CCIE RS – Written – L2 – Implement and Troubleshoot Spanning-tree

Implement and Troubleshoot Spanning-tree

Messaging between switches to stabilize network into logical loop free topology

  • STP causes some ports not to forward or receive traffic (blocking)
  • Remaining ports are forwarding
  • Together provide loop free to every ethernet segment in network

STP Types

  • 802.1D – PVST+ (Legacy)
  • 802.1S – RPVST+
  • 802.1W – MST

BPDU – Bridge Protocol Data Units

  • Protocol ID – value set
    • Configuration – 0x00
    • Topology Change Notification – 0x80
  • Flag uses 2 of 8 bits
  • Message Age Field
    • Estimation age of BPDU since orignated from root bridge
    • Root bridge sets to 0
    • Each switch increases value by 1 when sending
  • BPDU’s are compared to find which one is superior by comparing and looking for lowest value:
    • Root bridge ID, root path cost, sender bridge ID, sender port ID, receiver port ID (locally evaluated)
    • Comparison stops at first lowest value
  • BPDU allows STP to select:
    • Exactly 1 root bridge per switched environment
    • Exactly 1 root port on a non-root switch
    • Exactly 1 designated port for each connected network segment
  • Only configuration BPDUs are compared
  • TCN’s do not carry information to build loop free environment


  • Set by the root bridge
  • Timers configured on non-root are not used
  • Timer Types
    • Max Age
    • Hello Time
    • Forward Delay

Process Steps

  • Elect root bridge
    • Switch with lowest bridge ID
    • Bridge ID is 2 bytes followed by MAC
  • Determine each switches root port
  • Determine designated port for each segment

Electing the Root Bridge

  • Can only be 1 switch
  • Switches hold election by sending STP Hello BPDU claiming to be root
  • If switch hears a superior BPDU (lowest bridge ID) it’ll stop claiming to be root and forward the superior BPDU
  • Bridge ID format

Determining the Root Port

  1. Root switch creates and sends hello every hello timer (2 seconds by default)
    1. Hello contains Root Bridge ID and SBID
  2. Each nonroot switch receiving BPDU on a particular port adds port cost to root port cost value
    1. Port receiving superior BPDU is declared root port
  3. Hellos received on root port are forwarded to designated ports
    1. Hellos received on other ports are processed but not forwarded
  4. Hellos are not forwarded out root port or ports in blocking state
  • Root port always provides least cost path to root bridge
  • Cost is associated with interfaces
    • Cost default is based on link speed

Determining Designated Port

  • Path used to forward frames onto segment
  • Only designated ports forward hellos onto LAN segment

STP never stops running even in stable environments

  • 3 steps will always run even if same result

TCN BPDU Occur when:

  • TCN is received by designated port
  • Port moves from forwarding state and switch has at least one designated port
  • Port moves from learning or forwarding to blocking
  • A switch becomes root bridge

TCN Triggers to start originating BPDU and re-evaluate the environment

Content Addressable Memory (CAM)

  • MAC table, switching table, bridge table
  • TCN instructs switch to age CAM entries
    • Does not impair connectivity
  • CAM Updates
    • All switches need to be notified to time out apparently unused CAM entries
    • Each switch needs to use shorter timer, equivalent to forward delay timer (15 seconds) to timeout CAM entries

TCN can start as localized event

  • Port transitioning to forwarding or learning or blocking
  • Propagated to all switches in the topology
    • Sent out root port
  • Notified to root

Transitioning from Blocking to Forwarding

  • First port moves to listenting then learning
  • Each state lasts the time defined by Forward Delay Time (15 seconds)
  • PVST+, MSTP, and Rapid-PVST+ Interoperability

PVST+ – Per-VLAN Spanning-Tree +


  • Switched networks with multiple vlans and redundant links may go into a state where links are unused
  • PVST+ allows having vlans ‘load balance’ to use the redundant links
  • STP instance for each vlan. Can have different root per vlan


CST – Common Spanning Tree – Used by non-Cisco switches

  • Cisco switches communicate over vlan 1, treats CST region as loop-free shared
  • Sends specicial BPDU to destination mac – 0100.0ccc.cccd
  • Ordinary STP BPDU sent to mac – 0180.c200.0000



  • TLV with VLAN number -> Port vlan ID TLV / PVID TLV
    • Tunneled across CST region
    • CST switches flood the BPDU unprocessed
  • IEEE BPDU vlan 1 always untagged
  • SSTP BPDU tagged based on trunks native vlan
    • Each BPDU carries PVID TLV


Processing BPDU

  • Access port must receive IEEE or will be type inconsistent
  • IEEE formatted processed immediately by vlan 1 instance
  • PVST+ BPDU Processing Steps
    • Assign BPDU to appropriate vlan looking at 802.1q tag
      • If untagged sent to native vlan
    • Check PVID TLV
      • If vlan stored in TLV does not match, drop and declare PVID inconsistent
      • This is the native vlan mismatch check
    • PVID TLV Match
      • Process by STP except vlan 1 which was done in IEEE



