Enterprise Switched Networks (MOD002700) - Network Solution Report

Verified

Added on 2022/08/14

AI Summary

This report details the design, implementation, and testing of a multi-layer switched network solution for Trinidad Glogal Data Techologies PLC. It covers basic configurations, including hostname setup, password configuration, and Telnet access. The report delves into VLAN configuration, trunking, and VTP setup, including the use of HRSP for redundancy and the creation of VLANs. It then explores Etherchannel configuration, detailing the steps to create and verify EtherChannels. Furthermore, the report addresses inter-VLAN routing, STP, HSRP, layer 2 switch security, and VACLs for access control, providing comprehensive coverage of network protocols and technologies. The document demonstrates best practices for network solutions, offering a thorough understanding of the concepts and configurations required for enterprise-level network management.

Contribute Materials

Your contribution can guide someone’s learning journey. Share your documents today.

Running head: ENTERPRISE SWITCHED NETWORKS
Enterprise Switched Networks
Name of the Student
Name of the University
Author’s Note

Secure Best Marks with AI Grader

Need help grading? Try our AI Grader for instant feedback on your assignments.

1
ENTERPRISE SWITCHED NETWORKS
b
Introduction......................................................................................................................................2
Basic Configuration.........................................................................................................................3
VLANs, trunking and VTP..............................................................................................................4
Etherchannel....................................................................................................................................8
Inter-VLAN routing.......................................................................................................................18
STP................................................................................................................................................19
HRSP.............................................................................................................................................20
Layer 2 switch security..................................................................................................................21
VACLs for addressing access........................................................................................................26
Conclusion.....................................................................................................................................27
Bibliography..................................................................................................................................29

2
ENTERPRISE SWITCHED NETWORKS
Introduction
The report is created for the demonstration of network protocol and technology that is
used for the development of the network solution for Trinidad Glogal Data Techologies PLC.
The company have its headquarters in UK and have the requirement of implementation of a
multi-layered switching network solution. The best practices that are needed to be followed for
the development of the solution is analyzed and documented in the report. The current network
topology of the organization is given below.

3
ENTERPRISE SWITCHED NETWORKS
Basic Configuration
The basic switching configuration and trunking is needed to be configured in each of the
distribution and access level devices. The steps followed for the basic configuration are given
below:
Configuration of the management address in VLAN 99. Configuration of the hostname of
the device, password, Telnet access to the four switches. HRSP configuration would also be
needed for setting the IP address in management VLAN 99 on the MLS1 and MLS2. Since
192.168.1.1 is used as the virtual default gateway for the VLAN 99, .3 and .4 for the IP address
on MLS1 and MLS2 is used respectively.
 Configuration of the default gateway on each of the access layer switches and the
distribution layer switches are the layer 3 devices and thus they do not need any
default gateway.
 802.1q trunking is configured between the switches following the current
topology diagram. For the 2960 switches dot1q is only supported and thus
switchport trunk encapsulation command cannot be used. As an additional
security measure the native vlan on the trunk is changed to VLAN 666 (It is a
VLAN that is designated for NATIVE VLAN traffic). The command used for
changing the native vlan is switchport trunk native vlan 666. The switchport
negotiation is also needed to be turned off for the port that is utilizing switchport
nonegotiate command.
The basic switch configuration commands are given below:
Switch(config)# hostname ALS1
ALS1(config)# enable secret class
ALS1(config)# line vty 0 15

Secure Best Marks with AI Grader

Need help grading? Try our AI Grader for instant feedback on your assignments.

4
ENTERPRISE SWITCHED NETWORKS
ALS1(config-line)# password cisco
ALS1(config-line)# login
ALS1(config-line)# exit
Switch(config)# hostname ALS2
ALS2(config)# enable secret class
ALS2(config)# line vty 0 15
ALS2(config-line)# password cisco
ALS2(config-line)# login
ALS2(config-line)# exit
Switch(config)# hostname MLS1
MLS1(config)# enable secret class
MLS1(config)# line vty 0 15
MLS1(config-line)# password cisco
MLS1(config-line)# login
MLS1(config-line)# exit
Switch(config)# hostname MLS2
MLS2(config)# enable secret class
MLS2(config)# line vty 0 15
MLS2(config-line)# password cisco
MLS2(config-line)# login
MLS2(config-line)# exit
VLANs, trunking and VTP
HRSP is needed for the network and VLAN 10, 20 and 30 are needed to be configured
for using HRSP for providing redundancy at the layer 3. The priority command is needed to be
used for making MLS1 the active router for the VLANs 1 and 10 and MLS2 the active router for
VLAN 20 and 30.
Configuration of VTP and VLAN
MLS1(config)# vtp domain SWPOD
MLS1(config)# vtp version 2
MLS1(config)# vlan 99
MLS1(config-vlan)# name Management
MLS1(config)# vlan 10
MLS1(config-vlan)# name blue
MLS1(config-vlan)# vlan 20
MLS1(config-vlan)# name red
MLS1(config-vlan)# vlan 30
MLS1(config-vlan)# name green
MLS1(config-vlan)# vlan 666
MLS1(config-vlan)# name NATIVEVLAN_DONOTUSE
MLS1(config-vlan)# vlan 999
MLS1(config-vlan)# name PARKING_LOT

