NTP is a layer 3 protocol. NTP is used for proper time, which is critical in networks. Making sure the network devices are all synchronized with the same time can help with management. Networking devices utilize time for several reasons:
Logging output
Debugging output
User ‘show’ commands
Network management/Reporting tools
Certificates – If time is incorrect your certificates can become out-of-date
Where do we get the time?
All devices have an internal system clock.
Most are battery driven and maintain the time/date when the device reloads
Devices with battery driven system clocks can also distribute this information to remove devices VIA NTP.
Sources Of Time
Manual configuration ie: clock set command
NTP
SNTP
VINES
NTP
IETF Standard – RFC 1305 and RFC 5905
UDP port 123 (source and destination)
NTP nodes obtain time from an authoritative source: -Atomic clock -GPS -Radio -Other network devices
NTP Device Roles
Client – Device that periodically polls a server for time/calendar information.
Server – Provides the information to the client.
Stratum 1 – Most accurate clock
Stratum 2 – Time server that is one hop away from stratum-1 device, etc
The default for an ntp master is stratum 8.
When using authentication the clients authenticate the server.
IOS Configuration (server aka Master)
clock set hour:minute:seconds day month year
conf t
ntp master [1 - 15]
Two PE Routers – PE1 and PE2. They are connected with the 10.0.0.0/24 network. PE1 has a loopback of 1.1.1.1 and PE2 has 2.2.2.2. This Provider network could easily be increased in size and number of devices. Most labs will use OSPF or EIGRP for the Provider network with a BGP connection between the specific provider edge devices connecting to the client.
C-1-1 Configuration
hostname C-1-1
!
interface Loopback0
ip address 11.11.11.11 255.255.255.255
!
interface GigabitEthernet0/0
ip address 192.168.1.2 255.255.255.0
ip ospf 1 area 0
duplex auto
speed auto
media-type rj45
!
router ospf 1
router-id 11.11.11.11
C-1-2 Configuration
hostname C-1-2
!
interface Loopback0
ip address 12.12.12.12 255.255.255.255
!
interface GigabitEthernet0/0
ip address 192.168.2.2 255.255.255.0
ip ospf 1 area 0
duplex auto
speed auto
media-type rj45
!
router ospf 1
router-id 12.12.12.12
!
C-2-1 Configuration
hostname C-2-1
!
interface Loopback0
ip address 21.21.21.21 255.255.255.255
!
interface GigabitEthernet0/1
ip address 172.16.1.2 255.255.255.0
ip ospf 1 area 0
duplex auto
speed auto
media-type rj45
!
router ospf 1
router-id 21.21.21.21
!
C-2-2 Configuration
hostname C-2-2
!
interface Loopback0
ip address 22.22.22.22 255.255.255.255
!
interface GigabitEthernet0/1
ip address 172.16.2.2 255.255.255.0
ip ospf 2 area 0
duplex auto
speed auto
media-type rj45
!
router ospf 2
router-id 22.22.22.22
!
PE1
hostname PE1
!
ip vrf Client1
rd 65000:1
route-target export 65000:1
route-target import 65000:1
!
ip vrf Client2
rd 65000:2
route-target export 65000:1
route-target import 65000:1
!
interface Loopback0
ip address 1.1.1.1 255.255.255.255
!
interface GigabitEthernet0/0
ip vrf forwarding Client1
ip address 192.168.1.1 255.255.255.0
ip ospf 1 area 0
duplex auto
speed auto
media-type rj45
!
interface GigabitEthernet0/1
ip vrf forwarding Client2
ip address 172.16.1.1 255.255.255.0
ip ospf 2 area 0
duplex auto
speed auto
media-type rj45
!
interface GigabitEthernet0/2
ip address 10.0.0.1 255.255.255.0
duplex auto
speed auto
media-type rj45
mpls ip
!
router ospf 1 vrf Client1
router-id 192.168.1.1
redistribute bgp 65000 subnets
!
router ospf 2 vrf Client2
router-id 172.16.1.1
redistribute bgp 65000 subnets
!
router bgp 65000
bgp router-id 1.1.1.1
bgp log-neighbor-changes
neighbor 2.2.2.2 remote-as 65000
neighbor 2.2.2.2 update-source Loopback0
!
address-family ipv4
neighbor 2.2.2.2 activate
exit-address-family
!
address-family vpnv4
neighbor 2.2.2.2 activate
neighbor 2.2.2.2 send-community extended
exit-address-family
!
address-family ipv4 vrf Client1
redistribute ospf 1
exit-address-family
!
address-family ipv4 vrf Client2
redistribute ospf 2
exit-address-family
!
ip route 2.2.2.2 255.255.255.255 10.0.0.2
PE2 Configuration
hostname PE2
!
ip vrf Client1
rd 65000:1
route-target export 65000:1
route-target import 65000:1
!
ip vrf Client2
rd 65000:2
route-target export 65000:2
route-target import 65000:2
!
interface Loopback0
ip address 2.2.2.2 255.255.255.255
!
interface GigabitEthernet0/0
ip vrf forwarding Client1
ip address 192.168.2.1 255.255.255.0
ip ospf 1 area 0
duplex auto
speed auto
media-type rj45
!
interface GigabitEthernet0/1
ip vrf forwarding Client2
ip address 172.16.2.1 255.255.255.0
ip ospf 2 area 0
duplex auto
speed auto
media-type rj45
!
interface GigabitEthernet0/2
ip address 10.0.0.2 255.255.255.0
duplex auto
speed auto
media-type rj45
mpls ip
!
router ospf 1 vrf Client1
router-id 192.168.2.1
redistribute bgp 65000 subnets
!
router ospf 2 vrf Client2
router-id 172.16.2.1
redistribute bgp 65000 subnets
!
router bgp 65000
bgp router-id 2.2.2.2
bgp log-neighbor-changes
neighbor 1.1.1.1 remote-as 65000
neighbor 1.1.1.1 update-source Loopback0
!
address-family ipv4
neighbor 1.1.1.1 activate
exit-address-family
!
address-family vpnv4
neighbor 1.1.1.1 activate
neighbor 1.1.1.1 send-community extended
exit-address-family
!
address-family ipv4 vrf Client1
redistribute ospf 1
exit-address-family
!
address-family ipv4 vrf Client2
redistribute ospf 2
exit-address-family
!
ip route 1.1.1.1 255.255.255.255 10.0.0.1
NOTE: THIS LAB IS NOT COMPLETE IT IS SETUP SO BGP GOES DOWN DUE TO AN ISSUE WITH KEEP ALIVES. EVERY 3 MINUTES BGP WILL GO DOWN AND THEN THE DYNAMIC ROUTING PROTOCOL WILL TAKE PLACE. AFTER THIS BGP WILL COME UP AGAIN FOR ANOTHER 3 MINUTES AND KEEP REPEATING. THIS IS AN EXAMPLE OF WHY YOU USE STATIC ROUTING ACROSS EXTERNAL PEERS. THERE ARE OTHER SOLUTIONS..FIND THEM!
BGP’s primary purpose is to interconnect autonomous systems.
