(Příkazy označené tečkou fungují v GNS3 na routeru s NM-16ESW modulem)
====== Switch CAM Table ======
POZOR! příkazy lze psát dvěma způsoby:
* Po staru: **mac-adress-table**
* Po novu: **mac address-table**
>Switch(config)# **mac address-table aging-time** //seconds(def.300)//
>Switch(config)# **mac address-table static** //aaaa.bbbb.cccc// **interface** //type mod/num// **vlan** //vlan-id//
>Switch# **show mac address-table dynamic** [**address** //mac-address// | **interface** //type mod/num// | **vlan** //vlan-id//]
>Switch# **show mac address-table count**
>Switch# **clear mac address-table dynamic** [**address** //mac-address// | **interface** //type mod/num// | **vlan** //vlan-id//]
====== Switch Port Configuration ======
>.Switch(config)# **interface** //type module/number//
>.Switch(config)# **interface range** //type module/number [, type module/number ...]//
>.Switch(config)# **interface range** //type module/first-number – last-number//
>.Switch(config)# **define interface-range** //macro-name type module/number
[, type module/ number ...] [, type module/first-number – last-number] [, ...]//
>.Switch(config)# **interface range macro** //macro-name//
(předdefinované makro se uloží do configu)
__Příklad:__\\
Switch(config)# **define interface-range MyGroup gig 2/0/1 , gig 2/0/3 – 2/0/5 ,
gig 3/0/1 , gig 3/0/10, gig 3/0/32 – 3/0/48**\\
Switch(config)# **interface range macro MyGroup**
>.Switch(config-if)# [**no**] **shutdown**
>.Switch(config-if)# **description** //description-string//
>.Switch(config-if)# **speed** {**10** | **100** | **1000** | **auto**(defult)}
* GBIC porty - napevno 1000
* 1000BASE-T - 10/100/1000
>.Switch(config-if)# **duplex** {**auto** | **full** | **half**}
* **auto** - nelze nastavit u 10BASE ethernetu
* Ethernet 10 - defaultně **half**
* FastEthernet 10/100 - defaultně **full**
* Rychlejší - defaultně **auto**
__Konfigurace detekce chyb (errdisable)__
>.Switch(config)# [**no**] **errdisable detect cause** [**all** | //cause-name//]
* Příkaz lze zadat vícekrát pro různé události
* .**all** - detekuje vše
* **arp-inspection**
* .**bpduguard** - Na STP Portfast portu je přijato BPDU
* **channel-misconfig** - Chyba v konfiguraci Etherchannelu
* **dhcp-rate-limit** - Týká se DHCP Snoopingu
* .**dtp-flap** - Flapování trunking enkapsulace (.1Q/ISL)
* **gbic-invalid** - Vadný GBIC nebo SFP
* **ilpower** - Chyba v PoE
* **l2ptguard** - Chyba v tunelování L2 protokolu
* .**link-flap** - Flapující linka
* **loopback** - Detekuje smyčku na interfacu
* .**pagp-flap** - Nekonsistence etherchannelu
* **psecure-violation** - Událost port security
* .**rootguard** - STP BPDU od root bridge je přijato na nežádoucím portu
* **security-violation** - Detekuje chyby týkající se port security
* **storm-control** - Detekce L2 bouře
* .**udld** - Detekce jednosměrného provozu
* **unicast-flood** - Detekuje trigger blokování unicastového floodování
* **vmps** - Detekuje chyby při přizazování portu do dynamické VLAN za pomoci VMPS serveru
>.Switch(config)# **errdisable recovery cause** [**all** | //cause-name//]
>.Switch(config)# **errdisable recovery interval** //seconds//
* Interval obnovy je def. 300 sekund
* Možnost nastavení 30 - 86400 sekund (24hodin)
__Troubleshooting__
>.Switch# **show interface**
>.Switch# **show interfaces status**
>.Switch# **show interface status err-disabled**
___Pro zjištění speed/duplex mismatch:___
>.Switch# **show interface** //type mod/num//
* hledat nenulové hodnoty v "input errors" a "runts"
====== VLAN Configuration ======
>Switch(config)# [**no**] **vlan** //vlan-num//
>Switch(config-vlan)# **name** //vlan-name//
* //vlan-num// - 1-1001 (1,1002-1005 jsou vytvořené defaultně), extended 1-4094
* //vlan-name// - nepovinné, až 32 zanků bez mezer
>Switch(config)# **interface** //type module/number//
>Switch(config-if)# **switchport** (přepne port do režimu L2)
>Switch(config-if)# **switchport mode access**
>Switch(config-if)# **switchport access vlan** //vlan-num//
>Switch# **show vlan**
>Switch# **show vlan brief**
VLAN Name Status Ports
---- ---------------- ------- ------
1 default active Fa0/1,Fa0/2,Fa0/3,Fa0/10,Fa0/11,Fa0/12
20 VLAN0020 active Fa0/5,Fa0/6,Fa0/7
21 VLAN0021 active Fa0/8,Fa0/9
1002 fddi-default active
1003 trcrf-default active
1004 fddinet-default active
1005 trbrf-default active
>Switch# **show running-config interface** //type module/number//
Building configuration...