  • Primary
    • Sets root prioroty to 24576, if not lowest will set switch priority 4096 lower than current root
    • Not a dynamic option, runs at time of configuration
  • Secondary
    • Always sets priority to 28672
      • Not a dynamic option, runs at time of configuration
  • Diameter
    • Macro – not set in config
    • Causes to use lower hello, fwd delay and max age

RPVST+ – Rapid PVST+

Rapid Spanning Tree – 802.1W

  • Improves STP convergence – enhancement to 802.1d
  • New port states (reduced from 5 to 3)
    • Discarding (stable), learning (transitioning), forwarding (stable)
    • Cleaned up because port is either stable or transitioning to stable
    • Discarding
      • Does not forward data frames receive data frames or learn source mac addresses
      • Continues to process BPDUs and send and send/rec inter-switch protocols
  • RTSP decouples port state from role
    • Root + designated serve same functions
    • Alternate
      • Prospective replacement for switches root port
    • Backup
      • Prospective replacement for switches designated port into shared segment
  • Port Types
    • Edge
      • Immediately become designated
      • Should not receive BPDU (portfast)
    • Non-edge
      • Default type on Cisco Switch
      • Operates as RSTP port
  • Link Types
    • Point to point
      • Connects an RSTP switch to at most 1 neighboring RSTP switch
    • Shared
      • Connects an RSTP switch to 2 or more neighboring switches
  • BPDU Format
    • Single BPDU used for building topology and topology changes
    • No TCN’s in RSTP
      • Protocol version is set 2
    • Flags updated – RSTP uses all 8 bits
    • Each switch originated its own BPDU
      • Similar to hellos in routing
      • Allows failures to be detected faster, BPDU ages faster
  • Topology Change Handling
    • Only transition non-edge port from non-forwarding state to forwarding
    • Port that is newly forwarding has better set of MAC addresses than previously available and CAM needs to be updated
    • Loss of MAC address is not TCN
    • Switch that detects topology change
      • Set tcWhile time to value of Hello + 1 second on all non-edge desginated and root ports. Except out receiving poty
      • Immediately flush all MAC addresses learned out these ports
      • Send BPDU with TC flag set on these ports every Hello second until tcWhile expires
    • Rapid flooding, allows for faster aging
    • Edge ports never cause topology change event


Spanning-tree mode rapid-pvst+

Spanning-tree portfast default (global) or spanning-tree portfast (interface)

Backwards compatible with PVST+

MST – Multiple Spanning-Tree

802.1s – Multiple Spanning-Tree

  • Similar to PVST+ for tuning parameters on a per-instance basis
  • Does not run STP per vlan by grouping vlans together (instances)
  • Uses RSTP convergence
  • Some switch platforms have a limit of 128 STP instances
  • Open standard



  • Organizes network into one or more regions
  • Region
    • Group of switches that together use MST in a consistent way
    • Run the same number of instances and have the same vlans mapped into those instances
    • Multiple regions together appear as single switches between the regions
      • MST blocks redundant links between regions using Common Spanning Tree (CST)
      • CST is interaction of individual IST’s on region boundaries
      • CST has no per-VLAN semantics
        • Determines loop-free paths between regions
        • Only STP understood by non-MST switches (RSTP and STP)
  • Instance
    • Grouping of vlans
    • Can be used to manipulate load balancing at L2
    • Default is instance 0 for unmapped vlans
    • Allows for 65 instances on a switch
      • 0 – 64
      • 1-64 are user configurable
      • 0 has special meaning – Internal Spanning Tree (IST)
        • Always exists
        • All undefined vlans (not mapped to an instance) exist here
        • Only instance that can interact with STP outside of MST region
          • Appears as a single switch
  • Only 1 STP message sent per MST instance
    • Instead of 1 message be STP instance (vlan)
    • Greatly reduce number of STP messages in network
  • MST uses concept of system ID extension from IEEE 802.1t to embed the instance number into the bridge ID


Common Spanning Tree

  • Interconnecting different MST regions and non-MST
  • Common Instance Spanning-Tree (CIST)
  • Single spanning tree that spans entire switch topology
    • Can have multiple root switches
    • CIST Root – One for entire CIST
    • CIST Regional Root – one per IST inside of each region



  • Need vlan to instance mapping
  • Decide if multiple regions will be used and where the boundaries will be placed
  • Show spanning-tree mst configuration digest
  • Components
    • Name, revision, vlan to instance mapping
  • Conf t
    • Spanning-tree mst configuration
    • Name [name]
    • Revision [number]
    • Instance [#] [vlan] –> repeat for each instance to vlan mapping

Switch Priority

Configure most central switch with the lowest bridge priority

Unique bridge ID – Switch priority and MAC Address

When selecting the root port on a switch stack, spanning tree follows this sequence:

  • Selects the lowest root bridge ID
  • Selects the lowest path cost to the root switch
  • Selects the lowest designated bridge ID
  • Selects the lowest designated path cost
  • Selects the lowest port ID

4 bit priority and 12 bit extended system ID

Switch Priority Value and Extended System ID

Port Priority

Lower priority is preferred for choosing root port


Spanning-tree vlan port priority

  • Configurable on per-vlan basis
  • Default setting – 128

Spanning-tree port priority

  • Configurable on per-interface basis
  • Default setting – 128

Configure the port priority for an interface.

