+ Reply to Thread
Page 2 of 3 First 12 3 Last
Results 26 to 50 of 72
  1. Senior Member Danielh22185's Avatar
    Join Date
    Apr 2012
    Location
    DFW Area
    Posts
    1,156

    Certifications
    CCNP R&S, CCNA, CCENT
    #26
    Quote Originally Posted by tomtom1 View Post
    Yes! Branch connectivity caught me off guard (33% score), but managed to score points on the rest.

    Awesome! You got it done quick! Ya the branch connectivity stuff is pure junk if you ask me. The test covers so little (5% according to the blue print) I'd rather have another EIGRP or OSPF question.

    I hope to join the pass ranks tomorrow when I re-take mine.
    Currently Studying: IE Stuff...kinda...for now...
    My ultimate career goal: To climb to the top of the computer network industry food chain.
    "Winning means you're willing to go longer, work harder, and give more than anyone else." - Vince Lombardi
    Reply With Quote Quote  

  2. SS -->
  3. Senior Member tomtom1's Avatar
    Join Date
    Feb 2014
    Posts
    374

    Certifications
    JNCIP,SP, JNCIS-SP, CCNP, VCAP5-DCA, VCP5, MCITP 2008 SA, CCNA
    #27
    Allrighty, although I'm writing the JCNIA JunOS exam in a few days, a recent job has come up in which I could be working for a service provider. The SP is all Cisco based, so I'm hoping me working there might give me the solid basis to continue the CCNP road. Who knows, perhaps one day even CCIE. I think I'm motivated enough to do it, only one does get to know oneself in such preparation.

    I think I will accept their job offer and start this track / topic up again! Wish me luck.

    Preparation materials for the SWITCH exam:

    -> Bryant's CCNP SWITCH material
    -> CCNP switch simplified

    Anything other worth mentioning? I'm hoping to get my hands on an old 3750 switch and I still have some (2) older 100 meg switches (Cisco of course) lying around. Should that suffice or should I invest in more / better switches?
    Reply With Quote Quote  

  4. Network Consultant FloOz's Avatar
    Join Date
    Dec 2011
    Posts
    1,588

    Certifications
    B.S. CSIT; CompTIA A+, Network+; CCNA, DA; CCNP R&S; CCDP
    #28
    I'd go with 4x 3560s. It'll be pricey but it will pay off if you do go for your CCIE. I would check with your employer if they have any extra gear lying around.
    Reply With Quote Quote  

  5. Senior Member tomtom1's Avatar
    Join Date
    Feb 2014
    Posts
    374

    Certifications
    JNCIP,SP, JNCIS-SP, CCNP, VCAP5-DCA, VCP5, MCITP 2008 SA, CCNA
    #29
    Quote Originally Posted by FloOz View Post
    I'd go with 4x 3560s. It'll be pricey but it will pay off if you do go for your CCIE. I would check with your employer if they have any extra gear lying around.
    I have my eyes on this, so that might be a good investment.
    Reply With Quote Quote  

  6. ...loading... gorebrush's Avatar
    Join Date
    Apr 2005
    Location
    UK
    Posts
    2,728

    Certifications
    CCIE:R&S, CCNP:R&S, CCNA:S, MCSE, MCSA:M, MCTSx2
    #30
    If you are going to buy switches, buy ones that'll at least run 15 code. 3560's will, but I believe they *must* have 32MB flash, there are certain product codes of 3560 that will definitely run it.

    Otherwise you will be looking at rack rentals for some of the CCIE features (VTP Version 3)
    Reply With Quote Quote  

  7. Senior Member tomtom1's Avatar
    Join Date
    Feb 2014
    Posts
    374

    Certifications
    JNCIP,SP, JNCIS-SP, CCNP, VCAP5-DCA, VCP5, MCITP 2008 SA, CCNA
    #31
    Quote Originally Posted by gorebrush View Post
    If you are going to buy switches, buy ones that'll at least run 15 code. 3560's will, but I believe they *must* have 32MB flash, there are certain product codes of 3560 that will definitely run it.

