Annex

This chapter contains the following sections:

Managing the Stack of Switches

Switches can either function on their own, or they can be connected into a stack of switches. By default, a device is always stackable, but has no stack port. All ports on the switches are network ports by default. You can look at a switch without any stack port as the active unit in a stack of only itself. You can also look at a switch without any stack port as a standalone switch. To stack two or more devices, reconfigure the desired network ports as stack ports in the switches and connect the switches with the resulting stack ports in a ring or chain topology.

The switches (units) in a stack are connected through stack ports. These switches are then collectively managed as a single logical switch. In some cases, stack ports can become members in Link Aggregation Groups (LAGs) increasing the bandwidth of the stack port.

The stack is based on a model of a single active/standby and multiple members. A stack provides the following benefits:

  • Network capacity can be expanded or contracted dynamically. By adding a unit, the administrator can dynamically increase the number of ports in the stack while maintaining a single point of management. Similarly, units can be removed to decrease network capacity.

  • The stacked system supports redundancy in the following ways:

    • The standby unit becomes the active of the stack if the original active fails.

    • The stack system supports two types of topologies: chain and ring. In ring topology, if one of the stack ports fails, the stack continues to function in chain topology.

    • A process known as Fast Stack Link Failover is supported on the ports in a ring stack to reduce the duration of data packet loss when one of the stack ports link fails. Until the stack recovers to the new chain topology, a stack unit loops back the packets that are supposed to be sent through its failed stacking port, and transmits the looped back packets through its remaining stacking port to the destinations. During Fast Stack Link failover, the active/standby units remain active and functioning.

Stack Topology

The units in a stack can be connected in one of the following types of topologies:

  • Chain Topology—Each unit is connected to the neighboring unit, but there is no cable connection between the first and last unit.

  • Ring Topology—Each unit is connected to the neighboring unit. The last unit is connected to the first unit. The following shows a ring topology of an eight-unit stack:

A ring topology is more reliable than a chain topology. The failure of one link in a ring does not affect the function of the stack, whereas the failure of one link in a chain connection might cause the stack to be split.

Topology Discovery

A stack is established by a process called topology discovery. This process is triggered by a change in the up/down status of a stack port. The following are examples of events that trigger this process:

  • Changing the stack topology from a ring to a chain

  • Merging two stacks into a single stack

  • Splitting the stack

  • Inserting other member units to the stack, for instance because the units previously disconnected from the stack due to a failure. This can happen in a chain topology if a unit in the middle of the stack fails.

During topology discovery, each unit in a stack exchanges packets, which contain topology information. After the topology discovery process is completed, each unit contains the stack mapping information of all units in the stack.

Unit Failure in Stack

If the active unit fails, then the standby unit will take over the primary role and continues to operate the stack normally.

For the standby switch to be able to take the place of the active switch, both units remain on reserve at all times. When on reserve mode, the active switch and its standby switches are synchronized with a static configuration (contained in both the Startup and Running configuration files). The standby switch configuration file remains on the previous active switch.

Dynamic process-state information, such as the STP state table, dynamically-learned MAC addresses, dynamically-learned Smartport types, MAC Multicast tables, LACP, and GVRP are not synchronized. When an active switch is being configured, it synchronizes with the standby unit immediately. Synchronization is performed as soon as a command is executed. This is transparent.

If a unit is inserted into a running stack, and is selected as a standby unit, the active switch synchronizes it so that it has an up-to date configuration, and then generates a SYNC COMPLETE SYSLOG message. This is a unique SYSLOG message that appears only when standby is converging with the active unit, and looks like this: %DSYNCH-I-SYNCH_SUCCEEDED: Synchronization with unit 2 is finished successfully.

Active / Standby Switchover

When a active switch fails on the stack, a switchover occurs. The standby unit becomes the active, and all of its processes and protocol stacks are initialized to take responsibility for the entire stack. As a result, there is temporarily no traffic forwarding in this unit, but member units remain active.


Note

When STP is used and the ports are in link up, the STP port’s state is temporarily Blocking, and it cannot forward traffic or learn MAC addresses. This is to prevent spanning tree loops between active units.

Member Unit Handling

While the standby unit becomes the active switch, the member units remain active and continue to forward packets based on the configuration from the original active switch. This minimizes data traffic interruption in units. After the standby unit has completed the transition to the active state, it initializes the member units one at a time by performing the following operations:

  • Clear and reset the configuration of the member unit to default (to prevent an incorrect configuration from the new active unit). As a result, there is no traffic forwarding on the member unit.

  • Apply related user configurations to the member unit.

  • Exchange dynamic information such as port STP state, dynamic MAC addresses, and link up/down status between the new active and member unit. Packet forwarding on the member unit resumes after the state of its ports are set to forwarding by the active switch according to STP.


    Note

    Packet flooding to unknown Unicast MAC addresses occurs until the MAC addresses are learned or relearned.

Reconnecting the Original Active Unit after Failover

After failover, if the original active switch is connected again, the active selection process is performed. If the original active switch (unit 1) is reselected to be the active unit, the current active switch (unit 2, which was the original backup unit) is rebooted and becomes the backup once again.


Note

During active unit failover, the uptime of the standby unit is retained.

Stack Ports

All ports on the device are network (uplink) ports by default. To connect units, you must change the types of the ports to be used to connect the devices as stack ports. These ports are used to transfer data and protocol packets among the units

Stack Port Link Aggregation

When two neighboring units are connected, the stack ports connecting them are automatically assigned to a stack LAG. This feature enables increasing the stack bandwidth of the stack port beyond that of a single port. There can be up to two stack LAGs per unit.

The stack LAG can be composed of between two and up to the maximum number of stack ports depending on the unit type.

