113

Layer 2 Switching and VLANs in Junos OS

View non-AMP version at androidpolice.com

Understanding the Fundamentals of Layer 2 Switching

Introduction

welcome to the course layer to switching and be lens in Junos Os. My name is Martin Brown. I'm a network security engineer for 81 service provider, and I'm based in the UK So when I say Ruta, I really mean router. This is the first model of this course, and this course will be part of a series. Of course, is there are nine courses in this Siri's, and they're all designed to help to prepare you to support and configure Jonas OS based devices on Enterprise Network. In addition there also designed to help increase your knowledge as you go forward in your career, there's a network engineer. As we said, the first course is the Layer two switches violence course. We then move on to look at the spine entry protocol. We follow this by looking at Latu security before moving on to protocol independent routine, after which we look at one of the Rutenberg ACOs, which is that was PF within look Intermediate system to Intermediate System or AIS Torres and the Last routing Protocol. We look at his B G p within look at network tunnels before finishing. But looking at high availability, we first begin this course by looking up. What enterprise Switching platforms are running the judo's us? As in What switches do juniper manufacture with a look at what bridging is we look at how switches process frames well, look at villains and what they are. Well, look at what components make up a villain before we look at configuring a monitoring villains on standard X. Serious witches within finish by looking at had to perform the same configuration. Tasks on switches run in the new and hunts layer to software or here less, such as the X 434,600 and 9200 switches or configuration. And monitoring in these courses will actually be done on rial switches. I won't be using any kind of simulations or genus fear. We will be using real hardware so that what you see will be the actual reaction that switches will have toe whatever command we give Junos os and the environment for that. Look, someone at this. So we have this cloud, which is basically the aggregation or the distribution there. And if you don't know what aggregation or distribution layer is, well, don't worry. We'll be discussing that as part of this module within half hour two x serious, which is they're connected to the aggregation or distribution there. And we have an up link between the two switches. We then have some hardware or some service connected to these particular switches, just sort of to give us, um, traffic or just to see what sort of things are happening when we connect a device to a switch. Now we've labeled this, which is switched 22 switch 23. And just for the purposes of identification, we've labeled the aggregation layer switch 01 because it is actually just a single switch on its own. We are using the following ports to connect the devices to each other, end to the aggregation. That and you may be wondering, Well, what particular models of switches out there running? Well, that doesn't really matter at this time. For one very good reason, the devices are running what is known as 1 June us. What that means is any device that runs June us will be using exactly the same commands. There's another device or platform that runs jails now. Obviously, if you don't have, for example, a card that supports a DSL. That command won't be available, but most of things like the V lands or configure imports where you set filters and someone those will be exactly the same. So if you learn to support Juno's on one X serious, which you can support, Juno's on another ex cetera switch, which takes us nicely to the first topic in this course, and that is what enterprise Siri's platforms does juniper manufacture.

Enterprise Switching Platforms

we begin this course by looking at some of the different enterprise switching platforms that Juniper has to offer. Now, some of the information in this clip might not be particularly clear at first. However, I invite you to come back to this video once you finish this cause that some of the information will make a bit more sense then. Now there are quite a few different switches that juniper manufacturer. So we're not going to go into too much detail. We're going to go into just enough detail to give you an idea as to what they are and what they can do. So we begin this course by looking at the E X serious, which is These are the type that this course is actually about. These switches were actually designed using the knowledge that juniper gained from manufacturing routers for the service provider market. They are very high throughput yet low latency, and there are eight different bottles. We're going to look for the smallest or the least powerful. First, the first switch is the X 2300. This is available in over 24 ports or the 12 port X 2300. See they have a throughput of up to 47 mega packets per second, or 95 maker packets per second for the 24 ports, which so what does that mean will make a packets per second? Refers to how many millions of 64 byte packets the switch come process in a second. The 64 bite size is actually a standard. Regardless of how many packets per second the manufacturer will quote the network devices of being capable of it will still be based on the 64 by packet. This is done because if one manufacturer quoted their statistics based on a 1000 by packet on another quoted their statistics based on a two by packet, this would not be an accurate comparison. Therefore, the standard says, you have to quote against the 64 backpack it, then that's fair enough. This allows us to roughly know what each manufacturer is capable off. The X 2300 has what we call sfp up link ports, and these allow you to connect between one switch and another using fast fibre or copper. The X 2300 C has to ports. Where is the 24 ports, which has four up Think balls that this switch is p o e capable, which means you can power, for example, in excess port. Or you can power a telephone through the switch itself. They switch Coinstar up to 16,000 Mac addresses in its Mac address table, and if you're not sure what that is, we'll discuss that a bit later. This, which could also have up to 2000 and 48 feelings. The switch can learn 4000 and 96 i p version four routes or 2048 i p version six routes. The switch can also store 1024 up entries. The X 2300 can be connected to other X 23 hundreds so that they make one single logical switch, and this logical switch is known as a virtual chassis. With the X 2300, you can have up to four switches in the virtual chassis. We'll actually be covering Virtual chassis is in detail in another course. In this Siri's

EX3000 and EX4000 Series

the next switch in the X Siri's range is the X 3400. This switch is available in 24 or 48 ports as a throughput of up to 214 mega packets per second for the 24 ports, which or 250 maker packets per second for the 48 ports, which this, which comes with four SFP passports which means even use SRP is capable of up to 10 gigabit or or it has to queue. SFP public reports and cute SFP ports are applique ports which are capable of up to 40 gigabits per second. This, which is also Peary capable. You can have it in a non p o E version if you wanted to. This, which can store up to 32,000 Mac addresses in its Mac address table There switch supports 4000 and 93 v lens. This which can have up to 36,000 i p version four routes in its routing table or 18,000 r p version six routes. This which can also store 8000 up entries. Now The X 3400 also supports virtual chassis, but where is the x 2300 only supported force, which is in the virtual Chessie. The eggs 3400 gonna have up to 10 switches in the virtual chassis. Now next switch is the E X 4300. This is available in 24 32 or 48 ports and it supports speeds of up to 333 baker packets per 2nd. 345 mega packets per second for the 32 port or 369 mega packets per second for the 48 ports, which this, which can have either four SFP passports or four cute sfp bubbling comports. This which is Perry capable. You can store 64,000 Mac addresses. You can have 4000 and 93 V lands. You can have up to 32,000 i p version four routes in its routing table or 18,000 RB version six routes. In its routine table, you can have up to 64,000 AARP entries and the virtual share see allows up to 10 switches to be connected as a logical switch. Now, as we go through the ranges, you may notice not only does the throughput increase? But so does the number of Mac addresses each, which can store the number of routes in the switch can store and the AARP entries each, which can store the maximum number of switches you can have in a virtual. Shetty, however, will never increase above 10 the next X, which is the e x 4600. On this, which only has SFP plus supports by default, it doesn't have the normal copper ports. The switch is capable of up to 1.7 billion packets per second. In addition to the SFP passports, you also have 4 40 gigabits que sfp bubbling ports by default. If you want to increase capacity, you can by adding expansion modules. This which consist or 288,000 Mac addresses. You can create 4000 and 96 the lens, the switch construe or 128,000 i p version four routes in its memory or 64,000 high p version six routes and it consistory 48,000 up entries again, This supports but you chassis and you can have up to tens, which is in the Chessie, the final switch in the eggs for 1000. Siri's is the X 46 50. This has 48 10 or 25 gigabit per second recipe passports. The maximum throughput is 2.98 billion packets, but second, and in addition to the SNP passports, you also have 8. 40 or 100 gigabit per second. Que sfp uplink appalls this, which can store 280,000 Mac addresses. You can create 4000 and 96 Phelan's. The switch can learn 208,000 i p version four routes and 104,000 my profession. Six routes Andy Construe or 64,000 AARP entries. Now what's interesting about this switch is the only supports four switches in the virtual chassis. The other switches in the 4000 series support up to 10.

Modular Chassis Switching Platforms

The final series of switches we're going to discuss are the e X 9000. Siri's in the first one of these is X 9200. Now this is actually a modular chassis. What this means is this switch contains slots into which you can plug in blades. Now you can have 48 or 14 slots in the chassis is you can have up to 320 10 gig ports. You can have 40 40 gig ports, or you can have 10 100 gig ports in one of these switches. Thes, which is support 40 gigabit cute SFP ports on day 100 gigabit C F P ports. This which construe or one million Mac addresses. In addition, you can also support 32,000 villains now the previous, which is we saw supported up to 4000 and 96. So how can this switch support 32,000 when the standard is 4000 and 96? Will this switch is programmable and you could make it appear as multiple switches under a single management. I appear dress or we can make it appears, multiple devices, so this kind of allows for virtualization And that's why you have such a large number of violence. Now this switch is actually running something called Genius Fusion rather than sanded genus. And it's running juniors fusion for the program ability side. Now we don't cover this in this course, unfortunately, but it is still something rather interesting if you get a chance to look at it. As faras roots go, this switch support up to 256,000. I'd be version four routes, and it can store 256,000 i p Version six roots in its routing table. In addition, this, which can have up to 256,000 AARP entries, our final switch is the E X 92 50 and this is available in two versions. The first version is the E X 92 51 which is one you in height now. This allows until 81 gig or 10 gig ports and for 40 gig or 100 gig ports. On our second version is the X 92 53 which is a three you chassis now, even though it's three you he only has to line cards, however, each line card has 12 40 or 100 gig ports and 6 40 gig ports. This switch construe or up to one million Mac addresses. You can create 32,000 V lands this switch construe or one million i p version four routes in its routing table and one million i p Version six roots in its routing table. As far as our countries, this switch can store 512,000 or half a million AARP entries in its memory. Aside from the X serious platform, Juniper also manufacture other switching platforms. The first of these is the SRX. They're actually SRX. Siri's firewalls now, obviously they designed as firewalls, but they can also switch as well. In addition, because you can configure aggregated links on SRX serious firewalls, the SRX foul must be running some kind of Spanish re protocol in order to prevent bridge in loops. In addition to the SRX, we also have the Q FX. Now these are switches rather like the e X Siri's, but they're extremely fast. They're designed for low latency and high bandwidth, so these are very fast. But there's still switches, and finally, we have Q fabric in Q fabric is very similar to the Q FX. Siri's only slightly better. It is a very high end, low latent see, very fast switching platform that's designed for the data center core, where data transfer is time critical and it has to be sent or transmitted in the shortest possible time. So now we've had a look at the difference, which is that juniper manufacture. The next thing we're going to look at is a brief history of even it, and this is what we're going to do in our next clip.