Current configuration 64 bytes
interface FastEthernet 0/5
switchport access vlan 20
switchport mode access
>Switch# **show mac address-table interface** //type module/number//
Mac Address Table
—————————————————————
Vlan Mac Address Type Ports
---- ----------- ---- -----
1 0030.b656.7c3d DYNAMIC Fa0/1
Total Mac Addresses for this criterion: 1
>Switch# **show interfaces** //type module/number// **switchport**
Name: Fa0/1
Switchport: Enabled
Administrative Mode: dynamic desirable
Operational Mode: static access
Administrative Trunking Encapsulation: negotiate
Operational Trunking Encapsulation: native
Negotiation of Trunking: On
Access Mode VLAN: 1 (default)
Trunking Native Mode VLAN: 1 (default)
Trunking VLANs Enabled: ALL
Pruning VLANs Enabled: 2-1001
Protected: false
Unknown unicast blocked: false
Unknown multicast blocked: false
Broadcast Suppression Level: 100
Multicast Suppression Level: 100
Unicast Suppression Level: 100
Alternativně (GNS3):
>Router# **vlan database**
>Router(vlan)# [**no**] **vlan** //vlan-num//
>Router# **show vlan-switch**
>Router# **show vlan-switch brief**
====== VLAN Trunk Configuration ======
>Switch(config)# **interface** //type mod/port//
>Switch(config-if)# **switchport**
>Switch(config-if)# **switchport trunk encapsulation** {**isl** | **dot1q** | **negotiate**}
>Switch(config-if)# **switchport trunk native vlan** //vlan-id//
>Switch(config-if)# **switchport trunk allowed vlan** {//vlan-list// | **all** | {**add** | **except** | **remove**} //vlan-list//}
>Switch(config-if)# **switchport mode** {**trunk** | **dynamic** {**desirable** | **auto**}}
Ve všech režimech DTP posílá zprávy každých 30s.
>Switch(config-if)# **switchport nonegotiate**
>Switch# **show interface** //type mod/port//
>Switch# **show vlan id** //vlan-id//
>Switch# **show interface** //type mod/num// **switchport** | **trunk**
>Switch# **show dtp** [**interface** //type mod/num//]
====== DTP - Dynamic Trunking Protocol ======
>SW# **no-isl-entries enable**
>Switch(config)# **interface** //type mod/port//
>Switch(config-if)# **switchport**
>Switch(config-if)# **switchport mode {dynamic {auto | desirable} | trunk}**
>Switch(config-if)# **switchport trunk encapsulation {isl | dot1q | negotiate}**
>Switch(config-if)# **switchport nonnegotiate**
>Switch(config-if)# **switchport trunk native vlan** //vlan-id//
>Switch(config-if)# **switchport trunk allowed vlan** {//vlan-list// | **all** | {**add** | **except** | **remove**} //vlan-list//}
Ve všech režimech DTP posílá zprávy každých 30s.
