The next topic in our serie are VLAN Technologies. CCIE+Enterprise+Infrastructure+(v1.0+RevA)+Exam+Topics.pdf (cisco.com)

1.1.c vi Normal range and extended range VLANs

Whenever we talk about VLANs we must understand that the amount of possible used values are limited. The VLAN Identifier field (VID) offers 12 bit space within a frame to be tagged with a specific VLAN. The maximal amount of values within 12 bit is 4096.

That means that we can choose VLANs between 1 – 4094 Depending of the model used they may be some reserved IDs for internal use within the switch system. Why not 0 and 4095? 0x000 and 0xFFF are reserved for other purposes.

The normal range VLANs are 1-1005. Starting with 1006 and ending in 4094 inclusive, these VLANs are called extended range VLANs. Under Cisco the extended range can only be used, if we enable VTP.

Can I use all of them?

The answer is no, there are some reservations. Depending on the model you are currently using it is possible that there are more VLANs reserved for internal purposes. As an example on a Nexus 9k switch the system reserves a block of 128 VLANs between 3968-4092. The IDs 4093 – 4095 are reserved for other purposes. The block mentioned before can be changed by issuing the command ’system vlan 500 reserve‘, is is gonna reserve vlan 500 – 627 instead of the oters mentioned aboved.

1.1.c v VLAN database

The fifth post in this serie about CCIE EI. CCIE+Enterprise+Infrastructure+(v1.0+RevA)+Exam+Topics.pdf (cisco.com)

Mostly of the time features are being developed in order to solve a problem. This is also the case for UDLD.

What happens if in a triangle topology with three switches interconnected by a fiber cable one of the forwarding ports stop sending BPDUs to its neighbor? Well, the answer is pretty simple the switch that stop receiving information will eventually goes from blocking to forwarding causing an inintentionally loop.

Unidirectional Link Detection (or UDLD) is a layer-2 protocol that help us to prevent undesired unidirectional communication over a link. The way this protocol works is simple, it sends probes to a wellknown MAC-Address (01:00:0C:CC:CC:CC), for discovery purposes, across Tx link, containing it own device information and port-id, and waits for an echo on the Rx link. Is this the case, then the switch suspect that something is wrong with this link. A prequisite for this feature is that both end of the media shared supports UDLD functionallity.

Two modes

fourth post in this serie. CCIE+Enterprise+Infrastructure+(v1.0+RevA)+Exam+Topics.pdf (cisco.com)

Which problems do these features solved?

These two features help on one side to extend the visibility of the the network topology, their sharing media and capabilities of its members by exchanging information on the control plane.

On the other side both protocols help devices to obtain vital information about the way they have to work, like VoIP phones obtaining the VLAN-ID they need to use in order to communicate.

CDP

It is a Cisco propieatary layer-2 protocol that allows to exchange information about neighbors sharing a media and their capabilities. A simple CDP Frame can contain a lot of useful information for a network administrator. This feature is enabled globally by default and can be disabled and be enabled on port basis.

Since CDP is by default on, we can it disabled it globally or on a specific interface.

Switch(config)#int e0/1
Switch(config-if)#no cdp enable
Switch(config-if)#

Console output

By issuing the following to commands we can see information about the global CDP settings and the neighbors on that switch.

Switch#show cdp
Global CDP information:
        Sending CDP packets every 60 seconds
        Sending a holdtime value of 180 seconds
        Sending CDPv2 advertisements is  enabled
Switch#
Switch#sh cdp neighbors
Capability Codes: R - Router, T - Trans Bridge, B - Source Route Bridge
                  S - Switch, H - Host, I - IGMP, r - Repeater, P - Phone,
                  D - Remote, C - CVTA, M - Two-port Mac Relay

Device ID        Local Intrfce     Holdtme    Capability  Platform  Port ID
Switch           Eth 0/0           159             R S I  Linux Uni Eth 0/0
Switch           Eth 0/1           144             R S I  Linux Uni Eth 0/0

Total cdp entries displayed : 2
Switch#

Lets have a deeper look into the CDP frame captured by wireshark on a test switch.

Third post in this serie. Based on CCIE+Enterprise+Infrastructure+(v1.0+RevA)+Exam+Topics.pdf (cisco.com)

When we talk about Maximum Transmission Unit, MTU for short, we talk about two different types of values. The one defining the largest size in bytes for frames traveling through an interface and the second the biggest IP packet that an interface can handle before fragmentation.

The standard MTU value for L3 packets is 1500 bytes, whereas the standard size for MTU L2 frames is 1514 (1518 if we consider dot1q-tagging).

Nowdays normally we would see something like this in our networks travelling around:

• 1460 bytes of payload for TCP.
• 20 bytes for the TCP header.
• 20 bytes for the IP header.
• 14 bytes for the Ethernet header.

Additional headers

This is my second post for CCIE Enterprise Study

Whenever a switch discovers an error condition on a port, it will automatically disable the port. In this state the port is basically shut down and there is no traffic passing through the interface neither Rx nor Tx.

How to recognize it? by issuing the command „show interface Gi0/1“ you will see the port in „err-disabled“ state. If you are not in front of the CLI you may also be able to recognize it by looking at the LED on the interface… it should be orange. In case you are in front of the CLI while a port goes down due an error condition, you will see a message appearing with a description why the port went down. You can also have a look later by looking into the logs (show logging).

Very important to mention here is, that an error is not necessary a permanent issue, it can be also be temporary like a flapping link, or an user plugging in a wrong device on the port. It would be very bad if the port remains down, imagine the uplink to a management switch, in a remote branch far away, going err-disabled only because of a misconfiguration of the port by enabling „BPDU Guard“. You will lose management access to all devices connected to this switch. To avoid this issue Cisco switches provide a feature called „errdisabled recovery“, which will re-enable the interface after 300 seconds (configurable value) it went down in order to see if the issue has been resolved or not. This function needs to be enabled for different cases.

First of all let us see the situations where a port will go into err-disabled state.

This is my first post in this serie/category. I will try to work every single point on the official CCIE Enterprise Blueprint in order to learn on first place for the exam and in second place to become a better engineer. I am also happy to share information with other people.

The official blueprint can be found on the official Cisco website CCIE+Enterprise+Infrastructure+(v1.0+RevA)+Exam+Topics.pdf (cisco.com).

The first topic is regarding how to manage the MAC-Address Table. Before we start managing the MAC-Address Table we will need to understand how MAC-Addresses are being added to the table.

For efficiently delivery of frames, a switch mantains an internal table where it associates a media access control (MAC) address to a port and a vlan or interface. How is this table feeded? Whenever a switch receives a frame it takes note about the port where the frame arrived and the source MAC-Address of it. The switch uses the information stored in the table to forward the frame to the correct port. If the destination MAC-Address is not present in the table, the switch will flood this single frame to all the ports on the switch except the one where the original frame came from. So the game starts again, at some point the machine representing the destination MAC-Address will answer to the request and at soons the frame arrives to the switch, it will take note of the MAC-Address and its port. Next time, whenenver another host on that switch will need to send a frame to the same MAC-Address the switch wont need to flood the frame in all directions, because it will use first the entry located in the MAC-Address table.

The table can be displayed by issuing the following command on the CLI.

SW1#show mac address-table
Mac Address Table

Vlan Mac Address Type Ports
---- ----------- -------- -----
1 aabb.cc00.0200 DYNAMIC Et0/2
1 aabb.cc00.0300 DYNAMIC Et0/1
1 aabb.cc00.0400 DYNAMIC Et0/0
Total Mac Addresses for this criterion: 3
SW1#