VRRP Tutorial (Virtual Router Redundancy Protocol)

October 30, 2015January 25, 2011 by Shahed

VRRP Tutorial (Virtual Router Redundancy Protocol)

Today i will discuss about VRRP Tutorial, VRRP stands for Virtual Router Redundancy Protocol. It is a FHRP: First Hop Redundancy Protocol, which means they allow you to configure more than one physical router but it can still be seen as a single router.
First Hop means that any packet traveling out the network has its gateway as its first hop. It is protocol used for Gateway redundancy. [boxads]

–         It is similar to the HSRP protocol by Cisco
–         It is an open standard redundancy protocol i.e. can be used between different vendors
–         Was created by the IETF in 1999 and became industry standard
–         Faster than HSRP
–         The hello time is of 1 second
–         The Dead timer or Hold timer is of 3 seconds
–         The Active / Standby of HSRP are known as Master / Backup in VRRP
–         The Standby Group of HSRP is known as VRRP Group
–         If we use the real IP address then that router becomes the master
–         In case a Virtual IP address is used, the router with the highest priority is considered Master
–         VRRP messages are used to inform group members its status by the VRRP master
–         The virtual MAC address by default is 0000.5e00.01xx, where xx means the hexadecimal group number
–         The Hellos in VRRP are sent to 224.0.0.18 multicast address
–         Default priority used is 100
–         The VRRP group number range is from 0 to 255
–         In VRRP the priorities range is from 1 to 254 ( 100 is default)
–         In VRRP the routers are configured to preempt the current master router by default if the priority is greater.
–         Advertisements in VRRP are sent to the multicast destination address 224.0.0.18 (VRRP), using IP protocol 112.
–         In VRRP , router Role, we can have one Master router and one or more Backup routers
–         By default preempt is on in VRRP which means that if a router that was master goes down, it loses master-ship but if it comes up again, it becomes master without any config changes or intervention.
– Does not support IPv6
Consider the following diagram, we have Router0 and Router1 configured with the VRRP configuration.

The Virtual IP (VIP) to be used is 10.10.10.10

OSPF Network Types Example

January 21, 2015January 17, 2011 by Shahed

OSPF Network Types:

[boxads] There are several kind of OSPF Network Types are use in service provider environment. OSPF message addresses are determined by the type of network to which the OSPF interface is connected. One of the following OSPF network types must be selected when configuring an interface on an OSPF router.

Point-to-Point: A network that can connect only two routers. Leased-line WAN links such as Dataphone Digital Service (DDS) and T-Carrier are point-to-point networks. OSPF messages sent on point-to-point networks use IP multicast addresses.

No DR/BDR concept.
Has a Master and Slave concept instead, with highest interface chosing the Master, but can be manually set.
Default Priority = 0
Multicast = 224.0.0.5
Hello Timer = 10
Hello Dead Timer = 40
1 Common Subnet

Point-to-Multipoint: A point-to-multipoint configuration approaches the non-broadcast limitation in a different manner. Rather than trying to emulate broadcast capability, it seeks to organize the PVCs into a collection of point-to-point networks. Hello packets must still be replicated and transmitted individually to each neighbor, but the multipoint approach offers two distinct advantages: no DR/BDR is needed, and the emulated point-to-point links can occupy a common subnet.

Spanning Tree Protocol Security

October 30, 2015January 12, 2011 by Shahed

Spanning Tree Protocol Security

Today I will discuss about Spanning Tree Protocol Security issue. Spanning Tree Protocol (STP), also known as 802.1d, is a Layer 2 protocol designed to prevent loops within switched networks. Typically, STP goes through a number of states (e.g., block, listen, learn, and forward) before a port is able to pass user traffic. [boxads]

A vulnerability associated with STP is that a system within the network can actively modify the STP topology. There is no authentication that would prevent such an action. The bridge ID, a combination of a two-byte priority and a six-byte MAC address, determines the root bridge within a network.