Vypnutí DTP:
>Switch(config-if)# **switchport nonegotiate**
>Switch# **show running-config**
>Switch# **show interface** //type mod/port//
>Switch# **show vlan id** //vlan-id//
>Switch# **show interface** //type mod/num// **switchport** | **trunk**
>Switch# **show dtp** [**interface** //type mod/num//]
>Switch# **show interfaces fastethernet 0/1 trunk**
Port Mode Encapsulation Status Native vlan
Fa0/1 desirable n-802.1q trunking 1
Port Vlans allowed on trunk
Fa0/1 1-150
====== VTP - Vlan Trunking Protocol ======
>Switch(config)# **vtp domain** //domain-name// ...(max.32 znaků)
>Switch(config)# **vtp mode** {**server** | **client** | **transparent**}
>Switch(config)# **vtp version** {**1** | **2**} ...(def.1)
>Switch(config)# **vtp password** //password//
* //password// - max.32 znaků, case-sensitive, používá se k výpočtu MD5
**VTP Pruning**
>Switch(config)# **vtp pruning**
>Switch(config)# **interface** //type mod/num//
>Switch(config-if)# **switchport trunk pruning vlan** {{{**add** | **except** | **remove**} //vlan-list//} | **none**}
VLAN 1,1002-1005 - nikdy nepodléhají pruningu (VLAN 1-kontrolní provoz)
>Switch# **show vtp status**
VTP Version : 2
Configuration Revision : 0
Maximum VLANs supported locally : 1005
Number of existing VLANs : 5
VTP Operating Mode : Server
VTP Domain Name :
VTP Pruning Mode : Disabled
VTP V2 Mode : Disabled
VTP Traps Generation : Disabled
MD5 digest : 0x57 0xCD 0x40 0x65 0x63 0x59 0x47 0xBD
Configuration last modified by 0.0.0.0 at 0-0-00 00:00:00
>Switch# **show vtp counters**
VTP statistics:
Summary advertisements received : 1
Subset advertisements received : 2
Request advertisements received : 1
Summary advertisements transmitted : 1630
Subset advertisements transmitted : 0
Request advertisements transmitted : 4
Number of config revision errors : 0
Number of config digest errors : 0
Number of V1 summary errors : 0
VTP pruning statistics:
Trunk Join Transmitted Join Received Summary advts received from
non-pruning-capable device
----------------- ---------------- --------------- -------------------------------
Gi0/1 82352 82931 0
>Switch# **show vlan brief**
>Switch# **show interface** //type mod/num// **switchport**
>Switch# **show interface** //type mod/num// **pruning**
====== EtherChannel ======
Jakmile je nakonfigurován EtherChannel, switch pro něj automaticky vytvoří virt. interface.
>Switch(config)# **interface port-channel** //number//
>Switch(config)# **port-channel load-balance** //method//
^//method// ^Hash Operation^Switch model^
|**src-ip** | bits | all |
|**dst-ip** | bits | all |
|**src-dst-ip** | XOR | all |
|**src-mac** | bits | all |
|**dst-mac** | bits | all |
|**src-dst-mac** | XOR | all |
|**src-port** | bits | 4500,6500 |
|**dst-port** | bits | 4500,6500 |
|**src-dst-port**| XOR | 4500,6500 |
__**L3 Portchannel**__\\
* Switch(config-if)# **no switchport**
* Switch(config-if)# **ip address** //address mask//
===== PaGP =====
>Switch(config)# **interface** //type mod/num//
>Switch(config-if)# **channel-protocol pagp**
>Switch(config-if)# **channel-group** //number// **mode** {**on** | {{**auto** | **desirable**} [**non-silent**]}}
**non-silent** - sw standartně v módu auto a desirable ani nečeká na žádné pagp zprávy (z důvodu připojení zař.,které pagp neumí), tímto příkazem aktivujeme posílání a očekávání pagp zpráv
===== LACP =====
>Switch(config)# **lacp system-priority** //priority(1-65535, def.32768)//
>Switch(config)# **interface** //type mod/num//
>Switch(config-if)# **channel-protocol lacp**
>Switch(config-if)# **channel-group** //number(1-64)// **mode** {**on** | **passive** | **active**}
>Switch(config-if)# **lacp port-priority** //priority(1-65535, def.32768)//
===== Troubleshooting =====
>Switch# **show etherchannel summary**
Switch# show etherchannel summary
Flags: D - down P - in port-channel
I - stand-alone s - suspended
H - Hot-standby (LACP only)
R - Layer3 S - Layer2
u - unsuitable for bundling
U - in use f - failed to allocate aggregator
d - default port
Number of channel-groups in use: 1
Number of aggregators: 1
Group Port-channel Protocol Ports
------+--------------+-----------+------------------------------------------------
1 Po1(SU) PAgP Fa0/41(P) Fa0/42(P) Fa0/43 Fa0/44(P)
Fa0/45(P) Fa0/46(P) Fa0/47(P) Fa0/48(P)
>Switch# **show etherchannel port**
Channel-group listing:
-----------------------
Group: 1
----------
Ports in the group:
--------------------
Port: Fa0/41
------------
Port state = Up Mstr In-Bndl
Channel group = 1 Mode = Desirable-Sl Gcchange = 0
Port-channel = Po1 GC = 0x00010001 Pseudo port-channel = Po1
Port index = 0 Load = 0x00 Protocol = PAgP
Flags: S - Device is sending Slow hello. C - Device is in Consistent state.
