Thursday, April 17, 2014

Module 7 : Summary

Summary
This page summarizes the topics discussed in this module.
Redundancy is defined as a duplication of components that allows continued functionality despite the failure of an individual component. In a network, redundancy means to have a backup method to connect all devices. Redundant topologies increase network reliability and decrease downtime caused by a single point of failure.
A redundant switched topology may cause broadcast storms, multiple frame transmissions, and MAC address table instability problems. A broadcast storm is caused by multiple hosts that send and receive multiple broadcast messages. The result is that they continue to propagate broadcast traffic over and over until one of the switches is disconnected. During a broadcast storm, the network appears to be down or extremely slow. Multiple frame transmissions occur when a router receives multiple copies of a frame from multiple switches due to an unknown MAC address. These excessive transmissions cause the router to time out. When a switch incorrectly learns a MAC address of a port, it can cause a loop situation and instability for the MAC address table.
Since switches operate at Layer 2 of the OSI model, all forwarding decisions are made at this level. Layer 2 does not provide a TTL value, which is the set amount of time a packet is provided to reach a destination. The problem is that physical topologies contain switching or bridging loops necessary for reliability, yet a switched network cannot have loops. The solution is to allow physical loops, but create a loop free logical topology.
The loop free logical topology created is called a tree. The topology is a star or extended star that spans the tree of the network. All devices are reachable or spanned. The algorithm used to create this loop free logical topology is the spanning-tree algorithm.
The Spanning-Tree Protocol establishes a root node, called the root bridge. The Spanning-Tree Protocol constructs a topology that has one path for every node on the network. This results in a tree that originates from the root bridge. Redundant links that are not part of the shortest path tree are blocked. It is because certain paths are blocked that a loop free topology is possible. Data frames received on blocked links are dropped.
Switches send messages called the bridge protocol data units (BPDUs) to allow the formation of a loop free logical topology. BPDUs continue to be received on blocked ports. BPDUs contain information that allow switches to perform specific actions:
  • Select a single switch that will act as the root of the spanning-tree.
  • Calculate the shortest path from itself to the root switch.
  • Designate one of the switches as the designated switch.
  • Choose one of its ports as its root port, for each non-root switch.
  • Select ports that are part of the spanning-tree. These ports are called designated ports.
IEEE 802.1w LAN standard defines the Rapid Spanning-Tree Protocol. It serves to clarify port states and roles, define a set of link types, and allow switches in a converged network to generate BPDUs rather than use the root bridge BPDUs. The blocking state of a port is renamed as the discarding state. The role of a discarding port is that of an alternate port. The discarding port can become the designated port if the designated port of the segment fails.

Spanning-tree recalculation / Rapid spanning-tree protocol

Spanning-tree recalculation
7.2.6 This page will describe the convergence of a spanning-tree network.
A switched internetwork has converged when all the switch and bridge ports are in either the forwarding or blocking state. Forwarding ports send and receive data traffic and BPDUs. Blocking ports only receive BPDUs.
When the network topology changes, switches and bridges recompute the spanning-tree and cause a disruption in network traffic.  
Convergence on a new spanning-tree topology that uses the IEEE 802.1d standard can take up to 50 seconds. This convergence is made up of the max-age of 20 seconds, plus the listening forward delay of 15 seconds, and the learning forward delay of 15 seconds.
The Lab Activities will show students how to create and verify a basic switch configuration.
The next page will introduce the Rapid Spanning-Tree Protocol.














