Differents vlan types :
- Promisicous/primary : a port/vlan that could communicate to all other private vlan associated with.
- Community : a port/vlan that could communicate with each other and with primary associated with.
- Isolated : a port/vlan that could communicate with primary associated with only.
A primary port can contains one isolted vlan and multiple communities vlan
Configuration
- Create the differents vlan
vlan 10
private-vlan primary
vlan 20
private-vlan community
vlan 30
private-vlan isolated
-Associate the vlan with a primary vlan
vlan 10
private-vlan association 10,20
Configure interface
On the following example,
- port 21 & 22 could communicate with each other and with port 1
- port 31 & 32 could not communicate with each other but could with port 1
- Port 1 could communicate with port 21,22,31,32
int f0/1
switchport mode private-vlan promiscious
switchport private-vlan mapping 10 add 20 30
int range f0/21-22
switchport mode private-vlan host
switchport private-vlan host-association 10 20
int range f0/31-32
switchport mode private-vlan host
switchport private-vlan host-association 10 30
lundi 12 octobre 2009
vendredi 9 octobre 2009
Difference between BPDUGuard & BPDU Filtering
Thoses functions could be enabled globally for all PortFast ports :
span portfast bpdufilter default
span portfast bpduguard default
Or by interfaces.
The main difference is :
- Bpdu Guard will shutdown the port if a bpdu is received on a portfast port
- Bpdu filter will prevent inbound and outbound bpdu but will remove portfast state on a port if a bpdu is received.
span portfast bpdufilter default
span portfast bpduguard default
Or by interfaces.
The main difference is :
- Bpdu Guard will shutdown the port if a bpdu is received on a portfast port
- Bpdu filter will prevent inbound and outbound bpdu but will remove portfast state on a port if a bpdu is received.
jeudi 8 octobre 2009
Mac address Notification
The purpose is to notify a NMS of mac address changes :
Enable the TRAP :
snmp-server enable traps mac-notification
Enable the MAC notification globally :
mac address-table notification change
Enable the change on the port :
snmp trap mac-notification change [added | removed]
Limit the traps :
mac address-table notification interval seconds
mac address-table notification history-size messages
Verify :
show mac address-table notification change
Enable the TRAP :
snmp-server enable traps mac-notification
Enable the MAC notification globally :
mac address-table notification change
Enable the change on the port :
snmp trap mac-notification change [added | removed]
Limit the traps :
mac address-table notification interval seconds
mac address-table notification history-size messages
Verify :
show mac address-table notification change
Automatic IPv6 Tunnel
IPv6-IPv4 Compatible
Adress format : ::A.B.C.D/96
IPv4 Tunnel Source : IPv4 source interface
IPv4 Tunnel Destination : Deducted from the IPv6-Ipv4 compatible addess
IPv6 tunnel interface : Automatically generated from IPv4 Tunnel Source
Configuration
int tunnel 0
tunnel source int lo 0
tunnel mode ipv6ip auto-tunnel
6To4
Adress format : 2002:ipv4-border-router:/48
IPv4 Tunnel Source : IPv4 source interface
IPv4 Tunnel Destination : Deducted from the 6to4 addess
IPv6 tunnel interface : 2002:ipv4-border-router::/48
Configuration
int tunnel 0
tunnel source int lo 0
tunnel mode ipv6ip 6to4
ipv6 address 2002:ipv4-source-address::1/64
ipv6 router 2002::/16 tunnel 0
ISATAP
Adress format : ipv6-global-address:0000:5EFE:ipv4-border-router/128
IPv4 Tunnel Source : IPv4 source interface
IPv4 Tunnel Destination : Deducted from the ipv4 embedded address on ISATAP addess
IPv6 tunnel interface : Generated from the configured ipv6 prefix + ipv4-source-address
Configuration
int tunnel 0
tunnel source int lo 0
tunnel mode ipv6ip isatap
ipv6 address 2001:x:y::/64 eui-64
Adress format : ::A.B.C.D/96
IPv4 Tunnel Source : IPv4 source interface
IPv4 Tunnel Destination : Deducted from the IPv6-Ipv4 compatible addess
IPv6 tunnel interface : Automatically generated from IPv4 Tunnel Source
Configuration
int tunnel 0
tunnel source int lo 0
tunnel mode ipv6ip auto-tunnel
6To4
Adress format : 2002:ipv4-border-router:/48
IPv4 Tunnel Source : IPv4 source interface
IPv4 Tunnel Destination : Deducted from the 6to4 addess
IPv6 tunnel interface : 2002:ipv4-border-router::/48
Configuration
int tunnel 0
tunnel source int lo 0
tunnel mode ipv6ip 6to4
ipv6 address 2002:ipv4-source-address::1/64
ipv6 router 2002::/16 tunnel 0
ISATAP
Adress format : ipv6-global-address:0000:5EFE:ipv4-border-router/128
IPv4 Tunnel Source : IPv4 source interface
IPv4 Tunnel Destination : Deducted from the ipv4 embedded address on ISATAP addess
IPv6 tunnel interface : Generated from the configured ipv6 prefix + ipv4-source-address
Configuration
int tunnel 0
tunnel source int lo 0
tunnel mode ipv6ip isatap
ipv6 address 2001:x:y::/64 eui-64
Inscription à :
Articles (Atom)