A - Device is in Auto mode. P - Device learns on physical port.
d - PAgP is down.
Timers: H - Hello timer is running. Q - Quit timer is running.
S - Switching timer is running. I - Interface timer is running.
Local information:
Hello Partner PAgP Learning Group
Port Flags State Timers Interval Count Priority Method Ifindex
Fa0/41 SC U6/S7 H 30s 1 128 Any 55
Partner’s information:
Partner Partner Partner Partner Group
Port Name Device ID Port Age Flags Cap.
Fa0/41 FarEnd 00d0.5849.4100 3/1 19s SAC 11
Age of the port in the current state: 00d:08h:05m:28s
>**show running-config interface** //type mod/ num//
>**show interface** //type mod/num// **etherchannel**
>**show etherchannel port-channel**
>**show etherchannel detail**
>**show etherchannel load-balance**
>**show etherchannel port-channel**
>**show {pagp | lacp} neighbor**
>**show lacp sys-id**
====== STP Spanning-tree protocol ======
>Switch(config)# [**no**] **spanning-tree vlan** //vlan-id//
>Switch(config-if)# [**no**] **spanning-tree vlan** //vlan-id//
># **show spanning interface** //type mod/port//
># **debug spanning-tree switch state**
===== STP Root Bridge: =====
>Switch(config)# [**no**] **spanning-tree extended system-id**
>Switch(config)# **spanning-tree vlan** //vlan-list// **priority** //bridge-priority//
* Standart //bridge-priority//: 0-65535, def.32768
* Extended //bridge-priority//: 0-61440 (násobky 4096), def.32768
>Switch(config)# **spanning-tree vlan** //vlan-id// **root** {**primary** | **secondary**} [**diameter** //diameter//]
* **primary** je-li aktuální priorita roota větší než 24576 switch si nastaví tuto prioritu, jeli priorita roota menší, switch si nastaví o 4096 nižší bridge prioritu (kromě nuly, tu je třeba nastavit ručně).
* **secondary** - bridge priority se nastaví na 28672
Switch(config)# spanning-tree vlan 1 root primary
vlan 1 bridge priority set to 24576
vlan 1 bridge max aging time unchanged at 20
vlan 1 bridge hello time unchanged at 2
vlan 1 bridge forward delay unchanged at 15
===== Root Path Cost: =====
>Switch(config-if)# **spanning-tree** [**vlan** //vlan-id//] **cost** //cost(1-65535)//
>Switch# **show spanning-tree interface** //type mod/num// [**cost**]
Switch# show spanning-tree interface fa0/1
Vlan Role Sts Cost Prio.Nbr Type
----------------- ---- --- ---------- -------- -----------------------------
VLAN0001 Root FWD 4 128.1 P2p
VLAN0010 Desg FWD 4 128.1 P2p
VLAN0020 Root FWD 4 128.1 P2p
===== Port Priority: =====
>Switch(config-if)# **spanning-tree** [**vlan** //vlan-list//] **port-priority** //port-priority(0-255,def.128)//
>Switch# **show spanning-tree interface** //type mod/num//
===== STP Timers: =====
Nastavovat jen na ROOTOVI!!!
__Manuální konfigurace:__
>Switch(config)# **spanning-tree** [**vlan** //vlan-id//] **hello-time** //seconds(1-10,def.2)//
>Switch(config)# **spanning-tree** [**vlan** //vlan-id//] **forward-time** //seconds(4-30,def.15)//
>Switch(config)# **spanning-tree** [**vlan** //vlan-id//] **max-age** //seconds(6-40,def.20)//
__Automatická konfigurace pomocí makra:__
>Switch(config)# **spanning-tree vlan** //vlan-list// **root** {**primary** | **secondary**} [**diameter** //diameter// [**hello-time** //hello-time//]]
===== PortFast =====
>Switch(config)# **spanning-tree portfast default**
>Switch(config-if)# [**no**] **spanning-tree portfast**
>Switch(config-if)# **switchport host**
Switch(config-if)# switchport host
switchport mode will be set to access
spanning-tree portfast will be enabled
channel group will be disabled
>Switch# **show spanning-tree interface** //type mod/num// **portfast**
===== UplinkFast =====
>Switch(config)# **spanning-tree uplinkfast** [**max-update-rate** //pkts-per-second(0-65535,def.150)//]
>Switch# **show spanning-tree uplinkfast**
Switch# show spanning-tree uplinkfast
UplinkFast is enabled
Station update rate set to 150 packets/sec.
