User Tools

Site Tools


cisco:l2_notes

Layer 2 Notes

AAA

aaa new-model
aaa authentication login default group radius local
username test password 0 cisco
radius server Test
	address ipv4 1.2.1.2 auth-port 1812 acct-port 1813
	key aaa

ip dhcp snooping configuration UDLD

Normal Mode detects that an interface has become uni-directional
	UDLD will generate a Syslog and mark the port has having an undermined state.

STP

Which of the following correctly identifies the name, and duration of the Spanning-tree timer that governs how long a port will remain in the Listening and Learning states?
	Forward Delay timer, 15-seconds

Portfast

May be enabled across all Access Ports with a single command.
May not be enabled on interfaces operating as VLAN Trunks.

MSTI and IST 802.1d

All interfaces on a switch are in VLAN 2. That switch is running the 802.1d STP. When that switch receives a Topology Change BPDU from the Root Bridge, what action will it take?
	All dynamic MAC addresses learned in VLAN 2 will have their Aging Timer modified to match the value of the Spanning-Tree Forwarding Delay.

802.1s

IEEE MST
Boundary ports
	The switch is connected to another switch running 802.1w.
	The switch is connected to another switch running 802.1d.
	The switch is connected to another switch in a different MST Region.

802.1w

IEEE Rapid Spanning-Tree
Blocking state
	Alternate
	Backup
Why ports transition to Blocking state?
	Alternate
		Received a BPDU from a different switch.
	Backup
		Received a BPDU from itself.
Rapid-PVST allows any Bridge to send a Topology Change BPDU whereas PVST+ restricts this action solely to the Root Bridge.

Loopguard PVLAN

If using VTP v1 or v2, your switch must be in VTP Transparent mode.
The Spanning-tree BPDU Guard feature is automatically enabled on PVLAN Host ports.

Switchport Security

Restrict - silently discards any frames that caused a violation and increments the Security Violation counter.
Protect - silently discards any frames
default mode is Shutdown, place the port that experienced the violation into the err-disabled state.

IP Source Guard

By default relies on the DHCP Snooping Db to accomplish its verification.
IP Source Guard must be enabled on individual interfaces.

FHRP

All routers participating in the FHRP use the same virtual IP address.
VRRP
	IP protocol 112
	If five routers, all connected to the same broadcast domain, are running VRRP, one of those routers will be servicing packets from hosts and that router will be called the VRRP Master Router.
HSRP
	HSRP sends its packets to the IP destination address of 224.0.0.2.
	If five routers, all connected to the same broadcast domain, are running HSRP, one of those routers will be servicing packets from hosts and that router will be call the HSRP Active Router.

VLANs

Default 1, 1002, 1005

PVLAN

Isolated port

Communicates only with promiscuous ports

Promiscuous port

Communicates with all other ports

Community

Communicates with other members of the community and all promiscuous ports

Example

vtp mode transparent
vlan 600
	private-vlan community
vlan 400
	private-vlan isolated
vlan 200
	private-vlan primary
	private-vlan association 400,600
int f5/1
	switchport mode private-vlan host
	switchport private-vlan host-association 200, 400
int range f 5/2 - 3
	switchport mode private-vlan host
	switchport private-vlan host-association 200, 600
int f 5/4
	switchport mode private-vlan promiscuous
	switchport private-vlan mapping 200, 400, 600
int g 0/1
	switchport mode trunk
	switchport trunk encapsulation dot1q
! Private VLAN Edge
int f 0/1
	switchport protected
int f 0/2
	switchport protected
show vlan private-vlan type
show vlan private-vlan
shw int f0/1 switchport

GLBP

Allows full use of resources on all devices without the administrative burden of creating multiple groups. Provides a single virtual IP address and multiple virtual MAC addresses. Routes traffic to single gateway distributed across routers. Provides automatic rerouting in the event of any failure.

Supports up to 1024 groups AVG load balances traffic

GLBP group members elect one AVG. AVG assigns a virtual MAC address to each member of the group. AVG replies to the ARP requests from clients with different virtual MAC addresses, thus achieving load balancing. Each router becomes an AVG for frames that are addressed to that virtual MAC address.

AVG

Active Virtual Gateway

AVF

Active Virtual Forwarder

Multicast: 224.0.0.102

Sw(config)# track 90 int f0/24 line-protocol Sw(config)# track 91 int f0/23 line-protocol Sw(config)# int vlan 10 Sw(config-if)# ip add 10.1.10.2 255.255.255.0 Sw(config-if)# glbp 1 10.1.10.1 Sw(config-if)# glbp 1 weighting 110 lower 85 upper 105 Sw(config-if)# glbp timers msec 200 msec 700 Sw(config-if)# glbp preempt delay minimum 300 Sw(config-if)# glbp 1 authentication md5 keystring xyz123 Sw(config-if)# glbp 1 weighting track 90 decrement 10 Sw(config-if)# glbp 1 weighting track 91 decrement 20

GLBP and VLAN Spanning

Both distribution switches act as a default gateway.
Blocked uplink causes traffic to take a less than optimal path.

Job Aids

Job Aids These job aids are available to help you complete the lab activity. Scenario CCNP.com is a small company that is installing an enterprise network that consists of three routers and six switches that are supporting seven hosts and an FTP server. The company has decided to implement a local VLAN model, and it has implemented a routed core level—CR1, CR2, and CR3. The distribution level (DSW1 and DSW2) and the access level (ASW1, ASW2, ASW3, and ASW4) are operating with Layer 2 switching. Interswitch Connectivity Layer 2 interswitch links have been configured as trunks that use dot1q encapsulation. Trunks between switches are operating as routed interfaces. VLAN Implementation CCNP.com has established the following VLANs: VLANs VLAN No. Name 10 ASW1 20 ASW2 30 ASW3 40 ASW4 99 Unassigned_Port_VLAN

Layer 3 Implementation CCNP.com is using EIGRP as the routing process with an AS of 10. IP address assignments were allocated from the following table: IP Addressing Segment IP Address Notes CR1—loopback 0 172.16.0.1/32

