SWITCH_Base_Top

This is the new Topology, nothing fancy or colorful yet, but we shall get there!

So after configuring R1 and R2, I figured with a flat network without VLAN’s or anything I’d just be able to ping 10.0.0.1 from R2, but it timed out. It took me a minute, and fortunately just a minute to realize I had no routes 🙂 So I set a default gateway on each:

R2#conf t
Enter configuration commands, one per line. End with CNTL/Z.
R2(config)#ip route 0.0.0.0 0.0.0.0 fa0/1
%Default route without gateway, if not a point-to-point interface, may impact performance
R2(config)#exit
R2#wr
*Aug 7 23:25:28.507: %SYS-5-CONFIG_I: Configured from console by console
Building configuration…

[OK]
R2#ping 10.0.0.1
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 10.0.0.1, timeout is 2 seconds:
.!!!!
Success rate is 80 percent (4/5), round-trip min/avg/max = 1/1/4 ms
R2#

Kapow, so the lab is complete for right now with absolutely no redundancy / stacking / fiber ports, but that is definitely on the way!

Speaking of getting the fun stuff on the way, I’ll go over MAC table aging

  • The default time a MAC address will remain mapped to a port # in the table is 300 seconds by default from the last time a frame came in from that MAC

I wanted to underline that last part, because every time a frame hits the port from an existing mapping, that 300 seconds starts over of aging out. Speaking of timers for aging out, how do we change them you ask? Like this:

SW1(config)#mac address-table aging-time ?
<0-0> Enter 0 to disable aging
<10-1000000> Aging time in seconds

SW1(config)#mac address-table aging-time 300
SW1(config)#

  • Note that entering 0 at this command disables aging out – Not recommended
  • Also note that the measurement of the timer is in seconds, but always check

Two important notes to keep in mind, though using ? to check the measurement of time is always a good idea. To see the actual MAC address table you will enter the following:

SW1#sh mac address-table
Mac Address Table
——————————————-

Vlan Mac Address Type Ports
—- ———– ——– —–
All 0100.0ccc.cccc STATIC CPU
All 0100.0ccc.cccd STATIC CPU
All 0180.c200.0000 STATIC CPU
All 0180.c200.0001 STATIC CPU
All 0180.c200.0002 STATIC CPU
All 0180.c200.0003 STATIC CPU
All 0180.c200.0004 STATIC CPU
All 0180.c200.0005 STATIC CPU
All 0180.c200.0006 STATIC CPU
All 0180.c200.0007 STATIC CPU
All 0180.c200.0008 STATIC CPU
All 0180.c200.0009 STATIC CPU
All 0180.c200.000a STATIC CPU
All 0180.c200.000b STATIC CPU
All 0180.c200.000c STATIC CPU
All 0180.c200.000d STATIC CPU
All 0180.c200.000e STATIC CPU
All 0180.c200.000f STATIC CPU
All 0180.c200.0010 STATIC CPU
All ffff.ffff.ffff STATIC CPU
1 0017.5aa8.a609 DYNAMIC Fa1/0/7
1 001b.5336.f2cd DYNAMIC Fa1/0/7
1 001e.f797.f14b DYNAMIC Fa1/0/9
1 5897.1eab.c803 DYNAMIC Fa1/0/1
Total Mac Addresses for this criterion: 24

Wooooooah! So imagine if we had those 20 CPU addresses on top of all the MAC’s learned from an enterprise network, it could get overwhelming quickly, however there is a shortcut to finding the port #.

I work remotely a lot and cannot see the devices, so if it is a Cisco network environment running CDP, its not difficult to make a Topology (or at least get an idea of what attaches to what) using CDP and the MAC table.

So first I’d use CDP:

SW1#sh cdp nei
Capability Codes: R – Router, T – Trans Bridge, B – Source Route Bridge
S – Switch, H – Host, I – IGMP, r – Repeater, P – Phone,
D – Remote, C – CVTA, M – Two-port Mac Relay

Device ID Local Intrfce Holdtme Capability Platform Port ID
SW2 Fas 1/0/1 158 S I WS-C3750V Fas 1/0/1
SW3 Fas 1/0/7 131 S I WS-C3560- Fas 0/7
R1 Fas 1/0/9 149 R S I 1841 Fas 0/1
SW1#

Great information, you have the Switch names, the remote port #’s, models, capabilities, I wish every network device ran this protocol securely. However they don’t, but when you are in a pinch, remember to give “sh cdp nei” a try (and “sh cdp nei det” for all info) when you need to remotely create the Topology.