5
ENTERPRISE SWITCHED NETWORKS
MLS1(config-vlan)# exit
The configuration commands used for configuring VLANs and trunking are given below:
ALS1(config)# interface vlan 99
ALS1(config-if)# ip address 192.168.99.101 255.255.255.0
ALS1(config-if)# no shutdown
ALS1(config-if)# exit
ALS1(config)# ip default-gateway 192.168.99.1
ALS1(config)# interface range fastethernet 0/7 - 12
ALS1(config-if-range)# switchport mode trunk
ALS1(config-if-range)# switchport trunk native vlan 666
ALS1(config-if-range)# switchport nonegotiate
ALS2(config)# interface vlan 99
ALS2(config-if)# ip address 192.168.99.102 255.255.255.0
ALS2(config-if)# no shutdown
ALS2(config-if)# exit
ALS2(config)# ip default-gateway 192.168.99.1
ALS2(config)# interface range fastethernet 0/7 - 12
ALS2(config-if-range)# switchport mode trunk
ALS2(config-if-range)# switchport trunk native vlan 666
ALS2(config-if-range)# switchport nonegotiate
MLS1(config)# interface vlan 99
MLS1(config-if)# ip address 192.168.99.3 255.255.255.0
MLS1(config-if)# no shutdown
MLS1(config-if)# exit
MLS1(config)# interface range fastethernet 0/7 - 12
MLS1(config-if-range)# switchport trunk encapsulation dot1q
MLS1(config-if-range)# switchport mode trunk
MLS1(config-if-range)# switchport trunk native vlan 666
MLS1(config-if-range)# switchport nonegotiate
MLS2(config)# interface vlan 99
MLS2(config-if)# ip address 192.168.99.4 255.255.255.0
MLS2(config-if)# no shutdown
MLS2(config-if)# exit
MLS2(config)# interface range fastethernet 0/7 - 12
MLS2(config-if-range)# switchport trunk encapsulation dot1q
MLS2(config-if-range)# switchport mode trunk
MLS2(config-if-range)# switchport trunk native vlan 666
MLS2(config-if-range)# switchport nonegotiate
For enabling VTP configuration on the switch the VLANs are set according to the
diagram. Three VLANs are used i.e. for the admin, staff and guests. The VLANs are created in

6
ENTERPRISE SWITCHED NETWORKS
MLS1 and it is configured as a VTP server. The MLS2 device remains in the default mode of
VTP and would also act as a server. The ALS1 and ALS2 are configured as a client for the VTP.
The access ports of the users are needed to be configured on the ALS1 and ALS2 and the
ports are needed to be setup as a static access ports with activating the spanning tree PortFast.
The ports are configured according to the network topology diagram.
The command used for configuration of ALS1 for VTP client changes are given below:
ALS1(config)# vtp mode client
Setting device to VTP CLIENT mode.
ALS1(config)# interface range fa0/6, fa0/15 - 24
ALS1(config-if-range)# switchport mode access
ALS1(config-if-range)# switchport access vlan 100
ALS1(config-if-range)# spanning-tree portfast
%Warning: portfast should only be enabled on ports connected to a single
host. Connecting hubs, concentrators, switches, bridges, etc... to this
interface when portfast is enabled, can cause temporary bridging loops.
Use with CAUTION
%Portfast will be configured in 10 interfaces due to the range command
but will only have effect when the interfaces are in a non-trunking
mode.
The command used for configuration of ALS2 for VTP client changes are given below:
ALS2(config)# vtp mode client
Setting device to VTP CLIENT mode.
ALS2(config)# interface range fa0/6, fa0/15 - 24
ALS2(config-if-range)# switchport mode access
ALS2(config-if-range)# switchport access vlan 200
ALS2(config-if-range)# spanning-tree portfast
%Warning: portfast should only be enabled on ports connected to a single
host. Connecting hubs, concentrators, switches, bridges, etc... to this
interface when portfast is enabled, can cause temporary bridging loops.
Use with CAUTION
%Portfast will be configured in 10 interfaces due to the range command
but will only have effect when the interfaces are in a non-trunking
mode.
The show vlan brief command is used for the verification of VLAN configuration and the output
is shown below:

Paraphrase This Document

Need a fresh take? Get an instant paraphrase of this document with our AI Paraphraser

7
ENTERPRISE SWITCHED NETWORKS
MLS1# show vlan brief
VLAN Name Status Ports
---- ------------------------------ ---------
-------------------------------
1 default active Fa0/1, Fa0/2, Fa0/3, Fa0/4
Fa0/5, Fa0/6, Fa0/13,
Fa0/14
Fa0/15, Fa0/16, Fa0/17,
Fa0/18
Fa0/19, Fa0/20, Fa0/21,
Fa0/22
Fa0/23, Fa0/24, Gi0/1,
Gi0/2
10 blue active
20 red active
30 green active
1002 fddi-default act/unsup
1003 trcrf-default act/unsup
1004 fddinet-default act/unsup
1005 trbrf-default act/unsup
The show vtp status command is used for the verification of VTP configuration and the output is
shown below:
MLS1# show vtp status
VTP Version capable : 1 to 3
VTP version running : 2
VTP Domain Name : SWPOD
VTP Pruning Mode : Disabled
VTP Traps Generation : Disabled
Device ID : e840.406f.8b80
Configuration last modified by 192.168.1.3 at 3-1-93 00:18:32
Local updater ID is 192.168.1.3 on interface Vl1 (lowest numbered VLAN
interface found)
Feature VLAN:
--------------
VTP Operating Mode : Server
Maximum VLANs supported locally : 1005
Number of existing VLANs : 7
Configuration Revision : 3
MD5 digest : 0xAE 0xEB 0x3A 0xEB 0x28 0x23 0x1D
0x85
0x7E 0x8C 0x70 0x56 0x03 0x70 0x29
0xB2

8
ENTERPRISE SWITCHED NETWORKS
Etherchannel
The first etherchannel is created between the interface fa 0/11 and fa 0/12 between switch
ALS1 and ALS2. It is needed to be confirmed that an active trunk link is created for the two
links with the command show interfaces trunk command.
ALS1# show interfaces trunk
Port Mode Encapsulation Status Native vlan
Fa0/7 on 802.1q trunking 666
Fa0/8 on 802.1q trunking 666
Fa0/9 on 802.1q trunking 666
Fa0/10 on 802.1q trunking 666
Fa0/11 on 802.1q trunking 666
Fa0/12 on 802.1q trunking 666
During the configuration of ether channel the physical interfaces can be shut down that is needed
to be grouped on two of the devices before starting configuration into a channel group. Else the
ether channel misconfig guard may place the interfaces into err-disabled state. The port and the
interfaces can be replaced after the configuration of etehrchannel.
On the ALS1 the interface fa 0/11 and fa 0/12 is needed to be bundled under port channel 1
interface with channel group 1 mode desirable command. The option of mode desirable is used
for indicting that the switch is needed to actively negotiate for forming a PAgP link. The port
channel interface number is used for local significant only. On the switch 2960 a number
between 1 – 6 can be used and they are needed to be matched end to end. But the use of same
number is preferable for troubleshooting the errors ion the configuration and reduce the
complexity in the switch configuration. The configuration is also needed to be documented and
the commands are given below:
ALS1(config)# interface range f0/11-12
ALS1(config-if-range)# shutdown
<output omitted - interfaces logged as shutting down>
ALS1(config-if-range)# channel-group 1 mode desirable
Creating a port-channel interface Port-channel 1