Autonomous system (ASN) – Networks or a group of networks under the same administrations control and have a common routing policy.
BGP is the glue that holds the internet together!
BGP is designed to carry large amounts of routes.
BGP removes the strain of carrying large amounts for IGPs.
ISP speak ‘customer routes’
External and Internal BGP use different policies.
IBGP is not able to replace IGP’s. IBGP is meant to work alongside an IGP to create an efficient network.
External BGP
External peers must be directly connected.
TTL of 1 is given
Time-to-live (TTL) tells a router whether or not the packet has been in the network too long and should be discarded – it times out at 0 and is discarded. Each hop is -1.
This is to avoid long peering from occurring.
TTL-Security is used to provide security to make sure neighbors are directly connected. This works by using a TTL of 255. This must be enabled on both peers (routers).
BGP Configuration Categories
Configuration consists of two categories.
Session commands tell BGP how to create the session.
session commands can be global or per address family(Apply to all address families or just one)
Policy commands control the routes.
Policy commands are ALWAYS per address family.
Internal Peering
No requirement for direct connectivity when doing iBGP.
Huh?
After the configuration has been completed and we have verified R2 and R4’s loopbacks are being advertised to one another we check the BGP table and find something interesting.
RIB-failure!!?? Normally failure is never a good thing but in this case we can see that we have an internal route that’s not being added to our routing table.
We can check to see if their is a better route for our destination and we certainly see that the route is being learned VIA OSPF which has a lower admin distance than iBGP – thus winning the route.
vIOS1 Configuration
vIOS1#sh runn
Building configuration…
Current configuration : 3589 bytes
!
! Last configuration change at 15:13:59 UTC Sat Mar 13 2021
!
version 15.6
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption
!
hostname vIOS1
!
boot-start-marker
boot-end-marker
!
!
!
no aaa new-model
ethernet lmi ce
!
!
!
mmi polling-interval 60
no mmi auto-configure
no mmi pvc
mmi snmp-timeout 180
!
!
!
!
!
!
!
!
!
!
!
ip cef
no ipv6 cef
!
multilink bundle-name authenticated
!
!
!
!
!
redundancy
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
interface Loopback0
ip address 192.168.0.1 255.255.255.255
ip ospf 1 area 0
!
interface GigabitEthernet0/0
ip address 192.168.69.1 255.255.255.0
duplex auto
speed auto
media-type rj45
!
interface GigabitEthernet0/1
no ip address
shutdown
duplex auto
speed auto
media-type rj45
!
interface GigabitEthernet0/2
ip address 192.168.26.1 255.255.255.0
ip ospf 1 area 0
duplex auto
speed auto
media-type rj45
!
interface GigabitEthernet0/3
no ip address
shutdown
duplex auto
speed auto
media-type rj45
!
!
router eigrp 69
network 192.168.0.0
network 192.168.69.0
!
router ospf 1
!
router bgp 600
bgp log-neighbor-changes
neighbor 192.168.0.2 remote-as 900
neighbor 192.168.0.2 ebgp-multihop 255
neighbor 192.168.0.2 update-source Loopback0
neighbor 192.168.0.4 remote-as 600
neighbor 192.168.0.4 update-source Loopback0
!
address-family ipv4
neighbor 192.168.0.2 activate
neighbor 192.168.0.2 send-community
neighbor 192.168.0.4 activate
neighbor 192.168.0.4 send-community
exit-address-family
!
ip forward-protocol nd
!
ip bgp-community new-format
!
no ip http server
no ip http secure-server
!
vIOS2 Configuration
vIOS2#sh runn
Building configuration…
Current configuration : 3368 bytes
!
! Last configuration change at 15:19:15 UTC Sat Mar 13 2021
!
version 15.6
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption
!
hostname vIOS2
!
boot-start-marker
boot-end-marker
!
!
!
no aaa new-model
ethernet lmi ce
!
!
!
mmi polling-interval 60
no mmi auto-configure
no mmi pvc
mmi snmp-timeout 180
!
!
!
!
!
!
!
!
!
!
!
ip cef
no ipv6 cef
!
multilink bundle-name authenticated
!
!
!
!
!
redundancy
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
interface Loopback0
ip address 192.168.0.2 255.255.255.255
!
interface GigabitEthernet0/0
ip address 192.168.69.2 255.255.255.0
duplex auto
speed auto
media-type rj45
!
interface GigabitEthernet0/1
no ip address
shutdown
duplex auto
speed auto
media-type rj45
!
interface GigabitEthernet0/2
no ip address
shutdown
duplex auto
speed auto
media-type rj45
!
interface GigabitEthernet0/3
no ip address
shutdown
duplex auto
speed auto
media-type rj45
!
!
router eigrp 69
network 192.168.0.0
network 192.168.69.0
!
router bgp 900
bgp log-neighbor-changes
neighbor 192.168.0.1 remote-as 600
neighbor 192.168.0.1 ebgp-multihop 255
!
address-family ipv4
network 192.168.0.2 mask 255.255.255.255
neighbor 192.168.0.1 activate
neighbor 192.168.0.1 send-community
exit-address-family
!
ip forward-protocol nd
!
ip bgp-community new-format
!
no ip http server
no ip http secure-server
vIOS4 Configuration
vIOS4#sh runn
Building configuration…
Current configuration : 3363 bytes
!
! Last configuration change at 15:18:58 UTC Sat Mar 13 2021
!
version 15.6
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption
!
hostname vIOS4
!
boot-start-marker
boot-end-marker
!
!
!
no aaa new-model
ethernet lmi ce
!
!
!
mmi polling-interval 60
no mmi auto-configure
no mmi pvc
mmi snmp-timeout 180
!
!
!
!
!
!
!
!
!
!
!
ip cef
no ipv6 cef
!
multilink bundle-name authenticated
!
!
!
!
!
redundancy
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
interface Loopback0
ip address 192.168.0.4 255.255.255.255
ip ospf 1 area 0
!
interface GigabitEthernet0/0
no ip address
shutdown
duplex auto
speed auto
media-type rj45
!
interface GigabitEthernet0/1
no ip address
shutdown
duplex auto
speed auto
media-type rj45
!
interface GigabitEthernet0/2
ip address 192.168.26.2 255.255.255.0
ip ospf 1 area 0
duplex auto
speed auto
media-type rj45
!
interface GigabitEthernet0/3
no ip address
shutdown
duplex auto
speed auto
media-type rj45
!
router ospf 1
!
router bgp 600
bgp log-neighbor-changes
neighbor 192.168.0.1 remote-as 600
neighbor 192.168.0.1 update-source Loopback0
!
address-family ipv4
network 192.168.0.4 mask 255.255.255.255
neighbor 192.168.0.1 activate
neighbor 192.168.0.1 send-community
exit-address-family
!
ip forward-protocol nd
!
ip bgp-community new-format
!
no ip http server
no ip http secure-server
Good network design provides redundancy in devices and network links
The simplest solution involves adding a second link between switches to overcome a network link failure or ensuring that a switch is connected to at least two other switches in a topology.