Rapid spanning-tree protocol
7.2.7 This page will describe the Rapid Spanning-Tree Protocol.
The Rapid Spanning-Tree Protocol is defined in the IEEE 802.1w LAN standard. The standard and protocol introduce new features:
  • Clarification of port states and roles
  • Definition of a set of link types that can go to forwarding state rapidly
  • Concept of allowing switches in a converged network to generate BPDUs rather than relaying root bridge BPDUs
The blocking state of a port is renamed as the discarding state. The role of a discarding port is that of an alternate port. The discarding port can become the designated port if the designated port of the segment fails.
Link types have been defined as point-to-point, edge-type, and shared. These changes allow rapid discovery of link failure in switched networks.
Point-to-point links and edge-type links can go to the forwarding state immediately.
Network convergence should take no longer than 15 seconds with these changes.
The Rapid Spanning-Tree Protocol, IEEE 802.1w, will eventually replace the Spanning-Tree Protocol, IEEE 802.1d.
This page concludes this lesson. The next page will summarize the main points from this module.

Selecting the root bridge / Stages of spanning-tree port states

Selecting the root bridge
7.2.4 This page will explain how a root bridge is selected in an STP network.
The first decision that all switches in the network make, is to identify the root bridge. The position of the root bridge in a network affects the traffic flow.
When a switch is turned on, the spanning-tree algorithm is used to identify the root bridge. BPDUs are sent out with the bridge ID (BID). The BID consists of a bridge priority that defaults to 32768 and the switch MAC address. By default BPDUs are sent every two seconds.
When a switch first starts up, it assumes it is the root switch and sends BPDUs that contain the switch MAC address in both the root and sender BID. These BPDUs are considered inferior because they are generated from the designated switch that has lost its link to the root bridge. The designated switch transmits the BPDUs with the information that it is the root bridge as well as the designated bridge. These BPDUs contain the switch MAC address in both the root and sender BID. The BIDs are received by all switches. Each switch replaces higher root BIDs with lower root BIDs in the BPDUs that are sent out. All switches receive the BPDUs and determine that the switch with the lowest root BID value will be the root bridge.  Network administrators can set the switch priority to a smaller value than the default, which makes the BID smaller. This should only be implemented when the traffic flow on the network is well understood. The Lab Activities will teach students how to select the root bridge for a basic switch configuration. The next page will discuss the STP port states.



Stages of spanning-tree port states
7.2.5 This page will explain the five port states of a switch that uses STP.
Time is required for protocol information to propagate throughout a switched network. Topology changes in one part of a network are not instantly known in other parts of the network due to propagation delay. Data loops can occur when a switch changes the state of a port too quickly.
Each port on a switch that uses the Spanning-Tree Protocol has one of five states, as shown in Figure .
In the blocking state, ports can only receive BPDUs. Data frames are discarded and no addresses can be learned. It may take up to 20 seconds to change from this state.
Ports transition from the blocking state to the listening state. In this state, switches determine if there are any other paths to the root bridge. The path that is not the least cost path to the root bridge returns to the blocking state. The listening period is called the forward delay and lasts for 15 seconds. In the listening state, data is not forwarded and MAC addresses are not learned. BPDUs are still processed.
Ports transition from the listening state to the learning state. In this state, data is not forwarded, but MAC addresses are learned from traffic that is received. The learning state lasts for 15 seconds and is also called the forward delay. BPDUs are still processed.
Ports transitions from the learning state to the forwarding state. In this state user data is forwarded and MAC addresses continue to be learned. BPDUs are still processed.
A port can be in a disabled state. This disabled state can occur when an administrator shuts down the port or the port fails.
The time values given for each state are the default values. These values have been calculated on an assumption that there will be a maximum of seven switches in any branch of the spanning-tree from the root bridge.
The Interactive Media Activities will help students learn the five spanning-tree port states.

STP

Spanning Tree Protocol
7.2.3 This page will teach students about the ports and devices that are found in an STP switched network.
When the network has stabilized, it has converged and there is one spanning-tree per network.
As a result, for every switched network the following elements exist:
  • One root bridge per network
  • One root port per non-root bridge
  • One designated port per segment
  • Unused, or non-designated ports
Root ports and designated ports are used for forwarding (F) data traffic.
Non-designated ports discard data traffic. These ports are called blocking (B) or discarding ports. 
The next page will discuss the root bridge. 

