For CCNA and CCNP candidates, it's hard not to laugh the first time you hear the phrase "router on a stick". Let's face it, that's a pretty silly term. But as those who have passed the CCNA and CCNP exams know, this is a vital exam topic that you must know how to configure and troubleshoot.
Basic Cisco theory states that for hosts in different VLANs to communicate, a Layer 3 device must be involved to handle the routing between the VLANs. That device is a router, and there are special considerations that must be taken into account for both the physical router itself and the configuration you'll be writing.
The router will be connected to a switch via a FastEthernet port (or higher). The router port cannot be a regular Ethernet port, since the router port will need the ability to send and receive data at the same time.
The configuration of the interface is where things get interesting. Let's say we have two VLANs that will be using router-on-a-stick to communicate.
Here is the VLAN information:
VLAN 20: 20.20.20.0 /24
VLAN 40: 40.40.40.0 /24
The port on the switch that will be connected to the router's FastEthernet port must be in trunking mode, and you must know the trunking protocol in use. We'll go with the Cisco-proprietary ISL here.
The physical FE port on the router will not have an IP address. The use of router-on-a-stick mandates the use of logical subinterfaces. While we don't have to use the VLAN numbers for the subinterface numbers, I've found this helps you keep the interfaces straight. One subinterface must be given an IP address in VLAN 20, and the other will have an IP address in VLAN 40.
After creating subinterfaces fast 0.20 and fast 0.40, the config looks like this:
interface fastethernet0
no ip address
interface FastEthernet 0.20
ip address 20.20.20.1 255.255.255.0
interface FastEthernet 0.40
ip address 40.40.40.1 255.255.255.0
Believe it or not, you're almost done! Now we need the encapsulation statement under each subinterface. The subinterface statement must reflect both the VLAN number and the encapsulation type being used. When we're finished, the config would look like this:
interface fastethernet0
no ip address
interface FastEthernet 0.20
ip address 20.20.20.1 255.255.255.0
encapsulation isl 20
interface FastEthernet 0.40
ip address 40.40.40.1 255.255.255.0
encapsulation isl 40
And that's it! Your hosts in VLAN 20 should now be able to communicate with hosts in VLAN 40, and vice versa.
A couple of final troubleshooting points - the most common error with router-on-a-stick is to put the wrong vlan number in the encapsulation statement. Also, make sure you have configured the router's IP address in VLAN 20 as the default gateway for hosts in VLAN 20, and do the same for VLAN 40.
I hope you've enjoyed this look at router-on-a-stick. While the name may get a chuckle out of you, it's still used in quite a few networks out there, and knowing how to configure and troubleshoot it will get you that much closer to earning your CCNA and CCNP.
Showing posts with label trunking. Show all posts
Showing posts with label trunking. Show all posts
Saturday, December 27, 2008
Thursday, December 25, 2008
Cisco CCNP / BCMSN Exam Tutorial: Dynamic Trunking Protocol (DTP)
When you're studying to pass the BCMSN exam on the way to earning your CCNP certification, you're going to add to your CCNA knowledgebase every step of the way. Nowhere is that more than configuring a trunk between two switches.
You know that IEEE 802.1Q ("dot1q") and ISL are your two choices of trunking protocols, and you know the main differences between the two. What you might not have known is that there's a third trunking protocol that's running between your Cisco switches, and while it's a transparent process to many, you had better know about it for your BCMSN and other CCNP exams!
The Cisco-proprietary Dynamic Trunking Protocol (DTP) actively attempts to negotiate a trunk link with the remote switch. This sounds great, but there is a cost in overhead - DTP frames are transmitted every 30 seconds. If you decide to configure a port as a non-negotiable trunk port, there's no need for the port to send DTP frames.
DTP can be turned off at the interface level with the switchport nonegotiate command, but as you see below, you cannot turn DTP off until the port is no longer in dynamic desirable trunking mode. (Dynamic desirable is the default mode for most Cisco switch ports.)
SW2(config)#int fast 0/8
SW2(config-if)#switchport nonegotiate
Command rejected: Conflict between 'nonegotiate' and 'dynamic' status.
SW2(config-if)#switchport mode ?
access Set trunking mode to ACCESS unconditionally
dynamic Set trunking mode to dynamically negotiate access or trunk mode
trunk Set trunking mode to TRUNK unconditionally
SW2(config-if)#switchport mode trunk
SW2(config-if)#switchport nonegotiate
When you're working with Cisco switches in a home lab or rack rental environment, run IOS Help regularly to see what options are available for the commands you're practicing with. Cisco switch ports have quite a few options, and the best way to find them is with one simple symbol - the question mark!
You know that IEEE 802.1Q ("dot1q") and ISL are your two choices of trunking protocols, and you know the main differences between the two. What you might not have known is that there's a third trunking protocol that's running between your Cisco switches, and while it's a transparent process to many, you had better know about it for your BCMSN and other CCNP exams!