This can cause problems when a switch must forward broadcasts or when unknown unicast flooding occurs.
Network broadcasts forward in a continuous loop until the link becomes saturated, and the switch is forced to drop packets.
Also the MAC address table must constantly change ports as the packets make loops. The packets continue to loop around the topology because there is not a time-to-live (TTL) mechanism for Layer 2 forwarding. The switch CPU utilization increases, as does memory consumption, which could result in the crashing of the switch.
Common Causes of Layer 2 Loops
STP disabled on a switch
A misconfigured load balancer that transmits traffic out multiple ports with the same MAC address
A misconfigured virtual switch that bridges two physical ports (Virtual switches typically do not participate in STP.)
End users using a dumb network switch or hub
How Spanning Tree Works
Spanning Tree Protocol (STP) enables switches to become aware of other switches through the advertisement and receipt of bridge protocol data units (BPDUs).
STP builds a Layer 2 loop-free topology in an environment by temporarily blocking traffic on redundant ports.
STP operates by selecting a specific switch as the master switch and running a tree-based algorithm to identify which redundant ports should not forward traffic.
Root bridge: The root bridge is the most important switch in the Layer 2 topology.
Bridge protocol data unit (BPDU): This network packet is used for network switches to identify a hierarchy and notify of changes in the topology.
Two Types of BPDUs:
Configuration
TCN
Max age: This is the maximum length of time that passes before a bridge port saves its BPDU information.
default is 20 seconds command spanning-tree vlan vlan-id max-age maxage. If a switch loses contact with the BPDU’s source, it assumes that the BPDU information is still valid for the duration of the Max Age timer
Hello time: time that a BPDU is advertised out of a port.
default is 2 seconds can be configured to 1 to 10 seconds with the command spanning-tree vlan vlan-id hellotime hello-time.
Forward delay: time that a port stays in a listening and learning state.
default value is 15 seconds can be 15 to 30 seconds with the command spanning-tree vlan vlan-id forward-time forward-time.
Election
Hello BPDUs are exchanged between all switches at the beginning of the root bridge election process
each switch considers itself as the root bridge, in fact it sends its BPDUs with its bridge ID as the root bridge ID
when a switch receives a BPDU with a lower bridge ID, it “adjusts” its BPDUs by sending them with the received lower bridge ID, otherwise it would just discard that BPDU with a higher bridge ID.
That process continues until all switches agree on the root bridge which has the lowest bridge ID.
In case all switches have same bridge priority then the tiebreaker here would be the mac address, the switch with the lowest mac address would be the root bridge.
The bridge ID is combined by the bridge priority, System ID Extension (based on IEEE 802.1t standard) and the mac address of the switch.
Finding Topology Change Causes
determining why TCNs are occurring involves checking a port to see whether it is connected to a host or to another switch.
If it is connected to another switch, you need to connect to that switch and repeat the process of examining the STP details.
You might need to examine CDP tables or your network documentation.
You can execute the show spanningtree [vlan vlan-id] detail command again to find the last switch in the topology to identify the problematic port.
RSTP (802.1W) Port States
Discarding: The switch port is enabled, but the port is not forwarding any traffic to ensure that a loop is not created. This state combines the traditional STP states disabled, blocking, and listening.
Learning: The switch port modifies the MAC address table with any network traffic it receives. The switch still does not forward any other network traffic besides BPDUs.
Forwarding: The switch port forwards all network traffic and updates the MAC address table as expected. This is the final state for a switch port to forward network traffic.
STP Tuning
Ideally the root bridge is placed on a core switch, and a secondary root bridge is designated to minimize changes to the overall spanning tree
Root and Secondary Placement
spanning-tree vlan vlan-id priority priority: The priority is a value between 0 and 61,440, in increments of 4,096.
spanning-tree vlan vlan-id root {primary | secondary} [diameter diameter]: This command executes a script that modifies certain values. The primary keyword sets the priority
Generally, root switches are at Layer 2/Layer 3 boundaries.
minimize the number of hops to the furthest switch in the topology.
BEST PRACTICE: set the priority to 0 for the primary root switch and to 4096 for the secondary root switch.
Oh Snap, There’s a Loop!
Catalyst switches detect a MAC address that is flapping between interfaces and notify via syslog.
MAC address of the host, VLAN, and ports between which the MAC address is flapping.
These messages should be investigated to ensure that a forwarding loop does not exist
Root Guard
Enabled on a port-by-port basis; it prevents a configured port from becoming a root port.
Stops downstream switches from becoming the root bridge – Errdisables ports that receive the BPDU
Command spanningtree guard root – Root guard is placed on designated ports toward other switches that should never become root bridges.
STP Portfast
Placed on host ports, disables TCNs
Bypass listen and learning state go straight to forwarding
Saves time, used on Access ports
Beneficial in environments where computers use Dynamic Host Configuration Protocol (DHCP) or Preboot Execution Environment (PXE).
Command spanning-tree portfast trunk. ONLY USED ON SINGLE HOST EX: ESXI SERVER
command spanning-tree portfast or globally on all access ports with the command spanning-tree portfast default
BPDU Guard
BPDU guard is a safety mechanism that shuts down portfast ports upon receipt of a BPDU.
Ensures that a loop cannot accidentally be created if an unauthorized switch is added to a topology.
spanning-tree portfast bpduguard default. BPDU guard can be enabled or disabled on a specific interface with the command spanning-tree bpduguard {enable | disable}.
BPDU guard is typically configured with all host-facing ports that are enabled with portfast.
Use Error Recovery to recover ports that were shut down from BPDU guard errdisable recovery cause bpduguard
The period that the Error Recovery checks for ports is configured with the command errdisable recovery interval time-seconds
BPDU Filter
Blocks BPDUs from being transmitted out a port
Most network designs do not require BPDU filter, which adds an unnecessary level of complexity and also introduces risk.
UDLD Fiber Trunking
Unidirectional Link Detection (UDLD) allows for the bidirectional monitoring of fiber-optic cables.
Lab
SW-01 Configuration
SW-01#sh runn
Building configuration…
Current configuration : 3810 bytes
!
! Last configuration change at 19:53:21 UTC Sat Mar 13 2021
!
version 15.2
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption
service compress-config
!
hostname SW-01
!
boot-start-marker
boot-end-marker
!
!
!
no aaa new-model
!
!
!
!
!
!
!
!
ip cef
no ipv6 cef
!
!
errdisable recovery cause bpduguard
errdisable recovery interval 30
!
spanning-tree mode rapid-pvst
spanning-tree extend system-id
!
vlan internal allocation policy ascending
!
!
!
!
!
!
!
!
!
!
!
!
!