CR2—loopback 0 172.16.0.2/32

CR3—loopback 0 172.16.0.3/32

VLAN 1 172.16.0.16/28 CR2—172.16.0.17/28 (e0/1.1) CR3—172.16.0.18/28 (e0/1.1) DSW1—172.16.0.19/28 DSW2—172.16.0.20/28 ASW1—172.16.0.21/28 ASW2—172.16.0.22/28 ASW3—172.16.0.23/28 ASW4—172.16.0.24/28 VLAN 10 172.16.10.0/24 CR2—172.16.10.254/24 (e0/1.10) CR3—172.16.10.253/24 (e0/1.10) H11 and H12—Assigned by DHCP. VLAN 20 172.16.20./24 CR2—172.16.20.254/24 (e0/1.20) CR3—172.16.20.253/24 (e0/1.20) H21 and H22—Assigned by DHCP VLAN 30 172.16.30.0/24 CR2—172.16.30.254/24 (e0/1.30) CR3—172.16.30.253/24 (e0/1.30) H31 and H32—Assigned by DHCP VLAN 40 172.16.40.0/24 CR2—172.16.40.254/24 (e0/1.40) CR3—172.16.40.253/24 (e0/1.40) FTP server—172.16.40.1/24 H41—Assigned by DHCP Note: For testing purposes, the host devices in this lab are based on Cisco IOS Software. Switch Access Controls All switches support remote access through a Telnet session. The username and password for remote access are Remote_User and Enter_Remote, respectively. Universal IP Connectivity A ping from any device to all addresses on all devices must be successful.

Lab Tasks Using the information in the Job Aids sectish spaon, create an implementation and verification plan to implement your solution. A sample implementation and verification plan form is provided. After completing the implementation and verification plan, use that plan to successfully implement your solution. Implementation Task List Task No. Task Implementation Command(s) Verification Command(s) Notes

Task 1: Configure and Verify GLBP Users on VLAN 10 are complaining that they intermittently lose the ability to access any host that is not on VLAN 10. Analysis of this issue has found that the issue is encountered when either CR2 or DSW1 are shut down for maintenance. Further analysis has found that the issue is related to the default router that DHCP is providing the host. The DHCP server configuration on CR1 is as follows: CR1#sh run | sec dhcp

no ip dhcp use vrf connected
ip dhcp excluded-address 172.16.10.253  172.16.10.254
ip dhcp excluded-address 172.16.20.253  172.16.20.254
ip dhcp excluded-address 172.16.30.253  172.16.30.254
ip dhcp excluded-address 172.16.40.1
ip dhcp excluded-address 172.16.40.254
ip dhcp pool VLAN_10
    network 172.16.10.0 255.255.255.0
    default-router  172.16.10.254 
ip dhcp pool VLAN_20
    network 172.16.20.0 255.255.255.0
    default-router 172.16.20.254 
ip dhcp pool VLAN_30
    network 172.16.30.0 255.255.255.0
    default-router 172.16.30.253 
ip dhcp pool VLAN_40
    network 172.16.40.0 255.255.255.0
    default-router 172.16.40.253 
CR1#

The DHCP server is sending a default router of 172.16.10.254 to all the hosts on VLAN 10. When either CR2 or DSW1 are shut down for maintenance, this address cannot be reached by the host.

There are several ways that a LAN client can determine which router should be the first hop to a particular remote destination. The client can use a dynamic process or static configuration. Examples of dynamic discovery are as follows:

     • Proxy ARP: The client uses ARP to get to the destination that it wants to reach, and a router will respond to the ARP request with its own MAC address.
     • Routing protocol: The client listens to dynamic routing protocol updates (for example, from RIP) and forms its own routing table.
     • ICMP Router Discovery Protocol (IRDP) client: The client runs an ICMP router discovery client. 
     • DHCP provides a mechanism for passing configuration information to hosts on a TCP/IP network. A host that runs a DHCP client requests configuration information from a DHCP server when it boots onto the network. This configuration information typically comprises an IP address and a default gateway.

