Tag Archives: Cisco

A side note about VLANs

I was going over a tricky configuration with a co-worker today concerning VLANs and IP addressing.

We have a switch (Cisco 2960) connected to a router. The router is providing 4 VLANs via a single port, and we want to have all 4 VLANs present, regardless of what is plugged into the switch.

Now we know from our studies, that we can create all the VLANs we want in global configuration mode, BUT those VLANs are not visible until they are active, and to be active, they must have an active port in the VLAN.

VLANsSo here is where it gets to be fun. I decided to recreate the problem in my home lab. I don’t have a 2960 lying around but I do have a 2950 and a 3550, so I patched them together as shown. The trunk connecting the two switches is a 3 port trunk.

With an IP address set on each VLAN I can ping from the 3550 to the router and vice versa, but I cannot ping the 2950 except VLAN 501 (designated the native VLAN)

So why is this … I can ping everything except VLAN502,3 & 4 on the 2950.

Well, the answer is simple – the 2950 is  simple layer two switch and can only have one IP address for management purposes. The 3550 is a much more sophisticated layer three switch and can have one IP address per VLAN.

The 2950 will close down the VLANs with IP addresses except for the native vlan, and they are administratively down too.

s2950#sh ip int br
Interface IP-Address OK? Method Status Protocol
Vlan1 unassigned YES NVRAM administratively down down 
Vlan501 172.17.35.51 YES manual up up 
Vlan502 10.100.35.51 YES manual administratively down down 
Vlan503 172.18.35.51 YES manual administratively down down 
Vlan504 172.30.35.51 YES manual administratively down down 
FastEthernet0/1 unassigned YES unset down down 
FastEthernet0/2 unassigned YES unset down down 
FastEthernet0/3 unassigned YES unset down down

Guess I need to buy another 3550!

BTW – just for fun, here is the router Fast Ethernet port configuration , and this is a great example of why Router on a Stick is so useful!

VLANs2

Tweet about this on TwitterShare on Google+Share on LinkedInShare on FacebookShare on RedditShare on StumbleUponEmail this to someone

Cisco SG500 Switches

I have a love/hate relationship with these switches. It isn’t that they are bad, its just that they are different from the normal Cisco switch that I am used to and this has caused me just a few issues. Let me explain.

cisco_sg500-52p-k9-na

The SG500 is a hybrid switch of sorts. Now I am a little woolly here on the exact details but my understanding is that the hardware is not standard Cisco designed hardware, having come initially from Linksys, and the IOS has been butchered to run on it.

Whether that is right or wrong is really irrelevant, what matters is that these boxes don’t run standard IOS. This has, as you can imagine, caused me some issues.

I have a client that runs a small business. They have just moved into a new building and purchased nine of these to do their network switching. I have two as primary switches connected to a pair of ASAs, and seven as access switches, trunked to both primaries for redundancy.

The configuration works very well, but getting there was an adventure. I can’t (and don’t want to) put together a list of discrepancies between IOS and the version of IOS that these beasts run, because I don’t know the full extent of the discrepancies, but what I do know is this:

Once a port channel is created, it is very hard to delete again. Even wiping the config doesn’t remove it

useful commands like:

  • show interface trunk
  • show vlan brief
  • show ip interface brief

… do not appear in this IOS version. Instead we have command like

  • show interface status

The problem with this command is that it doesn’t give the level of detail I am accustomed to, and if you are trunking, the trunk interfaces do no show up with this command. Given that there is no show command for trunks (that I have been able to find) that makes debug really hard. That actually caused me some heartache this weekend.

I had an old configuration that used three ports for an Etherchannel. Deleting the old startup config, reloading and writing a new config resulted in missing ports that were still associated with the old Etherchannels. How does that happen?

The fix that I finally applied – and it was a bit of a nuclear option – was to use the web interface to change the mode of the switch from native stacking to stand alone. Once that happened and the configs were reloaded (changing the mode will delete your configs) the switch burst into life and all that was supposed to happen, started to happen.

Which brings me to one of the great features about this switch; the web interface. I have 3550s and 2950s in my lab. Great switches but 100% of the time I use the CLI to configure them. The SG switches, on the other hand, have a rather nice and quite comprehensive web interface. It seems to be easy to use and quite intuitive, and gives you plenty of warnings if you are trying to do something silly.

cisco-sg500-3

A little better than the 2950 web interface!

Overall, I like these switches despite the quirks., and I’m looking forward to getting to know them better. My concern is that I will end up talking two versions of IOS and tripping over myself if I forget which switch model I am working on.

