Archive for May, 2009

Cisco: Download 640-816 exam for free(8)

May 31st

Posted by Johnny in CCNA Training | 1 views

No comments

91.What is the purpose of the OSPF ID in a DR/BDR election?
A.It is used with the OSPF priority values to determine which OSPF will become the DR or BDR in a point-to-point network.
B.It is used with the OSPF priority values to determine which interface will be used to form a neighbor relationship with another OSPF .
C.It is used with the OSPF priority values to determine which will become the DR or BDR in a multiaccess network.
D.It is used to determine which interfaces will send Hello packets to neighboring OSPF routers.
Correct:C

92.Based on the topology table that is shown in the exhibit and assuming that variance is not configured for EIGRP, which route or routes should appear in the routing table?

640-816 (92).jpg
A.D 192.168.8.20 (2707456/2195456), Serial0/1
B.D 192.168.2.0/24 [90/2707456] via 192.168.8.22, 00:27:50, Serial0/0 [90/3815424] via 192.168.8.18, 00:27:50, Serial0/2
C.D 192.168.2.0/24 [90/3815424] via 192.168.8.18, 00:27:50, Serial0/2
D.D 192.168.8.24/30 [90/2681856] via 192.168.8.22, 00:27:50, Serial0/0
Correct:D

93.A network administrator wants to ensure that only the server can connect to port Fa0/1 on a Catalyst switch. The server is plugged into the switch Fa0/1 port and the network administrator is about to bring the server online. What can the administrator do to ensure that only the MAC address of the server is allowed by switch port Fa0/1? (Choose two.)
A.Configure port Fa0/1 to accept connections only from the static IP address of the server.
B.Employ a proprietary connector type on Fa0/1 that is incompatible with other host connectors.
C.Configure the MAC address of the server as a static entry associated with port Fa0/1.
D.Bind the IP address of the server to its MAC address on the switch to prevent other hosts from spoofing the server IP address.
E.Configure port security on Fa0/1 to reject traffic with a source MAC address other than that of the server.
F.Configure an access list on the switch to deny server traffic from entering any port other than Fa0/1.
Correct:C E

94.Refer to the graphic. How many collision domains are shown?

640-816 (94).jpg
A.one
B.two
C.three
D.four
E.six
F.fourteen
Correct:B

95.What can be determined from the output shown in the graphic?

640-816 (95).jpg
A.200.1.1.64 is a default route.
B.The output shows that there are three default routes.
C.The output came from R2.
D.The output came from a that has four physical interfaces.
E.EIGRP is in use in this network.
Correct:E

96.Refer to the exhibit. How should the FastEthernet0/1 ports on the 2950 model switches that are shown in the exhibit be configured to allow connectivity between all devices?

640-816 (96).jpg

A.The ports only need to be connected by a crossover cable.
B.SwitchX(config)# interface fastethernet 0/1 SwitchX(config-if)# switchport mode trunk
C.SwitchX(config)# interface fastethernet 0/1 SwitchX(config-if)# switchport mode access SwitchX(config-if)# switchport access vlan 1
D.SwitchX(config)# interface fastethernet 0/1 SwitchX(config-if)# switchport mode trunk
SwitchX(config-if)# switchport trunk vlan 1 SwitchX(config-if)# switchport trunk vlan 10 SwitchX(config-if)# switchport trunk vlan 20
Correct:B

97.A network administrator is trying to add a new into an established OSPF network. The networks attached to the new do not appear in the routing tables of the other OSPF routers. Given the information in the partial configuration shown below, what configuration error is causing this problem? (config)# ospf 1 (config-)# network 10.0.0.0 255.0.0.0 area 0
A.The process id is configured improperly.
B.The OSPF area is configured improperly.
C.The network wildcard mask is configured improperly.
D.The network number is configured improperly.
E.The AS is configured improperly.
F.The network subnet mask is configured improperly.
Correct:C

98.How does replacing a hub with a switch affect CSMA/CD behavior in an Ethernet network?
A.It effectively eliminates collisions.
B.In increases the size of the collision domain by allowing more devices to be connected at once.
C.It decreases the amount of time that a jam signal must be sent to reach all network devices.
D.It reduces the total amount of bandwidth available to each device.
E.It eliminates Layer 3 broadcast traffic.
Correct:A

99.Refer to the exhibit. What is the most efficient summarization that R1 can use to advertise its networks to R2?

640-816 (99).jpg
A.172.1.0.0/22
B.172.1.0.0/21
C.172.1.4.0/22
D.172.1.4.0/24 172.1.5.0/24 172.1.6.0/24 172.1.7.0/24
E.172.1.4.0/25 172.1.4.128/25 172.1.5.0/24 172.1.6.0/24 172.1.7.0/24
Correct:C

100.Refer to the exhibit. Some 2950 series switches are connected to the conference area of the corporate headquarters network. The switches provide two to three jacks per conference room to host laptop connections for employees who visit the headquarters office. When large groups of employees come from other locations, the network administrator often finds that hubs have been connected to wall jacks in the conference area although the ports on the access layer switches were not intended to support multiple workstations. What action could the network administrator take to prevent access by multiple laptops through a single switch port and still leave the switch functional for its intended use?

640-816 (00).jpg
A.Configure static entries in the switch MAC address table to include the range of addresses used by isiting employees.
B.Configure an ACL to allow only a single MAC address to connect to the switch at one time.
C.Use the mac-address-table 1 global configuration command to limit each port to one source MAC ddress.
D.Implement Port Security on all interfaces and use the port-security maximum 1 command to limit port ccess to a single MAC address.
E.Implement Port Security on all interfaces and use the port-security mac-address sticky command to limit access to a single MAC address.
F.Implement Port Security at global configuration mode and use the port-security maximum 1 command to allow each switch only one attached hub.
Correct:D

Popularity: 3% [?]

, , , , ,

Cisco: Download 640-816 exam for free(7)

May 31st

Posted by Johnny in CCNA Training | 1 views

No comments

71.Running both IPv4 and IPv6 on a simultaneously is known as what?
A.4to6 routing
B.6to4 routing
C.binary routing
D.dual-stack routing
E.NextGen routing
Correct:D

72.Which Frame Relay feature is responsible for transmitting keepalives to ensure that the PVC does not shut down because of inactivity?
A.DLCI
B.BECN
C.FECN
D.LMI
E.CIR
F.DE
Correct:D

74.Which protocol should be used to establish a secure terminal connection to a remote network device?
A.ARP
B.SSH
C.Telnet
D.WEP
E.SNMPv1
F.SNMPv2
Correct:B

75.Select the action that results from executing these commands. Switch(config-if)# switchport port-security Switch(config-if)# switchport port-security mac-address sticky
A.A dynamically learned MAC address is saved in the startup-configuration file.
B.A dynamically learned MAC address is saved in the running-configuration file.
C.A dynamically learned MAC address is saved in the VLAN database.
D.Statically configured MAC addresses are saved in the startup-configuration file if frames from that address are received.
E.Statically configured MAC addresses are saved in the running-configuration file if frames from that address are received.
Correct:B

76.Users have been complaining that their Frame Relay connection to the corporate site is very slow. The network administrator suspects that the link is overloaded. Based on the partial output of the # show frame relay pvc command shown in the graphic, which output value indicates to the local that traffic sent to the corporate site is experiencing congestion?

640-816 (76).jpg
A.DLCI = 100
B.last time PVC status changed 00:25:40
C.in BECN packets 192
D.in FECN packets 147
E.in DE packets 0
Correct:C

77.Drop and drag question

640-816 (77).jpg
Correct:
Green choice1—->Yellow Choice1
Green choice6—->Yellow Choice2
Green choice5—->Yellow Choice3
Green choice2—->Yellow Choice4

78.A large corporation that frequently integrates networks from newly acquired businesses has just decided to use OSPF as the corporate routing protocol instead of EIGRP. What two benefits will the change from EIGRP to OSPF provide to the corporation? (Choose two.)
A.the ability to use VLSM
B.the ability to support multi-vendor routers
C.the ability to automatically summarize networks
D.the ability to redistribute default and static routes
E.the ability to create a hierarchical design using areas
Correct:B E

79.In which circumstance are multiple copies of the same unicast frame likely to be transmitted in a switched LAN?
A.during high traffic periods
B.after broken links are re-established
C.when upper-layer protocols require high reliability
D.in an improperly implemented redundant topology
E.when a dual ring topology is in use
Correct:D

80.Identify the four valid IPv6 addresses. (Choose four.)
A.::
B.::192:168:0:1
C.2000::
D.2001:3452:4952:2837::
E.2002:c0a8:101::42
F.2003:dead:beef:4dad:23:46:bb:101
Correct:A B E F

81.When a new trunk link is configured on an IOS based switch, which VLANs are allowed over the link?
A.By default, all defined VLANs are allowed on the trunk.
B.Each single VLAN, or VLAN range, must be specified with the switchport mode command.
C.Each single VLAN, or VLAN range, must be specified with the vtp domain command.
D.Each single VLAN, or VLAN range, must be specified with the vlan database command.
Correct:A

82.Refer to the exhibit. Which address and mask combination represents a summary of the routes learned by EIGRP?

640-816 (82).jpg
A.192.168.25.0 255.255.255.240
B.192.168.25.0 255.255.255.252
C.192.168.25.16 255.255.255.240
D.192.168.25.16 255.255.255.252
E.192.168.25.28 255.255.255.240
F.192.168.25.28 255.255.255.252
Correct:C

83.A consistently loses its configuration each time it reboots. Given the output shown in the graphic, what is the cause of this problem?

640-816 (83).jpg
A.NVRAM failed POST.
B.There is insufficient NVRAM.
C.There is insufficient flash memory.
D.There is insufficient RAM for the IOS image.
E.The configuration register is misconfigured.
Correct:E

84.What does a do if it has no EIGRP feasible successor route to a destination network and the successor route to that destination network is in active status?
A.It routes all traffic that is addressed to the destination network to the interface indicated in the routing table.
B.It sends a copy of its neighbor table to all adjacent routers.
C.It sends a multicast query packet to all adjacent neighbors requesting available routing paths to the destination network.
D.It broadcasts Hello packets to all routers in the network to re-establish neighbor adjacencies.
Correct:C

85.Refer to the exhibit. What IP address should be assigned to Workstation A?

640-816 (85).jpg
A.192.168.1.143/28
B.192.168.1.144/28
C.192.168.1.145/28
D.192.168.1.159/28
E.192.168.1.160/28
Correct:C

86.Refer to the output from the show running-config command in the exhibit. What should the administrator do to allow the workstations connected to the FastEthernet 0/0 interface to obtain an IP address?

640-816 (86).jpg
A.Apply access-group 14 to interface FastEthernet 0/0.
B.Add access-list 14 permit any any to the access list configuration.
C.Configure the IP address of the FastEtherent 0/0 interface to 10.90.201.1.
D.Add an interface description to the FastEthernet 0/0 interface configuration.
Correct:C

87.Refer to the exhibit. Switch1 has just been restarted and has passed the POST routine. Host A sends its initial frame to Host C. What is the first thing the switch will do as regards populating the switching table?

640-816 (87).jpg
A.Switch1 will add 192.168.23.4 to the switching table.
B.Switch1 will add 192.168.23.12 to the switching table.
C.Switch1 will add 000A.8A47.E612 to the switching table.
D.Switch1 will add 000B.DB95.2EE9 to the switching table.
Correct:C

88.Refer to the exhibit. Workstation A must be able to telnet to switch SW-A through RTA for management purposes. What must be configured for this connection to be successful?

640-816 (88).jpg
A.VLAN 1 on RTA
B.default gateway on SW-A
C.IP routing on SW-A
D.cross-over cable connecting SW-A and RTA
Correct:B

89.Refer to the exhibit. The has been configured with these commands: hostname Gateway interface FastEthernet 0/0 ip address 198.133.219.14 255.255.255.248 no shutdown interface FastEthernet 0/1 ip address 192.168.10.254 255.255.255.0 no shutdown interface Serial 0/0 ip address 64.100.0.2 255.255.255.252 no shutdown ip route 0.0.0.0 0.0.0.0 64.100.0.1 What are the two results of this configuration? (Choose two.)

640-816 (89).jpg
A.The default route should have a next hop address of 64.100.0.3.
B.Hosts on the LAN that is connected to FastEthernet 0/1 are using public IP addressing.
C.The address of the subnet segment with the WWW server will support seven more servers.
D.The addressing scheme allows users on the Internet to access the WWW server.
E.Hosts on the LAN that is connected to FastEthernet 0/1 will not be able to access the Internet without address translation.
Correct:D E

90.What is the purpose of the command shown below?
vtp password Fl0r1da
A.It is used to validate the sources of VTP advertisements sent between switches.
B.It is used to access the VTP server to make changes to the VTP configuration.
C.It allows two VTP servers to exist in the same domain, each configured with different passwords.
D.It is the password required when promoting a switch from VTP client mode to VTP server mode.
E.It is used to prevent a switch newly added to the network from sending incorrect VLAN information to the other switches in the domain.
Correct:A

Popularity: 7% [?]