The drawback to dynamic discovery protocols is that they incur some configuration and processing overhead on the LAN client. Also, in case of a router failure, the process of switching to another router can be slow. There is no mechanism within DHCP for switching to an alternative router if the default gateway fails. An alternative to dynamic discovery protocols is to statically configure a default router on the client. This approach simplifies client configuration and processing, but it creates a single point of failure. If the default gateway fails, the LAN client is limited to communicating only on the local IP network segment and is cut off from the rest of the network. GLBP protects data traffic from a failed router or circuit, like HSRP and VRRP, while allowing packet load sharing between a group of redundant routers. The GLBP feature provides automatic router backup for IP hosts that are configured with a single default gateway on an IEEE 802.3 LAN. Multiple first-hop routers on the LAN combine to offer a single virtual first-hop IP router while sharing the IP packet forwarding load. Other routers on the LAN may act as redundant GLBP routers that will become active if any of the existing forwarding routers fail. GLBP performs a function for the user that is similar, but not identical, to HSRP and VRRP. HSRP and VRRP protocols allow multiple routers to participate in a virtual router group that is configured with a virtual IP address. One member is elected to be the active router to forward packets that are sent to the virtual IP address for the group. The other routers in the group are redundant until the active router fails. These standby routers have unused bandwidth that the protocol is not using. Although multiple virtual router groups can be configured for the same set of routers, the hosts must be configured for different default gateways, which results in an extra administrative burden. GLBP provides load balancing over multiple routers (gateways) using a single virtual IP address and multiple virtual MAC addresses. Each host is configured with the same virtual IP address, and all routers in the virtual router group participate in forwarding packets. GLBP members communicate between each other through hello messages that are sent every 3 seconds to the multicast address 224.0.0.102, UDP port 3222 (source and destination). Members of a GLBP group elect one gateway to be the active virtual gateway (AVG) for that group. Other group members provide backup for the AVG in case the AVG becomes unavailable. The AVG assigns a virtual MAC address to each member of the GLBP group. Each gateway assumes responsibility for forwarding packets that are sent to the virtual MAC address that is assigned to it by the AVG. These gatgleways are known as active virtual forwarders (AVFs) for their virtual MAC address. The AVG is responsible for answering ARP requests for the virtual IP address. Load sharing is achieved by the AVG replying to the ARP requests with different virtual MAC addresses. CR2 is the AVG for a GLBP group and is responsible for the virtual IP address 172.16.10.254. CR2 is also an AVF for the virtual MAC address 0007.b400.0101. CR3 is a member of the same GLBP group and is designated as the AVF for the virtual MAC address 0007.b400.0102. Client 11 has a default gateway IP address of 172.16.10.254 and a gateway MAC address of 0007.b400.0101. Client 12 shares the same default gateway IP address, but it receives the gateway MAC address 0007.b400.0102 because CR3 is sharing the traffic load with CR3. CR2 becomes unavailable; Client 11 will not lose access to the WAN because CR3 will assume responsibility for forwarding packets that are sent to the virtual MAC address of CR2, and for responding to packets that are sent to its own virtual MAC address. CR3 will also assume the role of the AVG for the entire GLBP group. Communication for the GLBP members continues despite the failure of a router in the GLBP group. GLBP Virtual MAC Address Assignment A GLBP group allows up to four virtual MAC addresses per group. The AVG is responsible for assigning the virtual MAC addresses to each member of the group. Other group members request a virtual MAC address after they discover the AVG through hello messages. Gateways are assigned the next MAC address in sequence. A virtual forwarder that is assigned a virtual MAC address by the AVG is known as a primary virtual forwarder. Other members of the GLBP group learn the virtual MAC addresses from hello messages. A virtual forwarder that has learned the virtual MAC address is referred to as a secondary virtual forwarder. GLBP Virtual Gateway Redundancy GLBP operates virtual gateway redundancy in the same way as HSRP. One gateway is elected as the AVG, another gateway is elected as the standby virtual gateway, and the remaining gateways are placed in a listen state. If an AVG fails, the standby virtual gateway will assume responsibility for the virtual IP address. A new standby virtual gateway is then elected from the gateways in the listen state. GLBP Virtual Forwarder Redundancy Virtual forwarder redundancy is similar to virtual gateway redundancy with an AVF. If the AVF fails, one of the secondary virtual forwarders in the listen state assumes responsibility for the virtual MAC address. The new AVF is also a primary virtual forwarder for a different forwarder number. GLBP migrates hosts away from the old forwarder number, using two timers that start as soon as the gateway changes to the active virtual forwarder state. GLBP uses the hello messages to communicate the current state of the timers. The redirect time is the interval during which the AVG continues to redirect hosts to the old virtual forwarder MAC address. When the redirect time expires, the AVG stops redirecting hosts to the virtual forwarder, although the virtual forwarder will continue to forward packets that were sent to the old virtual forwarder MAC address. The secondary hold time is the interval during which the virtual forwarder is valid. When the secondary hold time expires, the virtual forwarder is removed from all gateways in the GLBP group. The expired virtual forwarder number becomes eligible for reassignment by the AVG. CCNP.com has decided to implement GLBP on VLAN 10 as a solution to the default gateway issue. CR2 should be the primary router. Task 2: Configure and Verify GLBP Load Sharing CCNP.com has analyzed the traffic in its network. The study indicates that the best configuration for the network is to have DSW1 as the master root bridge and DSW2 as the backup root bridge for VLANs 10, 20, and 30. DSW2 should be the master root bridge and DSW1 should be the backup root bridge for VLAN 40. Configure spanning tree to implement this scheme. With HSRP and VRRP, the active router is the gateway for all traffic; therefore, selection of the active router is important. With GLBP, the gateway function is distributed by the AVG to the members of the group, which means that a single router is no longer the sole gateway. However, there is overhead that is related to the function of the AVG. The AVG function should be distributed as well. Configure the GLBP groups to implement the following scheme:

     • CR2 should be the primary AVG for all hosts on VLANs 10, 20, 30, and 40.
     • CR3 should be the primary AVG for the FTP server. 

Task 3: Configure GLBP to Track the Status of an Interface With GLBP enabled, there are several fault conditions that need to be addressed. Disable the e0/0 interface on CR2, and do a traceroute from H11 to the loopback interface of CR1. H11#trace 172.16.0.1 Type escape sequence to abort. Tracing the route to CR1_loo0 (172.16.0.1)

1 172.16.10.252 4 msec 0 msec 4 msec
  2 CR1_e0_0 (172.16.1.1) 0 msec *  4 msec
H11#

CR2(config-if)#int e0/0

CR2(config-if)#shut
CR2(config-if)#
*Aug   4 19:38:21.502: %DUAL-5-NBRCHANGE: IP-EIGRP(0) 10: Neighbor 172.16.1.1  (Ethernet0/0) is down: interface down
CR2(config-if)#
*Aug   4 19:38:23.510: %LINK-5-CHANGED: Interface Ethernet0/0, changed state to  administratively down
*Aug   4 19:38:24.518: %LINEPROTO-5-UPDOWN: Line protocol on Interface  Ethernet0/0, changed state to down

CR2(config-if)# H11#trace 172.16.0.1 Type escape sequence to abort.

Tracing  the route to CR1_loo0 (172.16.0.1)
1 172.16.10.252 4 msec 0 msec 0 msec
  2 172.16.10.252 !H   *  !H 
H11#

The trace fails. When a packet arrives at CR2, CR2 cannot forward the packet because its only route to CR1 is through the e0/0 interface. Note: Depending on the gateway MAC address that is provided by the AVG, this fault condition may appear on either H11 or H12. Re-enable e0/0 on CR2. Configure the GLBP group to handle the following conditions:

     • If the e0/0 interface on CR2 is up and e0/0 on CR3 is up, CR2 should be the master router.
     • If the e0/0 interface on CR2 is down and e0/0 on CR3 is up, CR3 should be the master router.
     • If the e0/0 interface on CR2 is up and e0/0 on CR3 is down, CR2 should be the master router. 
     • If the e0/0 interface on CR2 is down and e0/0 on CR3 is down, CR2 should be the master router. 

Task 4: Configure GLBP to Monitor an IP Route CCNP.com has added a Layer 3 link between CR2 and CR3. Enable this link using an IP address of 172.16.1.9/30 for the e0/2 interface on CR2 and an IP address of 172.16.1.10/30 for the e0/2 interface on CR3. The GLBP group for VLAN 20 should use CR2 and CR3 as an AF as long as they have an IP route to the loopback address of CR1. Task 5: Configure GLBP to Monitor Reachability Configure the GLBP group for VLAN 30 to use CR2 as an AF under the following conditions:

     • A ping any can be successfully performed from CR2 to the following addresses on CR1:
             ○ 172.16.200.1
             ○ 172.16.201.1
             ○ 172.16.202.1 
     • If CR2 relinquishes the AF role, it cannot regain that role until pings are successful to at least two of the addresses.

© 1992-2016 Cisco Systems, Inc. All rights reserved.

Pasted from <https://cll1.cisco.com/content/xtrac/1>

Final Configs Links To Final Configuration CR1 Configuration CR2 Configuration CR3 Configuration DSW1 Configuration DSW2 Configuration CR1 Configuration CR1#show running-config

Building configuration...

