• D
    Daniel Espinal

    @Brett-Ferrell On a side note, in studying for my CCNP my reading indicates that doing L3 at the core is really the old way of doing things now, Because L3 switches are practically as much money as L2 these days it's not so uncommon to extend L3 even to the access layer.

    From the CCNP FLG
    "deploying a Layer 2 switching design in the access layer may result in suboptimal usage of links between the access and distribution layer. In addition, this method does not scale as well in very large numbers because of the size of the Layer 2 domain. Using a design that leverages Layer 3 switching to the access layer VLANs scales better than Layer 2 switching designs because VLANs get terminated on the access layer devices. Specifically, the links between the distribution and access layer switches are routed links; all access and distribution devices would participate in the routing scheme. The Layer 2-only access design is a traditional, slightly cheaper solution, but it suffers from optimal use of links between access and distribution due to spanning tree. "

    posted in Cisco read more
  • D
    Daniel Espinal

    Like riding a bike. You never truly forget.

    I'm in the same boat. I got my CCNA in 2010 and i've kept it active but I am in desktop support so very little of my training is actually used. So I've forgotten a lot of stuff. That is why I lurk in these forums and the cisco forums so I can keep up to date on stuff.

    Anyway, really glad we could help!

    posted in Cisco read more
  • D
    Daniel Espinal

    @Dale-Ackerman said in CCENT- DIrectly connected networks through router:

    @Ronnie-Wong said in CCENT- DIrectly connected networks through router:

    n the Accelerated CCENT course, episode on Easy Subnetting, time- 34:15

    Ronnie, The information I refer to is in the Accelerated CCENT course, episode on Easy Subnetting, time- 34:15.

    So, I was thinking that Subnets, or VLANS, in and of themselves, would prevent others from connecting to them. But, I got this wrong. If I'm not mistaken, Subnets or VLANS, merely separate them into broadcast domains. If connected directly to a router, there is not restriction from communicating from one subnet or VLAN to another. That restriction would come in the way of an ACL.
    Do have this right?

    Thanks for your help.

    All this can be clarified by looking to the all mighty OSI model and understanding how a switch and router do their jobs.

    Lets begin with the question of why 2 host in the same subnet do not need a router.

    Look at this topology
    alt text

    PC1 sends a message to PC2. lets look at the message PC1 sends

    Source IP 192.168.0.10
    Source Mask 255.255.255.0
    Source MAC AA:AA:AA:AA:AA:AA:AA:AA

    Destination IP 192.168.0.20
    Destination Mask 255.255.255.0
    Destination MAC FF:FF:FF:FF:FF:FF:FF:FF <-------we have not gone through ARP to figure out the MAC

    Because we have no clue where PC2 is at layer 2 the switch will flood this message to all ports until someone responds. Because PC2 is within our broadcast domain he will get this message and respond. When PC1 receives this reply he now knows PC2's MAC address. Also PC2 knows PC1's MAC address from the original message he got.

    Both PC1 and PC2 are now talking directly.

    **What would have happened if PC1 and PC2 where in different subnets? **

    alt text

    OK so PC1 would see that PC2 is not in it's own subnet so PC1 sends the message to PC2 via it's default gateway. Through arp we learned our own gateway's MAC so we use that as the destination MAC but the destination IP of PC2.

    So the message now looks like this

    Source IP 192.168.0.10
    Source Mask 255.255.255.0
    Source MAC AA:AA:AA:AA:AA:AA:AA:AA

    Destination IP 192.168.128.20
    Destination Mask 255.255.255.0
    Destination MAC BB:BB:BB:BB:BB:BB:BB:BB <------mac of the router

    The router then sees that this message is addressed to it at layer2 but is addressed to 192.168.128.20 at layer 3. It uses ARP to find PC2 and then forwards this message to PC1. But puts it's own MAC as the Source MAC.

    So now PC1 and PC2 are communicating through R1.

    But what would happen if PC1 and PC2 were on different VLANs

    Good question. All of the above still happens but the switch now adds a tag to the layer 2 frame. Remember that is all a VLAN is, it's a tag on the layer 2 frame. The Switch then uses this tag to determine if a Frame is allowed or not allowed on an individual port.

    Keeping the topology above PC1 would send a message to PC2. this message would go through E0/1 because it is on VLAn1 then the router would put that message on e0/0 which is on VLAN2. The VLAN tags get stripped when exiting a switch on a non trunk port.

    Think about this, if PC1 (being on VLAN1) sends a layer2 broadcast, Only those in VLAN1 would get it because the VLAN2 ports wouldn't allow the broadcast through. This would also effectively block layer 3 broadcast for the same reason, VLAN1 frames are not allowed on VLAN2 ports.