!
interface GigabitEthernet0/0
switchport trunk encapsulation dot1q
switchport trunk native vlan 666
switchport mode trunk
media-type rj45
negotiation auto
!
interface GigabitEthernet0/1
switchport trunk encapsulation dot1q
switchport trunk native vlan 666
switchport mode trunk
media-type rj45
negotiation auto
!
interface GigabitEthernet0/2
switchport trunk encapsulation dot1q
switchport trunk native vlan 666
switchport mode trunk
media-type rj45
negotiation auto
!
interface GigabitEthernet0/3
description SHUTDOWN-NO-USERS
switchport access vlan 999
switchport mode access
shutdown
media-type rj45
negotiation auto
!
interface GigabitEthernet1/0
description SHUTDOWN-NO-USERS
switchport access vlan 999
switchport mode access
shutdown
media-type rj45
negotiation auto
!
interface GigabitEthernet1/1
description SHUTDOWN-NO-USERS
switchport access vlan 999
switchport mode access
shutdown
media-type rj45
negotiation auto
!
interface GigabitEthernet1/2
description SHUTDOWN-NO-USERS
switchport access vlan 999
switchport mode access
shutdown
media-type rj45
negotiation auto
!
interface GigabitEthernet1/3
description ACCESS-WIRED
switchport access vlan 10
switchport mode access
media-type rj45
negotiation auto
spanning-tree portfast edge
spanning-tree bpduguard enable
!
ip forward-protocol nd
!
no ip http server
no ip http secure-server
!
!
!
!
!
!
control-plane
!
line con 0
line aux 0
line vty 0 4
!
!
end
SW-02 Configuration
SW-02#sh runn
Building configuration…
Current configuration : 3810 bytes
!
! Last configuration change at 19:53:22 UTC Sat Mar 13 2021
!
version 15.2
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption
service compress-config
!
hostname SW-02
!
boot-start-marker
boot-end-marker
!
!
!
no aaa new-model
!
!
!
!
!
!
!
!
ip cef
no ipv6 cef
!
!
errdisable recovery cause bpduguard
errdisable recovery interval 30
!
spanning-tree mode rapid-pvst
spanning-tree extend system-id
!
vlan internal allocation policy ascending
!
!
!
!
!
!
!
!
!
!
!
!
!
!
interface GigabitEthernet0/0
switchport trunk encapsulation dot1q
switchport trunk native vlan 666
switchport mode trunk
media-type rj45
negotiation auto
!
interface GigabitEthernet0/1
switchport trunk encapsulation dot1q
switchport trunk native vlan 666
switchport mode trunk
media-type rj45
negotiation auto
!
interface GigabitEthernet0/2
switchport trunk encapsulation dot1q
switchport trunk native vlan 666
switchport mode trunk
media-type rj45
negotiation auto
!
interface GigabitEthernet0/3
description SHUTDOWN-NO-USERS
switchport access vlan 999
switchport mode access
shutdown
media-type rj45
negotiation auto
!
interface GigabitEthernet1/0
description SHUTDOWN-NO-USERS
switchport access vlan 999
switchport mode access
shutdown
media-type rj45
negotiation auto
!
interface GigabitEthernet1/1
description SHUTDOWN-NO-USERS
switchport access vlan 999
switchport mode access
shutdown
media-type rj45
negotiation auto
!
interface GigabitEthernet1/2
description SHUTDOWN-NO-USERS
switchport access vlan 999
switchport mode access
shutdown
media-type rj45
negotiation auto
!
interface GigabitEthernet1/3
description ACCESS-WIRED
switchport access vlan 10
switchport mode access
media-type rj45
negotiation auto
spanning-tree portfast edge
spanning-tree bpduguard enable
!
ip forward-protocol nd
!
no ip http server
no ip http secure-server
!
!
!
!
!
!
control-plane
!
line con 0
line aux 0
line vty 0 4
!
!
end
SW-02#
SW-03 Configuration
SW-03#sh runn
Building configuration…
Current configuration : 3443 bytes
!
! Last configuration change at 19:53:38 UTC Sat Mar 13 2021
!
version 15.2
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption
service compress-config
!
hostname SW-03
!
boot-start-marker
boot-end-marker
!
!
!
no aaa new-model
!
!
!
!
!
!
!
!
ip cef
no ipv6 cef
!
!
!
spanning-tree mode rapid-pvst
spanning-tree extend system-id
spanning-tree vlan 1-4094 priority 0
!
vlan internal allocation policy ascending
!
!
!
!
!
!
!
!
!
!
!
!
!
!
interface GigabitEthernet0/0
switchport trunk encapsulation dot1q
switchport trunk native vlan 666
switchport mode trunk
media-type rj45
negotiation auto
!
interface GigabitEthernet0/1
switchport trunk encapsulation dot1q
switchport trunk native vlan 666
switchport mode trunk
media-type rj45
negotiation auto
spanning-tree guard root
!
interface GigabitEthernet0/2
switchport trunk encapsulation dot1q
switchport trunk native vlan 666
switchport mode trunk
media-type rj45
negotiation auto
spanning-tree guard root
!
interface GigabitEthernet0/3
switchport trunk encapsulation dot1q
switchport trunk native vlan 666
switchport mode trunk
media-type rj45
negotiation auto
!
interface GigabitEthernet1/0
media-type rj45
negotiation auto
!
interface GigabitEthernet1/1
media-type rj45
negotiation auto
!
interface GigabitEthernet1/2
media-type rj45
negotiation auto
!
interface GigabitEthernet1/3
media-type rj45
negotiation auto
!
ip forward-protocol nd
!
no ip http server
no ip http secure-server
!
!
!
!
!
!
control-plane
!
line con 0
line aux 0
line vty 0 4
!
!
end
SW-03#
SW-04 Configuration
SW-04#sh runn
Building configuration…
Current configuration : 3446 bytes
!
! Last configuration change at 19:53:44 UTC Sat Mar 13 2021
!
version 15.2
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption
service compress-config
!
hostname SW-04
!
boot-start-marker
boot-end-marker
!
!
!
no aaa new-model
!
!
!
!
!
!
!
!
ip cef
no ipv6 cef
!
!
!
spanning-tree mode rapid-pvst
spanning-tree extend system-id
spanning-tree vlan 1-4094 priority 4096
!
vlan internal allocation policy ascending
!
!
!
!
!
!
!
!
!
!
!
!
!
!
interface GigabitEthernet0/0
switchport trunk encapsulation dot1q
switchport trunk native vlan 666
switchport mode trunk
media-type rj45
negotiation auto
!
interface GigabitEthernet0/1
switchport trunk encapsulation dot1q
switchport trunk native vlan 666
switchport mode trunk
media-type rj45
negotiation auto
spanning-tree guard root
!
interface GigabitEthernet0/2
switchport trunk encapsulation dot1q
switchport trunk native vlan 666
switchport mode trunk
media-type rj45
negotiation auto
spanning-tree guard root
!
interface GigabitEthernet0/3
switchport trunk encapsulation dot1q
switchport trunk native vlan 666
switchport mode trunk
media-type rj45
negotiation auto
!
interface GigabitEthernet1/0
media-type rj45
negotiation auto
!
interface GigabitEthernet1/1
media-type rj45
negotiation auto
!
interface GigabitEthernet1/2
media-type rj45
negotiation auto
!
interface GigabitEthernet1/3
media-type rj45
negotiation auto
!
ip forward-protocol nd
!
no ip http server
no ip http secure-server
!
!
