Cisco Bandwidth Rate link on Catalyst series(3550,3750,3560,2960)

 There is a 2 way to configure the QOS bandwidth SHaping on port in CIsco L2/L3 switches.

1-SRR(Only Download traffic can be controlled )
2-Service Policy.(Only one direction you can control).

if you want to be both then you can configure the both SRR and Service policy on same port .

SRR

srr-queue bandwidth limit %

You have to set the bandwidth as a percentage of the link speed. The options are 10-99 percent. This means that if you want a limit less than 10Mb you must set the port’s physical speed to 10 and the duplex to full. You will then have to statically configure the client to 10/full. This, however, only limits the egress traffic.

int 0 /12
srr-queue bandwidth limit 10

Service Policy

We use this to match and limit our ingress traffic.

First, you must enable mls qos on your switch, otherwise your matching won’t work.

Make Sure you have enabled the mls qos command .

mls qos

1-Next we define our class map. We have it set to match ip traffic with DSCP set to 0.

class-map match-all rate-limit
  description Bandwidth Control
 match ip dscp default

2-We then create policy maps that have our desired speeds:

policy-map 8meg

 class rate-limit

  police 8192000 192000 exceed-action drop

3-Last we apply this to the interface:

int fa0/1

service-policy input 8meg

What is AS Number and Why do we need it ??

 The Autonomous system is basically a kind of TAG which is basically going to represent an organization, You as an administrator are the in-charge of the routing domain  like routing policies, Routing protocols etc etc .

An autonomous system number (ASN) is a unique number, assigned by IANA that is available globally to identify an autonomous system and which enables that system to exchange exterior routing information with other neighboring autonomous systems.

ASN Types
There are two types of autonomous system numbers - public and private.

Public ASN - Used when an AS is exchanging routing information with other Autonomous Systems on the public Internet. 

Private ASN - Used if an AS is only required to communicate via Border Gateway Protocol with a single provider. As the routing policy between the AS and the provider will not be visible on the Internet. [3] In this case the upstream provider will typically remove the ASN from the ASN Path and replace it with his own public ASN. In reality, this can be thought of as a type of NAT for ASN`s.

ASN Ranges
Below lists the various ASN Ranges:
0 : reserved.
1-64,495 : public AS numbers.
64,496 – 64,511 : reserved to use in documentation.
64,512 – 65,534 : private AS numbers.
65,535 : reserved.

All ROuting Protocol Administrative Distance Values.

 

Administrative distances help us when we have routes are coming from multiple sources like from Rip and EIGRP , in that case the lower AD value is better so the routes are going to accept from EIGRP instead of RIP.

Protocols	AD Value
Connected	0
Static	1
EIGRP (Internal routes)	90
OSPF	110
IS-IS	115
RIP	120
EIGRP (External routes)	170
iBGP/eBGP	200/20
Unreachable	255

Cisco Switch Port Security..

 Port Security is a very useful feature that can be used to limit access to switch ports. It means you can bind the MAC address and also 

you can limit the mac address which are authorized .

•Maximum quantity of learned, dynamic MAC addresses can be limited.
•Static, authorized MAC addresses can be pre-configured

Port-Security Violations

If a violation occurs, you have three options with regards to the response:

•Shutdown (default)

•Protect

•Restrict

Protect:- This violent mode silently discard the frame , if the source MAC is the authorized user.

Restrict:- This Violent mode discard the frame but it logs the record .

Switch port-security:- If you only run this command , It means it will learn the first MAC address dynamically and that would be the only MAC is allowed on that port , When second MAC comes it will shutdown the port .

Switch port-security violation restrict:- If you set it to the restrict ,it will discard the frames but it will not make shutdown the port instead it will log the record of violation , means how many times there is a violation on the port .

Switch port-security maximum 3 :-if you set the maximum with a value 3, it means you are going to allowed maximum 3 mac address on the port .Statically or dynamically .

 

                        

Switch port-security mac-address sticky:-It will learn the mac address dynamically and then it will show un in running configuration , and if we save it using write memory then those MAC address will be authorized  as long as there is an entry .

 

Configurations.

interface fa0/1
switchport mode access
switchport access vlan 101
switchport port-security 
switchport port-security violation restrict
switchport port-security mac-address 0022.6732.8d32 vlan access

Verifications.

Switch#show port-security
Switch#show port-security interface fa0/1
Switch#show port-security address

 

Dynamic Trunking Protocol(DTP)

 DTP is a Cisco proprietary feature that allows Cisco switches to negotiate trunk dynamically.