For priority, the range is 0 to 240, in increments of 16; the default is 128.Valid values are 0, 16, 32, 48, 64, 80, 96, 112, 128, 144, 160, 176, 192, 208, 224, and 240. All other values are rejected. The lower the number, the higher the priority.

Configure the port priority for a VLAN.

  • For vlan-id, you can specify a single VLAN identified by VLAN ID number, a range of VLANs separated by a hyphen, or a series of VLANs separated by a comma. The range is 1 to 4094.
  • For priority, the range is 0 to 240, in increments of 16; the default is 128. Valid values are 0, 16, 32, 48, 64, 80, 96, 112, 128, 144, 160, 176, 192, 208, 224, and 240. All other values are rejected. The lower the number, the higher the priority

Path Cost

The spanning-tree path cost value is calculated from the speed of an interface. If a loop occurs, spanning tree uses cost when selecting an interface to put in the forwarding state. You can assign lower cost values to interfaces that you want selected first and higher cost values that you want selected last. If all interfaces have the same cost value, spanning tree puts the interface with the lowest interface number in the forwarding state and blocks the other interfaces.

Configure Cost of an interface – spanning-tree cost [cost]

  • Range of 1 – 200000000, lower cost is better

Configure cost of a vlan – spanning-tree vlan [vlan] cost [cost]

STP Timers

  • Hello Timer – controls how often the switch broadcasts hello messages to other switches
  • Forward-delay Timer – controls how long each of the listening and learning states last before the interface begins forwarding
  • Maximum-age Timer – Controls the amount of time the switch stores protocol information received on an interface
  • Transmit hold count – Controls the number of BPDUs that can be sent before pausing for 1 second


  • spanning-tree vlan [vlan] hello-timer [sec]
    • Default is 2 seconds
    • Configure hellotimer of a vlan, configure on root switch
  • spanning-tree vlan [vlan] forward-time [sec]
    • Seconds – range 4 – 30, default is 15
  • spanning-tree vlan [vlan] max-age [sec]
    • Seconds – range 6 – 40, default is 20
  • spanning-tree transmit hold-count [value]
    • value range – 1 – 60, default is 6


Immediately brings an interface into forwarding state from blocking state

  • Bypasses listening and learning
  • Use on connections to clients / servers
  • Portfast interface should not receive BPDU’s

Interface > Spanning-tree portfast

Global > spanning-tree portfast default

BPDU Guard

Enable globally or per interface


  • Spanning-tree portfast bpduguard default
  • Enables bpduguard on portfast enabled ports
  • Shutdown ports in the portfast operational state if the port receives any BPDU
    • Error Disables the port
  • Errdisable detect cause bpduguard shutdown vlan [vlan]
    • Shuts down offending vlan on the port


  • Spanning-tree bpduguard enable
  • Can be used without the portfast command to error disable a port when a bpdu is received
  • Use on a ISP access port to prevent participation in STP

BPDU Filter

Enable globally or per interface


  • Spanning-tree portfast bpdufilter default
  • Prevents interfaces configured with portfast from sending or receiving bpdu’s
  • Use to prevent hosts from receiving BPDU’s
  • If BPDU’s are received on portfast interface, it’ll lose it’s portfast operational status and BPDU filtering is disabled


  • Spanning-tree bpdufilter enable
  • Can be used without the portfast on interface

Enabling BPDU filtering on an interface effectively disables spanning-tree and can result in a L2 loop


Global > spanning-tree loopguard default

  • Prevent alternate or root ports from becoming designated ports because of a failure that leads to a unidirectional link
  • Best practice – enable on entire switches network
  • Spanning tree does not send BPDU’s on root or alternate ports


Spanning-tree uplinkfast

  • Global config

Accelerates the choice of a new root port when a interface or switch fails

Port transitions to forwarding state immediately

  • Skips listening and learning states

Use at access / edge switches

Provides fast convergence after a direct link failure


Spanning-tree backbonefast

  • Global command
  • Detects indirect failures in the core of the backbone
  • Complementary to uplinkfast
  • Optimizes the max-age timer
  • When the switch receive an inferior BPDU from a designated port of another switch, that is a trigger that the other switch may have lost its path to root. Backbonefast will try an alternative path


Interface > spanning-tree guard root

  • Prevent designated ports from becoming root ports
  • Protect placement of root switch
  • Places port into root-inconsistent (blocked) state

CCIE RS – Written – L2 – Implement and Troubleshoot Etherchannel

Implement and Troubleshoot Etherchannel

Etherchannel / Portchannel

Ability to aggregate multiple interfaces into a single logical interface to increase the amount of bandwidth and redundancy when connecting to a node.

Support up to max of 64 etherchannels per switch (4500)

Etherchannel Modes

On – Mode that forces the LAN port to channel unconditionally. In the on mode, a usable EtherChannel exists only when a LAN port group in the on mode is connected to another LAN port group in the on mode. Because ports configured in the on mode do not negotiate, there is no negotiation traffic between the ports. 

Auto – PAgP mode that places a LAN port into a passive negotiating state in which the port responds to PAgP packets it receives but does not initiate PAgP negotiation. 

Desirable – PAgP mode that places a LAN port into an active negotiating state in which the port initiates negotiations with other LAN ports by sending PAgP packets. 

