Friday, February 26, 2010

SWITCH Commands

Here I am going to post configurations commands related to the certain exam topics.

Vlan trunking configuration
Switch(config)# interface type mod/port
Switch(config-if)# switchport
Switch(config-if)# switchport trunk encapsulation {isl | dot1q | negotiate}
Switch(config-if)# switchport trunk native vlan vlan-id
Switch(config-if)# switchport trunk allowed vlan {vlan-list | all | {add | except | remove} vlan-list}
Switch(config-if)# switchport mode {trunk | dynamic {desirable | auto}}
If you decide to configure both ends of a trunk link as a fixed trunk (switchport mode trunk), you can disable DTP completely so that these frames are not exchanged. To do this, add the switchport nonegotiate command to the interface configuration.

VTP should be in a first section, but i guess, that it's easy enough to configure it.
vtp mode server
vtp password SECRET
vtp version 1/2
vtp domain DOMAIN
Troubleshooting:
show vtp status
show vtp password
 
■EtherChannel
Load-balance distribution:
port-channel load-balance  METHOD
The following methods exist:

 PAgP configuration:
Switch(config)# interface type mod/num 
Switch(config-if)# channel-protocol pagp
Switch(config-if)# channel-group number mode {on | {{auto | desirable} [non-silent]}}
By default, PAgP operates in silent submode. The silent submode listens for any PAgP packets from the far end, looking to negotiate a channel. If none is received, silent submode assumes that a channel should be built anyway, so no more PAgP packets are expected from the far end.
Even if the two interfaces are using PAgP auto silence mode, the link will still eventually come up, although not as a channel.

LACP configuration:
Switch(config)# lacp system-priority priority
Switch(config)# interface type mod/num
Switch(config-if)# channel-protocol lacp
Switch(config-if)# channel-group number mode {on | passive | active}
Switch(config-if)# lacp port-priority priority
First, the switch should have its LACP system priority defined (1 to 65,535; default 32,768). If desired, one switch should be assigned a lower system priority than the other so that it can make decisions about the EtherChannel’s makeup. We can configure more interfaces in the channel group number than are allowed to be active in the channel. This prepares extra standby interfaces to replace failed active ones. The lacp port-priority command allows us to configure a lower port priority (1 to 65,535; default 32,768) for any interfaces that must be active, and a higher priority for interfaces that might be held in the standby state. Otherwise, we can use the default scenario, in which all ports default to 32,768 and the lower port numbers (in interface number order) are used to select the active ports.
Troubleshooting:
show etherchannel port-channel
show etherchannel summary
show etherchannel load-balance

Spanning Tree Protocol
We can configure PortFast as a global default, affecting all switch ports with a single command. All ports that are configured for access mode (nontrunking) will have PortFast automatically enabled.
Switch(config)# spanning-tree portfast default
Switch(config)# spanning-tree uplinkfast [max-update-rate pkts-per-second]
Switch(config)# spanning-tree backbonefast

Switch(config-if)# spanning-tree guard root
Switch(config)# spanning-tree portfast bpduguard default
Switch(config-if)# [no] spanning-tree bpduguard enable
Switch(config)# spanning-tree loopguard default
Switch(config-if)# [no] spanning-tree guard loop
Switch(config)# udld {enable | aggressive | message time seconds}
Switch(config-if)# udld {enable | aggressive | disable}
Switch(config)# spanning-tree portfast bpdufilter default
Switch(config-if)# spanning-tree bpdufilter {enable | disable}
The default keyword indicates that BPDU filtering will be enabled automatically on all ports that have PortFast enabled. If PortFast is disabled on a port, then BPDU filtering will not be enabled there.

Troubleshooting
Switch# show spanning-tree
Switch# show spanning-tree detail
Switch# show spanning-tree [vlan vlan-id] summary
Switch# show spanning-tree [vlan vlan-id] root
Switch# show spanning-tree [vlan vlan-id] bridge
Switch# show spanning-tree interface type port
Switch# show spanning-tree uplinkfast/backbonefast
We can display switch ports that Root Guard (and not only Root Guard) has put into the root-inconsistent state with the following command: 
Switch# show spanning-tree inconsistentports
Switch# show udld [type mod/num]
Switch# udld reset - reenable ports that UDLD aggressive mode has errdisabled.
Very useful commands not only for spanning tree:
Router#show int status
Router#show int status err-disabled
MST - ?
■HSRP
Switch(config-if)# standby group priority priority
Switch(config-if)# standby group timers [msec] hello [msec] holdtime
Switch(config-if)# standby group preempt [delay [minimum seconds] [reload seconds]]
Switch(config-if)# standby group authentication string   - plain text auth
Switch(config-if)# standby group authentication md5 key-string [0 | 7] string
Switch(config-if)# standby group track type mod/num [decrementvalue]
Switch(config-if)# standby group ip ip-address [secondary]
Troubleshooting
Router# show standby [brief] [vlan vlan-id | type mod/num] 

■VRRP
Troubleshooting
Switch# show vrrp [brief]

■GLBP

Switch(config-if)# glbp group priority level
Switch(config-if)# glbp group preempt [delay minimum seconds]
Hello messages are sent at hellotime intervals, with a default of 3 seconds. If hellos are not received from a peer within a holdtime, defaulting to 10 seconds, that peer is presumed to have failed.
Switch(config-if)# glbp group timers [msec] hellotime [msec] holdtime
The redirect timer is used to determine when the AVG will stop using the old virtual MAC address in ARP replies. The AVF corresponding to the old address continues to act as a gateway for any clients that try to use it.
When the timeout timer expires, the old MAC address and the virtual forwarder using it are flushed from all the GLBP peers. The AVG assumes that the previously failed AVF will not return to service, so the resources assigned to it must be reclaimed.
Switch(config-if)# glbp group timers redirect redirect timeout
GLBP also can use a weighting function to determine which router becomes the AVF for a virtual MAC address in a group. Each router begins with a maximum weight value (1 to 254). As specific interfaces go down, the weight is decreased by a configured amount. GLBP uses thresholds to determine when a router can and cannot be the AVF. If the weight falls below the lower threshold, the router must give up its AVF role. When the weight rises above the upper threshold, the router can resume its AVF role. By default, a router receives a maximum weight of 100. If you want to make a dynamic weighting adjustment, GLBP must know which interfaces to track and how to adjust the weight.
Switch(config)# track object-number interface type mod/num {line-protocol | ip routing}
The maximum weight can range from 1 to 254 (default 100).
Switch(config-if)# glbp group weighting maximum [lower lower] [upper upper]
Switch(config-if)# glbp group weighting track object-number [decrement value]

Switch(config-if)# glbp group load-balancing [round-robin | weighted | hostdependent]
Switch(config-if)# glbp group ip [ip-address [secondary]]
Troubleshooting
show glbp [brief]

■Using ACL's in a switch

vlan access-map map-name [sequence]
 math {ip | mac} {acl-name | acl - number}
 action {drop | forward | redirect type mod/num}
 exit

vlan filter map-name vlan-list vlan-list

Troubleshooting:
show vlan filter
show vlan access-map

Posted by at
Labels: , ,

No comments:

Post a Comment

Subscribe to: Post Comments (Atom)