    Otherwise you will be looking at rack rentals for some of the CCIE features (VTP Version 3)
    I'll ask a sh ver first, have some in mind. Thanks for the advice guys and best of luck in your CCIE prep.
    Reply With Quote Quote  

  8. Senior Member tomtom1's Avatar
    Join Date
    Feb 2014
    Posts
    374

    Certifications
    JNCIP,SP, JNCIS-SP, CCNP, VCAP5-DCA, VCP5, MCITP 2008 SA, CCNA
    #32
    Still searching for some switches while the Bryant material is underway. Is the SWITCH simplified any good?
    Reply With Quote Quote  

  9. Senior Member
    Join Date
    Sep 2013
    Location
    Sweden
    Posts
    861

    Certifications
    CCNP
    #33
    Quote Originally Posted by tomtom1 View Post
    Is the SWITCH simplified any good?
    Some people think that it's great, and some people don't. I've read it, and I don't think that it lives up to the hype. I've also read the official certification guide which I find to be a better textbook overall due to better language and a greater emphasis on actually teaching you the material. At times Switch Simplfied reads like a configuration guide, and that's not really what I'm looking for in a textbook. My recommendation would be to read the OCG and supplement with the 3560 configuration guide as you are practicing your hands on skills.
    Reply With Quote Quote  

  10. Senior Member tomtom1's Avatar
    Join Date
    Feb 2014
    Posts
    374

    Certifications
    JNCIP,SP, JNCIS-SP, CCNP, VCAP5-DCA, VCP5, MCITP 2008 SA, CCNA
    #34
    Quote Originally Posted by fredrikjj View Post
    Some people think that it's great, and some people don't. I've read it, and I don't think that it lives up to the hype. I've also read the official certification guide which I find to be a better textbook overall due to better language and a greater emphasis on actually teaching you the material. At times Switch Simplfied reads like a configuration guide, and that's not really what I'm looking for in a textbook. My recommendation would be to read the OCG and supplement with the 3560 configuration guide as you are practicing your hands on skills.
    Coming from the guy who found the ROUTE OCG not dry, haha. I've ordered the switch OCG and now the only thing I need are a few decent switches. Hoping to pick them up somewhere next week.
    Reply With Quote Quote  

  11. Senior Member tomtom1's Avatar
    Join Date
    Feb 2014
    Posts
    374

    Certifications
    JNCIP,SP, JNCIS-SP, CCNP, VCAP5-DCA, VCP5, MCITP 2008 SA, CCNA
    #35
    Quote Originally Posted by FloOz View Post
    I'd go with 4x 3560s. It'll be pricey but it will pay off if you do go for your CCIE. I would check with your employer if they have any extra gear lying around.
    I've got 3 of those and judging by this command (sh ver didn't give me memory info) they have 32 MB of RAM which means they will run IOS 15.

    SW02#show file systems
    File Systems:

    Size(b) Free(b) Type Flags Prefixes
    * 32514048 17094656 flash rw flash:
    524288 523212 nvram rw nvram:

    Managed to pick these up for 350 for all 3 so I'm happy about the price to say the least

    The OCG should arrive today or next week.

    Edit: Yup, IOS 15 works like a charm:


    Switch Ports Model SW Version SW Image
    ------ ----- ----- ---------- ----------
    * 1 26 WS-C3560-24TS 15.0(1)SE C3560-IPSERVICESK9-M
    Last edited by tomtom1; 06-14-2014 at 11:13 AM.
    Reply With Quote Quote  

  12. Senior Member tomtom1's Avatar
    Join Date
    Feb 2014
    Posts
    374

    Certifications
    JNCIP,SP, JNCIS-SP, CCNP, VCAP5-DCA, VCP5, MCITP 2008 SA, CCNA
    #36
    Made some first few steps into the SWITCH area today which was mostly review from the CCNA studies, but at the same time stuff I had to refresh on to form a solid basis. I will be using this thread to cover some notes / scenario's that I'm testing.

