User Tools
cisco:l2_notes
Differences
This shows you the differences between two versions of the page.
| Both sides previous revisionPrevious revisionNext revision | Previous revision | ||
| cisco:l2_notes [2025/07/16 13:24] – adminent | cisco:l2_notes [2025/08/05 04:01] (current) – adminent | ||
|---|---|---|---|
| Line 1: | Line 1: | ||
| =====Layer 2 Notes===== | =====Layer 2 Notes===== | ||
| + | ====ARP==== | ||
| + | * Address Resolution Protocol. Maps MAC addresses to IPs. | ||
| + | * Default ARP timeout is four hours or 14,400 seconds. | ||
| + | * Change default ARP timeout, in seconds. | ||
| + | < | ||
| + | r1(config-if)# | ||
| + | * To make an ARP entry permanent, then use SNAP (Subnetwork Access Protocol). | ||
| + | < | ||
| + | * To view the ARP table | ||
| + | < | ||
| + | * To clear the ARP table | ||
| + | < | ||
| - | AAA | + | ==== |
| + | |||
| + | ====AAA==== | ||
| aaa new-model | aaa new-model | ||
| aaa authentication login default group radius local | aaa authentication login default group radius local | ||
| Line 229: | Line 243: | ||
| Lab Tasks | Lab Tasks | ||
| - | Using the information in the Job Aids sectish spaon, create an implementation and verification plan to implement your solution. A sample implementation and verification plan form is provided. | + | Using the information in the Job Aids section, create an implementation and verification plan to implement your solution. A sample implementation and verification plan form is provided. |
| After completing the implementation and verification plan, use that plan to successfully implement your solution. | After completing the implementation and verification plan, use that plan to successfully implement your solution. | ||
| Implementation Task List | Implementation Task List | ||
| Line 264: | Line 278: | ||
| There are several ways that a LAN client can determine which router should be the first hop to a particular remote destination. The client can use a dynamic process or static configuration. Examples of dynamic discovery are as follows: | There are several ways that a LAN client can determine which router should be the first hop to a particular remote destination. The client can use a dynamic process or static configuration. Examples of dynamic discovery are as follows: | ||
| - | • Proxy ARP: The client uses ARP to get to the destination that it wants to reach, and a router will respond to the ARP request with its own MAC address. | + | * Proxy ARP: The client uses ARP to get to the destination that it wants to reach, and a router will respond to the ARP request with its own MAC address. |
| - | • Routing protocol: The client listens to dynamic routing protocol updates (for example, from RIP) and forms its own routing table. | + | * Routing protocol: The client listens to dynamic routing protocol updates (for example, from RIP) and forms its own routing table. |
| - | • ICMP Router Discovery Protocol (IRDP) client: The client runs an ICMP router discovery client. | + | * ICMP Router Discovery Protocol (IRDP) client: The client runs an ICMP router discovery client. |
| - | • DHCP provides a mechanism for passing configuration information to hosts on a TCP/IP network. A host that runs a DHCP client requests configuration information from a DHCP server when it boots onto the network. This configuration information typically comprises an IP address and a default gateway. | + | * DHCP provides a mechanism for passing configuration information to hosts on a TCP/IP network. A host that runs a DHCP client requests configuration information from a DHCP server when it boots onto the network. This configuration information typically comprises an IP address and a default gateway. |
| The drawback to dynamic discovery protocols is that they incur some configuration and processing overhead on the LAN client. Also, in case of a router failure, the process of switching to another router can be slow. There is no mechanism within DHCP for switching to an alternative router if the default gateway fails. | The drawback to dynamic discovery protocols is that they incur some configuration and processing overhead on the LAN client. Also, in case of a router failure, the process of switching to another router can be slow. There is no mechanism within DHCP for switching to an alternative router if the default gateway fails. | ||