Stack Port States

Stack ports can be in one of the following states:

  • Down—Port operational status is down or stack port operational status is up, but traffic cannot pass on the port.

  • Active—Stack port was added to a stack LAG whose stack port operational status is up and traffic can pass on the port and it is a member of a stack LAG.

  • Standby—Stack port operational status is up and bidirectional traffic can pass on the port, but the port cannot be added to a stack LAG, and the port does not transmit traffic. Possible reasons for a port being in standby are:

    • Stack ports with different speeds are used to connect a single neighbor.

Physical Constraints for Stack LAGs

  • A stack LAG must contain ports of the same speed.

  • When attempting to connect a unit to a stack whose topology is not a ring/chain (for example, trying to connect a unit to more than two neighboring units - star topology), only two stack LAGs can be active, the remainder of the stack ports are set to standby mode (inactive).

Auto Selection of Port Speed

The stacking cable type is discovered automatically when the cable is connected to the port (auto-discovery is the default setting). The system automatically identifies the stack cable type and selects the highest speed supported by the cable and the port.

A SYSLOG message (informational level) is displayed when the cable type is not recognized.

Link Aggregation

Link aggregation allows you combine multiple Ethernet links to a single link between two network devices. The most common combinations involve connecting a switch to another switch, a server, a network attached storage (NAS) device, or a multiport WiFi access point.

Network devices and management functions treat the link aggregation group (LAG) of multiple Ethernet connections as a single link. For example, you can include a LAG in a virtual local area network (VLAN). You can also configure more than one LAG on the same switch, or add more than two Ethernet links to the same LAG (the maximum number of links per LAG depends on your device).

Some network devices support Link Aggregation Control Protocol (LACP), which helps to prevent errors in the link aggregation setup process.

Link Agregation Benefits

Link Aggregation offesr the following benefits:

  • Increased reliability and availability - If one of the physical links in the LAG goes down, traffic reassigned to another physical links.

  • Better use of physical resources - Traffic can be load-balanced across the physical links.

  • Increased bandwidth - The aggregated physical links deliver higher bandwidth than each individual link.

  • Cost effectiveness - A physical network upgrade can be expensive, especially if it requires new cable runs. Link aggregation increases bandwidth without requiring new equipment.

Link Aggregation Control Protocol (LACP)

Link Aggregation Control Protocol is an IEEE standard defined in IEEE 802.3ad. LACP lets devices send Link Aggregation Control Protocol Data Units (LACPDUs) to each other to establish a link aggregation connection. You still need to configure the LAG on each device, but LACP helps prevent one of the most common problems that can occur during the process of setting up link aggregation: misconfigured LAG settings. If the devices detect that they cannot establish a link aggregation connection, they do not try to establish it, and the link shows as “down” in the admin interface.

Another useful feature of LACP is that when one member link stops sending LACPDUs (if the cable is unplugged, for example), it is removed from the LAG. This helps to minimize packet loss.

Both devices must support LACP for you to set up a dynamic LAG between those devices. We recommend using LACP instead of a static LAG whenever both devices support LACP.

Link Aggregation Set Up

The following instructions describe in general terms how to set up link aggregation between two devices in your network.

Procedure

Step 1

Make sure that both devices support link aggregation.
Step 2

Configure the LAG on each of the two devices.
Step 3

Make sure that the LAG that you create on each device has the same settings for port speed, duplex mode, flow control, and MTU size.

Step 4

Make sure that all ports that are members of a LAG have the same virtual local area network (VLAN) memberships. If you want to add a LAG to a VLAN, set up the LAG first and then add the LAG to the VLAN; do not add individual ports.

Warning 

Do not connect the devices to each other using more than one Ethernet cable until after you set up the LAG on each device. If you form multiple connections between the two devices and neither device has loop prevention, you create a network loop. Network loops can slow or stop normal traffic on your network.

Step 5

Note the ports on each device to which you add the LAG, and make sure that you connect to the correct ones. The LAG issues an alert and rejects the configuration if the port members have different settings for port speed, duplex mode, or MTU size, or if you accidentally connect ports that are not members of the LAG.

Step 6

Use Ethernet or fiber cable to connect the ports that you added to the LAG on each device.
Step 7

Verify that the port LED for each connected port on each switch is blinking green.
Step 8

Verify in the admin interface for each device that the link is up.

Configure LAG Load Balance

Procedure

Step 1

Log in to the Cisco switch by entering the Username and Password. Click Log In. By default the username and password are cisco, but since you are working on an existing network, you should have your own username and password. Enter those credentials instead.

Step 2

Navigate to Port Management > LAG Management and select the Load Balance Algorithm option. You can select either MAC Address, or IP/MAC Address. Click Apply.

Note 

By default, MAC Address is the option selected for Load Balance Algorithm.

Step 3

Next, the Success notification should appear on the screen. Click File Operations to save the configuration on the switch to startup configuration.

Step 4

The File Operations page will open. Verify that the Source File Name is selected as Running Configuration and Destination File Name is selected as Startup Configuration. Click Apply to save the configuration.

Configure a VLAN on a Switch

Virtual Local Area Network (VLAN) creation allows you to make separate broadcast domains on a switch. The broadcast domains can associate with one another with the help of a Layer 3 device such as a router. A VLAN is mainly used to form groups among the hosts regardless of where the hosts are physically located. Thus, a VLAN improves security with the help of group formation among the hosts. When a VLAN is created, it has no effect until that VLAN is attached to at least one port either manually or dynamically. One of the most common reasons to set up a VLAN is to set up a separate VLAN for voice, and a separate VLAN for data. This directs the packets for both types of data despite using the same network.