Passive – LACP mode that places a port into a passive negotiating state in which the port responds to LACP packets it receives but does not initiate LACP negotiation. 

Active – LACP mode that places a port into an active negotiating state in which the port initiates negotiations with other ports by sending LACP packets.



Modes – Active / Passive

  • Open standard
  • Bundle together multiple ports to increase overall bandwidth utilization
    • Acts as a single link
  • Links must have same speed, duplex and type (access / trunk) setting
  • Supports 16 ports in LACP, only 8 can be active
  • Configured in Active / Passive mode
  • LACP parameters
    • System Priority – Forms the system ID and is used during negotiation.
      • Default is 32768
      • Lower value is preferred
    • Port Priority – Used to decide which ports should be put in standby mode when there is a limitation or something preventing a port from aggregating.
    • Administrative Key – Defines the ability of a port to aggregate with other ports.


Cisco proprietary

Modes – Auto / Desirable

  • Bundle together multiple ports to increase overall bandwidth utilization
    • Acts as a single link
  • Supports 8 ports in single group, all active
  • Configured in Auto / desirable modes
  • Negotiates with PDU’s, sent and received on lowest numbered VLAN of trunk link
  • Links must have same speed, duplex and type (access / trunk) setting

Manual Etherchannel

Mode – on

For devices that do not support LACP or PAgP

Layer 2

Operates as either a layer 2 access or trunk interface

Layer 3

Assigned an IP address. Can participate in a routing protocol

Load Balancing

To balance the load, EtherChannel uses MAC addresses, IP addresses, or Layer 4 port numbers, and either the message source or message destination, or both

  • src-mac—Source MAC addresses 
  • dst-mac—Destination MAC addresses 
  • src-dst-mac—Source and destination MAC addresses 
  • src-ip—Source IP addresses 
  • dst-ip—Destination IP addresses 
  • src-dst-ip—Source and destination IP addresses (Default) 
  • src-port—Source Layer 4 port 
  • dst-port—Destination Layer 4 port 
  • src-dst-port—Source and destination Layer 4 port
Switch# show etherchannel load-balance
EtherChannel Load-Balancing Configuration:
EtherChannel Load-Balancing Addresses Used Per-Protocol:
Non-IP: Source XOR Destination MAC address
IPv4: Source XOR Destination IP address
IPv6: Source XOR Destination IP address

Etherchannel Misconfiguration Guard

Protect against misconfiguration on the switch. Recover by shutting and no shutting the interface(s)

spanning-tree etherchannel guard misconfig

CCIE RS – Written – L2 – Implement and Troubleshoot VLANs

CCIE RS – Written – L2 – Implement and Troubleshoot VLANs

VLAN – Virtual LAN

  • Administratively defined subset of switch ports that are in the same broadcast domain
  • Broadcast domain – devices that can receive broadcast sent by another device
  • Best Practice – 1 to 1 relationship between IP subnet and VLAN


  • Vlan [id]
  • Under interface > switchport access vlan [id]
  • Modify VLAN operational state (L2 only)
    • Can be suspended globaly for entire VTP or to local switch
    • Vlan [id] > state suspend (global) | shutdown (local)

Access Ports

Belongs and carries traffic for only 1 VLAN 


interface > switchport access vlan [#]

VLAN Database

  • Vlan 0 – Reserved, not available for use
  • Vlan 1 – Default vlan for all access ports
    • Cannot be deleted or pruned
  • Vlan 4095 – Reserved, not available for use

Switch#sh vlan

VLAN Name                             Status    Ports
—- ——————————– ——— ——————————-
1    default                          active    Gi0/0, Gi0/1, Gi0/2
1002 fddi-default                     act/unsup
1003 token-ring-default               act/unsup
1004 fddinet-default                  act/unsup
1005 trnet-default                    act/unsup 

VLAN Type  SAID       MTU   Parent RingNo BridgeNo Stp  BrdgMode Trans1 Trans2
—- —– ———- —– —— —— ——– —- ——– —— ——
1    enet  100001     1500  –      –      –        –    –        0      0   
1002 fddi  101002     1500  –      –      –        –    –        0      0   
1003 tr    101003     1500  –      –      –        –    –        0      0   
1004 fdnet 101004     1500  –      –      –        ieee –        0      0   
1005 trnet 101005     1500  –      –      –        ibm  –        0      0   

Primary Secondary Type              Ports
——- ——— —————– ——————————————


Normal VLAN

1 – 1001

  • Can be advertised with VTPv1 and 2
  • Configured in vlan database, global config
  • Details stored in vlan.dat
  • Can be pruned

1002 – 1005 Special uses

  • Cannot be pruned
  • 1002 fddi-default
  • 1003 token-ring-default
  • 1004 fddinet-default
  • 1005 trnet-default

Extended VLAN

1006 – 4094

VTPv1 and 2 must be in transparent mode

Voice VLAN

Enables access ports to carry traffic from an IP Phone

  • Portfast is automatically enabled when voice vlan is configured
    • Not disabled if voice vlan is removed

Configure how the Cisco IP Phone carries voice traffic:

  • vlan-id —Configure the phone to forward all voice traffic through the specified VLAN. By default, the Cisco IP Phone forwards the voice traffic with an IEEE 802.1Q priority of 5. Valid VLAN IDs are 1 to 4094.
  • dot1p —Configure the phone to use IEEE802.1p priority tagging for voice traffic and to use the default native VLAN (VLAN 0) to carry all traffic. By default, the Cisco IP Phone forwards the voice traffic with an IEEE 802.1p priority of 5.
  • none —Allow the phone to use its own configuration to send untagged voice traffic.
  • untagged —Configure the phone to send untagged voice traffic.

