Entries Tagged as 'Switching'

Gratuitous ARP

Gratuitous ARP could mean both gratuitous ARP request or gratuitous ARP reply. Gratuitous in this case means a request/reply that is not normally needed according to the ARP specification (RFC 826) but could be used in some cases. A gratuitous ARP request is an AddressResolutionProtocol request packet where the source and destination IP are both set to the IP of the machine issuing the packet and the destination MAC is the broadcast address ff:ff:ff:ff:ff:ff. Ordinarily, no reply packet will occur. A gratuitous ARP reply is a reply to which no request has been made.

Gratuitous ARPs are useful for four reasons:

  • They can help detect IP conflicts. When a machine receives an ARP request containing a source IP that matches its own, then it knows there is an IP conflict.
  • They assist in the updating of other machines’ ARP tables. Clustering solutions utilize this when they move an IP from one NIC to another, or from one machine to another.
  • They inform switches of the MAC address of the machine on a given switch port, so that the switch knows that it should transmit packets sent to that MAC address on that switch port.
  • Every time an IP interface or link goes up, the driver for that interface will typically send a gratuitous ARP to preload the ARP tables of all other local hosts.

Tags: Switching by hengdu
No Comments »

PVLAN Configuration

Design wise, we may need divide one single VLAN (Broadcast Domain) to several sub-VLANs. That’s how PVLAN technology comes. Cisco 3550 doesn’t support this feature, but Cisco 3560 does. The detailed documentation is in here. This article focus on generic PVLAN configuration.

The requirement may be like this. On VLAN 100, there are 6 hosts. Host 1 and Host 2 can talk to each other. Host 3 and Host 4 can talke to each other. All four hosts cannot directly talk to host 5 in the layer 2. All 5 hosts can talk to Host 0 connected interface fa0/1.

First before first, VTP mode has to be transperant mode.

!
vtp mode transperant
!

First, we need to assign PVLAN type for each VLAN and sub-VLAN. There are three types: Primary, Community and Isolated.

vlan 100
private-vlan primary
private-vlan association 1000 1100 1200
!
vlan 1000
private-vlan community
!
vlan 1100
private-vlan community
!
vlan 1200
private-vlan isolated

Second, we need to vlan and port (physical interface) relationship. Normally, port will be promiscuous mode with primary VLAN. Also, this port should map primary VLAN to sub-VLANs. Otherwise, port will be host mode with host-association primary VLAN and sub-VLANs.

interface fa0/1
switchport private-vlan mapping 100 1000 1100 1200
switchport private-vlan mode promiscuous
!
!Connect to Host 1
!
interface fa0/2
switchport private-vlan host-association 100 1000
switchport mode private-vlan host
!
!Connect to Host 2
!
interface fa0/3
switchport private-vlan host-association 100 1000
switchport mode private-vlan host
!
!Connect to Host 3
!
interface fa0/4
switchport private-vlan host-association 100 1100
switchport mode private-vlan host
!
!Connect to Host 4
!
interface fa0/5
switchport private-vlan host-association 100 1100
switchport mode private-vlan host
!
!Connect to Host 5
!
interface fa0/6
switchport private-vlan host-association 100 1200
switchport mode private-vlan host
!

Also, some caveats should be noted

  • The VLAN database mode configuration is not support for Private VLAN.
  • Private VLAN is not propagated via VTP.
  • Isolated and community VLAN do not run their own instance of spanning tree. Tunning spanning tree has to be applied to Primary VLAN.
  • Private VLAN is broadcast restriction on Layer 2. There are still be able to communicate on Layer 3 if routed.

Tags: Networks, Switching by hengdu
2 Comments »

Keepalive Interface Level Command

Keepalive command is default on Interface Level. It does a lookback testing for every 10 seconds. it is called the “Configuration Test Protocol.” It is not part of the IEEE 802.3 standard, but it is part of the original Ethernet Standard. We can look the reference for details.

If we type “no keepalive” on interface level, we basically disable loopback testing for the link. Therefore, “no keepalive” is used to prevent the Cisco switch from disabling its uplinks due to “Loopback” cause.

Tags: Networks, Switching by hengdu
No Comments »