A Brief History of Ethernet

now before understanding how Heath Networks. It's a good idea to look at the history of the Internet, because if you look at the history, you're no how eat the networks. So it was developed in 1972 by Xerox, and the original speed was set a 2.94 make a bits per second. Nowadays, you can have home Internet connections greater than this. Back then, there were only sending text. There were no images. As such. There were no videos, so 2.94 seemed fine. Now, in case you're wondering how Ethan it got his name, the creators named it after how it was thought, electromagnetic waves propagated their way through space, and it was something called the luminous fris e tha. Now the actual theory of how electromagnetic waves propagated through space was proved to be incorrect. But the name stuck. They just took either, and put a net on the end. Even it. So in 1980 _____, which is the Digital Equipment Corp. Intel and Xerox, published the ether standard, and they set the speed at 10 megabits per second. So nice increase off. See, compared to today's standards, still slow but back then, that was fast enough. The knee. In 1983 the Tripoli or the Institute Off Electrical and Electronics Engineers published the 802.3 standard. So this standardizing Ethan it. Now. There were other standards, things like token ring and so on. But Ethan it rapidly became the dominant network standard. Now 82.3 set the standard for how the frames would be sent or held the signal in woodwork. But you still needed another standard to carry the signal, and that became the cabling standard, and the first standard was 10. Base five 10 based five is also known as thick knit, and that's because the cable used is extremely thick. It's very hard to bend and hard to work with. Automated, expensive. The correct or cable itself had a 2.17 millimeter core, which is quite a thick core. If you think about it, that's a sort of cable you'd use for electrical wiring quite heavy, and to connect to it, you'd have to use something called a tap, so you'd have to pull the braiding cable apart, drill down into the core, and hopefully your tap would work. If we didn't, you would have problems and you could bring down the network. The speed was 10 megabits per second half duplex. Only The maximum cable distance into end was 500 m, so you would have basically have a 500 length of cable. And on that you put your taps at certain intervals per segment. You can have up to 100 nodes so you could have a network off 100 computers or 100 computers and printers. The cable run had to be continuous. If you had a break, your network would literally start working. It would go down, and at the end you had to have thes terminators. There were 50 owns, and that's to stop the signal from bouncing backwards and forwards along the cable. Then the name Tim, based five comes from the Speed 10 megabit Base means based band, and five is 500 m for the cable. Next we have 10 base two. This was called fin it. This was a much thinner piece of cable. Now this again used a co axial cable, but this time the core is 0.81 millimeter thick. Instead of the two plus millimeter core for the picnic cable. When you were connecting notes, you used a T piece. So you basically I did a piece in between the cable to break it. To connect it to your note, you had speed of 10 megabits per second. Half duplex again, so same speed is 10 base five and the maximum cable distance was 185 m. Well, as we said before, 10 based five was because it was 500 m or was this 10 based 185 doesn't quite sound right, so they just called it 10 base two and rounded up. With this, you could have 30 nodes per segment, and again the cable run had to be continuous. And I could remember working on this when I first started in I T. And someone will call and say the networks condemned, and it's normally because someone had disconnected their laptop and maybe taking the Teepees with them, and it took down the entire network. Or sometimes the actual connections became loose and it would just come undone and again take down the network. You also had to have these terminators again the evenings of the cable. So as an example here we have a 10 base two network and the cable is in green. What we do is we add the Terminator's on the end and we had the T pieces and to those we connect the servers workstations. And yet laptops were around that time. Took it, as you can see is just one long, continuous piece of cable for which there you'll shared, and we call this a shared media. Then along came 10 base T, now the 10 same speed base spent, and the T stands for twisted pair, and it's used you TP, which is unshielded twisted pair Category three. It is actually based on the telephone cables in use in the U. S. A. At the time, it was eight core cable with the pairs twisted together and the idea of trust in the past together. WAAS. If there was any kind of electrical interference, the twisting of the cables would kind of counts or the interference out, and that will give you a much longer cable run. The speed was 10 megabit originally half duplex 100 m maximum cable distance, but he had two nodes by cable. So you had at one end of the cable you had your computer say, in the upper end you had a hub, so it was 100 m, but it was 100 m to each workstation with a central hub. So with this you have a central hub. You have your workstations and they all connect to the hub volley. You tp cable. And as you can see, that kind of looks very familiar to what we use in today. Instead of having Hub, we have a switch, but it's a similar thing. It's a start apology. Now there is a similarity between 10 base 2, 10 based, five and 10 base T, and that is that all using the shared medium. If one node sends a frame than all other nodes on the same segment will receive the same frame. But this does then introduce another problem, and that is something we call collisions.

Collisions

when two or more nodes send data in exactly the same time. On shared media, we have what is known as a collision. That's literally where the two frames are, hitting each other and scrambling each other to become on intelligible to other nodes on the network. So if we look at our example Network and let's say we have a server, the wants to send a frame, but it sends the data onto the wire, and it goes both ways because obviously it's a continuous piece of copper. The end directed towards the Terminator will just be discarded, but the other end will continue around the network. Then we have a work station and he wants to send data to so he does. He sends a frame and it goes round the network and it collides right in the center. Well, that's a collision. So how do we prevent it? When they developed Ethan it That was one of the first things they fought about. How do we prevent collisions? And they came up with something called C S. M. A CD, which basically means carrier sense multiple access with collision detection, and what it does is lets say, we have the same network, and this client wants this in data. He'll listen and he'll wait to see if there's any network traffic at that time. And yet the seven is sending traffic. So the client says, I'm gonna wait for him to finish and then I'll send my data. Well, that's all very well and good. But what happens when two clients have listened and they both decide that the network is clear and they go to sent when that does occur, then both centres will wait a random amount of time before re send in their data. And because it's a random timer, it's almost guaranteed that they'll be sending the data at different times. The one that gets there first will send, and the album will wait for the sending to finish the When the clients are grouped together on this shared media, we call it a collision domain, and that's because each client, one node, is relying on other notes to be patient whilst there send in their data. If they're not patient, we get a collision. So it's in everyone's best interest for all the nodes to be patient with each other with the issue we then have is when you have too many nodes, they're constantly waiting, which slows the network down. What we can do in that case is we can use a bridge. Bridges allow network engineers to split segments into two or more collision domains, which means when a collision occurs, it stays on that segment only and doesn't affect any other segment. We start with a bridge into each port. On that bridge, we connect the segment. Now this has two effects. The first one is the limitation for the length of cable. On thin net was 185 m well by connected it to a bridge. You can have 185 m on each segment. Therefore you can overcome the length limitation. And the second thing is when the plant wants to send a frame. If the note it send in the frame two is on the same segment. The bridge will not send it to any of the other segments. That frame will stay within that segment. Well, how does the bridge know that the traffic has to stay within excitement or whether to send it to another segment? Well, it knows because each bridge has a look up table. Cordy Mac address table

Bridging Mechanisms

bridges have a special area of memory that is known as a Mac address table or also known as a camp table. And this is basically a database. And it says which Mac addresses are accessible through which port. So say you have 10 clients. You know that those clients were accessible through support to How does it learn? This information has got to find it from somewhere, or every time a client sends a frame, it includes certain information. Obviously, has the data has some other fields as well? Well, the first filled is the preamble, and this is just some random data. Just to get the electron ICS used to sending data, the next bit is quite important. That's the start of frame, and it says this is where the frame actually starts. So start paying attention to this bit. We then have the destination Mac address. So this is where it's going to. And then we have the source Mac address. So when a bridge receives this frame, it knows where it's come from, and it puts the source address in the Mac address table. We don't have the A 22.1 Q Tech No We don't have to worry about that for now, but this is used for Phelan tagging. We have the if a type which says Eva, what the frame type is in the case of Ethernet two or the length of the frame, we then have the payload. That's just your data. And then we have a frame check sequence, and the frame check sequence is just a calculation off the remainder off the infinite frame fields. And basically, when a note receives a frame, you can look at the FCS and say that doesn't match what the rest of the frame looks like and therefore assumes that has beena corruption. Now, that point the node will discard the frame. It will just drop it. The FCS cannot rebuild the frame, and it doesn't ask for a recent. It relies on the upper level protocols, such as TCP for the frame to be recent. So the FCS just says, Is it correct? No drop or yes, and then it lets it continue. So from this, it knows where the source Mac addresses are and obviously updates the Mac address table. What happens if the bridge receives a frame, but it doesn't have a destination of risk. What it does is it will flood the frame. It was sent an unknown UNA cast out of all ports except the port traffic was received on. So in this case, we have a Mac address table on the bridge, and it knows the Mac address. 00112233 is out of port three for How does he know that? Well, because this client is sending the frame. It's received the frame and therefore updates the Mac address table accordingly, but he doesn't know where Mac address 00 23 21 is so the note sends the frame and the bridge will look up. The Mac address table says I don't know where you are, and it would just send it out of all ports. Toe. Find out who Mac address 00 23 to anyone is so it sends out of the ports one and two when the client responds, saying I am Mac address 00 23 21. The bridge updates is Mac address table, and therefore, from that point onwards, it knows how to get to the client. What happens if this client went down, it got shut down or it crashed or whatever. It can't stay in the Mac address table permanently. He may have moved it to somewhere else, and you can only have the Mac address entry in their wounds. When that situation, the Mac address table is aged out and the default is 300 seconds. So after 300 seconds off not receiving any frames from a particular node, the bridge will remove the Mac address entry from its table. Now there are actually five mechanisms that we need to be aware off as network engineers. The first is learning. So this is where the Mac address has been found from an Ethernet frame in the source address. Fording is the normal operation. The Mac address is in the table and the bridges forwards. Normally, flooding is where it send in the frame out of or ports except the originating port. There's an unknown UNA cast. We then have filter in which we discussed later, which is where the frame is prevented from accident or entering a port. And then we have the agent where the Mac addresses removed. After 300 seconds, you may be thinking Well, okay, this is rather interesting. Thank you for the history lesson, but does it still matter? You know, Is it still important or Yes, because switches are basically lots of little bridges in a single box. That's all the switches. It's a bridge. So now you may be thinking Well, okay. We're not using shared me there anymore. Do we need to worry about collisions? Yes, because collisions can still occur. And when we come to the configuration section, I'll show you exactly how a collision can Icka.

Bridging, Only Faster

the cable in standards that we've looked at so far were 10 based 5 10 base, two in 10 base T, and they all had a limitation whether speed was 10 megabits per second, and in addition, it was half duplex. With the advent of switches, the speeds could actually increase or not only that it could also do something else. The first cabling standard for switches was really 100 base TX. So you had 100 megabit basement and TX. Now the tea means you tp and it's actually Category five, you tp The Category three standard wasn't good enough to transmit data at that speed. It was fine for 10 megabit but 400 megabit, you had to have a much better cable. Now is the same eight cause twisted together in order to reduce interference. But it's just a slightly better cable, maybe slightly thicker cause and again designed to carry data at a faster speed. The difference is, is 100 megabits full duplex, and that's what the X stood for. So the TX was Beauty P and the ex Waas. To Blix, the maximum cable distance was 100 m and again you had to nodes per cable and to build a land, you used the switch, so the topology was basically, you have a switch, you have your notes, and you connect them or via you to ___ cable. And this is the type of network that we use today is a star topology with a switch in the center not long after the speeds started to increase, and quite substantially, the first speed above 100 megabit is one gigabit 0 1000 megabits and 1000 based T means again based band you TP, and it's actually kept five cat five e cat six and can't seven. So the higher the number, then lower the specifications of the cable, and the higher the number, the faster the cable in transmit data. Then we have 1000 base X and X HD covers a few standards, but they're all gigabit, even it over fiber. So instead of using copper, were using fibre instead. In the advantage of using fiber is that it can go much greater distances without loss. In fact, you can have a particular type of fiber that can go kilometers rather than just a few 100 m. The next standard is 10 g based E, which basically means 10 gigabit, and it's actually running over you TP. And the distance varies on the cable. If you use Cat six than the most, you can have his 55 m. If you go for cat sick, say it's 100 m. I think after this we have 10 gig based X. So that's 10 G for net over fiber, and you have other speeds such as 25 gig 40 gig 50 and 100. Now they are looking at 50 giga. At the moment it's under development, with Ah 100 Gig Cooper being investigated. But you can have 25 gig and 40 gig copper at the moment, in addition to having them as fiber as well. One thing we have to be aware off is that with 25 gig, you can't use it on shared media anymore. You couldn't use it with a hub. In fact, you probably wouldn't want to anyway. But one of the stipulations off the specifications is you can no longer use 25 gig on a shared media. It has to be a point to point link, say, directly from the node to the switch. Now, if we want to look at the actual ports themselves, this is our X 2200 switch. And these are the RJ 45 and they're actually one geek. While this particular model we could take a closer look, we could just see what the plugs looked like. Normally you have to LTD's above each port or below in the bottom room. Please just tell you whether or not you have four duplex or whether or not we have any link activity and we're not. The port is up. Then on this side, we have the SF people's. These are one gig fibre or you could replace the S F. P s with copper. Yes, of peace. Then we have the X 4600, and these ports here are sfp plus, which means that they can do 10 gig that here in the center, we have the Q SF piece you can just about see there the edge of the socket. The S F P S and SFP pluses tend to be a square socket where the Q S F. P. S are slightly flatter and they're more of a rectangular shape