CCIE RS – Written – L2 – Implement and Troubleshoot Trunking

Implement and Troubleshoot Trunking


  • Allows devices to send traffic for multiple vlans across a single link
  • Trunking protocols must match on both ends


  • Cisco Proprietary
  • Supports normal and extended vlans
  • Encapsulates original frame
    • 26 byte header + trailer for FCS
  • No concept of native vlan


  • Open Standard (IEEE)
  • Supports normal and extended vlans
  • Inserts tag into original frame
    • 4 byte header
    • Frame tagging
  • Concept of native vlan
    • Traffic in native vlan is untagged
    • All received untagged frames are sent over native vlan
    • Must match on both ends of trunk
    • Detection for mismatch
      • Cisco Switches – Proprietary extension in PVST+ and Rapid PVST+
      • CDP Neighbor can detect and report (syslog)
    • Default native vlan is 1
      • Best practice is to change to prevent vlan hopping attacks

DTP – Dynamic Trunking Protocol

  • Dynamically learn if device on other end wants to perform trunking and negotiate what protocol to use
  • Modes
    • Dynamic Auto – negotiate automatically
      • Prefers to be access port
    • Dynamic Desirable
      • Prefers to be a trunk port
      • Highest priority
      • Will choose ISL is both sides support
    • Different switch models have different default behaviors
    • DTP and VTP are independent
      • DTP carries the VTP domain name
  • Reduce number of vlans on trunk
    • Vlans must be configured on switch before being considered active
    • Administratively configure or use VTP pruning
      • Switchport trunk allowed [add | remove ]
  • Config
    • Switchport mode [trunk | dynanmic desirable / auto | access
    • Switchport nonegotiate
      • Port no longer sends DTP messages
    • Switchport trunk encapsulation [isl | dot1q]

Q in Q Tunneling

  • VLANs traditionally do not extend past WAN boundary
  • Standard 802.1ad – Provider Bridges
  • Allow SP to preserve 802.1q vlan tag across WAN service
  • CDP and VTP can be configured to pass transparently over Q-in-Q
  • New tagging concept
    • C-Tag – Original customer tagged frame
    • S-Tag – Additional tag added to C-Tag frame at ingress of SP
      • Tag is removed at egress of SP, preserving original C-Tag
      • Different customers get different S-Tags
  • Configuration
    • Change MTU to 1504 for extra header size

Manual VLAN Pruning

Manually specify which vlans are allowed across a trunk link

VTP – VLAN Trunking Protocol

  • Advertises vlan config information to neighboring switches
  • Allows vlan config to be done from 1 switch in the domain (dynamic)
  • Advertises VLAN ID, name and type
  • Does not forward which ports are in the vlan
  • Sends updates out all active trunk links by default
    • Without domain name switches do not send any VTP updates
  • VTP starts working when there is an active trunk link and domain name
  • Configuration
    • Vtp domain [name]
    • Show vtp status
    • Options
      • Domain – sets domain name
        • Switch can only belogn to one domain
      • Password – sets password to prevent unauthorized switches from joining domain
      • Mode [server | client | transparent]
      • Version [1 | 2 | 3]
        • Can configure on server switch and will sync with other switches
        • V3 must be manually configured and have domain name configured
      • Pruning
        • Prevent flooding per-VLAN to switches that do not have the VLAN configured
        • Only applied to normal VLAN range
      • Interface
        • Sets interface whos IP is used to ID the switch
        • Default is to use IP of lowest numbered SVI


Version 1 is default

  • Supports only normal vlan range

Message Types (v1 and v2)

  • Summary advertise
    • Originated by VTP server and client every 5 minutes and after each modification to vlan database
    • Carries domain name, revision number, ID of updater, timestamp, MD5, password & number of subset advertise
    • Does not carry vlan database contents
  • Subset Advertise
    • Originated by server and client after modification of vlan database
    • Carries full vlan database contents
  • Advertise Request
    • Request neighbors complete vlan database or part of it
    • Request sent when switch enters client mode or client switch is restarted
  • Join
    • Every 6 seconds if VTP pruning is active

Update Process (v1 and v2)

  • Begins when a modification is made on a vlan
  • VTP server will increment revision number by 1 and advertise entire vlan database with new revision number
  • Revision number allow switches to know when vlan database changes have occurred
    • Switches replace their vlan database when a larger revision shows up

VTP Modes

  • Server –
    • Default with no domain name
    • Updates to not occur until a domain name is configured
  • Client
    • Will assume first received domain name
    • Default domain is NULL
  • Transparent / Off
    • Prevents switches from listening to other switches VTP updates
  • Protect VTP domain – VTP password
    • Summary adv – carries MD5 hash computed over the vlan database contents and VTP password if configured