 

Tweet about this on TwitterShare on Google+Share on LinkedInShare on FacebookShare on RedditShare on StumbleUponEmail this to someone

Layer 3 Switches

In this post I am going to revisit the lab I did for the Router On A Stick configuration (ROAS), but this time I’m going to use a layer three switch.

So what is a layer three switch?

Layer three switches are your ordinary basic switch, but with the added capability of being able to perform basic routing. This does not mean that you can throw away your routers, but it does enable you to do inter-vlan routing withing your network, shifting the workload from the router to the switch.

So what is the advantage in doing this?

For a small network, there really isn’t that much in the way of advantage, but in larger networks we can reduce network traffic and router workload by distributing some of the local routing to the switches.

L3sw

 

The layer three switch that I am using is a Catalyst 3550; which for those building home labs, is not a bad switch at all, and at this time, quite inexpensive if purchased from ebay.

I am using routers as hosts so my configs for the routers are:

interface FastEthernet0/0
 description Host A in VLAN 4
 ip address 172.12.4.4 255.255.255.0
 speed auto
ip default-gateway 172.12.4.1
interface FastEthernet0/0
 description Host B in VLAN 2
 ip address 172.12.2.2 255.255.255.0
 speed auto
ip default-gateway 172.12.2.1

and the switch configs are:

interface FastEthernet0/1
 switchport access vlan 2
 switchport mode access
!
interface FastEthernet0/2
 switchport access vlan 4
 switchport mode access
!
interface Vlan2
 ip address 172.12.2.1 255.255.255.0
!
interface Vlan4
 ip address 172.12.4.1 255.255.255.0

With this set up, each host can ping its gateway, but not each other.

Type escape sequence to abort.
 Sending 5, 100-byte ICMP Echos to 172.12.4.4, timeout is 2 seconds:
 !!!!!
 Success rate is 100 percent (5/5), round-trip min/avg/max = 1/1/1 ms
 r2>ping 172.12.4.1
 Type escape sequence to abort.
 Sending 5, 100-byte ICMP Echos to 172.12.4.1, timeout is 2 seconds:
 .!!!!
 Success rate is 80 percent (4/5), round-trip min/avg/max = 1/1/4 ms
 r2>ping 172.12.4.1
 Type escape sequence to abort.
 Sending 5, 100-byte ICMP Echos to 172.12.4.1, timeout is 2 seconds:
 !!!!!
 Success rate is 100 percent (5/5), round-trip min/avg/max = 1/2/4 ms
 r2>ping 172.12.2.2
 Type escape sequence to abort.
 Sending 5, 100-byte ICMP Echos to 172.12.2.2, timeout is 2 seconds:
 .....
 Success rate is 0 percent (0/5)
 r2>ping 172.12.2.1
 Type escape sequence to abort.
 Sending 5, 100-byte ICMP Echos to 172.12.2.1, timeout is 2 seconds:
 .....
 Success rate is 0 percent (0/5)
 r2>

So what do we need to do to make the two VLANs communicate with each other? Well, layer three switches Do Not have routing turned on be default, so we need to turn on the routing, and here is how we do that:

s3550(config)#ip routing
s3550(config)#exit

We should verify that our route works:

s3550#sh ip route
---- snip -----
172.12.0.0/24 is subnetted, 2 subnets
C   172.12.2.0 is directly connected, Vlan2
C   172.12.4.0 is directly connected, Vlan4
C   192.168.2.0/24 is directly connected, Vlan1

But when we try and ping, we still get no connection between VLANs. So what is the problem there then?

If we check the hosts and do a show ip route, there is no default gateway, so in order for this to work correctly, we need to set that:

r3(config)#ip route 0.0.0.0 0.0.0.0 172.12.2.1

r2(config)#ip route 0.0.0.0 0.0.0.0 172.12.4.1

… and once the default route is in the hosts, the whole things bursts into life – we have a working layer three switch:

r3#ping 172.12.2.2
 Type escape sequence to abort.
 Sending 5, 100-byte ICMP Echos to 172.12.2.2, timeout is 2 seconds:
 !!!!!
 Success rate is 100 percent (5/5), round-trip min/avg/max = 1/1/4 ms
 r3#ping 172.12.2.1
 Type escape sequence to abort.
 Sending 5, 100-byte ICMP Echos to 172.12.2.1, timeout is 2 seconds:
 !!!!!
 Success rate is 100 percent (5/5), round-trip min/avg/max = 1/2/4 ms
 r3#ping 172.12.4.1
 Type escape sequence to abort.
 Sending 5, 100-byte ICMP Echos to 172.12.4.1, timeout is 2 seconds:
 !!!!!
 Success rate is 100 percent (5/5), round-trip min/avg/max = 1/1/4 ms
 r3#ping 172.12.4.4
 Type escape sequence to abort.
 Sending 5, 100-byte ICMP Echos to 172.12.4.4, timeout is 2 seconds:
 !!!!!
 Success rate is 100 percent (5/5), round-trip min/avg/max = 1/2/4 ms

Troubleshooting

There are a number of key commands that can help trouble shoot this configuration.