Layers of a LAN

networks today have gone past their simple single cable. We have 30 nodes connected to it to something a bit more complicated. If we take the average campus land, for example, in this thing could have hundreds or thousands off nodes connected to it. So rather than have just a simple, flat network design with lots and lots of no's connected manufacturers have come up with a novel way off layer in the network, so that rather than being just one big flat network, it's divided up into different sections. And they call this the hierarchical Internet working model. Now, if we take this network, for example, it's quite complicated compared to the simple network we have in our test lab. We have to multi chassis switches. We have to switch is in the center, and then another two switches with clients connected in today's networks. This will be divided up so that the multi chassis is would become what is known as the core. The core has to be very fast is the fastest part of the network designed to move traffic as fast as possible. Within, have the aggregation, all the distribution layer, and then we have the access layer toe, which clients attracted. Each layer, has its own little job to do, and it's quite important the access layer is used to connect. Workstations or printers is normally operating that lad, too, so it's using V lines, but it doesn't do any routine. You can also have what we call quality of service. And if you're using quality of service, switches at his lair, would normally mark the packet with the quality of service market. And it's just how the network treats the traffic compared to other traffic. Same times of congestion. And if we look at the switches we discussed at the beginning of this model, you would typically find it the E X 2300 and the eggs 3400 at this layer. So these air technically the slowest switches. But that's fine because they just need to be fast enough to make sure the clients come get the data without any congestion, and these switches would fit just fine. Then we have the aggregation there, which is also called the distribution layer, and this is used to join the excess layer to the core there Now, this would normally operate at layer three, so this would actually be doing some routine. In addition, you will also be doing quality of service to slow traffic down if there's too much traffic, or to make sure that things like voice Over I p will go over the network much quicker. And at this layer we have slightly faster switches. We have the E X 4300, the X 4600 and the X 46 50 if he wanted to, you could also use the E X 4300 in the excess layer, but this would of course, depend on your budget. Then finally, we have the core layer, and this is primarily last three. They can't be some there to the core layer, but this is normally last three. You would normally have high end low latency switches or routers. You can also connect anyone and into the edges into the court, but this layer quality of service will actually be disabled on. The reason being is that these switches need to focus on just transferring data as fast as they can, and quality of service could slow it down by using process of power and memory. This allows the switch to just throw packets through it as quickly as possible. The switches. We would typically find it. This layer would be the X 9200 and the X 92 50. Now you may be thinking, Where would I put my data center? Typically with a large enterprise network, you would add to extra layers for D. C aggregation and data center access, and the data center access would normally be switches on top of racks, for example. Now I'd like to end this module just having a quick look at the switches that way, using in a lap. So if I move to the CLI and as you can see where it says amnesiac, this means that these switches are their default configuration. They've not bean configured at all. These are factory default. So we inter route and we're automatically into the show in tow. Cli and win now in the exact mode. So from here, if I wanted to look at the ports, saying sure interfaces, pests and it just shows me I've got, say, gigabit 0123 and so on all the way up 2. 23 then I've got ports 010 is your one and so on. You could see that some of these air up and some guy down. So, for example, we have G 008 He's up, 10 is up. And this is where our servers are connected. Scroll down. We have 010 up, and there were 11 that pays to be Oppa's. Well, okay, we could also look at the Mac address table, which is one of the things we looked at earlier Bridges have a Mac address table. Sure, even its which in table And this is the Mac addresses that this which has learned now at the moment there is only one feeling is the default feeling. When we come to configure the switches, we will add further villains. But for now, it's at the default configuration. If I look at our second switch, the route again, it's at the default configuration. So interfaces tests and we can see that we actually have port five up on this one. In addition to ports 23 10 Mom, what? Okay, True. Even its which in table and again we have a different set of Mac addresses compared to switch 22. And if we just have a quick look at the configuration itself, we can just see that again, is the default configuration. We can see that we're running version 12. 3 are 11 to which is the J Tech recommended version. For this particular switch, we can see that we have things. I d a C P set. We have some sis log stuff we can see in the middle. We have the warning missing mandatory information. And what it means is, as this switches default configuration, it doesn't have a password set. So the first thing we will need to do once we start configuring is set the password. And without this, you cannot commit the changes. Other than that, the poor's themselves are all in the default villain, which is already created for us. And we even have the management interface, which is m e zero set with the A C. P. So you can use a date C p server to give the unit and address toe, then configure it. So what I do is I will take a copy off this configuration and leave it for you to download so you can examine it in your own ledger. You know, next module will be looking at feelings and how to route between villains on a switch.

The Who, What, and Why's of VLANs

What Are VLANs?

welcome back to the course Latitudes, which in, and violence in Junos OS in this module, we're going to look what villains are, why we need to use them and who defined the actress standard. Now for me, villains signify a special moment in my network engineering career. They achieved the reason why I became a network engineer. Now what happened was I was installing a physical security system on the site, and this security system was connected to the network. One of the engineers mentioned the word villain, and I asked, Well, what's one of those? And he tried his best to explain it. It was actually Italian, had to translate into English, and I didn't quite understand. So I decided I'd read up and find out what it was about. And from that moment I was hooked, I decided, yet I'm going to become a network engineer, so I did. Oh, what are violence? Put simply, they're a way of taken a physical switch and dividing it up into two or more logical switches. That's it. Now, before we look at an example of a villain itself, let's just take a look. But a basic network we have a single switch. And to this which we have four notes these are obviously connected by you tp cable. And in this network, the client at the top can easily talk to the client, the top on the right and there are no problems. The switch would allow it again. It would ford the frame, using the Mac address stable with villains. Weaken, Do something quite interesting. We can split the switch. In this case, you split it into two hearts. But you could have more than that. You could in theory, have 4000 and 96 segments, although 24 ports which be interesting. But you get the idea. In this case, we've called one half villain one and the other half villain too. And we've given them a name, e mail service and whips. It is no. In this instance, the service in violin one will not be able to communicate directly with the servers in bln too at layer two later three. That's something else, but it layer to the switch will not allow the traffic to pass between the service. So you may be thinking Well, is that it is that all the lands are Yes, pretty much is just a logical separation of a switch. Well, that was easy. So I'll just move onto the next module then. Oh, no, don't Just yet. Because we need to know why Villains are important. We have the how they work. But why do you have to use them? Well, there are two very good reasons for using violence on the first one will be discussed in the next video.

The Problem with Large Networks Is...

the first issue that villains help to resolve only occurs when we have a network of a reasonable size. If we're talking about a single switch or Paris, which is it's not going to be a problem. But when we have larger networks, that's when the problems start to arise. Now let's say we have a large network, not too large. We have four multi chassis switches. These witches are connected to each other. Fire up links and you have some nodes connected to eat. Switch. Now, I could have added, say, 50 odd nodes, which is what these witches could take. However, I can't really draw that many. And besides, having 50 notes in the presentation wouldn't really work too well. So we're gonna pretend we have 50 when in fact we only have four. Now, at the moment, things should be okay. One server wanted to talk to another. It could no problem. The switches would forward the information on the problem ease when it comes down to something called broadcasts. Now a broadcast is basically where a client or a node sends data onto the network. But the destination address is set to everyone is where we set the Mac address toe all efs in the destination. This means every single node on the network. We received a copy of the frame on a little network. Okay, we only have four. But if this server here's and the broadcast, it would go across or links toe all servers. If you had all of the ports populated, say it clients in every single port. That same frame is going to go to all of those clients. Now, let's say that we had a much bigger network. We had 1000 or 10,000 clients. That one frame is going to present all 10,000 clients that is going to consume. Resource is it's going to slow the network down because if you have one client sending one broadcast, you can have another client sending another broadcast and broadcasts happen all the time on Ethan. It they used for finding what I P address is associate ID with what Mac address or if they're asking for a D eight c P address broadcast, happen quite a bit. So we want to reduce the number of broadcast their sent across the network, and villains can do this now. This term actually has a name and it's called a broadcast domain. So one villain will become one broadcaster. Main on another villain will become another broad customer so that if a broadcast is sent it will not propagate between V leads. It will only stay within the local feeling. So in our example, we could put the server on the top, left on the server in the bottom, right into villain one and the server on the top, right and bottom left into villain to so that if the server in the top left sends a broadcast, it will only go to the server in the bottom right? You will not go across to feel and to now, obviously again, this is only four multi chassis switches with 50 odd clients. But if we had a much larger network, we can create more violence. In fact, this standard for villains states you can create 4000 and 96 villains on a single switch. And again, if you have 24 ports on that switch, how's that going to work? Because you cannot put every single pour into one villain. Oh, no, we need to think about it in a slightly different way traffic from different villains may transit that switch. Oh, you may ask, How does it do that? Well, that is the subject of our next video moving. Be land traffic between switches.

Moving VLAN Traffic Between Switches

when a frame is sent from one switch to another when it relates to veal and traffic, each switch needs to know toe what the land that frame belongs to. Now on a single switch is not a problem. You assign a Port Vila, but in our network in this large network we have here if the client in Villain one wants to send traffic to the client in Vail, M one on another switch. Oh, it would traverse the link between the switches. But how does the seconds which no, that that frame is destined for a client in VL m one? How does it know that it's not destined for a plant in dealing, too? Or to do that, we need to have a very brief look at the stand it or 802.1 Q. Now we've already discussed the what Bill Enza, and we've already discussed the why this is the who, specifically the I Tripoli and the I. Tripoli set the Standard four feelings, and they called it 802.1 Q. Now, this doesn't just say it's a villain, it says how many villains may be created. As we said, 4096. In addition, he doesn't just say be the numbers. It says names, and this is how they can be named. What characters can be used their size of the name. And it also says how neighboring switches are told to which villain the frame belongs. Which is the topic of this video. How villain traffic Traverse is between switches. Well, if we look at the Ethernet frame that we looked at in the first module of this video, Siri's, we'll see that right in the middle. We have the 802.1 Q tag. This is four bytes in size, and it contains the villa and I D. And it also contains things like ____ to treat it when there's congestion saying, for example, if it can be dropped on that now, when we put this field within the frame, this is known as tagging or a tag frank. You can also call it 0.1 Q tagging after the standard. But in either case, it just means that this field is present in the frame when it sent between switches. Now, when it sends this tact frame, it won't send it over normal link between, say, a laptop and you'll switch the tact frame is only sent between switches. How does it? No. I mean, if we look at this network here, how does the switches know that they are connected to other switches? All that there could be multiple villains traverse in the links. What we do is we actually change these links here into what is known as trunk thinks and how that works is explained in the next video.