Create a VLAN

Procedure

Step 1

Log in to the web-based utility and choose VLAN Management > VLAN Settings.

Step 2

Under the VLAN Table area, click Add to create a new VLAN.

Step 3

VLAN can be added in two different methods as shown by the options below. Choose a radio button that corresponds to the desired method:

  • VLAN — Use this method to create a specific VLAN.

  • Range — Use this method to create a range VLANs.

Step 4

If you chose VLAN in Step 3, enter the VLAN ID in the VLAN ID field. The range must be between 2 to 4094.

Step 5

In the VLAN Name field, enter a name for the VLAN. For this example, the VLAN Name will be Accounting. Up to 32 characters may be used.

Step 6

Check the VLAN Interface State check box to enable the VLAN interface state; it is already checked by default. If not, the VLAN will be effectively shut down, and nothing will be able to be transmitted or received through the VLAN.

Step 7

Check the Link Status SNMP Traps check box if you want to enable the generation of SNMP traps. This is enabled by default.
Step 8

If you chose Range in Step 3, enter the range of the VLANs in the VLAN Range field. The available range is 2–4094. For this example, the VLAN Range is from 3 to 52.

Note 

Up to 100 VLANs can be created at a time.
Step 9

Click Apply.

GVRP Configuration

GVRP is supported only on COS switches. GVRP will run only on 802.1Q trunk ports and is used primarily to prune traffic from VLANs that does not need to be passed between trunking switches. Use the following steps to configure GVRP. To ensure that port remains in General mode it is strongly advised to disable smartport macro auto on each interface participating in GVRP.

Procedure

Step 1

Configure the switch with the desired VLANs. For example, you can configure the following settings:

  • Switch 1 can be assigned a VLAN ID of 1 as the default, then 300, 400 and 500.

  • Switch 2 can be assigned a VLAN ID of 1 as the default.

  • Switch 3 can be assigned a VLAN ID of 1 as the default, then 100 and 200.

Step 2

To enable GVRP on an interface, it must be configured in General Mode, otherwise the switch will not send any GARP messages.

Step 3

Enable GVRP globally. By default GVRP is not enabled for the switch. You must first enable GVRP on the switch before you can configure the 802.1Q ports for GVRP operation.

Step 4

Configure the port for 802.1Q operation. GVRP will run only on ports that are configured for 802.1Q trunking.
Step 5

Configure the port GVRP. GVRP must be configured on both sides of the trunk to work correctly.
Step 6

(Optional) Configure the port registration mode. By default GVRP ports are in normal registration mode. These ports use GVRP join messages from neighboring switches to prune the VLANs running across the 802.1Q trunk link. If the device on the other side is not capable of sending GVRP messages, or if you do not want to allow the switch to prune any of the VLANs, use the fixed mode. Fixed mode ports will forward for all VLANs that exist in the switch database. Ports in forbidden mode forward only for VLAN 1.

Voice VLAN Configuration

This troubleshooting tip is for Voice VLAN configuration.

Procedure

Step 1

Create a VLAN on the switch. For example, if the data VLAN is set at 2 and the Voice VLAN is set at 5, then assign VLAN 5 in the Auto Voice VLAN tab.

Step 2

Make sure that you see the operational Voice VLAN set to 5.
Step 3

Change Display Mode from Basic to Advanced.

Step 4

Next, in the Interface Settings under VLAN Management, change the port mode from Access to Trunk.

Step 5

Next, under Port to VLAN Membership, set the data VLAN as untagged and Voice VLAN as tagged on the port that is connected to the IP phones. Do the same for the desktops and laptops that are connected to the IP phones.

Step 6

Go to IP configuration > IPv4 Interface and assign an IP to both VLAN 2 and VLAN 5.
Step 7

Create a DHCP pool for both VLANs just in case the DHCP server is enabled on the device. (Optional)
Step 8

Go to Smart port tab, make sure Smart port is enabled.

Step 9

Make sure IP Phone+Desktop is checked under Device Detection.

Step 10

Go to Smartport Type settings and select Macro for IP Phone+Desktop.

Step 11

Click on Edit. Make sure Macro Type is selected as Built-in Macro.

Step 12

Change Macro Parameters.

  • Change the Parameter2 value to the value of Data VLAN ID (in this case 2 as data VLAN is 2).

  • Parameter3 value will automatically show 5 in case you see the operational voice VLAN as 5 under Auto voice VLAN settings.
Step 13

Save the running configuration to start up configuration.

Delete a Voice VLAN


Note

If you run into an instance where you are not able to delete the voice VLAN and getting an error message: “VLAN xxx cannot be deleted because it is used as the agreed Voice VLAN”, this is because of a behavior of the Voice VLAN. By default, our switches are configured with “triggered auto voice VLAN” option set to enable on any firmware 2.5.5.x and lower. Once the switch receives the VSDP packets from other switch or CDP packets from UC router, the voice VLAN is automatically enabled.

If you want to delete the Voice VLAN for one reason or the other, you will need to follow a sequence of steps for it to succeed. Via the GUI, here what you can do:

Procedure

Step 1

Select VLAN Management > Voice VLAN > Properties, and set Dynamic Voice VLAN to Disable.

Step 2

In VLAN Management > Voice VLAN > Properties, and set Voice VLAN Id to 1 (this is to remove the Voice ID that is being used in the setup and set the value to default 1).

Step 3

Return back to VLAN Management > VLAN Settings and delete the VLAN that was being used as the Voice VLAN

Note 

However, that if you re-enable Dynamic Voice VLAN, the VLAN you removed will automatically be re-created and set as Voice VLAN.

Troubleshooting Link Flapping

This troubleshooting tip will help to resolve link flapping issues in the Cisco Business switches.


