Switching Technologies

▪ Understanding how Switch works

▪ Basic switch configuration
▪ Understanding and configuring VLAN, Inter Vlan and VTP
▪ Understanding and configuring STP, RSTP, PVSTP
▪ Understanding and configuring Switch Port Security
▪ Understanding and configuring Ether Channel
▪ Understanding and configuring Redundancy Protocols (HSRP,
VRRP, GLBP)
Switch Overview

3
 Switch
A network switch is a computer networking
device that connects devices on a computer network by
using packet switching to receive, process, and forward
data to the destination device.

➢ Also called switching hub, bridging hub, officially MAC

bridge.

4
Cisco Catalyst Switches

Cisco Nexus 4000 Series Switches

Cisco Catalyst 9200 Series

Cisco SFS M7000E

Cisco Catalyst 2960-X Series

5
 Cisco Nexus 7000 Series

Cisco Catalyst 9600 Series

Cisco Catalyst 3560-CX Series

Cisco Industrial Ethernet 3010 Series

Cisco ME 1200 Series
6
Overview
A switch is a device in a computer network that connects other
devices together.

Switches manage the flow of data across a network by

transmitting a received network packet only to the one or more
devices for which the packet is intended.

Each networked device connected to a switch can be identified

by its network address.

Allowing the switch to direct the flow of traffic maximizing the

security and efficiency of the network.

A switch is more intelligent than an Ethernet hub.

7
 An Ethernet switch operates at the data link layer (layer 2) of the OSI model to
create a separate collision domain for each switch port.

 Each device connected to a switch port can transfer data to any of the other
ports at any time and the transmissions will not interfere.

➢ The network switch plays an central role in most modern Ethernet local area
networks (LANs).

➢ Small office/home office (SOHO) applications typically use a single switch, or an

all-purpose device such as a residential gateway to access small
office/home broadband services such as cable Internet.

8
Cisco Switch Led Indicators
MEANING OF DIFFERENT LIGHTS IN SWITCH

SYSTEM(SYST)
Overall status of the switch.

Off: Switch is not powered on

Green: Switch is working fine
Amber: Switch is powered on but faulty

REDUNDANT POWER SUPPLY(RPS)

Provides backup power to the switch if the main supply goes off.

Off: No RPS available,

Green: RPS is working fine
Blinking Green: Providing backup to some other device
Amber: RPS is faulty
Flashing Amber: RPS is providing backup(primary power off)

10
DUPLEX
Duplex status of the switch ports.

Off: Switch port is half duplex

Green: Switch port is full duplex

SPEED

Speed status of the switch ports.

Off: Switch port is operating at 10Mbps

Green: Switch port is operating at 100Mbps
Flashing green: Switch port is operating at 1000Mbps

11
STAT

Status of the switch ports.

Off: No device connected/port is administratively down.

Green: Device is connected.

Blinking green: Port is sending/receiving data.

Alternating green amber: Fault in link/Frames experiencing error

Amber: Port is blocked by Spanning Tree Protocol

12
Cisco Memory

13
 DRAM
➢ Dynamic Random Access Memory provides to two main device requirements.

➢ The first of these is known as Processor Memory which is reserved for exclusive
access by the CPU, which it uses when executing software running on the Cisco
IOS platform.

➢ Processor Memory also stores important data that is used frequently,

like the configuration settings in current use, and any routing tables.

➢ The second is Shared Memory, also known as Cisco Packet Memory.

➢ The function of Packet Memory is simple and self-explanatory: Data coming in

and being sent out is buffered to the Packet Memory portion of the available
DRAM before it is transmitted over the network interface.

14
EPROM

➢ Erasable Programmable Read-Only Memory is usually referred to as a BootROM.

➢ In Cisco devices, EPROM is generally loaded with two crucial firmware

components.

➢ The first is a boot loader which takes over should the device fail to find a valid
bootable image in Flash Memory, and provides alternate boot options.

➢ If even this failsafe should fail,

➢ The second firmware application installed on Cisco EPROM is used.

➢ The ROM Monitor has a user interface and includes options for troubleshooting
failures of the ROM chips.

15
NVRAM
➢ Non-Volatile Random Access Memory,

➢ stores important configuration information that is used by IOS

during boot and by some programs during startup, which is stored
in the Startup Configuration File.

➢ NVRAM also allows the functionality provided by the Cisco

Software Configuration Register, which allows a device to be
booted and selection from multiple Cisco IOS images that may be
available in Flash Memory.

➢ It is sometimes called Shared Memory.

16
Flash Memory

➢ Cisco Flash Memory is the most different of each of these types,

and it comes in many forms, however,

➢ its primary use is to store a bootable Cisco IOS image from which a
device can start.

17
Switch Boot Sequence

18
Switch Boot Sequence
After a Cisco switch is powered on, it goes through the following boot sequence:

Step 1. First, the switch loads a power-on self-test (POST) program stored in ROM. POST
checks the CPU subsystem. It tests the CPU, DRAM, and the portion of the flash device that
makes up the flash file system.

Step 2. Next, the switch loads the boot loader software. The boot loader is a small program
stored in ROM and is run immediately after POST successfully completes.

Step 3. The boot loader performs low-level CPU initialization. It initializes the CPU registers
that control where physical memory is mapped, the quantity of memory, and memory
speed.

Step 4. The boot loader initializes the flash file system on the system board.

Step 5. Finally, the boot loader locates and loads a default IOS operating system software
image into memory and hands control of the switch over to the IOS.

19
Typical management features
• Enable and disable ports
• Link bandwidth and duplex settings
• Quality of service configuration and monitoring
• MAC filtering and other access control list features
• Configuration of Spanning Tree Protocol (STP) and Shortest Path
Bridging (SPB) features
• Simple Network Management Protocol (SNMP) monitoring of
device and link health
• Port mirroring for monitoring traffic and troubleshooting
• VLAN configuration
• Network Access Control features

20
Types of Switches

21
 Types of Switches

Unmanaged switches

• Unmanaged switches have no configuration interface or options.

• They are plug and play.

• They are typically the least expensive switches, and therefore often
used in a small office/home office environment.

• Unmanaged switches can be desktop or rack mounted.

22
Managed switches

• Managed switches have one or more methods to modify

the operation of the switch.

• Common management methods include: a command-

line interface (CLI) accessed via serial
console, telnet or Secure Shell, an embedded Simple
Network Management Protocol(SNMP) agent allowing
management from a remote console or management
station, or a web interface for management from a web
browser.

23
Smart switches
• Smart switches are managed switches with a limited set of
management features.

• Likewise "web-managed" switches are switches which fall into a

market function between unmanaged and managed.