9
ENTERPRISE SWITCHED NETWORKS
ALS1(config-if-range)# no shutdown
<output omitted - interfaces logged as coming up>
ALS1(config-if-range)# exit
ALS1(config)#
<the following output is seen after ALS2 configuration is complete>
*Mar 1 00:14:01.570: %LINK-3-UPDOWN: Interface Port-channel1, changed
state to up
*Mar 1 00:14:02.576: %LINEPROTO-5-UPDOWN: Line protocol on Interface
Port-channel1, changed state to up
After completion of the etherchannel configuration an virtual port channel interface is
automatically created for the representation of the logical link consisting of the bundled
interface. The interface of the port channel would inherit automatically the first physical
interface configuration that was added at the first time to the ether channel. If there is changes in
the configuration it is needed to be applied in the port channel interface and it then applies to the
physical ports that are together bundled for that interface.
A consistent configuration is needed to be used for the physical interfaces bundled as an
EtherChannel or else the bundle cannot be formed or it may cause suspension of the individual
links bundled together. Once it gets physical the interfaces are added to the bundle of the
EtherChannel and if any changes are required the administrator need to make the changes to the
configuration directly in the physical interface. The appropriate port channel interface is needed
to be selected for making any necessary adjustments.
Before starting the configuration of Ether Channel in the switch labelled as ASL2 the command
show etherchannel summary is needed to be used on switch labelled as ASL1 and the status of
the bundle created here is needed to be noted along with the individual interfaces.
ALS1# show etherchannel summary
Flags: D - down P - bundled in port-channel
I - stand-alone s - suspended
H - Hot-standby (LACP only)
R - Layer3 S - Layer2
U - in use f - failed to allocate aggregator

Secure Best Marks with AI Grader

Need help grading? Try our AI Grader for instant feedback on your assignments.

10
ENTERPRISE SWITCHED NETWORKS
M - not in use, minimum links not met
u - unsuitable for bundling
w - waiting to be aggregated
d - default port
Number of channel-groups in use: 1
Number of aggregators: 1
Group Port-channel Protocol Ports
------+-------------+-----------+-----------------------------------------------
1 Po1(SD) PAgP Fa0/11(I) Fa0/12(I)
ALS1#
PAgP command prevents the bundle to be formed since the other end is dormant and not
communicating using the PAgp protocol. The same command as used in ASL1 can be used for
configuration of the interface Fa 0/11 and Fa 0/12 on the switch labelled as ASL2 to be
configured as an Ether Channel and verify the configuration by using the command show
etehrchannel summary on both the switch. The command is used for displaying the ether channel
type, utilization of the ports and the states of the port.
ALS1# show etherchannel summary
Flags: D - down P - bundled in port-channel
I - stand-alone s - suspended
H - Hot-standby (LACP only)
R - Layer3 S - Layer2
U - in use f - failed to allocate aggregator
M - not in use, minimum links not met
u - unsuitable for bundling
w - waiting to be aggregated
d - default port
Number of channel-groups in use: 1
Number of aggregators: 1
Group Port-channel Protocol Ports
------+-------------+-----------+-----------------------------------------------
1 Po1(SU) PAgP Fa0/11(P) Fa0/12(P)
ALS1#

11
ENTERPRISE SWITCHED NETWORKS
ALS2# show etherchannel summary
Flags: D - down P - bundled in port-channel
I - stand-alone s - suspended
H - Hot-standby (LACP only)
R - Layer3 S - Layer2
U - in use f - failed to allocate aggregator
M - not in use, minimum links not met
u - unsuitable for bundling
w - waiting to be aggregated
d - default port
Number of channel-groups in use: 1
Number of aggregators: 1
Group Port-channel Protocol Ports
------+-------------+-----------+-----------------------------------------------
1 Po1(SU) PAgP Fa0/11(P) Fa0/12(P)
ALS2#
At the point the interface fa 0/11 and fa 0/12 is not considered as a single individual trunk but it
becomes the component of interface port channel 1. The output for the command show interface
trunk shows this fa 0/11 and fa 0/12 and it does not shows the operation of port channel for the
interfaces.
ALS1# show interfaces trunk
Port Mode Encapsulation Status Native vlan
Fa0/7 on 802.1q trunking 666
Fa0/8 on 802.1q trunking 666
Fa0/9 on 802.1q trunking 666
Fa0/10 on 802.1q trunking 666
Po1 on 802.1q trunking 666
<output omitted>
The ether channel can be configured with IEEE 802.1X LACP. The IEEE standard was passed in
the year 2000 and it is an open standard version that is numbered 802.3.ad and referred as Link
Aggregation. 802.1AX is used as the current version of the standard and LACP based ether

12
ENTERPRISE SWITCHED NETWORKS
channel are supported by most of the major vendors of the network equipment’s and provide
interoperability in the multi vendor environment. The use of the previous commands helps in
configuration of the links between the MLS1 and ALS1 on the ports fa 0/7 and fa a0/8 as the
802.1X LACP ether channel.
For the enforcement of the configuration different port channel is needed to be used on the
switch with hostname ALS1 other than 1 since it has been already used in the previous channel
configuration. The port channel no. that is used in the switch named MLS1 has its local
significant and it can be any number between the range 1 - 48. If it becomes possible the same
number can be used on both of the sides on the port channel such that it can be used for
troubleshooting the errors ion the configuration and reduce the complexity in the switch
configuration.
For configuring the port channel as LACP the interface level command is needed to be used i.e.
channel-group number mode active. The active mode is used for indicating that the switch makes
an active try for the negotiation of the link as LACP as an opposite of PAgP.
MLS1(config)# interface range f0/7-8
MLS1(config-if-range)# shutdown
<output omitted - interfaces logged as shutting down>
MLS1(config-if-range)# channel-group 2 mode active
Creating a port-channel interface Port-channel 2
MLS1(config-if-range)# no shutdown
<output omitted - interfaces logged as coming up>
MLS1(config-if-range)# end
MLS1#
<the following output is seen after ALS1 configuration is complete>
*Mar 1 00:31:29.752: %LINK-3-UPDOWN: Interface Port-channel2, changed state to
up
*Mar 1 00:31:30.758: %LINEPROTO-5-UPDOWN: Line protocol on Interface Port-
channel2, changed state to up