Note

Whenever link flapping occurs between switches that are either stacked or there is an uplink with the another switch; follow the steps below to get the issue resolved.

Procedure

Step 1

Make sure that both switches are upgraded to the latest firmware version and that both switches are running the same firmware.
Step 2

Disable the Discovery-Bonjour Protocol by clicking Administration > Discovery-Bonjour > Disable.

Step 3

Disable EEE (Energy Efficient Ethernet) on both the switches, by clicking Port Management>Green ethernet>Properties> 802.3 Energy Efficient Ethernet (EEE)> Disable.

Step 4

Enable Link Flap Prevention in both the switches by clicking on Port Management>Error Recovery.Next, check Enable in Link Flap Prevention to enable.

Step 5

Disable LLDP if issue persists after the Steps 1 to 4. Click Administration > Discovery-LLDP Properties > LLDP Status > Disable).

If Steps 1 to 5 do not help to resolve the link flapping, then remove all port on the port used for uplink/stacking.

Important: In case stacking is configured then you must remove the ports from stacking and configure them again.

Identifying Link Flapping

A link flap occurs when a physical interface on the switch continually goes up and down, three or more times a second for duration of at least ten seconds. The common cause is usually related to bad, unsupported, or non-standard cable or Small Form-Factor Pluggable (SFP) or related to other link synchronization issues. The cause for link flapping can be intermittent or permanent.

Since link flapping tends to be a physical interference, this section explains the steps that can be taken to diagnose and prevent it.

Procedure

Step 1

Try changing cables and monitor. If the issue persists, proceed to Step 2
Step 2

Go to Status and Statistics > Diagnostics > Copper Test.

Step 3

Select the Port from the drop-down menu and click on Copper Test.

Step 4

A warning will appear. Be aware that the port will be shut down for a short period of time. Choose OK.

Step 5

The Test Results will be displayed. If it says OK, it is most likely not the cable. If the results are not OK, change the cable and repeat the copper test to confirm that it is not the cable.

Analyzing your Topology

To confirm it is a physical problem and not a configuration issue on the switch, you need to analyze the devices connected to your switch. Check the following:

  1. What devices are connected to the switch?

    • Analyze each device connected to the switch. Have you experienced any issues with those devices?

  2. Which ports are causing the problem and which devices are connected to those ports?

    • Test the ports by connecting other devices and verifying if the problem continues.

    • See if the device is causing issues on another port.

  3. Is it the port or the device?

    • Determining whether it is the port, or the device determines how to continue the troubleshooting process.

    • If it is the device, you may have to contact support management for that device.

    • If you have determined it is the port, it is time to check whether the issue is related to configuration or a physical one.

Configure Link Flap Prevention

Link flap prevention minimizes the disruption to switch and network operations in a link flap situation. It stabilizes the network topology by automatically setting the ports that experience excessive link flap events to err-disable. This mechanism also provides time to debug and locate the root cause for the flapping. A Syslog message or Simple Network Management Protocol (SNMP) trap is sent to alert regarding link flap and port shutdown. The interface will become active again only if specifically enabled by you or your system administrator.

Procedure

Step 1

Log into your switch Web User Interface (UI).
Step 2

Change to Advanced Mode.

Step 3

Go to Port Management > Port Settings.

Step 4

Check the Enable box for Link Flap Prevention. Press Apply.

Step 5

Click on Save to save your configurations.

Spanning Tree Protocol

Spanning Tree Protocol (STP) is a Layer 2 link management protocol that provides path redundancy while preventing loops in the network. For a Layer 2 Ethernet network to function properly, only one active path can exist between any two stations. Multiple active paths among end stations cause loops in the network. If a loop exists in the network, end stations might receive duplicate messages..

The STP uses a spanning-tree algorithm to select one switch of a redundantly connected network as the root of the spanning tree. The algorithm calculates the best loop-free path through a switched Layer 2 network by assigning a role to each port based on the role of the port in the active topology:

  • Root—A forwarding port elected for the spanning-tree topology

  • Designated—A forwarding port elected for every switched LAN segment

  • Alternate—A blocked port providing an alternate path to the root bridge in the spanning tree

  • Backup—A blocked port in a loopback configuration

The switch that has all of its ports as the designated role or as the backup role is the root switch. The switch that has at least one of its ports in the designated role is called the designated switch.

STP provides a tree topology for any arrangement of switches and interconnecting links, by creating a unique path between end stations on a network, and thereby eliminating loops.

The device supports the following Spanning Tree Protocol versions:

  • Classic STP - Provides a single path between any two end stations, avoiding and eliminating loops.

  • Rapid STP (RSTP) - Detects network topologies to provide faster convergence of the spanning tree. This is most effective when the network topology is naturally tree-structured, and therefore faster convergence might be possible. RSTP is enabled by default.

  • Multiple STP (MSTP) - MSTP is based on RSTP. It detects Layer 2 loops, and attempts to mitigate them by preventing the involved port from transmitting traffic. Since loops exist on a per-Layer 2-domain basis, a situation can occur when a port is blocked to eliminate a STP loop. Traffic will be forwarded to the port that is not blocked, and no traffic will be forwarded to the port that is blocked. This is not an efficient usage of bandwidth as the blocked port will always be unused. MSTP solves this problem by enabling several STP instances, so that it is possible to detect and mitigate loops separately in each instance. This enables a port to be blocked for one or more STP instances but non blocked for other STP instances. If different VLANs are associated with different STP instances, then their traffic will be relayed based on the STP port state of their associated MST instances. Better bandwidth utilization results.