Current configuration : 2474 bytes

!
version 12.4
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption
!
hostname CR1
!
boot-start-marker
boot-end-marker
!
!
no aaa new-model
clock timezone PST 0
no ip domain lookup
ip domain name CCNP.com
ip host CR1_e0_0 172.16.1.1
ip host CR1_e0_1 172.16.1.5
ip host CR1_loo0 172.16.0.1
ip host CR2_e0_0 172.16.1.2
ip host CR2_VLAN1 172.16.0.17
ip host CR2_VLAN30 172.16.30.254
ip host CR2_VLAN40 172.16.40.254
ip host CR3_e0_0 172.16.1.6
ip host CR3_VLAN1 172.16.0.18
ip host CR3_VLAN10 172.16.10.253
ip host CR3_VLAN20 172.16.20.253
ip host DSW1_VLAN1 172.16.0.19
ip host DSW2_VLAN1 172.16.0.20
ip host ASW1_VLAN1 172.16.0.21
ip host ASW2_VLAN1 172.16.0.22
ip host ASW3_VLAN1 172.16.0.23
ip host ASW4_VLAN1 172.16.0.24
ip host FTP_Server 172.16.40.1
ip host VLAN10 172.16.20.254
ip host VLAN30 172.16.30.253
ip host VLAN40 172.16.40.253
no ip dhcp use vrf connected
ip dhcp excluded-address 172.16.10.253 172.16.10.254
ip dhcp excluded-address 172.16.20.253 172.16.20.254
ip dhcp excluded-address 172.16.30.253 172.16.30.254
ip dhcp excluded-address 172.16.40.1
ip dhcp excluded-address 172.16.40.254
ip dhcp excluded-address 172.16.10.252
ip dhcp excluded-address 172.16.20.252
ip dhcp excluded-address 172.16.30.252
ip dhcp excluded-address 172.16.40.252
ip dhcp excluded-address 172.16.40.251
!
ip dhcp pool VLAN_10
network 172.16.10.0 255.255.255.0
default-router 172.16.10.254
!
ip dhcp pool VLAN_20
network 172.16.20.0 255.255.255.0
default-router 172.16.20.254
!
ip dhcp pool VLAN_30
network 172.16.30.0 255.255.255.0
default-router 172.16.30.254
!
ip dhcp pool VLAN_40
network 172.16.40.0 255.255.255.0
default-router 172.16.40.254
!
!
!
multilink bundle-name authenticated
!
!
username Remote_User privilege 15 password 0 Enter_Remote
archive
log config
hidekeys
!
!
!
!
!
!
!
interface Loopback0
ip address 172.16.0.1 255.255.255.255
!
interface Ethernet0/0
description link to CR2
ip address 172.16.1.1 255.255.255.252
!
interface Ethernet0/1
description link to CR3
ip address 172.16.1.5 255.255.255.252
!
interface Ethernet0/2
no ip address
shutdown
!
interface Ethernet0/3
no ip address
shutdown
!
router eigrp 10
network 172.16.0.0
auto-summary
!
ip forward-protocol nd
!
no ip http server
no ip http secure-server
!
!
!
!
!
control-plane
!
!
line con 0
exec-timeout 0 0
logging synchronous
line aux 0
line vty 0 4
login local
transport input all
!
end

CR1#

CR2 Configuration CR2#show running-config

Building configuration...

Current configuration : 3674 bytes

!
version 12.4
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption
!
hostname CR2
!
boot-start-marker
boot-end-marker
!
!
no aaa new-model
clock timezone PST 0
no ip domain lookup
ip domain name CCNP.com
ip host CR1_e0_0 172.16.1.1
ip host CR1_e0_1 172.16.1.5
ip host CR1_loo0 172.16.0.1
ip host CR2_e0_0 172.16.1.2
ip host CR2_VLAN1 172.16.0.17
ip host CR2_VLAN30 172.16.30.254
ip host CR2_VLAN40 172.16.40.254
ip host CR3_e0_0 172.16.1.6
ip host CR3_VLAN1 172.16.0.18
ip host CR3_VLAN10 172.16.10.253
ip host CR3_VLAN20 172.16.20.253
ip host DSW1_VLAN1 172.16.0.19
ip host DSW2_VLAN1 172.16.0.20
ip host ASW1_VLAN1 172.16.0.21
ip host ASW2_VLAN1 172.16.0.22
ip host ASW3_VLAN1 172.16.0.23
ip host ASW4_VLAN1 172.16.0.24
ip host FTP_Server 172.16.40.1
ip host VLAN10 172.16.20.254
ip host VLAN30 172.16.30.253
ip host VLAN40 172.16.40.253
!
!
!
multilink bundle-name authenticated
!
!
username Remote_User privilege 15 password 0 Enter_Remote
archive
log config
hidekeys
!
!
!
!
!
track 10 interface Ethernet0/0 line-protocol
!
track 20 ip route 172.16.0.1 255.255.255.255 reachability
!
track 30 rtr 30
!
track 31 rtr 31
!
track 32 rtr 32
!
!
!
interface Loopback0
ip address 172.16.0.2 255.255.255.255
!
interface Ethernet0/0
description link to CR1
ip address 172.16.1.2 255.255.255.252
!
interface Ethernet0/1
description link to DSW1
no ip address
!
interface Ethernet0/1.1
description VLAN 1
encapsulation dot1Q 1 native
ip address 172.16.0.17 255.255.255.240
!
interface Ethernet0/1.10
description VLAN 10
encapsulation dot1Q 10
ip address 172.16.10.252 255.255.255.0
ip helper-address 172.16.1.1
glbp 10 ip 172.16.10.254
glbp 10 priority 150
glbp 10 preempt
glbp 10 weighting 150 lower 140
glbp 10 weighting track 10 decrement 11
!
interface Ethernet0/1.20
description VLAN 20
encapsulation dot1Q 20
ip address 172.16.20.252 255.255.255.0
ip helper-address 172.16.1.1
glbp 20 ip 172.16.20.254
glbp 20 priority 110
glbp 20 preempt
glbp 20 weighting 150 lower 140
glbp 20 weighting track 20 decrement 11
!
interface Ethernet0/1.30
description VLAN 30
encapsulation dot1Q 30
ip address 172.16.30.252 255.255.255.0
ip helper-address 172.16.1.1
glbp 30 ip 172.16.30.254
glbp 30 priority 110
glbp 30 preempt
glbp 30 weighting 200 lower 51 upper 149
glbp 30 weighting track 30 decrement 50
glbp 30 weighting track 31 decrement 50
glbp 30 weighting track 32 decrement 50
!
interface Ethernet0/1.40
description VLAN 40
encapsulation dot1Q 40
ip address 172.16.40.252 255.255.255.0
ip helper-address 172.16.1.1
glbp 40 ip 172.16.40.254
glbp 40 priority 110
glbp 40 preempt
glbp 41 ip 172.16.40.253
!
interface Ethernet0/2
description link to CR3
ip address 172.16.1.9 255.255.255.252
!
interface Ethernet0/3
no ip address
shutdown
!
router eigrp 10
passive-interface default
no passive-interface Ethernet0/0
no passive-interface Ethernet0/2
network 172.16.0.0
auto-summary
!
ip forward-protocol nd
!
no ip http server
no ip http secure-server
!
!
ip sla 10
icmp-echo 172.16.200.1 source-ip 172.16.10.252
frequency 10
ip sla schedule 10 life forever start-time now
ip sla 30
icmp-echo 172.16.200.1 source-ip 172.16.10.252
frequency 10
ip sla schedule 30 life forever start-time now
ip sla 31
icmp-echo 172.16.201.1 source-ip 172.16.10.252
frequency 10
ip sla schedule 31 life forever start-time now
ip sla 32
icmp-echo 172.16.202.1 source-ip 172.16.10.252
frequency 10
ip sla schedule 32 life forever start-time now
!
!
!
control-plane
!
!
line con 0
exec-timeout 0 0
logging synchronous
line aux 0
line vty 0 4
login local
transport input all
!
end

