NetworkJutsu

Networking & Security Services | San Francisco Bay Area

Switching

Switch port density

By Leave a Comment

A Network Engineer was tasked to upgrade the existing switch infrastructure for a site since the current infrastructure does not support PoE for the new project – VoIP and IP enabled CCTV cameras. Upon investigating, he saw that the site has three switches and some ports were not lit up and now needs to know if those ports were lit up last week to help him decide how many switches he really needs to order. Ordering the same amount of switches will drive up the cost, which he is not willing to do since the company is tight with money. Now, the question is, how can he tell that the port is really unused or the people are just on vacation and their PCs are turned off?

There may be tools out there that I am unaware of, but Cisco IOS has a built in show command that you are already familiar with. This is the show interface command. Please look below for the example.

The show command output below was issued on a switch with an uptime of 6 months.

Switch#sh int g0/32
GigabitEthernet0/32 is down, line protocol is down (notconnect)
  Hardware is Gigabit Ethernet, address is f866.f2fd.c020 (bia f866.f2fd.c020)
  MTU 1500 bytes, BW 10000 Kbit, DLY 1000 usec,
     reliability 255/255, txload 1/255, rxload 1/255
  Encapsulation ARPA, loopback not set
  Keepalive set (10 sec)
  Auto-duplex, Auto-speed, media type is 10/100/1000BaseTX
  input flow-control is off, output flow-control is unsupported
  ARP type: ARPA, ARP Timeout 04:00:00
  Last input never, output never, output hang never
  Last clearing of "show interface" counters never
  Input queue: 0/75/0/0 (size/max/drops/flushes); Total output drops: 0
! Remaining output were omitted for brevity

The output below is a port with activity.

Switch#sh int g0/24
GigabitEthernet0/24 is up, line protocol is up (connected)
  Hardware is Gigabit Ethernet, address is f866.f2fd.c041 (bia f866.f2fd.c041)
  Internet address is 172.30.99.37/30
  MTU 1500 bytes, BW 100000 Kbit, DLY 100 usec,
     reliability 255/255, txload 1/255, rxload 1/255
  Encapsulation ARPA, loopback not set
  Keepalive set (10 sec)
  Full-duplex, 100Mb/s, media type is 10/100/1000BaseTX
  input flow-control is off, output flow-control is unsupported
  ARP type: ARPA, ARP Timeout 04:00:00
  Last input 00:00:00, output 00:00:00, output hang never
  Last clearing of "show interface" counters never
  Input queue: 0/75/0/0 (size/max/drops/flushes); Total output drops: 0
! Remaining output were omitted for brevity

If you compare the line where it says “Last input”, you’ll see that the first show interface command output says “never” while the other one is saying 00:00:00. Since this switch has been up for six months, it is safe to assume that this port hasn’t been used for six months so time to move on to another port and collect the total port count.

Fortunately, the Network Engineer took his time to collect the information and only ordered two switches which saved the company over $6,000! IT, in most companies, do not generate revenue but can definitely help with the company’s bottom line by spending money efficiently and effectively.

I hope this has been helpful and I thank you for reading!

Follow my CCIE journey on Twitter!


Switch Port Template

By Leave a Comment

This post will cover a switch port template that I consistently use for user switch ports. These commands also help in speeding up switch port initialization. Anything that speeds up the process is normally a good thing.

Without further ado, here are the commands that I use for user access switch ports, excluding QoS settings which will be covered in the future article:

Switch (config)# int range g0/1 - 48
 switchport host
 spanning-tree bpduguard enable
 switchport access vlan 10
 switchport voice vlan 20

The switchport host macro command was designed to facilitate the configuration of switch ports that connect to end stations. Entering this command sets the switch port mode to access, enables spanning tree PortFast, and disables channel grouping, all at the same time. You will also see a notification of what it did once the command took effect, as shown below. Additionally, you can also hard code the speed and duplex to prevent auto negotiation process to initiate. Other Network Engineers will tell you to disable anything auto, but I personally leave the auto negotiation for speed and duplex alone. I only mess with speed and duplex if the node does not negotiate properly and there’s no way to change the settings to auto.

Switch (config-if)#sw host
switchport mode will be set to access
spanning-tree portfast will be enabled
channel group will be disabled

For more information about the switch port initialization, please read this post.

I hope this has been helpful and I thank you for reading!

Reference

Switching Infrastructure

Disclosure

NetworkJutsu.com is a participant in the Amazon Services LLC Associates Program, an affiliate advertising program designed to provide a means for sites to earn advertising fees by advertising and linking to Amazon.com.

Cisco STP Toolkit

By Leave a Comment

STP (Spanning Tree Protocol) is a great invention by Radia Perlman. The protocol was designed to ensure that Layer 2 Ethernet network is loop-free. “Algorhyme” is a poem by Radia Perlman that pretty much summarizes what STP is. While this is a great invention, it needed some improvements. Say hello to Cisco’s STP Toolkit.

Cisco STP Toolkit is a collection of STP extensions that improves the performance of the original IEEE 802.1D STP algorithm. Here are the extensions included in the STP Toolkit:

  • PortFast – Mostly used in access ports, but can be used in trunk ports. If you choose to enable PortFast on trunk ports, make sure you’re not creating a loop. This extension causes an access port or trunk port to go to Forwarding STP state immediately, basically skipping the listening and learning state.
  • UplinkFast – Used in uplink ports to speed up STP convergence after a direct failure.
  • BackboneFast – Speeds up STP convergence after an indirect failure. This extension needs to be enabled on all network devices to take advantage of the feature.
  • Loop Guard – Helps prevent Layer 2 loop when there is an unidirectional link failure. It prevents an alternate or root port from becoming a designated port if it stops receiving BDPUs, it transitions to loop-inconsistent state.
  • Root Guard – Prevents external switches becoming a root. These are normally enabled on ports connecting to downstream switches. When a superior BPDU is received from an interface where root guard is enabled, the switch port will transition to root-inconsistent state.
  • BPDU Guard – When PortFast is enabled on a port, this STP extension helps prevent bridging loops by transitioning a switch port to err-disabled upon receiving a BPDU.
  • BPDU Filter – This STP extension prevents PortFast-enabled ports from sending and receiving BPDUs – effectively disabling STP at the edge which can lead to bridging loops. This is not a recommended configuration per the authors of CCDP ARCH Self-Study Guide.
  • UDLD (Unidirectional Link Detection) – This STP extension prevents bridging loops by monitoring the fiber optic and/or twisted-pair links and detecting if a one-way or unidirectional communication exists. If it detects a unidirectional communication, it will shut down the interface and there will be a system alert.

Some Cisco documentation include UDLD and BPDU Filter and some do not. Just for the sake of completion, I included them both here.

I hope this has been helpful and thank you for reading!

Disclosure

NetworkJutsu.com is a participant in the Amazon Services LLC Associates Program, an affiliate advertising program designed to provide a means for sites to earn advertising fees by advertising and linking to Amazon.com.