  • PVST+ /RPVST+ - (Rapid) Per VLAN Spanning Tree

    • PVST+ is a protocol that runs a separate instance of the 802.1Q STP standard protocol per VLAN

    • Rapid PVST+ is a protocol that runs a separate instance of the 802.1Q RSTP standard protocol per VLAN.

      As part of PVST/RPVST+ operation, a separate PVST frame is sent for each VLAN defined on a port. This enables maintaining state and topology per each VLAN

  • SSTP - Cisco switches use special Shared Spanning Tree Protocol (SSTP) BPDUs to exchange PVST+ and rapid PVST+ spanning tree topology information. They transmit SSTP BPDUs to the Cisco shared spanning tree MAC address 01-00-0C-CC-CC-CD. These BPDUs have a format based on a proprietary enhancement of IEEE standard 802.1Q. On the native VLAN, these BPDUs are untagged. When a port is configured in trunk mode with multiple VLANs, then it transmits the SSTP BPDUs on that port tagged for those VLANs.

You can

Interoperation between spanning tree protocols

There are two main aspects to the interoperation of IEEE standard MSTP (including RSTP and STP) with PVST+ (and rapid PVST+). The first involves forming a common spanning tree between switches and regions running MSTP and PVST+. The second involves tunnelling PVST+ spanning trees across MSTP regions.

When a Cisco switch configured with PVST+ receives IEEE standard RSTP BPDUs on a port, it recognises them, and sends two versions of BPDUs on the port: SSTP format BPDUs and IEEE standard STP BPDUs. Similarly, a switch configured with rapid PVST+ recognises IEEE standard RSTP BPDUs, and on any port that receives RSTP BPDUs, it sends two versions of BPDUs: SSTP format and IEEE standard RSTP format BPDUs.

There are differences between the ways that MSTP and PVST+ map spanning tree instances to VLANs: we know that PVST+ creates a spanning tree instance for every VLAN, whereas MSTP maps one or more VLANs to each MST instance. At the point where a PVST+ region meets an MSTP region, the set of PVST+ instances does not generally match the set of MST instances. Therefore, the PVST+ region and the MSTP region need to communicate with each other on a single common spanning tree instance.

Interoperation between an MSTP region and a PVST+ region via the Common Spanning Tree is achieved as follows.

MST and PVST+ both offer loop-free layer two topologies but they each use a different approach:

  • MST maps multiple VLANs to an instance, reducing the number of spanning-tree instances.

  • PVST+ calculates an instance for each spanning-tree instance.

PVST+ sends BPDUs for each instance/VLAN so you could let MST process each BPDU separately with the instance that is configured for the VLAN.

When an MST region is connected to a PVST+ topology, MST simulates PVST+ with a PVST simulation mechanism. The MST region will send PVST+ BPDUs (one for each VLAN) on the interfaces that are connected to PVST+ switches. These BPDUs all carry the same information and advertise the same root bridge. The interfaces that connect to the PVST+ topology are called boundary interfaces/ports. Since PVST+ switches now receive BPDUs for each VLAN from MST carrying the same information, they will all make the same decisions when selecting a root bridge, root port, etc.

It is easiest to configure your network so that the MST region is the root bridge in your network. If your PVST+ domain has the root bridge, then MST will use the same root port for all VLANs. If the root bridge is in your MST region, then you change the cost per VLAN on your PVST+ switches to use different root ports and use a bit of load balancing.

Multicast

Multicast offers an efficient communication mechanism for sending messages to multiple recipients in separate locations. It is also capable of supporting many-to-many and many-to-one communication.

Multicast applications use User Datagram Protocol (UDP) on IP. Messages are sent by a source (called the sender) and will send messages (termed as a stream) even if there is not another device on the network interested in receiving that information. Receivers, on the other hand, must subscribe to a particular multicast stream in order to inform the network to forward those messages.

IP multicasting is an efficient way to use network resources, especially for bandwidth-intensive services such as audio and video. IP multicast routing enables a host (source) to send packets to a group of hosts (receivers) anywhere within the IP network by using a special form of IP address called the IP multicast group address. The sending host inserts the multicast group address into the IP destination address field of the packet, and IP multicast routers and multilayer switches forward incoming IP multicast packets out all interfaces that lead to members of the multicast group. Any host, regardless of whether it is a member of a group, can send to a group. However, only the members of a group receive the message

Default IP Multicast Routing Configuration

This table displays the default IP multicast routing configuration.

Table 1. Default IP Multicast Routing Configuration

Feature

Default Settings

Multicast routing

Disabled on all interfaces.

Candidate BSRs

Disabled.

Candidate RPs

Disabled.

Shortest-path tree threshold rate

0 kb/s.

Understanding IGMP

Internet Group Management Protocol (IGMP) is a protocol designed for multicast purposes. With IGMP, you can establish group memberships between different users within a network. IGMP is mainly used for multimedia streaming, such as video-chat, between different users in a network. Snooping is the term used when a third party in a communication listens or observes the current connection data traffic. Therefore, IGMP Snooping is a process that listens specifically to multicast traffic. You can enable IGMP Snooping to forward multicast traffic to only already registered multicast clients on specific ports of the switch. This way, the multicast frames are only forwarded to a specific multicast client within a VLAN instead of to all the users in that VLAN.

Multicast is the network layer technique used to transmit data packets from one host to selected hosts in the network. At the lower layer, the switch broadcasts the multicast traffic on all ports, even if only one host needs to receive it. Internet Group Management Protocol (IGMP) snooping is used to forward Internet Protocol version 4 (IPv4) multicast traffic to the desired host. On the other hand, Multicast Listener Discovery (MLD) snooping is used to forward Internet Protocol version 6 (IPv6) multicast traffic to the desired hosts.