UplinkFast statistics
Number of transitions via uplinkFast (all VLANs) : 2
Number of proxy multicast addresses transmitted (all VLANs) : 52
Name Interface List
--------------------- --------------------------------
VLAN0001 Gi0/1(fwd)
VLAN0010 Gi0/1(fwd)
VLAN0100 Gi0/1(fwd)
===== BackboneFast =====
>Switch(config)# **spanning-tree backbonefast**
>Switch# **show spanning-tree backbonefast**
Switch# show spanning-tree backbonefast
BackboneFast is enabled
===== Root Guard =====
>Switch(config-if)# **spanning-tree guard root**
>Switch# **show spanning-tree inconsistentports**
===== BPDU Guard =====
>Switch(config)# **spanning-tree portfast bpduguard default**
>Switch(config-if)# [**no**] **spanning-tree bpduguard enable**
>Switch# **show spanning-tree summary**
>Switch# **show spanning-tree summary totals**
===== Loop Guard =====
>Switch(config)# **spanning-tree loopguard default**
>Switch(config-if)# [**no**] **spanning-tree guard loop**
>Switch# **show spanning-tree summary**
===== UDLD =====
>Switch(config)# **udld** {**enable** | **aggressive** | **message time** //seconds(7-90,def.7 or 15)//}
>Switch(config-if)# **udld** {**enable** | **aggressive** | **disable**}
>Switch# **show udld interface** //type mod/num//
>Switch# **udld reset**
===== BPDU Filter =====
>Switch(config)# **spanning-tree bpdufilter default**
>Switch(config-if)# **spanning-tree bpdufilter** {**enable** | **disable**}
>Switch# **show spanning-tree summary**
===== Troubleshooting STP =====
>Switch# **show spanning-tree** [**detail**]
>Switch# **show spanning-tree** **vlan** //vlan-id//
>Switch# **show spanning-tree** [**vlan** //vlan-id//] **summary** [**totals**]
>Switch# **show spanning-tree** [**vlan** //vlan-id//] **root**
>Switch# **show spanning-tree** [**vlan** //vlan-id//] **bridge**
>Switch# **show spanning-tree bridge brief**
>Switch# **show spanning-tree interface** //type mod/num//
>Switch# **show spanning-tree interface** //type mod/num// **detail**
>Switch# **show spanning-tree interface** //type mod/num// **cost**
>Switch# **show spanning-tree interface** //type mod/num// **portfast**
>Switch# **show spanning-tree uplinkfast**
>Switch# **show spanning-tree backbonefast**
>Switch# **show spanning-tree inconsistentports**
>Switch# **show udld interface** //type mod/num//
====== Rapid PVST+ ======
Konfigurace edge portů:
>Switch(config-if)# **spanning-tree portfast**
Nastavení p2p pro half-duplex linku: (propojení switchů na half-duplexu)
>Switch(config-if)# **spanning-tree link-type point-to-point**
Zapnutí RPVSTP+:
>Switch(config)# **spanning-tree mode rapid-pvst**
Přechod zpět na PVST+:
>Switch(config)# **spanning-tree mode pvst**
>Switch# **show spanning-tree**
>Switch# **show spanning-tree vlan** //vlan-id//
Switch#show spanning-tree vlan 1
VLAN0001
Spanning tree enabled protocol rstp
Root ID Priority 0
Address 0001.421C.5EA1
Cost 4
Port 25(GigabitEthernet0/1)
Hello Time 2 sec Max Age 20 sec Forward Delay 15 sec
Bridge ID Priority 1 (priority 0 sys-id-ext 1)
Address 0060.3E78.B994
Hello Time 2 sec Max Age 20 sec Forward Delay 15 sec
Aging Time 20
Interface Role Sts Cost Prio.Nbr Type
---------------- ---- --- --------- -------- --------------------------------
Fa0/23 Altn BLK 19 128.23 P2p
Fa0/24 Altn BLK 19 128.24 P2p
Gi0/1 Root FWD 4 128.25 P2p
Gi0/2 Desg FWD 4 128.26 Shr
====== MST - Multiple Spanning Tree ======
>SW(config)# **spanning-tree mode mst**
>SW(config)# **spanning-tree mst configuration**
>SW(config-mst)# **name** //region_name (32 znaků)//
>SW(config-mst)# **revision** //number (0-35535)//
>SW(config-mst)# **instance** //number(0-15)// **vlan** //vlan_range//