Switch Port Types

when it comes to be, let's switch. Ports could be configured into one off several different types, and the type you use depends on its function. Now. The 802.1 Q standard defines two different types of switch port. The first one is an access port, and the second one is a trunk port. Juniper have also specified a third switch port type, and these are voice feelings. Now voice feel imports. We discuss a bit later, but for now we need to look at the access port on the trunk port. The access port is used for host communications, so that would normally go, say, from a workstation or a server to a switch. The port itself is placed into a villain, and it only carries traffic for a single feelin. So if you put your workstation into safe Dilantin, then at Layer two you will only communicate with other clients on relented. The villain itself can be set dynamically when you use the 802.1 X security particle. Now we don't cover that in this course, but we may look at it in the security course later on in the Siri's truck ports, on the other hand, are normally used to connect to other switches. Do you ever switch connecting to another switch that becomes a drunk? Think the port can belong to all villains? But let's say you don't want traffic from Villain 10 going across this link, or the administrator can prune that traffic he can stop certainly lends from traversing the link if he so wished. When the traffic is sent between the switches, the frames attacked with the particular villain number so that the receiving switch knows exactly what Bill and that frame belongs to. Now you can send a frame over trunk link without a villain tag. When this happens, this frame belongs to what is known as a native villain, and this is quite an important concept to understand. Switches sometimes need to send other switches traffic. I'm not talking about traffic that's come from a client I'm talking about. The switch needs to tell another switch something, and this could be something like something to do with spanning tree. Or it could be related to some sort of control software. But in either case, the switch needs to communicate with another switch. Typically, this traffic is normally put into villain one. Now some manufacturers will send this traffic untapped so that when the switch on the other end receives a ntags traffic, it knows it's in Villain one, and it knows it's probably control traffic June us when they have hand by default tags or villain traffic. Now, if you're connecting a June US X serious, which toe another ex serious, which you shouldn't have a problem. The problem occurs when you are connecting from one manufacturer to another. If a switch from a different manufacturer receives a frame from a X serious switch, then that frame will be dropped, which means it could be missing important information. So, for example, we have any ex serious which here move a couple of workstations connected. We have another switch connected, and this is a Cisco catalyst switch. We then have to more work stations, and a frame was sent from the X switch to the catalyst switch, and this is tagged. That's real M one. The catalysts which will receive this frame saying, Hang on. I shouldn't be receiving tagged frames on Villain one, and I'll drop it or you will shut the link down. You should never use Villain one for the native feelin. This can actually pose a security risk as it can allow an attacker to use their tech method called villain hopping. Now, we don't discuss that in this course. We'll be discussing that when we come to the security course. But we do need to be aware of this later on when we implement in a network for ourselves. So now I'm going to show you a little demonstration off villains Action. We have two X serious switches. We have three work stations and a laptop or connected to the switches. The workstations, Workstations 12 and three. Evan I. P. Address 17 to 23 110 30 40. And the laptop has an I. P. Address of 17 to 23 120. The pause there connected to RG 08 10 and Jeezy reserve five and seven on the second switch. So we need to make sure that workstation one camping all the other workstations on this particular network. So if we move to work Station one and just a host name yet, we are definitely on workstation. What? So weaken Ping 17 to 23 100. And then it was 20. That laptop. No problem. I can ping that 30. No problem. And 40? Yes. So we do have four ridge ability now. What I'm going to do is I'm going to pause the recording and I'm going to set some violence. I'm going to put Workstation One and the laptop interval. Um, one. I'm going to put workstations two and three interview and to on. What should happen is one should be a tipping the laptop workstation to should be out to Ping. What station? Three. But workstation one, The laptop will not be able to ping workstations two and three. So let's do that and welcome back. So I've now made the changes effective. Quickly. Have a look. And if we say show the lens, we could see we've created villain one and two. And if we look on the second switch again, we've created villain one and two. You can also see that we have a villain called Default and this is the default bill and it's created on the switch when you said it to factory defaults or when he first parent. Now the issue with this feeling is it doesn't have attack. No, it's not quite the native villain you find on the other switches. This is more a default. Relent. Just a group. The ports together. If you're going to use trunk links, you must have tanked feelings. The default villain won't go across the trump. Think so. The first thing you should do when you're configuring in the X, which is create the villains, tag them and someone before you can have the trunk minx. So if we move to our workstation again and if we try and ping the laptop, which was 20 no problem. We get a response. If we trying Ping, 30 would have any response if we try and ping 40 again. No response so I could bring the laptop. But I cannot ping the two workstations, so let's switch to a workstation. So host name. I'm on Workstation three. Ping 17 to 23 100 a tramping workstation one first. No response. Her tramping the laptop, which is 20 in their response, trumping well, 30 would be me. So 40? Yep, I get response. So that's just proven that even though these machines have the same I p address range. That's the 17 to 23 100 0 slash 24 range. They do not have full reach ability because they're separated at layer to buy these villains.

Voice VLANs

In the previous video, we discussed how the I Tripoli created the 802.1 q standard, and we also discussed how they created the port types off access and trunk and what they were used for. And we also mentioned voice feel imports. But we didn't go into much detail, or this video discusses the voice feel ends and the ports himself. Now voice villains have one sole purpose. And that's to transmit data from voice over i, p or VoIP telephones to the Voice gateway, which is then forwarded to another voice over I p. Telephone or to the switched telephone network. Now the reason for the voice Beilun Port is quite interesting. Now, if we look at how voice feel, ends used to be connected. We had a switch and we had a couple of clients. You would then connect your telephones to the switch. If the climb wanted to send data, it would send it to the switch, and the switch would know that that port is part the data villa. If the phone send data again, the switch would know people onto the voice feelin and it forwarded on. The only problem is if we wanted to head another server, another client. It's got nowhere to go to. We've used up all the ports because if you have a telephone and a computer each desk, well, that's doubled your port usage. Now you could go on by another switch, but that's expensive, so the solution was quite simple. You would create voice real imports. They could be access or trunk links, and they would allow two different be lens down the same port at the same time. We've trunk links. It's nothing new. You could always have more than one billion down the port. With excess ports, however, you can only have one on the way. This work was quite ingenious. If a frameless sent to the switch and it didn't have any real Integon, the switch would know that hat frame was part of the data villain. If, however, the frame had a tag that matched the voice, feeling that switch would know that that belonged to the voice feeling if it had any other tanks, the switch would discard the frame. In order for this to work, however, the telephones had to be modified and what they would do is they would come with two ports, one that would be connected to the switch and the other will be connected to the clients. So what would happen now is if the phone was sending data, it would send a tag frame to the switch switch would know that belongs to the voice feeling. If the client sent data, however, the client would send it to the phone, which would then send it to the switch intact. The switch knows that belongs to the date of the land. Now, some voice over I p phones can be told which villain I d to use. And it does this by using something called L o D P m e d, which basically means link layer Discovery Protocol media in the point discovery. So it can use that to tell the phone which feeling to use so you don't need to set it. If you're not using L ODP Med, then you have to set it manually on the phone itself. So, you know, maybe thinking you said there were two very good reasons for using the lens, and right now we've only discussed one, and that's to do with the broad custom ing Yes, Yes, I did. I did say that. So what's the reason? Security. You can prevent clients in one villain accessing clients in another villain. Maybe the other villains. Planets. You don't want them access in some confidential data. But there's another reason. Basically, it is possible to eavesdrop on data. So a client in a villain could somehow listen to the data. How does he do that? Normally, it takes a little bit of clever crafting, but it is possible to have a client see the one in the South Villain here. He wants to listen to traffic, and he does something to this port. Now you may just do a Mac address table overflow fills up the Mac address table, and it starts into the data on or ports Or, he could say, converted into a monitor import. In either case, he wants to listen to the traffic. If we're using the lens when the plant in the finance feelin sends data across the network, there is no way the client in the Sounds villain can listen to that traffic, you know, maybe thinking well, what if I really do want to send traffic between the violence when that cakes we're moving from switching to rooting and that is the topic of our next module

The Moving of Data Between VLANs

The Basics of Routing

Welcome back to the course. Layer two switches and villains in June. US OS. Now so far in this course, we've looked a ____. Plants communicate across the network how they use the Mac address to communicate. We've also had a look at villains and how these are a logical separation off the network so that clients in one billion could no longer communicate with plants and another villain at Layer two. Then, at the end of the last module, we posed a question of how could clients in one villain communicate with plants and another villain if they needed to. So, for example, there are accessing the email server or Web server. How could this be achieved? Or this is the topic of this module. We're looking at how we can move data between the lens. So the first thing we're going to do is look at the basics of routine Now. When we discussed switching, we said that it operated at Layer two routine, On the other hand, happens it layer three now. For this to happen, we have to assign network devices I P addresses and then routers will pass the traffic between the different networks and I know what you think it. Whoa, Hold up a minute. You just said that device is communicated using Mac addresses. In fact, we have a whole module discussing how that worked. Yes. Yes, I did. So that. And yes, they do they communicate using Mac addresses This __. I'm confused. You've just said I P addresses Mac addresses. How do they communicate? Okay, we'll just allow me to explain and all will become clear. I promise. Let's say we have a small network. We have Workstation One, which has an I P. Address of 19 to 1680 10 and workstation to which has an I P. Address of 1 91 68 110. And Workstation one wants to talk to 19 to 168 110. Okay. How does it do that? The first thing we need to realize is that I p addresses help a network device determine where from, Not the device it wants to talk to is on the same network or a different network. That's the idea of Nike address. So let's have a look at night address. Example. I p addresses are made up of four octaves is actually 32 bits and has eight bits and each opted. And normally you would see something like this. So 19 to 1680 10. That's how you normally see it. So it split up into four with an I P address. We normally specify a sudden it mask, too. And in this case, we have to 55 to 55 to 55 0. What this does is quite simple. Subject masks define which part of an I P address belongs to the network address in which belongs to the note address. So if we look back our example I p address, we can see that the subject mask has at 2. 55 in the first doctor a to 55 in the second doctor and the 2 55 in the third octave. What it basically means is, anyway, you have a to 55. That octet is part of the network address. And if you have a zero, such as we do in the four fork tip, that doctor is part of the note address. So the 2 55 to 35 to 55 that is the first three OC tents, which match the first three updates off the I P address, which means that the network address in this case is 1 92 1 68 zero with the note address off. 10. It's probably important to point out right now that this is basic, some letting. There are exceptions because you won't always see 2 55. However, that's something recover when we look at protocol independent rooting, which is another course in this series of the electoral. So if you look at this slightly differently, we have 19 to 160 as a network because it matches the 2 55 to 55 to 50 and 10 means it's the note address. If we don't have the second I p address, this is the I. P address of workstation to we can see that 19 to 1 68 110. If we get compared the 2 55 to 55 to 55 we can see that the first two updates match the very first i p address. But the third octave says 100 this doesn't match the first i p address which means the client would know by looking at these that that I p address is on a different network. So what does it do? Workstation One wants to talk to that I p address, and it knows that using the mask, he can tell that that I p address is on a different network. So what does it do? Well, it sends the packet to the Ruta. The router then determines where to send it on to, and that is basic routine. So the I P addresses determine on what network a destination is. That's what they do. The network devices then use the Mac address for communication. It uses a Mac address as the source and destination addresses. Using the method we looked at in the first module with this course. If the device is on another network than the Mac address in use will be the Mac address of the default gateway, which would be the router. Now, you may be thinking, right, you've entered the I P address into the client. So you know what the I P addresses? How does the client know what Mac address To send the data to? All that is the topic of our next video. How clients resolve i P addresses to Mac addresses