• For a price much lower than a fully managed switch they provide a
web interface (and usually no CLI access) and allow configuration
of basic settings, such as VLANs, port-bandwidth and duplex.

24
Enterprise managed switches
• Enterprise managed switches have a full set of management features, including
CLI, SNMP agent, and web interface.

• They may have additional features to manipulate configurations, such as the

ability to display, modify, backup and restore configurations.

• Compared with smart switches, enterprise switches have more features that can
be customized or optimized, and are generally more expensive than smart
switches.

• Enterprise switches are typically found in networks with larger number of

switches and connections, where centralized management is a significant savings
in administrative time and effort.

25
Broadcast Domain

26
Collision Domain

▪ it happens only in case of a half-duplex mode.

27
CSMA/CD

28
Power over Ethernet (PoE)
➢ Power over Ethernet is a capability that facilitates powering a device (such as an IP
phone, IP Surveillance Camera, or Wireless Access Point) over the same cable as the
data traffic.
➢ One of the advantages of PoE is the flexibility it provides in allowing you to easily place
endpoints anywhere in the business, even places where it might be difficult to run a
power outlet.
➢ Switches deliver power according to a few standards – IEEE 802.3af delivers power up
to 15.4 Watts on a switch port whereas IEEE 802.3at (also known as PoE+) delivers
power up to 30 Watts on a switch port.
➢ For most endpoints, 802.3af is sufficient but there are devices, such as Video phones
or Access Points with multiple radios, which have higher power needs.
➢ Select Cisco switches also support Universal Power over Ethernet (UPoE) or 60W PoE
that delivers up to 60 Watts on a switch port.
➢ A new PoE standard, 802.3bt, delivers even high levels of power for future
applications.
➢ To find the switch that is right for you, choose a switch according to your power needs.
When connecting to desktops or other types of devices which do not require PoE, the
non-PoE switches are a more cost-effective option.

29
Number of Ports

▪ Network switch sizes will be different.

▪ Fixed configuration switches typically come in 5, 8, 10, 16, 24, 28,

48, and 52-port configurations.

▪ These ports may be a combination of SFP/SFP+ slots for fiber

connectivity, but more commonly they are copper ports with RJ-
45 connectors on the front, allowing for distances up to 100
meters.

▪ With Fiber SFP modules, you can go distances up to 40 kilometers

30
Network Switch Speeds

➢ Network switch speeds vary.

➢ You can find fixed configuration switches in
➢ Fast Ethernet (10/100 Mbps),
➢ Gigabit Ethernet (10/100/1000 Mbps),
➢ Ten Gigabit (10/100/1000/10000 Mbps) and even 40/100 Gbps
speeds.

31
The small form-factor pluggable (SFP) is a compact, hot-pluggable
transceiver used for data communication applications.

These small metal devices plug into a special switch slot and support
communication over either fiber optic or copper networking cable.
 How The Switches Learn
MAC Address of End Devices

33
If System has IP address

Primary Functions of switch

Address Learning: Source MAC
Forward Filter Decision: Destination MAC
Loop Avoid : STP

Gratuitous ARP

36
If System has no IP address

DHCP Request

Source IP: 0.0.0.0

SM: 255.255.255.255
Source MAC : 0cc47a3271a4
D.M : FFFF FFFF FFFF

37
Switch Configuration
Using the Command-Line Interface

38
Accessing the Cisco Catalyst Switch CLI

39
Cabling the Console Connection

40
Available command modes include:

❑User EXEC Mode

❑Privileged EXEC Mode
❑Global Configuration Mode
❑Setup Mode
❑More than 100 configuration modes and sub modes.

41
Basic-Configuring Cisco IOS Software
Navigating between different switch command modes
User EXEC
Allow you to connect with remote devices, perform basic tests, temporary change
terminal setting and list system information.

Switch >Default mode after booting. Login with password, if configured.

Privileged EXEC
Allow you to set operating parameters. It also includes high level testing and list
commands like show, copy and debug.

Switch # Use enable command from user exec mode

Global Configuration
Contain commands those affect the entire system

Switch(config)# Use configure terminal command from privileged exec mode

42
Interface Configuration

Contain commands those modify the operation of an interface

Switch(config-if)#Use interface type number command from global configuration

mode

Sub-Interface Configuration

Configure or modify the virtual interface created from physical interface

Router(config-subif)#Use interface type sub interface number command from

global configuration mode or interface configure mode

43
Setup

Used by router to create initial configuration, if running configuration is not

present Parameter[Parameter value]: Router will automatically insert in
this mode if running configuration is not present

ROMMON

If router automatically enter in this mode, then it indicates that it fails to locate
a valid IOS image.

ROMMON>Enter reload command from privileged exec mode. Press CTRL + C

key combination during the first 60 seconds of booting process

44
Topology

45
 Switch Basic Configuration
Enter privileged mode
Switch>enable Switch>user mode
Switch# Switch#priviled mode

Examine the current running configuration file.

Switch#show running-config

Examine the current contents of NVRAM:

Switch#show startup-config

Examine the default VLAN settings of the switch.

Switch#show vlan

Switch#show version
Examine the characteristics of the virtual interface VLAN1:
Switch#show interface vlan1

view the IP properties of the interface:

Switch#show ip interface vlan1

Examine the default properties of the Fast Ethernet interface used by PC1.
Switch#show interface fastethernet 0/18

Issue one of the following commands to examine the contents of the flash
directory.
Switch#show flash
Switch#dir flash:

To view the contents of the startup configuration file, issue the show startup-
config command in privileged EXEC mode.
Switch#show startup-config
Enter the configuration commands, one for each line. When you are
finished, return to global configuration mode by entering the exit command
or pressing Ctrl-Z.

S1(config)#line console 0
S1(config-line)#password cisco
S1(config-line)#login

S1(config-line)#line vty 0 15
S1(config-line)#password cisco
S1(config-line)#login
S1(config-line)#exit
❑ Not require #no shutdown command
❑ We can’t assign IP address to interfaces
❑ Default VLAN 1
❑ We can assign IP address for only VLANs

#interface vlan 1
#ip address 142.100.65.100 255.255.255.0
#no shutdown
Access port

# interface fastethernet 0/18

#switchport mode access

# interface fastethernet 0/20

#switchport mode access

#sh run
#do show run
#do show history

50
#vlan 10
#name data

#int fa0/1
#switchport mode access
#switchpoer mode access vlan 10

#sh vlan bri

51
Interface Range

#interface range fa0/1 – 10

#switchport mode access
#switchport access vlan 10

#sh vlan bri

#sh run

52
Switch port speed Duplex

#interface fa 0/1 #interface fa0/1

#speed ? #duplex ?
#speed 10/100/auto

Switch port description

#interface fa0/10
#description HR PC connected

53
To save the contents of the running configuration file to non-volatile
RAM (NVRAM), issue the the command copy running-config startup-
config.