That being said, I’d like to know the MAC address of R1 for whatever reason, so instead of finding it in the entire table I can just issue the following command like with ROUTE studies:

SW1#sh mac address-table | i 1/0/9
1 001e.f797.f14b DYNAMIC Fa1/0/9
SW1#

There it be, also to skip the CPU MAC table entries you can issue this command as well:

SW1#sh mac address-table dynamic
Mac Address Table
——————————————-

Vlan Mac Address Type Ports
—- ———– ——– —–
1 0017.5aa8.a609 DYNAMIC Fa1/0/7
1 001b.5336.f2cd DYNAMIC Fa1/0/7
1 001e.f797.f14b DYNAMIC Fa1/0/9
1 5897.1eab.c803 DYNAMIC Fa1/0/1
Total Mac Addresses for this criterion: 4
SW1#

Much better for our little lab, but wanted to demonstrate that there WILL be some MAC’s that are embedded in that table for better or worse for the CPU.

I also wanted to note, on Routers and ASA’s to see MAC addresses I use “sh arp”, I’m not sure if there is a CCNP official command but that is what I’ve found works – That is your real world snippet of the day.

MAC table VS the CAM Table, and what TCAM is

In my CCNA studies, I learned the CAM table is the exact same thing as the MAC table, which it really, however it does not support Layer 3 functions like the MAC table does.

The CAM (Content Addressable Memory) work solely at Layer 2 Switching, so what is used is called the TCAM (Ternary CAM) table, which the differences are a bit odd. CAM tables understand 1’s and 0’s, whereas TCAM tables understand 1’s, 0’s, and x’s to support the advanced features for the overall MAC table.

There may not be a whole lot I’d expect about that on the test, but just to clarify the CAM table is Layer 2 and is Layer 2 working to assist Layer 3 functionality.

Finally the behaviors you may not know about when switching cables / ports!

Like the monster under your bed, waiting to turn a quick fix into an hours long troubleshooting session! So I saw this example courtesy of Chris Bryants CCNP video course and thought it was a really good demonstration.

So we aren’t into Vlanning yet, but I put the Router R1 into it’s own vlan here:

SW1(config)#int fa1/0/9
SW1(config-if)#switchport access vlan 9
% Access VLAN does not exist. Creating vlan 9
SW1(config-if)#

So we can now see it in the brief vlan table:

SW1(config-if)#do sh vlan brief

VLAN Name Status Ports
—- ——————————– ——— ——————————-
1 default active Fa1/0/1, Fa1/0/2, Fa1/0/3
Fa1/0/4, Fa1/0/5, Fa1/0/6
Fa1/0/7, Fa1/0/8, Fa1/0/10
Fa1/0/11, Fa1/0/12, Fa1/0/13
Fa1/0/14, Fa1/0/15, Fa1/0/16
Fa1/0/17, Fa1/0/18, Fa1/0/19
Fa1/0/20, Fa1/0/21, Fa1/0/22
Fa1/0/23, Fa1/0/24, Gi1/0/1
Gi1/0/2
9 VLAN0009 active Fa1/0/9
1002 fddi-default act/unsup
1003 token-ring-default act/unsup
1004 fddinet-default act/unsup
1005 trnet-default act/unsup
SW1(config-if)#

Highlighted the VLAN numbers in the big mess of numbers and letters (note that word active in the output), and now I will switch R1 from Port 9 to Port 11 to see what happens, first on the MAC table:

SW1(config-if)#
*Mar 1 01:33:51.549: %LINEPROTO-5-UPDOWN: Line protocol on Interface FastEthernet1/0/9, changed state to down
*Mar 1 01:33:52.555: %LINK-3-UPDOWN: Interface FastEthernet1/0/9, changed state to down
*Mar 1 01:33:55.030: %LINK-3-UPDOWN: Interface FastEthernet1/0/11, changed state to up
*Mar 1 01:33:56.037: %LINEPROTO-5-UPDOWN: Line protocol on Interface FastEthernet1/0/11, changed state to up
SW1(config-if)#do sh mac address-table dynamic
Mac Address Table
——————————————-

Vlan Mac Address Type Ports
—- ———– ——– —–
1 0017.5aa8.a609 DYNAMIC Fa1/0/7
1 001e.f797.f14b DYNAMIC Fa1/0/11
1 5897.1eab.c803 DYNAMIC Fa1/0/1
Total Mac Addresses for this criterion: 3
SW1(config-if)#

No aging out required, immediately dynamically changed the mapping in the MAC table, but what about the VLAN it was in?

As can be seen above, only port 1/0/9 on the switch is in VLAN 9, so being in Port 11 I’ve moved R1 into the default VLAN and will need to manually change that part of it to get it back in the proper VLAN – That part will not dynamically change itself!

Had to get bold on that last point, that’s a gotcha in real life more than on the CCNP, so always remember when changing ports you must note the port change if possible so you can put the new port being plugged into in the VLAN with “switchport access vlan #” on the interface!

That is it for now, I have some more notes but working late makes the night go by fast, more to come on a consistent basis I think now moving forward until I have that CCNP!