The Cisco-proprietary Dynamic Trunking Protocol (DTP) actively attempts to negotiate a trunk link with the remote switch. This sounds great, but there is a cost in overhead - DTP frames are transmitted every 30 seconds. If you decide to configure a port as a non-negotiable trunk port, there's no need for the port to send DTP frames.
DTP can be turned off at the interface level with the switchport nonegotiate command, but as you see below, you cannot turn DTP off until the port is no longer in dynamic desirable trunking mode. (Dynamic desirable is the default mode for most Cisco switch ports.)
SW2(config)#int fast 0/8
SW2(config-if)#switchport nonegotiate
Command rejected: Conflict between 'nonegotiate' and 'dynamic' status.
SW2(config-if)#switchport mode ?
access Set trunking mode to ACCESS unconditionally
dynamic Set trunking mode to dynamically negotiate access or trunk mode
trunk Set trunking mode to TRUNK unconditionally
SW2(config-if)#switchport mode trunk
SW2(config-if)#switchport nonegotiate
When you're working with Cisco switches in a home lab or rack rental environment, run IOS Help regularly to see what options are available for the commands you're practicing with. Cisco switch ports have quite a few options, and the best way to find them is with one simple symbol - the question mark!
Wednesday, December 24, 2008
Cisco CCNA Certification Exam Tutorial: Configuring And Troubleshooting VTP
Not only is your CCNA exam going to have questions on VLAN trunking protocol, almost any network that has more than one VLAN is going to have VTP running. Whether you're planning on passing the CCNA exam or just brushing up on your networking skills, this VTP tutorial will help you learn the basics of this important protocol.
VTP allows switches to advertise VLAN information between other members of the same VTP domain. VTP allows a consistent view of the switched network across all switches. When a VLAN is created on one switch in a VTP server, all other VTP devices in the domain are notified of that VLAN’s existence. VTP servers will know about every VLAN, even VLANs that have no members on that switch.
Switches run VTP in one of three modes. In server mode, VLANs can be created, modified, and deleted on a VTP server. When these actions are taken, the changes are advertised to all switches in the VTP domain. VTP Servers keep VLAN configuration information upon reboot.
In client mode, the switch cannot modify, create, or delete VLANs. VTP clients cannot retain VLAN configuration information upon reboot; they have to obtain this information from a VTP server.
In real-world networks, this is generally done to centralize the creation and deletion of VLANs. An interesting side effect of the server/client methodology is that if a VLAN is only to have ports on the VTP client switch, the VLAN must still first be created on the VTP server. The VTP client will learn about the VLAN from the VTP server, and ports can then be placed into that VLAN.
The third VTP mode is transparent mode. VTP switches in this mode ignore VTP messages. They do forward the VTP advertisements received from other switches. VLANs can be created, deleted, and modified on a transparent server, but those changes are not advertised to the other switches in the VTP domain.
For switches running VTP to successfully exchange VLAN information, three things have to happen. I've listed them for you in the order that you'll see them in the real world.
The VTP domain name must match. This is case-sensitive. "CISCO" and "cisco" are two different domains.
To distribute information about a newly-created VLAN, the switch upon which that VLAN is created must be in Server mode.
Learning VTP isn't just a good idea for passing your CCNA exams, it's a skill you must have to be effective in configuring and troubleshooting VLANs. I wish you the best in both of these pursuits!
VTP allows switches to advertise VLAN information between other members of the same VTP domain. VTP allows a consistent view of the switched network across all switches. When a VLAN is created on one switch in a VTP server, all other VTP devices in the domain are notified of that VLAN’s existence. VTP servers will know about every VLAN, even VLANs that have no members on that switch.
Switches run VTP in one of three modes. In server mode, VLANs can be created, modified, and deleted on a VTP server. When these actions are taken, the changes are advertised to all switches in the VTP domain. VTP Servers keep VLAN configuration information upon reboot.
In client mode, the switch cannot modify, create, or delete VLANs. VTP clients cannot retain VLAN configuration information upon reboot; they have to obtain this information from a VTP server.
In real-world networks, this is generally done to centralize the creation and deletion of VLANs. An interesting side effect of the server/client methodology is that if a VLAN is only to have ports on the VTP client switch, the VLAN must still first be created on the VTP server. The VTP client will learn about the VLAN from the VTP server, and ports can then be placed into that VLAN.
The third VTP mode is transparent mode. VTP switches in this mode ignore VTP messages. They do forward the VTP advertisements received from other switches. VLANs can be created, deleted, and modified on a transparent server, but those changes are not advertised to the other switches in the VTP domain.
For switches running VTP to successfully exchange VLAN information, three things have to happen. I've listed them for you in the order that you'll see them in the real world.
The VTP domain name must match. This is case-sensitive. "CISCO" and "cisco" are two different domains.
To distribute information about a newly-created VLAN, the switch upon which that VLAN is created must be in Server mode.
Learning VTP isn't just a good idea for passing your CCNA exams, it's a skill you must have to be effective in configuring and troubleshooting VLANs. I wish you the best in both of these pursuits!