| An alternative to dynamic discovery protocols is to statically configure a default router on the client. This approach simplifies client configuration and processing, but it creates a single point of failure. If the default gateway fails, the LAN client is limited to communicating only on the local IP network segment and is cut off from the rest of the network. | An alternative to dynamic discovery protocols is to statically configure a default router on the client. This approach simplifies client configuration and processing, but it creates a single point of failure. If the default gateway fails, the LAN client is limited to communicating only on the local IP network segment and is cut off from the rest of the network. | ||
| + | |||
| GLBP protects data traffic from a failed router or circuit, like HSRP and VRRP, while allowing packet load sharing between a group of redundant routers. | GLBP protects data traffic from a failed router or circuit, like HSRP and VRRP, while allowing packet load sharing between a group of redundant routers. | ||
| + | |||
| The GLBP feature provides automatic router backup for IP hosts that are configured with a single default gateway on an IEEE 802.3 LAN. Multiple first-hop routers on the LAN combine to offer a single virtual first-hop IP router while sharing the IP packet forwarding load. Other routers on the LAN may act as redundant GLBP routers that will become active if any of the existing forwarding routers fail. | The GLBP feature provides automatic router backup for IP hosts that are configured with a single default gateway on an IEEE 802.3 LAN. Multiple first-hop routers on the LAN combine to offer a single virtual first-hop IP router while sharing the IP packet forwarding load. Other routers on the LAN may act as redundant GLBP routers that will become active if any of the existing forwarding routers fail. | ||
| + | |||
| GLBP performs a function for the user that is similar, but not identical, to HSRP and VRRP. HSRP and VRRP protocols allow multiple routers to participate in a virtual router group that is configured with a virtual IP address. One member is elected to be the active router to forward packets that are sent to the virtual IP address for the group. The other routers in the group are redundant until the active router fails. These standby routers have unused bandwidth that the protocol is not using. Although multiple virtual router groups can be configured for the same set of routers, the hosts must be configured for different default gateways, which results in an extra administrative burden. GLBP provides load balancing over multiple routers (gateways) using a single virtual IP address and multiple virtual MAC addresses. Each host is configured with the same virtual IP address, and all routers in the virtual router group participate in forwarding packets. GLBP members communicate between each other through hello messages that are sent every 3 seconds to the multicast address 224.0.0.102, | GLBP performs a function for the user that is similar, but not identical, to HSRP and VRRP. HSRP and VRRP protocols allow multiple routers to participate in a virtual router group that is configured with a virtual IP address. One member is elected to be the active router to forward packets that are sent to the virtual IP address for the group. The other routers in the group are redundant until the active router fails. These standby routers have unused bandwidth that the protocol is not using. Although multiple virtual router groups can be configured for the same set of routers, the hosts must be configured for different default gateways, which results in an extra administrative burden. GLBP provides load balancing over multiple routers (gateways) using a single virtual IP address and multiple virtual MAC addresses. Each host is configured with the same virtual IP address, and all routers in the virtual router group participate in forwarding packets. GLBP members communicate between each other through hello messages that are sent every 3 seconds to the multicast address 224.0.0.102, | ||
| Members of a GLBP group elect one gateway to be the active virtual gateway (AVG) for that group. Other group members provide backup for the AVG in case the AVG becomes unavailable. The AVG assigns a virtual MAC address to each member of the GLBP group. Each gateway assumes responsibility for forwarding packets that are sent to the virtual MAC address that is assigned to it by the AVG. These gatgleways are known as active virtual forwarders (AVFs) for their virtual MAC address. | Members of a GLBP group elect one gateway to be the active virtual gateway (AVG) for that group. Other group members provide backup for the AVG in case the AVG becomes unavailable. The AVG assigns a virtual MAC address to each member of the GLBP group. Each gateway assumes responsibility for forwarding packets that are sent to the virtual MAC address that is assigned to it by the AVG. These gatgleways are known as active virtual forwarders (AVFs) for their virtual MAC address. | ||