Paraphrase This Document

Need a fresh take? Get an instant paraphrase of this document with our AI Paraphraser

13
ENTERPRISE SWITCHED NETWORKS
For the verification of the working of the Ether Channel the command show etherchannel
summary is used on both the MLS1 and ALS1 switch. The following are the detailed output of
the command with state of ports, utilized ports and the ether channel type.
MLS1# show etherchannel summary
Flags: D - down P - bundled in port-channel
I - stand-alone s - suspended
H - Hot-standby (LACP only)
R - Layer3 S - Layer2
U - in use f - failed to allocate aggregator
M - not in use, minimum links not met
u - unsuitable for bundling
w - waiting to be aggregated
d - default port
Number of channel-groups in use: 1
Number of aggregators: 1
Group Port-channel Protocol Ports
------+-------------+-----------+-----------------------------------------------
2 Po2(SU) LACP Fa0/7(P) Fa0/8(P)
MLS1#
ALS1# show etherchannel summary
Flags: D - down P - bundled in port-channel
I - stand-alone s - suspended
H - Hot-standby (LACP only)
R - Layer3 S - Layer2
U - in use f - failed to allocate aggregator
M - not in use, minimum links not met
u - unsuitable for bundling
w - waiting to be aggregated
d - default port
Number of channel-groups in use: 2
Number of aggregators: 2
Group Port-channel Protocol Ports
------+-------------+-----------+-----------------------------------------------
1 Po1(SU) PAgP Fa0/11(P) Fa0/12(P)
2 Po2(SU) LACP Fa0/7(P) Fa0/8(P)

14
ENTERPRISE SWITCHED NETWORKS
ALS1#
The misconfiguration can be explored for the ether channel bundle on the MLS2 having the
parameters that is not matching the distant end switch for the observation of the results. For
beginning the configuration an ether channel with the use of LACP on the ALS1 interface fa 0/9
and fa 0/10. The etherchannel is needed to be assigned to the port channel number 3.
ALS1(config)# interface range f0/9-10
ALS1(config-if-range)# shutdown
ALS1(config-if-range)# channel-group 3 mode active
Creating a port-channel interface Port-channel 3
ALS1(config-if-range)# no shut
ALS1(config-if-range)# exit
ALS1(config)#
The configuration of an ether channel is on mode for the MLS1 interfaces fa 0/11 and fa 0/12.
The etherchannel can be assigned to the port channel number 12.
MLS1(config)# interface range f0/11-12
MLS1(config-if-range)# shutdown
MLS1(config-if-range)# channel-group 12 mode on
Creating a port-channel interface Port-channel 12
MLS1(config-if-range)# no shut
MLS1(config-if-range)# exit
MLS1(config)#
Next, the CLI mode of the switch MLS2 is needed to be opened for the configuration of the
Etehr Channel with the use of PAgP for the interface fa 0/10 and fa 0/11. The ether channel is
needed to be assigned to the port channel having the number 40.
MLS2(config)# interface range f0/10-11
MLS2(config-if-range)# shutdown
MLS2(config-if-range)# channel-group 40 mode desirable
Creating a port-channel interface Port-channel 40
MLS2(config-if-range)# no shut
MLS2(config-if-range)# exit
MLS2(config)#

15
ENTERPRISE SWITCHED NETWORKS
The command is needed to be issued for showing the etherchannel summary for the MLS2. The
difference in the status of the individual interface is noted.
MLS2# show etherchannel summary
Flags: D - down P - bundled in port-channel
I - stand-alone s - suspended
H - Hot-standby (LACP only)
R - Layer3 S - Layer2
U - in use f - failed to allocate aggregator
M - not in use, minimum links not met
u - unsuitable for bundling
w - waiting to be aggregated
d - default port
Number of channel-groups in use: 1
Number of aggregators: 1
Group Port-channel Protocol Ports
------+-------------+-----------+-----------------------------------------------
40 Po40(SD) PAgP Fa0/10(I) Fa0/11(D)
MLS2#
The interface fa 0/10 have an attempt for communication with the distant interface configured
with LACP. The result of configuring the interface being in a state of stand alone. The interface
fa 0/11have an attempt for communication with the distant interface that is needed to be
configured as not using the signaling protocol such that the interface stays in the down state.
*Mar 1 05:43:12.639: %PM-4-ERR_DISABLE: channel-misconfig (STP) error detected
on Fa0/11, putting Fa0/11 in err-disable state
*Mar 1 05:43:12.664: %PM-4-ERR_DISABLE: channel-misconfig (STP) error detected
on Fa0/12, putting Fa0/12 in err-disable state
*Mar 1 05:43:12.698: %PM-4-ERR_DISABLE: channel-misconfig (STP) error detected
on Po12, putting Fa0/11 in err-disable state
*Mar 1 05:43:12.698: %PM-4-ERR_DISABLE: channel-misconfig (STP) error detected
on Po12, putting Fa0/12 in err-disable state
*Mar 1 05:43:12.698: %PM-4-ERR_DISABLE: channel-misconfig (STP) error detected
on Po12, putting Po12 in err-disable state
*Mar 1 05:43:13.654: %LINEPROTO-5-UPDOWN: Line protocol on Interface
FastEthernet0/11, changed state to down
*Mar 1 05:43:13.679: %LINEPROTO-5-UPDOWN: Line protocol on Interface
FastEthernet0/12, changed state to down
*Mar 1 05:43:13.688: %LINEPROTO-5-UPDOWN: Line protocol on Interface Port-
channel12, changed state to down

Secure Best Marks with AI Grader

Need help grading? Try our AI Grader for instant feedback on your assignments.