CR2#

CR3 Configuration CR3#show running-config

Building configuration...

Current configuration : 3254 bytes

!
version 12.4
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption
!
hostname CR3
!
boot-start-marker
boot-end-marker
!
!
no aaa new-model
clock timezone PST 0
no ip domain lookup
ip domain name CCNP.com
ip host CR1_e0_0 172.16.1.1
ip host CR1_e0_1 172.16.1.5
ip host CR1_loo0 172.16.0.1
ip host CR2_e0_0 172.16.1.2
ip host CR2_VLAN1 172.16.0.17
ip host CR2_VLAN30 172.16.30.254
ip host CR2_VLAN40 172.16.40.254
ip host CR3_e0_0 172.16.1.6
ip host CR3_VLAN1 172.16.0.18
ip host CR3_VLAN10 172.16.10.253
ip host CR3_VLAN20 172.16.20.253
ip host DSW1_VLAN1 172.16.0.19
ip host DSW2_VLAN1 172.16.0.20
ip host ASW1_VLAN1 172.16.0.21
ip host ASW2_VLAN1 172.16.0.22
ip host ASW3_VLAN1 172.16.0.23
ip host ASW4_VLAN1 172.16.0.24
ip host FTP_Server 172.16.40.1
ip host VLAN10 172.16.20.254
ip host VLAN30 172.16.30.253
ip host VLAN40 172.16.40.253
!
!
!
multilink bundle-name authenticated
!
!
username Remote_User privilege 15 password 0 Enter_Remote
archive
log config
hidekeys
!
!
!
!
!
track 10 interface Ethernet0/0 line-protocol
!
track 20 ip route 172.16.0.1 255.255.255.255 reachability
!
!
!
interface Loopback0
ip address 172.16.0.3 255.255.255.255
!
interface Ethernet0/0
description link to CR1
ip address 172.16.1.6 255.255.255.252
!
interface Ethernet0/1
description link to DSW2
no ip address
!
interface Ethernet0/1.1
description VLAN 1
encapsulation dot1Q 1 native
ip address 172.16.0.18 255.255.255.240
!
interface Ethernet0/1.10
description VLAN 10
encapsulation dot1Q 10
ip address 172.16.10.253 255.255.255.0
ip helper-address 172.16.1.1
glbp 10 ip 172.16.10.254
glbp 10 weighting 145 lower 144
glbp 10 weighting track 10 decrement 2
!
interface Ethernet0/1.20
description VLAN 20
encapsulation dot1Q 20
ip address 172.16.20.253 255.255.255.0
ip helper-address 172.16.1.1
glbp 20 ip 172.16.20.254
glbp 20 weighting 150 lower 140
glbp 20 weighting track 20 decrement 11
!
interface Ethernet0/1.30
description VLAN 30
encapsulation dot1Q 30
ip address 172.16.30.253 255.255.255.0
ip helper-address 172.16.1.1
glbp 30 ip 172.16.30.254
!
interface Ethernet0/1.40
description VLAN 40
encapsulation dot1Q 40
ip address 172.16.40.251 255.255.255.0
ip helper-address 172.16.1.1
glbp 40 ip 172.16.40.254
glbp 41 ip 172.16.40.253
glbp 41 priority 110
glbp 41 preempt
!
interface Ethernet0/2
description link to CR2
ip address 172.16.1.10 255.255.255.252
!
interface Ethernet0/3
no ip address
shutdown
!
interface Ethernet1/0
no ip address
shutdown
!
interface Ethernet1/1
no ip address
shutdown
!
interface Ethernet1/2
no ip address
shutdown
!
interface Ethernet1/3
no ip address
shutdown
!
interface Ethernet2/0
no ip address
shutdown
!
interface Ethernet2/1
no ip address
shutdown
!
interface Ethernet2/2
no ip address
shutdown
!
interface Ethernet2/3
no ip address
shutdown
!
router eigrp 10
passive-interface default
no passive-interface Ethernet0/0
no passive-interface Ethernet0/2
network 172.16.0.0
auto-summary
!
ip forward-protocol nd
!
no ip http server
no ip http secure-server
!
!
!
!
!
control-plane
!
!
line con 0
exec-timeout 0 0
logging synchronous
line aux 0
line vty 0 4
login local
transport input all
!
end

CR3#

DSW1 Configuration DSW1#show running-config

Building configuration...

