CCIE RS – Written – L2 Multicast – Explain PIM Snooping

PIM Snooping

Switch restricts multicast packets for each IP multicast group to only those multicast router ports that have downstream receivers joined to that group

  • Learn within specific VLAN listening to PIM hello messages, PIM join and prune and Bidrectional PIM designated forwarder election
  • Must enable IGMP snooping on switch to use PIM snooping
  • IGMP snooping restricts multicast traffic that exits through the LAN port to which hosts are connected
  • IGMP snooping does not restrict traffic that exists through the LAN ports to which one or more multicast routers are connected


Disabled by default

  • Must use PIM-SM
  • Dense mode is seen as unknown traffic and is dropped
  • Auto-RP groups ( and is always flooded
  • Can enable and disable on per-VLAN basis



  • Ip pim snooping – Global or under vlan interface
  • Show ip pim snooping


Router(config)# ip pim snooping 
Router# show ip pim snooping
Global runtime mode: Enabled
Global admin mode  : Enabled
Number of user enabled VLANs: 1
User enabled VLANs: 10

CCIE RS – Written – L2 Multicast – Explain MLD

Multicast Listener Discovery Protocol


  • ICMP is used to carry messages
  • Messages are link local with hop limit of 1
  • Used by IPv6 to discover multicast listeners on directly attached links
  • PIM-SM is used between deices to track multicast packets to forward to each other
  • PIM-SSM – Ability to report interest in receiving packets from SSM to an IP multicast address
  • Message Types
    • Query – General, group specific and multicast address specific
      • Multicast address field is set to 0 when MLD sends a general query
    • Report – Multicast address field is that of the specific IPv6 multicast address to which the sender is listening
      • Must be sent with a valid IPv6 link local source address or the unspecified (::)
      • Unspecified address (::) is the allow support of Neighbor Discovery Protocol
    • Done – Multicast address field is that of the specific IPv6 multicast address to which the source of the MLD message is no longer listening
  • MLDv1
    • Based on IGMPv2
  • MLDv2
    • Based on IGMPv3
    • Backwards compatible with MLDv1

IPv6 Multicast

  • Ipv6 mutlicast-routing


  • ipv6 mld join-group [group-address] [[include | exclude] {source-address | source-list [acl]} 
  • ipv6 mld access-group access-list-name 
  • ipv6 mld static-group [group-address] [[include| exclude] {source-address | source-list [acl]} 
  • ipv6 mld query-max-response-time seconds 
  • ipv6 mld query-timeout seconds 
  • ipv6 mld query-interval seconds

CCIE RS – Written – L2 Multicast – Implement and Troubleshoot IGMP

Implement and Troubleshoot IGMP

Specifies how a host can register with a router in order to receive specific multicast traffic

  •  To inform a local multicast router that a host wants to receive multicast traffic for a specific group
  •  To inform local multicast routers that a host wants to leave a multicast group (in other words, the host is no longer interested in receiving the multicast group traffic)




RFC 1112

  • Membership reports are issued by hosts that want to receive a specific group (GDA)
  • Membership queries are issued by routers at regular intervals to check whether there is a host interested in the GDA
  • Host membership reports are issued either unsolicited or in response to a membership query
  • Membership queries are sent by routers to all multicast address
      • All multicast capable hosts
    • Host for each group must respond to the query or the router will stop forwarding all traffic for that GDA after 3 attempts
  • IGMPv1 has no leave mechanism

Default Query Interval – 60 Seconds




RFC 2236

  • Host should send a leave message to destination
    • All multicast capable routers




RFC 3376

  • Backwards compatible with v1 and v2
    • V1 membership report
    • V2 membership report and leave group
  • Source Specific Multicast (SSM)



IGMP Snooping

  • Allows switch to listen to IGMP conversations between host and router
  • When switch hears an report for host to multicast group it adds a host port number to the GDA list
  • When it hears a IGMP leave it removed the hosts port from the CAM table entry
  • Learning Router Port
    • IGMP Membership query send to 01-00-5e-00-00-01
    • PIMv1 hello send to 01-00-5e-00-00-02
    • PIMv2 hello send to 01-00-5e-00-00-0d
    • DVMRP probes send to 01-00-5e-00-04
    • MOSPF message send to 01-00-5e-00-05 or 06

Enabled on per-VLAN basis



IGMP Querier

Sends periodic IGMP queries that trigger IGMP report messages from hosts that want to receive IP multicast traffic



IGMP Proxy

Enables hosts in undirectional link routing (UDLP) environment tha are not directly connected to a downstream router to join a multicast group sources from an upstream network

Untitled picture

CCIE RS – Written – L2 – Describe Spanning-Tree Concepts

CCIE RS – Written – L2 – Describe Spanning-Tree Concepts

Compatibility between MST and RSTP

Talked about in the earlier blog post on STP

Common Spanning Tree

  • Interconnecting different MST regions and non-MST
  • Common Instance Spanning-Tree (CIST)
  • Single spanning tree that spans entire switch topology
    • Can have multiple root switches
    • CIST Root – One for entire CIST
    • CIST Regional Root – one per IST inside of each region