Switch#copy running-config startup-config

#copy run start
#wr

Erase configuration
#write erase
#reload
55
56
57
58
59
60
61
62
63
Switching

64
Layer-specific functionality

Modern commercial switches use primarily Ethernet interfaces.

The core function of an Ethernet switch is to provide a multiport
layer 2 bridging function.

Many switches also perform operations at other layers.

A device capable of more than bridging is known as a multilayer
switch.

Switches may learn about topologies at many layers and forward

at one or more layers.

65
Layer 1
✓ A layer 1 network device transfers data, but does not manage any
of the traffic coming through it, an example is Ethernet hub.

✓ Any packet entering a port is repeated to the output of every other

port except for the port of entry.

✓ A repeater hub can therefore only receive and forward at a single

speed.

✓ Since every packet is repeated on every other port,

packet collisions affect the entire network, limiting its overall
capacity.

66
Layer 2
 A layer 2 network device is a multiport device that uses hardware addresses,
MAC address, to process and forward data at the data link layer.

 A switch operating as a network bridge may interconnect devices in a home or

office. The bridge learns the MAC address of each connected device.

 Bridges also buffer an incoming packet and adapt the transmission speed to
that of the outgoing port.

 In LANs, a switch used for end user access typically concentrates lower
bandwidth and uplinks into a higher bandwidth.

 Interconnect between switches may be regulated using spanning tree protocol

(STP) that disables links so that the resulting local area network is a tree
without loops.

67
Layer 3
 A layer-3 switch can perform some or all of the functions normally performed
by a router.

 Most network switches, however, are limited to supporting a single type of

physical network, typically Ethernet, whereas a router may support different
kinds of physical networks on different ports.

 a layer-3 switch can increase efficiency by delivering the traffic of a multicast

group only to ports where the attached device has signaled that it wants to
listen to that group.

 Layer-3 switches typically support IP routing between VLANs configured on the

switch.
 Some layer-3 switches support the routing protocols that routers use to
exchange information about routes between networks.

68
Layer-3 switching

69
70
Layer 4
✓ While the exact meaning of the term layer-4 switch is vendor-dependent,

✓ it almost always starts with a capability for network address translation, and
may add some type of load distribution based on TCP sessions or advanced
QoS capabilities.

✓ The device may include a stateful firewall, a VPN concentrator, or be

an IPSec security gateway.
Layer 7
✓ Layer-7 switches may distribute the load based on uniform resource
locators (URLs), or by using some installation-specific technique to recognize
application-level transactions.

✓ A layer-7 switch may include a web cache and participate in a content delivery
network(CDN).

71
VLAN
LAN
➢ A LAN consist its all devices in a single Broadcast Domain

➢ A broad cast device sends a broadcast message, then all the devices get a
copy of a frame.
VLAN
➢ A VLAN is known as a virtual local area network, virtual LAN, or just VLAN.
➢ VLANs (Virtual LANs) are logical grouping of devices in the same broadcast
domain.
➢ VLANs are configured on switches by placing some interfaces into one
broadcast domain and some interfaces into another.
➢ VLANs can be spread across multiple switches.
➢ Each VLAN is treated like its own subnet or broadcast domain, which means
that frames broadcast onto the network are only switched between the ports
within the same VLAN.
How switches identify different VLANs

➢ A network switch distinguishes between VLANs by associating end-stations to

a specific VLAN.

➢ This is known as VLAN membership.

➢ An end-station must become a member of a VLAN before it can share the

broadcast domain with other end-stations on that VLAN.

VLAN membership can be based on one of the following:

▪ Switch ports
▪ End-station MAC addresses
▪ Protocol
Advantages of VLAN
VLAN Switchport Membership Modes

➢ When you configure a VLAN, you must assign it with an ID number, and you
can optionally give it a name.

➢ The purpose of VLAN implementations is to associate ports with particular

VLANs.

➢ You can configure a port to belong to a VLAN by assigning a membership mode

that specifies the kind of traffic the port carries and the VLANs to which it can
belong.

➢ A port can be configured to support these VLAN types:

▪ Static VLAN
▪ Dynamic VLAN
▪ Voice VLAN
Static VLAN
➢ This is when Ports on a switch are manually
assigned to a VLAN.

➢ Static VLANs are configured using the Cisco CLI.

➢ This can also be accomplished with GUI

management applications, such as the Cisco
Network Assistant.
Static Port mode configuration

Switch#config t
Switch(config)#interface fastEthernet0/15
Switch(config-if)#switchport mode access
Switch(config-if)#switchport access vlan 10
Switch(config-if)#end
Dynamic VLAN
➢ A dynamic port VLAN membership is
configured using a special server called a
VLAN Membership Policy Server (VMPS).

➢ With the VMPS, you assign switch ports to

VLANs dynamically, based on the source
MAC address of the device connected to the
port.

➢ The benefit comes when you move a host

from a port on one switch in the network to
a port on another switch in the network;
the switch dynamically assigns the new port
to the proper VLAN for that host.
Voice VLAN
➢ A port is configured to be in voice mode so that it can support an IP phone
attached to it.
➢ Before you configure a voice VLAN on the port, you need to first configure a
VLAN for voice and a VLAN for data.

Voice mode Configuration

Switch#configure terminal
Switch(config)#interface range fa0/2 - 24
Switch(config-if-range)#switchport mode access
Switch(config-if-range)#spanning-tree portfast
Switch(config-if-range)#switchport access vlan 50
Switch(config-if-range)#switchport voice vlan 10
Switch(config-if-range)#end
VLAN Tagging/ Frame Tagging
➢ Frame tagging is used to identify the VLAN that the frame belongs to in a
network with multiple VLANs.

➢ The VLAN ID is placed on the frame when it reaches a switch from an access
port, which is a member of a VLAN.

➢ That frame can then be forwarded out the trunk link port.

➢ Each switch can see what VLAN the frame belongs to and can forward the
frame to corresponding VLAN access ports or to another VLAN trunk port.
 Switch Ports
➢ Switch ports are layer 2 interfaces which are used to carry layer 2 traffic.
➢ A single switch port can carry single VLAN traffic whether it is an access port or
trunk port.
➢ Frames are handled differently according to the type of link they are
traversing.
There are 2 different types of ports in a switched environment:

Access ports –
➢ This switch ports belongs to carry the traffic of only one vlan.
➢ By default, it will carry the traffic of native vlan (VLAN 1) .
➢ If the switch ports are assigned as access ports then it can be considered as the
switch ports belongs to a single broadcast domain.
➢ Any traffic arriving on these switch ports are considered as it belongs to the VLAN
assigned to the port.