Current configuration : 2935 bytes

!
version 12.2
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption
!
hostname DSW1
!
boot-start-marker
boot-end-marker
!
!
username Remote_User privilege 15 password 0 Enter_Remote
no aaa new-model
clock timezone PST 0
ip subnet-zero
no ip routing
no ip domain-lookup
ip domain-name CCNP.com
ip host VLAN40 172.16.40.253
ip host VLAN30 172.16.30.253
ip host VLAN10 172.16.20.254
ip host FTP_Server 172.16.40.1
ip host ASW4_VLAN1 172.16.0.24
ip host ASW3_VLAN1 172.16.0.23
ip host ASW2_VLAN1 172.16.0.22
ip host ASW1_VLAN1 172.16.0.21
ip host DSW2_VLAN1 172.16.0.20
ip host DSW1_VLAN1 172.16.0.19
ip host CR3_VLAN20 172.16.20.253
ip host CR3_VLAN10 172.16.10.253
ip host CR3_VLAN1 172.16.0.18
ip host CR3_e0_0 172.16.1.6
ip host CR2_VLAN40 172.16.40.254
ip host CR2_VLAN30 172.16.30.254
ip host CR2_VLAN1 172.16.0.17
ip host CR2_e0_0 172.16.1.2
ip host CR1_loo0 172.16.0.1
ip host CR1_e0_1 172.16.1.5
ip host CR1_e0_0 172.16.1.1
!
vtp domain CCNP.com
vtp mode transparent
!
!
!
spanning-tree mode rapid-pvst
spanning-tree extend system-id
spanning-tree vlan 10,20,30 priority 24576
spanning-tree vlan 40 priority 28672
!
vlan internal allocation policy ascending
!
vlan 10
name ASW1
!
vlan 20
name ASW2
!
vlan 30
name ASW3
!
vlan 40
name ASW4
!
vlan 99
name Unassigned_Port_VLAN
!
!
!
!
!
!
interface Ethernet0/0
description link to CR2
switchport trunk encapsulation dot1q
switchport mode trunk
duplex auto
!
interface Ethernet0/1
description link to DSW2
switchport trunk encapsulation dot1q
switchport mode trunk
duplex auto
!
interface Ethernet0/2
switchport access vlan 99
switchport mode access
shutdown
duplex auto
!
interface Ethernet0/3
switchport access vlan 99
switchport mode access
shutdown
duplex auto
!
interface Ethernet1/0
description link to ASW1
switchport trunk encapsulation dot1q
switchport mode trunk
duplex auto
!
interface Ethernet1/1
description link to ASW2
switchport trunk encapsulation dot1q
switchport mode trunk
duplex auto
!
interface Ethernet1/2
description link to ASW3
switchport trunk encapsulation dot1q
switchport mode trunk
duplex auto
!
interface Ethernet1/3
description link to ASW4
switchport trunk encapsulation dot1q
switchport mode trunk
duplex auto
!
interface Ethernet2/0
switchport access vlan 99
switchport mode access
shutdown
duplex auto
!
interface Ethernet2/1
switchport access vlan 99
switchport mode access
shutdown
duplex auto
!
interface Ethernet2/2
switchport access vlan 99
switchport mode access
shutdown
duplex auto
!
interface Ethernet2/3
switchport access vlan 99
switchport mode access
shutdown
duplex auto
!
interface Vlan1
ip address 172.16.0.19 255.255.255.240
no ip route-cache
!
!
ip classless
no ip http server
!
!
!
!
!
control-plane
!
!
line con 0
exec-timeout 0 0
logging synchronous
line aux 0
line vty 0 4
login local
transport input ssh
!
end

DSW1#

DSW2 Configuration DSW2#show running-config

Building configuration...

*Apr 10 10:13:20.019: %SYS-5-CONFIG_I: Configured from console by console

Current configuration : 2935 bytes
!
version 12.2
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption
!
hostname DSW2
!
boot-start-marker
boot-end-marker
!
!
username Remote_User privilege 15 password 0 Enter_Remote
no aaa new-model
clock timezone PST 0
ip subnet-zero
no ip routing
no ip domain-lookup
ip domain-name CCNP.com
ip host VLAN40 172.16.40.253
ip host VLAN30 172.16.30.253
ip host VLAN10 172.16.20.254
ip host FTP_Server 172.16.40.1
ip host ASW4_VLAN1 172.16.0.24
ip host ASW3_VLAN1 172.16.0.23
ip host ASW2_VLAN1 172.16.0.22
ip host ASW1_VLAN1 172.16.0.21
ip host DSW2_VLAN1 172.16.0.20
ip host DSW1_VLAN1 172.16.0.19
ip host CR3_VLAN20 172.16.20.253
ip host CR3_VLAN10 172.16.10.253
ip host CR3_VLAN1 172.16.0.18
ip host CR3_e0_0 172.16.1.6
ip host CR2_VLAN40 172.16.40.254
ip host CR2_VLAN30 172.16.30.254
ip host CR2_VLAN1 172.16.0.17
ip host CR2_e0_0 172.16.1.2
ip host CR1_loo0 172.16.0.1
ip host CR1_e0_1 172.16.1.5
ip host CR1_e0_0 172.16.1.1
!
vtp domain CCNP.com
vtp mode transparent
!
!
!
spanning-tree mode rapid-pvst
spanning-tree extend system-id
spanning-tree vlan 10,20,30 priority 28672
spanning-tree vlan 40 priority 24576
!
vlan internal allocation policy ascending
!
vlan 10
name ASW1
!
vlan 20
name ASW2
!
vlan 30
name ASW3
!
vlan 40
name ASW4
!
vlan 99
name Unassigned_Port_VLAN
!
!
!
!
!
!
interface Ethernet0/0
description link to CR3
switchport trunk encapsulation dot1q
switchport mode trunk
duplex auto
!
interface Ethernet0/1
description link to DSW1
switchport trunk encapsulation dot1q
switchport mode trunk
duplex auto
!
interface Ethernet0/2
switchport access vlan 99
switchport mode access
shutdown
duplex auto
!
interface Ethernet0/3
switchport access vlan 99
switchport mode access
shutdown
duplex auto
!
interface Ethernet1/0
description link to ASW1
switchport trunk encapsulation dot1q
switchport mode trunk
duplex auto
!
interface Ethernet1/1
description link to ASW2
switchport trunk encapsulation dot1q
switchport mode trunk
duplex auto
!
interface Ethernet1/2
description link to ASW3
switchport trunk encapsulation dot1q
switchport mode trunk
duplex auto
!
interface Ethernet1/3
description link to ASW4
switchport trunk encapsulation dot1q
switchport mode trunk
duplex auto
!
interface Ethernet2/0
switchport access vlan 99
switchport mode access
shutdown
duplex auto
!
interface Ethernet2/1
switchport access vlan 99
switchport mode access
shutdown
duplex auto
!
interface Ethernet2/2
switchport access vlan 99
switchport mode access
shutdown
duplex auto
!
interface Ethernet2/3
switchport access vlan 99
switchport mode access
shutdown
duplex auto
!
interface Vlan1
ip address 172.16.0.20 255.255.255.240
no ip route-cache
!
!
ip classless
no ip http server
!
!
!
!
!
control-plane
!
!
line con 0
exec-timeout 0 0
logging synchronous
line aux 0
line vty 0 4
login local
transport input all
!
end

DSW2#

© 1992-2016 Cisco Systems, Inc. All rights reserved.