    Dynamic trunking protocol (DTP)


    Dynamic Desirable = default. DTP frames are being sent and the port is actively trying to form a trunked link. It will become a trunked link when the remote end is either trunk, dynamic auto or dynamic desirable.
    Code:
    SW01(config-if)#sw mod dynamic desirable
    Dynamic Auto = DTP frames are being sent and received. If the remote end is either trunked or dynamic desirable a trunk link is formed.
    Code:
    SW01(config-if)#sw mod dynamic auto
    Trunked = The link is set into a permanent trunking state. The remote end does not have to agree on the negotiation.
    Code:
    SW01(config-if)#sw mod trunk
    Access = The link is set into a permanent access state. The remote end does not have to agree on the negotiation.
    Code:
    SW01(config-if)#sw mod access
    No negotiation = A fixed link type (either access or trunk) must be configured on both ends
    Code:
    SW01(config-if)#switchport nonegotiate

    On modes where DTP frames are being sent (all but nonegotiate) DTP packets will be sent out with a default interval of 30 seconds.You can check this by using show dtp:

    Code:
    SW01#show dtp
    Global DTP information
        Sending DTP Hello packets every 30 seconds
        Dynamic Trunk timeout is 300 seconds
        5 interfaces using DTP
    When both 802.1Q and ISL are supported on both ends, ISL will be the preferred option. All active VLANs (1 - 4091) will be allowed on the trunk by default.

    Some extra debug information can be shown by running the command show interface <interface name> switchport, which shows the current status of the link, either by hardcoding it as an access or trunked port or by dynamically negotiating a trunked link:

    Code:
    SW01#show interfaces gigabitEthernet 0/1 switchport
    Name: Gi0/1
    Switchport: Enabled
    Administrative Mode: dynamic auto
    Operational Mode: down
    Administrative Trunking Encapsulation: negotiate
    Negotiation of Trunking: On
    Access Mode VLAN: 1 (default)
    Trunking Native Mode VLAN: 1 (default)
    Administrative Native VLAN tagging: enabled
    Voice VLAN: none
    Administrative private-vlan host-association: none 
    Administrative private-vlan mapping: none 
    Administrative private-vlan trunk native VLAN: none
    Administrative private-vlan trunk Native VLAN tagging: enabled
    Administrative private-vlan trunk encapsulation: dot1q
    Administrative private-vlan trunk normal VLANs: none
    Administrative private-vlan trunk associations: none
    Administrative private-vlan trunk mappings: none
    Operational private-vlan: none
    Trunking VLANs Enabled: ALL
    Pruning VLANs Enabled: 2-1001
    Capture Mode Disabled
    Capture VLANs Allowed: ALL
    
    
    Protected: false
    Unknown unicast blocked: disabled
    Unknown multicast blocked: disabled
    Appliance trust: none
    Last edited by tomtom1; 06-18-2014 at 08:15 PM.
    Reply With Quote Quote  

  13. ...loading... gorebrush's Avatar
    Join Date
    Apr 2005
    Location
    UK
    Posts
    2,728

    Certifications
    CCIE:R&S, CCNP:R&S, CCNA:S, MCSE, MCSA:M, MCTSx2
    #37
    Just want to pick up an earlier comment on configuring routing protocols - configuring under the process is largely considered the legacy operation now.