Switch1(config)#interface fa0/0
Switch1(config-if)#switchport mode access
Trunk ports

➢ These switch ports belongs to and carry the traffic of more than one VLAN.

➢ To identify traffic belongs to which VLAN, VLAN identification method (802.1q

or ISL) are used.

➢ Also, to carry traffic between more than one vlan,

➢ then inter vlan routing is required, in which the link between router and
switch is configured as trunk as the link has to carry the traffic of more than
one VLAN
Configure a Trunk Port

SW1#config t
SW1(config)#interface fa0/1
SW1(config-if)#switchport mode trunk
SW1(config-if)#end
VLAN identification methods

➢ If the frame is forwarded out to a trunk link then a header or tag is added to
the frame header which specifies the VLAN to which the frame belongs.

➢ The frame is encapsulated at the sender’s switch and removed at the

receiver’s switch and then forwarded out to the ports which belongs to that
VLAN (according to the processing of switch).

There are 2 VLAN identification methods:

▪ Inter-Switch Link (ISL) and

▪ IEEE 802.1Q
802.1Q
➢ 802.1q is a VLAN tagging protocols developed by IEEE (Institute of Electrical and
Electronics Engineers).

➢ Since it is an open standard

➢ At the receiving end, the tag is removed and the frame is forwarded to the assigned
VLAN.

Switch(config)#interface Fa 0/1
Switch(config-if)#switchport trunk encapsulation 802.1q
Switch(config-if)#switchport mode trunk
Inter-Switch Link (ISL)
This is a VLAN identification method in which VLAN information is explicitly tagged
onto Ethernet frame.

➢ ISL is proprietary to CISCO switches.

➢ ISL functions at layer 2 by encapsulating a data frame with a new header and by
performing a new cyclic redundancy check (CRC).
➢ In ISL, the original frame is encapsulated and an additional header is added
before the frame is carried over a trunk link.
➢ At the receiving end, the header is removed and the frame is forwarded to the
assigned VLAN.
➢ ISL supports upto 1000 vlans.

Configuration (ISL):
Switch(config)#interface Fa0/1
Switch(config-if)#switchport trunk encapsulation isl
Switch(config-if)#switchport mode trunk
VLAN Configuration
Configuring VLANs
Switch1#config t
switch1(config)#vlan 10
switch1(config-vlan)#name orbit
switch1(config-vlan)#exit

switch1(config)#vlan 20
switch1(config-vlan)#name cisco
Switch11(config-vlan)#exit

Switch1(config)#vlan 30
Switch1(config-vlan)#name student
Switch1(config-vlan)#exit
Switch1(config)#exit

Switch1#show vlan brief

How to assign a switchport to a VLAN.

After creating your VLAN, you can assign a switch port to the VLAN.

VLAN 20, is statically assigned to port F0/8 on switch S1:

Switch1#config t
Switch1(config)#interface fa0/2
Switch1(config-if)#switchport mode access
Switch1(config-if)#switchport access vlan 20
Switch1(config-if)#no shut
Switch1(config-if)#exit
Switch1(config)#exit
Switch1#
How to delete VLANs

Switch1(config)#no vlan 10
Switch1(config)#end

➢ Alternatively, the entire vlan.dat file can be deleted using the

command delete flash:vlan.dat from privileged EXEC mode.

➢ After the switch is reloaded, the previously configured VLANs will no longer
be present.

➢ This effectively places the switch into is “factory default” concerning VLAN
configurations.
 #interface vlan 1
#ip address 142.100.65.100 255.255.255.0
#no shutdown

Configure a Switch Default Gateway

Enter global configuration mode. S1# configure terminal

Configure the switch default gateway. S1(config)# ip default-gateway 172.17.99.1

Return to privileged EXEC mode. S1(config)# end

S1# copy running-config startup-config

Routing between VLANs
Inter-VLAN Routing
➢ Inter-VLAN routing can be defined as a way to forward traffic between different
VLAN by implementing a router/L3 switch in the network.

➢ VLANs logically segment the switch into different subnets, when a router is
connected to the switch, an administrator can configure the router to forward the
traffic between the various VLANs configured on the switch.

➢ The user nodes in the VLANs forwards traffic to the router which then forwards the
traffic to the destination network regardless of the VLAN configured on the switch.
Inter VLAN Routing - Configuration
SW1#config t
SW1(config)#vlan 10
SW1(config-vlan)#vlan 20
SW1(config-vlan)#exit

SW1(config)#interface fa0/8
SW1(config-if)#switchport access vlan 10

SW1(config-if)#interface fa0/4
SW1(config-if)#switchport access vlan 10

SW1(config-if)#interface fa0/11
SW1(config-if)#switchport access vlan 20

SW1(config-if)#interface fa0/3
SW1(config-if)#switchport access vlan 20
SW1(config-if)#end

➢ In the above example, interfaces F0/4 and F0/8 has been configured on VLAN 10
using the switchport access vlan 10 command.
➢ The same process is used to assign VLAN 20 to interface F0/3 and F0/11 on switch
SW1.
R1#config t
R1(config)#interface fa0/0
R1(config-if)#ip address 192.168.1.1 255.255.255.0
R1(config-if)#no shut

R1(config-if)#interface fa0/1
RI(config-if)#ip address 192.168.2.1 255.255.255.0
RI(config-if)#no shut
RI(config-if)#end
 VTP
VLAN Trunking Protocol
VTP Introduction
➢ VTP (VLAN Trunking Protocol) is a Cisco proprietary messaging protocol used
by Cisco switches to exchange VLAN information.

➢ VTP synchronizes VLAN information (such as VLAN ID or VLAN name) with

switches inside the same VTP domain, which greatly simplifies network
administration.

➢ A VTP domain is simply a set of trunked switches with the matching VTP
settings (domain name, password and VTP version).

➢ All switches inside the same VTP domain share their VLAN information with
each other.
How does VTP works?
The switches do this by sending different messages to each other.

These messages allow them to update, maintain and synchronize their VLAN
databases.

Types of Message

1.Summery Advertisement

These messages are sent to let all the switches know the current revision
number of the VLAN database –

▪ Domain name
▪ Password
▪ Revision number
2.Subset Advertisement
These messages contain VLAN information so the other switches can add them to their
own database.

▪ Domain name
▪ Revision number
▪ VLAN info

Sync-Requirements
There are some requirements that need to be met before the switches will sync their
VLAN databases.

