STP (spanning-tree protocol) 802.1D
-> Performance(redundancy) => Etherchannel
1. LACP (802.3ad) (active, passive)
2. PAGP (cisco) (desriable, auto)
3. 협상 protocol 사용안함 (on)
interface range fa0/1 -2
channel-group 1 mode on
interface port-channel 1
확인
show etherchannel 1 summary
-> PVST+ (per-vlan STP)
-> RSTP (802.1W)
config)#spanning-tree mode rapid-pvst
1. blocking port의 역활을 미리 정해짐
2. TC field를 직접 설정 할수 있음
3. Proposal/ agreement field 사용
-> MSTP (802.1S)
config)#spanning-tree mode mst (default rstp)
config)#spanning-tree mst configuration
config)#name cisco
config)#instance 1 vlan 1 – 500
config)#instance 2 vlan 501 – 1000
#show spanning-tree mst 1
spanning-tree
1. portfast (STP disable)
2. bpdu filter
3. bpdu guard
4. Root guard
5. UDLD
#### PVST configuration #######
SW1
spanning-tree vlan 10 root primary
spanning-tree vlan 20 root secondary
spanning-tree vlan 30 root primary
spanning-tree vlan 40 root secondary
SW2
spanning-tree vlan 10 root secondary
spanning-tree vlan 20 root primary
spanning-tree vlan 30 root secondary
spanning-tree vlan 40 root primary
확인
show spanning-tree vlan 10
### MST configuraton #######
SW1,SW2
spanning-tree mode mst
spanning-tree mst configration
name cisco
instance 1 vlan 10,30
instance 2 vlan 20,40
SW1
spanning-tree mst 1 root primary
spanning-tree mst 2 root secondary
SW2
spanning-tree mst 1 root secondary
spanning-tree mst 2 root primary
확인
show spanning-tree mst 1
LAB1
빨간색 VLAN 10
파란색 VLAN 20
1. 각 SW간에 Ethernchannel 구성
2. VLAN 할당, Trunk 설정
3. PVST 조정
SW3
interface range fa0/23 – 24
channel-group 34 mode on
interface range fa0/19 – 20
channel-group 13 mode on
interface range fa0/21 – 22
channel-group 14 mode on
interface port-channel 34
switchport trunk encap dot1
switchport mode trunk
interface port-channel 13
switchport mode access
switchport access vlan 10
interface port-channel 14
switchport mode access
switchport access vlan 20
SW4
interface range fa0/23 – 24
channel-group 34 mode on
interface range fa0/21 – 22
channel-group 14 mode on
interface range fa0/19 – 20
channel-group 24 mode on
interface port-channel 34
switchport trunk encap dot1q
switchport mode trunk
interface port-channel 14
switchport mode access
switchport access vlan 10
interface port-channel 24
switchport mode access
switchport access vlan 20
SW1
interface range fa0/19-20
channel-group 13 mode on
interface range fa0/21 – 22
channel-group 14 mode on
interface port-channel 13
switchport mode access
switchport access vlan 10
interface port-channel 14
switchport mode access
switchport access vlan 10
SW2
interface range fa0/19 – 20
channel-group 24 mode on
interface range fa0/21 – 22
channel-group 14 mode on
interface port-channel 14
switchport mode access
switchport access vlan 20
interface port-channel 24
switchport mode access
switchport access vlan 20
확인
show vlan
show interface trunk
show etherchannel summary
show spanning-tree vlan 10
STP조정
=> Loadbalancing을 위해
VLAN 10
=>Root SW3,
=>Blocking SW1 Po14
VLAN 20
=>Root SW4
=>Blocking SW2 Po14
SW3
spanning-tree vlan 10 root pri
spanning-tree vlan 20 root sec
SW4
spanning-tree vlan 10 root sec
spanning-tree vlan 20 root pri
=> 확인
SW1 show spanning-tree vlan 10
RSTP설정후,
SW1의 Portchannel 13을 다운시키면
listen/learn 생략됨
L2 SWITCH (MAC)
– mac address table (learnning)
– 300sec
– flooding
– frame
L3 Router (IP)
– routing table (routing protocol)
– 유지
– drop
– packet
SW1
interface fa1/2
switchport mode access
switchport access vlan 2
interface fa1/3
switchport mode access
switchport access vlan 3
interface vlan 2 => SVI
ip add 10.1.2.254 255.255.255.0
interface vlan 3
ip add 10.1.3.254 255.255.255.0
Router
interface fa0/0
ip add 10.1.2.1 255.255.255.0
no shut
interface fa0/1
ip add 10.1.3.1 255.255.255.0
no shut
PC1 10.1.2.250 (GW 10.1.2.1)
PC2 10.1.3.250 (GW 10.1.3.1)
### SW ####
interface fa0/1
switchport mode trunk
interface fa0/2
switchport mode access
switchport access vlan 2
interface fa0/3
switchport mode access
switchport access vlan 3
### Router ####
interface fa0/0
no shut
interface fa0/0.2
encapsulation dot1q 2
ip add 10.1.2.1 255.255.255.0
interface fa0/0.3
encapsulation dot1q 3
ip add 10.1.3.1 255.255.255.0
Multilayer Switch 설정
interface fa0/1
switchport mode access
switchport access vlan 2
interface fa0/2
switchport mode access
switchport access vlan 3
interface vlan 2
ip add 10.1.2.1 255.255.255.0
interface vlan 3
ip add 10.1.3.1 255.255.255.0
ip routing <— multilayer sw는 default로
routing이 disalbe되어 있음 !!!!!