, , , , ,

Configuring X.25 PVCs

May 31st

Posted by Johnny in Uncategorized | 1 views

No comments

Configuring X.25 PVCs

                                                                       

Introduction

This document provides a sample configuration for X.25 Permanent Virtual Circuits (PVC).


Prerequisites

Requirements

There are no specific requirements for this document.


Components Used

This document is not restricted to specific software and hardware versions.

The information in this document was created from the devices in a specific lab environment. All of the devices used in this document started with a cleared (default) configuration. If your network is live, make sure that you understand the potential impact of any command.


Conventions

For more information on document conventions, refer to Cisco Technical Tips Conventions.


Background Information

PVCs are the X.25 equivalent of leased lines; they are never disconnected. You do not need to configure an address map before defining a PVC; an encapsulation PVC implicitly defines a map. One example of a PVC is a Network Management Server connection to a remote node, such as an ISDN switch.


Set the Virtual Circuit Ranges

The X.25 protocol maintains multiple connections over one physical link between data terminal equipment (DTE), and data communications equipment (DCE). These connections are called virtual circuits or logical channels (LCs). X.25 can maintain up to 4095 virtual circuits numbered 1 through 4095. An individual virtual circuit is identified by giving its logical channel identifier (LCI), or virtual circuit number (VCN). Many documents use the terms virtual circuit and logical channels, and virtual circuit number, logical channel number, and logical channel identifier interchangeably. Each of these terms refers to the virtual circuit number.

An important part of X.25 operation is the range of virtual circuit numbers. Virtual circuit numbers are broken into four ranges (listed here in numerically increasing order):

  1. PVCs

  2. Incoming-only circuits

  3. Two-way circuits

  4. Outgoing-only circuits

The incoming-only, two-way, and outgoing-only ranges define the virtual circuit numbers over which a switched virtual circuit (SVC) can be established by placing an X.25 call, much like a telephone network establishes a switched voice circuit when a call is placed.

Here are the rules about DCE and DTE devices initiating calls:

  • Only the DCE device can initiate a call in the incoming-only range

  • Only the DTE device can initiate a call in the outgoing-only range

  • Both the DCE device and the DTE device can initiate a call in the two-way range

Note: The ITU-T Recommendation defines "incoming" and "outgoing" in relation to the DTE/DCE interface role; Cisco's documentation uses the more intuitive sense. Unless the ITU-T sense is explicitly referenced, a call received from the interface is an incoming call, and a call sent out to the interface is an outgoing call.

There is no difference in the operation of the SVCs except the restrictions on which a device can initiate a call. These ranges can be used to prevent one side from monopolizing the virtual circuits, which can be useful for X.25 interfaces with a small number of SVCs available.

Six X.25 parameters define the upper and lower limit of each of the three SVC ranges. A PVC must be assigned a number less than the numbers assigned to the SVC ranges. An SVC range is not allowed to overlap another range.

Note: Because the X.25 protocol requires the DTE and DCE to have identical virtual circuit ranges, if the interface is up, changes to the virtual circuit range limits will be held until the X.25 protocol restarts the packet service.


Configure

In this section, you are presented with the information to configure the features described in this document.

Note: To find additional information on the commands used in this document, use the Command Lookup Tool ( registered customers only)


Network Diagram

This document uses this network setup:


Configurations

This document uses this configuration:


Verify

This section provides information you can use to confirm your configuration is working properly.

Certain show commands are supported by the Output Interpreter Tool ( registered customers only) , which allows you to view an analysis of show command output.

  • show x25 vcdisplays information about active SVCs and PVCs in privileged EXEC mode

  2501#show x25 vc
  PVC 1, State D1, Interface Serial0
  Started 002308, last input never, output never
  PVC <–> Serial1 PVC 5, connected, D-bit allowed
  Window size input 2, output 2
  Packet size input 128, output 128
  PS 0 PR 0 ACK 0 Remote PR 0 RCNT 0 RNR FALSE
  Retransmits 0 Timer (secs) 0 Reassembly (bytes) 0
  Held Fragments/Packets 0/0
  Bytes 0/0 Packets 0/0 Resets 3/3 RNRs 0/0 REJs 0/0 INTs 0/0
  PVC 5, State D2, Interface Serial1
  Started 000118, last input never, output never
  PVC <–> Serial0 PVC 1, connected, D-bit allowed
  Window size input 2, output 2
  Packet size input 128, output 128
  PS 0 PR 0 ACK 0 Remote PR 0 RCNT 0 RNR FALSE
  Retransmits 1 Timer (secs) 101 Reassembly (bytes) 0
  Held Fragments/Packets 0/0
  Bytes 0/0 Packets 0/0 Resets 1/0 RNRs 0/0 REJs 0/0 INTs 0/0
  2501#


Troubleshoot

This section provides information you can use to troubleshoot your configuration. These debugs are derived when a new device establishes a PVC for the first time.

The PVC that goes through the automatically sends a restart when the both the host and the node first come on line. This is the restart the host sent when it successfully came up.
  2501#
  Jan 28 113935 Serial0 X25 O R2 RESTART (5) 8 lci 0 cause 0 diag 0
  Jan 28 113935 Serial0 X25 I R2 RESTART (5) 8 lci 0 cause 7 diag 0
  Jan 28 113935 Serial0 X25 O D2 RESET REQUEST (5) 8 lci 1 cause 0
  diag 0
  Jan 28 113935 Serial0 X25 I D2 RESET REQUEST (5) 8 lci 1 cause 15
  diag 0
  %LINK-3-UPDOWN Interface Serial0, changed state to up
  %LINEPROTO-5-UPDOWN Line protocol on Interface Serial0, changed state
  to up
  2501#

Popularity: -0% [?]

Cisco: Download 640-816 exam for free(6)

May 31st

Posted by Johnny in CCNA Training | 1 views

No comments

61.RouterA is unable to reach RouterB. Both routers are running IOS version 12.0. After reviewing the command output and graphic, what is the most likely cause of the problem?

640-816 (61).jpg
A.incorrect bandwidth configuration
B.incorrect LMI configuration
C.incorrect map statement
D.incorrect IP address
Correct:C

62.A network administrator wants the text “Unauthorized access prohibited!” to be displayed before the login prompt when someone tries to initiate a Telnet session to a . This output is shown in the graphic. Which command can be used to configure this message?

640-816 (62).jpg
A.login banner x Unauthorized access prohibited! x
B.banner exec y Unauthorized access prohibited! y
C.banner motd x Unauthorized access prohibited! x
D.login message “Unauthorized access prohibited!”
E.vty motd “Unauthorized access prohibited!”
F.vty 0 4 banner “Unauthorized access prohibited!”
Correct:C

63.The network shown in the diagram is experiencing connectivity problems. Which of the following will correct the problems? (Choose two.)

640-816 (63).jpg
A.Configure the gateway on Host A as 10.1.1.1.
B.Configure the gateway on Host B as 10.1.2.254.
C.Configure the IP address of Host A as 10.1.2.2.
D.Configure the IP address of Host B as 10.1.2.2.
E.Configure the masks on both hosts to be 255.255.255.224.
F.Configure the masks on both hosts to be 255.255.255.240.
Correct:B D

64.A network associate is trying to understand the operation of the FLD Corporation by studying the network in the exhibit. The associate knows that the server in VLAN 4 provides the necessary resources to support the user hosts in the other VLANs. The associate needs to determine which interfaces are access ports. Which interfaces are access ports? (Choose three.)

640-816 (64).jpg
A.Switch1 – Fa 0/2
B.Switch1 – Fa 0/9
C.Switch2 – Fa 0/3
D.Switch2 – Fa 0/4
E.Switch2 – Fa 0/8
F. – Fa 1/0
Correct:A C D

65.A network administrator is configuring the routers in the graphic for OSPF. The OSPF process has been started and the networks have been configured for Area 0 as shown in the diagram. The network administrator has several options for configuring RouterB to ensure that it will be preferred as the designated (DR) for the 172.16.1.0 /24 LAN segment. What configuration tasks could be used to establish this preference? (Choose three.)

640-816 (65).jpg
A.Configure the priority value of the Fa0/0 interface of RouterB to a higher value than any other interface on the Ethernet network.
B.Change the id of B by assigning the IP address 172.16.1.130/24 to the Fa0/0 interface of RouterB.
C.Configure a loopback interface on RouterB with an IP address higher than any IP address on the other routers.
D.Change the priority value of the Fa0/0 interface of RouterB to zero.
E.Change the priority values of the Fa0/0 interfaces of RouterA and RouterC to zero.
F.No further configuration is necessary.
Correct:A C E

66.A network administrator needs to configure a serial link between the main office and a remote location. The at the remote office is a non-Cisco . How should the network administrator configure the serial interface of the main office to make the connection?
A.Main(config)# interface serial 0/0 Main(config-if)# ip address 172.16.1.1 255.255.255.252 Main(config-if)# no shut
B.Main(config)# interface serial 0/0 Main(config-if)# ip address 172.16.1.1 255.255.255.252 Main(config-if)# encapsulation ppp Main(config-if)# no shut
C.Main(config)# interface serial 0/0 Main(config-if)# ip address 172.16.1.1 255.255.255.252 Main(config-if)# encapsulation frame-relay Main(config-if)# authentication chap Main(config-if)# no shut
D.Main(config)# interface serial 0/0 Main(config-if)#ip address 172.16.1.1 255.255.255.252 Main(config-if)#encapsulation ietf Main(config-if)# no shut
Correct:B

67.Refer to the exhibit. Subnet 10.1.3.0/24 is unknown to RTB. Which command will prevent RTB from dropping a packet destined for the 10.1.3.0/24 network if a default route is configured?

640-816 (67).jpg
A.ip classless
B.ip default-network
C.network 10.1.1.0
D.network 10.1.1.0 0.0.0.255 area 0
Correct:A

68.Drop and drag question

640-816 (68).jpg
Correct:
Green choice3—->Yellow Choice1
Green choice1—->Yellow Choice2
Green choice5—->Yellow Choice3
Green choice2—->Yellow Choice4

69.On point-to-point networks, OSPF hello packets are addressed to which address?
A.127.0.0.1
B.172.16.0.1
C.192.168.0.5
D.223.0.0.1
E.224.0.0.5
F.254.255.255.255
Correct:E

70.Refer to the exhibit. How does Spanning Tree Protocol prevent switching loops?

640-816 (70).jpg
A.STP load balances traffic evenly across the redundant links.
B.STP shuts down switch S3 to to eliminate the switching loops.
C.STP identifies cables that must be disconnected to eliminate the redundant paths.
D.STP places ports into the blocking state to disable the redundant paths.
E.STP allows the switches to communicate with a that makes the traffic forwarding decisions.
Correct:D

Popularity: 1% [?]

, , , , ,

Cisco: Download 640-816 exam for free(5)

May 31st

Posted by Johnny in CCNA Training | 1 views

No comments

51.Hotspot
640-816 (51).jpg

52.An access list has been designed to prevent HTTP traffic from the Accounting Department from reaching the HR server attached to the Holyoke . Which of the following access lists will accomplish this task when grouped with the e0 interface on the Chicopee ?

640-816 (52).jpg
A.permit ip any any deny tcp 172.16.16.0 0.0.0.255 172.17.17.252 0.0.0.0 eq 80
B.permit ip any any deny tcp 172.17.17.252 0.0.0.0 172.16.16.0 0.0.0.255 eq 80
C.deny tcp 172.17.17.252 0.0.0.0 172.16.16.0 0.0.0.255 eq 80 permit ip any any
D.deny tcp 172.16.16.0 0.0.0.255 172.17.17.252 0.0.0.0 eq 80 permit ip any any
Correct:D

53.If an ethernet port on a was assigned an IP address of 172.16.112.1/20, what is the maximum number of hosts allowed on this subnet?
A.1024
B.2046
C.4094
D.4096
E.8190
Correct:C

54.Refer to the exhibit. Some 2950 series switches are connected to the conference area of the corporate headquarters network. The switches provide two to three jacks per conference room to host laptop connections for employees who visit the headquarters office. When large groups of employees come from other locations, the network administrator often finds that hubs have been connected to wall jacks in the conference area although the ports on the access layer switches were not intended to support multiple workstations. What action could the network administrator take to prevent access by multiple laptops through a single switch port and still leave the switch functional for its intended use?

640-816 (54).jpg
A.Configure static entries in the switch MAC address table to include the range of addresses used by visiting employees.
B.Configure an ACL to allow only a single MAC address to connect to the switch at one time.
C.Use the mac-address-table 1 global configuration command to limit each port to one source MAC address.
D.Implement Port Security on all interfaces and use the port-security maximum 1 command to limit port access to a single MAC address.
E.Implement Port Security on all interfaces and use the port-security mac-address sticky command to limit access to a single MAC address.
F.Implement Port Security at global configuration mode and use the port-security maximum 1 command to allow each switch only one attached hub.
Correct:D

55.For security reasons, the network administrator needs to prevent pings into the corporate networks from hosts outside the internetwork. Which protocol should be blocked with access control lists?
A.IP
B.ICMP
C.TCP
D.UDP
Correct:B

56.What are two reasons that a network administrator would use access lists? (Choose two.)
A.to control vty access into a
B.to control broadcast traffic through a
C.to filter traffic as it passes through a
D.to filter traffic that originates from the
E.to replace passwords as a line of defense against security incursions
Correct:A C

57.The system LED is amber on a Cisco Catalyst 2950 series switch. What does this indicate?
A.The system is malfunctioning.
B.The system is not powered up.
C.The system is powered up and operational.
D.The system is forwarding traffic.
E.The system is sensing excessive collisions.
Correct:A

58.Refer to the exhibit. All of the routers in the network are configured with the ip subnet-zero command. Which network addresses should be used for Link A and Network A? (Choose two.)