STP Dispute

Checks consistency of port role and state in the received BPDU to detect unidirectional links that could cause L2 loops

  • Moves port to discarding state

STP Bridge Assurance

6500 switch optional feature – Enabled by default

  • Supported only by RPVST+ and MST
  • Both ends must have Bridge Assurance enabled
  • Runs only on P2P STP ports
  • BPDU’s are sent out all operational network ports each hello period
    • Including alternate and backup ports

CCIE RS – Written – L2 – Describe Chassis Virtualization and Aggregation Technologies

Describe Chassis Virtualization and Aggregation Technologies


Multichassis Etherchannel

  • Interchassis redundancy mechanism, dual home
    • Points of Attachment (PoAs)
  • Multichassis LCAP (mLACP) – Enhancements to 802.3ad (LACP)
  • Lacp max-bundle -> must be configured on all POAs
  • DHD – Dual Homed Device

Restrictions for mLACP

  • mLACP does not support Fast Ethernet.
  • mLACP does not support half-duplex links.
  • mLACP does not support multiple neighbors.
  • Converting a port channel to mLACP can cause a service disruption.
  • The maximum number of member links per LAG per PoA is restricted by the maximum number of ports per port channel, as limited by the platform.
  • System priority on a DHD must be a lesser priority than on PoAs.
  • MAC Tunneling Protocol (MTP) supports only one member link in a port channel.
  • A port-channel or its member links may flap while LACP stabilizes.
  • DHD-based control does not function when min-links is not configured.
  • DHD-controlled revertive behavior with min-links is not supported.
  • Brute-force failover always causes min-link failures.
  • Any failure with brute-force failover behaves revertive.


  • 510 user configurable etherchannels
  • 128 on code older than 12.2(33)

VSS Concepts

Virtual Switching Systems

  • Combines pair of 6500 into a single network element
  • Manages redundant links
    • Act as single port channel
  • Reduces number of L3 neighbors and providing loop-free L2 topology

Activeand Standby Chassis

  • Active controls the VSS
  • Runs L2 and L3 control protocols
  • Provides management functions
  • Both perform packet forwarding
  • Standby sends all control traffic to active chassis for processing

Virtual Switch Link (VSL)

  • Separate link that carries control and data traffic between 2 chassis of VSS
  • VSL removes existing config from interfaces

Alternative to STP

This is a very broad heading. This could be relating to multichassis etherchannel or VPC or Stackwise virtual (recent feature in newer switches)

This could also be referencing an old feature – Flex Links

This would allow you to configure a backup port, if the primary connection would go down the secondary port would be enabled and that interface would continue to forward the traffic. Preemption could be configured to allow the primary interface to take over the traffic forwarding if it recovered.


Stackwise is a technology that allows you to connect up to 9 (like) switches to form one large logical switch. The switches connect using backplane ports and are managed by the master switch, determined by election during the switches boot process.

Master Switch Election

  1. User priority – Manually configure the switch that will be the master
  2. Hardware/Software Priority – Default to switch with most features (IP services over IP base). Highest priority wins
  3. Default configuration – configured switches takes priority over non-configured switch
  4. Uptime – Longest uptime
  5. MAC Address – lowest mac address is selected

IOS images must match

CCIE RS – Written – L2 – Implement and Troubleshoot other LAN switch Technologies

Implement and Troubleshoot other LAN switch Technologies


Analyze network traffic passing through a port or vlan and copy the traffic to another port on the switch

  • SPAN copies (mirrors) traffic received and/or sent on the source port/vlan to a destination port
  • Destination port is dedicated for SPAN use
    • Does not receive or forward traffic
  • SPAN sessions remains within one switch
    • All source ports or vlans and destination port


  • Sources can be ports or VLANs, but you cannot mix source ports and source VLANs in the same session.
  • The switch supports up to two local SPAN or RSPAN source sessions.
    • You can run both a local SPAN and an RSPAN source session in the same switch or switch stack. The switch or switch stack supports a total of 64 source and RSPAN destination sessions.
    • You can configure two separate SPAN or RSPAN source sessions with separate or overlapping sets of SPAN source ports and VLANs. Both switched and routed ports can be configured as SPAN sources and destinations.
  • You can have multiple destination ports in a SPAN session, but no more than 64 destination ports per switch stack.
  • SPAN sessions do not interfere with the normal operation of the switch. However, an oversubscribed SPAN destination, for example, a 10-Mb/s port monitoring a 100-Mb/s port, can result in dropped or lost packets.
  • When SPAN or RSPAN is enabled, each packet being monitored is sent twice, once as normal traffic and once as a monitored packet. Therefore monitoring a large number of ports or VLANs could potentially generate large amounts of network traffic.
  • You can configure SPAN sessions on disabled ports; however, a SPAN session does not become active unless you enable the destination port and at least one source port or VLAN for that session.
  • The switch does not support a combination of local SPAN and RSPAN in a single session.
    • An RSPAN source session cannot have a local destination port.
    • An RSPAN destination session cannot have a local source port.
    • An RSPAN destination session and an RSPAN source session that are using the same RSPAN VLAN cannot run on the same switch or switch stack.