▪ Be in the same VTP domain

▪ Have the same VTP password if set
▪ Connect over a trunk
 VTP Modes
Each Cisco switch can operate in one of the three VTP modes:

▪ VTP Server mode

▪ VTP Client mode
▪ VTP Transparent mode
VTP server mode
➢ The default mode for cisco switches.
➢ A switch operating in this mode can create, modify, and delete VLANS.
➢ You can also specify other VTP configuration parameters on a VTP server, such
as VTP version and VTP pruning, for the entire VTP domain.
➢ A VTP server switch will propagate VLAN changes.
➢ To configure a switch as a VTP server, use the
#VTP mode server global configuration command.
➢ It supports normal VLAN range 1-1005
➢ It stores VLAN information in Vlan.dat file in NVRAM of switches.
VTP Client Mode
➢ It is not a default mode of VTP.
➢ A switch operating in this mode can’t change its VLAN
configuration.
➢ You cannot create, change, or delete vlans on a vtp client.
➢ Received vtp updates will be processed and forwarded.
➢ To configure a switch as a VTP server,
use the #vtp mode client global configuration command.
VTP Transparent Mode
➢ A switch opering in this mode doesn’t participate in VTP.
➢ A vtp transparent switch does not advertise its vlan
configuration and does not synchronize its vlan configuration
based on received advertisements, but it does forward received
vtp advertisements.
➢ You can create and delete vlans on a vtp transparent switch, but
the changes will not be sent to other switches.
➢ To configure a switch to use the vtp transparent mode, use
the #vtp mode transparent global configuration command.
VTP Pruning
▪ Pruning is a feature of VTP that can helps prevent unnecessary
traffic from being sent to switches with no ports on a particular
VLAN.

▪ The switches will 'prune' VLANs from trunks in order to reduce any
unnecessary bandwidth and resource usage.

▪ They do this by sending join messages.

VTP Configuration
To exchange VTP messages, the following requirements must be met:

▪ A switch has to be configured as either a VTP server or VTP client.

▪ VTP domain name has to be the same on both switches.
▪ VTP versions have to match.
▪ if present, VTP domain password has to be the same.
▪ The link between the switches has to be configured as a trunk link.
Overview of STP

➢ Spanning Tree Protocol (STP) is a network protocol designed to prevent

layer 2 loops.

➢ It is standardized as IEEE 802.D protocol.

➢ STP blocks some ports on switches with redundant links to prevent

broadcast storms and ensure loop-free topology.

➢ With STP in place, you can have redundant links between switches to
provide redundancy.
➢ SW2 sends a broadcast frame to SW1 and SW3.
➢ Both switches receive the frame and forward the frame out every port, except the port
the frame was received on.
➢ SW1 sends the frame to SW3.
➢ SW3 receives the frame, and sends the frame back to SW2.
➢ SW2 then again forwards the frame to SW1!
➢ The same thing also happens in the opposite direction.
➢ Without STP in place, these frames would loop forever.
➢ STP prevents loops by placing one of the switch ports into blocking state.
➢ In the topology above, STP has placed one port on SW3 into the blocking
state.

➢ That way, if SW3 receives a broadcast frame from SW1, it will not forward it
out the port connected to SW2.
STP Port States
Disable
It means that a port is administratively Shutdown.

Blocking
It means that neither a port is sending data nor receiving data,
But still it is receiving BPDU.

Listening
A port is preparing for forwarding state without learning MAC.

Learning
A port is preparing for forwarding state with learning MAC.

Forwarding
A port is forwarding and receiving the data.
How STP WORKS

32768

Bridge Protocol Data Unit

 1 Selecting the Root Bridge
2 Selecting the Root Port
3 Designated port & Non Designated Port

1 Selecting the root Bridge

- Act as Centralize switch

- Bridge ID = Priority(32768) + Mac Add of
Switch
- If same priority then it see the MAC address
- Send Hello Messages (BPDU) – 2Sec
- Every switch advertise as root Bridge and
Election will happen
- One of the all switches in the network one
elected as a root bridge.
- Lowest priority is a the root bridge
- Every LAN have one Root bridge
2 . Root Port
A Root Port is the port on the Switch with the least cost from the
"Switch" to the Root Bridge.

- The best path

- Based on the cost
- If cost is tie – Forwarding Bridge ID (1 Priority and 2 MAC)
- If MAC tie – Upstream Port number(Least Port no)
- For Every non-root bridge there is only one root port
Designated Port & Non-Designated Ports
➢ A Designated Port is the port on a "Local Area Network (LAN) segment" with the least
cost to the root bridge.

➢ The other end of a Designated Port is called as Non Designated Port (marked as NDP),

➢ if it is NOT a Root Port.

➢ Non Designated Port will be always in Blocking State, to avoid Layer 2 Switching
loops.
#spanning-tree vlan 1-4094 priority 0

Lower Bridge ID(only for DP b/w Root and non-Root). ROOT

Lower Cost of links…………………………………………………..19 - 19
Root BPDU ……………………………………………………………….0 - 0
Lower sender Bridge ID…………………………………………….SW2– SW2
Lower sender Port Priority………………………………………..128 - 128
Port Connection………………………………………………………..fa0/1 - fa0/2
Summary
1. all switches in a network elect a root bridge (switch). All working
interfaces on the root bridge are placed in forwarding state. The
switch with the lowest switch ID will become the root bridge.

2. all other switches, called “non-root bridges”, determine the best

path to get to the root bridge.
The port used to reach the root bridge (root port) is placed
in forwarding state.

3. on the shared Ethernet segments, the switch with the lowest cost
to reach the root bridge is placed into forwarding state.

4. all other interfaces are placed in blocking state and will not
forward frames.
STP Topology Changes

Direct Topology Change

-Root Bridge direct link goes down

Indirect Topology Change

- Root bridge indirect link goes down

Insignificant Topology Change

- When a end device connect the port goes up/down.

Spanning Tree Port fast

- Turn on pc will come up

- Then switch will goes to listening state for 15 sec
-And learning state for 15 sec
-Then it goes to forwarding state(waiting for 30 Sec)

➢ Port fast is feature when the end device connect it

puts directly in Forwarding state.

➢ We have to configure this feature in Access port.

➢ End devices, Servers and routers.