Enhanced version of v1

  • Supports token ring concentrator relay function and bridge relay function
    • Not used in ethernet based networks
  • Supports unknown TLV (Type Length Value)
    • V1 would drop unrecognized TLV’s which would stop propagation to other switches
  • Optimized vlan database consistency checking
    • Implementation optimization
    • Skips consistency check if change was received by a VTP message


Introduced to IOS release 12.2(52)SE

  • New server roles – Addresses problem of inadvertent rewrites to the vlan database
    • Primary – Only 1 at a time
      • Can modify VTP domain contents
      • Only switch who’s vlan database is propagated through domain
      • Database will be shared if switch agrees on domain name and ID of primary server (MAC address)
    • Secondary –
      • Cannot make changes,
      • but can be promoted
      • All other server switches in domain are secondary
    • Primary role is a runtime state. Does not get saved into configuration
    • Server role helps prevent unwanted changes to VTP domain
  • Password storage and usage improved
    • Encrypted and cannot be displayed in plaintext
    • Promotion of secondary required entering password in plaintext
    • String is carried encrypted to different switches
  • Capable of distributing full range of vlans and private vlans
    • No longer need to be in transparent mode when using extended vlan range and private vlans
    • Pruning only applied to normal vlan range
  • Supports VTP off
    • Switch does not participate in VTP and drops all VTP messages
  • Distributes content of MST region config
  • Client switches cannot make changes to domain or be promoted
  • Both Secondary and Client store copy of primaries vlan database and share with neighboring server and client if they agree on the primaries ID
  • Secondary or client servers with higher revision number can overwrite vlan database, but must match on domain name, primary ID and password
  • Conflicts
    • Server or client in domain having different primary server IDs
    • Conflciting switches do not sync the vlan database even if all other parameters match
  • Promotion to primary sever done in exec mode
    • Vtp primary
  • Cannot reset revision number to 0 by switching mode to transparent
    • Only will be reset by modifying the domain name or configuring password
  • Switches that cannot run v3, the port will revert to v2
    • V3 to v1 is not supported

VTP Pruning

Reduces unnecessary flooded traffic such as broadcasts, multicast and unicast packet

  • Disabled by default
  • Enabling on server enables for entire domain
  • Vlans 2 – 1000 are eligible for pruning
  • Cmd: vtp pruning

CCIE RS – Written – Network Principles – Use IOS Troubleshooting Tools

Use IOS Troubleshooting Tools

Multiple troubleshooting tools are built into IOS.

  • show – monitor normal behavior and isolate problems
    • version – system hardware, software version, uptime, boot image
    • running-config – current configuration
    • startup-config – config stored in NVRAM
    • interface – interface statistics, bandwidth, errors
  • debug – assist in isolating a protocol and configuration problem
  • ping – determine connectivity
  • trace – show the path packets are taking

debug, conditional debug

Debugs must be turned on using the debug command. To show running debugs – show debug

Debugs are sent to console by default (no logging console – to turn off). User terminal monitor if you are remotely connected into the device. 

Turn off debug – R1#undebug all

Conditional debug – add parameters around what debugs you want displayed to the console.

Stacking multiple debug conditions will generate output if at least 1 condition is met.

R1#debug condition ?
called called number
cplCisco Provisioning Language debugging
glbp interface group
ip IP address
mac-addressMAC address
match-list apply the match-list
profileMedia Services Profile
standbyinterface group
username username
vcid VC ID
vrfVirtual Routing and Forwarding
xconnect Xconnect conditional debugging on segment pair

R1#debug condition ip 
Condition 1 set
R1#debug condition interface gi0/0
Condition 2 set
R1#sho debug

Condition 1: ip (0 flags triggered)
Condition 2: interface Gi0/0 (1 flags triggered)
Flags: Gi0/0


Above condition will generate debugs messages for anything containing the ip or interface gi0/0

ping, traceroute with extended options

Ping – common method for troubleshooting accessibility to a device

  • Uses ICMP echo
    • Tells if host is active / inactive
    • RTD to host
    • Packet Loss

Issues if cannot ping

  • Routing issue
  • Interface down
  • ACL
  • ARP issue
  • Delay
  • Source Address
  • High Input Queue drops

Traceroute – Discover the routers a packet takes to a destination

  • Sequence of UDP datagrams on an invalid port
  • 3 datagrams sent with TTL of 1
  • TTL of 1 causes datagram to timeout and first hop responds with ICMP “Time Exceeded Message (TEM)
  • Process continues increasing TTL by 1 each step until packets reach the destination
  • Destination responds with ICMP Port Unreachable message, indicates traceroute is finished
Traceroute Text Characters

Traceroute Text Characters

Embedded packet capture

  • Onboard packet capture facility
  • Consumes CPU and memory resources during its operation
  • Export captures via TFTP, FTP and local disk
  • Define a buffer size and type (circular or linear) and max number of bytes of each packet capture
  • Capture can be throttled using admin controls
    • Filter packets with ACL
    • Specify max packet capture rate or specify sampling interval
  • Benefits
    • Ability to capture IPv4 and IPv6 in CEF path
    • Flexible method to specify capture buffer parameters
    • Filter captured packets
    • Method to decode data packets
    • Facilty to export capture (PCAP)
    • Extensible infrastructure for enabling capture points

Performance monitor

Enables to be able to monitor the flow of traffic in the network. Similar to netflow.