640-816 (58).jpg

A.Network A – 172.16.3.48/26
B.Network A – 172.16.3.128/25
C.Network A – 172.16.3.192/26
D.Link A – 172.16.3.0/30
E.Link A – 172.16.3.40/30
F.Link A – 172.16.3.112/30
Correct:B D

59.LAB

640-816 (59).jpg
Correct answer: >enable #config terminal (config)#hostname weaver weaver(config)#ip nat pool
test 198.18.191.153 198.18.191.158 255.255.255.248 weaver(config)#ip nat inside source list 1 pool test
overload weaver(config)#access-list 1 permit 192.168.72.65 0.0.0.63 weaver(config)#interface fa0/0
weaver(config-if)#ip address 192.168.72.64 255.255.255.192 weaver(config-if)#ip nat inside
weaver(config-if)#interface s0/0 weaver(config-if)#ip nat outside

60.Refer to the network diagram and configuration shown in the graphic. The network at the SOS Company has just been configured for NAT as shown. Initial tests indicate that everything is functioning as intended. However, it is found that a number of hosts cannot access the Internet. What is the problem?

640-816 (60).jpg
A.The access list is not correct.
B.There are not enough IP addresses available in the NAT address pool.
C.The wrong interface has been configured with the ip nat inside command.
D.The IP address of the Fa0/0 interface is not usable.
E.The S0/1 interface of the ISP is in the wrong subnet.
Correct:B

Popularity: 1% [?]

, , , , ,

Cisco: Download 640-816 exam for free(4)

May 31st

Posted by Johnny in CCNA Training | 1 views

No comments

41.A has EIGRP configured as the only routing protocol. How does EIGRP respond if there is no feasible successor route to a destination network and the successor route fails?
A.It immediately sends its entire routing table to its neighbors.
B.EIGRP sends a Hello packet to the DR to inform it of the route failure.
C.It automatically forwards traffic to a fallback default route until a new successor route is found.
D.It sends queries out to neighbors until a new successor route is found.
E.It places the route in holddown until LSA updates inform it of a new route to the network.
Correct:D

42.Drop and drag question

640-816 (42).jpg

Correct:
Green choice1—->Yellow Choice1
Green choice3—->Yellow Choice2
Green choice5—->Yellow Choice4
Green choice4—->Yellow Choice5
Green choice2—->Yellow Choice6
Green choice6—->Yellow Choice3

43.Refer to the exhibit. Switch port FastEthernet 0/24 on ALSwitch1 will be used to create an IEEE 802.1Q-compliant trunk to another switch. Based on the output shown, what is the reason the trunk does not form, even though the proper cabling has been attached?

640-816 (43).jpg
A.VLANs have not been created yet.
B.An IP address must be configured for the port.
C.The port is currently configured for access mode.
D.The correct encapsulation type has not been configured.
E.The no shutdown command has not been entered for the port.
Correct:C

44.Why has the network shown in the exhibit failed to converge?

640-816 (44).jpg
A.The no auto-summary command needs to be applied to the routers.
B.The network numbers have not been properly configured on the routers.
C.The subnet masks for the network numbers have not been properly configured.
D.The autonomous system number has not been properly configured.
E.The bandwidth values have not been properly configured on the serial interfaces.
Correct:A

45.Hotspot

640-816 (45).jpg

46.Refer to the exhibit. If all four switches are running STP, which one will become the root bridge?

640-816 (46).jpg
A.SW-A
B.SW-B
C.SW-C
D.SW-D
Correct:D

47.Refer to the exhibit. What is required to allow communication between host A and host B?

640-816 (47).jpg
A.a CSU/DSU connected to the switches with crossover cables
B.a connected to the switches with straight-through cables
C.a connected to the switches with crossover cables
D.a straight-through cable only
E.a crossover cable only
Correct:B

48.How many broadcast domains are shown in the graphic assuming only the default VLAN is configured on the switches?

640-816 (48).jpg
A.one
B.two
C.six
D.twelve
Correct:A

49.Refer to the exhibit. What will be the result of issuing the following commands?
Switch1(config)# interface fastethernet 0/5 Switch1(config-if)# switchport mode access
Switch1(config-if)# switchport access vlan 30 A.

640-816 (49).jpg

A.The VLAN will be added to the database, but the VLAN information will not be passed on to the Switch2 VLAN database.
B.The VLAN will be added to the database and VLAN 30 will be passed on as a VLAN to add to the Switch2 VLAN database.
C.The VLAN will not be added to the database, but the VLAN 30 information will be passed on as a VLAN to the Switch2 VLAN database.
D.The VLAN will not be added to the database, nor will the VLAN 30 information be passed on as a VLAN to the Switch2 VLAN database.
Correct:A

50.Refer to the exhibit. The Bigtime is unable to authenticate to the Littletime . What is the cause of the problem?

640-816 (50).jpg
A.The usernames are incorrectly configured on the two routers.
B.The passwords do not match on the two routers.
C.CHAP authentication cannot be used on a serial interface.
D.The routers cannot be connected from interface S0/0 to interface S0/0.
E.With CHAP authentication, one must authenticate to another . The routers cannot be configured to authenticate to each other.
Correct:B

Popularity: 2% [?]

, , , , ,

Configuring STP on Catalyst Switches

May 31st

Posted by Johnny in Uncategorized | 1 views

No comments

Configuring STP on Catalyst Switches

                                                                  

Introduction

Spanning Tree Protocol (STP) is a Layer 2 (L2) protocol that runs on bridges and switches. The specification for STP is IEEE 802.1D. The main purpose of STP is to ensure that you do not create loops when you have redundant paths in your network. Loops are deadly to a network.


Prerequisites

Requirements

There are no specific requirements for this document.


Components Used

Although this document uses Cisco Catalyst 5500/5000 switches, the spanning tree principles that the document presents are applicable to almost all devices that support STP.

For the examples, this document used:

  • A console cable that is suitable for the Supervisor Engine in the switch
  • Six Catalyst 5509 switches

The information in this document was created from the devices in a specific lab environment. All of the devices used in this document started with a cleared (default) configuration. If your network is live, make sure that you understand the potential impact of any command.


Conventions

For more information on document conventions, refer to the Cisco Technical Tips Conventions.


Background Theory

The configurations in this document apply to Catalyst 2926G, 2948G, 2980G, 4500/4000, 5500/5000, and 6500/6000 switches that run Catalyst OS (CatOS). For information on the configuration of STP on other switch platforms, refer to these documents:

  • Configuring STP and IEEE 802.1s MST on Catalyst 6500/6000 switches that run Cisco IOS® Software
  • Understanding and Configuring STP on Catalyst 4500/4000 switches that run Cisco IOS Software
  • Configuring STP on Catalyst 2900 XL/3500 XL switches
  • Configuring STP on Catalyst 3550 switches
  • Configuring STP on Catalyst 2950 switches
Network Diagram

This document uses this network setup:


Concepts

STP runs on bridges and switches that are 802.1D-compliant. There are different flavors of STP, but 802.1D is the most popular and widely implemented. You implement STP on bridges and switches in order to prevent loops in the network. Use STP in situations where you want redundant links, but not loops. Redundant links are as important as backups in the case of a failover in a network. A failure of your primary activates the backup links so that users can continue to use the network. Without STP on the bridges and switches, such a failure can result in a loop. Consider this network:

In this network, a redundant link is planned between Switch A and Switch B. But this setup creates the possibility of a bridging loop. For example, a broadcast or multicast packet that transmits from Station M and is destined for Station N simply continues to circulate between both switches.

However, when STP runs on both switches, the network logically looks like this:

This information applies to the scenario in the Network Diagram:

  • Switch 15 is the backbone switch.

  • Switches 12, 13, 14, 16, and 17 are switches that attach to workstations and PCs.

  • The network defines these VLANs:

      ¨1
      ¨200
      ¨201
      ¨202
      ¨203
      ¨204

  • The VLAN Trunk Protocol (VTP) domain name is STD-Doc.

In order to provide this desired path redundancy, as well as to avoid a loop condition, STP defines a tree that spans all the switches in an extended network. STP forces certain redundant data paths into a standby (blocked) state and leaves other paths in a forwarding state. If a link in the forwarding state becomes unavailable, STP reconfigures the network and reroutes data paths through the activation of the appropriate standby path.


Description of the Technology

With STP, the key is for all the switches in the network to elect a root bridge that becomes the focal point in the network. All other decisions in the network, such as which port to block and which port to put in forwarding mode, are made from the perspective of this root bridge. A switched environment, which is different from a bridge environment, most likely deals with multiple VLANs. When you implement a root bridge in a switching network, you usually refer to the root bridge as the root switch. Each VLAN must have its own root bridge because each VLAN is a separate broadcast domain. The roots for the different VLANs can all reside in a single switch or in various switches.

Note: The selection of the root switch for a particular VLAN is very important. You can choose the root switch, or you can let the switches decide, which is risky. If you do not control the root selection process, there can be suboptimal paths in your network.

All the switches exchange information for use in the root switch selection and for subsequent configuration of the network. Bridge protocol data units (BPDUs) carry this information. Each switch compares the parameters in the BPDU that the switch sends to a neighbor with the parameters in the BPDU that the switch receives from the neighbor.

In the STP root selection process, less is better. If Switch A advertises a root ID that is a lower number than the root ID that Switch B advertises, the information from Switch A is better. Switch B stops the advertisement of its root ID, and accepts the root ID of Switch A.

Refer to Configuring Optional STP Features for details about some of the optional STP features, such as:

  • PortFast
  • Root guard
  • Loop guard
  • BPDU guard

STP Operation

Task

Prerequisites: Before you configure STP, select a switch to be the root of the spanning tree. This switch does not need to be the most powerful switch. But choose the most centralized switch on the network. All data flow across the network is from the perspective of this switch. Also, choose the least disturbed switch in the network. The backbone switches often serve as the spanning tree root because these switches typically do not connect to end stations. Also, moves and changes within the network are less likely to affect these switches.

After you decide on the root switch, set the appropriate variables to designate the switch as the root switch.

The only variable that you must set is the bridge priority. If the switch has a bridge priority that is lower than all the other switches, the other switches automatically select the switch as the root switch.

Clients (end stations) on switch ports: You can also issue the set spantree portfast command, on a per-port basis. When you enable the portfast variable on a port, the port immediately switches from blocking mode to forwarding mode. Enablement of portfast helps to prevent timeouts on clients who use Novell Netware or use Dynamic Host Configuration Protocol (DHCP) in order to obtain an IP address. However, do not use this command when you have switch-to-switch connection. In this case, the command can result in a loop. The 30?0 second delay that occurs during the transiti
on f
rom blocking to forwarding mode prevents a temporal loop condition in the network when you connect two switches.

Leave most other STP variables at their default values.

Rules of Operation: This section lists rules for how STP works. When the switches first come up, they start the root switch selection process. Each switch transmits a BPDU to the directly connected switch on a per-VLAN basis.

As the BPDU goes out through the network, each switch compares the BPDU that the switch sends to the BPDU that the switch receives from the neighbors. The switches then agree on which switch is the root switch. The switch with the lowest bridge ID in the network wins this election process.

Note: Remember that one root switch is identified per VLAN. After the root switch identification, the switches follow these rules:

  • STP Rule 1: All ports of the root switch must be in forwarding mode.

Note: In some corner cases, which involve self-looped ports, there is an exception to this rule.

Next, each switch determines the best path to get to the root. The switches determine this path by a comparison of the information in all the BPDUs that the switches receive on all ports. The switch uses the port with the least amount of information in the BPDU in order to get to the root switch; the port with the least amount of information in the BPDU is the root port. After a switch determines the root port, the switch proceeds to Rule 2.

  • STP Rule 2: The root port must be set to forwarding mode.

In addition, the switches on each LAN segment communicate with each other to determine which switch is best to use in order to move data from that segment to the root bridge. This switch is called the designated switch.

  • STP Rule 3: In a single LAN segment, the port of the designated switch that connects to that LAN segment must be placed in forwarding mode.
  • STP Rule 4: All the other ports in all the switches (VLAN-specific) must be placed in blocking mode. The rule only applies to ports that connect to other bridges or switches. STP does not affect ports that connect to workstations or PCs; these ports remain forwarded.
Step-by-Step Instructions

Complete these steps:

  1.Issue the show version command in order to display the software version that the switch runs.

Note: All switches run the same software version.

