Active Router가 Down되거나 회선에 문제가 생겨 통신이 불가능해진 경우 Active Router를 전환하기 위해 사용.

셋팅

HQ_SE_1F_SW1(config-if)#standby 10 track FastEthernet0/6

HQ_SE_1F_SW1(config-if)#standby 10 preempt

결과

HQ_SE_2F_L3_1#show standby brief

P indicates configured to preempt.

|

Interface   Grp   Pri   P   State   Active   Standby       Virtual IP

Vl10          10   150  P  Active   local   192.168.2.29  192.168.2.30

HQ_SE_2F_L3_2#show standby brief

P indicates configured to preempt.

|

Interface   Grp    Pri   P   State    Active        Standby   Virtual IP

Vl10         10     145  P Standby 192.168.2.28   local    192.168.2.30

HQ_SE_2F_L3_1#show standby brief

P indicates configured to preempt.

|

Interface   Grp   Pri   P   State       Active      Standby    Virtual IP

Vl10         10    140  P  Standby 192.168.2.29   local     192.168.2.30

HQ_SE_2F_L3_2#show standby brief

P indicates configured to preempt.

|

Interface   Grp   Pri   P    State     Active     Standby      Virtual IP

Vl10         10    145  P   Active    local     192.168.2.28 192.168.2.30

Gateway의 Path를 이중화해 하나의 링크가 Down되어도 Client들의 서비스에 지장이  없게 한다.

셋팅

HQ_SE_GN_1F_L3_1

interface Vlan10

ip address 192.168.1.28 255.255.255.224

standby 1 ip 192.168.1.30

standby 1 priority 150

standby 1 preempt

!

interface Vlan20

ip address 192.168.1.61 255.255.255.224

standby 2 ip 192.168.1.60

standby 2 priority 145

standby 2 preempt

!

HQ_SE_GN_1F_L3_2

interface Vlan10

ip address 192.168.1.29 255.255.255.224

standby 1 ip 192.168.1.30

standby 1 priority 145

standby 1 preempt

!

interface Vlan20

ip address 192.168.1.62 255.255.255.224

standby 2 ip 192.168.1.60

standby 2 priority 150

standby 2 preempt

!

결과

HQ_SE_GN_1F_L3_1#show standby brief

                     P indicates configured to preempt.

                     |

Interface   Grp    Prio   P  State       Active           Standby           Virtual IP

Vl10          1      150   P  Active      local             192.168.1.29     192.168.1.30

Vl20          2      145   P  Standby   192.168.1.62    local              192.168.1.60

HQ_SE_GN_1F_L3_2#show standby brief

                     P indicates configured to preempt.

                     |

Interface    Grp   Prio   P  State        Active                  Standby         Virtual IP

Vl10           1     145   P  Standby    192.168.1.28          local              192.168.1.30

Vl20           2     150   P  Active       local                   192.168.1.61     192.168.1.60

여러 개의 스패닝트리를 그룹화해 1개의 스패닝트리 처럼 동작하게 하여 프로세서의 소모율을 줄인다.

셋팅

Dispatch_L2_1

spanning-tree mode mst

no spanning-tree optimize bpdu transmission

spanning-tree extend system-id

spanning-tree vlan 1,10,20,30,40 priority 40960

!

spanning-tree mst configuration

 name mst-1

 instance 1 vlan 1, 10, 20, 30, 40

!

spanning-tree mst 1 priority 40960

!

!

!

!

interface FastEthernet0/1

 switchport mode trunk

!

interface FastEthernet0/2

 switchport mode trunk

!