    Also, try EIGRP Named Mode that will expand horizons a bit! Don't waste too much on it though - I don't know if it's on the ROUTE blueprint!!
    Reply With Quote Quote  

  14. Senior Member tomtom1's Avatar
    Join Date
    Feb 2014
    Posts
    374

    Certifications
    JNCIP,SP, JNCIS-SP, CCNP, VCAP5-DCA, VCP5, MCITP 2008 SA, CCNA
    #38
    VLAN Trunking protocol VTP


    The VLAN trunking protocol is designed to propagate the VLAN database (vlan.dat stored on flash from a switch operating in VTP server mode to VTP clients in the same management domain. In order for this process to work, the switches have to be:


    -> Running trunked (either ISL or 802.1q) links
    -> Running the same version of VTP (either 1,2 or 3)
    -> Be in the same VTP management domain (case sensitive)


    The entire concept of VTP is based upon the revision number of a switch’s VLAN database:


    Code:
    SW01#show vtp status | i Revision

    When VTP is enabled, the switch will send out a summary packet every 5 minutes. This packet contains the VTP management domain name and the configuration revision. When a remote switch receives this package, it checks the VTP domain name against its locally configured VTP domain name. If no match is found, the packet is ignored. If the VTP domain name is the same, the switch checks the revision number. If the revision number in the advertisement is equal or lower, the packet is ignored. If the revision number in the packet is higher, a request is sent.


    A VTP enabled switch can be in one of 3 modes:


    Server - A VTP server switch has the possibility to edit the VLAN database by either adding, removing or modifying VLANs. This information is propagated to the other VTP enabled switches in the same management domain.
    Client - A VTP client has a readonly copy of the database. When trying to edit the VLAN database on a VTP client, an error message is thrown:


    Code:
    SW02(config)#vlan 200
    VTP VLAN configuration not allowed when device is in CLIENT mode.



    Transparent - A VTP transparent switch has the possibility to edit the VLAN database by either adding, removing or modifying VLANs. This information is not propagated to the other switches When VTP version 2 is enabled, it does forward VTP packets it receives on to other trunked links.


    You can check the configuration revision, the domain name and the version of VTP running by issuing the command
    Code:
    SW02#sh vtp status
    VTP Version capable             : 1 to 3
    VTP version running             : 1
    VTP Domain Name                 : CCNP
    VTP Pruning Mode                : Disabled
    VTP Traps Generation            : Disabled
    Device ID                       : 001c.575e.bf80
    Configuration last modified by 192.168.1.211 at 3-1-93 06:15:02
    
    
    Feature VLAN:
    --------------
    VTP Operating Mode                : Client
    Maximum VLANs supported locally   : 1005
    Number of existing VLANs          : 10
    Configuration Revision            : 6
    MD5 digest                        : 0xDC 0xF4 0x1E 0xBD 0x43 0xE3 0x88 0xB1 
                                        0x2B 0xFF 0x2A 0xD8 0x49 0x84 0x3A 0xC6
    Configure a VTP domain name and set the mode


    Code:
    SW02(config)#vtp domain CCNP
    Changing VTP domain name from switch to CCNP
    Code:
    SW02(config)#vtp mode client
    Setting device to VTP Client mode for VLANS.
    VTP Versions
    The default VTP version running on switches is VTP version 1. VTP version 2 differs on a few points from VTP version 1.

    1) VTP Version 2 enabled Token Ring support
    2) VTP Version 2 does a consistency check on VLAN names / VLAN ID's based on information based on the information in the VTP advertisements.
    3) VTP switches operating in transparent mode pass VTP information on to other switching. This is helpful in situations like this:

    VTP.png

    In VTP version 2 the VTP switch operating in transparant mode passes the VTP information to the switch connected to it running in VTP client mode. You can change the VTP version in global configuration mode:

    Code:
    SW03(config)#vtp version 2
    Last edited by tomtom1; 06-15-2014 at 02:55 PM.
    Reply With Quote Quote  

  15. Senior Member tomtom1's Avatar
    Join Date
    Feb 2014
    Posts
    374

    Certifications
    JNCIP,SP, JNCIS-SP, CCNP, VCAP5-DCA, VCP5, MCITP 2008 SA, CCNA
    #39
    Quote Originally Posted by gorebrush View Post
    Just want to pick up an earlier comment on configuring routing protocols - configuring under the process is largely considered the legacy operation now.