When IGMP is enabled, it detects the IGMP messages exchanged between the IPv4 router and the multicast hosts attached to the interfaces. It then maintains a table that restricts IPv4 multicast traffic and forwards them dynamically to the parts that need to receive them.

The following configurations are prerequisites for configuring IGMP.

  1. Configure Virtual Local Area Network (VLAN).

  2. Enable Bridge Multicast Filtering.

When MLD is enabled, it detects the MLD messages exchanged between the IPv6 router and the multicast hosts attached to the interfaces. It then maintains a table that restricts IPv6 multicast traffic and forwards them dynamically to the ports that need to receive them.

Configuring IGMP Snooping for Multicast Forwarding

For IGMP to work, an IGMP querier is required. While a Multicast router is more appropriate in Multicast handling, the Cisco Small Business Switches can fulfil part of that role as long as the configuration is done properly.

Because of IGMP snooping is linked to the VLAN to which multicast traffic is flowing, one can think of having a multicast sever located in one VLAN while the subscriber is located in a different VLAN.

In this setup, 2 VLANs will be used. One VLAN where multicast traffic will take place, VLAN 115, and the second VLAN is the default; in our case, it is VLAN 1.

Procedure

Step 1

For the VLAN assignment, Switch B, the non-querier switch is uplinked to SW A, the querier through their ports 3. Both ports will be set as Trunk 1U, 115T (VLAN 1 untagged, VLAN 115 tagged).

  1. Port 1 of switch A will have the Multicast server connected to it, VLAN 115U, Access

  2. Port 2 of switch A will have the subscriber connected to it, VLAN 115U, Access

  3. Port 1 of switch B will have the subscriber connected to it, VLAN 115U, Access

  4. Port 2 of switch B will have the subscriber connected to it, VLAN 115U, Access

  5. Port 10 of Switch A will have the router connected to it, VLAN 1U, 115T, Trunk
Step 2

The port on the router to which the switch is connected to should be a trunk port VLAN 1U, 115T. Make sure corresponding IP addresses, and DHPC settings are set as appropriate.

Step 3

Go to the main configuration page for Multicast > IGMP Snooping on the switch. The location of this page will be different based on the switch model.

Step 4

Check Enable for the following:

  • IGMP Snooping Status

  • IGMP Querier Status
Step 5

Next, select VLAN 115 and click Edit.

Step 6

Check Enable to enable IGMP Snooping Status.

Step 7

Check MRouter Ports Auto Learn to enable. This option is for the switch to automatically learn where the querier (Multicast Router) is located. Therefore, do no check this option if the switch will be acting as the querier.

Step 8

Check Immediate Leave to enable. This option can be enabled or disabled without fear of side effects to IGMP Snooping functionality. When enabled, it is meant to reduce the time it takes to block unnecessary IGMP traffic sent to a device port.

Step 9

Leave the Last Member Query Counter to its default setting and close the window to proceed to the next step.
Step 10

Go back to the main configuration page for Multicast > IGMP Snooping on the switch. The location of this page will be different based on the switch model.

Step 11

Check IGMP Querier Status to enable. Only enable this option if this switch will be acting as a querier, otherwise, leave it alone. In our case, only one querier is being set.

Step 12

Next, select VLAN 115 and click Edit.

Step 13

Check IGMP Querier Status to enable the switch to act as a querier. Please do so only if this switch is intended to act as a querier. In most setup, only one querier is needed.

Step 14

Check IGMP Querier Election. This option can be used to manage a situation where more than 1 querier in the VLAN is being used and that IGMP Querier Status is globally enabled on the second querier.

Step 15

Select the IGM Querier version, (version 2 or version 3). Most of the time it will be version 2 since selecting version 3 is used when there are switches and /or routers in the VLAN that perform source-specific IP Multicast forwarding.

Step 16

Select “User Defined” for “Querier Source IP address” and select the IP address of the switch that is acting as the querier.

Step 17

Now that tweaks have been made on snooping page, we need to enable Bridge multicast Filtering to make the whole thing to work. Go to Multicast > Properties on the web UI of the switch.

Step 18

Check Bridge Multicast Filtering Status to enable the switch to handle multicast in concert with IGMP snooping. If this feature is not checked, which is the default, multicast traffic is seen across all the ports.

Step 19

Select VLAN 115 or any specific VLAN. Select the “Forwarding Method”; here we selected “IP Group Address” so that Multicast IP address is seen in “Multicast /IP Multicast Group Address” table instead of MAC addresses in “Multicast /MAC Group Address” table if “MAC Group Address” was chosen instead.

Step 20

By default, Multicast Router Port is set to None. No need to adjust anything here. On a non-querier switch, the uplink port to the querier device will be selected as Dynamic. To check on this, select VLAN 115, hit “go” and note port 3 is selected on Dynamic row. This is to indicate that switch B is a non-querier but has detected a querier on its uplink port.

Step 21

Click Multicast > Forward All and make sure that it is set to None. It is normally set to "None" by default. This also apllies to the querier switch.

Step 22

Click Multicast > Unregistered Multicast. The default setting is set to Forwarding all, meaning, all multicast traffic, registered or unregistered are forwarded. If you do not want unregistered traffic to be forwarded, then set it to “Filtering” which is recommended, and only keep the “Forwarding” setting selected only on ports where the Multicast server machines are connected.