결과

Dispatch_L2_1#show spanning-tree mst configuration

Name      [mst-1]

Revision  0

Instance  Vlans mapped

--------  -------------------------------------------------------------------

0         2-9,11-19,21-29,31-39,41-4094

1         1,10,20,30,40

----------------------------------------------------------------------------

Dispatch_L2_1#show spanning-tree mst 1

Interface        Role Sts Cost      Prio.Nbr Type

---------------- ---- --- --------- -------- --------------------------------

Fa0/1            Altn BLK 200000     128.1    P2p

Fa0/2            Root FWD 200000   128.2    P2p

Dispatch_L2_2#show spanning-tree mst 1

Interface        Role Sts Cost      Prio.Nbr Type

---------------- ---- --- --------- -------- --------------------------------

Fa0/1            Desg FWD 200000    128.1    P2p

Fa0/3            Root FWD 200000    128.3    P2p

Dispatch_L3_1#show spanning-tree mst 1

Interface        Role Sts Cost      Prio.Nbr Type

---------------- ---- --- --------- -------- --------------------------------

Fa0/2            Desg FWD 200000    128.2    P2p Pre-STD-Rx

Fa0/3            Desg FWD 200000    128.3    P2p Pre-STD-Rx

수렴 시간(Convergence Time)을 빠르게 하기 위해 사용.

(모든 장비에서 사용 가능한 표준기술)

셋팅

HQ_SE_3F_SW3(config)#spanning-tree rapid-pvst

적용후

L2_1(config)#spanning-tree mode rapid-pvst

08:55:30: setting bridge id (which=3) prio 40970 prio cfg 40960 sysid 10 (on) id A00A.001c.0e5d.c040

08:55:30: RSTP(10): initializing port Fa0/1

08:55:30: RSTP(10): Fa0/1 is now designated

08:55:30: RSTP(10): initializing port Fa0/2

08:55:30: RSTP(10): Fa0/2 is now designated

08:55:30: RSTP(10): transmitting a proposal on Fa0/1

08:55:30: RSTP(10): transmitting a proposal on Fa0/2

08:55:30: RSTP(10): updt roles, superior bpdu on Fa0/1 (synced=0)

08:55:30: RSTP(10): Fa0/1 is now root port

08:55:30: RSTP(10): syncing port Fa0/2

08:55:30: RSTP(10): transmitting a proposal on Fa0/2

08:55:30: RSTP(10): updt roles, superior bpdu on Fa0/2 (synced=0)

08:55:30: RSTP(10): Fa0/2 is now alternate

직접 연결되어 있지 않은 간접링크가 다운되었을때 차단상태(Blocking State)의 포트를 MAX Age(20초)를 생략하고 바로 청취 상태로 변경시켜 기본적인 STP 컨버전스 시간인 50초를 30초로 단축시킨다.

셋팅

HQ_SE_1F_SW1(config)#spanning-tree backbonefast

HQ_SE_1F_SW2(config)#spanning-tree backbonefast

HQ_SE_1F_L3_3(config)#spanning-tree backbonefast

적용 전 (20초)

07:32:04: STP: VLAN0010 heard root 32778-001d.e6da.d900 on Fa0/2

07:32:06: STP: VLAN0010 heard root 32778-001d.e6da.d900 on Fa0/2

07:32:08: STP: VLAN0010 heard root 32778-001d.e6da.d900 on Fa0/2

07:32:10: STP: VLAN0010 heard root 32778-001d.e6da.d900 on Fa0/2

07:32:12: STP: VLAN0010 heard root 32778-001d.e6da.d900 on Fa0/2

07:32:14: STP: VLAN0010 heard root 32778-001d.e6da.d900 on Fa0/2

07:32:16: STP: VLAN0010 heard root 32778-001d.e6da.d900 on Fa0/2

07:32:18: STP: VLAN0010 heard root 32778-001d.e6da.d900 on Fa0/2

07:32:20: STP: VLAN0010 heard root 32778-001d.e6da.d900 on Fa0/2

07:32:22: STP: VLAN0010 Fa0/2 -> listening

적용 후 (20초 생략)

07:21:12: STP: VLAN0010 heard root 32778-001d.e6da.d900 on Fa0/2

07:21:12: STP: VLAN0010 Fa0/2 -> listening

07:21:12: STP: VLAN0010 Topology Change rcvd on Fa0/2

07:21:12: STP: VLAN0010 sent Topology Change Notice on Fa0/1

직접 연결된 링크가 다운 되었을 때 차단 상태에 있는 포트를 즉시 전송 상태로 변경 시키기 위해 사용.