Pasted from <https://cll1.cisco.com/content/xtrac/3#R2>

VRRP Sw(config)# track 90 int f0/24 line-protocol Sw(config)# int vlan 10 Sw(config-if)# ip add 10.1.10.2 255.255.255. Sw(config-if)# vrrp 1 10.1.10.1 Sw(config-if)# vrrp 1 priority 110 Sw(config-if)# vrrp 1 timers advertise mscec 500 Sw(config-if)# vrrp authentication md5 keystring xyz123 Sw(config-if)# vrrp 1 track 90 decrement 20

HSRP

Cisco proprietary Configuration:

Configure the E0/1 interface of R1 with the IP address and HSRP standby IP.
R1(config)# int e0/1
R1(config-if)# ip add 192.168.1.3 255.255.255.0
R1(config-if)# standby 1 ip 192.168.1.1

Configure the E0/1 interface of R2 with the IP address and HSRP standby IP.
R2(config)# int e0/1
R2(config-if)# ip add 192.168.1.2 255.255.255.0
R2(config-if)# standby 1 ip 192.168.1.1

standby 1 is for group 1 show ip arp Configuring HSRP Priority

The active router is elected based on the HSRP priority.
Use a value 0 and 255.
The default priority is 100.
R2(config)# int e0/1
R2(config-if)# standby 1 priority 110

Configuring HSRP Pre-Empt

This configuration pre-empts HSRP election if a device with a higher priority comes online.
Disabled by default.
R1(config)# int e0/1
R1(config-if)# standby 1 preempt

R2(config)# int e0/1
R2(config-if)# standby 1 preempt

show standby show standby brief

Tie-breaker is highest IP address. Higher priority means that router will be the active.

Stackwise

show switch show platform stack manager all show switch stack-ports

NTP

Sw# clock set 12:13:00 10 January 2014 Sw# show clock Sw# show calendar Sw# show clock detail Sw(config)# clock timezone EDT -5 Sw(config)# clock summer-time EDT recurring Sw# clock update-calendar

NTP Modes:

Server
	Provides accurate time information to clients.
Client
	Synchronizes its time to the server. This mode is most suited for file-server and workstation clients that are not required to provide any form of time synchronization to other local clients. It can also provide accurate time to other devices.
Peer
	Peers exchange time synchronization information.
	Symmetric mode.
Broadcast/multicast
	Special "push" mode of NTP server, used only when time accuracy is not a big concern.

Server and client can be the same device.

System clock

Runs from the moment the system starts and keeps track of the current date and time.
Can be set in three ways:
	NTP
	SNTP
	Manual configuration

The system clock is set based on its time in its internal battery-powered calendar. The Calendar is also called a hardware clock. The calendar system is battery-powered and tracks the date and time across system restarts.

Configuration:

R1(config)# ntp server 209.165.200.187
R1# show ntp status
R1# show ntp associations
R1# show clock
R1# show clock detail
R1(config)# clock timezone EDT -5
R1(config)# clock summer-time EDT recurring
R1# show clock detail

Sw1(config)# ntp server 10.0.0.1 (points to router)
Sw1(config)# clock timezone EDT -5
Sw1(config)# clock summer-time EDT recurring
Sw1# show ntp status

Sw2(config)# ntp server 10.0.0.1 (points to router)
Sw2(config)# clock timezone EDT -5
Sw2(config)# clock summer-time EDT recurring
Sw2# show ntp status

Configure Sw1 and Sw2 as NTP peers
Sw1(config)# ntp peer 172.16.0.12
Sw2(config)# ntp peer 172.16.0.11
Sw1# show ntp associations
Sw2# show ntp associations

NTP is a flat heirarchy

Securing NTP

NTPServer(config)# ntp authentication-key md5 MyPassword
NTPServer(config)# ntp authenticate
NTPServer(config)# ntp trusted-key 1

NTPClient(config)# ntp authentication-key md5 MyPassword
NTPClient(config)# ntp authenticate
NTPClient(config)# ntp trusted-key 1
NTPClient(config)# ntp server 10.0.1.22 key 1

Configures Core1 to peer with only a specified IP address:
Core1(config)# access-list 1 permit 10.0.1.0 0.0.255.255
Core1(config)# ntp access-group peer 1

Configures Core1 to answer synchronization requests from only 10.1.0.0/16 subnet devices:
Core1(config)# access-list 1 permit 10.1.0.0 0.0.255.255
Core1(config)# ntp access-group serve-only 1

Access lists should only be configured on devices that peer with an external NTP source.

NTP Source Address

Configures Loopback 0 to be used as the source NTP communication.
Ensures reachability.
NTPServer(config)# ntp source Loopback 0

NTP Versions

Versions 3 and 4 are current
Version 4 is for IPv6
NTPv4 introduces better security
NTPv3 uses broadcast messages
NTPv4 uses multicast messages
NTPv4 is backward compatible with NTPv3

NTP in an IPv6 Environment

NTPv4 can use IPv6
Sw(config)# ntp server 2001:db8:0::8:800:200c:417a version 4
Sw# show clock
Sw# show clock detail
Sw# show ntp associations
Sw# show ntp associations detail
Sw# show ntp status
Sw# debug ntp events

Simple Network Time Protocol SNTP

Uses a subset of NTP functionalities.
It's a receive-only mechanism, usually for low-end devices.
SNTP and NTP cannot coexist on the same device because they use the same port number.
SNTP can only receive the time from NTP server; it cannot be used to provide time services to other systems.