Step 23

Test to see if it works. Using VLC as the video streaming program and the video subscriber client, connect the devices are shown in the diagram. From the VLC server, start streaming video and start the client to subscribe to those streams. The results:

Using VLC as the video streaming program and the video subscriber client, connect the devices are shown in the diagram. From the VLC server, start streaming video and start the client to subscribe to those streams. The results:

  • Verify that the Multicast IP address is properly populated on Multicast /IP Multicast Group Address in VLAN 115. This is an indication that the client has successfully subscribed to the Video Streams

  • In a setup of more than one switch, verify that the switch that is not acting as the querier has successfully identified the querier. On a non-querier switch, the uplink port to the querier device will be selected as Dynamic. To check on this, select VLAN 115, hit go and note port 3 is selected on Dynamic row. This is to indicate that this SW B is a non-querier but has detected a querier on its uplink port.

Step 24

By default, multicast traffic is set on all ports on the switch until Multicast Bridge Filtering is enabled. If multicast traffic is emanated from VLAN x while subscribers are on VLAN y, the above configuration will not work. The use of Multicast TV can be used to accommodate this special configuration.

QoS

Quality of Service provides different priority to one or more types of traffic over other levels for different applications, data flows, or users to guarantee performance.QoS looks at many different variables that exist on an network in order to make decisions on how it is going to deal with the issue.

Problems that QoS Deals With

  • Delay - less than ideal routes to the destination networks, and delays such as these can make some applications such as VoIP, fail.

    • Main reason to use QoS is real–time applications (RTA)

  • Dropped Packets - Buffers are full and packets do not get processed in time so they are dropped. In a contention link QoS would prioritize traffic, so less important traffic would be dropped.

  • Errors - Packets get corrupted for many reasons, but since we use TCP we will keep re-transmitting until we receave an ACK and that causes retransmissions and delays.

  • Jitter - Packets may take multiple paths to a destination and may not be the most optimal path. This variation causes delays, which is called jitter. Jitter should be below 30 ms. Packet loss shouldn't be more than 1%

  • Out of Order Delivery - Due to packets using varying paths to reach a destination, applications at the receiving end may take longer than expected to re-order the packets and cause delays and drops. QoS will ensure that applications with a required level of predictability will receive the needed bandwidth

QoS Mechanisms

  • Classification - supported by a class-oriented QoS mechanism.

  • Congestion Management - Used to prioritize the transmission of packets, with a queuing mechnaism on each interface.

  • Policing -Used to enforce a rate limit by dropping or marking down packets.

  • Shaping - Used to enforce a rate limit by delaying packets, using buffers.

To configure general QoS parameters, perform the following:

Procedure

Step 1

Enable QoS by using the QoS Properties page to select the trust mode. Then enable QoS on ports by using the Interface Settings page.

Step 2

Assign each interface a default CoS or DSCP priority by using the QoS Properties page.
Step 3

Assign the schedule method (Strict Priority or WRR) and bandwidth allocation for WRR to the egress queues by using the Queue page.

Step 4

Designate an egress queue to each IP DSCP/TC value with the DSCP to Queue page. If the device is in DSCP trusted mode, incoming packets are put into the egress queues based on the their DSCP/TC value.

Step 5

Designate an egress queue to each CoS/802.1p priority. If the device is in CoS/802.1 trusted mode, all incoming packets are put into the designated egress queues according to the CoS/802.1p priority in the packets. This is done by using the CoS/802.1p to Queue page.

Step 6

Enter bandwidth and rate limits in the following pages:

  1. Set egress shaping per queue by using the Egress Shaping Per Queue page.

  2. Set ingress rate limit and egress shaping rate per port by using the Bandwidth page.

SNMP

SNMP is an application-layer protocol that provides a message format for communication between managers and agents. The SNMP system consists of an SNMP manager, an SNMP agent, and a MIB. The SNMP manager can be part of a network management system (NMS) such as CiscoWorks. The agent and MIB reside on the switch. To configure SNMP on the switch, you define the relationship between the manager and the agent.

SNMP usually is associated with managing routers, but it’s important to understand that it can be used to manage many types of devices. The switch functions as SNMP agent and supports SNMPv1, v2, and v3.

The SNMP agent contains MIB variables whose values the SNMP manager can request or change. A manager can get a value from an agent or store a value into the agent. The agent gathers data from the MIB, the repository for information about device parameters and network data. The agent can also respond to a manager’s requests to get or set data.

An agent can send unsolicited traps to the manager. Traps are messages alerting the SNMP manager to a condition on the network. Traps can mean improper user authentication, restarts, link status (up or down), MAC address tracking, closing of a TCP connection, loss of connection to a neighbor, or other significant events.

SNMP Versions

The Internet Engineering Task Force (IETF) is responsible for defining the standard protocols that govern Internet traffic, including SNMP. The IETF publishes Requests for Comments (RFCs), which are specifications for many protocols that exist in the IP realm. Documents enter the standards track first as proposed standards, then move to draft status. When a final draft is eventually approved, the RFC is given standard status—although there are fewer completely approved standards than you might think. Two other standards-track designations, historical and experimental , define (respectively) a document that has been replaced by a newer RFC and a document that is not yet ready to become a standard. The following list includes all the current SNMP versions and the IETF status of each.

  • SNMP Version 1 (SNMPv1 ) is the initial version of the SNMP protocol. It’s defined in RFC 1157 and is a historical IETF standard. SNMPv1’s security is based on communities, which are nothing more than passwords: plain-text strings that allow any SNMP-based application that knows the strings to gain access to a device’s management information. There are typically three communities in SNMPv1: read-only, read-write, and trap. It should be noted that while SNMPv1 is historical, it is still the primary SNMP implementation that many vendors support.

  • SNMP version 2 (SNMPv2 ) is often referred to as community-string-based SNMPv2.

  • SNMP version 3 (SNMPv3 ) is the latest version of SNMP. Its main contribution to network management is security. It adds support for strong authentication and private communication between managed entities.