Pre-req for configuration

  • IPv4
    • routing and CEF must be configured / enabled
  • IPv6
    • ipv6 cef must be enabled

Can monitor a long list of traffic –

Configuration Components

  1. Interface – attach performance monitor to interface – service-policy type performance-monitor
  2. Policy – Associate with flow monitor – policy-map type performance-monitor
  3. Class – filtering criteria – class-map
  4. Flow Monitor – Associated with flow record and optional flow monitor – flow monitor performance-monitor
  5. Flow Record – Specify match and collect – flow record type performance-monitor
  6. Flow Exporter – Specify the destination for exporting traffic

show performance monitor status


Router#show policy-map type performance-monitor 
Policy Map type performance-monitor PM_FLOW_MONITOR
flow monitor FLOW_MONITOR
react status: inactive
Router#sh run | s flow
flow record type performance-monitor FLOW_RECORD
 match ipv4 destination address
 match transport destination-port
 collect application media event
 collect counter bytes long
 collect ipv4 dscp
 collect monitor event
 collect routing forwarding-status
 collect timestamp interval
 collect transport packets expected counter
 collect flow direction
flow exporter FLOW_EXPORT
 description *** Export Flows ***
 source GigabitEthernet0/0
 dscp 46
 transport udp 650
flow monitor type performance-monitor FLOW_MONITOR
 description *** FLOW MONITOR ***
 exporter FLOW_EXPORT
flow monitor FLOW_MONITOR
Router#sh run | s class
class-map match-all CM_FLOW_MONITOR
 match any 
flow monitor FLOW_MONITOR
Router#sh run | s policy
policy-map type performance-monitor PM_FLOW_MONITOR
flow monitor FLOW_MONITOR

Apply troubleshooting methodologies

Diagnose the root cause of networking issue (analyze symptoms, identify and describe root cause)

Design and implement valid solutions according to constraints

Verify and monitor resolution

Interpret packet capture

Using Wireshark trace analyzer

Personal writing from experience – you need to understand traffic flows. Knowing protocol basics and using different filters in wireshark to remove the noise in the capture. Would love feedback for this section on your experience with wireshark.

Using IOS embedded packet capture

Router#monitor capture buffer CAPTURE size 256 max-size 100 circular 
Router#monitor capture point ip cef CAPTURE_POINT gi0/0 ?
bothcapture ingress and egress
incapture on ingress
out capture on egress
removeremove capture point
Router#monitor capture point ip cef CAPTURE_POINT gi0/0 both
Router#monitor capture point associate CAPTURE_POINT CAPTURE
*Aug 18 04:12:11.060: %BUFCAP-6-CREATE: Capture Point CAPTURE_POINT created.
Router#monitor capture point associate CAPTURE_POINT CAPTURE
Router#monitor capture point start CAPTURE_POINT
*Aug 18 04:12:29.789: %BUFCAP-6-ENABLE: Capture Point CAPTURE_POINT enabled.
Router#show monitor capture buffer CAPTURE dump

Router#monitor capture point stop all 
*Aug 18 04:15:23.960: %BUFCAP-6-DISABLE: Capture Point CAPTURE_POINT disabled.

Packet capture can be exported to TFTP server to look at the capture in wireshark

Router#monitor capture buffer CAPTURE export ?
  flash0:  Location to dump buffer
  flash1:  Location to dump buffer
  flash2:  Location to dump buffer
  flash3:  Location to dump buffer
  flash:   Location to dump buffer
  ftp:     Location to dump buffer
  http:    Location to dump buffer
  https:   Location to dump buffer
  pram:    Location to dump buffer
  rcp:     Location to dump buffer
  scp:     Location to dump buffer
  snmp:    Location to dump buffer
  tftp:    Location to dump buffer

Router#monitor capture buffer CAPTURE export 

CCIE RS – Written – L2 – Implement and Troubleshoot Layer 2 Protocols

Implement and Troubleshoot Layer 2 Protocols

CDP – Cisco Discovery Protocol

  • Propriety, runs on all Cisco equipment
  • Used to obtain protocol address of neighboring devices and discover the platform of those devices
  • Media and protocol-independent
  • Sends periodic messages – advertisements, every 60 seconds
  • Multicast Address: 01-00-0C-CC-CC-CC
  • CDPv2 is latest version

TLV – Type Length Value: Embedded in CDP advertisements

  • Device-ID TLV: Identifies the device name in the form of a character string.
  • Address TLV: Contains a list of network addresses of both receiving and sending devices.
  • Port-ID TLV: Identifies the port on which the CDP packet is sent.
  • Capabilities TLV: Describes the functional capability for the device in the form of a device type, for example, a switch.
  • Version TLV: Contains information about the software release version on which the device is running.
  • Platform TLV: Describes the hardware platform name of the device, for example, Cisco 4500.
  • IP Network Prefix TLV: Contains a list of network prefixes to which the sending device can forward IP packets. This information is in the form of the interface protocol and port number, for example, Eth 1/0.
  • VTP Management Domain TLV: Advertises the system’s configured VTP management domain name-string. Used by network operators to verify VTP domain configuration in adjacent network nodes.
  • Native VLAN TLV: Indicates, per interface, the assumed VLAN for untagged packets on the interface. CDP learns the native VLAN for an interface. This feature is implemented only for interfaces that support the IEEE 802.1Q protocol.
  • Full/Half Duplex TLV: Indicates status (duplex configuration) of CDP broadcast interface. Used by network operators to diagnose connectivity problems between adjacent network elements.

