Thursday, April 21, 2011

Etherchannal

Link Aggregation allows the grouping of up to 8 physical ports into one link.all port in the group must be the same, speed, dup, access (same vlan) or trunk (same encap, vlans allow).
  • PAgP, is cisco and has three port modes, auto and desirable, and on.
    • If two link are in desirable they will not negotiate a link
    • If connecting to servers which do not use PAgP then use silent  
  •  LACP, is not cisco and has two modes, active and passive
    • if two links are in Passive they will not negotiate a link
  • ON, uses no negotiation.
    • Must be set on all
Is configure by first creating a logical interface called a "port-channel" with a group id
  • Switch(config)#interface port-channel 1
Then place the physical interfaces in that group and set its mode depending on the protocol used, and then set the protocol
  • Switch(config-if)#channel-group 1 mode on\des\auto\act\pass
  • Switch(config-if)#channel-protocol pagp\lacp
Then you can configure the port-channel interface like a normal interface with trunking if needed.
  • Switch(config)#int port-channel 1
  • Switch(config-if)#int mode trunk
There can also be a layer 3 interface port-channel by adding an IP address as well.
Also uses a load balancing method

ACLs on a switch

We are talking about filtering traffic going through the switch, not just using ACL on the switch's vty lines. The switch can use Router ACLs (RACL), Vlan ACLs (VACL) and Port ACLs (PACL)

  • VACL use RACL statement to identify the traffic
  • VACL use vlan access-map to tie the RACL statement to the VACL and the action
  • VACL are applied to VLANs with VLAN filter command in G-config mode
    • Switch(config)#ip access-list extended TEST1
    • Switch(config-ext-nacl)#permit ip 192.168.2.0 255.255.255.0 any
    • Switch(config)#vlan access-map DROP1
    • Switch(config-access-map)#match ip address TEST1
    • Switch(config-access-map)#action drop
    • Switch(config)#vlan filter DROP1 vlan-list 20-30