    Also, try EIGRP Named Mode that will expand horizons a bit! Don't waste too much on it though - I don't know if it's on the ROUTE blueprint!!
    I've already got the ROUTE part down, but I'll take a look at this. Never come across it before, so I'll definitely check it out. Also thanks for the advice on the 32 meg RAM in the switches for IOS 15.
    Reply With Quote Quote  

  16. ...loading... gorebrush's Avatar
    Join Date
    Apr 2005
    Location
    UK
    Posts
    2,728

    Certifications
    CCIE:R&S, CCNP:R&S, CCNA:S, MCSE, MCSA:M, MCTSx2
    #40
    The irony is of course is that my 3750's run 12.2(52)SE supports VTP v3
    Reply With Quote Quote  

  17. Senior Member tomtom1's Avatar
    Join Date
    Feb 2014
    Posts
    374

    Certifications
    JNCIP,SP, JNCIS-SP, CCNP, VCAP5-DCA, VCP5, MCITP 2008 SA, CCNA
    #41
    ​STP 802.1d
    Spanning tree BPDU’s are sent out every 2 seconds. The root ID consists of the priority and the mac address of the switch.

    Root port: Port closed to the root bridge, used to reach to root bridge.
    Designated port: In forwarding mode on one side, on blocking in the other
    Blocking: Not actively forwarding traffic, blocked by STP.


    Only one end of a link is blocked. The other end of the link is a designated port in forwarding state. The end with the higher mac address has the port in blocking mode.


    To set the bridge priority in a PVST instance (i.e. VLAN 1). When PVST is running, the priority consits of 32768 + sys-id-ext (VLAN ID). For VLAN 1 the bridge priority is 32769


    Code:
     SW01(config)#spanning-tree vlan 1 priority 4096

    Classic spanning tree (802.1d) port status


    Listening - 15 seconds listening for BPDU’s on the network. Traffic is not being forwarded.
    Learning - 15 seconds learning entries for the mac-address-table. Traffic is not being forwarding.
    Forwarding - The port is up and actively forwarding traffic.
    Blocking - The port is blocking


    When the convergence has to occur and the port is in blocking state, 20 seconds of timers (max-age) has to expire before the port is being set into listening mode. This could cause the outage to be a maximum of 50 seconds with classic spanning tree protocol.


    Because of the slow convergence of classic STP (802.1d) due to the max age, listening and learning delays. Portfast solves one of these problems, by making the port skip both the listening and learning state, by going directly into a forwarding state. Portfast should only be configured on edge ports, ports that connect to an endpoint and cannot form L2 switching loops.


    Code:
     SW01(config-if)#spanning-tree portfast

    Because of the slow convergence of classic STP (802.1d) due to the max age, listening and learning delays. Portfast solves one of these problems, by making the port skip both the listening and learning state, by going directly into a forwarding state. Portfast should only be configured on edge ports, ports that connect to an endpoint and cannot form L2 switching loops.


    Uplinkfast is a Cisco proprietary feature that allows faster link recovery upon failure of the root port. When uplinkfast is enabled, the root ports and the blocking ports are set into a uplink group. When the root port fails, the blocking port is put into FWD (forwarding) mode and the listening and learning timers are skipped. This allows for faster convergence. Uplinkfast is enabled globally.


    Code:
     SW02(config)#spanning uplinkfast

    Root guard is a STP security feature that kicks in when a superior BPDU is received on an interface. Without root guard, a rogue switch could take control of the STP domain and become the root bridge. When root guard is enabled (per interface basis) every downstream BPDU is discarded and the port is set into an root inconsistent port state. Root guard is configured on a per interface basis with the following command:


    Code:
     SW02(config-if)#spanning guard root
    BPDU guard is a STP security feature that is used in combination with portfast. When BPDU’s are received on a port that is configured with PortFast the switch knows that there isn’t an end device connected to that port. If BPDU guard is configured, this kicks in and the port is set into an error disabled state. The link and line protocol both go down. BPDU guard is enabled per interface with:


    Code:
    SW02(config-if)#spanning bpduguard enable
    *Mar  1 19:02:33.162: %SPANTREE-2-BLOCK_BPDUGUARD: Received BPDU on port Fa0/2 with BPDU Guard enabled. Disabling port.
    *Mar  1 19:02:33.162: %PM-4-ERR_DISABLE: bpduguard error detected on Fa0/2, putting Fa0/2 in err-disable state
    *Mar  1 19:02:34.177: %LINEPROTO-5-UPDOWN: Line protocol on Interface FastEthernet0/2, changed state to down
    Reply With Quote Quote  

  18. Senior Member tomtom1's Avatar
    Join Date
    Feb 2014
    Posts
    374

    Certifications
    JNCIP,SP, JNCIS-SP, CCNP, VCAP5-DCA, VCP5, MCITP 2008 SA, CCNA
    #42
    Etherchanneling:
    Cisco currently has 2 Etherchanneling protocols built into IOS.

    1) PaGP (Port aggregation protocol)
    2) LACP (Link Aggregation Control Protocol)

    The PaGP protocol is Cisco proprietary and knows 3 modes:
    Auto - Will wait for a PaGP packet from the remote switch.
    Desirable - Will be actively trying to form a PaGP channel with a remote switch. PaGP packets will be sent.
    On - Disables both PaGP and LACP negotiations, builds a static Etherchannel.

    The LACP protocol is industry standard (802.3ad) and also knows 3 modes:
    Active - The switch is actively trying to form an LACP Channel and is sending LACP packets.
    Passive - The switch is waiting for a LACP packet from the remote switch.
    On - Disables both PaGP and LACP negotiations, builds a static Etherchannel.


    Code:
    SW01(config-if)#channel-group 2 mode ?
      active     Enable LACP unconditionally
      auto       Enable PAgP only if a PAgP device is detected
      desirable  Enable PAgP unconditionally
      on         Enable Etherchannel only
      passive    Enable LACP only if a LACP device is detected
    To put a physical interface in a Port-Channel with the mode set to on, which means a static Etherchannel.

    Code:
    SW01(config-if-range)#channel-group 2 mode on
    Reply With Quote Quote  

  19. Senior Member tomtom1's Avatar
    Join Date
    Feb 2014
    Posts
    374

    Certifications
    JNCIP,SP, JNCIS-SP, CCNP, VCAP5-DCA, VCP5, MCITP 2008 SA, CCNA
    #43
    Allright, port security was on the menu today. Port security is a security measure implemented to stop MAC spoofing and could help in limiting the number of MAC addresses on a interface or even allow only certain MAC addresses to send frames on a interface.

    Port security can't be enabled on:
    -> Trunk port (switchport mode trunk, or ports operating in DTP mode auto or desirable)
    -> Interfaces which are a member of port-channels
    -> SPAN destination ports

    Port-security violation modes:
    -> Protect (drop incoming frames)
    -> Reject (drop incoming frames, generate a syslog message and send a SNMP trap)
    -> Shutdown (put the port into err-disabled). Default

    Port-Security maximum
    When enabled, port security by default allows for a maximum of one (1) MAC address on a secure port. This mac-address can be either dynamically learned or statically configured. You can increase the number of secure mac-address on a interface by using the following command:

    Code:
    switchport port-security maximum
    Port-security mac-address
    Port security can learn mac-address via 2 ways:
    1) Statically configured on the interface
    2) Dynamically learned by looking at the source mac-address on incoming frames

    By configuring the switchport with statically configured secure mac-addresses, you put a hard limit on the mac-addresses allowed to connect on a interface. If the source MAC address of incoming frames does not match the one configured, the configured violation occurs.