!
!
!
!
control-plane
!
line con 0
line aux 0
line vty 0 4
!
!
end
A switch stack can have up to eight stacking-capable switches connected through their StackWise ports.
Only homogenous stacking is supported -Catalyst 9200 switches will only allow other 9200s as stack members.
Switch members can’t have different licenses
Overview
up to eight stacking-capable switches connected through their StackWise ports
The stack as seen as one device across Layers 2 and 3.
Active switch controls the operation and managment of the entire stack.
The active switch contains the saved and running configuration files for the switch stack. The configuration files include the system-level settings for the switch stack and the interface-level settings for each stack member. Each stack member has a current copy of these files for back-up purposes.
Mac Address and Bridge ID (Layer 2)
Configuring MAC persistency so that the stack MAC address never changes to a different MAC address to avoid LACP and PAgP flaps/inconsistencies.
If the changes, the MAC address of the new determines the new bridge ID and router MAC address.
If the entire switch stack reloads, the switch stack uses the MAC address of the .
Upgrading Software
auto-upgrade and auto-advise features enable a switch with software packages that are incompatible with the switch stack to be upgraded to a compatible software version so that it can join the switch stack.
Priority
The switch with the higher priority becomes the stack master. This can be seen by using the show switch command and looking at the priority values. switch x priority x if switch 1 priority 15 and switch 2 priority 10 than switch 1 will be elected the master.
Adding a new member
Power off the new switch.
Connect the new switch to the stack using the StackWise cables.
Power on the new switch.
Failure
If the stack master is removed or powered off the standby switch will become the new active switch. All other stack members in the stack remain as members and will not reboot.
If two devices become stack master one stack will have members the other stack master will show as a standalone device. Use the mode button and port LEDs on the device to identify which device is the master and which devices belong to that stack.
Configure a native supplicant profile for wireless clients
Configure a BYOD Portal for onboarding
Create the authentication policy that allows users to log in
Configure authorization policy that permits access to resources
Configure ACLs on WLC
Users will connect to the BYOD WLAN. If the mobile device does not have a certificate, the user will be prompted to enter their Active Directory Username and Password. Once they complete the onboarding process, ISE will initiate a Change of Authorization (CoA). This will disconnect the client and they will immediately re-associate to the WLAN using the new certificate.
Certificate Template
This is the certificate that clients will download when attempting to connect to the SSID “MGMT”.
Go to: Administration > System > Certificates > Certificate Authority > Certificate Templates
Select EAP_Authentication_Certificate_Template and Click Duplicate
Enter the name BYOD_EAP_Authentication_Certificate_Template
Edit the Organizational Unit and Organization
Set SCEP RA Profile to ISE Internal CA
Click Submit
Native Supplicant Profile
This is the wireless profile the device will use to connect to the WLAN once the device is onboarded.
Go to: Policy > Policy Element > Results > Client Provisioning > Resources
Click Add > Native Supplicant Profile
Enter a Name (BYOD_EAP_TLS_NSP)
Click Add under Wireless Profile
Enter the SSID
Set Security to WPA2 Enterprise
Set Allowed Protocol to TLS
Set Certificate Template to BYOD_EAP_Authentication_Certificate_Template
Click Submit
Client Provisioning Policy
This determines which Native Supplicant Profile gets installed on which type of device.
Policy > Client Provisioning
Edit each type of device with the Native Supplicant Profile that you created earlier
(Set Results to BYOD_EAP_TLS_NSP)
Click Save
BYOD Portal
This is the web page the user is redirected to in order to “onboard” their device.
Enter the Join Point Name (For instance, wifiworkshop_AD)
Enter the Active Directory Domain
Click Submit
Once the Join Point is created, Click the Groups Tab
Add AD Groups of users who will be allowed to onboard their device.
Authentication Policy
Policy > Policy Sets > Wireless Devices
Create an Authentication Policy above the default rule
Set the Condition to Radius:Called-Station-ID contains Mgmt
Set the Allowed Protocols to Default Network Access
Set Network Access:AuthenticationMethod EQUALS x509_PKI to use “Ge_Cert_CommonName”
Click the drop-down arrow next to Actions and Insert Row Above the Default Rule
Set Network Access:AuthenticationMethod EQUALS MSCHAPv2 to use “Ge”
Set the Default Rule to Deny Access
Authorization Profile
Work Centers > BYOD > Policy Elements > Results > Authorization Profiles
Click Add
Enter a Name (BYOD_NSP_AuthZ_Profile)
Select Web Redirection (CWA, MDM, NSP, CPP)
Set it to Native Supplicant Provisioning
Create an ACL named BYOD_REDIRECT
Set the Value BYOD WEB PAGE
Authorization Profile for Android Devices
Work Centers > BYOD > Policy Elements > Results > Authorization Profiles
Click Add
Enter a Name (BYOD_NSP_Google_AuthZ_Profile)
Select Web Redirection (CWA, MDM, NSP, CPP)
Set it to Native Supplicant Provisioning
Manually type in BYOD_Google_REDIRECT for the ACL
(You’ll create the ACL on the WLC later)
Set the Value BYOD WEB PAGE
Authorization Policy for Android Devices
Work Centers > BYOD > Policy Sets
Create a new Authorization Policy Rule above the default rule
Set the Condition to Network Access:Authentication Method EQUALS MSCHAPV2 AND Session:Device-OS EQUALS Android
Set Permissions to BYOD_NSP_Google_AuthZ_Profile
Authorization Policy for all other devices
Work Centers > BYOD > Policy Sets
Create a new Authorization Policy Rule above the default rule
Set the Condition to Network Access:Authentication Method EQUALS MSCHAPV2
Set Permissions to Ge_NSP_AuthZ_Profile
Add the ACL to the WLC
Deny statements in the ACL trigger the redirect on WLC. Create permit statements to allow traffic to the Policy Service Nodes and DNS (not redirected). Create a rule for each direction. Create deny statements for web traffic, so that they get redirected to the BYOD Portal
Log into the WLC
Security > Access Control Lists > Access Control Lists
Click New
Name it BYOD_DIRECT (or whatever you manually named the ACL in the Authorization Rule)
Click on the BYOD_DIRECT acl and click Add New Rule
Create Rule to permit traffic all traffic outbound from controller
Create Rule to permit TCP traffic on 8443 to all Policy Service Nodes
Create Rule to permit UDP traffic to DNS
Create Rule to permit UDP traffic to DHCP (I believe DHCP is allowed by default, so you may not need this rule.)
iBGP Split Horizon – When an iBGP speaker learns of an iBGP Prefix it will not send the prefix to another iBGP speaker.
This means you will need to configure either a full mesh of iBGP peerings or use a function like route reflection or confederation to work around this rule.
eBGP Peering – Peering between different Autonymous Systems.
eBGP multi-hop – Used whenever you want to peer between loopback addresses between eBGP peers.
eBGP Multi-hop Lab
Configure the BGP topology given in the diagram.
All peering should be formed between loopback addresses.
Do not form an iBGP peering between R2 and R3.
Allowed to create static routes in AS 400 and AS 500 if needed.