  • Default is to send all packets untagged
  • Does not monitor BPDU, L2 protocols (CDP, VTP, DTP, STP, PAgP)
    • Can include by using – encapsulation replicate – on destination port


  • A source port has these characteristics:
    • It can be monitored in multiple SPAN sessions.
    • Each source port can be configured with a direction (ingress, egress, or both) to monitor.
    • It can be any port type (for example, EtherChannel, Gigabit Ethernet, and so forth).
    • For EtherChannel sources, you can monitor traffic for the entire EtherChannel or individually on a physical port as it participates in the port channel.
    • It can be an access port, trunk port, routed port, or voice VLAN port.
    • It cannot be a destination port.
    • Source ports can be in the same or different VLANs.
    • You can monitor multiple source ports in a single session.


  • VSPAN has these characteristics:
    • All active ports in the source VLAN are included as source ports and can be monitored in either or both directions.
    • On a given port, only traffic on the monitored VLAN is sent to the destination port.
    • If a destination port belongs to a source VLAN, it is excluded from the source list and is not monitored.
    • If ports are added to or removed from the source VLANs, the traffic on the source VLAN received by those ports is added to or removed from the sources being monitored.
    • You cannot use filter VLANs in the same session with VLAN sources.
    • You can monitor only Ethernet VLANs.


Port Based

Switch(config)# no monitor session 1
Switch(config)# monitor session 1 source interface gigabitethernet1/0/1
Switch(config)# monitor session 1 destination interface gigabitethernet1/0/2 encapsulation replicate
Switch(config)# end


VLAN Based

Switch(config)# no monitor session 2
Switch(config)# monitor session 2 source vlan 1 - 3 rx
Switch(config)# monitor session 2 destination interface gigabitethernet1/0/2
Switch(config)# monitor session 2 source vlan 10
Switch(config)# end


Analyze network traffic passing through a port or vlan and copy the traffic to another port on a remote switch

  • RSPAN supports source ports and vlans and destintion ports on different switches


  • All traffic in the RSPAN VLAN is always flooded.
  • No MAC address learning occurs on the RSPAN VLAN.
  • RSPAN VLAN traffic only flows on trunk ports.
  • RSPAN VLANs must be configured in VLAN configuration mode by using the remote-spanVLAN configuration mode command.
  • STP can run on RSPAN VLAN trunks but not on SPAN destination ports.
  • An RSPAN VLAN cannot be a private-VLAN primary or secondary VLAN.



Switch(config)# vlan 901
Switch(config-vlan)# remote span
Switch(config-vlan)# end

Switch(config)# no monitor session 1
Switch(config)# monitor session 1 source interface gigabitethernet1/0/1 tx
Switch(config)# monitor session 1 source interface gigabitethernet1/0/2 rx
Switch(config)# monitor session 1 source interface port-channel 2
Switch(config)# monitor session 1 destination remote vlan 901
Switch(config)# end
Switch(config)# monitor session 1 source remote vlan 901
Switch(config)# monitor session 1 destination interface gigabitethernet0/1
Switch(config)# end


Encapsulated Remote SPAN

  • Max number of available ports in each session is 128
  • Provides remote monitoring of multiple router across a network

Source Session Parameters

  • Session ID
  • List of ports or vlans to monitor
  • Destination and origin IP addresses which are used as the destination and source IP address of the GRE envelope for the capture traffic
  • ERSPAN flow ID
  • Optional attributes
    • TOS, TTL

Destination Session Parameters

  • Session ID
  • Desination Ports
  • Source IP address which is the same as the desination IP of the corresponding source session
  • ERSPAN flow ID

Configuring an ERSPAN Source Session

The ERSPAN source session defines the session configuration parameters and the ports or VLANs to be monitored.


  1. enable
  2. configure terminal 
  3. interface interface-type interface-number 
  4. plim ethernet vlan filter disable 
  5. monitor session span-session-number type erspan-source 
  6. description string 
  7. [no] header-type 3 
  8. source interface interface-name interface-number 
  9. source vlan {id-single | id-list | id-range | id-mixed} [rx | tx | both] 
  10. filter vlan {id-single | id-list | id-range | id-mixed} 
  11. destination 
  12. erspan-id erspan-flow-id 
  13. ip address ip-address 
  14. ip prec prec-value 
  15. ip dscp dscp-value 
  16. ip ttl ttl-value 
  17. mtu mtu-size
  18. origin ip address ip-address [force] 
  19. vrf vrf-id 
  20. no shutdown
  21. end 

Configuring an ERSPAN Destination Session

Perform this task to configure an Encapsulated Remote Switched Port Analyzer (ERSPAN) destination session. The ERSPAN destination session defines the session configuration parameters and the ports that will receive the monitored traffic.


  1. enable 
  2. configure terminal 
  3. monitor session session-number type erspan-destination
  4. description string 
  5. destination interface {gigabitethernet | port-channel} [interface-number] 
  6. source 
  7. erspan-id erspan-flow-id 
  8. ip address ip-address [force] 
  9. vrf vrf-id 
  10. no shutdown
  11. end