    Configure a static mac-address with port security like this
    Code:
    switchport port-security mac-address aaaa.aaaa.aaaa
    You can also configure sticky mac-addresses with port-security. Sticky mac-address are dynamically learned but once learned, are saved in the configuration so they don't have to be relearned when the switch reboots. Configure sticky mac-addresses:

    Code:
    switchport port-security mac-address sticky
    Port-security aging
    By default, port-security does not age out entries learned (timer set to 0). You can configure aging in 2 types:

    1) Absolute (Specifiy a "hard" timer for when a secure mac-address will age out
    2) Inactivity (Specifiy a timer for when a secure mac-address will age out once no traffic from that source mac-address has been seen).

    Configure port-security aging:
    Code:
    switchport port-security aging time 10
    switchport port-security aging type absolute
    A nice gotcha
    Consider the following configuration:

    Code:
    SW02#sh run int fa0/16
    Building configuration...
    
    
    Current configuration : 201 bytes
    !
    interface FastEthernet0/16
     switchport access vlan 200
     switchport mode access
     switchport port-security maximum 2
     switchport port-security
     switchport port-security mac-address 6003.08a2.beea
    One of the 2 maximum mac-address has been statically configured. This means that a second mac-address on the same interface can be dynamically learned, still be allowed to connect to the network and send frames.

    Verification commands
    Code:
    show port-security
    show port-security interface fa0/16
    Reply With Quote Quote  

  20. Senior Member tomtom1's Avatar
    Join Date
    Feb 2014
    Posts
    374

    Certifications
    JNCIP,SP, JNCIS-SP, CCNP, VCAP5-DCA, VCP5, MCITP 2008 SA, CCNA
    #44
    Got some work done on PVLANs yesterday. Luckily I was already a bit known with the material from VMware's implementation in the distributed vSwitch, so the concepts were already clear. Anyhow, another summary:

    PVLAN's basically are VLANs within VLANs.

    PVLAN Types:
    Primary, which can also be referred to as the promiscuous VLAN.
    Secondary, which can either be isolated or community.

    PVLAN "modes":
    Promiscuous: This is mainly used with default gateways (such as routers or firewalls) but ports in promiscuous mode can communicate to other ports in the promiscuous VLAN, as well as isolated and community ports.
    Community: Ports or hosts placed in a community PVLAN can communicate with hosts / ports in the same community VLAN and the promiscuous VLAN. PVLAN-Community ports cannot communicate with hosts / ports in other community PVLANs and isolated ports.
    Isolated: Ports or host in an isolated PVLAN can only communicate with the promiscuous VLAN.

    One small gotcha
    One thing I ran into. PVLANs can only be configured with a VTP switch in transparent or off mode.

    Code:
    SW02(config-vlan)#private-vlan primary
    %Private VLANs can only be configured when VTP is in transparent/off mode.
    Fix:
    Code:
    SW02(config)#vtp mode off

    VLAN Configuration:
    Code:
    SW03(config)#vlan 500
    SW03(config-vlan)#name PVLAN-PRIMARY
    SW03(config-vlan)#private-vlan primary 
    SW03(config-vlan)#vlan 501
    SW03(config-vlan)#name PVLAN-COMMUNITY
    SW03(config-vlan)#private-vlan community 
    SW03(config-vlan)#vlan 502
    SW03(config-vlan)#name PVLAN-ISOLATED 
    SW03(config-vlan)#private-vlan isolated 
    SW03(config-vlan)#vlan 500
    SW03(config-vlan)#private-vlan association 501,502
    Port Configuration for a host in the community PVLAN:
    Code:
    SW03(config-vlan)#int fa0/11
    SW03(config-if)#switchport mode private-vlan host
    SW03(config-if)#switchport private-vlan host-association 500 501
    Port Configuration for a host in the promiscuous PVLAN:
    Code:
    SW03(config-if)#int fa0/12
    SW03(config-if)#switchport mode private-vlan promiscuous 
    SW03(config-if)#switchport private-vlan mapping 500 501,502
    Verification commands:
    Code:
    SW03#sh vlan private-vlan
    