A C9200L had locked up. All switchports were dead/no light and the Fiber modules were a solid amber lit color. All ports had hosts on the other end that were still alive and sending electrical signal to their ports. I attempted to power cycle by pulling the power cables and reseating the redundant power supplies. After two attempts the switch was still locked up with fans staying on high after POST should have cleared.
Troubleshooting Information
Do any lights at all illuminate? I see the switchports don’t, but is any activity seen on the front panel? Sfp ports stayed solid amber – switchports none lit, no activity when reseating connections
Do the PSUs appear to power on? Yes both PSUs appear to power on, switch fans kick on during POST and stay on full speed
Has the device ever powered on? Yes device was pulled from production
What version of code was running (if known/applicable)? Fuji – 16.9.4
While attempting to swap the 9200L with a loaner switch I ran into the following warning messages. NOTE: The fiber and SFP modules were being reseated into different members of the stack until the RMA could come in.
No Big Deal
I had never ran into the Duplicate GBIC error before. While attempting to do some research on this I ran into bug reports of this occuring on 3850s.
Solution/Work Around
Remove the old switch member
no errdisable detect cause gbic-invalid
reseat connections
admin shut/no shut the module ports.
I figured that removing the stack member, reseating the connections would be enough but for some reason the ports were still errdisabled.
I had to shut/no shut the ports twice after reseating each connection. Once I did this the ports moved out of errdisable.
SWITCH-NAME(config)#
*Feb 24 15:00:25.568: %PLATFORM_PM-6-MODULE_REMOVED: SFP module with interface name Te1/1/2 removed
SWITCH-NAME(config)#
*Feb 24 15:00:54.982: %PLATFORM_PM-6-MODULE_INSERTED: SFP module inserted with interface name Te1/1/2
SWITCH-NAME(config)#
*Feb 24 15:02:52.913: %PLATFORM_PM-6-MODULE_REMOVED: SFP module with interface name Te1/1/3 removed
SWITCH-NAME(config)#
*Feb 24 15:04:47.672: %PLATFORM_PM-6-MODULE_INSERTED: SFP module inserted with interface name Te1/1/3
SWITCH-NAME(config)#Warning: [1 51] is dup of [3 50]
SWITCH-NAME(config)#end
SWITCH-NAME#sh logg
Syslog logging: enabled (0 messages dropped, 7 messages rate-limited, 0 flushes, 0 overruns, xml disabled, filtering disabled)
No Active Message Discriminator.
No Inactive Message Discriminator.
Console logging: level emergencies, 0 messages logged, xml disabled, filtering disabled Monitor logging: level debugging, 173 messages logged, xml disabled, filtering disabled Logging to: vty2(7) Buffer logging: level debugging, 46694 messages logged, xml disabled, filtering disabled Exception Logging: size (4096 bytes) Count and timestamp logging messages: disabled File logging: disabled Persistent logging: disabled
No active filter modules.
Trap logging: level informational, 46254 message lines logged Logging Source-Interface: VRF Name:
Log Buffer (4096 bytes):
port Gi1/0/26 and port Gi1/0/25
*Feb 24 14:25:45.184: %SYS-6-LOGOUT: User pete has exited tty session 2(10.10.16.40)
*Feb 24 14:46:24.069: %PLATFORM_PM-6-MODULE_INSERTED: SFP module inserted with interface name Te2/1/2Warning: [2 50] is dup of [3 52]
*Feb 24 14:46:24.069: %PM-4-ERR_DISABLE: gbic-invalid error detected on Te2/1/2, putting Te2/1/2 in err-disable state
*Feb 24 14:46:49.152: %LINEPROTO-5-UPDOWN: Line protocol on Interface GigabitEthernet1/0/42, changed state to down
*Feb 24 14:46:50.168: %LINK-3-UPDOWN: Interface GigabitEthernet1/0/42, changed state to down
*Feb 24 14:46:58.360: %PLATFORM_PM-6-MODULE_INSERTED: SFP module inserted with interface name Te1/1/1Warning: [1 49] is dup of [3 49]
SWITCH-NAME#ter le 0
SWITCH-NAME#sh logg
*Feb 24 14:51:02.833: %PLATFORM_PM-6-MODULE_INSERTED: SFP module inserted with interface name Te1/1/1Warning: [1 49] is dup of [3 49]
*Feb 24 14:51:48.227: %PLATFORM_PM-6-MODULE_INSERTED: SFP module inserted with interface name Te1/1/2Warning: [1 50] is dup of [3 51]
*Feb 24 14:51:48.227: %PM-4-ERR_DISABLE: gbic-invalid error detected on Te1/1/2, putting Te1/1/2 in err-disable state
*Feb 24 14:52:18.181: %PLATFORM_PM-6-MODULE_REMOVED: SFP module with interface name Te1/1/2 removed
*Feb 24 14:52:38.420: %PLATFORM_PM-6-MODULE_INSERTED: SFP module inserted with interface name Te1/1/2Warning: [1 50] is dup of [3 51]
*Feb 24 14:53:07.578: %PLATFORM_PM-6-MODULE_INSERTED: SFP module inserted with interface name Te1/1/3Warning: [1 51] is dup of [3 50]
*Feb 24 14:53:07.578: %PM-4-ERR_DISABLE: gbic-invalid error detected on Te1/1/3, putting Te1/1/3 in err-disable state
SWITCH-NAME#conf t
Enter configuration commands, one per line. End with CNTL/Z.