    Switch-15> (enable) show version
    WS-C5505 Software, Version McpSW: 4.2(1) NmpSW: 4.2(1)
    Copyright (c) 1995-1998 by Cisco Systems
    NMP S/W compiled on Sep 8 1998, 10:30:21
    MCP S/W compiled on Sep 08 1998, 10:26:29
    System Bootstrap Version: 5.1(2)
    Hardware Version: 1.0 Model: WS-C5505 Serial #: 066509927
    Mod Port Model Serial # Versions
    — —- —– —— ———-
    1 0 WS-X5530 008676033 Hw : 2.3
    Fw : 5.1(2)
    Fw1: 4.4(1)
    Sw : 4.2(1)

In this scenario, Switch 15 is the best choice for the root switch of the network for all the VLANs because Switch 15 is the backbone switch.

Issue the set spantree root vlan_id command in order to set the priority of the switch to 8192 for the VLAN or VLANs that the vlan_id specifies.

Note: The default priority for switches is 32768. When you set the priority with this command, you force the selection of Switch 15 as the root switch because Switch 15 has the lowest priority.

    Switch-15> (enable) set spantree root 1
    VLAN 1 bridge priority set to 8192.
    VLAN 1 bridge max aging time set to 20.
    VLAN 1 bridge hello time set to 2.
    VLAN 1 bridge forward delay set to 15.
    Switch is now the root switch for active VLAN 1.
    Switch-15> (enable)

    Switch-15> (enable) set spantree root 200
    VLAN 200 bridge priority set to 8192.
    VLAN 200 bridge max aging time set to 20.
    VLAN 200 bridge hello time set to 2.
    VLAN 200 bridge forward delay set to 15.
    Switch is now the root switch for active VLAN 200.
    Switch-15> (enable)

    Switch-15> (enable) set spantree root 201
    VLAN 201 bridge priority set to 8192.
    VLAN 201 bridge max aging time set to 20.
    VLAN 201 bridge hello time set to 2.
    VLAN 201 bridge forward delay set to 15.
    Switch is now the root switch for active VLAN 201.
    Switch-15> (enable)

    Switch-15> (enable) set spantree root 202
    VLAN 202 bridge priority set to 8192.
    VLAN 202 bridge max aging time set to 20.
    VLAN 202 bridge hello time set to 2.
    VLAN 202 bridge forward delay set to 15.
    Switch is now the root switch for active VLAN 202.
    Switch-15>

    Switch-15> (enable) set spantree root 203
    VLAN 203 bridge priority set to 8192.
    VLAN 203 bridge max aging time set to 20.
    VLAN 203 bridge hello time set to 2.
    VLAN 203 bridge forward delay set to 15.
    Switch is now the root switch for active VLAN 203.
    Switch-15>

    Switch-15> (enable) set spantree root 204
    VLAN 204 bridge priority set to 8192.
    VLAN 204 bridge max aging time set to 20.
    VLAN 204 bridge hello time set to 2.
    VLAN 204 bridge forward delay set to 15.
    Switch is now the root switch for active VLAN 204.
    Switch-15> (enable)

The shorter version of the command has the same effect, as this example shows:

    Switch-15> (enable) set spantree root 1,200-204
    VLANs 1,200-204 bridge priority set to 8189.
    VLANs 1,200-204 bridge max aging time set to 20.
    VLANs 1,200-204 bridge hello time set to 2.
    VLANs 1,200-204 bridge forward delay set to 15.
    Switch is now the root switch for active VLANs 1,200-204.
    Switch-15> (enable)

  2.The set spantree priority command gives you a third way to specify the root switch:
    Switch-15> (enable) set spantree priority 8192 1
    Spantree 1 bridge priority set to 8192.
    Switch-15> (enable)

Note: In this scenario, all the switches started with cleared configurations. So al

l the switches started with a bridge priority of 32768. If you are not certain that all the switches in your network have a priority that is greater than 8192, set the priority of your desired root bridge to 1.

3.Issue the set spantree portfast mod_num/port_num enable command in order to configure the PortFast setting on Switches 12, 13, 14, 16, and 17.

Note: Only configure this setting on ports that connect to workstations or PCs. Do not enable PortFast on any port that connects to another switch.

This example only configures Switch 12. You can configure other switches in the same way. Switch 12 has these port connections:

        
  • Port 2/1 connects to Switch 13.

    •     

  • Port 2/2 connects to Switch 15.

    •     

  • Port 2/3 connects to Switch 16.

    •     

  • Port 3/1 through 3/24 connects to PCs.

    •     

  • Port 4/1 through 4/24 connects to UNIX workstations.

With this information as a basis, issue the set spantree portfast command on ports 3/1›/24 and on ports 4/1oe/24:

    Switch-12> (enable) set spantree portfast 3/1-24 enable     Warning: Spantree port fast start should only be enabled on ports     connected to a single host. Connecting hubs, concentrators,     switches, bridges, etc. to     a fast start port can cause temporary     spanning-tree loops. Use with caution.

    Spantree ports 3/1-24 fast start enabled.
    Switch-12> (enable)

    Switch-12> (enable) set spantree portfast 4/1-24 enable     Warning: Spantree port fast start should only be enabled on ports     connected to a single host. Connecting hubs, concentrators,     switches, bridges, etc. to     a fast start port can cause temporary     spanning-tree loops. Use with caution.

    Spantree ports 4/1-24 fast start enabled.
    Switch-12> (enable)
  4.Issue the show spantree vlan_id command in order to verify that Switch 15 is the root of all the appropriate VLANs.

From the output from this command, compare the MAC address of the switch that is the root switch to the MAC address of the switch from which you issued the command. If the addresses match, the switch that you are in is the root switch of the VLAN. A root port that is 1/0 also indicates that you are at the root switch. Here is the sample command output:

    Switch-15> (enable) show spantree 1
    VLAN 1
    spanning-tree enabled
    spanning-tree type ieee
    Designated Root 00-10-0d-b1-78-00
    !— This is the MAC address of the root switch for VLAN 1.
    Designated Root Priority 8192
    Designated Root Cost 0
    Designated Root Port 1/0
    Root Max Age 20 sec Hello Time 2 sec Forward Delay 15 sec
    Bridge ID MAC ADDR 00-10-0d-b1-78-00
    Bridge ID Priority 8192
    Bridge Max Age 20 sec Hello Time 2 sec Forward Delay 15 sec

This output shows that Switch 15 is the designated root on the spanning tree for VLAN 1. The MAC address of the designated root switch (00-10-0d-b1-78-00) is the same as the bridge ID MAC address of Switch 15 (00-10-0d-b1-78-00). Another indicator that this switch is the designated root is that the designated root port is 1/0.

In this output from Switch 12, the switch recognizes Switch 15 as the Designated Root for VLAN 1:

    Switch-12> (enable) show spantree 1
    VLAN 1
    spanning-tree enabled
    spanning-tree type IEEEDesignated Root 00-10-0d-b1-78-00
    !— This is the MAC address of the root switch for VLAN 1.
    Designated Root Priority 8192
    Designated Root Cost 19
    Designated Root Port 2/3
    Root Max Age 20 sec Hello Time 2 sec Forward Delay 15 sec
    Bridge ID MAC ADDR 00-10-0d-b2-8c-00
    Bridge ID Priority 32768
    Bridge Max Age 20 sec Hello Time 2 sec Forward Delay 15 sec

Note: The output of the show spantree vlan_id command for the other switches and VLANs would also indicate that Switch 15 is the designated root for all VLANs.


Verify

This section provides information you can use to confirm that your configuration works properly.

Certain show commands are supported by the Output Interpreter Tool ( registered customers only) , which allows you to view an analysis of show command output.

  • show spantree vlan_id Shows the current state of the spanning tree for this VLAN ID, from the perspective of the switch on which you issue the command.
  • show spantree summaryProvides a summary of connected spanning tree ports by VLAN.
Troubleshoot

This section provides information you can use to troubleshoot your configuration.


Troubleshooting Commands

Certain show commands are supported by the Output Interpreter Tool ( registered customers only) , which allows you to view an analysis of show command output.

  • show spantree vlan_id Shows the current state of the spanning tree for this VLAN ID, from the perspective of the switch on which you issue the command.
  • show spantree summaryProvides a summary of connected spanning tree ports by VLAN.
  • show spantree statisticsShows spanning tree statistical information.
  • show spantree backbonefastDisplays whether the spanning tree BackboneFast Convergence feature is enabled.
  • show spantree blockedportsDisplays only the blocked ports.
  • show spantree portstateDetermines the current spanning tree state of a Token Ring port within a spanning tree.
  • show spantree portvlancostShows the path cost for the VLANs on a port.
  • show spantree uplinkfastShows the UplinkFast settings.
Command Summary

Popularity: 1% [?]

Cisco: Download 640-816 exam for free(3)

May 31st

Posted by Johnny in CCNA Training | 1 views

No comments

21.A network administrator must configure 200 switch ports to accept traffic from only the currently attached host devices. What would be the most efficient way to configure MAC-level security on all these ports?
A.Visually verify the MAC addresses and then telnet to the switches to enter the switchport-port security mac-address command.
B.Have end users e-mail their MAC addresses. Telnet to the switch to enter the switchport-port security mac-address command.
C.Use the switchport port-security MAC address sticky command on all the switch ports that have end devices connected to them.
D.Use show mac-address-table to determine the addresses that are associated with each port and then enter the commands on each switch for MAC address port-security.
Correct:C

22.

640-816 (22).jpg
Correct answer: >enable #config terminal (config)#hostname weaver weaver(config)#ip nat pool test 198.18.191.145 198.18.191.150 255.255.255.248 weaver(config)#ip nat inside source list 1 pool test
overload weaver(config)#access-list 1 permit 192.168.108.32 0.0.0.31 weaver(config)#interface fa0/0
weaver(config-if)#ip address 192.168.108.62 255.255.255.224 weaver(config-if)#ip nat inside
weaver(config-if)#interface s0/0 weaver(config-if)#ip nat outside

23.In which circumstance are multiple copies of the same unicast frame likely to be transmitted in a switched LAN?
A.during high traffic periods
B.after broken links are re-established
C.when upper-layer protocols require high reliability
D.in an improperly implemented redundant topology
E.when a dual ring topology is in use
Correct:D

24.Which PPP subprotocol negotiates authentication options?
A.NCP
B.ISDN
C.SLIP
D.LCP
E.DLCI
Correct:D

25.A network administrator is configuring the routers in the graphic for OSPF. The OSPF process has been started and the networks have been configured for Area 0 as shown in the diagram. The network administrator has several options for configuring RouterB to ensure that it will be preferred as the designated (DR) for the 172.16.1.0 /24 LAN segment. What configuration tasks could be used to establish this preference? (Choose three.)

640-816 (25).jpg
A.Configure the priority value of the Fa0/0 interface of RouterB to a higher value than any other interface on the Ethernet network.
B.Change the id of B by assigning the IP address 172.16.1.130/24 to the Fa0/0 interface of RouterB.
C.Configure a loopback interface on RouterB with an IP address higher than any IP address on the other routers.
D.Change the priority value of the Fa0/0 interface of RouterB to zero.
E.Change the priority values of the Fa0/0 interfaces of RouterA and RouterC to zero.
F.No further configuration is necessary.
Correct:A C E

26.Which statements are true about EIGRP successor routes? (Choose two.)
A.A successor route is used by EIGRP to forward traffic to a destination.
B.Successor routes are saved in the topology table to be used if the primary route fails.
C.Successor routes are flagged as “active” in the routing table.
D.A successor route may be backed up by a feasible successor route.
E.Successor routes are stored in the neighbor table following the discovery process.
Correct:A D

27.When are packets processed by an inbound access list?
A.before they are routed to an outbound interface
B.after they are routed to an outbound interface
C.before and after they are routed to an outbound interface
D.after they are routed to an outbound interface but before being placed in the outbound queue
Correct:A

28.The company internetwork is subnetted using 29 bits. Which wildcard mask should be used to configure an extended access list to permit or deny access to an entire subnetwork?
A.255.255.255.224
B.255.255.255.248
C.0.0.0.224
D.0.0.0.8
E.0.0.0.7
F.0.0.0.3
Correct:E

29.A has been configured to provide the nine users on the branch office LAN with Internet access, as shown in the diagram. It is found that some of the users on the LAN cannot reach the Internet. Based on the topology and output shown, which command should be issued on the to correct the problem?

640-816 (29).jpg
A.Branch(config-if)# no shutdown
B.Branch(config-if)# duplex full
C.Branch(config-if)# no keepalive
D.Branch(config-if)# ip address 192.168.10.30 255.255.255.240
E.Branch(config-if)# bandwidth 100
F.Branch(config-if)# encapsulation 802.3
Correct:D

30.What are three valid reasons to assign ports to VLANs on a switch? (Choose three.)
A.to make VTP easier to implement
B.to isolate broadcast traffic
C.to increase the size of the collision domain
D.to allow more devices to connect to the network
E.to logically group hosts according to function
F.to increase network security
Correct:B E F

31.Which protocol provides a method of sharing VLAN configuration information between switches?
A.VTP
B.STP
C.ISL
D.802.1Q
E.VLSM
Correct:A

32.Refer to the exhibit. To what does the 128 refer in the output O 192.168.12.240/30 [110/128] via 192.168.12.233,00:35:36, Serial 0?