ARP

in the last video, we were looking a basic routine, and we're looking at how devices Even though there have an I p address words to use the Mac address, we ask the question of if you're still using Mac addresses to communicate, how do you find out what Mac address is? Associate ID. We will. I be address. And this is what art is for up means address, resolution, protocol and its main purpose or effect is only purpose really is to find out what Mac addresses are associate ID with what I p address now, devices then will hold this information in what we call the AARP cash. So they don't need to do an art request every time this in the frame, the just need to check the up cash. And it should have the information in there if they've sent one previously. So how would this work? So they say that workstation one I wanted to talk toe workstation to. So it looks at the mosque and it says that I can tell that that I p address is on a different network. Okay, How do I get to it? Won't need the default gateway. So What he needs to know now is what is the Mac address off the default gateway, and that's where the up request comes in. It sends a message on to the network, and it says, Excuse me, can you tell me your Mac address now? How does it get there? Because if it doesn't know the Mac address, how can it direct the request to the device it wants to go to? Well, up requests are centers of broadcast now. This means that every node on the network will receive a copy of that request. But it also means that the device the art request is meant for will receive a copy of the request. So what will happen is the Gateway itself will then send a reply to Workstation One saying, My Mac address is this. Now that seems fairly straightforward. But what happens if, say, for example, Workstation One is at some point shut down or it crashes, always removed from the network or whatever. Now, obviously the I P address associate it with Workstation one is not being used in the D. C. P server will recognize and say that's not being used for Well, I'll put it back in the available poor, so fast forward a little while and someone adds Workstation three, Workstation three Once and I Beatrice and it gets 0.10 would happen is the router or any other devices on that network will be trying to send a packet 20.10 but it would have the old Mac address of Workstation one in the cash. So to resolve this, every art cash or up table has an age time, which means at some point those Mac addresses will be cleared from the cash. If they're not being used now, what's the time? We'll on June us. That's 20 minutes. It does vary between different devices, but what we need to know is for Juno's 20 Minutes is the time. So the next thing we need to look at your something called gratuitous ups now these are slightly different from a normal up request and reply. Normally up notifications are solicited, which means the device has asked for the information. Sometimes the device will send unsolicited AARP notifications, which means it just suddenly sends out on the network, saying My Mac address associated with this I'd be addresses this now This can be good thing because it can be used by nodes to prevent the AARP cash from being aged. It can also be used for redundancy purposes. So say you have two gateways. They can share the same mech address so that if one gateway fails, the backup gateway will continue to receive back. It's on the failed gateways. Behalf. Okay, we can also be used for more sinister purposes. Attackers could use gratuitous ups to capture data. How is it going to do that? Well, let's say we have the same network. Workstation 123 The gateway for this is 19 to 16801 So workstation three is excess in ST Workstation to it would pass for the gateway If Workstation one suddenly sends out a gratuitous up and says I'm 1 91 601 Man Mac addresses this frames from Workstation three will flow towards workstation one workstation one could then forward them on to the gateway On behalf of workstation three, every packet that flows through workstation one would then be captured and analyzed for whatever means. So now we've looked at up. We looked at what gratuitous up does. And in the previous videos we've looked at how devices used Mac addresses to communicate and house, which is have a Mac address table. Well, let's put that all together. Let's try and do an end to end communication between these two workstations, using the knowledge we've just learned. Okay, so workstation one wants to talk toe workstation to Workstation. One looks at the sub net mask, and it says I can tell that the destination address is on the different network. Now, as Workstation one doesn't know the Mac address of the gateway, it sends it art request. So it sends a broadcast onto the network, which is going to be received by the default Gateway. Now, at this point, something magic happens. Although the frame is a broadcast, it still has a source address of Workstation one in the source address filled. Therefore, as the switch processes of the frame, it can look at the source address field an update, the Mac address table to say that the Mac address of Workstation One is associate ID with Port one. So the gateway will now send a response. This is my Mac address. I am 19 to 16801 and it sends it directly to the workstation because it knows where it has to go to. The switch looks at the frame and says the destination is this. I know it's connected to put one soffit, send it, and at the same time as it's received a frame from the default gateway. You also updates the Mac address table for the Mac address associate ID with the default gateway. So now the workstation is ready to send the frame. The switch looks at the destination dress and says yet that is out of port four, so it forward it on to the route accordingly. So now the router looks at the pack. It it looks at the pack its destination address and says, Yep, that comes out of port to I know that because my route table tells me so. Then it has another dilemma. How doesn't know how to get to that I p address. Oh, it sends an art request and it says, Excuse me. 1 91 6110. Can you tell me your Mac address? And it sends It is a broadcast as it goes through the switch that switch updates his mag address table. The workstation replies and says, My own Mac addresses this. Send it back as it goes through. The switch again updates its Mac address table for that make address said. Now the Ruta come forward. The frame the sweet looks that the source address says That's connect to support four and forward it on to a station to, and that is one flow. If you know a bit about TCP, you know that there are normally three parts to a handshake. You have the scene Cenac an AK now that will go backwards and forwards several times before communication is established. As you already have the Mac addresses in the Mac address table, there won't be any need to update this. There will be a need for workstation to to do an upper quest for its gateway, and the default Gateway would need to do a not request for Workstation one, but that's pretty much it. That's how into in communication works now. If you have more route is in between again, it's just a matter of art. Request forwarded on Request for Dawn It's also important to remember that's taking me a few minutes to describe this end to end process. In actual fact, that process happens very quickly. It could take less in the second for all that to occur. It's a very fast process now. We've looked at that. We need to look at the different ways we can route traffic between networks.

Routing Between Subnets

back in the early days of networking, there really only was one way of moving traffic between two layer to broadcast mains, and that was to use a separate physical router. Now, this router would be placed between the two broadcast domains so you could have maybe a hub connected to one side and even something that connected to the other. Even when switches were invented, they were still using. Route is like this. There was a downside. Fast routers tended to be expensive. They cost a lot of money. You got what you paid for, whereas if you wanted to save money, you could buy a cheap router. But that would tend to be a bit slower. So you would end up with a network looking something like this. You have a router in the middle. You have maybe switches or Khubbieva side, and you have some workstations or servers you have gateways on, wanting to face and another gateway on another interface, so that if traffic was moving from 178 to another, you're literally going wanting to face and out the other, and that's it. It would work, but again expensive. So the next option was what we call router on a stick, and this was introduced to route between violence in a way this would work is a router will be connected to a trunk link. Now, as with the router between the networks, the price affected the speed. If you spent more, you get faster routine if you spent less. Yes, lower routine. But in addition to this, the trunk link would carry twice the amount of traffic. So, as an example, here we have our example. Network. Let's just remove the links, get rid of one of the switches and reshuffle everything around. Let's redraw the links, and that is a router on a stick. You have a router connected directly to a switch, and the up link, as we said, is a trunk. Think now let's put one of the workstations in Dilantin in the other evil and 20 Well, the gateways would technically be on the same link. However, it will be under logical interfaces as they're on different violence. Now. The issue comes when the workstations, a veal and 20 wanted to talk to the workstation veal and 10. The data itself would have to come up and down the link several times in order to be sent between the two violence. That is obviously a waste of bandwidth because you're fearing the bandwidth between the router and the switch. Okay, so then we have the rooted villain interfaces, and these were great idea. Basically routed Frieden interfaces or RV eyes are routed into faces inside a switch. As soon as you create more than one R V I. On the switch, the switch becomes a Layer three switch, which means it can route lay. Three switches are fast, but they're also more cost effective than buying a separate fast router. So in this case, let's get rid of the Ruta. The switch itself becomes a router and switch, and that's what it is. But how does it do this Britney something called a routing engine and the Roots and Engine basically works out what subjects are reachable through each interface. Once the ari or routine engine has built this routing table, it passes it to the packet forward. An engine, a pack, it forwarded engine Well, basically, make sure that the packets are sent out the correct interface towards the next hop, using the Mac addresses learned in the art table Packet forwarded Engines are very fast, very efficient. They have low layton see, and they have very high throughput. Obviously, you can't replace route or in certain environments because routers will connect to other things, like a DSL or two different types of network, but within the land that absolutely perfect for sending data between violence.

Anatomy of a Network Design

before I move on to start configuring our eggs. Serious riches. One thing I would like to do is talk about network designs because it believe it or not, they are an important part off becoming a network engineer. There are actually three parts to a design. You have the high level design, also known as the hate. Jodi, you have the detailed level design for CNN is the D. O. D. And then we have the diagram. Now the hate your D is typically a word document, and it contains customer specific requirements. Say, for example, the customer wants tanking up links between switches. He wants to use a sequel database. He wants to have access to the Internet and someone so this would be listed in the Haight. Jodi. It doesn't tell us how to configure the devices. It doesn't tell us what ports to put things into. It just says this is what the customer wants now. From this, the designer creates the d. O. D. And the Deal D is for the network engineers toe follow so that you and I, we use this to build our devices. We also have a diagram and the diagrams will normally help the engineers visualize what the D. O. D is trying to do now. There is a reason why we're having this discussion. That's because designs are probably the most important part of network planning and implementation Now, firstly, because of the hate Cody, they list all of the requirements of the network. The deity itself. Well, then list how it should be configured so the amount of areas should be reduced because everything has been planned and checked in advance. In addition, there should be less issues caused by miscommunication and the simple reason being. If yourself in another engineer are working on a Paris, which is, you may say, I'm going to configure Port G 005 and you ever engineer may think he's meant to configure Port G 005 and therefore there's a miscommunication there because it's in the D. O. D. It says, This is how has got to be, and therefore you know what you've got to configure. Now. Here we have an example of a network diagram. Now, this was created in video, which is a very popular tool when it comes to generating network diagrams as we can see, we have three switches. We have up links between the switches that are labeled and we have the V lines at the bottom with their associated sub nets. Now, this diagram is actually based on our lap. So this is what we're going to be configuring in the next module. The one thing this cannot show you is toe what ports each plants are connected. And if you think about it, if there 24 ports, which is that's a lot of clients you would need to add to the diagram. It's kind of impossible. You wouldn't fit on the screen. Therefore, we need something else because documented to which ports each plants are connected is quite important because one day you're going to go to Iraq in order to connect client and realize the right any ports available. If you have good documentation, you could look at it and say I only have three ports available. I need to buy any switch. So what do we use instead of video? Or the answer is exhale. They may think what excels. A spreadsheet. How can you possibly use this to document a network that ideal tool? Because you can list everything in great detail. In fact, you can have lots and lots of detail to this. So let's just have a look at this example of a design. And again, this is actually written around the topology that we're going to be configuring in the next module. Typically on a network design, you would have a face sheet. So this is just general information. It gives you a tire tours to what the project is. Sometimes it may include things like cost codes and so on, but it should also include version information, so it tells you what the latest version is. And as we can see, we have had two versions one on 1.1, and you notice that 1.1 is highlighted in a different color. And this is good because as you add each version, if you highlight it in different colors, you know what's changed since the last design, because when you start going through all the information, the different highlighted parts will stand out more. We also have the designer or who made the changes, so that if there's any queries, you know who to go to to ask for any clarification and also has the reason for the change. In this case, it says VoIP trial. The second tab is quite useful. It told you the host names and it tells you the expected device type. So just give you a bit of information about what you're going to be configuring. Then we have routing information. So in here it says, we've got a management brute force which 22 and another management route for switch 23. Then we've got just a default route. First week 22. I'm not sure why we've got a D four route there, but as we go through this design, it probably will become a bit more clear. The VPN tab at the moment is empty because we're not using VPN if you did. This is where you list the information. So it says things like authentication, appreciate, key, any encryption you're going to be using the villain, Toby, something we will be using because we going to create feelings. So we have here. We have Sal villain, an engineer and villain, and we have an unused alone. And it told you what the subjects are going to be and the default gateway next we have Natalie information again. We're not using any nets, so this is empty. The same with the address book for the Far wall and the firewall flows. We don't have a farmer in the solution. Therefore, this is empty. The next two taps, however, are important. We have the i p in for tip, and this tells us what I P addresses we're going to use on the network so we can see that the terminal server has an I. P address. We can see that each workstation does. We can also see that switch 23 has one I p address where was switched 22 has three I p addresses. We can see that if we look along the road that we have an address in management in sales and engineering. So this tells us that this switch is going to be rooting. That's why we have a default route, because the switch is going to become a router. Switch 23 on the other hand, isn't doing any routing. It's just from management. And then finally, we have the switch in impacting tip, and this is also important because it tells us how things are going to be connected at layer one. In addition, how things are going to be configured that layer to, For example, we can see that Port G 005 for workstation one will be in veal and 200 so the port will need to be convicted for veal and 200 workstation to is in villain 100. So again the port we need to be configured. We can also see that Portguese Ears is 0 to 004 portage easier Sixth import G 008 already through to scroll down G 00 22 are going to be disabled. So they're going to be shut down. They're going to be put in a villa 900 martyrs unused. No, it's actually security mechanism. And we'll discuss that when it comes to the security course below that we have a couple of trunk links, so they're connected to the other switches and they would be unable to for certain violence and effectively scroll across. We can see that they are in the lens. 102 103 100. Okay, if we scroll down again, we can see that we now have switched 23. And apart from the workstations, we've got this row highlighted. And if you remember, if we go back to the face sheet, that was version 1.1. So this means that this was a change to the original design, and it seems to be for some sort of voice over I p telephone. Okay, so that's something that we're reconfiguring when it comes to the voice. Freeland section in the next module. And again, if we scroll down, would you see we have trump minx and the rest of the ports for disabled. Now the great thing about deal diseases, it tells us how each device is going to be configured. So in theory, you could take switch 20 to configure it, and your colleague can take switch 23 configuring. And as long as the deal is correct and you follow that d o. D. At the end, you can connect the two devices together, and it should just work, as it's meant to therefore reducing errors and the miscommunication issue. So I hope you've enjoyed looking at that, and that's all there is from this particular module. In the next module, we're going to configure, monitor and troubleshoot our X serious, which is