>SW(config)# **spanning-tree mst** //instance-id// **root** {**primary** | **secondary**}[**diameter** diameter]
>SW(config)# **spanning-tree mst** //instance-id// priority //bridge-priority//
>SW(config-if)# spanning-tree mst instance-id cost cost
>SW(config-if)# spanning-tree mst instance-id port-priority port-priority
>SW(config)# **spanning-tree mst hello-time** //seconds//
>SW(config)# **spanning-tree mst forward-time** //seconds//
>SW(config)# **spanning-tree mst max-age** //seconds//
>SW(config-mst)# **show pending**
>SW# **show spanning-tree mst**
====== Multilayer switching ======
===== InterVLAN Routing =====
>Switch# **show interface** //type mod/num// **switchport**
Switch# show interface gigabitethernet 0/1 switchport
Name: Gi0/1
Switchport: Disabled
Switch#
=== Konfigurace L2 portu: ===
>Switch(config)# **interface** //type mod/num//
>Switch(config-if)# **switchport**
>Switch(config-if)# **no shutdown**
=== Konfigurace L3 portu: ===
>Switch(config)# **interface** //type mod/num//
>Switch(config-if)# **no switchport**
>Switch(config-if)# **ip address** //ip-address mask// [**secondary**]
>Switch(config-if)# **no shutdown**
=== Konfigurace SVI portu: ===
>Switch(config)# **vlan** //vlan-id//
>Switch(config-vlan)# **name** //vlan-name//
>Switch(config-vlan)# **exit**
>Switch(config)# **interface vlan** //vlan-id//
>Switch(config-if)# **ip address** //ip-address mask// [**secondary**]
>Switch(config-if)# **no shutdown**
>Switch# **show interface vlan** //vlan-id//
>Switch# **show vlan**
>Switch# **show ip interface brief**
===== Autostate of a SVI =====
Zajistí, že tento interfejs nebude mít vliv na stav SVI:
>Switch(config-if)# **switchport autostate exclude**
===== CEF Cisco Express Forwarding =====
Na Cat3750 a 4500 lze vypnout:
>Switch(config-if)# **no ip route-cache cef**
>Switch(config-if)# **no ip cef**
=== FIB table ===
>Switch# **show ip cef** [//type mod/num// | **vlan** //vlan-id//] [**detail**]
Switch# show ip cef vlan 101
Prefix Next Hop Interface
10.1.1.0/24 attached Vlan101
10.1.1.2/32 10.1.1.2 Vlan101
10.1.1.3/32 10.1.1.3 Vlan101
>Switch# **show ip cef** [//prefix-ip prefix-mask//] [**longer-prefixes**] [**detail**]
**longer-prefixes** - vypíše i routy s delší maskou než která byla specifikována v příkazu
Switch# show ip cef 10.1.0.0 255.255.0.0 longer-prefixes
Prefix Next Hop Interface
10.1.1.0/24 attached Vlan101
10.1.1.2/32 10.1.1.2 Vlan101
10.1.1.3/32 10.1.1.3 Vlan101
10.1.2.0/24 attached Vlan102
10.1.3.0/26 192.168.1.2 Vlan99
192.168.1.3 Vlan99
10.1.3.64/26 192.168.1.2 Vlan99
192.168.1.3 Vlan99
10.1.3.128/26 192.168.1.4 Vlan99
192.168.1.3 Vlan99
[output omitted]
Switch# show ip cef 10.1.3.0 255.255.255.192 detail
10.1.3.0/26, version 270, epoch 0, per-destination sharing
0 packets, 0 bytes
via 192.168.1.2, Vlan99, 0 dependencies
traffic share 1
next hop 192.168.1.2, Vlan99
valid adjacency
via 192.168.1.3, Vlan99, 0 dependencies
traffic share 1
next hop 192.168.1.3, Vlan99
valid adjacency
0 packets, 0 bytes switched through the prefix
tmstats: external 0 packets, 0 bytes
internal 0 packets, 0 byte
* version = počet updatů CEF záznamu od vytvotření tabulky
* epoch = počet zahození CEF tabulky a vytvoření celé nové
=== Adjacency table ===
>Switch# **show adjacency** [//type mod/num// | **vlan** //vlan-id//] [**summary** | **detail**]
Switch# show adjacency summary
Adjacency Table has 106 adjacencies
Table epoch: 0 (106 entries at this epoch)
Interface Adjacency Count
Vlan99 21
Vlan101 3
Vlan102 1
Vlan103 47
Vlan104 7
Vlan105 27
Switch# show adjacency vlan 99 detail
Protocol Interface Address
IP Vlan99 192.168.1.2(5)
0 packets, 0 bytes
000A5E45B145000E387D51000800