To control access to the system, a list of community entries is defined. Each community entry consists of a community string and its access privilege. The system responds only to SNMP messages specifying the community which has the correct permissions and correct operation.

SNMP agents maintain a list of variables that are used to manage the device. These variables are defined in the Management Information Base (MIB).

Table 2. SNMP Versions and Security Levels

Version

Level

Authentication

Encryption

SNMPv1

noAuthNoPriv

Community string

No

SNMPv2C

noAuthNoPriv

Community string

No

SNMPv3

noAuthNoPriv

Username

No

SNMPv3

authNoPriv

Message Digest 5 (MD5) or Secure Hash Algorithm (SHA)

No

SNMPv3

authPriv(requires the cryptographic software image)

MD5 or SHA

Data Encryption Standard (DES) or Advanced Encryption Standard (AES)


Note

Due to the security vulnerabilities of other versions, it is recommended to use SNMPv3.

SNMP Agent Functions

The SNMP agent responds to SNMP manager requests as follows:

  • Get a MIB variable—The SNMP agent begins this function in response to a request from the NMS. The agent retrieves the value of the requested MIB variable and responds to the NMS with that value.

  • Set a MIB variable—The SNMP agent begins this function in response to a message from the NMS. The SNMP agent changes the value of the MIB variable to the value requested by the NMS.

The SNMP agent also sends unsolicited trap messages to notify an NMS that a significant event has occurred on the agent. Examples of trap conditions include, but are not limited to, when a port or module goes up or down, when spanning-tree topology changes occur, and when authentication failures occur.

SNMP Community Strings

SNMP community strings authenticate access to MIB objects and function as embedded passwords. In order for the NMS to access the switch, the community string definitions on the NMS must match at least one of the three community string definitions on the switch.

A community string can have one of these attributes:

  • Read-only (RO)—Gives read access to authorized management stations to all objects in the MIB except the community strings, but does not allow write access

  • Read-write (RW)—Gives read and write access to authorized management stations to all objects in the MIB, but does not allow access to the community strings.

  • When a cluster is created, the command switch manages the exchange of messages among member switches and the SNMP application. The Network Assistant software appends the member switch number ( @esN, where N is the switch number) to the first configured RW and RO community strings on the command switch and propagates them to the member switches.

Supported MIBs

Management Information Base (MIBs) are collections of definitions which define the properties of the managed object within the device to be managed. For a list of supported MIBs, visit the following URL and navigate to the download area listed as Cisco MIBS:

http://www.cisco.com/cisco/software/navigator.html

Configure Switchport Mode Via SNMP

To configure switchport mode via SNMP on your switch, follow these steps:

Procedure

Step 1

Connect the switch via console port and reset the switch back to factory default.

Step 2

Enable SNMP and configure the community name for Read and Write privilege.
Step 3

From a MIB browser of choice (I.e: MG-Soft), select vlanPortModeState and right click.

Step 4

Next, select Set.

Step 5

The Select Table Instance(s) will appear. The table will include an instance ID which corresponds to an interface ID and the Valude column value which corresponds to the switch port.

Example:

Instance 1 is for interface GigabitEthernet 1/0/1

Example:

Instance 3 is for Interface GigabitEthernet 1/0/3.

The Value indicates that the interface switchport mode is accessed.

General mode

10

Private-VLAN permiscouos mode

13

Access mode

11

Private-VLAN host mode

14

Trunk mode

12

Customer

15
Step 6

Select Instance 3 and change the interface GigabitEthernet 1/0/3 switchport mode to General.

Step 7

Then, repeat the setps for trunk mode.

Create or Add a VLAN Via SNMP

To create or add a VLAN on your switch, follow these steps:

Procedure

Step 1

Connect the switch via a console port and reset the switch back to factory default.

Step 2

Enable SNMP and configure the community name for Read and Write privilege.
Step 3

Run a show run command.
Step 4

From MIB browser of choice, I am using MG-Soft, select rldot1qVlanStaticListTable MIB container and run Get Bulk operation.
Step 5

Refer to the slide above to create or add a VLAN.

  1. Add VLANs 2-14, 16.

  2. Select rldot1qVlanStaticList1to1024.

  3. Open “Set” operation window.

  4. Set the VLAN values in Octet format ”# 0x7F 0xFD.

Example:

VLAN ID. 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16

Octet bits 0 1 1 1 1 1 1 1 1 1 1 1 1 1 0 1

Octet in Hex 7 F F D
Step 6

Click Set to add the VLANs.

Step 7

Complete the following if you wish to add an extra VLAN 1024.

  1. With the Set operation window open, click on Value to Set to refresh icon. The field will be updated with “rldot1qVlanStaticList1to1024.

  2. Right scroll inside the field until the last octet to set 1024th bit value to 1.

  3. Click Set

There are 4 self explanatory VLAN lists:

  • rldot1qVlanStaticList1to1024

  • rldot1qVlanStaticList1025to2048

  • rldot1qVlanStaticList2049to3072

  • rldot1qVlanStaticList3073to4094

Reboot Reset Via SNMP

To reset the switch back to factory default settings, follow these steps:

Procedure

Step 1

Connect the switch via console port and reset the switch back to factory default.
Step 2

Enable SNMP and configure community name for Read and Write privelege.
Step 3

Save the configuration.
Step 4

Run show command.
Step 5

From MIB browser of choice (i.e. MG-Soft), select rndAction MIB.
Step 6

Right click and select Set.
Step 7

Next to the Value to Set field, you will find 2 icons.

  1. Click Select From Value List.

  2. From the drop-down list, select Reset and click OK.

  3. Next, click Set.

  4. After the switch reboots, login with username and password and repeat the steps by selecting resetTo Factory Default(27). After the reboot, you will need to create a new username and password.