SWITCH-NAME(config)#no errdisable detect cause gbic-invalid
SWITCH-NAME(config)#exi
SWITCH-NAME#
*Feb 24 15:12:05.166: %PLATFORM_PM-6-MODULE_REMOVED: SFP module with interface name Te2/1/2 removed
SWITCH-NAME#
*Feb 24 15:12:32.313: %PLATFORM_PM-6-MODULE_INSERTED: SFP module inserted with interface name Te2/1/2
SWITCH-NAME#Warning: [2 50] is dup of [3 52]
SWITCH-NAME#sh logg
*Feb 24 14:46:24.069: %PLATFORM_PM-6-MODULE_INSERTED: SFP module inserted with interface name Te2/1/2Warning: [2 50] is dup of [3 52]
*Feb 24 14:46:24.069: %PM-4-ERR_DISABLE: gbic-invalid error detected on Te2/1/2, putting Te2/1/2 in err-disable state
*Feb 24 14:46:49.152: %LINEPROTO-5-UPDOWN: Line protocol on Interface GigabitEthernet1/0/42, changed state to down
*Feb 24 14:46:50.168: %LINK-3-UPDOWN: Interface GigabitEthernet1/0/42, changed state to down
*Feb 24 14:46:58.360: %PLATFORM_PM-6-MODULE_INSERTED: SFP module inserted with interface name Te1/1/1Warning: [1 49] is dup of [3 49]
*Feb 24 14:46:58.360: %PM-4-ERR_DISABLE: gbic-invalid error detected on Te1/1/1, putting Te1/1/1 in err-disable state
*Feb 24 14:47:00.408: %LINK-3-UPDOWN: Interface GigabitEthernet1/0/42, changed state to up
*Feb 24 14:47:02.420: %LINEPROTO-5-UPDOWN: Line protocol on Interface GigabitEthernet1/0/42, changed state to up
*Feb 24 14:50:28.930: %LINEPROTO-5-UPDOWN: Line protocol on Interface GigabitEthernet1/0/42, changed state to down
*Feb 24 14:50:29.942: %LINK-3-UPDOWN: Interface GigabitEthernet1/0/42, changed state to down
*Feb 24 14:50:32.982: %LINK-3-UPDOWN: Interface GigabitEthernet1/0/42, changed state to up
*Feb 24 14:50:35.463: %LINK-3-UPDOWN: Interface GigabitEthernet1/0/42, changed state to down
*Feb 24 14:50:38.714: %LINK-3-UPDOWN: Interface GigabitEthernet1/0/42, changed state to up
*Feb 24 14:50:39.922: %PLATFORM_PM-6-MODULE_REMOVED: SFP module with interface name Te1/1/1 removed
*Feb 24 14:50:40.721: %LINEPROTO-5-UPDOWN: Line protocol on Interface GigabitEthernet1/0/42, changed state to up
*Feb 24 14:50:52.774: %LINEPROTO-5-UPDOWN: Line protocol on Interface GigabitEthernet1/0/42, changed state to down
*Feb 24 14:50:53.788: %LINK-3-UPDOWN: Interface GigabitEthernet1/0/42, changed state to down
*Feb 24 14:50:56.717: %LINK-3-UPDOWN: Interface GigabitEthernet1/0/42, changed state to up
*Feb 24 14:50:58.729: %LINEPROTO-5-UPDOWN: Line protocol on Interface GigabitEthernet1/0/42, changed state to up
*Feb 24 14:51:02.833: %PLATFORM_PM-6-MODULE_INSERTED: SFP module inserted with interface name Te1/1/1Warning: [1 49] is dup of [3 49]
*Feb 24 14:51:48.227: %PLATFORM_PM-6-MODULE_INSERTED: SFP module inserted with interface name Te1/1/2Warning: [1 50] is dup of [3 51]
*Feb 24 14:51:48.227: %PM-4-ERR_DISABLE: gbic-invalid error detected on Te1/1/2, putting Te1/1/2 in err-disable state
*Feb 24 14:52:18.181: %PLATFORM_PM-6-MODULE_REMOVED: SFP module with interface name Te1/1/2 removed
*Feb 24 14:52:38.420: %PLATFORM_PM-6-MODULE_INSERTED: SFP module inserted with interface name Te1/1/2Warning: [1 50] is dup of [3 51]
*Feb 24 14:53:07.578: %PLATFORM_PM-6-MODULE_INSERTED: SFP module inserted with interface name Te1/1/3Warning: [1 51] is dup of [3 50]
*Feb 24 14:53:07.578: %PM-4-ERR_DISABLE: gbic-invalid error detected on Te1/1/3, putting Te1/1/3 in err-disable state
*Feb 24 14:56:02.489: %SEC_LOGIN-5-LOGIN_SUCCESS: Login Success [user: pete] [Source: 192.168.1.5] [localport: 23] at 14:56:02 UTC Wed Feb 24 2021
*Feb 24 15:00:25.568: %PLATFORM_PM-6-MODULE_REMOVED: SFP module with interface name Te1/1/2 removed
*Feb 24 15:00:54.982: %PLATFORM_PM-6-MODULE_INSERTED: SFP module inserted with interface name Te1/1/2
*Feb 24 15:02:52.913: %PLATFORM_PM-6-MODULE_REMOVED: SFP module with interface name Te1/1/3 removed
*Feb 24 15:04:47.672: %PLATFORM_PM-6-MODULE_INSERTED: SFP module inserted with interface name Te1/1/3Warning: [1 51] is dup of [3 50]
*Feb 24 15:06:07.071: %SYS-5-CONFIG_I: Configured from console by pete on vty0 (192.168.1.5)
*Feb 24 15:11:22.731: %SYS-5-CONFIG_I: Configured from console by pete on vty0 (192.168.1.5)
*Feb 24 15:12:05.166: %PLATFORM_PM-6-MODULE_REMOVED: SFP module with interface name Te2/1/2 removed
*Feb 24 15:12:32.313: %PLATFORM_PM-6-MODULE_INSERTED: SFP module inserted with interface name Te2/1/2Warning: [2 50] is dup of [3 52]
SWITCH-NAME#
*Feb 24 15:14:09.249: %PLATFORM_PM-6-MODULE_REMOVED: SFP module with interface name Te1/1/2 removed
SWITCH-NAME#
*Feb 24 15:14:16.391: %PLATFORM_PM-6-MODULE_INSERTED: SFP module inserted with interface name Te1/1/2
SWITCH-NAME#Warning: [1 50] is dup of [3 51]
SWITCH-NAME#show sw
SWITCH-NAME#show switch
Switch/Stack Mac Address : 10b3.d582.9880 - Local Mac Address
Mac persistency wait time: Indefinite
H/W Current
Switch# Role Mac Address Priority Version State
1 Standby 4c71.0d81.xxxx 1 V01 Ready
2 Member 7c21.0e62.xxxx 1 V01 Ready
3 Member 0000.0000.xxxx 0 V01 Removed
*4 Active 10b3.d582.xxxx 1 V01 Ready
SWITCH-NAME#conf t
Enter configuration commands, one per line. End with CNTL/Z.
SWITCH-NAME(config)#no switch 3 provision
SWITCH-NAME(config)#
*Feb 24 15:19:14.899: %PLATFORM_PM-6-MODULE_REMOVED: SFP module with interface name Te1/1/1 removed
SWITCH-NAME(config)#
*Feb 24 15:19:24.716: %PLATFORM_PM-6-MODULE_INSERTED: SFP module inserted with interface name Te1/1/1
SWITCH-NAME(config)#Warning: [1 49] is dup of [3 49]
SWITCH-NAME(config)#int ra te 1/1/1 - 2
SWITCH-NAME(config-if-range)#no shut
SWITCH-NAME(config-if-range)#do sh logg
Syslog logging: enabled (0 messages dropped, 7 messages rate-limited, 0 flushes, 0 overruns, xml disabled, filtering disabled)
No Active Message Discriminator.
No Inactive Message Discriminator.
Console logging: level emergencies, 0 messages logged, xml disabled, filtering disabled Monitor logging: level debugging, 183 messages logged, xml disabled, filtering disabled Logging to: vty2(17) Buffer logging: level debugging, 46704 messages logged, xml disabled, filtering disabled Exception Logging: size (4096 bytes) Count and timestamp logging messages: disabled File logging: disabled Persistent logging: disabled
No active filter modules.
