
rH
Fo
To learn more about HP networking, visit
www.hp.com/networking
© 2010 Hewlett-Packard Development Company, L.P. The information contained herein is
subject to change without notice. The only warranties for HP products and services are set forth
in the express warranty statements accompanying such products and services. Nothing herein
should be construed as constituting an additional warranty. HP shall not be liable for technical
or editorial errors or omissions contained herein.
You might also like
- HCIP-Datacom-Core Technology V1.0 TrainingMaterialNo ratings yetHCIP-Datacom-Core Technology V1.0 TrainingMaterial1,419 pages
- IntelliVue Information Center HL7 Programmer S Guide PDFNo ratings yetIntelliVue Information Center HL7 Programmer S Guide PDF210 pages
- Which 4 of The Following Statements Are TRUE About SDNo ratings yetWhich 4 of The Following Statements Are TRUE About SD7 pages
- HP - Student Guide - Get Start W Switch and Route - v9.41 - ILT PDF100% (1)HP - Student Guide - Get Start W Switch and Route - v9.41 - ILT PDF176 pages
- Junos Service Provider Switching (JSPX) 1of2100% (1)Junos Service Provider Switching (JSPX) 1of2208 pages
- HPN-B2 Cisco Interoperability and Migration ScenarioNo ratings yetHPN-B2 Cisco Interoperability and Migration Scenario109 pages
- Advanced Junos Enterprise Switching: High-Level Lab GuideNo ratings yetAdvanced Junos Enterprise Switching: High-Level Lab Guide70 pages
- Implementing HP A-Series Networks Lab GuideNo ratings yetImplementing HP A-Series Networks Lab Guide139 pages
- Avaya 1600 Series IP Desk Phones Administrator GuideNo ratings yetAvaya 1600 Series IP Desk Phones Administrator Guide142 pages
- Implementing HP A-Series Networks Book 1No ratings yetImplementing HP A-Series Networks Book 1426 pages
- 700_7000 Managed Industrial Ethernet Switches Software ManualNo ratings yet700_7000 Managed Industrial Ethernet Switches Software Manual153 pages
- HPE - c04111740 - HP 4200 VL Switch SeriesNo ratings yetHPE - c04111740 - HP 4200 VL Switch Series43 pages
- Building HP FlexFabric Data Centers, Rev 14.41 Student Guide Part3No ratings yetBuilding HP FlexFabric Data Centers, Rev 14.41 Student Guide Part3153 pages
- HP E4510G Switch Series: Product Overview Key FeaturesNo ratings yetHP E4510G Switch Series: Product Overview Key Features7 pages
- Integrated Virtual Ethernet Adapter Technical Overview and Introduction - Jun08 - Redp4340-00No ratings yetIntegrated Virtual Ethernet Adapter Technical Overview and Introduction - Jun08 - Redp4340-0084 pages
- Networking n3000 Series Administrator Guide10 en UsNo ratings yetNetworking n3000 Series Administrator Guide10 en Us1,782 pages
- AIX 7 1 AN21 TCPIP For AIX Administrators StudentNo ratings yetAIX 7 1 AN21 TCPIP For AIX Administrators Student512 pages
- Dell EMC Networking N-Series ConfiguracionNo ratings yetDell EMC Networking N-Series Configuracion1,766 pages
- Networking n1500 Series User's Guide15 en UsNo ratings yetNetworking n1500 Series User's Guide15 en Us1,794 pages
- Common Powerconnect-M6220 User's Guide En-UsNo ratings yetCommon Powerconnect-M6220 User's Guide En-Us1,294 pages
- HPE FlexFabric 5945 Switch Series Configuration Guides IndexNo ratings yetHPE FlexFabric 5945 Switch Series Configuration Guides Index630 pages
- ProCurve Adaptive EDGE Fundamentals 8.41 - Lab Activity Guide - 20081121100% (2)ProCurve Adaptive EDGE Fundamentals 8.41 - Lab Activity Guide - 20081121600 pages
- Multiprotocol Label Switching (MPLS) Configuration Guide, Cisco IOS XE Everest 16.6.x (Catalyst 9400 Switches)No ratings yetMultiprotocol Label Switching (MPLS) Configuration Guide, Cisco IOS XE Everest 16.6.x (Catalyst 9400 Switches)58 pages
- Technology Brief - Multi-Chassis Link Aggregation Group (MLAG)No ratings yetTechnology Brief - Multi-Chassis Link Aggregation Group (MLAG)8 pages
- Practice Exam Questions For: Nokia Virtual Private Routed Networks (Exam Number: 4A0-106)100% (1)Practice Exam Questions For: Nokia Virtual Private Routed Networks (Exam Number: 4A0-106)21 pages
- 1.2.1 Packet Tracer - Inter-VLAN Routing Challenge - ILMNo ratings yet1.2.1 Packet Tracer - Inter-VLAN Routing Challenge - ILM3 pages
- User Guide: 300Mbps Wi-Fi Router TL-WR820NNo ratings yetUser Guide: 300Mbps Wi-Fi Router TL-WR820N64 pages
- 01-JUNOS - Fundamentals (Modo de Compatibilidad)No ratings yet01-JUNOS - Fundamentals (Modo de Compatibilidad)17 pages