#spanning-tree portfast default

STP Uplink fast

In Non-Root Switch:

• When Root port is goes down

• Max Age will be 20sec
• Listening 15 + learning 15 sec
• BPDU 2 sec

• After 52 sec second root port

• Will be up

#Spanning-tree uplink fast

- Uplink fast is a feature which enable in non-root switches to put alternate root port
directly in forwarding state if root port goes down.
STP Backbone fast

➢ If root port goes down non-root switch assumes as root bridge

(Inferior BPDU)
➢ And sends a BPDU to another neighbor switch.
➢ Listening state 15 sec
➢ After 15 sec of Learning state Switch will understand the root
bridge.
➢ Root Link query Exchange

#spanning-tree backbone fast

Configuration
#spanning-tree vlan 1-4094 priority 0 / primary

1 - Configure all the ports as Trunks and verify

2 – Sh CDP neighbor

#debug spanning-tree events

#interface fa 0/1
#shut down
#no shutdown
Observe the out put of listening, learning state times
#interface fa0/1
#spanning-tree portfast ? Or #exit
#spanning-tree portfast default (for all ports) & (do it in all switches)

#sh history
To verify this #shutdown the port and no shutdown
Up link fast

Shut down the root port and

Alternate port will come up

#debug spanning-tree events #Un all

#interface fa0/19(root port)

Listening & Learning then forwarding

#Spanning-tree uplinkfast (in all non-root switches)

#interfce (root port)

#shut down
#no sht
Back Bone fast
#sh spanning tree (Find out the root)
& Verify which is DP and Non-dp port
- Inferior BPDU(sent by next after root bridge)

#interface range fa(root port)in non-root switch

#shut down
up to 15 seconds it will tells as root bridge
Check in all the switches root status

#spanning-tree backbonefast (in all switches)

- Go to a switch down a root port and verify
Protecting Spanning Tree Protocol
STP Root Guard
➢ The root guard feature of Cisco switches is designed to provide a
way to enforce the placement of root bridges in the network.
➢ Root guard limits the switch ports out of which the root bridge
may be negotiated.

- When we configured non-root bridge

into priority 0
- Non-DP port will get a BPDU 0
- Route guard is feature when it receive R.G
the BPDU zero from non-Dp root Switch R.G
Automatically the port will goes in to
Root-Inconsistence state(Block))

- Root guard apply on D.P

R.G
- We can resolve this problem by changing
Inconsistence state
non root bridge priority into default.
LAB
Configuration only on Designated ports.

#sh spaning tree

#Configure T

#interface range fa0/10 – 13(DP port)

#spaning-tree guard root

- configure this feature in all the switches In DP port

TEST

Forcefully change the non-root in to root bridge

#spaning-tree vlan 1-4094 pri 0

#sh span
- Check the status of the ports
STP Loop Guard
➢ The STP loop guard feature provides additional protection against
Layer 2 forwarding loops (STP loops).
- Loop guard is feature, when non-dp will not receive the BPDU,
then it places the ports in to Loop-In consistence state
• When DP sends BPDU,
• if blocking port not being receive the BPDU.

• Automatically non-dp port goes to listen,

learn and forward state.

• So again loops will create

• To resolve this problem loop guard feature

we need to configure on non-Dp.
LAB
#sh spanning tree
-find out non-Dp ports

#interface(non-dp ports)
#spaning-tree guard loop

TEST

-stop the bpdu by using below command

#interface range fa 0/4 – 6

#spaning-tree bpdufilter enable
-now port will not receive and sent any BPDU

#sh spanning-tree
-check the status
 STP BPDU Guard
BPDU Guard feature is used to protect the Layer 2 Spanning
Tree Protocol (STP) Topology from BPDU related attacks.

-When we connect end device to access port

it works normally
err-disable state
-If it is any attacker’s PC, then they change
the root guard priority 0
So easily then can hack the network

- When it receives bpdu message with

priority 0, bpdu guard changes that port
state into err-disable state.

- Enables in access ports

LAB #sh cdp neighbor
- Verify the access ports

- #sh spaning tree

- #interface range fa(access ports)

- #spanning-tree bpduguard enable

- We can enable globally

- #conf t
- #spaning-tree port bpduguard

- Shutdown the port and

- No sht
- now port will goes into err-disable state
STP BPDU Filter

• BPDU filter is a feature used

to filter sending or receiving BPDUs on a
switchport.
• To block completely BPDU on a particular SERVER
port.
• BPDU filters applies on server ports.
• When we enable the BPDU filter port not
send receive BPDUs.
• It is extremely useful on those ports
which are configured as portfast ports as
there is no need to send or receive
any BPDU messages on of these ports.
• BPDU filter can be configured globally or
under the interface level.
LAB
STP block on port

#sh cdp-neighbor

#interface fa 0/1 – 4
#spaning-tree bpdu filter default

- Now dp(trunk port) will not send bpdu message

- #sh spanning-tree

- Neither will not send and nor received BPDU

STP UDLD(Unidirectional Link Detection)
This is for fiber optic cable
-If you have connection one side Tx and another Rx
-If is there any problem in a link then it forward data or received
-In this situation we need to enable UDLD, it allows both side port up-up state
Then data will forward bidirectional
LAB

-can enable in all mode

-
#interface fa0/1 – 4
#udld aggressive

Apply in all switches

Advanced Spanning Tree Protocol
RSTP
Difference Between STP and RSTP Ports States
RSTP Ports Types
Edge Port
- Connected port (PC, Router, Server.)

Root Port
- Receiving lowest cost BPDU

Point-Point Port
- Switch to Switch Connectivity
RSTP Convergence Process Steps Introduction
Proposal:
- All switches sends BPDU to each other.
Synchronization:
- Puts all trunk ports in discording states.
- Then they will listen best BPDU and elect Root Bridge.
- DP and Root ports elects
Agreement:
- Non DP Ports and Alternate ports.
STP Protocols Types
STP Protocols Types
STP Protocols Types

802.1Q – This is also known as CST (Common Spanning Tree).

- It is developed to support VLANs

➢ It is a spanning tree standard developed by IEEE which elects only

one root bridge per whole topology.
➢ All the traffic flows over the same path (the best path to the root
bridge)
➢ It is very slow as it takes 32 seconds to converge.

Less CPU and memory required.

VLANS - 1-4094
No load balancing. 1-1005 Normal VLANS
1006-4094 Extended VLANs

Single Instance for all VLANS

Per-VLAN Spanning Tree (PVST)

➢ Per-VLAN Spanning Tree (PVST) is a Cisco proprietary

Spanning Tree Protocol (STP) which operates a separate
instance of Spanning Tree Protocol (STP) for each individual
VLAN.

1 VLAN – 1 Instant
10 VLANs – 10 Instants

CST PVST
PVST+
Per VLAN Spanning Tree + (PVST+) –

➢ It is a spanning tree standard developed by Cisco for its devices which finds
the root bridge per VLAN.
➢ It is a Cisco default version of STP.
➢ It finds separate 802.1d spanning tree instance for each VLAN.
➢ It also provides backward comparability with 802.1d or CST.
➢ This is more optimized to the IEEE because it provides optimal path selection
as separate instance of STP per VLAN is find.
➢ This is as slow as CST.