Trap logging: level informational, 46261 message lines logged Logging Source-Interface: VRF Name:
Log Buffer (4096 bytes):
PDOWN: Line protocol on Interface GigabitEthernet1/0/42, changed state to down
*Feb 24 14:46:50.168: %LINK-3-UPDOWN: Interface GigabitEthernet1/0/42, changed state to down
*Feb 24 14:46:58.360: %PLATFORM_PM-6-MODULE_INSERTED: SFP module inserted with interface name Te1/1/1Warning: [1 49] is dup of [3 49]
*Feb 24 14:46:58.360: %PM-4-ERR_DISABLE: gbic-invalid error detected on Te1/1/1, putting Te1/1/1 in err-disable state
*Feb 24 14:47:00.408: %LINK-3-UPDOWN: Interface GigabitEthernet1/0/42, changed state to up
*Feb 24 14:47:02.420: %LINEPROTO-5-UPDOWN: Line protocol on Interface GigabitEthernet1/0/42, changed state to up
*Feb 24 14:50:28.930: %LINEPROTO-5-UPDOWN: Line protocol on Interface GigabitEthernet1/0/42, changed state to down
*Feb 24 14:50:29.942: %LINK-3-UPDOWN: Interface GigabitEthernet1/0/42, changed state to down
*Feb 24 14:50:32.982: %LINK-3-UPDOWN: Interface GigabitEthernet1/0/42, changed state to up
*Feb 24 14:50:35.463: %LINK-3-UPDOWN: Interface GigabitEthernet1/0/42, changed state to down
*Feb 24 14:50:38.714: %LINK-3-UPDOWN: Interface GigabitEthernet1/0/42, changed state to up
*Feb 24 14:50:39.922: %PLATFORM_PM-6-MODULE_REMOVED: SFP module with interface name Te1/1/1 removed
*Feb 24 14:50:40.721: %LINEPROTO-5-UPDOWN: Line protocol on Interface GigabitEthernet1/0/42, changed state to up
*Feb 24 14:50:52.774: %LINEPROTO-5-UPDOWN: Line protocol on Interface GigabitEthernet1/0/42, changed state to down
*Feb 24 14:50:53.788: %LINK-3-UPDOWN: Interface GigabitEthernet1/0/42, changed state to down
*Feb 24 14:50:56.717: %LINK-3-UPDOWN: Interface GigabitEthernet1/0/42, changed state to up
*Feb 24 14:50:58.729: %LINEPROTO-5-UPDOWN: Line protocol on Interface GigabitEthernet1/0/42, changed state to up
*Feb 24 14:51:02.833: %PLATFORM_PM-6-MODULE_INSERTED: SFP module inserted with interface name Te1/1/1Warning: [1 49] is dup of [3 49]
*Feb 24 14:51:48.227: %PLATFORM_PM-6-MODULE_INSERTED: SFP module inserted with interface name Te1/1/2Warning: [1 50] is dup of [3 51]
*Feb 24 14:51:48.227: %PM-4-ERR_DISABLE: gbic-invalid error detected on Te1/1/2, putting Te1/1/2 in err-disable state
*Feb 24 14:52:18.181: %PLATFORM_PM-6-MODULE_REMOVED: SFP module with interface name Te1/1/2 removed
*Feb 24 14:52:38.420: %PLATFORM_PM-6-MODULE_INSERTED: SFP module inserted with interface name Te1/1/2Warning: [1 50] is dup of [3 51]
*Feb 24 14:53:07.578: %PLATFORM_PM-6-MODULE_INSERTED: SFP module inserted with interface name Te1/1/3Warning: [1 51] is dup of [3 50]
*Feb 24 14:53:07.578: %PM-4-ERR_DISABLE: gbic-invalid error detected on Te1/1/3, putting Te1/1/3 in err-disable state
*Feb 24 14:56:02.489: %SEC_LOGIN-5-LOGIN_SUCCESS: Login Success [user: pete] [Source: 192.168.1.5] [localport: 23] at 14:56:02 UTC Wed Feb 24 2021
*Feb 24 15:00:25.568: %PLATFORM_PM-6-MODULE_REMOVED: SFP module with interface name Te1/1/2 removed
*Feb 24 15:00:54.982: %PLATFORM_PM-6-MODULE_INSERTED: SFP module inserted with interface name Te1/1/2
*Feb 24 15:02:52.913: %PLATFORM_PM-6-MODULE_REMOVED: SFP module with interface name Te1/1/3 removed
*Feb 24 15:04:47.672: %PLATFORM_PM-6-MODULE_INSERTED: SFP module inserted with interface name Te1/1/3Warning: [1 51] is dup of [3 50]
*Feb 24 15:06:07.071: %SYS-5-CONFIG_I: Configured from console by pete on vty0 (192.168.1.5)
*Feb 24 15:11:22.731: %SYS-5-CONFIG_I: Configured from console by pete on vty0 (192.168.1.5)
*Feb 24 15:12:05.166: %PLATFORM_PM-6-MODULE_REMOVED: SFP module with interface name Te2/1/2 removed
*Feb 24 15:12:32.313: %PLATFORM_PM-6-MODULE_INSERTED: SFP module inserted with interface name Te2/1/2Warning: [2 50] is dup of [3 52]
*Feb 24 15:14:09.249: %PLATFORM_PM-6-MODULE_REMOVED: SFP module with interface name Te1/1/2 removed
*Feb 24 15:14:16.391: %PLATFORM_PM-6-MODULE_INSERTED: SFP module inserted with interface name Te1/1/2Warning: [1 50] is dup of [3 51]
*Feb 24 15:19:14.899: %PLATFORM_PM-6-MODULE_REMOVED: SFP module with interface name Te1/1/1 removed
*Feb 24 15:19:24.716: %PLATFORM_PM-6-MODULE_INSERTED: SFP module inserted with interface name Te1/1/1Warning: [1 49] is dup of [3 49]
SWITCH-NAME(config-if-range)#do sh clock
*15:33:51.262 UTC Wed Feb 24 2021
SWITCH-NAME(config-if-range)#shut
SWITCH-NAME(config-if-range)#no shut
SWITCH-NAME(config-if-range)#
*Feb 24 15:34:28.246: %LINK-3-UPDOWN: Interface TenGigabitEthernet1/1/1, changed state to up
*Feb 24 15:34:28.259: %LINK-3-UPDOWN: Interface TenGigabitEthernet1/1/2, changed state to up
SWITCH-NAME(config-if-range)#
*Feb 24 15:34:31.578: %LINEPROTO-5-UPDOWN: Line protocol on Interface TenGigabitEthernet1/1/1, changed state to up
*Feb 24 15:34:31.757: %LINEPROTO-5-UPDOWN: Line protocol on Interface TenGigabitEthernet1/1/2, changed state to up
SWITCH-NAME(config-if-range)#exi
SWITCH-NAME(config)#int te 2/1/2
SWITCH-NAME(config-if)#shut
SWITCH-NAME(config-if)#no shut
SWITCH-NAME(config-if)#
*Feb 24 15:34:54.208: %LINK-3-UPDOWN: Interface TenGigabitEthernet2/1/2, changed state to up
SWITCH-NAME(config-if)#
*Feb 24 15:34:57.425: %LINEPROTO-5-UPDOWN: Line protocol on Interface TenGigabitEthernet2/1/2, changed state to up