Configuring, Monitoring, and Troubleshooting Layer 2 Switching

Creating VLANs

Welcome back to the course. Layer two switches villains in Junos OS. In this module, we're going to look at how to configure, monitor and troubleshoot Latu switching and violence. In the previous module, we were looking at an anatomy of a design seeing how the design was made. Well, now we're ready to start putting that into practice. We're ready to start configure in our devices. And the question is, where should we start? With a great place to start would be by creating the villains. And the main reason being is you cannot at a port or trumping to a villain. And two, you've created the violence themselves. Okay, that's seems like a logical idea. However, there's something we need to do before we create feelings. The switches themselves are the factory defaults, which means they don't have any host name. They don't have any I p addresses. Set that end of any passwords, so we need to do that. So the first house we need to do is perform the initial configuration. Once you've done that, we can configure the management interfaces, and they will be given The address is 17 to 23 7 11 for Switch 22. And for Sweet 23 it's going to be 17 to 23 7 12. Then we can create the following villains sales, engineering and the unused villain for the unused ports. So the environment that we're going to be using to configure this looks something like this. We have the aggregation of distribution layer, which again is the switch one. We have the up links from the switches and the up link between the switches. The switches are going to be caught switched 22 switch 23 the Mandarin addresses are going to be 17 to 23 7, 11 and 7 12. And again, the three B lens will be created on these two switches. So let's get to it. So if we move to switch 22 1st, we can see that it says amnesiac log in and this is just being booted. So this is basically just being reset. We're looking his route, and it takes us straight into like to see it like, Well, let's just can you that then going to see a lie? So we're now in the actual cli mode. We can say edit, and the first thing we should do. You set the password set system, root authentication, plain text, password and new password. We're going to say password one with a capital B. Okay, and that's it. Then we should set the host name because we can't really leave it. Just saying route, we have to set a host name because as we move between our switches, we need to know which one we're making the changes on on the host name is the best way of doing this. So set system host name, and we'll call this back me s w 22. And if you move to switch 23 we could do the same. And if it system root authentication, plain text passwords, you can specify a encrypted password. But it means you'd have to know the encrypted password before you enter it Gate password one and then sit system hosting. And this one will be called like me s debut, 23. Okay, so we commit that to make changes permanent. Now that's done. We need to assign the i P address to the management interface. So just look at our interfaces. These obviously the interfaces we have on a device, and one more interested in is Emmy 0.0. So it interfaces M E 00 sent family on it address, and it was 17 to 23 seven 11 slash 16 and that's it. So the reason why we've said in case you don't know the family is because underneath each interface you have multiple options. So, for example, there too, would say Family Ethernet, switch in or you can say family unit for my profession, four for I p version six. Then you say I net six or you can have I. So for the eyes, twice particle. So in this case, we just using standard I PV For now, we can also do a check to make sure that what we've done is correct. So we can say commit check. And it will come back with a thing to say whether nights worked and they said no, because at the moment, underneath the management 00 interface, it's already set for the A C P, and thats so that when you're doing the initial configuration, you could get the I P address off a d h, c P server and configure it that way across the network we have connected via sea or link. So what we need to do is have a look at interface and we need to delete the a c p So great family on it Date CP and it's gone. So now if we do a commit check, that should work. And he does. So we could commit this The reeking go make the change on switch 23. So it it interfaces I mean 00 and then we'll delete the HCP first, then set family on it Address 172 23 seven, 12 16 Now we can create the violence. So top it, it villains And we should just have the default one which we won't be using At some point, we probably should delete it. But for now, we're just going to create our own so set and we need to give it a name. So just look at our presentation again. So 100 for sales 200 for engineering and then 900 is unused. So sent sales and then spielen i d 100 sent engineering and you notice I'm doing it in upper case. That's because when you're reviewing your configuration, anything you've done, we'll always stand out Mawr If it's in upper case of as it turns to blend in with the rest of the configuration and you thinking, What is that, a label I've put in? Or was that a command the Junos has put in? So we do in upper case, and we could just say, here Phelan i d 200 sent unused Phelan i d 900. Okay, so again commit chick and everything's fine. I also want to do the same configuration on switch 23 and it's a bit of a pain having to type all Halligan. So we do it another way. Show display set. And this gives us the actual commands that we need to use toe. Add them to another switch and we can just take these. We can copy. We can go to a lover, switch top and based That's it so it can commit check. That's fine. So we can just kimmit now. How do we know that these feelings have been added properly from here? If you say run show billions, it was show us which relies have been created and interfaces that have been assigned to those villains, and in this case we haven't assigned any interfaces yet. So it's showing his interfaces none for engineering, sales and unused. So next we need to configure the trump links.

Configuring Trunk Ports

in the last video, we did some basic configuration tasks on switch 22 23 and we created the violence. Next, we need to make sure the villain traffic comm pass between the switches, so we need to create trunk things and we need to set the follow imports as drunk wings on both switches. So we need to set port G 00 23 G 010 Okay, Seem fair enough. We also need to make sure that only V lands 102 100 are allowed on these trunk wings. And finally, we need to set the native via an I d to 900. Okay, that's fair enough. However, in the last video, we said the I P address on the management interface, but we didn't enable secure shell, so I can't connect to those switches across the network. You may be thinking more, however, I connected to them if they're not in the network while I'm using the terminal server, which converts network to cereal. So what we need to do is we need to enable secure show as well as creating these troubling as far as the topology is concerned. This is how it's going to look. So we've got the again. The aggregation distribution layer. The links that go to the aggregation and distribution layer are going to be G 010 and G 00 23 go between the two switches. And we could use the L O D P Command to look and see what switches are connected to each up link. So we'll do that as well, just to show you what the results would be. Now if I moved to the cli trying connect to switch 22 years in this command, it's just going to sit there and it's going toe hang cancel them. And if I go to the tone, it session to my turn us ever. And this is the terminus over itself. So it's just a router within the synchronous card inside. And this allows me to connect directly to the serial ports on my devices remotely, because these devices are quite loud and you'd be able to hear them on this recording. So they're in another room and I'm just connected across the network had to connect to them. We'll actually use reverse Tonette. We're trying to 168 Wonder one and should be on port 2036 Yep, that's reached 22. Okay, and then just at it, you can actually say configure instead of edit. I just use edit because it's quicker then to enable secure show. That's it. System services s his age, and we really want to be using Version two. Now if I just do a question mark here, you can see that there are two versions. Version one is basically an older version is not secure as version to version two has more encryption options, and that's the reason why we're going to use that now. We'll discuss that mawr when we come to the security section of this course, but for now, good issues. It's a vision to now. Once we've done that, we also need to set a route because although I have set the management address, I've not told it how to get to the rest of my network, and my client is actually on a different subject, so I need to set to route as well. So I need to say sit, routine options. Did you see there's quite few there? We're just going to say static route and it's going to be 0000 flesh zero. And we need to say next hop. And that should be 172 23 $7. 1. Okay, so that we've done that. We need to do the same on 23 after doing to commit. So let's do is commit check first. Okay, that's good. And if I need to break out of this session to move to switch 23 I do control shift six X, then takes me bank, and then I just select 37. And as you can see, I'm already logged into that one just to make it big. Quicker come or do they just clear the screen? Then I could then say set system services. This is a church Burtka vision aggression to then set routine options. Static fruit 0000 slash every next hump. 172 23 71 and commit now are just exit. And if I say as this H route at 17 to 23 7 11 and it says you have a new fingerprint, do you want to continue? Yes, I do, and I'm now connected to my switch across the network, which means I can now configure my trunk things. And the reason why you would do this is because connecting across the network is faster. The serial link is restricted to line 600 and it just means it's gonna be quicker when you type in stuff or copying and pasting, so it. And as you can see, I'm still in the configuration mode on my cereal link. But it's fine. It should still be able to make a change and commit it, and it should still work. You could disconnect the session, but I'm not going to. So we'll edit the interface and it interfaces and edit in the first port was G E there 0 23 and it's going to be unit zero. Now you can type in Unit zero, 0.0, and we're going to say sit family, even that switching. As you recall. When we did, the manager interfaces, we said on it port mode and you can see there's only two trunk and access we say trunk. Then then we say villain members and we have three options there. It's going to be engineering and sales. Okay, And according to our brief, we need to set the native villain I d to 900 se. We just okay, then we also need to do the same on Port G 010 So if you say up to and it it G Terry one 00 and we really need to set the same thing. So is it family? Even its which in sport mode drink the land members sales engineering. And okay, now we need to do exactly the same on switch 23 playing the screen show display sent up to Could it G zero there were 23 zero and we can copy that and paste it into twitch 23. So if I moved to, I'll just exit these terminals ever has this h fruit at 172 23 7, 12. And take that a copy and hopefully commit check. So we commit on both, and that's it. Now we want to see whether or not the ports are actually Trump thinks won't If we say run show feeling brief, We can see that we have to active ports on each one. Okay. Would you say run show villains? We can see that we have ports 23 010 both assigned to engineering and sales, and they're both active. So that basically means that their trunk links and their members of all those villains know what we've just done is we have successfully made these trunk links on both 22 23. And by using the veal and members command, we've ensured that all of the villains are pruned apart from 102 100 as per the design. And we've also specified the native villain I d using the native villain I d come out. So now even let the next thing we need to do is set the access ports and assign the clients to the excess parts.