셋팅

HQ_SE_1F_SW1(config)#spanning-tree uplinkfast

적용 전 (30초)

03:39:07: STP: VLAN0010 new root port Fa0/2, cost 38

03:39:07: STP: VLAN0010 Fa0/2 -> listening

03:39:09: %LINK-5-CHANGED: Interface FastEthernet0/1, changed state to administratively down

03:39:09: STP: VLAN0010 sent Topology Change Notice on Fa0/2

03:39:10: %LINEPROTO-5-UPDOWN: Line protocol on Interface FastEthernet0/1, changed state to down

03:39:22: STP: VLAN0010 Fa0/2 -> learning

03:39:37: STP: VLAN0010 Fa0/2 -> forwarding

적용 후 (5초이내)

03:15:07: STP: VLAN0010 new root port Fa0/2, cost 3038

03:15:07: %SPANTREE_FAST-7-PORT_FWD_UPLINK: VLAN0010 FastEthernet0/2 moved to Forwarding (UplinkFast).

03:15:09: %LINK-5-CHANGED: Interface FastEthernet0/1, changed state to administratively down

03:15:09: STP: VLAN0010 sent Topology Change Notice on Fa0/2

03:15:10: %LINEPROTO-5-UPDOWN: Line protocol on Interface FastEthernet0/1, changed state to down

UplinkFast is enabled

Station update rate set to 150 packets/sec.

UplinkFast statistics

-----------------------

Number of transitions via uplinkFast (all VLANs)            : 0

Number of proxy multicast addresses transmitted (all VLANs) : 0

Name                 Interface List

-------------------- ------------------------------------

VLAN0001             Fa0/2(fwd)

VLAN0010             Fa0/2(fwd)

ISP의 공인 IP주소의 절약 및 공공망과 연결되는 사설망을 침입자들로부터 보호하기 위해 사용.

셋팅

HQ_SE_Core_R2(config)#ip nat inside source list 1 interface Serial0/0/0 overload

HQ_SE_Core_R2(config-if)#ip nat inside

HQ_SE_Core_R2(config-if)#ip nat outside

결과

HQ_SE_Core_R2#show ip nat translations

Pro Inside global Inside local Outside local Outside global

icmp 200.1.2.2:3 192.168.5.33:3 200.1.2.1:3 200.1.2.1:3

icmp 200.1.2.2:4 192.168.5.33:4 200.1.2.1:4 200.1.2.1:4

icmp 200.1.2.2:5 192.168.5.33:5 200.1.2.1:5 200.1.2.1:5

icmp 200.1.2.2:6 192.168.5.33:6 200.1.2.1:6 200.1.2.1:6

다수의 물리적인 Link를 하나의 논리적인 Link로 만들어 대역폭 향상, Link 이중화(물리적인), Load Balancing의 이점을 얻을 수 있다.

셋팅

HQ_SE_GN_2F_SW1

interface FastEthernet0/1

 channel-protocol lacp

 channel-group 1 mode active

 switchport mode trunk

!

interface FastEthernet0/2

 channel-protocol lacp

 channel-group 1 mode active

 switchport mode trunk

HQ_SE_GN_2F_L3_1

interface FastEthernet0/1

 channel-protocol lacp

 channel-group 1 mode passive

 switchport mode trunk

!

interface FastEthernet0/2

 channel-protocol lacp

 channel-group 1 mode passive

 switchport mode trunk

HQ_SE_GN_2F_SW1

HQ_SE_GN_2F_SW1#show etherchannel summary

Number of channel-groups in use: 1

Number of aggregators:           1

Group  Port-channel  Protocol    Ports

------+-------------+-----------+--------------

1      Po1(SU)           LACP   Fa0/1(P) Fa0/2(P)

HQ_SE_GN_2F_L3_1

HQ_SE_GN_2F_L3_1#show etherchannel summary

Number of channel-groups in use: 1

Number of aggregators:           1

Group  Port-channel  Protocol    Ports

------+-------------+-----------+--------------

1      Po1(SU)           LACP   Fa0/1(P) Fa0/2(P)