LLDP – Link Layer Discovery Protocol

  • Open Standard – IEEE 802.1AB
  • Switch supports basic management TLV’s
    • Port description TLV
    • System name TLV
    • System description TLV
    • System capabilities TLV
    •  Management address TLV
    • These organizationally specific LLDP TLVs are also advertised to support LLDP-MED.
      • Port VLAN ID TLV ((IEEE 802.1 organizationally specific TLVs)
      • MAC/PHY configuration/status TLV(IEEE 802.3 organizationally specific TLVs)

Link Layer Discovery Protocol – Media Endpoint Discovery (LLDP-MED)

  • Extension of LLDP that operates between endpoint devices (IP Phones)
  • TLVs
    • Capabilities
    • Network Policy
    • Power Management
    • Inventory
    • Location

UDLD – UniDirectional Link Detection

  • Cisco Proprietary
  • Allows devices connected through fiber or copper to monitor the physical configuration of the cables and detect when a unidirectional link exists
  • Layer 2 protocol that works with layer 1 protocol to determine physical status of a link
  • RFC 5171

Aggressive Mode

  • Disabled by default
  • Configure only on p2p links
  • Bidirectional lnik send UDLD messages, if stops receiving, UDLD tries to reestablish connection. After 8 retriesthe port is disabled
    • Error Disables

Normal Mode

  • Default
  • Does not disable the port when unidirectional link is detected

Configuration Defaults

  • UDLD global enable state — Globally disabled
  • UDLD aggressive mode — Disabled
  • UDLD per-port enable state for fiber-optic media — Enabled on all Ethernet fiber-optic LAN ports
  • UDLD per-port enable state for twisted-pair (copper) media — Disabled on all Ethernet 10/100 and 1000BASE-TX LAN ports

CCIE RS – Written – Network Principles – Evaluate Proposed Changes to a network

Evaluate Proposed Changes to a network

Before making changes to the network you’ll want to know what the current state is. Capture appropriate show output depending on the type of change being made. Ensure network diagrams are up to date (physical and logical). Backup configurations. 

If possible test the changes in a lab environment that directly mimics the production network. Write out a plan for the flow of changes and validations after the change is made to ensure the expected result occurred.

Changes to routing protocol parameters

Each routing protocol has a set of parameters can be changed depending on a technical or business requirement. The parameters for each routing protocol will be gone into in depth in future blog posts.

Before making the changes, check the routing table (show route), and check specifics about the routing protocol your about to change.

Migrate parts of a network to IPv6

IPv4 and IPv6 can exist in the network at the same time (as long as the device supports IPv6). IPv6 has it’s own routing table and if a device has both IPv4 and IPv6 addressing, the IPv6 address will be preferred.

  • Dual Stack
    • Requires infrastructure to support IPv4 and IPv6
    • Applications choose between IPv4 and IPv6 based on response to DNS requests
  • Tunneling
    • Encapsulates IPv6 traffic within an IPv4 packet
    • Used between IPv6 sites over an IPv4 backbone
    • Tunneling Techniques
      • ISATAP
      • Teredo
      • 6PE
      • 6VPE
      • mGRE v6 over v4
    • Manual or automatically configured
  • Translation
    • NAT between v4 to v6, v6 to v4

Details about configurations will be in future blog posts 

Routing protocol migration

Moving between routing protocols can be done in a couple ways

  1. Modify administrative distance
  2. Redistribution 

Multiple routing protocols can be running at the same time, but only 1 route to the destination will be put into the routing table (disregarding multiple paths). Administrative distance is one of the criteria that says which routing protocol is more trustworthy than another.

Redistribution will be explained in future blog posts

Adding multicast support

To add IPv4 multicast support to a router you’ll need to configure multicast routing and enable PIM on interfaces that will be participating in the multicast routing path. 


Configuration of multicast will be covered in future blog posts

Migrate spanning tree protocol

Specifics of the different STP types will be explained in future blog posts.

PVST+ to Rapid-PVST+

  • Rapid uses the same BPDU format as PVST+
  • BackboneFast and UplinkFast get disabled when Rapid-PVST+ is configured
  • Start at the access switches and work your way up to the core
  • Clean up configuration
  • Do these changes during a maintenance window because a disruption will occur
  • Verify changes and make sure STP is behaving the way you intended

Rapid-PVST+ to MST

  • Identify p2p and edge ports (portfast)
  • Map vlans to instances
  • Place as many switches as possible into a single region
  • Start at core and work your way to the access

Evaluate impact of new traffic on existing QoS design

Before adding more traffic to an existing QOS queue you’ll want to know the behavior of the traffic and how it needs to be treated. Is the traffic UDP or TCP based? Is the existing queue policed or shaped? Is bandwidth over utilized?