640-816 (32).jpg
A.OSPF cost
B.OSPF priority
C.OSPF hop count
D.OSPF ID number
E.OSPF administrative distance
Correct:A

33.Which protocol should be used to establish a secure terminal connection to a remote network device?
A.ARP
B.SSH
C.Telnet
D.WEP
E.SNMPv1
F.SNMPv2
Correct:B

34.What three pieces of information can be used in an extended access list to filter traffic?(Choose three.)
A.protocol
B.VLAN number
C.TCP or UDP port numbers
D.source switch port number
E.source IP address and destination IP address
F.source MAC address and destination MAC address
Correct:A C E

35.What is the media access method used by Gigabit Ethernet?
A.CSMA/CA
B.CSMA/CD
C.token passing
D.point-to-point
E.logical link control
Correct:B

36.Refer to the topology and partial configurations shown in the exhibit. The network is fully operational and all routing tables are converged. Which route will appear in the output of the show ip route command issued on the Branch ?

640-816 (36).jpg
A.S* 0.0.0.0/0 [1/0] via 192.168.10.82
B.R 172.16.11.4/30 [120/1] via 192.168.10.82, 00:00:22, Serial0/0
C.R 192.168.10.80/30 [120/0] via 192.168.10.81, 00:00:22, Serial0/0
D.R 192.168.11.0/24 [120/1] via 192.168.10.81, 00:00:22, Serial0/0
E.C 192.168.12.0/24 is directly connected, FastEthernet0/0
Correct:A

37.Which command can be used to verify the type of cable connected to interface serial 0/0?
A.show running-config
B.show controllers serial 0/0
C.show interfaces serial 0/0
D.show ip interface serial 0/0
Correct:B

38.What is the default administrative distance of the OSPF routing protocol?
A.90
B.100
C.110
D.120
E.130
F.170
Correct:C

39.A network administrator wants to ensure that only the server can connect to port Fa0/1 on a Catalyst switch. The server is plugged into the switch Fa0/1 port and the network administrator is about to bring the server online. What can the administrator do to ensure that only the MAC address of the server is allowed by switch port Fa0/1? (Choose two.)
A.Configure port Fa0/1 to accept connections only from the static IP address of the server.
B.Employ a proprietary connector type on Fa0/1 that is incompatible with other host connectors.
C.Configure the MAC address of the server as a static entry associated with port Fa0/1.
D.Bind the IP address of the server to its MAC address on the switch to prevent other hosts from spoofing the server IP address.
E.Configure port security on Fa0/1 to reject traffic with a source MAC address other than that of the server.
F.Configure an access list on the switch to deny server traffic from entering any port other than Fa0/1.
Correct:C E

40.Refer to the topology shown in the exhibit. Which ports will be STP designated ports if all the links are operating at the same bandwidth? (Choose three.)

640-816 (40).jpg
A.Switch A – Fa0/0
B.Switch A – Fa0/1
C.Switch B – Fa0/0
D.Switch B – Fa0/1
E.Switch C – Fa0/0
F.Switch C – Fa0/1
Correct:B C D

Popularity: 1% [?]

, , , , ,

Configuring Modem Connectivity with a Cisco? 3640 BRI

May 31st

Posted by Johnny in Uncategorized | 1 views

No comments

Configuring Modem Connectivity with a Cisco? 3640 BRI

                                                                          

Introduction

This configuration supports remote users (for example, a home user or a traveling employee) connecting to the network with an analog dial-up modem using V.90 protocol. Using a PC and an analog modem, the user connects through dial-up PPP to a Basic Rate Interface (BRI) on a Cisco 3640 . A BRI provides a high speed modem connection and costs less than a Primary Rate Interface (PRI).

Note: Only two async users can dial into each BRI at a time due to the channel limitations on a BRI.

Before You Begin

Conventions

For more information on document conventions, see the Cisco Technical Tips Conventions.

Prerequisites

There are no specific prerequisites for this document.

Components Used

This configuration was developed and tested using the software and hardware versions below.

  • Cisco 3640
  • Cisco BRI network module (use one of the following)

  NM-4B-S/T – Four-port ISDN BRI network module, minimum version 800-01236-03 ¨
  NM-4B-U – Four-port ISDN BRI with integrated NT-1 network module, minimum version 800-01238-06

  • Digital modem network module (use one of the following: NM-6DM, NM-12DM, NM-18DM, NM-24DM, or NM-30DM)
  • LAN interface card

    • ·

  • Cisco IOS® Software Release 12.0(2)XC

For more information regarding minimum hardware and software requirements (for example, part numbers and revision numbers), see the Modem over ISDN BRI for the Cisco 3640 documentation.

The information presented in this document was created from devices in a specific lab environment. All of the devices used in this document started with a cleared (default) configuration. If you are working in a live network, ensure that you understand the potential impact of any command before using it.¨

Background Theory

This configuration uses a local user list for access security on the Cisco .

Below are the relevant sections of the show version command output with the Cisco IOS Software version and the modem firmware versions used to implement this configuration:

  ;spCisco Internetwork Operating System Software IOS ™ 3600 Software (C3640-I-M), Version 12.0
  System image file is "flash:c3640-i-mz.120-5.XK1"
  MICA-6DM Firmware: CP ver 2310 – 6/3/1998, SP ver 2310 – 6/3/1998.

Use the show diag EXEC command to determine the type of hardware installed in your . The show diag command displays the version number as well as the part number of the hardware modules in the .

Following is the relevant section of the sample output from the show diag EXEC command:

  maui-nas-04#show diag
  Slot 1:
  BRI (U) port adapter, 4 ports
  Serial number 17156199 Part number 800-01238-06

Configure

In this section, you are presented with the information to configure the features described in this document.

Note: To find additional information on the commands used in this document, use the IOS Command Lookup tool

Network Diagram

This document uses the network setup shown in the diagram below.


Configurations

This document uses the configurations shown below.


Verify

This section provides information you can use to confirm your configuration is working properly.

Certain show commands are supported by the Output Interpreter tool, which allows you to view an analysis of show command output.

  • show isdn stat – The status should be:

    •   layer 1 = active
      layer 2 = MULTIPLE_FRAMES_ESTABLISHED

    If Layer 1 is not active, the wiring adapter or port may be damaged or not plugged in. If Layer 2 is in a state of TEI_Assign, the is not talking to the switch.

  • show line – To display the parameters of the lines. Use the show line command to decide which lines need to be configured for dial in.
  • show users – To display the line number, connection name, idle time, and terminal location. ·
  • show diag – To determine the type of hardware installed in your .

Troubleshoot

This section provides information you can use to troubleshoot your configuration.

Troubleshooting Commands

Note: Before issuing debug commands, please see Important Information on Debug Commands.

  • debug modem – To observe modem line activity on an access server.
  • debug modem csm – To debug the call state machine used to connect calls on the modem.
  • debug isdn Q931 – To check ISDN connections as users dial in to see what is happening with the ISDN call (for example, if the connection is being dropped).

Popularity: 1% [?]

Configuring EtherChannel Switch-to-Switch Connections on Catalyst 4000, 5000, an

May 31st

Posted by Johnny in Uncategorized | 1 views

No comments

Configuring EtherChannel Switch-to-Switch Connections on Catalys

                                                             &nbsp

Introduction

EtherChannel allows multiple physical Fast Ethernet or Gigabit Ethernet links to be combined into one logical channel. A logical channel allows load sharing of traffic among the links in the channel as well as redundancy in the event that one or more links in the channel should fail. EtherChannel can be used to interconnect LAN switches, routers, servers, and clients with unshielded twisted pair (UTP) wiring or single-mode and multimode fiber.


Prerequisites

Requirements

There are no specific requirements for this document.


Components Used

The information in this document is based on these software and hardware versions:

  • A console cable1 suitable for the Supervisor Engine in the switch
  • Two Catalyst 5505 switches in a lab environment with cleared configurations2
  • A Fast Ethernet module capable of EtherChannel in each Catalyst 5505
  • Four RJ-45 Ethernet crossover cables3 to connect the EtherChannel
  1. For more information, refer to the Identifying a Rollover Cable, Straight-through, and Crossover Cable section of the document Connecting a Terminal to the Console Port on Catalyst Switches.

  2. The clear config all command was entered on the switch to ensure that it has a default configuration.

  3. For a pinout of an Ethernet crossover cable, see Appendix A.

The information in this document was created from the devices in a specific lab environment. All of the devices used in this document started with a cleared (default) configuration. If your network is live, make sure that you understand the potential impact of any command.


Conventions

For more information on document conventions, refer to the Cisco Technical Tips Conventions.


Background Information

EtherChannel is an easy way to aggregate bandwidth between critical networking devices. On the Catalyst 5500/5000, a channel can be created from two ports, making it a 200 Mbps link (400 Mbps, full-duplex), or four ports, making it a 400 Mbps link (800 Mbps, full-duplex). Some cards and platforms also support Gigabit EtherChannel and have the ability to use from two to eight ports in an EtherChannel. The concept is the same no matter the speeds or number of links that are involved. Normally, the Spanning Tree Protocol (STP) considers these redundant links between two devices to be loops and causes the redundant links to be in blocking mode. This effectively makes the links inactive (providing only backup capabilities if the main link fails). When using a Catalyst OS (CatOS) software version 3.1(1) or later, STP treats the channel as one large link, so all the ports in the channel can be active at the same time.

This document takes you through the steps to configure EtherChannel between two Catalyst 5500/5000 switches and shows you the results of the commands as they are issued. Catalyst 4500/4000 and 6500/6000 switches that run CatOS can be used in the scenarios presented in this document to obtain the same results. For the Catalyst 2900XL and Catalyst 1900/2820, the command syntax differs, but the EtherChannel concepts are the same. For EtherChannel guidelines and configuration information for the Catalyst 6500/6000 series switches that run Cisco IOS® System Software, refer to the document:

  • Sample Configuration: EtherChannel Between Catalyst Switches Running CatOS and Native IOS

For an overview and comparison of the Catalyst 6500 Cat0S and Cisco IOS Software platforms, refer to the document:

  • Comparison of the Cisco Catalyst and Cisco IOS Operating Systems for the Cisco Catalyst 6500 Series Switch

EtherChannel may be configured manually by executing the appropriate commands, or it may be configured automatically by having the switch negotiate the channel with the other side using Port Aggregation Protocol (PAgP). It is best to use the PAgP desirable mode to configure EtherChannel whenever possible because manually configuring EtherChannel sometimes creates complications. This document provides examples of configuring EtherChannel manually and examples of configuring EtherChannel using PAgP. Also included is how to troubleshoot EtherChannel and how to use trunking with EtherChannel. In this document, the terms EtherChannel, Fast EtherChannel, Gigabit EtherChannel, or channel all refer to EtherChannel.


Network Diagram

The network setup shown in this section illustrates the test environment.

After the configuration of the switches was cleared with the clear config all command, the prompt was changed with the set system name command. An IP address and mask were assigned to the switch for management purposes using the set interface sc0 172.16.84.6 255.255.255.0 command for Switch A and the set interface sc0 172.16.84.17 255.255.255.0 command for Switch B. A default gateway was assigned to both switches with the set ip route default 172.16.84.1 command.

The switch configurations were cleared to start from the default conditions. The switches were given names for identification from the prompt on the command line. To ping between the switches for testing, the IP addresses were assigned. The default gateway was not used.

Many of the commands display more output than is needed for this discussion. Extraneous output is suppressed in this document.


Manually Configure EtherChannel

Step-by-Step

Complete these steps to manually configure EtherChannel:

  1.Issue the show version and show module commands.

The show version command displays the software version the switch is running. The show module command lists which modules are installed in the switch.