To make sure the VLANs are present on the switch and the ports are in the right VLAN, we use show vlan brief.  You should see something like this:

2 VLAN0002 active Fa0/1
4 VLAN0004 active Fa0/2

… and for checking the host and switch routing tables, use show ip route.

Tweet about this on TwitterShare on Google+Share on LinkedInShare on FacebookShare on RedditShare on StumbleUponEmail this to someone

Ethernet Autonegotiation

Generally speaking, network engineers don’t like or use auto negotiation. Historically it just hasn’t worked all that well, and for the older Cisco exams, it was considered best practice to manually configure your Ethernet ports. Frankly, that is not a hard thing to do, given that most of the time your ports all have the same config.

For instance, if we have a switch in a rack that is connected to user host machines, we might write the config as such:

interface range FastEthernet0/1-48
 switchport mode access
 speed 100
 duplex full
no shutdown

… and we have 48 ports of 100base-t full duplex. We can of course set each individual port for legacy purposes – just to make sure that 10Base scanner you have still works, and so on.

Looking to the future though, auto negotiation is going to become more prevalent especially as it is a part of Cisco’s best practices for gigabit Ethernet.

So how does auto negotiation work?

Auto-negotiation works by using a special PULSE called an NLP (or Normal Link Pulse) or in the case of Gigabit Ethernet, Fast Link Pulse (FLP).
These pulses are:

  • transmitted during dead times on the Ethernet link
  • are used to broadcast port capabilities to the port at the other end of the link
  • act as a hello or keep alive signal

In essence, the link will run at the speed of the slower port, and will always prefer to run in full duplex unless otherwise indicated that one of the ports is half duplex.

This is great, because we don’t have to configure each port, as we indicated above. This is not a huge chore for a small network, but in a large network, with a variety of devices on the network, this can be time consuming and cumbersome to do.

As engineers we are lazy/smart so we let the equipment do the work. If I change out a host device from a 100Mb capable device to a new 1000Mb capable device, I would usually have to log in to the switch, find the right port and change the config. With auto-negotiation, I don’t have to do that, I can let the switch figure out the best speed.

Now it is good to bear in mind that some of the older Cisco gear does not allow for auto negotiation, but it is standard on new equipment.

 

Tweet about this on TwitterShare on Google+Share on LinkedInShare on FacebookShare on RedditShare on StumbleUponEmail this to someone

Mac OSX and Serial Communications

If you use a MAC and need to communicate with routers and switches, how do you set up serial communications on OSX?

I’ve been working on this issue for a little while now and have come to the conclusion that almost none of the MAC software for serial comms is worth a damn. I mean, it just doesn’t work!

What does work though, is the screen command. Here is what I did to get serial comms finally working. In my case I had some USB to serial converters that I connect to my blue roll over cable. Plug those into a USB hub or directly to your Mac, and then:

Open a terminal and navigate to /dev.
Have a look at the tty.* entries and find your serial converters.

Tonys-iMac:~ tony$ ls /dev/tty.*
/dev/tty.Bluetooth-Modem /dev/tty.usbserial-FTGNN8H1
/dev/tty.Bluetooth-PDA-Sync /dev/tty.usbserial-FTGRHGY7

The serial ports appear twice in fact, once as tty. and once as cu. :

tty.usbserial-FTGNN8H1
cu.usbserial-FTGNN8H1

I’m only interested in the tty version. Now that I have the serial port names, I can:

screen /dev/tty.usbserial-FTGNN8H1

Then I can open a second terminal window and issue:

screen /dev/tty.usbserial-FTGRHGY7

Lo and behold, I am talking to my Cisco boxes. No configuration required!

Screen Shot 2013-10-14 at 12.23.37 PM

Tweet about this on TwitterShare on Google+Share on LinkedInShare on FacebookShare on RedditShare on StumbleUponEmail this to someone