Sunday, December 31, 2017

Cisco CCNP:300-115 - 1.4 Configure and verify trunking: 1.4.a VTPv1, VTPv2, VTPv3, VTP pruning

Recently I needed to renew my Cisco CCNPs, that is both CCNP Routing and Switching as well as CCNP Security. While working with Cisco products (well now they own SourceFire, so exclude these) is not within my daily duties, I still thought it was important for me to maintain these two credentials. As a result, I've put together my notes below focusing on the key points I used to study. I believe that someone else may find them useful.



     Trunking 
         
          - Trunks are point-to-point links between one or more Ethernet switch interface and anotehr router router or switch
          - Trunking can be done with 802.1Q
          - 802.1Q tunnels maintain customer integrity across a service-provider network
          - A 802.1Q tunnel port belongs to a single VLAN which is dedicated to tunnelling
          - Ethernet trunks carry traffic of multiple VLANs over a single link
          -  VLANs can be extended across an entire VLAN
          - The encapsulation protocols used for trunking are:
              - Inter-switch Link (ISL): Cisco Proprietary
              - 802.1Q: Industry standard truning
              - negotiate: requires the interface to neogitate with its neighor on whether to use ISL (preferred) or 802.1Q
          - Trunks can be configured on a single Ethernet interface or on EtherChannel bundle  
          - To autonegotiate trunking, the interfaces must be in the same VTP domain
          - Trunking negotiation is managed by Dynamic Trunking Protocol (DTP), a point-to-point protocol
          - DTP should be turned off on DTP interfaces which are connected to non-DTP interfaces
          - When trunking is not desired use the "SW1(config-if)#switchport mode access" to disable trunking on the interface
          - To force an interface to become a trunk without negotiating use: "SW1(config-if)#switchport mode trunk" and "SW1(config-if)#switchport nonegotiate"
          - To configure an interface for 802.1Q encapsulation use: "SW1(config-if)#switchport trunk encapsulation dot1q"
          - To configure an interface for ISL encapsulation use: "SW1(config-if)#switchport trunk encapsulation isl"
          - DTP is not supported on private-VLANS ports or tunnel ports
          - Trunking modes are:
              - "dynamic auto"
                    - Interface is able to convert to a trunk link
                    - Interface becomes a trunk if the neighbor is "trunk" or "desirable"
              - "dynamic desirable"
                    - The interface actively attempts to become a trunk link
                    - The interface becomes a trunk if its neighbor is in "trunk", "desirable" or "auto"
                   
               -  "trunk"
                     -  Interface is in permanent trunking mode
                     -  Negotiate with the neighbor to become a trunk
                     -  The interface becomes a trunk interface even if the neighbor is NOT  trunk
                    
                - "nonegotiate"
                      - Prevents the interface from generating DTP frame.
                      - Should only be used when interface is a "access" or "trunk"
                      - Requires neighboring interface be configured manually as a trunk to establish the trunk link
                
                 -  "dot1q-tunnel"
                       - Used for tunneling
                       -  Used to maintain customer VLAN integrity across a service provider network
                      
                Modes that forms a tunnel:
                      - "trunk" and "trunk"
                      - "trunk" and "desirable auto"
                      - "trunk" and "dynamic desirable"
                      - "dynamic desirable" and "dynamic desirable"
    
            - A trunk port is a member of all VLANs by default
            - VLAN membership of VLANs can be influenced by the allowed-VLANs
            - A trunk port cannot be a secure port
            - A trunk port cannot be a tunnel port
            - Trunk ports ca be groups into EtherChannel port groups
            - All trunks in the EtherChannel group must have the same configuration
            - When a trunk group is created, all ports follow the parameters et for the first port to be added to the group
            - If configuration changes for:
                - Allowed-Vlan list
                - STP port priority for each VLAN
                - STP Port Fast setting
                - trunk status: If one gport in the EtherChannel group ceases to be a trunk, all ports ceases to be trunks
         
            - Cisco recommends no more than 24 ports in PVST and no more than 40 trunk ports in MST mode
           
            - Attempting to enable IEEE 802.1x on a trunk port results in an error message
            - 802.1x cannot be enabled on trunk ports
            - 802.1x ports cannot be changed to trunk
           
           
           - Attempting to enable IEEE 802.1x on a dynamic port results in an error message
            - 802.1x cannot be enabled on dynamic ports
            - 802.1x ports cannot be changed to dynamic
           
           
        - By default, traffic from all (1-4094) VLANs  are allowed on a trunk link
        - To restrict traffic from a trunk use:
              SW2(config-if)#switchport trunk allowed vlan remove 30-40

        - VLAN 1 can be removed on trunk to reduce the risk of spanning-tree loops or storms
        - Even though VLAN 1 has been removed, the interface can continue to send and receive managemnet traffic such as CDP, PAgP, LACP, DTP and VTP
       
     
      - Load sharing on trunk ports
        - Divides the bandwidth supplied by parallel trunks connecting switches
        - Divide the traffic between the links according to which VLAN the traffic belongs
        - Load sharing is configured by leveraging STP port priorities or STP path costs
        - When leveraging STP priorities for load sharing, both load sharing links must be connected to the same switch
        - When leveraging STP path costs for load sharing, each load-sharing link can be connected to the same switch or to two different switches
       
  

No comments:

Post a Comment