Spanning Tree Protocol

Spanning Tree Protocol
7.2.2 This page will explain how STP can be used to create a loop free network.
Ethernet bridges and switches can implement the IEEE 802.1d Spanning-Tree Protocol and use the spanning-tree algorithm to construct a loop free shortest path network. 
Shortest path is based on cumulative link costs. Link costs are based on the speed of the link. 
The Spanning-Tree Protocol establishes a root node called the root bridge. The Spanning-Tree Protocol constructs a topology that has one path for every node on the network. This tree originates from the root bridge. Redundant links that are not part of the shortest path tree are blocked.
It is because certain paths are blocked that a loop free topology is possible. Data frames received on blocked links are dropped.
The Spanning-Tree Protocol requires network devices to exchange messages to detect bridging loops. Links that will cause a loop are put into a blocking state.
Switches send messages called the bridge protocol data units (BPDUs) to allow the formation of a loop free logical topology. BPDUs continue to be received on blocked ports. This ensures that if an active path or device fails, a new spanning-tree can be calculated.
BPDUs contain information that allow switches to perform specific actions:
  • Select a single switch that will act as the root of the spanning-tree.
  • Calculate the shortest path from itself to the root switch.
  • Designate one of the switches as the closest one to the root, for each LAN segment. This switch is called the designated switch. The designated switch handles all communication from that LAN segment towards the root bridge.
  • Choose one of its ports as its root port, for each non-root switch. This is the interface that gives the best path to the root switch.
  • Select ports that are part of the spanning-tree. These ports are called designated ports. Non-designated ports are blocked. 
The Interactive Media Activity will teach students about STP.
The next page will describe the features of a spanning-tree network.

Spanning-Tree Protocol / Redundant topology and spanning tree

Spanning-Tree Protocol / 
Redundant topology and spanning tree
7.2.1 This page will teach students how to create a loop free logical topology.
Redundant network topologies are designed to ensure that networks continue to function in the presence of single points of failure. Work is interrupted less often for users because the network continues to function. Any interruptions that are caused by a failure should be as short as possible.
Reliability is increased by redundancy. A network that is based on switches or bridges will introduce redundant links between those switches or bridges to overcome the failure of a single link. These connections introduce physical loops into the network. These bridging loops are created so if one link fails another can take over the function of forwarding traffic.
When the destination of the traffic is unknown to a switch, it floods traffic out all ports except the port that received the traffic. Broadcasts and multicasts are also forwarded out every port except the port that received the traffic. This traffic can be caught in a loop. 
In the Layer 2 header, there is no Time To Live (TTL) value. If a frame is sent into a Layer 2 looped topology of switches, it can loop forever. This wastes bandwidth and makes the network unusable.
At Layer 3, the TTL is decremented and the packet is discarded when the TTL reaches 0. This creates a dilemma. A physical topology that contains switching or bridging loops is necessary for reliability, yet a switched network cannot have loops.
The solution is to allow physical loops, but create a loop free logical topology. For this logical topology, traffic destined for the server farm attached to Cat-5 from any user workstation attached to Cat-4 will travel through Cat-1 and Cat-2. This will happen even though there is a direct physical connection between Cat-5 and Cat-4.
The loop free logical topology created is called a tree. This topology is a star or extended star logical topology. This topology is the spanning-tree of the network. It is a spanning-tree because all devices in the network are reachable or spanned.
The algorithm used to create this loop free logical topology is the spanning-tree algorithm. This algorithm can take a relatively long time to converge. A new algorithm called the rapid spanning-tree algorithm was developed to reduce the time for a network to compute a loop free logical topology.
The next page will discuss STP.