16
ENTERPRISE SWITCHED NETWORKS
For fixing the error in the configuration the port channel number 40 is needed to be removed
from the MLS2 and thus create etherChannel having proper configuration matching the distant
ends.
MLS2(config)# interface range f0/10-11
MLS2(config-if-range)# shut
MLS2(config-if-range)# no channel-group 40 mode desirable
MLS2(config-if-range)# exit
MLS2(config)# interface range f0/9-10
MLS2(config-if-range)# channel-group 3 mode active
Creating a port-channel interface Port-channel 3
MLS2(config-if-range)# no shut
MLS2(config-if-range)# exit
MLS2(config)# interface range f0/11-12
MLS2(config-if-range)# channel-group 12 mode on
Creating a port-channel interface Port-channel 12
MLS2(config-if-range)# no shut
MLS2(config-if-range)# exit
MLS2(config)# no interface port-channel 40
MLS2(config)# exit
Then Port-channel 12 is needed to be reset on DSL1:
MLS1(config)# interface port-channel 12
MLS1(config-if)# shut
MLS1(config-if)# no shut
MLS1(config-if)# end
The final verification is done for checking that all the ether channels are operational for the
switch with hostname MLS2.
MLS2# show etherchannel summary
Flags: D - down P - bundled in port-channel
I - stand-alone s - suspended
H - Hot-standby (LACP only)
R - Layer3 S - Layer2
U - in use f - failed to allocate aggregator
M - not in use, minimum links not met
u - unsuitable for bundling
w - waiting to be aggregated
d - default port

17
ENTERPRISE SWITCHED NETWORKS
Number of channel-groups in use: 2
Number of aggregators: 2
Group Port-channel Protocol Ports
------+-------------+-----------+-----------------------------------------------
3 Po3(SU) LACP Fa0/9(P) Fa0/10(P)
12 Po12(SU) - Fa0/11(P) Fa0/12(P)
MLS2#
The network topology have redundant links that can be aggregated and thus the load balancing
method is needed to be applied for sending traffic using the Etehr channel in the global config
mode of the switch.
MLS1# show etherchannel load-balance
EtherChannel Load-Balancing Configuration:
src-mac
EtherChannel Load-Balancing Addresses Used Per-Protocol:
Non-IP: Source MAC address
IPv4: Source MAC address
IPv6: Source MAC address
MLS1#
ALS1# show etherchannel load-bal
EtherChannel Load-Balancing Configuration:
src-mac
EtherChannel Load-Balancing Addresses Used Per-Protocol:
Non-IP: Source MAC address
IPv4: Source MAC address
IPv6: Source MAC address
ALS1#
The load balancing is needed to be changed for ALS1 and ALS2 devices to sc-dst-ip .
ALS2(config)# port-channel load-balance ?
dst-ip Dst IP Addr
dst-mac Dst Mac Addr
src-dst-ip Src XOR Dst IP Addr
src-dst-mac Src XOR Dst Mac Addr
src-ip Src IP Addr
src-mac Src Mac Addr

18
ENTERPRISE SWITCHED NETWORKS
ALS2(config)#port-channel load-balance src-dst-ip
ALS2(config)#end
ALS2#
For the verification of the load balancing of the ether channel the command test
etherchannel load-balance is needed to be used. With the use of the command the
values of the source and destination is needed to be inputted and a response is received from the
switch regarding the member of interface in the etherchannel that would be used.
ALS1# test etherchannel load-balance interface po 1 ?
ip IP address
ipv6 IPv6 address
mac Mac address
ALS1# test etherchannel load-balance interface po 1 ip ?
A.B.C.D Source IP address
ALS1# test etherchannel load-balance interface po 1 ip 192.168.99.103 ?
A.B.C.D Destination IP address
ALS1# test etherchannel load-balance interface po 1 ip 192.168.99.103
192.168.99.104
Would select Fa0/12 of Po1
ALS1# test etherchannel load-balance interface po 1 ip 192.168.99.103
209.165.200.103
Would select Fa0/11 of Po1
ALS1#
Inter-VLAN routing
Inter-VLAN routing is needed to be enabled for the switch and it is done by issuing the
following command:
MLS1(config)# ip routing
MLS2(config)# ip routing
For the verification of IP routing the following command and the output is shown below:
MLS1# show ip route
Codes: L - local, C - connected, S - static, R - RIP, M - mobile, B -
BGP
D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area
N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2
E1 - OSPF external type 1, E2 - OSPF external type 2

Paraphrase This Document

Need a fresh take? Get an instant paraphrase of this document with our AI Paraphraser

19
ENTERPRISE SWITCHED NETWORKS
i - IS-IS, su - IS-IS summary, L1 - IS-IS level-1, L2 - IS-IS
level-2
ia - IS-IS inter area, * - candidate default, U - per-user static
route
o - ODR, P - periodic downloaded static route, H - NHRP, l - LISP
+ - replicated route, % - next hop override
Gateway of last resort is not set
192.168.0.0/16 is variably subnetted, 6 subnets, 2 masks
C 192.168.1.0/24 is directly connected, Vlan1
L 192.168.1.3/32 is directly connected, Vlan1
C 192.168.100.0/24 is directly connected, Vlan10
L 192.168.100.3/32 is directly connected, Vlan10
C 192.168.200.0/24 is directly connected, Vlan20
L 192.168.200.3/32 is directly connected, Vlan20
C 192.168.300.0/24 is directly connected, Vlan30
L 192.168.300.3/32 is directly connected, Vlan30
STP
The MLS1 is configured as the primary root for the VLAN 99 and 10 and the secondary
root for the VLAN 20. The MLS2 is configured as the primary root for the VLAN 20 and VLAN
30 and the secondary root for the VLAN 99 and 10. The configuration commands used for the
switch to be configured with spanning tree are given below:
MLS1(config)#spanning-tree vlan 99,10 root primary
MLS1(config)#spanning-tree vlan 20, 30 root secondary
MLS2(config)#spanning-tree vlan 99,10 root secondary
MLS2(config)#spanning-tree vlan 20, 30 root primary
HRSP
The gateway address for the HRSP are tabulated below:
HRSP gateway Addresses
VLAN IP Address

