Practical configurations, Part 2

This article is the second in a small series designed to help the common network engineer with practical configurations for networking devices. In the last tip I focused on using base configurations such as SNMP and NTP as well as configuring the access devices in your network. This week I will move the focus onto the configuration of the distribution devices.

Access Recap
Recall from the last tip that we have configured VLANs, user ports and VTP on the access devices. Remember to use the following topology as a guideline:

Range Helps
Don't forget that using the interface range command can help save time in configurations. By not having to configure each individual port separately, this command can help you to apply large interface-based command sets quickly. Remember that last week we configured our Access-1 switch's user ports to belong ...

RELATED CONTENT Routing and Switching Testing 10 gigabit Ethernet switch latency: What to look for How to test LAN switch energy efficiency Testing LAN switch power consumption: A best practices guide Dynamic IP routing and routing protocols Monitor your network traffic with MRTG How routers work: An overview for networking pros Secure Cisco routers against IOS flaw attack Network summarization -- Supernetting and wildcard masks Routing: Five common, easily avoided errors Router Expert: Building a WLAN proxy server, implementing ASR Network Hardware Why are network security vendors offering wireless LAN infrastructure? Should you lease network equipment or buy new or used gear? Licensing changes in IOS 15 target use of illicit Cisco IOS emulators Vyatta 3500: Large enterprise 10 GbE router play with an open source twist Industrial Ethernet switches can save the day during deep freezes Is Avaya stretching itself thin with Nortel data networking products? Unified wireless network still a work in progress for vendors 3Com acquisition confirms HP-Cisco battle for China Juniper to CIOs: Invest in internal cloud computing networks 802.11n wireless APs bring IP video to sprawling Illinois high school Network Hardware Research

RELATED GLOSSARY TERMS Terms from Whatis.com − the technology online dictionary core router  (SearchNetworking.com) fiber jumper  (SearchNetworking.com) flow routing  (SearchNetworking.com) foreign agent  (SearchNetworking.com) foreign network  (SearchNetworking.com) hardware load-balancing device  (SearchNetworking.com) logical router  (SearchNetworking.com) mrouter  (SearchNetworking.com) patch cord  (SearchNetworking.com) port interface card (PIC)  (SearchNetworking.com)

RELATED RESOURCES 2020software.com, trial software downloads for accounting software, ERP software, CRM software and business software systems Search Bitpipe.com for the latest white papers and business webcasts Whatis.com, the online computer dictionary

to VLAN10 (user-vlan) with the following commands:

Spanning Tree
I mentioned in the last article that Spanning Tree was beyond the scope of what we were trying to accomplish with the access switches. In this article, however, STP is fair game.

The purpose of the portfast command on user ports is to allow for fast transition of these ports to forwarding mode. As an engineer you don't want to have to wait ~50s for a customer to come up after you've plugged them into your switch. The delay of course is due to the transition of the port from listening to forwarding. This command is NOT to be used on ports connecting to other Layer 2 devices; doing so could seriously damage your network. The other item relevant to STP on the access devices (and this article) is the switch priority. Generally it is best practice to manipulate the spanning tree priorities so the root bridge is not an access device. I am assuming at this point that the distribution layer in the network is comprised of Layer 3 switches. The reason for this is that many networks are configured in such a manner that the distribution layer is the first routing point in the network – meaning the users first hit a router at the distribution layer! Configuring the STP priorities so that these distribution layer devices and not the access layer devices become the root of the spanning tree is important in troubleshooting and overall knowledge of traffic flow.

In the diagram above, D1 has been configured as the primary Root of the Spanning Tree in the default VLAN. This configuration will assure that traffic (L2) will travel from Access-1 to D1. If a failure occurs, traffic will shift from Access-1 to D2. This topology is very common in networks today. Hot Standby Router Protocol (HSRP) is also commonly used for gateway redundancy – in this case between D1 and D2. See Below.

It's important to know that when using L2 topologies such as this with HSRP the Active HSRP gateway must also be the STP root bridge.

Configuring STP, HSRP and OSPF
Using the diagram below, I'll show you how to configure all of the topics I've talked about in this article. Remember that I am assuming all the base configurations have been applied.

The configurations below will incorporate each of the topics in this article. I will use the above diagram as a reference for these configurations. It's important when configuring each device that you "develop and verify" each layer of your configurations. This means don't configure OSPF before you verify your STP operation. This will allow you to methodically move from Layer 1 to Layer 3+ configurations without having to waste time troubleshooting an underlying issue which you might not have seen otherwise.

OK, now I've shown you how to configure the L2 and L3 portions of our ever growing network (within this series) from the Access to Distribution Layers. Notice how in each configuration the Layer 2 command entries come before the Layer 3 commands ensuring you don't get caught troubleshooting say, OSPF when the real problem is a mis-configured VLAN.

The stage is now set for the next article in the series, when I show you how to configure the core devices. We'll also look at what commands can be useful in verifying operations are running smoothly.

Doug Downer (CCIE #9848) is a Sr. Consultant with Callisma, INC, a wholly owned subsidiary of SBC Communications. Doug has over 7 years in the industry and currently provides high level business and technology consulting for various federal clients in the Washington D.C. area.