Media access control database instability

Media access control database instability
7.1.6 This page will explain how incorrect information can be forwarded in a redundant switched network.
In a redundant switched network it is possible for switches to learn the wrong information. A switch can incorrectly learn that a MAC address is on one port, when it is actually on a different port. In this example the MAC address of Router Y is not in the MAC address table of either switch.
Host X sends a frame directed to Router Y. Switches A and B learn the MAC address of Host X on port 0.
The frame to Router Y is flooded on port 1 of both switches. Switches A and B receive this information on port 1 and incorrectly learn the MAC address of Host X on port 1. When Router Y sends a frame to Host X, Switch A and Switch B also receive the frame and will send it out port 1. This is unnecessary, but the switches have incorrectly learned that Host X is on port 1.
In this example the unicast frame from Router Y to Host X will be caught in a loop.
This page concludes this lesson. The next lesson will describe the Spanning-Tree Protocol (STP). The first page will discuss physical and logical loops in a redundant network




Broadcast storms / Multiple frame transmissions

Broadcast storms
7.1.4 page will explain the effects of broadcasts and multicasts in a switched network.
Broadcasts and multicasts can cause problems in a switched network.
Multicasts are treated as broadcasts by the switches. Broadcast and multicast frames are flooded out all ports, except the one on which the frame was received.
If Host X sends a broadcast, like an ARP request for the Layer 2 address of the router, then Switch A will forward the broadcast out all ports. Switch B is on the same segment and also forwards all broadcasts. Switch B receives all the broadcasts that Switch A forwarded and Switch A receives all the broadcasts that Switch B forwarded. Switch A forwards the broadcasts received from Switch B. Switch B forwards the broadcasts received from Switch A. 
The switches continue to propagate broadcast traffic over and over. This is called a broadcast storm. This broadcast storm will continue until one of the switches is disconnected. Since broadcasts require time and network resources to process, they reduce the flow of user traffic. The network will appear to be down or extremely slow.
The next page will discuss multiple frame transmissions.
A redundant switched topology may cause broadcast storms, multiple frame copies, and MAC address table instability problems.
The next page will discuss broadcast storms.
Multiple frame transmissions 7.1.5 page will explain the effects of broadcasts and multicasts in a switched network.
Broadcasts and multicasts can cause problems in a switched network.
Multicasts are treated as broadcasts by the switches. Broadcast and multicast frames are flooded out all ports, except the one on which the frame was received.
If Host X sends a broadcast, like an ARP request for the Layer 2 address of the router, then Switch A will forward the broadcast out all ports. Switch B is on the same segment and also forwards all broadcasts. Switch B receives all the broadcasts that Switch A forwarded and Switch A receives all the broadcasts that Switch B forwarded. Switch A forwards the broadcasts received from Switch B. Switch B forwards the broadcasts received from Switch A.
The switches continue to propagate broadcast traffic over and over. This is called a broadcast storm. This broadcast storm will continue until one of the switches is disconnected. Since broadcasts require time and network resources to process, they reduce the flow of user traffic. The network will appear to be down or extremely slow.
The next page will discuss multiple frame transmissions.

Reduntant Topoligies / Redundant switched topologies

Redundant Topoligies
7.1.2 This page will explain the concept and benefits of a redundant topology.
A goal of redundant topologies is to eliminate network outages caused by a single point of failure. All networks need redundancy for enhanced reliability.
A network of roads is a global example of a redundant topology. If one road is closed for repair, there is likely an alternate route to the destination. 
Consider a community separated by a river from the town center. If there is only one bridge across the river, there is only one way into town. The topology has no redundancy. 
If the bridge is flooded or damaged by an accident, travel to the town center across the bridge is impossible. 
A second bridge across the river creates a redundant topology. The suburb is not cut off from the town center if one bridge is impassable.   
The next page will describe redundant switched topologies.
Redundant switched topologies
7.1.3 This page will explain how switches operate in a redundant topology.
Networks with redundant paths and devices allow for more network uptime. Redundant topologies eliminate single points of failure. If a path or device fails, the redundant path or device can take over the tasks of the failed path or device. 
If Switch A fails, traffic can still flow from Segment 2 to Segment 1 and to the router through Switch B.
Switches learn the MAC addresses of devices on their ports so that data can be properly forwarded to the destination. Switches flood frames for unknown destinations until they learn the MAC addresses of the devices. Broadcasts and multicasts are also flooded. 
A redundant switched topology may cause broadcast storms, multiple frame copies, and MAC address table instability problems.
The next page will discuss broadcast storms.