20
ENTERPRISE SWITCHED NETWORKS
99 192.168.99.1/24
10 192.168.100.1/24
20 192.168.99.200/24
30 192.168.300.1/24
HRSP is considered as a requirement for the VLAN 10, VLAN 20 and VLAN 30 and it is
configured such that it can provide redundancy for the layer 3 switching devices. The priority
command is needed to be used for making MLS1 the active router for the VLANs 1 and 10 and
MLS2 the active router for the VLAN 20 and VLAN 30.
The configuration command that is used for configuring the switch devices are given below:
MLS1(config)# interface vlan 99
MLS1(config-if)# standby 99 ip 192.168.99.1
MLS1(config-if)# standby 99 preempt
MLS1(config-if)# standby 99 priority 20
MLS1(config-if)# interface vlan 10
MLS1(config-if)# ip add 192.168.100.3 255.255.255.0
MLS1(config-if)# standby 10 ip 192.168.100.1
MLS1(config-if)# standby 10 preempt
MLS1(config-if)# standby 10 priority 20
MLS1(config-if)# interface vlan 20
MLS1(config-if)# ip add 192.168.200.3 255.255.255.0
MLS1(config-if)# standby 20 ip 192.168.200.1
MLS1(config-if)# standby 20 preempt
MLS2(config)# ip routing
MLS2(config)# interface vlan 99
MLS2(config-if)# standby 99 ip 192.168.99.1
MLS2(config-if)# standby 99 preempt
MLS2(config-if)# interface vlan 100
MLS2(config-if)# ip add 192.168.100.4 255.255.255.0
MLS2(config-if)# standby 10 ip 192.168.100.1
MLS2(config-if)# standby 10 preempt
MLS2(config-if)# interface vlan 20
MLS2(config-if)# ip add 192.168.200.4 255.255.255.0
MLS2(config-if)# standby 20 ip 192.168.200.1
MLS2(config-if)# standby 20 preempt
MLS2(config-if)# standby 20 priority 20
MLS2(config-if)# interface vlan 30
MLS2(config-if)# ip add 192.168.300.3 255.255.255.0
MLS2(config-if)# standby 30 ip 192.168.200.1

21
ENTERPRISE SWITCHED NETWORKS
MLS(config-if)# standby 30 preempt
Layer 2 switch security
Storm prevention
When network is flooded with packets in the local area network a traffic storm occurs
and this can degrade the performance of the network. The feature like storm control can help in
mitigating this types of attacks. The storm controlling is applied in the access layer switching
devices ports for eliminating the effects of a storm of traffic being propagated in the network.
The trunk interfaces of the switch can also be applied with storm control and it includes port-
channel interfaces for protecting the devices in distribution layer from getting saturated with
network traffic that can have a broad impact in the network.
The storm control feature can help in detecting and mitigating storm broadcast, multicast
and unicast traffic. The configuration part consists of specification of the storm qualities i.e.
defines as a falling and rising threshold depending on the percentage in the bandwidth of
interface utilized. The storm can be recognized when the bandwidth utilization reaches to X %
and it is seen to be abated when it is found that the bandwidth utilization becomes Y%.
Depending on rising and falling of bandwidth utilization the threshold is measured in bps (bits
per second) or pps (packets per second).
Storm Control Command Options
storm-control [unicast |
broadcast | multicast ] level
0-100
Rising
Threshold
0-100
Falling Threshold
Omitting Falling
and Rising is the
high/low mark

Secure Best Marks with AI Grader

Need help grading? Try our AI Grader for instant feedback on your assignments.

22
ENTERPRISE SWITCHED NETWORKS
bps
0-10,000,000,000 [k|
m|g] Rising
Threshold
0-10,000,000,000 [k|
m|g] Falling
Threshold
pps
0-10,000,000,000 [k|
m|g] Rising
Threshold
0-10,000,000,000 [k|
m|g] Falling
Threshold
For performing an accurate configuration of this levels, the amount of traffic flowing in
the network during the peak time is needed to be identified.
On the detection of a traffic storm and configuration is done for the storm control the
response by default is filters the data traffic silently. Optional configuration can also be used for
storm control for shutting down the interface that receives the traffic storm or by sending a trap
of SNMP to the NMS.
For enabling the broadcast storm control on the switchport with access the following
steps are needed to be followed.
- The storm control is enabled on Fast Ethernet port 0/6 and 0/15 *0/24 on the ALS1
having the following parameters.
o Unicast storm is needed to be noted at a 65 percent of bandwidth usage, and
abated at 35 percent bandwidth use.
o The storms of broadcast would be noted at 1000pps and abated at 300 pps.
o Multicast storms would be noted at a 40 percent bandwidth use and abated at 25
percent bandwidth.

23
ENTERPRISE SWITCHED NETWORKS
o On the detection of storm a SNMP trap is needed to be sent.
ALS1(config)# interface range FastEthernet 0/6, f0/15-24
ALS1(config-if-range)# storm-control unicast level 65 35
ALS1(config-if-range)# storm-control broadcast level pps 1k 300
ALS1(config-if-range)# storm-control multicast level 40 25
ALS1(config-if-range)# storm-control action trap
A verification is needed to be made with the use of show storm-control command. The
output of the command is shown below and have the information for fa 0/6. The interface
designation if leaved off would show the information configuration for all the interfaces
configured with storm control.
ALS1#sho storm-control f0/6 unicast
Interface Filter State Upper Lower Current
--------- ------------- ----------- ----------- ----------
Fa0/6 Forwarding 65.00% 35.00% 0.00%
ALS1#sho storm-control f0/6 broadcast
Interface Filter State Upper Lower Current
--------- ------------- ----------- ----------- ----------
Fa0/6 Forwarding 1k pps 300 pps 0 pps
ALS1#sho storm-control f0/6 multicast
Interface Filter State Upper Lower Current
--------- ------------- ----------- ----------- ----------
Fa0/6 Forwarding 40.00% 25.00% 0.00%
For the demonstration of the storm control operation an unicast storm control is needed to be
configured on MLS1 fa 0/7 and fa 0/8 interfaces that have the purpose of lower number and
traffic is generated from ALS1 causing exceeding the threshold.
MLS1(config)#int ran f0/7-8
MLS1(config-if-range)#storm-control unicast level bps 750 300
MLS1(config-if-range)#storm-control action shut