Monday, December 22, 2008
Cisco CCNA / CCNP / BCMSN Exam Review: Trunking And Trunking Protocols
To earn your CCNA or CCNP certification, you've got to understand the basics of trunking. This isn't just a CCNA topic - you must have an advanced understanding of trunking and etherchannels to pass the BCMSN exam and earn your CCNP as well. Before we address those advanced topics, though, you need to master the fundamentals!
A trunk allows inter-VLAN traffic to flow between directly connected switches. By default, a trunk port is a member of all VLANs, so traffic for any and all VLANs can travel across this trunk. That includes broadcast traffic!
The default mode of a switch port does differ between models, so always check your documentation. On Cisco 2950 switches, every single port is in dynamic desirable mode by default, meaning that every port is actively attempting to trunk. On these switches, the only action needed from us is to physically connect them with a crossover cable. In just a few seconds, the port light turns green and the trunk is up and running. The command show interface trunk will verify trunking.
How does the receiving switch know what VLAN the frame belongs to? The frames are tagged by the transmitting switch with a VLAN ID, reflecting the number of the VLAN whose member ports should receive this frame. When the frame arrives at the remote switch, that switch will examine this ID and then forward the frame appropriately.
There are two major trunking protocols you must understand and compare successfully, those being ISL and IEEE 802.1Q. Let's take a look at the details of ISL first.
ISL is a Cisco-proprietary trunking protocol, making it unsuitable for a multivendor environment. That's one drawback, but there are others. ISL will place both a header and trailer onto the frame, encapsulating it. This increases the overhead on the trunk line.
You know that the default VLAN is also known as the "native VLAN", and another drawback to ISL is that ISL does not use the concept of the native VLAN. This means that every single frame transmitted across the trunk will be encapsulated.
The 26-byte header that is added to the frame by ISL contains the VLAN ID; the 4-byte trailer contains a Cyclical Redundancy Check (CRC) value. The CRC is a frame validity scheme that checks the frame's integrity.
In turn, this encapsulation leads to another potential issue. ISL encapsulation adds 30 bytes total to the size of the frame, potentially making them too large for the switch to handle. (The maximum size for an Ethernet frame is 1518 bytes.)
IEEE 802.1q differs substantially from ISL. In contrast to ISL, dot1q does not encapsulate frames. A 4-byte header is added to the frame, resulting in less overhead than ISL. If the frame is destined for hosts residing in the native VLAN, that header isn't added. Since the header is only 4 bytes in size, and isn't even placed on every frame, using dot1q lessens the chance of oversized frames. When the remote port receives an untagged frame, the switch knows that these untagged frames are destined for the native VLAN.
Knowing the details is the difference between passing and failing your CCNA and CCNP exams. Keep studying, get some hands-on practice, and you’re on your way to Cisco certification success!
A trunk allows inter-VLAN traffic to flow between directly connected switches. By default, a trunk port is a member of all VLANs, so traffic for any and all VLANs can travel across this trunk. That includes broadcast traffic!
The default mode of a switch port does differ between models, so always check your documentation. On Cisco 2950 switches, every single port is in dynamic desirable mode by default, meaning that every port is actively attempting to trunk. On these switches, the only action needed from us is to physically connect them with a crossover cable. In just a few seconds, the port light turns green and the trunk is up and running. The command show interface trunk will verify trunking.
How does the receiving switch know what VLAN the frame belongs to? The frames are tagged by the transmitting switch with a VLAN ID, reflecting the number of the VLAN whose member ports should receive this frame. When the frame arrives at the remote switch, that switch will examine this ID and then forward the frame appropriately.
There are two major trunking protocols you must understand and compare successfully, those being ISL and IEEE 802.1Q. Let's take a look at the details of ISL first.
ISL is a Cisco-proprietary trunking protocol, making it unsuitable for a multivendor environment. That's one drawback, but there are others. ISL will place both a header and trailer onto the frame, encapsulating it. This increases the overhead on the trunk line.
You know that the default VLAN is also known as the "native VLAN", and another drawback to ISL is that ISL does not use the concept of the native VLAN. This means that every single frame transmitted across the trunk will be encapsulated.
The 26-byte header that is added to the frame by ISL contains the VLAN ID; the 4-byte trailer contains a Cyclical Redundancy Check (CRC) value. The CRC is a frame validity scheme that checks the frame's integrity.
In turn, this encapsulation leads to another potential issue. ISL encapsulation adds 30 bytes total to the size of the frame, potentially making them too large for the switch to handle. (The maximum size for an Ethernet frame is 1518 bytes.)
IEEE 802.1q differs substantially from ISL. In contrast to ISL, dot1q does not encapsulate frames. A 4-byte header is added to the frame, resulting in less overhead than ISL. If the frame is destined for hosts residing in the native VLAN, that header isn't added. Since the header is only 4 bytes in size, and isn't even placed on every frame, using dot1q lessens the chance of oversized frames. When the remote port receives an untagged frame, the switch knows that these untagged frames are destined for the native VLAN.
Knowing the details is the difference between passing and failing your CCNA and CCNP exams. Keep studying, get some hands-on practice, and you’re on your way to Cisco certification success!
Subscribe to:
Posts (Atom)