ARP 01:52:50
Epoch: 0
IP Vlan99 192.168.1.3(5)
1 packets, 104 bytes
000CF1C909A0000E387D51000800
ARP 04:02:11
Epoch: 0
* **000A5E45B145**000E387D51000800 - Next-hop MAC adresa
* 000A5E45B145**000E387D5100**0800 - lokální MAC (MAC interface Vlan99)
* 000A5E45B145000E387D5100**0800** - Protocol type (IP)
* **ARP 01:52:50** - stáří ARP záznamu
**Adjacency "glean state":**
Switch# show ip cef adjacency glean
Prefix Next Hop Interface
10.1.1.2/32 attached Vlan101
127.0.0.0/8 attached EOBC0/0
[output omitted]
Switch# show ip arp 10.1.1.2
Switch# show ip cef 10.1.1.2 255.255.255.255 detail
10.1.1.2/32, version 688, epoch 0, attached, connected
0 packets, 0 bytes
via Vlan101, 0 dependencies
valid glean adjacency
Switch# show cef drop
CEF Drop Statistics
Slot Encap_fail Unresolved Unsupported No_route No_adj ChkSum_Err
RP 8799327 1 45827 5089667 32 0
Switch# show cef not-cef-switched
CEF Packets passed on to next switching layer
Slot No_adj No_encap Unsupp’ted Redirect Receive Options Access Frag
RP 3579706 0 0 0 41258564 0 0 0
===== DHCP na MLS =====
=== Konfigurace DHCP serveru ===
>Switch(config)# **ip dhcp excluded-address** //start-ip end-ip//
>Switch(config)# **ip dhcp pool** //pool-name//
>Switch(config-dhcp)# **network** //ip-address subnet-mask//
>Switch(config-dhcp)# **default-router** //ip-address// [//ip-address2//] [//ip-adress3//] ...
>Switch(config-dhcp)# **lease** {**infinite** | {//days// [//hours// [//minutes//]]}}
>Switch# **show ip dhcp binding**
=== Konfigurace DHCP Relay ===
* konfiguruje se na L3 interfejsu, který bude klientům ve svém subnetu provádět relay
* ip helper-address - lze zadat víckrát
>Switch(config)# **interface vlan5**
>Switch(config-if)# **ip address** //192.168.1.1 255.255.255.0//
>Switch(config-if)# **ip helper-address** //192.168.199.4//
===== HSRP =====
>Switch(config-if)# **standby** //group(1-255 / 1-16)// **priority** //priority(0-255, def.100)//
>Switch(config-if)# **standby** //group// **timers** [**msec**] //hello// [**msec**] //holdtime//
* //hello// = 1-254 s nebo 15-999 ms (def. 3 s)
* //holdtime// = 1-255 s nebo 50-3000 ms (def. 10 s), doporučuje se trojnásobek Hello timeru
>Switch(config-if)# **standby** //group// **preempt** [**delay** [**minimum** //seconds//] [**reload** //seconds//]]
* //delay// - pozdržení převzetí aktivní role
* //minimum// - 0-3600s, měří se od chvíle kdy je router schopen převzít aktivní roli (interface up, nakonfigurování HSRP)
* //reload// - 0-3600s po restartu routeru, účelem je dát čas routovacím protokolům aby zkonvergovaly
>Switch(config-if)# **standby** //group// **track** //type mod/num// [//decrementvalue(def.10)//]
>Switch(config-if)# **standby** //group// **ip** //ip-address// [**secondary**]
>Switch(config-if)# **show standby** [**vlan** //vlan-id// | //type mod/num//] [**brief**]
__Plaint-text Authentikace:__
>Switch(config-if)# **standby** //group// **authentication** //string//
__MD5 Authentikace - string:__
>Switch(config-if)# **standby** //group// **authentication md5 key-string** [**0** | **7**] //string//
__MD5 Authentikace key-chain:__
>Switch(config)# **key chain** //chain-name//
>Switch(config-keychain)# **key** //key-number//
>Switch(config-keychain-key)# **key-string** [**0** | **7**] //string//
>Switch(config)# **interface** //type mod/num//
>Switch(config-if)# **standby** //group// **authentication md5 key-chain** //chain-name//
===== VRRP =====
>Switch(config-if)# **vrrp** //group(0-255)// **priority** //level(1-254,def.100)//
>Switch(config-if)# **vrrp** //group(0-255)// **timers advertise** [**msec**] //interval(def.1s)//
>Switch(config-if)# **vrrp** //group(0-255)// **timers learn**