24
ENTERPRISE SWITCHED NETWORKS
MLS1(config-if-range)#exit
The command ping 192.16.99.3 repeat 1000 is issued for generating traffic
A SYSLOG message can be seen in few seconds on the MLS1 that indicates that a storm has
been detected and it causes the interface to shut down.
MLS1#
Feb 15 13:55:53.798: %PM-4-ERR_DISABLE: storm-control error detected on
Fa0/7, putting Fa0/7 in err-disable state
Feb 15 13:55:53.823: %STORM_CONTROL-3-SHUTDOWN: A packet storm was
detected on Fa0/7. The interface has been disabled.
Feb 15 13:55:54.813: %LINEPROTO-5-UPDOWN: Line protocol on Interface
FastEthernet0/7, changed state to down
Feb 15 13:55:55.828: %LINK-3-UPDOWN: Interface FastEthernet0/7, changed
state to down
Feb 15 13:56:25.070: %PM-4-ERR_DISABLE: storm-control error detected on
Fa0/8, putting Fa0/8 in err-disable state
Feb 15 13:56:25.096: %STORM_CONTROL-3-SHUTDOWN: A packet storm was
detected on Fa0/8. The interface has been disabled.
Feb 15 13:56:26.085: %LINEPROTO-5-UPDOWN: Line protocol on Interface
FastEthernet0/8, changed state to down
Feb 15 13:56:27.100: %LINK-3-UPDOWN: Interface FastEthernet0/8, changed
state to down
Configuration of port security
For enabling protection against flooding of MAC or against the spoofing attacks switch
port security is needed to be configured for the VLAN 100, VLAN 200 and VLAN 300 access
ports. The three of the VLANs are used for serving different purpose of the staffs, admins and
the guests. The guest VLAN is needed to allow MAC addresses to be changed for the assigned
port since most of the guest use laptops and move around within the network. The switch port
security is needed to be configured such that only one MAC address can be allowed at a time.
This configuration would not work for the ports that are needed to provide service for an IP
phone that are attached with a PC or for the PC running virtual machines. For that case two
MAC addresses are needed to be allowed. For enabling the switch port security firstly the
command switchport port-security is needed to be issued by itself.

Paraphrase This Document

Need a fresh take? Get an instant paraphrase of this document with our AI Paraphraser

25
ENTERPRISE SWITCHED NETWORKS
The Mac address of the staffs and admins does not change often since they use desktop
workstation provided by the IT department. Thus for the staff and admin department the VLAN
is needed to be configured in such a manner such that the MAC address learned on the port can
be added for configuring the switch such that the MAC address is configured using the command
switchport port-security mac-address. This is called the sticky learning feature and is not
available for some of the switching platform. The dynamically learned feature is combined with
the statistically configured address in this feature. The port for the staff and admin is also
allowed for maximum of two MAC address such that it can dynamically learn per port.
Configuration of basic switch port security
The configuration for the guest access port on ALS1 and ALS2 for enabling basic port security,
use the switchport port-security command.
ALS1(config)# interface range fastethernet 0/6, f0/15 - 24
ALS1(config-if-range)# switchport port-security
ALS1(config-if-range)# switchport port-security maximum 2
ALS1(config-if-range)# switchport port-security mac-address sticky
ALS2(config)# interface range fastethernet 0/6, f0/15 - 24
ALS2(config-if-range)# switchport port-security
ALS2(config-if-range)# switchport port-security maximum 2
ALS2(config-if-range)# switchport port-security mac-address sticky
For the verification of the switchport security the command show port-security interface
command is used.
The result of the command is shown below:
ALS1#show port-security int f0/6
Port Security : Enabled
Port Status : Secure-up
Violation Mode : Shutdown
Aging Time : 0 mins
Aging Type : Absolute
SecureStatic Address Aging : Disabled
Maximum MAC Addresses : 2
Total MAC Addresses : 1

26
ENTERPRISE SWITCHED NETWORKS
Configured MAC Addresses : 0
Sticky MAC Addresses : 1
Last Source Address:Vlan : 000c.2915.800e:100
Security Violation Count : 0
VACLs for addressing access
The network is needed to be configured such that the guest cannot access the rest of the
admin and the staff VLAN. It is needed to use the default gateway of the guest for connecting the
rest of the network and the ISP. The task is needed to be accomplished with the use of VACL.
The access list is needed to be configured on the MLS1 and is called as temp host with the use of
ip access-list extended name command. The traffic is defined with the help of the list flowing
between the host and the other part of the network. The traffic is also needed to be defined such
that the traffic use the permit ip host ip-address subnet address wildcard mask command.
MLS1(config)# ip access-list extended temp-host
MLS1(config-ext-nacl)# permit ip host 192.168.100.150 192.168.100.0
0.0.0.255
The VACL is defined with the use of VLAN access map. The access map are needed to be
evaluated in a sequence of number. For setting up the access map the command vlan access-map
map-name seq# command.
The configuration as follows defines the access map named block-temp that matches the
statement for matching traffic denied in the access list and denying the traffic. A line is needed to
be added in the access map that would allow the other traffic and in case the line is omitted a
deny implicitly catches the traffic and denies it.
MLS1(config-access-map)# match ip address temp-host
MLS1(config-access-map)# action drop
MLS1(config-access-map)# vlan access-map block-temp 20
MLS1(config-access-map)# action forward
MLS1(config-access-map)# exit