▪ Bandwidth consumption is lesser than CST.

▪ Optimum load balancing is achieved.
▪ switches take 50 seconds for converging.
▪ More resources (CPU and memory) is required.
802.1w – Rapid Spanning Tree Protocol (RSTP) –

➢ It is a spanning standard developed by IEEE which provides faster

convergence than CST but holds the same idea of finding a single
root bridge in the topology.

➢ The bridge resources needed in RSTP is higher than CST but less
than PVST+ .

Rapid Per VLAN Spanning Tree + (RPVST+) –

➢ This Spanning Tree standard is developed by Cisco which provides faster

convergence than PVST+ and finds separate instance of 802.1w per
VLAN.

➢ It requires much more CPU and memory than other STP standards.
802.1s (Multiple Spanning Tree) :-

➢ This standard is developed by IEEE in which grouping of VLANs is done and for
each single group, RSTP is run.

➢ This is basically a Spanning Tree Protocol running over another Spanning Tree
Protocol.

Advantages:

1. High redundancy
2. load balancing can be achieved.
3. lower CPU and memory usage is required

Disadvantages:

1. More configuration is required and not easy to implement.

Ether Channel
Ether Channel
▪ Ether channel is a port link aggregation technology (or)
▪ Port channel architecture used primarily on Cisco switches.
▪ It allows grouping of several physical ethernet links to create
one logical ethernet link
▪ For the purpose of providing fault-tolerance and high-speed
links between switches, routers and servers.
▪ Increased bandwidth: use ether channel and combine two or
four links into one logical link.
▪ It will double or expand your bandwidth.
#Sh spanning-tree

Switch 1 Switch 2

1. Trunk Ports Configuration 1. Trunk Ports Configuration

#conf t #conf t
#Interface range fa0/23 – 24 #Interface range fa0/20 – 21
#channel-protocol Pagp #channel-protocol Pagp
#Channel-group 1 mode desirable #Channel-group 1 mode auto

#Sh ether channel summary

Switch Port Security
Switch Port Security
• The switch port security feature (port security) is an important
piece of the network switch security puzzle;
• It provides the ability to limit what addresses will be allowed to
send traffic on individual switch ports within the switched
network.
• Switch port security limits the number of valid MAC addresses
allowed on a port.
• If the maximum number of secure MAC addresses has been
reached, a security violation occurs when a device with a
different MAC addresses try to attach to that port.
#sh port security

#sh interface fa0/10

Implementing High Availability Networks
▪ The main purpose of the above protocols is to provide
redundancy to the default gateway (router or Layer3 switch) in
a LAN environment.
HSRP States

A router interface participating in HSRP must progress through several

states before settling into a role:

• Disabled(either not configured for HSRP, or is administratively shutdown)

• Initial(configured with HSRP, administratively shutdown state)
• Learn(does not know the HSRP virtual IP address, it will be learned from the current
Active router via hello packets)
• Listen(knows the virtual IP address, but was not elected as either the Active or
Standby Router.)
• Speak(currently participating in the election of an active or standby router)
• Standby(the interface is acting as a backup to the active router.)
• Active(live gateway, and will forward traffic
sent to the virtual IP address. Hosts will use the virtual IP address as their default
gateway.)

Hello packets are only exchanged in three HSRP states:

 Speak
 Standby
 Active
HSRP Preempt

If a new router is added to an HSRP group, it will not preemptively assume

the role of the active router, even if it has the best priority.

In fact, the router that is first powered on will become the active router, even
if it has the lowest priority!
Basic Configuration of HSRP
R1

interface Ethernet0/1
description LAN Interface of Active Router
ip address 192.168.1.1 255.255.255.0
standby 1 ip 192.168.1.254 <—- Create HSRP Group 1 and assign Virtual IP
standby 1 priority 101 <—- Assign priority above 100 to make this the primary
router
standby 1 preempt <—- Makes router active if it has higher priority

R2

interface Ethernet0/1
description LAN Interface of Standby Router
ip address 192.168.1.2 255.255.255.0
standby 1 ip 192.168.1.254 <—- Create HSRP Group 1 and assign Virtual IP
standby 1 preempt <—- Makes router active if it has higher priority

#show standby
#int s0/0/0
#standby 10 track serial 0/0/0 #standby timers 5 15
 VRRP
Virtual Router Redundancy Protocol
▪ Unlike HSRP which is Cisco proprietary, VRRP is a Redundancy
Protocol which operates in a network with multi-vendor
devices.

▪ VRRP offers the same benefits of HSRP, VRRP operates similar

to HSRP by electing an active router called the Master among
a group of routers that stores a configured virtual IP and MAC
address.

▪ Similar with HSRP, when there is a failure on the active router

interface, VRRP would trigger the standby router (backup) to
then become the Master and subsequently forward the
client’s traffic.

▪ VRRP uses multicast (224.0.0.18) for its hello mechanism and

elections.
▪ If a VRRP active router is configured with the IP address of the virtual router
and the IP address of the physical interface, this router will function as a
virtual router master.

▪ You use the vrrp priority command to enable the a VRRP router to functions
as a virtual router as well as a backup should the virtual router master fails.
You can configure the priority of each virtual router backup with a value of 1
through 254 using the vrrp priority command.

▪ For example, if Router A, the virtual router master in a vrrp group fails, an
election process takes place to determine if virtual router backups B or C
should take over. If Routers B and C are configured with the priorities of 90
and 100, respectively, Router B is elected to become virtual router master
because it has the higher priority.
• If Routers B and C are both configured with the priority of 100,
the virtual router backup with the higher IP address is elected to
become the virtual router master.

VRRP Preemption

• Unlike in HSRP, VRRP preemption is enabled by default, which

enables a higher priority virtual router backup that becomes
accessible to take over from the virtual router backup that was
elected to become virtual router master.

• However, pre-emption can be disabled using the no vrrp

preempt command. If preemption is disabled, the virtual router
backup that is elected to become virtual router master remains
the master until the original virtual router master recovers and
becomes master again.
VRRP Advertisements.

The virtual router (master) sends VRRP advertisements to other

VRRP routers in the same group. The priority and state of the
virtual router master are carried in the advertisements.

The VRRP advertisements are encapsulated in IP packets and sent

to the IP Version multicast address assigned to the VRRP group.