Redundant Topologies / Redundancy

Redundancy
7.1.1 This page will explain how redundancy can improve network reliability and performance.
Many companies and organizations increasingly rely on computer networks for their operations. Access to file servers, databases, the Internet, intranets, and extranets is critical for successful businesses. If the network is down, productivity and customer satisfaction decline.
Increasingly, companies require continuous network availability, or uptime. 100 percent uptime is perhaps impossible, but many organizations try to achieve 99.999 percent, or five nines, uptime. Extremely reliable networks are required to achieve this goal. This is interpreted to mean one hour of downtime, on average, for every 4,000 days, or approximately 5.25 minutes of downtime per year. To achieve such a goal requires extremely reliable networks.
Network reliability is achieved through reliable equipment and network designs that are tolerant to failures and faults. Networks should be designed to reconverge rapidly so that the fault is bypassed.
Figure illustrates redundancy. Assume that a car must be used to get to work. If the car has a fault that makes it unusable, it is impossible to use the car to go to work until it is repaired.
On average, if the car is unuseable due to failure one day out of ten, the car has ninety percent usage. Therefore, reliability is also 90 percent.
A second car will improve matters. There is no need for two cars just to get to work. However, it does provide redundancy, or backup, in case the primary vehicle fails. The ability to get to work is no longer dependent on a single car.
Both cars may become unusable simultaneously, one day in every 100. The second car raises reliability to 99 percent. 
The next page will discuss redundant topologies

Module 7: Spanning-Tree Protocol : Overview











Spanning-Tree Protocol (Overview)
Redundancy in a network is critical. It allows networks to be fault tolerant. Redundant topologies protect against network downtime, or nonavailability. Downtime can be caused by the failure of a single link, port, or network device. Network engineers are often required to balance the cost of redundancy with the need for network availability.
Redundant topologies based on switches and bridges are susceptible to broadcast storms, multiple frame transmissions, and MAC address database instability. These problems can make a network unusable. Therefore, redundancy should be carefully planned and monitored.
Switched networks provide the benefits of smaller collision domains, microsegmentation, and full duplex operation. Switched networks provide better performance.
Redundancy in a network is required to protect against loss of connectivity due to the failure of an individual component. However, this provision can result in physical topologies with loops. Physical layer loops can cause serious problems in switched networks.
The Spanning-Tree Protocol is used in switched networks to create a loop free logical topology from a physical topology that has loops. Links, ports, and switches that are not part of the active loop free topology do not forward data frames. The Spanning-Tree Protocol is a powerful tool that gives network administrators the security of a redundant topology without the risk of problems caused by switching loops.
This module covers some of the objectives for the CCNA 640-801 and ICND 640-811 exams.  
Students who complete this module should be able to perform the following tasks:
  • Define redundancy and its importance in networking
  • Describe the key elements of a redundant network topology
  • Define broadcast storms and describe their impact on switched networks
  • Define multiple frame transmissions and describe their impact on switched networks
  • Identify causes and results of MAC address database instability
  • Identify the benefits and risks of a redundant topology
  • Describe the role of spanning-tree in a redundant-path switched network
  • Identify the key elements of spanning-tree operation
  • Describe the process for root bridge election
  • List the spanning-tree states in order
  • Compare Spanning-Tree Protocol and Rapid Spanning-Tree Protocol