27
ENTERPRISE SWITCHED NETWORKS
The VLAN where the access map is needed to be applied is defined with the map name vlan list
vlanID.
MLS1(config)# vlan filter block-temp vlan-list 10
A verification is made for the VACL configuration with the use of show vlan access-map
command in the switch MLS1
MLS1# show vlan access-map
Vlan access-map "block-temp" 10
Match clauses:
ip address: temp-host
Action:
drop
Vlan access-map "block-temp" 20
Match clauses:
Action:
Forward
The PC connected on the prot is needed to be pinged and assigned with the IP address of
192.168.100.150/24. The port number fa 0/3 is also needed to be configured as the access port
for the VLAN 10. The ping is not successful.
Conclusion
The report is created for the documentation of the basic configuration that are needed to
be performed on the layer 3 cisco switching devices. For the development of the network four
switches are installed. Layer 3 switches are used for the distribnution layer and for the access
layer Cisco 2960 switches are used. Between the distribution and the access layers redundant
uplinks and downlinks are used. Generally one link can be used at a time or else it may occur a
bridging loop but using one of the link utilizes the half bandwidth. Etherchannel configuration is
used and it allows eight of the links to be bundled together to form a logical link. The port
aggregation protocol is an etherchannel protocol and it can be combined with link aggregation

Secure Best Marks with AI Grader

Need help grading? Try our AI Grader for instant feedback on your assignments.

28
ENTERPRISE SWITCHED NETWORKS
control protocol. The LACP and PAgP is used as the signaling protocol allowing two of the
switches to negotiate the selected port usage as a user of the bundled single EtherChannel.

29
ENTERPRISE SWITCHED NETWORKS
Bibliography
Ahamed, R., 2018. Network management using mikrotik(Doctoral dissertation, Daffodil
International University).
Arbex, R.O. and da Cunha, C.B., 2015. Efficient transit network design and frequencies setting
multi-objective optimization by alternating objective genetic algorithm. Transportation
Research Part B: Methodological, 81, pp.355-376.
Ceselli, A., Premoli, M. and Secci, S., 2017. Mobile edge cloud network design
optimization. IEEE/ACM Transactions on Networking (TON), 25(3), pp.1818-1831.
Chae, Y.T., Horesh, R., Hwang, Y. and Lee, Y.M., 2016. Artificial neural network model for
forecasting sub-hourly electricity usage in commercial buildings. Energy and Buildings, 111,
pp.184-194.
Chen, C.H., Lin, Y.A., Wu, W.T., Huang, Y.T. and Chu, C.C., 2019, September. Design and
Implementation of IPv4 and IPv6 Provisioning Technologies for VPC Architecture. In 2019 20th
Asia-Pacific Network Operations and Management Symposium (APNOMS) (pp. 1-4). IEEE.
Dou, Y., Togawa, T., Dong, L., Fujii, M., Ohnishi, S., Tanikawa, H. and Fujita, T., 2018.
Innovative planning and evaluation system for district heating using waste heat considering
spatial configuration: A case in Fukushima, Japan. Resources, Conservation and Recycling, 128,
pp.406-416.
Emmons, P., 2017. Embodying networks: bubble diagrams and the image of modern
organicism. The Journal of Architecture, 22(5), pp.854-874.

30
ENTERPRISE SWITCHED NETWORKS
Gao, R., Zhou, B., Ye, F. and Wang, Y., 2017, May. Knitter: Fast, resilient single-user indoor
floor plan construction. In IEEE INFOCOM 2017-IEEE Conference on Computer
Communications (pp. 1-9). IEEE.
Gong, X., Trogh, J., Braet, Q., Tanghe, E., Singh, P., Plets, D., Hoebeke, J., Deschrijver, D.,
Dhaene, T., Martens, L. and Joseph, W., 2016. Measurement-based wireless network planning,
monitoring, and reconfiguration solution for robust radio communications in indoor
factories. IET Science, Measurement & Technology, 10(4), pp.375-382.
González, A.D., Dueñas‐Osorio, L., Sánchez‐Silva, M. and Medaglia, A.L., 2016. The
interdependent network design problem for optimal infrastructure system restoration. Computer‐
Aided Civil and Infrastructure Engineering, 31(5), pp.334-350.
Hasan, A.O. and Mahmood, F.M.Z., 2019. Design and Simulation of Worldwide Interoperability
for Microwave Access Computer Network for 3× 3 Km Universal Sample of Building
Campus. Cihan University-Erbil Scientific Journal, 3(1), pp.1-11.
Lv, Y. and Lin, D., 2017. Design an intelligent real-time operation planning system in distributed
manufacturing network. Industrial Management & Data Systems, 117(4), pp.742-753.
Naji, S., Keivani, A., Shamshirband, S., Alengaram, U.J., Jumaat, M.Z., Mansor, Z. and Lee, M.,
2016. Estimating building energy consumption using extreme learning machine
method. Energy, 97, pp.506-516.
Ortiz, O.F.P., 2016, April. Final results of simulations of an aeronautical telecommunications
network for ground to ground subnet applications. In 2016 Integrated Communications
Navigation and Surveillance (ICNS) (pp. 7C2-1). IEEE.

Paraphrase This Document

Need a fresh take? Get an instant paraphrase of this document with our AI Paraphraser

31
ENTERPRISE SWITCHED NETWORKS
Peng, C.H., Yang, Y.L., Bao, F., Fink, D., Yan, D.M., Wonka, P. and Mitra, N.J., 2016.
Computational network design from functional specifications. ACM Transactions on Graphics
(TOG), 35(4), p.131.
Salo, J. and Metsälä, E.M., 2015. Design Examples. In LTE Backhaul.
Talavera, C. and Santisteban, J., 2015. Design of network infrastructure of a cloud data center for
use in health sector. In 7th Latin American Workshop on Communications (pp. 1-6).
Teo, T.A. and Cho, K.H., 2016. BIM-oriented indoor network model for indoor and outdoor
combined route planning. Advanced Engineering Informatics, 30(3), pp.268-282.
Toivakka, J., 2018. Network segmentation.
Xu, X., Ren, H., Xu, R. and Long, L., 2015, July. Distribution Network Communication
Network Hybrid Network Technology Research. In 2015 International Conference on
Computational Science and Engineering. Atlantis Press.