>Switch(config-if)# **no vrrp** //group(0-255)// **preempt**
>Switch(config-if)# **vrrp** //group(0-255)// **preempt** [**delay** //seconds(def.0s)//]
>Switch(config-if)# **vrrp** //group(0-255)// **authentication** //string//
>Switch(config-if)# **vrrp** //group(0-255)// **ip** //ip-address// [**secondary**]
>Switch# **show vrrp** [**brief**]
>Switch# **show vrrp brief all**
>Switch# **show vrrp interface** //type mod/num//
===== GLBP =====
>Switch(config-if)# **glbp** //group// **ip** [//ip-address// [**secondary**]]
>Switch# **show glbp** [//group//] [**brief**]
=== AVG ===
>Switch(config-if)# **glbp** //group(0-1023)// **priority** //level(1-255, def.100)//
>Switch(config-if)# **glbp** //group// **preempt** [**delay minimum ** //seconds//]
>Switch(config-if)# **glbp** //group// **timers** [**msec**] //hellotime// [**msec**] //holdtime//
* //hellotime// - 1-60s nebo 50-60000ms
* //holdtime// - až 180s nebo 180000ms, musí být větší (ideálně třikrát) než hellotime
=== AVF ===
>Switch(config-if)# **glbp** //group// **timers redirect** //redirect timeout//
* "redirect timer" - **0-3600 s**, defaultně **600 s**
* "timeout timer" - **700-64800** s (18h), def. **14400** s (4h)
>Switch(config)# **track** //object-number(1-500)// **interface** //type mod/num// {**line-protocol** | **ip routing**}
* **line-protocol** - sleduje line protocol up/down
* **ip routing** - sleduje zapnutý routing, nastavenou IP adresu, a line protocol na interfejsu
>Switch(config-if)# **glbp** //group// **weighting** //maximum// [**lower** //lower//] [**upper** //upper//]
* //lower// - 1-254, def. 1
* //upper// - 1-254, def. = 100 (defaultně = max weight)
>Switch(config-if)# **glbp** //group// **weighting track** //object-number// [**decrement** //value//]
=== Load Balancing ===
>SW_AVG(config-if)# **glbp** //group// **load-balancing** [**round-robin** | **weighted** | **host-dependent**]
* //value// - 1-254. def. 10
====== Supervizor and Route Processor Redundancy ======
* první konfigurace se musí udělat na obou supervizorech
* pak už jen na aktivním (změny apod.)
>Router(config)# **redundancy**
>Router(config-red)# **mode** {**rpr** | **rpr-plus** | **sso**}
* **rpr-plus** - verze IOS obou supervizorů musejí být stejné, jinak to poběží jen jako **rpr**
>Router# **show redundancy states**
Router# show redundancy states
my state = 13 -ACTIVE
peer state = 8 -STANDBY HOT
Mode = Duplex
Unit = Secondary
Unit ID = 2
Redundancy Mode (Operational) = Route Processor Redundancy Plus
Redundancy Mode (Configured) = Route Processor Redundancy Plus
Split Mode = Disabled
Manual Swact = Enabled
Communications = Up
client count = 11
client_notification_TMR = 30000 milliseconds
keep_alive TMR = 9000 milliseconds
keep_alive count = 1
keep_alive threshold = 18
RF debug mask = 0x0
==== Synchronizace supervizorů ====
>Router(config)# **redundancy**
>Router(config-red)# **main-cpu**
>Router(config-r-mc)# **auto-sync** {**startup-config** | **config-register** | **bootvar**}
Návrat do defaultu:
>Router(config-r-mc)# **auto-sync standard**
==== Nonstop Forwarding ====
BGP
>Router(config)# **router bgp** //as-number//
>Router(config-router)# **bgp graceful-restart**
EIGRP
>Router(config)# **router eigrp** //as-number//
>Router(config-router)# **nsf**
OSPF
>Router(config)# **router ospf** //process-id//
>Router(config-router)# **nsf**
IS-IS
>Router(config)# **router isis** //process-id//
>Router(config-router)# **nsf** [**cisco** | **ietf**]
>Router(config-router)# **nsf interval** [//minutes//]
>Router(config-router)# **nsf t3** {**manual** //seconds// | **adjacency**}
>Router(config-router)# **nsf interface wait** //seconds//