Advertisements are sent every second by default; you can also

configure what intervals you want the adverts sent.
VRRP Configuration

R1

interface Ethernet0/1
description LAN Interface of Active Router
ip address 192.168.1.1 255.255.255.0
vrrp 1 ip 192.168.1.254 <—- Create VRRP Group 1 and assign Virtual IP
vrrp 1 priority 101 <—- Assign priority above 100 to make this the primary
router
vrrp 1 preempt <—- Makes router active if it has higher priority

R2

interface Ethernet0/1
description LAN Interface of Standby Router
ip address 192.168.1.2 255.255.255.0
vrrp 1 ip 192.168.1.254 <—- Create VRRP Group 1 and assign Virtual IP
vrrp 1 preempt <—- Makes router active if it has higher priority
 GLBP
Gateway Load Balancing Protocol
Gateway Load Balancing Protocol (GLBP)

➢ To overcome the shortcomings in HSRP and VRRP, Cisco developed the proprietary
Gateway Load Balancing Protocol (GLBP).
➢ Routers are added to a GLBP group, numbered 0 to 1023.
➢ Unlike HSRP and VRRP, multiple GLBP routers can be active, achieving both
redundancy and load balancing.
➢ A priority is assigned to each GLBP interface - 100 by default.
➢ The interface with the highest priority becomes the Active Virtual Gateway (AVG).
➢ If priorities are equal, the interface with the highest IP will become the AVG.
➢ Routers in the GLBP group are assigned a single virtual IP address.

➢ Hosts will use this virtual address as their default gateway.

➢ The AVG will respond to ARP requests for the virtual IP with the virtual MAC address
of an Active Virtual Forwarder (AVF).

➢ Up to three routers can be elected as AVFs.

➢ The AVG assigns a virtual MAC address to each AVF, and to itself, for a maximum
total of 4 virtual MAC addresses.

➢ Only the AVG and AVFs can forward traffic for hosts.

➢ Any router not elected as an AVF or AVG will become a Secondary Virtual Forwarder
(SVF), and will wait in standby until an AVF fails.
GLBP configuration is nearly identical to HSRP:

SwitchB(config)# interface gi2/22

SwitchB(config-if)# glbp 1 priority 150
SwitchB(config-if)# glbp 1 preempt
SwitchB(config-if)# glbp 1 ip 10.1.1.1

Remember that the interface with the highest priority is elected as the AVG.

Preemption is disabled by default with GLBP.

What determines whether a router becomes an AVF or SVF?

Each router is assigned a weight, and the default weight is 100.

A higher weight is preferred.

Weight can be configured two ways:

 Statically
 Dynamically, by tracking an interface

To manually specify the weight of a router:

SwitchB(config)# interface gi2/22

SwitchB(config-if)# glbp 1 weighting 150

Like VRRP, GLBP cannot directly track an interface.

Instead, an interface must be specified as a tracked object:

SwitchB(config)# track 10 interface gi2/23

The tracked object can then be referenced as part of a weighting command:

SwitchB(config)# interface gi2/22

SwitchB(config-if)# glbp 1 weighting track 10 decrement 65
Note that the tracking object-number must match.

By default, the weight will decrement by 10.

Weight thresholds can be configured, forcing a router to relinquish its AVF

role if it falls below the minimum threshold:

SwitchB(config)# interface gi2/22

SwitchB(config-if)# glbp 1 weighting 150 lower 90 upper 125

If the weight falls below the lower threshold, the router must stop functioning as an
AVF.

The router will become an AVF again once its weight reaches the upper threshold, as
long as preempt is configured.
The AVG assigns a virtual MAC address to itself and up to three AVFs.

The AVG will respond to ARP requests for the virtual IP address with one of these virtual
MAC addresses.

This allows GLBP to provide load balancing in addition to redundancy.

GLBP supports three load balancing methods:

 Round Robin
 Weighted
 Host-dependent
The default load balancing method is per-host round robin.

Traffic from hosts is distributed equally across all routers in the GLBP group.

The AVG will respond to the first host ARP request with the first virtual MAC address.

The second ARP request will receive the second virtual MAC address, etc.

The weighted load balancing method will distribute traffic proportionally, based on a router’s
weight.

Routers with a higher weight will receive a proportionally higher percentage of traffic.
The load balancing method should be configured on the AVG:

SwitchB(config-if)# glbp 1 load-balancing round-robin

SwitchB(config-if)# glbp 1 load-balancing weighted
SwitchB(config-if)# glbp 1 load-balancing host-dependent

Other fun facts about GLBP:

 Hello packets are sent every 3 seconds.

 Hello packets are sent to multicast address 224.0.0.102.
 The default holddown time is 10 seconds.
 UDP port no 3222
 The virtual MAC address is the reserved 0007.b4xx.xxyy, with xxxx representing the
GLBP group number, and yy representing the AVF
number.

To view the status of each GLBP group:

SwitchB# show glbp

GLBP Configuration

R1
interface Ethernet0/1
description LAN Interface of Primary Router
ip address 192.168.1.1 255.255.255.0
glbp 1 ip 192.168.1.254 <—- Create GLBP Group 1 and assign Virtual IP
glbp 1 priority 101 <—- Assign priority above 100 to make this the primary router
glbp 1 preempt <—- Makes router active if it has higher priority
glbp 1 load-balancing round-robin <—- Configure round-robin balancing of traffic

R2
interface Ethernet0/1
description LAN Interface of Secondary Router
ip address 192.168.1.2 255.255.255.0
glbp 1 ip 192.168.1.254 <—- Create GLBP Group 1 and assign Virtual IP
glbp 1 preempt <—- Makes router active if it has higher priority
glbp 1 load-balancing round-robin <—- Configure round-robin balancing of traffic
Comparison between HSRP Vs VRRP Vs GLBP

•HSRP and VRRP are very similar. Both have one active and one standby router at
any given time.
•GLBP is the only one which provides load balancing of traffic among the devices in
the group.
•HSRP and GLBP are Cisco proprietary.
•VRRP is an IETF standard (RFC 3768) so it is supported by all router vendors.
•If you have a mixed vendor environment (e.g Cisco, Juniper etc) than its better to
use VRRP.
•All protocols support more than 2 routers in a group.
•All protocols support tracking. This means that you can track an interface of the
router (or other network conditions) and if something goes wrong (e.g interface goes
down or a destination tracked host does not respond) then a failover action is
triggered.
•HSRP and GLBP support IPv6. The original VRRP does not support IPv6 but you
need a special version of VRRPv3 for this.
LAB
HSRP/VRRP/GLBP
1. Assign the ip address to all the interfaces
2. Config Default routing in Gateways
3. Config the static routing in ISP routing
4. Create loopback interface in ISP router

#ip route 0.0.0.0 0.0.0.0 <Next hop add>

HSRP
GW1#int fa0/0
#standby 1 ip 192.168.1.150 (VIP)
#standby 1 priority 120

#sh standby/bri