SW1
interface vlan 2
ip add 10.1.2.1 255.255.255.0
standby 2 ip 10.1.2.3
standby 2 priority 110
SW2
interface vlan 2
ip add 10.1.2.2 255.255.255.0
standby 2 ip 10.1.2.3
standby 2 priority 100
PC
IP 10.1.2.1
G 10.1.2.3
SW1
interface vlan 1
ip add 1.1.1.1 255.255.255.0
standby 1 1.1.1.3
standby 1 priority 150
standby 2 1.1.1.4
SW2
interface vlan 1
ip add 1.1.1.2 255.255.255.0
standby 1 1.1.1.3
standby 2 1.1.1.4
standby 2 priority 150
문제 1 (VLAN 생성및 할당)
SW3
config)#vlan 10
config)#interface fa0/3
config-if)#switchport mode access
config-if)#switchport access vlan 10
SW4
config)#vlan 10
config)#interface fa0/5
config-if)#switchport mode access
config-if)#switchport access vlan 10
SW1
config)#vlan 10
config)#interface fa0/3 (fa0/5,fa0/10)
config-if)#switchport mode access
config-if)#switchport access vlan 10
문제2
SW3
config)#interface fa0/1
config-if)switchport mode trunk
SW4
config)#interface fa0/1
config-if)#switchport mode trunk
show interface trunk
config-if)#switchport mode access
config-if)#switchport mode trunk
config-if)#switchport mode dynamic desirable
config-if)#switchport mode dynamic auto
config-if)#no switch
문제3 (STP 구성(RSTP, PVST, STP조정, Portfast)
(BPDU guard, filter, Root Guard, UDLC)
(show interface status
SW3
config)#spanning-tree mode rapid-pvst
config)#spanning-tree vlan 10 root primary
SW4
config)#spanning-tree mode rapid-pvst
config)#spanning-tree vlan 10 root secondary
SW1
config)#spanning-tree mode rapid-pvst
config)#interface fa0/10
config-if)#spanning-tree portfast
문제 4 (VLAN10에 대한 L3(Gateway설정)
SW3에 VLAN10에 대한 GW 10.1.10.253
SW4에 VLAN10에 대한 GW 10.1.10.254
=> 2중화를 위해 GW2개 설정
=> 그러나, HOST에서는 GW를 1개만 설정 할수 있음
=> HSRP 적용해야 함 (VIP 10.1.10.250)
SW3
ip routing (L3 routing enable)
interface vlan 10
ip add 10.1.10.253 255.255.255.0
standby 10 ip 10.1.10.250
standby 10 priority 150
standby 10 track fa0/3 60
standby 10 preempt
SW4
ip routing
interface vlan 10
ip add 10.1.10.254 255.255.255.0
standby 10 ip 10.1.10.250
standby 10 priority 100
stadnby 10 preempt
=> STP에 의해 SW1의 Fa0/5이 blocking 되어 있기 때문에,
=> HSRP도 SW3이 Active상태가 되어 야 함 !!!