DTP has Three modes:

•Auto
•On
•Desirable

Normally when you configure the command that switch mode trunk it means that port is going to become trunk whether you may have connected to a end hosts .

DTP Has three mode , Auto only responds  and dynamic initiates the trunk .DTP is a cisco proprietary.

When you configure the dynamic desirable , it starts sending the DTP messages on that port .

When you configure the dynamic auto , it does not initiate the request only respond if other end initiate the request then it will respond .

Auto is passive and desirable is Active.

When you configure the switch mode trunk , it also sends the DTP messages and if other end switch is desirable or auto it can become trunk .

If both side is AUTO it means that port cant become trunk because no one initiate the request .

But cisco recommends and suggests to make the port as desirable in both ends ,

There are lots of combinations which can become the trunk as long as someone is initiating the request. 

How T configure the  DTP

Switch(config-if)# switchport mode dynamic [desirable|auto]

How To Disable DTP

Switch(config-if)# switchport nonegotiate

Verification command

Switch# show interface trunk

Switch# show interface <interface> switchport

Cisco Device Startup/Boot Sequence

 When you power on the Cisco router or switches, The first thing they discover the device hardware like interface details, CPU details, Memory details etc etc .

Once the hardware check is ok , They will find the IOS image and load . Once the ios will be loaded then the configuration file will be loaded from NVRAM .

The whole process we called as Power on self test .

Normally there are 3 types memory we have in devices, 

1-Flash 

2-NVRAM(Non-Volatile random Access Memory).

3-DRAM(Dynamic Random Access Memory).

Flash and NVRAM both have one thing is common is that they both are nonvolatile memory , which means after being powered off the device the it can keep the information and retain those files after getting powered on . NVRAM and FLASH are slow.

NVRAM is small in size . because it stores the configuration files only .

FLASH is a little large from NVRAM , This is where it stores the CISCO IOS.

DRAM , When the power is off and the contents are lost .

DRAM is very fast .

DRAM size is large .

DRAM memory size is big , because when you make the power ON the cisco device ,It finds the IOS from FLASH and copies and run from DRAM .When you switch off the device the IOS stores in flash but it run from DRAM .And then the device will load the Startup-configuration file from NVRAM this is also copied from NVRAM to run from DRAM and the name would be running-configuration. 

And also all the table which we have in devices like MAC tables, ARP table,VLAN tables ,Routing Tables, these are the tables and databases which displayed from the DRAM .

Cisco Three-Layer Hierarchical Design..!!

 Cisco Has 3 layers.

1. Core Layer.
2. Distribution Layer.
3. Access Layer.

Core Layer

In the core Layer, We use devices called high-end routers and Those routers are going to be the gateway to the internet or outside our network. Basically, we use the redundancy internet connection where we do the path manipulation, Layer-3 security .

 we must have redundancy in the core for routing .

Distribution Layer.

In the distribution Layer , we use normally routers or layer 3 switches for QOS implementation, Layer 3 routing , vlan gateway ,etc etc . 

Access Layer.

In access layer we have lots of devices like our access switches and Access points from where our end hosts are connected, this is just an entry for all of our network for hosts .  Normally the switches we use are 3550,2960, SMB switches etc etc .

From the configuration point of view, we may have VLAN access, Layer-2 QOS marking, or maybe some layer-2 security features like Dhcp Snooping, Storm control etc. 

What are Number Systems In Computer?

 Number systems are the technique to represent numbers in the computer system architecture, every value that you are saving into or getting from computer memory has a defined number system. Computer architecture supports the following number of systems.

1. Binary Number System (2 digits) 
2. Octal Number System (8 digits) 
3.  Decimal Number System (10 digits ) 
4.  Hexa-decimal Number System (16 digits)

Decimal	Binary	Octal	Hexa-Decimal
0	0	0	0
1	1	1	1
2	10	2	2
3	11	3	3
4	100	4	4
5	101	5	5
6	110	6	6
7	111	7	7
8	1000	10	8
9	1001	11	9
10	1010	12	A
11	1011	13	B
12	1100	14	C
13	1101	15	D
14	1110	16	E
15	1111	17	F

Bandwidth Shaping on L2 port--#Cisco 2960

  To configure the bandwidth shaping on L2  Interface you can go to interface configuration Mode on the switch port, and apply the srr-queue bandwidth limit command. Here's an example:

Switch(config)# interface FastEthernet 0/1
Switch(config-if)# srr-queue bandwidth limit 90

The 90 sets the outbound bandwidth limit on the port to 90 percent of the port speed. Since this is a 100-Mb port, this should limit the outbound traffic from the port to 10 Mb.