| + | |||
| The AVG is responsible for answering ARP requests for the virtual IP address. Load sharing is achieved by the AVG replying to the ARP requests with different virtual MAC addresses. | The AVG is responsible for answering ARP requests for the virtual IP address. Load sharing is achieved by the AVG replying to the ARP requests with different virtual MAC addresses. | ||
| CR2 is the AVG for a GLBP group and is responsible for the virtual IP address 172.16.10.254. CR2 is also an AVF for the virtual MAC address 0007.b400.0101. CR3 is a member of the same GLBP group and is designated as the AVF for the virtual MAC address 0007.b400.0102. Client 11 has a default gateway IP address of 172.16.10.254 and a gateway MAC address of 0007.b400.0101. Client 12 shares the same default gateway IP address, but it receives the gateway MAC address 0007.b400.0102 because CR3 is sharing the traffic load with CR3. | CR2 is the AVG for a GLBP group and is responsible for the virtual IP address 172.16.10.254. CR2 is also an AVF for the virtual MAC address 0007.b400.0101. CR3 is a member of the same GLBP group and is designated as the AVF for the virtual MAC address 0007.b400.0102. Client 11 has a default gateway IP address of 172.16.10.254 and a gateway MAC address of 0007.b400.0101. Client 12 shares the same default gateway IP address, but it receives the gateway MAC address 0007.b400.0102 because CR3 is sharing the traffic load with CR3. | ||
| + | |||
| CR2 becomes unavailable; | CR2 becomes unavailable; | ||
| GLBP Virtual MAC Address Assignment | GLBP Virtual MAC Address Assignment | ||
| A GLBP group allows up to four virtual MAC addresses per group. The AVG is responsible for assigning the virtual MAC addresses to each member of the group. Other group members request a virtual MAC address after they discover the AVG through hello messages. Gateways are assigned the next MAC address in sequence. A virtual forwarder that is assigned a virtual MAC address by the AVG is known as a primary virtual forwarder. Other members of the GLBP group learn the virtual MAC addresses from hello messages. A virtual forwarder that has learned the virtual MAC address is referred to as a secondary virtual forwarder. | A GLBP group allows up to four virtual MAC addresses per group. The AVG is responsible for assigning the virtual MAC addresses to each member of the group. Other group members request a virtual MAC address after they discover the AVG through hello messages. Gateways are assigned the next MAC address in sequence. A virtual forwarder that is assigned a virtual MAC address by the AVG is known as a primary virtual forwarder. Other members of the GLBP group learn the virtual MAC addresses from hello messages. A virtual forwarder that has learned the virtual MAC address is referred to as a secondary virtual forwarder. | ||
| + | |||
| GLBP Virtual Gateway Redundancy | GLBP Virtual Gateway Redundancy | ||
| GLBP operates virtual gateway redundancy in the same way as HSRP. One gateway is elected as the AVG, another gateway is elected as the standby virtual gateway, and the remaining gateways are placed in a listen state. | GLBP operates virtual gateway redundancy in the same way as HSRP. One gateway is elected as the AVG, another gateway is elected as the standby virtual gateway, and the remaining gateways are placed in a listen state. | ||
| If an AVG fails, the standby virtual gateway will assume responsibility for the virtual IP address. A new standby virtual gateway is then elected from the gateways in the listen state. | If an AVG fails, the standby virtual gateway will assume responsibility for the virtual IP address. A new standby virtual gateway is then elected from the gateways in the listen state. | ||
| GLBP Virtual Forwarder Redundancy | GLBP Virtual Forwarder Redundancy | ||
| + | |||
| Virtual forwarder redundancy is similar to virtual gateway redundancy with an AVF. If the AVF fails, one of the secondary virtual forwarders in the listen state assumes responsibility for the virtual MAC address. | Virtual forwarder redundancy is similar to virtual gateway redundancy with an AVF. If the AVF fails, one of the secondary virtual forwarders in the listen state assumes responsibility for the virtual MAC address. | ||
| + | |||