  Switch-A> show version
  WS-C5505 Software, Version McpSW: 4.5(1) NmpSW: 4.5(1)
  !— This is the software version that runs on the switch.
  Copyright (c) 1995-1999 by Cisco Systems
  NMP S/W compiled on Mar 29 1999, 16:09:01
  MCP S/W compiled on Mar 29 1999, 16:06:50
  System Bootstrap Version: 3.1.2
  Hardware Version: 1.0 Model: WS-C5505 Serial #: 066507453
  Mod   Port   Model   Serial #   Versions
  —   —-   —–   ——-   ———-
  1   0   WS-X5530   006841805   Hw : 1.3
                                            Fw : 3.1.2
                                            Fw1: 3.1(2)
                                            Sw : 4.5(1)
  2   24  WS-X5225R  012785227  Hw : 3.2
                                   &nb
sp;&
nbsp;       Fw : 4.3(1)
                                            SW : 4.5(1)
  DRAM FLASH NVRAM
  Module Total Used Free Total Used Free Total Used Free
  —— —– —- —- —– —- —- —– —- —–
  1 32640K 13650K 18990K 8192K 4118K 4074K 512K 108K 404K
  Uptime is 0 day, 3 hours, 32 minutes
  Switch-A> show module
  Mod Module-Name Ports Module-Type Model Serial-Num Status
  — ———– —– ———– —– ——— ——-
  1 0 Supervisor III WS-X5530 006841805 ok
  !— These are the modules installed on the switch.
  2 24 10/100BaseTX Ethernet WS-X5225R 012785227 OK
  Mod   MAC-Address(es)                                 Hw     Fw     Sw
  —   ————————————– —— —- ——-
  1   00-90-92-b0-84-00 to 00-90-92-b0-87-ff 1.3  3.1.2  4.5(1)
  2   00-50-0f-b2-e2-60 to 00-50-0f-b2-e2-77 3.2  4.3(1)  4.5(1)
  Mod Sub-Type Sub-Model Sub-Serial Sub-Hw
  — ——– ——— ———- ——
  1 NFFC WS-F5521 0008728786 1.0
  Switch-B> show version
  WS-C5505 Software, Version McpSW: 4.5(1) NmpSW: 4.5(1)
  !— This is the software version that runs on the switch.
  Copyright (c) 1995-1999 by Cisco Systems
  NMP S/W compiled on Mar 29 1999, 16:09:01
  MCP S/W compiled on Mar 29 1999, 16:06:50
  System Bootstrap Version: 5.1(2)
  Hardware Version: 1.0 Model: WS-C5505 Serial #: 066509957
  Mod   Port   Model   Serial #   Versions
  —   —-   —–   ——-   ———-
  1   0   WS-X5530   008592453   Hw : 2.3
                                            Fw : 5.1(2)
                                            Fw1: 4.4(1)
                                            SW : 4.5(1)
  2   24   WS-X5234   015388641   Hw : 1.0
                                            Fw : 4.5(2)
                                            SW : 4.5(1)
  DRAM FLASH NVRAM
  Module Total Used Free Total Used Free Total Used Free
  —— —– —- —- —– —- —- —– —- —–
  1  32640K 13548K 19092K 8192K 7300K 892K 512K 119K 393K
  Uptime is 0 day, 3 hours, 36 minutes
  Switch-B> show module
  Mod Module-Name Ports Module-Type Model Serial-Num Status
  — ———– —– ———– —– ——— ——-
  1 0 Supervisor III WS-X5530 008592453 OK
  !— These are the modules installed on the switch.
  2 24 10/100BaseTX Ethernet WS-X5234 015388641 OK
  Mod   MAC-Address(es)                                 Hw     Fw     Sw
  —   ————————————– —— —- ——-
  1   00-10-0d-b2-8c-00 to 00-10-0d-b2-8f-ff 2.3  5.1(2)  4.5(1)
  2   00-d0-bc-03-58-98 to 00-d0-bc-03-58-af 1.0  4.5(2)  4.5(1)
  Mod Subtype Sub-Model Sub-Serial Sub-Hw
  — ——– ——— ———- ——
  1 EARL 1+ WS-F5520 0011591025 1.1
  2. Verify that EtherChannel is supported on the ports.

Note: The show port capabilities command is available in CatOS software versions 4.x and later. If you have a software version earlier than 4.x, you must skip this step. Not every Fast Ethernet module supports EtherChannel. Some of the original EtherChannel modules have "Fast EtherChannel" printed on the bottom left corner of the module (as you face it in the switch), which tells you that the feature is supported. But this convention was abandoned on later modules. The modules in this test do not have "Fast EtherChannel" printed on them, but they do support the feature.

  Switch-A> show port capabilities 2/1
  Model WS-X5225R
  Port 2/1
  Type 10/100BaseTX
  Speed auto,10,100
  Duplex half,full
  Trunk encap type 802.1Q,ISL
  Trunk mode on,off,desirable,auto,nonegotiate
  Channel 2/1-2,2/1-4
  !— This indicates that EtherChannel can be configured on port 2/1
  !— with two or four contiguous ports.
  Broadcast suppression percentage(0-100)
  Flow control receive-(off,on),send-(off,on)
  Security yes
  Membership static,dynamic
  Fast start yes
  Rewrite yes
  Switch-B> show port capabilities 2/1
  Model WS-X5234
  Port 2/1
  Type 10/100BaseTX
  Speed auto,10,100
  Duplex half,full
  Trunk encap type 802.1Q,ISL
  Trunk mode on,off,desirable,auto,nonegotiate
  !— This indicates that EtherChannel can be configured on port 2/1
  !— with two or four contiguous ports.
  Channel 2/1-2,2/1-4
  Broadcast suppression percentage(0-100)
  Flow control receive-(off,on),send-(off,on)
  Security yes
  Membership static,dynamic
  Fast start yes
  Rewrite no

A port that does not support EtherChannel looks like this:

  Switch> show port capabilities 2/1   Model WS-X5213A
  Port 2/1
  Type 10/100BaseTX
  Speed 10,100,auto
  Duplex half,full
  Trunk encap type ISL
  Trunk mode on,off,desirable,auto,nonegotiate
  Channel no
  !— This indicates that EtherChannel is not supported on this port
  !— or module.
  Broadcast suppression pps(0-150000)
  Flow control no
  Security yes
  Membership static,dynamic
  Fast start yes
  3. Verify that the ports are connected and operational.

Before connecting the cables, the port status is:

  Switch-A> show port
  Port  Name  Status  Vlan  Level  Duplex  Speed  Type
  —-  —-  ——  —-  —–  ——  —–  —–
  2/1      notconnect 1 normal auto auto 10/100BaseTX
  2/2      notconnect 1 normal auto auto 10/100BaseTX
  2/3      notconnect 1 normal auto auto 10/100BaseTX
  2/4      notconnect 1 normal auto auto 10/100BaseTX

After connecting the cables between the two switches, the status is:

  1999 Dec 14 20:32:44 %PAGP-5-PORTTOSTP:Port 2/1 joined bridge port 2/1
  1999 DEC 14 20:32:44 %PAGP-5-PORTTOSTP:Port 2/2 joined bridge port 2/2
  1999 DEC 14 20:32:44 %PAGP-5-PORTTOSTP:Port 2/3 joined bridge port 2/3
  1999 DEC 14 20:32:44 %PAGP-5-PORTTOSTP:Port 2/4 joined bridge port 2/4
  Switch-A> show port
  Port  Name  Status  Vlan  Level  Duplex  Speed  Type
  —-  —-  ——  —-  —–  ——  —–  —–
  2/1      connected 1 normal a-full a-100 10/100BaseTX
  2/2      connected 1 normal a-full a-100 10/100BaseTX
  2/3      connected 1 normal a-full a-100 10/100BaseTX
  2/4      connected 1 normal a-full a-100 10/100BaseTX
  Switch-B> show port
  Port  Name  Status  Vlan  Level  Duplex  Speed  Type
  —-  —-  ——  —-  —–  ——  —–  —–
  2/1      connected 1 normal a-full a-100 10/100BaseTX
  2/2      connected 1 normal a-full a-100 10/100BaseTX
  2/3      connected 1 normal a-full a-100 10/100BaseTX
  2/4      connected 1 normal a-full a-100 10/100BaseTX

Since the switch configurations were cleared before starting this test, the ports are in their default conditions. They are all in VLAN 1, and their speed and duplex are set to auto. After connecting the cables, they negotiate to a speed of 100 Mbps and full-duplex. The status is connected. You are now able to ping the other switch.

  Switch-A> ping 172.16.84.17
  172.16.84.17 is alive

In your network, you may want to to set the speeds manually to 100 Mbps and full-duplex instead of relying on autonegotiation because you probably want your ports to always run at the fastest speed. For a discussion of autonegotiation, refer to the document:

  • Configuring and Troubleshooting Ethernet 10/100/1000Mb Half/Full Duplex Auto-Negotiation.

  4. Verify that the ports to be grouped have the same settings.

This is an important point that is covered in more detail in the Troubleshoot EtherChannel section. If the command to set up EtherChannel does not work, it is usually because the ports involved in the channel have configurations that differ from each other. This includes the ports on the other side of the link as well as the local ports. In this case, since the switch configurations were cleared before this test, the ports are in their default conditions. They are all in VLAN 1, their speed and duplex are set to auto, and all spanning tree parameters for each port are set to be the same. You saw from the output above that, after connecting the cables, the ports negotiate to a speed of 100 Mbps and full-duplex. Since STP runs for each VLAN, it is easier to simply configure the channel and respond to error messages than to attempt to check every STP field for consistency for each port and VLAN in the channel.

  5. Identify valid port groups.

On the Catalyst 5500/5000, only certain ports can be put together into a channel. These restrictive dependencies do not apply to all platforms. The ports in a channel on a Catalyst 5500/5000 must be contiguous. The show port capabilities command, issued for port 2/1, shows the possible combinations:

  Switch-A> show port capabilities 2/1
  Model WS-X5225R
  Port 2/1
  …
  Channel 2/1-2,2/1-4

Notice that this port can be a part of a group of two (2/1-2) or part of a group of four (2/1-4). An Ethernet Bundling Controller (EBC) on the module causes these configuration limitations. Here, show port capabilities is issued for another port:

  Switch-A> show port capabilities 2/3
  Model WS-X5225R
  Port 2/3
  …
  Channel 2/3-4,2/1-4

This port can be grouped into a group of two ports (2/3-4) or into a group of four ports (2/1-4).

Note: Depending on the hardware, there may be additional restrictions. On certain modules (WS-X5201 and WS-X5203), you cannot form an EtherChannel with the last two ports in a port group unless the first two ports in the group already form an EtherChannel. A port group is a group of ports that are allowed to form an EtherChannel. (In the example above, 2/1-4 is a port group.)

For example, if you are creating separate EtherChannels with only two ports in a channel, you cannot assign ports 2/3-4 to a channel until you have first configured ports 2/1-2 to a channel. This is true only for the modules that have this restriction. Similarly, before you configure ports 2/6-7, you must configure ports 2/5-6. This restriction does not occur on the modules used for this document (WS-X5225R and WSX5234).

Since you are configuring a group of four ports (2/1-4), this is within the approved grouping. You are not able to assign a group of four to ports 2/3-6. This is a group of contiguous ports, but they do not start on the approved boundary, as shown by the show port capabilities command. (Valid groups are ports 1-4, 5-8, 9-12, 13-16, 17-20, and 21-24.)

  6. Create the channel.

To create the channel manually, use the set port channel mod/port on command for each switch. It is best to turn the ports off on one side of the channel using the set port disable command before turning EtherChannel on manually. This avoids possible problems with STP during the configuration process.

STP can shut down some ports (with a port status of errdisable) if one side is configured as a channel before the other side can be configured as a channel. Because of this possibility, it is much easier to create EtherChannels using PAgP, which is covered in the Using PAgP to Configure EtherChannel (Recommended) section of this docum

ent. To avoid this situation when configuring EtherChannel manually, you disable the ports on Switch A, configure the channel on Switch A, configure the channel on Switch B, then reenable the ports on Switch A.

  a. Verify that channelling is off.
    Switch-A> (enable) show port channel
    No ports channelling
    Switch-B> (enable) show port channel
    No ports channelling
  b. Disable the ports on Switch A until both switches have been configured for EtherChannel.
    Switch-A> (enable) set port disable 2/1-4
    Ports 2/1-4 disabled.
    [output from Switch A upon disabling ports]
    1999 DEC 15 00:06:40 %PAGP-5-PORTFROMSTP:Port 2/1 left bridg1
    1999 DEC 15 00:06:40 %PAGP-5-PORTFROMSTP:Port 2/2 left bridge port 2/2
    1999 DEC 15 00:06:40 %PAGP-5-PORTFROMSTP:Port 2/3 left bridge port 2/3
    1999 DEC 15 00:06:40 %PAGP-5-PORTFROMSTP:Port 2/4 left bridge port 2/4

Now, STP does not generate errors and shut down the ports.

  c. Turn the channel mode to on for Switch A.
  Switch-A> (enable) set port channel 2/1-4 on
  Port(s) 2/1-4 channel mode set to on.

Note: In this case, ports 2/1 to 2/4 are configured for Etherchannel with a single command. If you configure the etherchannel for every port independently without using the port range, remember to mention the same admin-group for all the ports that need to be part of same Etherchannel. If the admin-group is not specified, then every port will belong to different Etherchannel groups and the desired Etherchannel bundle will never be formed.

  d. Check the status of the channel.
  Switch-A> (enable) show port channel
  Port Status Channel Channel Neighbor Neighbor
                  mode     status     device     port
  — —— ——- ——– ———— ——-
  2/1 disabled  on      channel
  2/2 disabled  on      channel
  2/3 disabled  on      channel
  2/4 disabled  on      channel
  — —— ——- ——– ———— ——-

Notice that the channel mode has been set to on, but the status of the ports is disabled (because you disabled them earlier). The channel is not operational at this point, but it becomes operational when the ports are enabled.

Because Switch A ports were (temporarily) disabled, Switch B ports no longer have a connection.