Link Layer Discovery Protocol (LLDP)

 LLDP is a layer two discovery protocol same as CDP but The major difference between the two is that LLDP is an open standard and  CDP is a Cisco proprietary protocol that runs only on Cisco devices.

LLDP uses attributes called TLV. These are called TLVs (Type, Length, Value). Devices that support LLDP use TLVs to send and receive information to their directly connected neighbors on the network. 

Find the TLV given below.

 

1. Port description TLV
2. System name TLV
3. System description TLV
4. System capabilities TLV
5. Management Address TLV

By default, the LLDP is disabled on Cisco devices depending on IOS but you can enable it manually.

Configuration & Verification.

R1(config)#lldp run

R1#show lldp neighbors

R1#show lldp neighbors detail

CDP (Cisco Discovery Protocol)

  CDP (Cisco Discovery Protocol) will help you to discover the neighbors which are connected to each other By using cdp you can build network maps.

By-default the CDP is enabled on cisco devices.

 you can enable and disable the CDP on per interface basis and also you can configure the same in global mode.

R1#show cdp neighbors detail

R1#show cdp neighbors

CDP Configurations On interfaces Basis.

R1(config)#interface fa 0/0

R1(config-if)#no cdp enable

CDP Configurations On Global mode for all interfaces.

R1(config)#cdp enable

How TO disable the CDP

 you can disable and enable CDP for a single interface, just type no cdp enable.

 This is how you can do it globally for all interfaces:

R1(config)#no cdp run

Typical QinQ Configuration Huawei..!!

  Typical QinQ Configuration Huawei..!!

In this tutorial, i will show you how you can configure q-in-q L2 tunnel over the your transit L2 network for carrying the customer's internal vlan with any interference of your network vlan.

You as an ISP , you have to assign an unique vlan for each and every customer and that's up to the customer whatever the vlan they can carry .

lets see the configuration.

PE-1 Switch Configuration

#
sysname PE-1
#
vlan batch 2 to 3
#
interface GigabitEthernet0/0/3
 port link-type dot1q-tunnel
 port default vlan 2
#
interface GigabitEthernet0/0/1
 port link-type dot1q-tunnel
 port default vlan 3
#
interface GigabitEthernet0/0/2
 qinq protocol 9100
 port link-type trunk
 port trunk allow-pass vlan 2 3
#
return

PE-2 Switch Configuration

#
sysname PE-2
#
vlan batch 2 to 3
#
interface GigabitEthernet0/0/1
 port link-type dot1q-tunnel
 port default vlan 2
#
interface GigabitEthernet0/0/3
 port link-type dot1q-tunnel
 port default vlan 3
#
interface GigabitEthernet0/0/2
 qinq protocol 9100
 port link-type trunk
 port trunk allow-pass vlan 2 3
#
return

Selective Q-in-Q Huawei Configuration...!!

Selective Q-in-Q Huawei Configuration...!! 

In this tutorial, i will show you how you can configure q-in-q L2 tunnel over the your transit L2 network for carrying the customer's internal vlan with any interference of your network vlan.

You as an ISP , you have to assign an unique vlan for each and every customer and that's up to the customer whatever the vlan they can carry .

lets see the configuration.

PE-1 Switch Configuration

sysname PE-1

#

vlan batch 2 to 3

#

interface GigabitEthernet0/0/1

port hybrid untagged vlan 2 to 3

description @@connected-to-Customer Switch

port vlan-stacking vlan 100 to 200 stack-vlan 2

port vlan-stacking vlan 300 to 400 stack-vlan 3

#

interface GigabitEthernet0/0/2

description @@connected-to-PE-2

port link-type trunk

port trunk allow-pass vlan 2 to 3

#

PE-2 Switch Configuration

sysname PE-2

#

vlan batch 2 to 3

#

interface GigabitEthernet0/0/1

port hybrid untagged vlan 2 to 3

port vlan-stacking vlan 100 to 200 stack-vlan 2

port vlan-stacking vlan 300 to 400 stack-vlan 3

description @@connected-to-Customer Switch

#

interface GigabitEthernet0/0/2

port link-type trunk

port trunk allow-pass vlan 2 to 3

description @@connected-to-PE-1

#