| The new AVF is also a primary virtual forwarder for a different forwarder number. GLBP migrates hosts away from the old forwarder number, using two timers that start as soon as the gateway changes to the active virtual forwarder state. GLBP uses the hello messages to communicate the current state of the timers. | The new AVF is also a primary virtual forwarder for a different forwarder number. GLBP migrates hosts away from the old forwarder number, using two timers that start as soon as the gateway changes to the active virtual forwarder state. GLBP uses the hello messages to communicate the current state of the timers. | ||
| + | |||
| The redirect time is the interval during which the AVG continues to redirect hosts to the old virtual forwarder MAC address. When the redirect time expires, the AVG stops redirecting hosts to the virtual forwarder, although the virtual forwarder will continue to forward packets that were sent to the old virtual forwarder MAC address. | The redirect time is the interval during which the AVG continues to redirect hosts to the old virtual forwarder MAC address. When the redirect time expires, the AVG stops redirecting hosts to the virtual forwarder, although the virtual forwarder will continue to forward packets that were sent to the old virtual forwarder MAC address. | ||
| + | |||
| The secondary hold time is the interval during which the virtual forwarder is valid. When the secondary hold time expires, the virtual forwarder is removed from all gateways in the GLBP group. The expired virtual forwarder number becomes eligible for reassignment by the AVG. | The secondary hold time is the interval during which the virtual forwarder is valid. When the secondary hold time expires, the virtual forwarder is removed from all gateways in the GLBP group. The expired virtual forwarder number becomes eligible for reassignment by the AVG. | ||
| + | |||
| CCNP.com has decided to implement GLBP on VLAN 10 as a solution to the default gateway issue. CR2 should be the primary router. | CCNP.com has decided to implement GLBP on VLAN 10 as a solution to the default gateway issue. CR2 should be the primary router. | ||
| + | |||
| Task 2: Configure and Verify GLBP Load Sharing | Task 2: Configure and Verify GLBP Load Sharing | ||
| CCNP.com has analyzed the traffic in its network. The study indicates that the best configuration for the network is to have DSW1 as the master root bridge and DSW2 as the backup root bridge for VLANs 10, 20, and 30. DSW2 should be the master root bridge and DSW1 should be the backup root bridge for VLAN 40. | CCNP.com has analyzed the traffic in its network. The study indicates that the best configuration for the network is to have DSW1 as the master root bridge and DSW2 as the backup root bridge for VLANs 10, 20, and 30. DSW2 should be the master root bridge and DSW1 should be the backup root bridge for VLAN 40. | ||
| Configure spanning tree to implement this scheme. | Configure spanning tree to implement this scheme. | ||
| - | With HSRP and VRRP, the active router is the gateway for all traffic; therefore, selection of the active router is important. With GLBP, the gateway function is distributed by the AVG to the members of the group, which means that a single router is no longer the sole gateway. However, there is overhead that is related to the function of the AVG. The AVG function should be distributed as well. | + | |
| + | With HSRP and VRRP, the active router is the gateway for all traffic; therefore, selection of the active router is important. With GLBP, the gateway function is distributed by the AVG to the members of the group, which means that a single router is no longer the sole gateway. However, there is overhead that is related to the function of the AVG. The AVG function should be distributed as well. | ||
| + | |||
| Configure the GLBP groups to implement the following scheme: | Configure the GLBP groups to implement the following scheme: | ||
| • CR2 should be the primary AVG for all hosts on VLANs 10, 20, 30, and 40. | • CR2 should be the primary AVG for all hosts on VLANs 10, 20, 30, and 40. | ||
| Line 1582: | Line 1610: | ||
| ? show track 1 | ? show track 1 | ||
| ○ should show "over threshold" | ○ should show "over threshold" | ||
| - | ○ shoud show "state down" | + | ○ should |
| ? show ip route | ? show ip route | ||
| ○ WAN route is now used | ○ WAN route is now used | ||
| - | ===SDM Template=== | + | ====SDM Template==== |
| Switch Database Management | Switch Database Management | ||
| < | < | ||
cisco/l2_notes.1752672243.txt.gz · Last modified: by adminent
Page Tools