Configuring Access Ports

we've configured our Vreeland's. We've configured the trunk links. Next, we need to configure the exports so we can put the clients in the crypt violence. So pretty much we need to put the follow imports into the following violence. Port G 005 on switch. 22 days to go into villain 200 Port G 007 is to go into villain 100 and then on 23 you got G 008 goes into villain 100 G 00 10 goes into Villa 200. Once that's done, we need to place all unused ports into Villain 900 and we should check them now. So pretty much this is how it's going to look. We got the two switches, which is 22 23. We got the four clients, and as you can see, Workstation one goes into 202 goes into 103 goes into 100 laptop one goes into villain 200. Okay, that seems fairly straightforward. Now. There are actually three methods we could use to add a port into a villain. So let's have a look at the first one so on switch 22 it it and it interfaces G 005 And in case you're wondering, the 0.0 or the unit zero is technically a sub interface. So five is the physical interface and 50.0 is the sub interface. Now, in this case, we're going to be using just 0.0 because we're not split in these interfaces up into some interfaces, but on things that routers you can. So you can use one sub interface for one villain, another sub interface for another. But as I said in this case, we don't need to that so it will be Just don't direct. And we want to say fit family, even its with Jim be land members. And it was 200 bucks was that she called engineering. Okay, so it's the first methods. You go into the interface and you had it the second option to go into villains. We're going to edit cells and we can say set interface. And then we can say G dash, is there 070? Okay, that's another method. So we've just added to interfaces to the lens, but again in different methods. And the third one is quite interesting because Juno's has an option called interface range. So you can basically group a lower reports together into one interface range. And when you make a change, say, for example, you set the port speed. You'll make that change on all the interfaces rather than have to go under each individual interface and change the speed that way so you can use this option to put them into one villain and to shut the ports down as well. So that's trying that. So you say it. It interfaces 10 interface range, and we're gonna call this one unused. Okay, now, we got quite a few options here, as you can see. So the first thing we need to do is actually add the interfaces so you can see if it member range G 000 to Judy zero zero. And before that's it member G 00 six so we can specify the individual. And then it would be eight to G 00 22. Okay, so now we've added the actual ports. We need to add it to the villa, and it's kind of interest in the way it does this. We need to say set unit zero. So that's the sub interface off. Zero family. Infinite. Switching the land member and unused. Okay, so let's commit. Check that and it's correct. So commit. And if we say room show real ends, we can see that we certainly have Port five in villain 200 ports have anything below 100 unused. All put into the unused villain and eventually got one interface that's in default and that just because that is actually up, it has an SFP in it. So it's just showing is active. If I took the SFP out, that port does it here, but that's fine. We can leave that for now. Everything else is exactly as we want it. So now we need to do the same on switch 23. So it and it interfaces eight. I don't see right ST Family. Even its routine feeling members. And I believe this world's That's just double check this. It was villain 100. Okay, which was it? Sounds up to it. It g 00 10 Syria. Okay, So its it engineering then up to again. Set interface range unused. Sorry. It interface range Unused and set member range he 000 to you. They're zero seven and and living to G 00 22. And we also want to say Set member G E 00 night, then sent unit. Is there family, even its ricin feeling members and unused And that's it. I mean what we could just clear that that's just exit and let's say show felines. And again you have bought 011 in the default. But everything else is in unused or cells or engineering. And again, just to prove a point. Three kids, I get it and it interfaces interface range, unused, sit, disable. So that could then shut down all the ports as well, if that's what we wanted. So what we've done is if we connected to one of the clients, they would be out to ping the client on the same feeling. But there won't be a tipping each other in different violence. And that is what the next thing we need to do is we need to create rooted ports so that the switch technically becomes a router. Okay, so that's what we're going to do in the next video

Configuring Routed VLAN Interfaces

Our next task is to create the R V I or rooted villain interfaces. Now why do we need to do this? Or the clients in Villain 100 need to communicate with clients in Violin 200. But in addition to that, these clients also need to access the greater network they need to access, maybe the Internet. So this is what we need to do. We need to create the layer three interfaces villains 102 100. Then we need to set the I P addresses on switch 22 only on main reason being, because if we create them on switch 23 you have an address conflict, and it won't quite work. Now there is a way of doing switch 23 for redundancy purposes, but we don't cover that until much later on in this video, Siri's so we need to create on Villain 100 R V I. With the address of 19 to 1 68 101 and for veal and 200 we'll have the address of 19 to 168 201. Then we also need to add a default route toe 19 to 168 100 to 54. And this is actually in the aggregation there, so it should allow the clients to go out on to, say, the Internet or any other services that are on the company network. So this is what it looks like now have moved the switches side by side just to make it a bit more clearer in the diagram. But as we see, Workstation one has an address. One line to 168 210. Because that's a billion 200 then Workstation two is 120 because it's in via and 100 workstation 3 130 laptop 1 240. So if we moved to our switch and again switch 22 only, and we edit and edit interfaces via and we should only have one in there, that will be the villain. Zero. As you can see, it says Unit zero. So that means well and zero, and it just says family. I met the http so that would be the default created layer three interface that you could use as an alternative to the management interface. When you come to configure the switch for the first time. Then we could delete that we won't just yet because that could cause problems later. But for now, we need to say That's it. Unit 100. So that creates the unit 100 something to face, similar to create in sub interfaces on the physical ports. Doulas kind of treats the villain in to face as a physical interface and off of that, you have the logical interfaces. So if we say edit, you don't 100 we can say set family on it. Address 1 90 to 1 68 $100.1 slash 24. Okay, we couldn't she do this another way? Instead of editing the unit, we can just say set unit 200 family on it. Address 19 to 1 68 Do 101 flash 20 for. So that creates the layer three interfaces of themselves. And we just confirmed it's there. No problem. So now we need to assign those layer three interfaces to the villain itself. So it it real ends. As you can see, we got the engineering sales we won't assign one to unused because we don't need to and if we say is it engineering player three Interface. Beeline don't 200. Same for sounds. There are three interface. Real end up 100. Okay, let's just do a commit check now. We're not going to commit it properly yet, as we need to create the route. So is it routine options? Static route. And then to be 00000 Next up, when I do 1 68 100 2. 54. Okay, so let's try commit and let's just see if we can't pink me next up first. So, yes, you certainly get response. So technically it should work. Let's now try and connect to a client. And to do this, we use the Microsoft remote desktop. As you can see, I have three work stations in one laptop, and the reason why I'm doing this is because the machine I'm using to record this video is on. One submit is actually going through a firewall for a different sub net, and eventually it connects to my lab. And if I can connect to this workstation from the machine I'm using here, we should have for rich ability in theory. So let's try it Yep, I've successfully connected. So if I know Ping 19 to 1 68 100 dot one of the clients was 20 that works and let's try 30. That's great. So we're doing that test. We've actually proved several things. Firstly, I could connect toe Workstation one across multiple sub nets, so we definitely have rooted in place. I could also pink the clients on one feelin from a client. Another feeling, which means the switches routing properly. And that's exactly what we wanted. And to be honest, it wasn't too difficult. As long as you remember to link the layer three interfaces to the violence, the switch should root automatically. You just need to add the static group and you dumb, and that's it from enabling your switch to root. The next topic we're going to be looking at is held to enable and configure the voice veal imports on your ex serious, which

Configuring Voice VLANs and Ports

You may remember from the first video in this module that the designer had added a version 1.1 and two that he had added something about trial in voice over i p. If it if we look at the design quickly, we can see here one put one a few I p trial and in the switching impacting tab. If we scroll down recon, see it says voice over i p for workstation for and saying to do, if he lends 103 100 Well, this video discusses how to implement voice, Phelan's and voice real imports. And the scenario is Acme are trialling voice over i p, which means that we need to add villain 300 to both switches as a voice feeling. In addition, we need to assign Port G 009 on switch 23 only to the sales villain and the voice feeling. We also need to ensure that villain 300 The voice feelin is not pruned from the trunk ports. Okay, that seems fair enough. So if you look at our network, we can see all we're doing is reconnecting the phone to G 009 and we're connecting the workstation to the phone. But if you remember, there are two ways of doing this. We can make it an access port or trunk pull. So we're going to make it a trunk report first and then change it to an export just to see the differences in how you do it. So if we move to our switches and we say edit and the first thing we need to do you said the villa so is it the land? And we'll just call this one voice real and I D 300. Then we need to set the trunk ports to pass the bill. Okay, it it interfaces G 00 23.0. And we just need to add to the real I'm members voice. So you set family even at switching villain members voice. Okay, then up to it. It g e 0100 and it's it. In fact, we could probably go up and do it this way. There were, so it won't switch 22 or we need to do is commit that switch 23. However, we need to actually configure the port. So if we edit exit villains voice. Then again, we need to set the ports so it interfaces G 00 23 0 ST Family. Ethan, It's 15 villain members voice up again, but it G 010 Okay, And they don't have gotten to do once it set villains voice, I need to say, really, I d 300 and I'll commit that as well. So now we've created the villain and we've allowed it on the trunk links We now need to configure the interface so it can do data and voice traffic at the same time. Unless we said we're going to use the trunk link first and then we'll change it to be an access port. So it it interfaces G here in Syria. $9 here is it family Ethernet switch in port mode, drink, then feeling members voice then. And this is the clever part We say native billon I d sales, and that's technically it. That's what you need to do. So when the phone sends a voice feel and pack it, it will be tacked because the phone will take the package itself. When traffics received without a villain I d set, then it belongs to the sales villain, and that's what you need to do. Now Let's just change that. And it was a top robotic, so that removes the configuration. So how to use an excess port? We need to do this so it interfaces G zero there. $9. 0. It's it family, even it switching port mode. Technically, we don't need to do this, but it just ensures that it is in an access mode. Then we say feeling remember sales? Okay, so you're at the top there. We need to go into a section we've not been to before. And that's one called Ethernet switching options. It it even its reaching options. And then under here we can set what we call voice over i p. So that's it. Voice of I P interface G through 9.0 Leland Voice. So in this case, what we're doing is we're telling the X which that if any frames come in that attacked for the voice villain, it looks and says, Yep, that is definitely a voice over I p interface, and it allows it to pass. You could also set another option here, where it's a question mark and you can see you have fording class. So if you're using something like quality of service, you can tell it how to handle the traffic. Make it a high priority than other traffic. Unfortunately, quality of service isn't something we look at in this particular course. So now we've done that because a top there's something else we need to do before we commit this. Let me just clear this screen. And if I did it interfaces interface range on the used, we can see that we have member G 009 What this means is this interface has been shut down and it's part of the villain unused. In addition to be impart the voice feeling and the cells feeling. So we need to delete this member from this group before we can commit. So ST Member G 00 nine. Okay, and it's gone. So now if we commit that and now for just go top and here I say run, show you forget switching interfaces and as we can see, we have geezers or nine is added to sounds and voice that 300 is tanked. That 100 is the unchecked frames. Now the state is currently down, and that's because there isn't anything plugged in. Even if there waas. How can I demonstrate me making a phone call? Just pretend to pick up the phone. It is not going to work, so I'm not going to demonstrate how it works. All you need to know is if you come into here, it will show both villains added to that single port. Now there's one little thing I need to add as well. I mentioned during our discussion on voice feelings that you can use something called LDP Met. And that's a way of the switch telling the phone what voice feel and to use So he knows how to take the frames, and this is set under the protocols. So what I need to do is say it particles hello __ and has only two options we're going to use Met every say show. In actual fact, it's already enabled. So if my phone supported Elodie P. Med, I plug it in and the switch would automatically tell it that the voice Freeland, Israel and 300 And there you go. That's it. That's all we need to know about configure invoice villains in our next video. We're going to look at some trouble, shoes and techniques we can use should we have any issues with our switch network?