Module 6 : Summary

Summary
This page summarizes the topics discussed in this module.
Switches are similar to routers. They have basic computer components including a CPU, RAM, and an operating system. There are several ports that are used to connect hosts and for management. LEDs on the front of the switch show the system status, RPS, port mode, and port status. When powered on, a switch performs POST automatically to verify that the switch functions correctly. HyperTerminal can be used to configure or check the status of a switch.
Another similarity to Cisco routers is the CLI. Enter a question mark (?) to access help. A list of available commands will display. Switches provide word help and command syntax help.
Switches and routers have the same command modes. User EXEC is the default and is indicated by the greater-than character (>). The enable command changes User EXEC to Privileged EXEC as indicated by the pound sign (#). Access to Privileged EXEC mode should be password protected to prevent unauthorized use. The configure command allows other command modes to be accessed.
Default data is provided when the switch is powered up for the first time. For management purposes, a switch is assigned an IP address. Use the show version command to verify the IOS version and the configuration register settings.
Once a switch is configured with an IP address and gateway, it can be accessed through a web-based interface. This allows for the configuration and management of the switch. This service can be accessed through a web browser with the IP address and port 80, the default port for http.
A switch dynamically learns and maintains thousands of MAC addresses. If frames with a previously learned address are not received, the MAC address entry is automatically discarded or aged out after 300 seconds. The command clear mac-address-table entered in the Privileged EXEC mode can be used to manually clear address tables.
A permanent MAC address assigned to an interface ensures that the MAC address will not be aged out automatically by the switch and to enhance security. The command mac-address-table static <mac-address of host > interface FastEthernet <Ethernet number > vlan <vlan name > can be used to configure a static MAC address. Use the no form of the command to remove it. The command show port security can be used to verify port security.
The switch name, IP address, default gateway, and line passwords should be configured on a new switch that is added to a network. When a host is moved from one port or switched to another, configurations that can cause unexpected behavior should be removed. Documentation should be maintained for the current configuration and backups to the server or a disk should be performed periodically. 

1900/2950 password recovery / 1900/2950 firmware upgrade

1900/2950 password recovery 
6.2.8 For security and management purposes, passwords must be set on the console and vty lines. An enable password and an enable secret password must also be set. These practices help ensure that only authorized users have access to the User and Privileged EXEC modes of the switch.
There will be circumstances where physical access to the switch can be achieved, but access to the User or Privileged EXEC mode cannot be gained because the passwords are not known or have been forgotten. 
In these circumstances, a password recovery procedure must be followed.
The Lab Activities will show students how to recover a password on a Catalyst 2900 series switch.

1900/2950 Firmware Upgrade
6.2.9 This page will explain the purpose of IOS and firmware upgrades and how they are performed.
IOS and firmware images are periodically released with bugs fixes, new features, and performance improvements. If the network can be made more secure, or can operate more efficiently with a new version of the IOS, then the IOS should be upgraded. 
To upgrade the IOS, download a copy of the new image to a local server from the Cisco Connection Online (CCO) Software Center.
The Lab Activities will show students how to upgrade the firmware of a switch.
This page concludes this lesson. The next page will summarize the main points from this module.

Executing adds, moves, and changes / Managing switch operating system file

Executing adds, moves, and changes 
6.2.6 The following are parameters that should be configured on a new switch that is added to a network: 
  • Switch name
  • IP address for the switch in the management VLAN
  • A default gateway
  • Line passwords
When a host is moved from one port or switch to another, configurations that can cause unexpected behavior should be removed. The switch can then be reconfigured to reflect the changes. 

The Lab Activities will teach students how to add, move, and change MAC addresses on a switch.








Managing switch operating system file
6.2.7 Network administrators should document and maintain the operational configuration files for network devices. The most current running-configuration file should be backed up on a server or disk. This is not only essential documentation, but is very useful if a configuration needs to be restored. 
The IOS should also be backed up to a local server. The IOS can then be reloaded to flash memory if needed.

The Lab Activities will show students how to create, verify, back up, and then restore a basic switch configuration.