    I hope all this clarifies and doesn't further confuse.

    posted in Cisco read more
  • D
    Daniel Espinal

    going through setting it up I see all the reasons why it wouldn't work.

    Great learning experience. You mentioned a tunnel. I have yet to try a GRE set up. I have no clue how I'd go about doing it across 2 paths but learning is half the fun.

    posted in Cisco read more
  • D
    Daniel Espinal

    @Ronnie-Wong it's true what they say about a picture being worth a thousand words. It never even occurred to me to use Etherchannel in that way. That's such an interesting concept. Now I am curious as to the specifics of why it wouldn't work. I mean because of STP, traffic destined to a non root bridge from a non root bridge would be lost about 50% of the time. But is the possibility of creating loops the only reason why this wouldn't work? How about a topology like this

    alt text

    There are no loops because Routers don't forward broadcasts. Routing would be complicated I admit.

    I'm going to play around with this topology to see how it would fail and what I'd need to make it work.

    Very exciting!!.

    posted in Cisco read more
  • D
    Daniel Espinal

    I watched the video and what Don is referring to is Load Balancing.

    What Don did first was Load Balance by just using different Roots for different VLANS. This way VLANs would be restricted to a chosen path. This is what he called "fake load balancing". Etherchannel does actual load balancing across it's links. Depending on your hardware you can load balance according to Source/destination MAC or IP.

    When you try to load balance on the topology above using Etherchannels it doesn't really work the same because as I mentioned before, STP puts one channel into blocking so some traffic is going to have to take the long way around the network anyway.

    For example: if SW3 has PC3 on VLAN1 and it sends a message to PC2 on VLAN1 attached to SW2, it has to go through SW1 (assuming SW1 is the root bridge) because Port-channel 2 is in blocking.

    posted in Cisco read more
  • D
    Daniel Espinal

    @andrew-dorey My guess is Spanning Tree Protocol.

    STP will block traffic to one of the channels and keep it from staying up.

    EDIT:
    so I just tried it on GNS3 and it worked just fine. Although one of the channels is in blocking. I will watch the video to see exactly what is meant by "not going to work" maybe there's a context we are missing. Maybe he was referring to the fact that no traffic is going to be passing over 1 channel because it's in blocking.

    my topology
    alt text

    SW1
    alt text
    alt text

    SW2
    alt text
    alt text

    SW3
    alt text
    alt text

    my config

    sw1
    interface range eth 0/0-3
    switchport trunk enc dot
    switchport mode trunk
    channel-group 1 mode on

    interface range eth 1/0-3
    switchport trunk enc dot
    switchport mode trunk
    channel-group 2 mode on

    sw2
    interface range eth 1/0-3
    switchport trunk enc dot
    switchport mode trunk
    channel-group 1 mode on

    interface range eth 2/0-3
    switchport trunk enc dot
    switchport mode trunk
    channel-group 2 mode on

    sw3
    interface range eth 0/0-3
    switchport trunk enc dot
    switchport mode trunk
    channel-group 1 mode on

    interface range eth 2/0-3
    switchport trunk enc dot
    switchport mode trunk
    channel-group 2 mode on

    posted in Cisco read more
  • D
    Daniel Espinal

    @James-Schickley

    as long as you memorize it then write it down on the provided scrap paper they provide, yes you can use it.

    You can't print it out then take it with you to be used on the test.

    posted in Cisco read more
  • D
    Daniel Espinal

    Also check out this website for some fierce subnetting practice.

    http://www.subnetting.net/

    It will throw all types of subnetting questions at you.

    posted in Cisco read more
  • D
    Daniel Espinal

    @Ronnie-Wong said in CCENT - Troubleshooting - IP Interface Question:

    if you convert that 255.255.255.255 to Hex you're sending to FFFF.FFFF.FFFF, this is the Layer 2 broadcast address. So it's not limited to the Layer 3 subnet.

    not to be a jerk but 255.255.255.255 is a 32 bit number while FFFF:FFFF:FFFF is a 48 bit number. You can't really convert between them because of the structure of the two addresses anyway. IP addresses have 4 sets of 8 bit numbers while MACs have 3 sets of 16 bit numbers. 255.255.255.255 actually translates into FF-FF-FF-FF.

    This is a great question, I never realized there are different types of broadcasts. Learn something new everyday.

    Furthermore the reason why it's better to use the IP of 255.255.255.255 is that it's limited to the LAN as Ronnie pointed out. By default directed Broadcast are disabled because if not then anyone not on your LAN can send a broadcast to your local LAN. This is very dangerous.

    posted in Cisco read more