Troubleshooting VLANs and Ports

throughout this module, we've done a lot of configuration on our X serious, which is We've created villains we've set the ports, has access and drunk. We've created voice villains, and things have gone relatively smoothly. But that's not always the case. You will have problems when you're doing configuration, especially when you're under pressure. So this video is really just about the different things you can use to try and troubleshoot. Why things aren't working now. If we look at all the different options we have for troubleshooting, the best one we can use is really the show command. That's the one you really want to use first, before you go anywhere else, start doing things like captures and someone, because the show command could probably tell you what the issue is without going into too much detail. So the different options that we're going to look at in this video are the show interfaces task a month, the show interface G and then the port number, followed by one of the options of brief, detailed or extensive. We got the show villains command. We got the show log messages command and then we have the show. Even it switch in command, followed by interfaces or table. Now, some of these commands you may have seen me use already, but it doesn't hurt to go over them again just to try and see what information they're trying to tell us. So let's move to our switch. And from him, we can say show interfaces test. So this brings up which ports are up and down, and if there are any I p addresses assigned to them, you're less than there as well. So this is good to see whether or not your I P addresses have bean set correctly compared with, say, the deal D or even just to make sure that that is the correct address you put on there Now, a next option allows you to see a bit more information about a particular port. So if I say show interfaces and s a G and it's pick one that's actually up, so that should be five. And after that we have a few options. So we have detail. Extensive. Does this sticks terse. We've already seen so that we just bring up where? For noise, up or down. But let's try looking at brief first and This just tells us how the port is configured. So we've got what we call the MTU size, which we discuss later. We've got whether the speed is at auto or if you set it to, say, 100 megabit. You have information such as the media type, which on this port will always be copper. If you're using, say, fiber, you would say forever. Okay, so let's just have a look at what other options available. Let's look at extensive. And as you can see, there's quite a lot of information now. The ones were actually interested in, Really, Are the errors on the one was specifically interested in? Is collisions? If you remember, collisions shouldn't occur on a switch network. It happens on the hub or happens on shed media, but it doesn't happen on the switch. So if you see collisions here, there's obviously a problem now that normally indicates that there's some kind of mismatch between the duplex settings on one side and the other. So let's say your clients it toe half duplex, but you switch is set to four duplex. You would get a collision, so this kind of indicates that there are problems and as we can see, there's a carry transition era. But apart from that, the air is zero, so that's a good thing. It also tells us how much traffic going through for how many bits per second. For example, you're so of information such as how curious set or quality of service or class of service. And we also have the logical interface statistics Now. This is quite important because if you have multiple logical interfaces, it would give you the statistics for each logical interface, and it can compare that with the overall usage on the physical interface. But we can also use this with the detail command, and again it looks like there's quite a lot of information. Realistically, the difference between detail and extensive is that detail doesn't have Mac statistics and doesn't have as much quality of service or class of service information, but again still very useful to tell you which packets of being in and out. But it doesn't tell you how many errors have occurred, which the extensive would now show be lands we've already seen. And as you can see, it just tells us what interfaces are assigned toe. What villain the asterisk at the end of the port just tells us where we're not. The port is up or down, and you may notice that on the voice villain we only have two ports. Or that's because the port we configured is actually on Switch 23 therefore the only interfaces we have in the voice villain other trump links. Now our next option. He's quite useful. The runner actually quite a few different log files within June us. And if we do a question mark, we can see some of them now. The most commonly used one would be messages. You can also see you have messages 0.0 dot gz and messages one dot gz. And this is because when the switch reloads, it will create a new file called messages so that any of the information that was related to the last time the switch was up would be stored permanently, just in case he needed to refer to it later. Maybe because it crashed or something to the existing. When we really want to look at is just messages. So if we type in messages and it's going to be quiet, all information as you can see trying to cycle through this lot could take quite a while. So if we use the pipe sign as they last 10 you'll only display the last 10 messages so you could increase this and say, I want to see the last 20 or 30 or whatever rather than having to cycle through the entire thing. And there's quite all information here is just telling me what use is connected? How are they connected? Say ssh from what I be address and also says things like, I did a rollback that I didn't commit and so on. So it's just general information. But when things go wrong, you look in here and it should give you an idea as to what's gone wrong. And the final option that's going to be useful is the show, even it switching. And it's really two options that we really want to look at. The first one is interfaces. This just tells us whether or not the interface is up or down, as it says in the state, what feel? And it belongs to whether or not it's tagged untucked, whether or not it's being allowed past Manning. True, critical and so on. Now. If the ports down, it's going to be blocked by spanning tree anyway, and the rest that are up just seem to be unlocked. So that's good, too. The other option. Under even it switching is table. They may recall that switches learn on the Mac addresses of each device that's connected to each port, and this is the table where you can view the information. And it just tells us that, for example, in the engineering villain, it's learned to Mac addresses. Now, when it's his star or asterisk, that means to flood. That's the default setting. If the Mac address isn't listed in the table, then it floods it out of all ports. When we have the static, well, that's the device itself. But the other options are from devices connected to each port. Now you may recall that the start of this course we're looking at the different switch models, and we discussed the different sizes of the Mac address table. Well, that's what it relates to how many entries we can have in this table before it's full. Now, let's say that the Mac address table was full. What happened is by default, the switch will start to flood traffic out of all ports for any Mac addresses that aren't in the Mac address stable. So, really, that's just something you need to be aware of when your network gets to a certain size. In this case, 15 entries is not a lot. The Mac address table is relatively empty on the last option is quite useful when you're trying to figure out what devices are connected to your trunk. Meeks and with touching any earlier, we talked about Elodie P. What? Elodie P will tell you what neighbors are connected to your device. So if we said true, a little __ neighbors interest tells us what devices are connected. Toe what ports on the switch. It also tells you things that the chassis I D on the Mac address and so on, just to give you an idea of how your network is connected so I can see and hear the import. 23 have got 23 connected on port 010 I've got switch one connected, so really, this is just useful information. If you're not sure how well network is connected, or let's say you don't have a diagram at hand. We could use this on multiple switches, and from there you could figure out how things are connected on your network. It's important to note that in this module we've been looking at how to configure standard juniors switches. We also need to know how to configure switches running here less or enhanced layer to software, and you'll be pleased to know that this is a topic of our next module.

Configuring Switches Running Enhanced Layer 2 Software

The Origin of ELS

welcome back to the course layer to switch in the villains in Junos OS. In the previous modules, we've looked at what we call standard switching software in this module. We're going to look at a new version of June us that was developed for X serious switches, and they said what we call enhanced layer to software. So the first question we must ask is. Why have Juniper decided to replace the Junos er switch in software with enhanced version? And the simple answer is one Julius, Basically 1 June us isn't as 1 June us as we'd like it to be, and there are subtle differences between some devices, and this goes against the one Juno's philosophy. Basically, Juniper wanted to unify the Junos operating system. Their devices themselves have the same cli at layer three. So, for example, and SRX would have similar Seelye to Ajay Siri's, which have similar Seelye to a T. Siri's. However, there are some differences at layer two, so here less unifies Junior Seau s at Layer two and the name itself enhanced Latu Software kind of gives that away. It doesn't allow three. It does it later too. So the next question is, why have Juniper changed the switch? Seelye. Why can't they have changed it on other devices? Well, there are two devices were actually interested in the first is the MX Siri's routers. Now these use bridge domains and I Arby's or integrated route in bridging interfaces. The other devices, the E X and Q, affects serious switches, which use villains and Dylan interfaces. And the reason why Juniper decided to change the switches is because the Emmick Siri's route is a very popular with service providers, and that's quite a lot of them installed. And as you can see by the size, they're quite expensive. So rather than change the Emmick series route, is it upset service providers, meaning that have to train or their engineers again? Therefore, let's just change the X serious switches. It seemed to make a lot more sense. So in the attempt to unify, genius operates and system, Juniper added MX router commands to X and Q effects switches. They also deprecate id some of the e X switch commands. It's important to note that at this time, not all switches support here less now. The original release for here less software was in Cure Fixed 35 hundreds and Q FX 36 hundreds. It was only supported in June, US 13. 2 x 50 d 15 or higher end. It must use the virtual chassis package next. Juniper released it on the X Serious, which is on the 4300, 4600 and 9200 and all Jonas arrest releases on those devices is supported and then finally ls were supported on the cure effects 5100. And this was supported on Junior Seau s 13 2 x 51 d 10 or higher. Now what's cure Fix, which is support here, less software. If the cure effects, which is part of a que fabric system then it will not support were less. If the COO effects, which is part of a que fabric system, that will be the standard switching software. So you now maybe thinking how will I know which commands have bean deprecate ID? Which of the new ones? And if I'm going to migrate from San oldest, which to another switch, then how will I know which commands to use? Well, Juniper have released what we call the fearless translator and the less translator basically converts the configuration from the standard exterior switch to a new switch that's running here less. Let's have a quick look at that to show you how it works. So as you can see, this is the fearless translator, and it just says Version 1.0. And it just says that it converts jewelers OS to enhanced here, less configurations using Junos OS 12 3, R two and later, you can just paste the configuration in. Or if you say, choose file, weaken, Select, for example, are one from Acme 22. If we cling to con translate and it tells us in black which commands of the same and as we scroll down, anything in blue is new. So therefore, this gives us an idea as to which commands have been changed. So now we know a little bit about here less. Let's go ahead and configure our new switch, which is going to replace which 22 with the enhance leg software configuration. And this is what we do in our next video

Configuring VLANS and RVIs on Switching Running ELS

In the previous video, we had a brief overview of eras, and now we're going to start configuring a switch that is running the here less software. We're going to start by creating villains and RV eyes or rooted bill and interfaces. So I'm going to do is we're going to start upgrading Switch 22 that we configured in our previous module. Now the initial configuration itself has already been done, so we don't need to do that. What we're going to do is we're going to set the management I p address and create a default route. We're going to create the following villains. So we're going to create Villain 100 which is sales bill and 200 which is engineering, and Dylan 900 which is the unused land. Then we're going to give figure the layer three interfaces or the RV I interfaces or villain 100. We're going to give an address of 1 92 1 68 101 and Bill and 200 which is going to have an address of 1 92 1 68 $200.1. Let's look at how our nukes, which is currently configured. So our new switch has a host name off Acme ls SW 22. And if I just say show configuration system, you can see we already have the root user created. We've set the ssh Protocol devotion to sis Log. We've left his default and we've got DCP service there, which we probably could remove. But he's not doing anything in the moment. Then if I say show configuration interfaces, you can see for some reason we've got the storm controlled, the for option already set. Where is we Don't have that on our existence. Which then if I see shoe interfaces tests, you can see we have a large number off gigabit interface is that we actually have 48 then further down, we haven't interface Emmy zero Now on our existing switch. That's as she set for management. But in this case, the type of set as Ethernet switch further down, we have an interface of V m E zero and the via me is actually a virtual management interface. Now you can if you wanted to the sign and address to M E zero. However, it is preferred that you assign the address to the virtual management interface. And as our first task is to assign a management I p address let's do that now. So it it But it interfaces t m e 0.0. That's it. Family on it address. And let's just confirm what the address. Waas. So one switch 22 show configuration interfaces Emmy zero. So our address is 17