    SW03#sh int fa0/11 sw | be private
    Reply With Quote Quote  

  21. Senior Member JeanM's Avatar
    Join Date
    Mar 2012
    Location
    California
    Posts
    1,105

    Certifications
    CCNA, MCP, S+, N+, A+
    #45
    Nice job on passing CCNP route on first attempt!
    Reply With Quote Quote  

  22. Senior Member tomtom1's Avatar
    Join Date
    Feb 2014
    Posts
    374

    Certifications
    JNCIP,SP, JNCIS-SP, CCNP, VCAP5-DCA, VCP5, MCITP 2008 SA, CCNA
    #46
    Quote Originally Posted by JeanM View Post
    Nice job on passing CCNP route on first attempt!
    Thanks!

    Question to you CCNP / CCIE candidates out there concerning DTP. I've learned that the default port mode should be dynamic desirable. When I run a command to verify DTP status, I noticed my default is different. For example:
    Code:
    SW03#sh int fa0/7 sw | i dynamic
    Administrative Mode: dynamic auto
    
    
    SW03#sh run int fa0/7
    Building configuration...
    
    
    Current configuration : 33 bytes
    !
    interface FastEthernet0/7
    End
    
    
    SW03#sh ver | i 15.0 
    Cisco IOS Software, C3560 Software (C3560-IPSERVICESK9-M), Version 15.0(1)SE, RELEASE SOFTWARE (fc1)
    *    1 26    WS-C3560-24TS      15.0(1)SE             C3560-IPSERVICESK9-M

    Do you know if this default was changed in between versions?
    Reply With Quote Quote  

  23. Network Consultant FloOz's Avatar
    Join Date
    Dec 2011
    Posts
    1,588

    Certifications
    B.S. CSIT; CompTIA A+, Network+; CCNA, DA; CCNP R&S; CCDP
    #47
    3560s default is dynamic auto
    3550s default is dynamic desirable
    Reply With Quote Quote  

  24. Senior Member tomtom1's Avatar
    Join Date
    Feb 2014
    Posts
    374

    Certifications
    JNCIP,SP, JNCIS-SP, CCNP, VCAP5-DCA, VCP5, MCITP 2008 SA, CCNA
    #48
    Quote Originally Posted by FloOz View Post
    3560s default is dynamic auto
    3550s default is dynamic desirable
    Weird that something like this would differ between models rather than IOS versions. Anyhow, got the OCG in yesterday and already picked up somethings that gave me just a little bit more detail.

    1) When auto negotiation on a switchport fails they fall back to a half-duplex mode.
    2) A nice command regarding Etherchanneling

    Code:
    test etherchannel load-balance interface Port-Channel1 mac  10dd.b1ea.bcf5  0008.9bdc.4ddd
    It tells you, based on the load-balancing algorithm (sh etherchannel load-balance) which port of your channel would be used when a source mac address of 10dd.b1ea.bcf5 and a destination mac address of 0008.9bdc.4ddd is used (in my case).
    Reply With Quote Quote  

  25. ...loading... gorebrush's Avatar
    Join Date
    Apr 2005
    Location
    UK
    Posts
    2,728

    Certifications
    CCIE:R&S, CCNP:R&S, CCNA:S, MCSE, MCSA:M, MCTSx2
    #49
    Dynamic desirable is truly a horrible default!
    Reply With Quote Quote  

  26. Senior Member tomtom1's Avatar
    Join Date
    Feb 2014
    Posts
    374

    Certifications
    JNCIP,SP, JNCIS-SP, CCNP, VCAP5-DCA, VCP5, MCITP 2008 SA, CCNA
    #50
    Quote Originally Posted by gorebrush View Post
    Dynamic desirable is truly a horrible default!
    I know, prefer dynamic auto, but strange that it would differ. On your 3750's, default is dynamic desirable?
    Reply With Quote Quote  

+ Reply to Thread
Page 2 of 3 First 12 3 Last

Social Networking & Bookmarks