This message is displayed on the Switch B console when Switch A ports are disabled:

    Switch-B> (enable)
    2000 Jan 13 22:30:03 %PAGP-5-PORTFROMSTP:Port 2/1 left bridge port 2/1
    2000 Jan 13 22:30:04 %PAGP-5-PORTFROMSTP:Port 2/2 left bridge port 2/2
    2000 Jan 13 22:30:04 %PAGP-5-PORTFROMSTP:Port 2/3 left bridge port 2/3
    2000 Jan 13 22:30:04 %PAGP-5-PORTFROMSTP:Port 2/4 left bridge port 2/4
  e. Turn on the channel for Switch B.
  Switch-B> (enable) set port channel 2/1-4 on
  Port(s) 2/1-4 channel mode set to on.
  f. Verify that the channel mode is on for Switch B.
  Switch-B> (enable) show port channel
  Port Status Channel Channel Neighbor Neighbor
                  mode     status     device     port
  — —— ——- ——– ———— ——-
  2/1 notconnect  on      channel
  2/2 notconnect  on      channel
  2/3 notconnect  on      channel
  2/4 notconnect  on      channel
  — —— ——- ——– ———— ——-

Notice that the channel mode for Switch B is on, but the status of the ports is notconnect. This is the case because Switch A ports are still disabled.

  g. Enable the ports on Switch A.
    Switch-A> (enable) set port enable 2/1-4
    Ports 2/1-4 enabled.
    1999 DEC 15 00:08:40 %PAGP-5-PORTTOSTP:Port 2/1 joined bridge port 2/1-4
    1999 DEC 15 00:08:40 %PAGP-5-PORTTOSTP:Port 2/2 joined bridge port 2/1-4
    1999 DEC 15 00:08:40 %PAGP-5-PORTTOSTP:Port 2/3 joined bridge port 2/1-4
    1999 DEC 15 00:08:40 %PAGP-5-PORTTOSTP:Port 2/4 joined bridge port 2/1-4

Verify the EtherChannel Configuration

To verify that the channel is set up properly, issue the show port channel command.

  Switch-A> (enable) show port channel
  Port Status Channel Channel Neighbor Neighbor
                  mode     status     device     port
  — —— ——- ——– ———— ——-
  2/1 connected on      channel WS-C5505 066509957(SW 2/1
  2/2 connected on      channel WS-C5505 066509957(SW 2/2
  2/3 connected on      channel WS-C5505 066509957(SW 2/3
  2/4 connected on      channel WS-C5505 066509957(SW 2/4
  — —— ——- ——– ———— ——-
  Switch-B> (enable) show port channel
  Port Status Channel Channel Neighbor Neighbor
                  mode     status     device     port
  — —— ——- ——– ———— ——-
  2/1 connected on      channel WS-C5505 066507453(SW 2/1
  2/2 connected on      channel WS-C5505 066507453(SW 2/2
  2/3 connected on      channel WS-C5505 066507453(SW 2/3
  2/4 connected on      channel WS-C5505 066507453(SW 2/4
  — —— ——- ——– ———— ——-

If you have the output of a show port channel command from your Cisco device, you can use the Output Interpreter Tool ( registered customers only) , which allows you to view an analysis of show command output.

STP is shown to treat the ports as one logical port in the show spantree command. In this outpu

t, when the port is listed as 2/1-4, it means that STP is treating ports 2/1, 2/2, 2/3 and 2/4 as one port.

    Switch-A> (enable) show spantree
    VLAN 1
    Spanning tree enabled
    Spanning tree type ieee
    Designated Root 00-10-0d-b2-8c-00
    Designated Root Priority 32768
    Designated Root Cost 8
    Designated Root Port 2/1-4
    Root Max Age 20 sec Hello Time 2 sec Forward Delay 15 sec
    Bridge ID MAC ADDR 00-90-92-b0-84-00
    Bridge ID Priority 32768
    Bridge Max Age 20 sec Hello Time 2 sec Forward Delay 15 sec
    Port Vlan Port-State Cost Priority Fast-Start Group-Method
    — —- ———- —– ——– ———- ————
    2/1-4 1 forwarding 8 32 disabled channel

If you have the output of a show spantree command from your Cisco device, you can use the Output Interpreter Tool ( registered customers only) , which allows you to view an analysis of show command output.

EtherChannel can be implemented with different ways of distributing the traffic across the ports in a channel.

The EtherChannel specification does not dictate how the traffic should be distributed across the links in a channel. The Catalyst 5500/5000 uses the last bit or the last two bits (depending on how many links are in the channel) of the source and destination MAC addresses in the frame to determine which port in the channel to use. You should see a similar amount of traffic on each of the ports in the channel, assuming that traffic is generated by a normal distribution of MAC addresses on one side of the channel or the other. To verify that traffic is going over all the ports in the channel, you can use the show mac command. If your ports were active before configuring EtherChannel, you can reset the traffic counters to 0 with the clear counters command. The traffic values then represent how EtherChannel has distributed the traffic.

In this test environment, a real-world distribution is not achieved because there are no workstations, servers, or routers generating traffic. The only devices generating traffic are the switches themselves. Pings were issued from Switch A to Switch B; the unicast traffic is using the first port in the channel. (See the output below.) The receive information (Rcv-Unicast) in this case shows how Switch B distributed the traffic across the channel to Switch A. Also in the output, the transmit information (Xmit-Unicast) shows how Switch A distributed the traffic across the channel to Switch B. You also see that a small amount of switch-generated multicast traffic (Dynamic Inter-Switch Link Protocol [ISL], Cisco Discovery Protocol [CDP]) goes out all four ports. The broadcast packets are Address Resolution Protocol (ARP) queries (for the default gateway which does not exist in this lab). If you had workstations sending packets through the switch to a destination on the other side of the channel, you would expect to see traffic going over each of the four links in the channel. You can monitor the packet distribution in your network using the show mac command.

    Switch-A> (enable) clear counters
    This command will reset all MAC and port counters reported in CLI and SNMP.
    Do you want to continue (y/n) [n]? y
    MAC and Port counters cleared.
    Switch-A> (enable) show mac
    Port Rcv-Unicast Rcv-Multicast Rcv-Broadcast
    — ———– ————– ————-
    2/1     9     320     183
    2/2     0     51     0
    2/3     0     47     0
    2/4     0     47     0
    (…)
    Port Xmit-Unicast Xmit-Multicast Xmit-Broadcast
    —- ————- ————- ————–
    2/1     8     47     184
    2/2     0     47     0
    2/3     0     47     0
    2/4     0     47     0
    (…)
    Port Rcv-Octet Xmit-Octet
    — ———- ———-
    2/1     35176     17443
    2/2     5304     4851
    2/3     5048     4851
    2/4     5048     4851
    (…)
    Last-Time-Cleared
    ————————–
    Wed DEC 15 1999, 01:05:33

If you have the output of a show mac command from your Cisco device, you can use the Output Interpreter Tool ( registered customers only) , which allows you to view an analysis of show command output.


Using PAgP to Configure EtherChannel (Recommended)

PAgP facilitates the automatic creation of EtherChannel links by exchanging packets between channel-capable ports. The protocol learns the capabilities of port groups dynamically and informs the neighboring ports.

After PAgP identifies correctly paired channel-capable links, it groups the ports into a channel. The channel is then added to the spanning tree as a single bridge port. A given outbound broadcast or multicast packet is transmitted out one port in the channel only, not out every port in the channel. In addition, outbound broadcast and multicast packets transmitted on one port in a channel are blocked from returning on any other port of the channel.

There are four user-configurable channel modes: on, off, auto, and desirable. PAgP packets are exchanged only between ports in auto and desirable mode. Ports configured in on or off mode do not exchange PAgP packets.

For switches to which you want to form an EtherChannel, it is best to have both switches set to desirable mode.

This gives the most robust behavior if one side or the other encounters error situations or is reset. The default mode of the channel is auto.

Both the auto and desirable modes allow ports to negotiate with connected ports to determine if they can form a channel. The determination is based on criteria such as port speed, trunking state, and native VLAN.

Ports can form an EtherChannel when they are in different channel modes as long as the modes are compatible.

This list provides examples:

  • A port in desirable mode can successfully form an EtherChannel with another port that is in desirable or auto mode.
  • A port in auto mode can form an EtherChannel with another port in desirable mode.
  • A port in auto mode cannot form an EtherChannel w

    ith another port that is also in auto mode, since neither port initiates negotiation.

  • A port in on mode can form a channel only with a port in on mode because ports in on mode do not exchange PAgP packets.
  • A port in off mode cannot form a channel with any port.

When using EtherChannel, if this message (or a similar syslog message) is displayed, it indicates a mismatch of EtherChannel modes on the connected ports:

  SPANTREE-2: Channel misconfig – x/x-x will be disabled

Correct the configuration and reenable the ports by issuing the set port enable command. Valid EtherChannel configurations include:

  1 If both the local and neighbor ports are in auto mode, an EtherChannel bundle does not form.

The next table provides a summary of all the possible channelling mode scenarios. Some of these combinations may cause STP to put the ports on the channelling side in errdisable state. (In other words, some of the combinations shut down the ports on the channelling side.)

The channel from the previous example (Step 6b in the section Manually Configure EtherChannel) is turned off using this command on Switch A and Switch B:

  Switch-A> (enable) set port channel 2/1-4 auto
  Port(s) 2/1-4 channel mode set to auto.

The default channel mode for a port that is able to channel is auto. To verify this, issue this command:

  Switch-A> (enable) show port channel 2/1
  Port Status Channel Channel Neighbor Neighbor
                  mode     status     device     port
  — —— ——- ——– ———— ——-
  2/1  connected  auto   not channel

The show port channel port command also shows that the ports currently are not channelling. This is another way to verify the channel state:

  Switch-A> (enable) show port channel
  No ports channelling
  Switch-B> (enable) show port channel
  No ports channelling

It is simple to make the channel work with PAgP. At this point, both switches are set to auto mode, which means that they channel if a connected port sends a PAgP request to channel. Setting Switch A to desirable causes Switch A to send PAgP packets to the other switch, asking it to channel.

  Switch-A> (enable) set port channel 2/1-4 desirable
  Port(s) 2/1-4 channel mode set to desirable.
  1999 DEC 15 22:03:18 %PAGP-5-PORTFROMSTP:Port 2/1 left bridg1
  1999 DEC 15 22:03:18 %PAGP-5-PORTFROMSTP:Port 2/2 left bridge port 2/2
  1999 DEC 15 22:03:18 %PAGP-5-PORTFROMSTP:Port 2/3 left bridge port 2/3
  1999 DEC 15 22:03:18 %PAGP-5-PORTFROMSTP:Port 2/4 left bridge port 2/4
  1999 DEC 15 22:03:19 %PAGP-5-PORTFROMSTP:Port 2/2 left bridge port 2/2
  1999 DEC 15 22:03:19 %PAGP-5-PORTFROMSTP:Port 2/3 left bridge port 2/3
  1999 DEC 15 22:03:20 %PAGP-5-PORTFROMSTP:Port 2/4 left bridge port 2/4
  1999 DEC 15 22:03:23 %PAGP-5-PORTTOSTP:Port 2/1 joined bridge port 2/1-4
  1999 DEC 15 22:03:23 %PAGP-5-PORTTOSTP:Port 2/2 joined bridge port 2/1-4
  1999 DEC 15 22:03:23 %PAGP-5-PORTTOSTP:Port 2/3 joined bridge port 2/1-4
  1999 DEC 15 22:03:24 %PAGP-5-PORTTOSTP:Port 2/4 joined bridge port 2/1-4

To view the channel, issue this command:

  Switch-A> (enable) show port channel
  Port Status Channel Channel Neighbor Neighbor
                  mode     status     device     port
  — —— ——- ——– ———— ——-
  2/1   connected   desirable channel   WS-C5505 066509957(SW 2/1
  2/2   connected   desirable channel   WS-C5505 066509957(SW 2/2
  2/3   connected   desirable channel   WS-C5505 066509957(SW 2/3
  2/4   connected   desirable channel   WS-C5505 066509957(SW 2/4
  — —— ——- ——– ———— ——-
  Switch-A> (enable)

Since Switch B is in auto mode, it responds to the PAgP packets and creates a channel with Switch A.