– VLAN 20 번추가
– PC2 10.1.20.1 (GW 10.1.20.250)
– VLAN 20에 대해서 SW2 Fa0/5 ==> Blocking
– VLAN 20에 대해서 SW4 Active
1. SW2,SW3,SW4
=> VLAN 20생성 및 할당
SW3
config)#vlan 20
config)#interface fa0/5
config-if)#switchport mode access
config-if)#switchport access vlan 20
SW4
config)#vlan 20
config)#interface fa0/3
config-if)#switchport mode access
config-if)#switchport access vlan 20
SW2
config)#vlan 20
config)#interface fa0/3 (fa0/5, fa0/10)
config-if)#switchport mode access
config-if)#switchport access vlan 20
확인 => show vlan
2. STP
=> SW2에 RSTP enable
=> VLAN 20에 대해, STP조정 (SW4 Root Bridge)
SW2
config)#spanning-tree mode rapid-pvst
config)#interface fa0/10
config-if)#spanning-tree portfast
SW4
config)#spanning-tree vlan 20 root primary
SW3
config)#spanning-tree vlan 20 root secondary
확인 => show stpanning-tree vlan 20
3. L3 구성및 HSRP 설정
=> SW3,SW4에 SVI 20설정
=> SW3,SW4에 VLAN 20에 대한 HSRP설정
=> VLAN 20에 대한 HSRP SW4 Active 설정
SW3
config)#interface vlan 20
config-if)#ip add 10.1.20.253 255.255.255.0
config-if)#standby 20 ip 10.1.20.250
config-if)#standby 20 preempt
SW4
config)#interface vlan 20
config-if)#ip add 10.1.20.254 255.255.255.0
config-if)#standby 20 ip 10.1.20.250
config-if)#standby 20 priority 150
config-if)#standby 20 track fa0/3 60
config-if)#standby 20 preempt
확인 => show standby brief
확인 => PC1(10.1.10.1)에서 PC2(10.1.20.1)로 통신 확인 !!!!!
Router1,2과 Multilayer SW3,4간에
2중화 Link를 연결하고, Routing을 통해 외부와 통신
– SW3은 L3 Port를 이용하여 OSPF를 사용
– SW4은 SVI를 이용하여 OSPF를 사용
– PC1,2이 200.200.100.200/ 200.200.200.200으로 통신 !!
R1
interface lo 0
ip add 200.200.100.200 255.255.255.0
interface fa0/0
ip add 10.1.13.1 255.255.255.0
no shut
interface fa0/1
ip add 10.1.14.1 255.255.255.0
no shut
router ospf 1
network 200.200.100.0 0.0.0.255 area 0
network 10.1.13.0 0.0.0.255 area 0
network 10.1.14.0 0.0.0.255 area 0
SW3
interface fa0/2
no switchport
ip add 10.1.13.3 255.255.255.0
interface fa0/4
no switchport
ip add 10.1.23.3 255.255.255.0
router ospf 1 => SW3이 가지고 있는 network 설정 !!
network 10.1.13.0 0.0.0.255 area 0
network 10.1.23.0 0.0.0.255 area 0
network 10.1.10.0 0.0.0.255 area 0
network 10.1.20.0 0.0.0.255 area 0
SW4
config)#vlan 14
config)#vlan 24
config)#interface fa0/4
config-if)#switchport mode access
config-if)#switchport access vlan 14
config)#interface fa0/2
config-if)#switchport mode access
config-if)#switchport access vlan 24
interface vlan 14
ip add 10.1.14.4 255.255.255.0
interface vlan 24
ip add 10.1.24.4 255.255.255.0
router ospf 1
network 10.1.10.0 0.0.0.255 area 0
network 10.1.20.0 0.0.0.255 area 0
network 10.1.14.0 0.0.0.255 area 0
network 10.1.24.0 0.0.0.255 area 0
R2
interface lo 0
ip add 200.200.200.200 255.255.255.0
interface fa0/0
ip add 10.1.24.2 255.255.255.0
no shut
interface fa0/1
ip add 10.1.23.2 255.255.255.0
no shut
router ospf 1
network 200.200.200.0 0.0.0.255 area 0
network 10.1.24.0 0.0.0.255 area 0
network 10.1.23.0 0.0.0.255 area 0
확인
R1,R2,SW3,SW4에서
show ip ospf neighbor (SW3,SW4 4개)
show ip route
PC1(PING 200.200.100.200) !!! 통신 확인
## 확인 명령어 !!
show vlan
show stpanning-tree vlan X
show standby brief
show ip ospf neighbor
show ip route
1. STP) SW1의 Fa0/5이 Blocking에서 Forwarding에서
변경되는 경우
=> SW1의 Fa0/3이 다운 되는 경우
2. L3) SW4의 SVI 20이 다운되는 경우
=> SW4의 Fa0/1, Fa0/3
(VLAN 20번이 할당된 모든 Port가 down되야 SVI는 다운됨)
3. HSRP) SW3이 VLAN 10의에 대해서 Active에서
Standby로 변경되는 경우
=> 2번 문제와 같이, SVI 10이 다운되야 HSRP는 넘어감
=> 그래서 Track을 사용하여, 물리적인 link fail을 감지해야함
4. OSPF) PC1이 200.200.100.0/24로 통신이 되지 않는경우
SW3에서 Down되야 하는 Port는 ?
=> F0/2이 다운되도 SW4을 통해 통신 가능
=> F0/1도 다운되면, SW1을 통해 통신 가능
=> F0/3도 다운되면, 통신안됨 !!