SNTP Configuration

Allows the software clock to be synchronized by an SNTP time server.
Sw(config)# sntp authenticate
Sw(config)# sntp authentication-key 1 md5 c1sc0
Sw(config)# sntp trusted-key 1
Sw(config)# sntp server 172.16.22.44
Sw# show sntp

SPAN

Switched Analysis

SPAN Session:

Association of a destination port with source ports

Source VLAN:

VLAN monitored for traffic analysis

Ingress Source Port

From

Egress Source Port

To

Destination Port

To sniffer

A source port can be configured as an Ingress and Egress at the same time

Configuration:

Sw1(config)# monitor session 1 source interface g0/1
Sw1(config)# monitor session 1 destination interface g0/2
Sw1# show monitor

RSPAN

Remote Switched Analysis

Remote SPAN supports source and destination ports on different switches, while local SPAN support only source and destination ports on the same switch. Trunk has to configured with the RSPAN VLAN RSPAN consists of the following:

RSPAN source session
RSPAN VLAN
RSPAN destination session

Configuration:

Sw1(config)# vlan 100
Sw1 (config-vlan)# name SPAN-VLAN
Sw1(config-vlan)# remote-span
Sw1(config)# monitor session 2 source g0/1
Sw1(config)# monitor session 2 destination remote vlan 100

Sw2(config)# vlan 100
Sw2(config-vlan)# name SPAN-VLAN
Sw2(config-vlan)# remote-span
Sw2(config)# monitor session 3 destination interface g0/2
Sw2(config)# monitor session 3 source remote vlan 100

MST Configuring MST

show spanning-tree summary

look at Switch in in pvst mode
can see vlan instances

Configuring MST Regions:

Sw1(config)# spanning-tree mst configuration
Sw1(config-mst)# name CCNP
Sw1(config-mst)#  revision 1

Sw2(config)# spanning-tree mst configuration
Sw2(config-mst)# name CCNP
Sw2(config-mst)#  revision 1

Sw3(config)# spanning-tree mst configuration
Sw3(config-mst)# name CCNP
Sw31(config-mst)#  revision 1

Mapping VLANs to MST Instances

Sw1(config)# spanning-tree mst configuration
Sw1(config-mst)# instance 1 vlan 2,3
Sw1(config-mst)#  instance 2 vlan 4,5

Sw2(config)# spanning-tree mst configuration
Sw2(config-mst)# instance 1 vlan 2,3
Sw2(config-mst)#  instance 1 vlan 4,5

Sw3(config)# spanning-tree mst configuration
Sw3(config-mst)# instance 1 vlan 2,3
Sw3(config-mst)#  instance 1 vlan 4,5

All other VLANs are mapped to instance 0 by default

Configuring MST Switch Priority

Sw1(config)# spanning-tree mst 1 root primary
Sw1(config)# spanning-tree mst 2 root secondary

Sw2(config)# spanning-tree mst 1 root secondary
Sw2(config)# spanning-tree mst 2 root primary

Sw1(config)# spanning-tree mode mst Sw2(config)# spanning-tree mode mst Sw3(config)# spanning-tree mode mst

changes mode to mst

Sw1# show spanning-tree summary

Switch is in mst mode (IEEE Standard)
Shows how many MST instances are active

Sw1(config) # spanning-tree mst configuration Sw1 (config-mst)# show current

Shows Revison
# of instances configured
VLANS in each instance

Sw1# show spanning-tree mst configuration digest

Shows the digest, name, rev #, how many instances configured
digest is sent back and forth within the BPDU
digest must match between switches

Sw1# show spanning-tree mst 1

shows port roles for each port

To change mst port priority

Sw1(config)# int f0/0
Sw1(config-if)# spanning-tree mst 1 port-priority 32
Sw1# show spanningj-tree mst 1

MST uses the same election as STP:

1. Lowest BID
2. Lowest root path cost
3. Lowest sender BID
4. Lowest sender port ID

Like with any other STP, the MST path cost default value is derived from the media speed of an interface. If a loop occurs, MST uses the cost to select the forwarding interface.

Sw1(config)# int f0/0
Sw1(config-if)# spanning-tree mst 1 cost 100000
Sw1# show spanning-tree mst

MST Protocol Migration

Move from STP to MST
	Identify edge port.
	Make sure that interswitch connections are configured as trunks and are not pruning any VLANs that are used in MST.
	Decide how many STP instances you need and how to map them to VLANs.
	Choose the region name and revision number.
	Avoid mapping VLANs to instance 0.
	Migrate the core and make  you way down to the access switches.
	Configuration of PortFast, BPDU guard, BPDU filter, root guard, and loop guard is the same with PVST+.

CEF

? CEF
? show ip cef
	○ shows output of FIB
	○ Next  Hop
		§ attached - directly attached
		§ receive - an ip address that is assigned to this router
		§ no route - no information
		§ 2.2.2.2/32    10.1.1.2     serial1/0    leave out of serial 1/0 to reach 2.2.2.2
? conf t
	○ ip cef
		§ enables cef
	○ ipv6 cef
		§ enables ipv6 cef
? show ip interface f0/1
	○ can see if cef is enabled
? conf t
	○ int f0/1
		§ ip route-cache cef
? show ip interface f0/1
	○ ip cef should be enabled now
? show adjacency detail



? Policy Based Routing
	○ Forwards based on route map configuration
		§ Route Map
			□ MATCH
				R IP address
				R Range of packet lengths
			□ SET
				R Next-hop IP address
				R Default Next-hop IP address
				R Interface
				R Default Interface
? conf t
	○ route-map CLIENT1-TO-SERVER1
		§ match ip address 100
		§ set ip next-hop 203.0.113.1
		§ exit
	○ int f0/0
		§ ip policy route-map CLIENT1-TO-SERVER1
? show route-map
? conf t
	○ ip sla 1
		§ icmp-echo 203.0.113.5 source-ip 192.0.2.1
		§ frequency 5
		§ threshold 100
		§ exit
? conf t
	○ ip sla schedule 1 life forever start-time now
	○ track 1 ip sla 1
		§ delay down 10 up 10
	○ ip route 198.51.100.0 255.255.255.0 203.0.113.5 track 1
	○ ip route 198.51.100.0 255.255.255.0 203.0.113.1 2
? show ip route
? show track 1
? show ip sla statistics
? conf t
	○ no ip sla 1
	○ ip sla 1
		§ icmp-echo 203.0.113.5 source-ip 192.0.2.1
		§ frequency 5
		§ threshold 10
	○ ip sla schedule 1 life forever start-time now
? show track 1
	○ should show "over threshold"
	○ shoud show "state down"
? show ip route
	○ WAN route is now used
cisco/l2_notes.txt · Last modified: 2020/10/05 09:59 by Derg Enterprises