  Switch-B> (enable)
  2000 Jan 14 20:26:41 %PAGP-5-PORTFROMSTP:Port 2/1 left bridg1
  2000 Jan 14 20:26:41 %PAGP-5-PORTFROMSTP:Port 2/2 left bridge port 2/2
  2000 Jan 14 20:26:41 %PAGP-5-PORTFROMSTP:Port 2/3 left bridge port 2/3
  2000 Jan 14 20:26:41 %PAGP-5-PORTFROMSTP:Port 2/4 left bridge port 2/4
  2000 Jan 14 20:26:45 %PAGP-5-PORTFROMSTP:Port 2/2 left bridge port 2/2
  2000 Jan 14 20:26:45 %PAGP-5-PORTFROMSTP:Port 2/3 left bridge port 2/3
  2000 Jan 14 20:26:45 %PAGP-5-PORTFROMSTP:Port 2/4 left bridge port 2/4
  2000 Jan 14 20:26:47 %PAGP-5-PORTTOSTP:Port 2/1 joined bridge port 2/1-4
  2000 Jan 14 20:26:47 %PAGP-5-PORTTOSTP:Port 2/2 joined bridge port 2/1-4
  2000 Jan 14 20:26:47 %PAGP-5-PORTTOSTP:Port 2/3 joined bridge port 2/1-4
  2000 Jan 14 20:26:48 %PAGP-5-PORTTOSTP:Port 2/4 joined bridge port 2/1-4
  Switch-B> (enable) show port channel
  Port Status Channel Channel Neighbor Neighbor
                  mode     status     device     port
  — —— ——- ——– ———— ——-
  2/1   connected   auto channel   WS-C5505 066507453(SW 2/1
  2/2   connected   auto channel   WS-C5505 066507453(SW 2/2
  2/3   connected   auto channel   WS-C5505 066507453(SW 2/3
  2/4   connected   auto channel   WS-C5505 066507453(SW 2/4
  — —— ——- ——– ———— ——-
  Switch-B> (enable)

Note: It is best to set both sides of the channel to desirable so that both sides try to initiate the channel if one side drops out. Setting the EtherChannel ports on Switch B to desirable mode, even though the channel is currently active and in auto mode, poses no problem. The command is:

  Switch-B> (enable) set port channel 2/1-4 desirable
  Port(s) 2/1-4 channel mode set to desirable.

Note: In this case, all ports 2/1 to 2/4 are configured for Etherchannel with a single command. If you configure the etherchannel for every port independently without using the port range, remember to mention the same admin-group for all the ports that need to be part of same Etherchannel. If the admin-group is not specified, then every port will belong to different Etherchannel groups a

nd the desired Etherchannel bundle will never be formed.

  Switch-B> (enable) show port channel
  Port Status Channel Channel Neighbor Neighbor
                  mode     status     device     port
  — —— ——- ——– ———— ——-
  2/1   connected   desirable channel   WS-C5505 066507453(SW 2/1
  2/2   connected   desirable channel   WS-C5505 066507453(SW 2/2
  2/3   connected   desirable channel   WS-C5505 066507453(SW 2/3
  2/4   connected   desirable channel   WS-C5505 066507453(SW 2/4
  — —— ——- ——– ———— ——-
  Switch-B> (enable)

If Switch A drops out for some reason, or if new hardware replaces Switch A, Switch B tries to reestablish the channel. If the new equipment cannot channel, Switch B treats its ports 2/1-4 as normal nonchannelling ports.

This is one of the benefits of using the desirable mode. If the channel was configured using the PAgP on mode and one side of the connection has an error of some kind or a reset, it could cause an errdisable state (shutdown) on the other side. With PAgP set in desirable mode on each side, the channel stabilizes and renegotiates the EtherChannel connection.


Silent/Non-Silent Mode

When dealing with fiber connections, it is possible that, even if a receive (Rx) transceiver dies, the transmit (Tx) transceiver on the other end is still up. During a similar scenario, packets can get black holed.

It is important for the switch that is transmitting to remove this port from the EtherChannel bundle. To do so on the Catalyst 5500/5000, you set PAgP in non-silent mode. This means that if the Rx does not receive traffic, the port is not put into the channel. However, this is not enough because this detection happens only when the channel is formed.

To prevent the black holing of traffic when the channel is already formed, this occurs: PAgP detects that the Rx port is not receiving any traffic, so it resets the Tx transceiver of the port that is not receiving. It is reset for 1.6 seconds so that the switch on the other end also resets the port. The faulty port does not join the channel anymore because no traffic is received on that port.

On the Catalyst 5500/5000, it is recommended (default) that non-silent mode is set on fiber strands and silent mode is set on copper strands. The reason for this is that, on fiber connection on the Catalyst 5500/5000, the negotiation is usually not available, so there is no way to detect the problem at a physical layer.


Default PAgP Settings on the Catalyst 4500/4000 and 5500/5000

By default, PAgP is auto for a plug-and-play implementation. It is best to disable PAgP manually from the ports where there is no need to have it.

By default, the silent mode is on. (Non-silent is acceptable as well.) However, since a port can be connected to a device that does not send traffic (for example, a sniffer), it is more general to have silent enabled.


Recommendations
  • Use the non-silent keyword when you are connecting to a device that transmits bridge protocol data units (BPDUs) or other traffic. Use this keyword with the auto or desirable mode. PAgP non-silent adds an extra level of link state detection by listening for BPDUs or other traffic to determine if the link is functioning properly. This adds a form of unidirectional link detection capability not available when you use the default silent PAgP mode.
  • Use the silent keyword when you are connecting to a silent partner (a device that is not generating BPDUs or other traffic). An example of a silent partner is a traffic generator that is not transmitting packets. Use this keyword with the auto or desirable mode. If you do not specify silent or non-silent, silent is assumed.
  • The silent mode does not disable the PAgP capability of detecting unidirectional links. However, if you are configuring a channel, non-silent prevents a unidirectional port from even joining the link.
  • PAgP configuration (the set port channel {desirable | auto} command) is safer than non-PAgP configuration (the set port channel on command) because it provides protection for unidirectional links. It also avoids misconfigurations that can arise from having ports channeling on one side of the link and not on the other side.
  • Refer to Understanding and Configuring the Unidirectional Link Detection Protocol Feature for more information on UniDirectional Link Detection (UDLD).
Trunking and EtherChannel

EtherChannel is independent of trunking. You can turn trunking on or you can leave trunking off. Also, you can turn trunking on for all the ports before creating the channel, or you can turn it on after creating the channel (as in this example). As far as EtherChannel is concerned, it does not matter; trunking and EtherChannel are completely separate features. What does matter is that all the ports involved are in the same mode: either they are all trunking before you configure the channel, or they are all not trunking before you configure the channel.

All the ports must be in the same trunking state before creating the channel.

Once a channel is formed, whatever is changed on one port is also changed for the other ports in the channel.

The modules used in this test bed can do ISL or IEEE 802.1Q trunking. By default, the modules are set to auto trunking and negotiate mode. This means that they trunk if the other side asks them to trunk, and they negotiate whether to use the ISL or 802.1Q method for trunking. If they are not asked to trunk, they work as normal nontrunking ports.

  Switch-A> (enable) show trunk 2
  Port Mode Encapsulation Status Native vlan
  ——– ———– ——– —— ——
  2/1   auto   negotiate   not-trunking 1
  2/2   auto   negotiate   not-trunking 1
  2/3   auto   negotiate   not-trunking 1
  2/4   auto   negotiate   not-trunking 1

There are a number of different ways to turn on trunking. For this example, Switch A is set to desirable. Switch A is already set to negotiate. The combination of desirable/negotiate causes Switch A to ask Switch B to trunk and to negotiate the type of trunking to perform (ISL or 802.1Q). Since Switch B defaults to autonegotiate, Switch B responds to the Switch A request. These are the results:

  Switch-A> (enable) set trunk 2/1 desirable
  Port(s) 2/1-4 trunk mode set to desirable.
  Switch-A> (enable)
  1999 DEC 18 20:46:25 %DTP-5-TRUNKPORTON:Port 2/1 has become isl trunk
  1999 DEC 18 20:46:25 %DTP-5-TRUNKPORTON:Port 2/2 has become isl trunk
  1999 DEC 18 20:46:25 %PAGP-5-PORTFROMSTP:Port 2/1 left bridge port 2/1-4
  1999 DEC 18 20:46:25 %PAGP-5-PORTFROMSTP:Port 2/2 left bridge port 2/1-4
  1999 DEC 18 20:46:25 %DTP-5-TRUNKPORTON:Port 2/3 has become isl trunk
  1999 DEC 18 20:46:26 %PAGP-5-PORTFROMSTP:Port 2/3 left bridge port 2/1-4
  1999 DEC 18 20:46:26 %DTP-5-TRUNKPORTON:Port 2/4 has become isl trunk
  1999 DEC 18 20:46:26 %PAGP-5-PORTFROMSTP:Port 2/4 left bridge port 2/1-4
  1999 DEC 18 20:46:28 %PAGP-5-PORTTOSTP:Port 2

/1 joined bridge port 2/1-4
  1999 DEC 18 20:46:29 %PAGP-5-PORTTOSTP:Port 2/2 joined bridge port 2/1-4
  1999 DEC 18 20:46:29 %PAGP-5-PORTTOSTP:Port 2/3 joined bridge port 2/1-4
  1999 DEC 18 20:46:29 %PAGP-5-PORTTOSTP:Port 2/4 joined bridge port 2/1-4
  Switch-A> (enable) show trunk 2
  Port Mode Encapsulation Status Native vlan
  — —– ————- —— ———–
  2/1 desirable n-isl trunking   1
  2/2 desirable n-isl trunking   1
  2/3 desirable n-isl trunking   1
  2/4 desirable n-isl trunking   1

The trunk mode was set to desirable. The result was that trunking mode was negotiated with the neighbor switch, and they decided on ISL (n-isl). The current status now is trunking. This output shows what happened on Switch B because of the command issued on Switch A:

  Switch-B> (enable)
  2000 Jan 17 19:09:52 %DTP-5-TRUNKPORTON:Port 2/1 has become isl trunk
  2000 Jan 17 19:09:52 %DTP-5-TRUNKPORTON:Port 2/2 has become isl trunk
  2000 Jan 17 19:09:52 %PAGP-5-PORTFROMSTP:Port 2/1 left bridge port 2/1-4
  2000 Jan 17 19:09:52 %DTP-5-TRUNKPORTON:Port 2/3 has become isl trunk
  2000 Jan 17 19:09:52 %PAGP-5-PORTFROMSTP:Port 2/2 left bridge port 2/1-4
  2000 Jan 17 19:09:53 %DTP-5-TRUNKPORTON:Port 2/4 has become isl trunk
  2000 Jan 17 19:09:53 %PAGP-5-PORTFROMSTP:Port 2/3 left bridge port 2/1-4
  2000 Jan 17 19:09:53 %PAGP-5-PORTFROMSTP:Port 2/4 left bridge port 2/1-4
  2000 Jan 17 19:09:55 %PAGP-5-PORTTOSTP:Port 2/1 joined bridge port 2/1-4
  2000 Jan 17 19:09:55 %PAGP-5-PORTTOSTP:Port 2/2 joined bridge port 2/1-4
  2000 Jan 17 19:09:55 %PAGP-5-PORTTOSTP:Port 2/3 joined bridge port 2/1-4
  2000 Jan 17 19:09:55 %PAGP-5-PORTTOSTP:Port 2/4 joined bridge port 2/1-4
  Switch-B> (enable) show trunk 2
  Port Mode Encapsulation Status Native vlan
  —- —- ————- —— ———–
  2/1   auto n-isl trunking   1
  2/2   auto n-isl trunking   1
  2/3   auto n-isl trunking   1
  2/4   auto n-isl trunking   1

Notice that all four ports (2/1-4) became trunking, even though you only specifically changed one port (2/1) to desirable. This is an example of how changing one port in the channel affects all the ports.


Troubleshoot EtherChannel

The challenges for EtherChannel can be divided into two main areas: troubleshooting during the configuration phase and troubleshooting during the execution phase. Configuration errors usually occur because of mismatched parameters on the ports involved (for example, different speeds, different duplex, or different STP port values) However, you can also generate errors during the configuration by setting the channel on one side to on and waiting too long before configuring the channel on the other side. This causes STP loops which generate an error and shut down the port.

When an error is encountered while configuring EtherChannel, be sure to check the status of the ports after correcting the EtherChannel error situation. If the port status is errdisable, it means that the ports have been shut down by the software. They do not come on again until you issue the set port enable command.

Note: If the port status becomes errdisable, you must specifically enable the ports using the set port enable command for the ports to become active. Currently, you can correct all the EtherChannel issues, but the ports do not come up or form a channel until they are enabled again. Later versions of the operating system may periodically check to determine if errdisable ports should be enabled.

These tests are covered in this section. For the tests, trunking and EtherChannel are turned off:

  • Mismatched Parameters
  • Waiting Too Long Before You Configure the Other Side
  • Correcting errdisable State
  • Showing What Happens When a Link Breaks and Is Restored
Mismatched Parameters

Here is an example of mismatched parameters. Port 2/4 is set in VLAN 2 while the other ports are still in VLAN 1. To create a new VLAN, you must assign a VLAN Trunk Protocol (VTP) domain for the switch and then create the VLAN.

  Switch-A> (enable) show port channel
  No ports channelling
  Switch-A> (enable) show port
  Port  Name  Status  Vlan  Level  Duplex  Speed  Type
  —-  —-  ——  —-  —–  ——  —–  —–
  2/1      connected 1 normal a-full a-100 10/100BaseTX
  2/2      connected 1 normal a-full a-100 10/100BaseTX
  2/3      connected 1 normal a-full a-100 10/100BaseTX
  2/4      connected 1 normal a-full a-100 10/100BaseTX
  Switch-A> (enable) set vlan 2
  Cannot add/modify VLANs on a VTP server without a domain name.
  Switch-A> (enable)

Popularity: -0% [?]

12345»102030...Last »
wordpress visitor