1. STP Portfast Bridge Protocol Data Unit (BPDU) Guard

The STP Portfast BPDU Guard allows network administrators to enforce the STP topology on ports enabled with Portfast. Systems attached to ports with the Portfast BPDU Guard enabled will not be allowed to modify the STP topology. Upon reception of a BPDU message, the port is disabled and stops passing all network traffic.

This feature can be enabled both globally and individually for ports configured with Portfast. By default, STP BPDU guard is disabled. The following Spanning Tree Protocol Security command is used to globally enable this feature on a Cisco 3550 series switch.

Switch(config)# spanning-tree portfast bpduguard default

Use the following command to verify the configuration.

Switch> show spanning-tree summary totals

To enable this feature at the interface level on a Cisco 3550 series switch, use the following command.

Switch(config-if)# spanning-tree bpduguard enable

Spanning Tree Protocol Overview

October 30, 2015January 11, 2011 by Shahed

Spanning Tree Protocol Overview

Today I will discuss about Spanning Tree Protocol. STP prevents a network from frame looping by putting some interfaces in forwarding state & some interfaces in blocking state. [boxads]

Whenever two or more switches are connected with each other for redundancy purpose loop can occur. STP Protocol is used to prevent the loop. Spanning Tree Protocol is layer 2 Protocol & by default it is enabled on switches.

If we don’t use STP, these problems will occur on the network:

(i) Broadcast Storms

(ii) High Processor Utilization

(iii) Mac Table instability

(iv) Multiple Frame Transmission

STP Tasks:

1. Elect Root Bridge
2. Elect Designated Port
3. Elect Root Port

VLAN Mapping Cisco Switch Configuration

October 26, 2015January 7, 2011 by Shahed

VLAN Mapping Cisco Switch Configuration:

Today i will show you how to configure VLAN mapping cisco switch.

[boxads]

Here we Map Vlan 10 to VLAN 20 in Gigabit Ethernet port 0/1:

Switch# configure terminal
Switch(config)# interface gigabitethernet 0/1
Switch(config-if)# switchport mode trunk
Switch(config-if)# switchport vlan mapping 10 20
Switch(config-if)# switchport vlan mapping 11 21
Switch(config-if)# switchport vlan mapping 12 22
Switch(config-if)# switchport vlan mapping drop default
Switch(config-if)# end
Switch#

So all incoming Vlan 10 of gi0/1 interface is Converted/Translated to Vlan 20. same way Vlan 11, 12 mapping with 21, 22.

How to verify the configuration:

Switch# show vlan mapping
or
Switch# show interface gigabitethernet 0/1 vlan mapping

State: enabled

Original VLAN Translated VLAN
—————- ——————–

10 20

Layer 2 Switching process

October 30, 2015January 5, 2011 by Shahed

Layer 2 Switching process

Today I will discuss about Layer 2 Switching process. A Process of using the MAC address on LAN is called Layer 2 Switching.

Layer 2 Switching is the process of using hardware address of devices on a LAN to segment a network. Switching breaks up large collision domains into smaller ones and that a collision domain is a network segment with two or more devices sharing the same bandwidth. [boxads]

Ethernet is a LAN technology based on the IEEE 802.3 standard. It provides a shared medium to transfer the data.

There are three Switching Modes:

Cut through (Fast Forward)- When in this mode, the switch only waits for the destination hardware address to be received before it looks up the destination address in the MAC filter table. Cisco sometimes calls this the fast forward method.
Fragment Free (Modified cut through)- This is the default mode for the catalyst 1900 switch, and it’s sometimes referred to as modified cut through. In fragment free mode, the switch checks the first 64 bytes of a frame before forwarding it for fragmentation, thus guarding against forwarding runts, which are caused by collisions.
Store and forward- In this mode the complete data frame is received on the switch’s buffer, a CRC is run, and if the CRC passes, the switch looks up the destination address in the MAC filter table.