Académique Documents
Professionnel Documents
Culture Documents
There are two versions of each template. A desktop one and a aggregator template. Aggregator templates are used by
default on switches that support larger TCAM sizes. All other switches use the desktop version. Note that the keyword
"desktop" must be named, otherwise the aggregator version is used on switches that support it. In a stack, all switches
use the same template which is stored within the stack master. When a new switch is added. The individual SDM
template is overridden by the master.
Templates should not be changed without good reason. One of those reasons can be if you feel the current resources
are not being used properly. To verify the current use of resources and how much resources may be used, try:
- MAC address is known and sent out of the corresponding port. This is called forwarding.
- MAC address is unknown. Frames is sent out of every port except the port it was received on. This is called
flooding.
- Associated port found in CAM table is same port as the frame was received. No need to do anything with it so the
frame is discarded. This is called filtering.
A CAM table can hold a lot of mac-addresses but not always all. Therefore it can be a good idea to place an aging-timer,
so that entries that have not been heard for a while can be deleted. By default, an entry is deleted after 300 seconds.
NOTE! The learning process for finding mac-addresses and binding them to ports in a table is only done for ports when
STP has deemed them stable for normal use.
By default addresses are learnt dynamically, but you can also add static entries.
Switch(config)# mac address-table static [mac-address] vlan [vlan-id] interface [type mod/num]
Verify:
It is possible for a device to move between ports when it has been disconnected and reconnected. It's also possible that
there's a loop in the network. To make it easier to find out, you can enable mac moving messages. A syslog message will
be generated when a mac-address moves between ports.
To recover a port from this mode, you can either disable and enable the port, or do it automatically with error disable
recovery. By default, the timer to recover is 300 seconds.
You can also change the timer for when the port should be recovered.
To troubleshoot error disabled issues or to verify the configuration. Use the following commands:
It was mentioned before, but when a switch receives a frame, it places the frame in an ingress queue and has to decide
what to do with it. To do this, the switch asks three questions:
To answer the first question, the CAM table is used. It contains MAC addresses, destination ports, VLANs and the way a
certain entry was learned.
Switches use specialized hardware to house the CAM table. CAM support two results 0 and 1. Therefore, CAM is useful
for Layer 2 forwarding results.
For question number two and three another form of memory is needed. TCAM provides three results, 0, 1 and "don't
care". TCAM is most useful for building tables for searching on longest matches, such as IP routing tables organized by IP
prefixes. The TCAM stores ACL, QoS and other information generally associated with upper-layer processing. With this in
mind, applying ACL's no longer affects performance since TCAM is just as fast as the normal CAM table.
CDP
CDP is a Cisco proprietary technique and will only work on Cisco devices. It's enabled on all Cisco
device interfaces by default and they all send out CDP advertisements every 60-seconds. This
information is sent with the MAC-address 01:00:0C:CC:CC:CC as the destination. Information sent
out through the periodic messages will be held for 180 seconds.
Note! CDP is a L2 protocol, so only the device on other side of the cable is learnt. That means that if
your router has a "direct" connection with another router based on the subnet, but a L2 switch is in
between, you will only see the data from the switch.
With this command the Cisco device platform model is displayed, along with the port identifier on
the connected device.
When the option "detail" is added, extra information is available like software release, duplex mode
and power requirements.
NOTE! It is advised to use CDP version 2 instead of version 1. It has a lot more features to obtain
information to decrease downtime. For example, CDPv2 has rapid error tracking that can give
information about native VLAN and duplex mismatches.
LLDP
The globally available counterpart of CDP is the open standaard LLDP (802.ab). It works similar to
CDP, but is disabled by default on Catalyst switches. To see if it's running, do:
LLDP works based on Type-Lenght-Values (TLV). These TLV's group information into structures and
each of these TLV's can hold another form of data. For example, one for the system name, one for
the power requirements etc. To check this information, use:
- Unidirectional
- Only operates in advertising mode
- Does not solicit for information or monitor state changes between LLDP nodes
- Leverages a L2 multicast frame to notify neighbors of itself and its properties.
01:80:c2:00:00:0e
01:80:c2:00:00:03
01:80:c2:00:00:00
NOTE! The "01" at the start indicates that it's multicast
- Will receive and record all information it receives about it neighbors.
There is an important extension for LLDP called LLDP-MED, where MED stands for Media Endpoint
Discovery. This enhancement was designed with voice applications in mind and works as an
extension between endpoint and network devices. The most used features of LLDP-MED are:
1.2.b UDLD
UDLD (Unidirectional Link Detection) is a Cisco proprietary L2 protocol that enables devices to
monitor the physical status of links and detect unidirectional failures. UDLD is disabled by default.
Except for fiber ports.
A unidirectional link occurs when traffic is transmitted between neighbors in one direction only.
Normally L1 mechanism build into Ethernet will prevent a link from coming up when it's not
functioning properly, but there can be cases when L1 is working fine, but L2 is not, which can cause
an unidirectional link. This can cause a disaster in the network, since spanning tree might open up
the wrong port causing a loop, or traffic is sent to a black hole.
NOTE! Unidirectional links are not very common. Most of the times they are caused by hardware
defects in SFP's or switches.
- Normal. When an unidirectional link is detected, the port is allowed to continue its operation.
Cisco catalyst switches support UDLD on a per-port basis. However there is an option to enable
UDLD on fiber-optic ports globally.
Normal mode:
Aggressive mode:
To reset all interfaces that were shut down because of UDLD you can use:
To do this on a per-port basis, you can toggle the port with the shutdown command or enable err-
disable recovery:
By default a catalyst port is a switchport in the default vlan, but on some devices it can be needed to
use the following command to make a L2-port:
Switch(config-if)# switchport
NOTE! When a port is placed in a VLAN, but the VLAN is deleted. The ports are brought down until
reassigned to another VLAN.
It is also possible to dynamically assign ports to a certain VLAN. This is done based on the MAC-
address of a user and the VLAN database. However this topic is not part of the exam.
An important note is that this VLAN database does not support extended VLANs. When extended
VLANs are created, they are not stored in the database. This is not an issue for a switch as long as
the switch operates in transparent mode. However when a switch with extended VLANs wants to
work with other switches over VTP, these VLAN's will have to be deleted.
An "erase startup-config" does not affect the VLAN database. Use the following command to delete
the VLAN database.
A normal VLAN is a VLAN with a number between 1 and 1005. It can be created with the following
command (except for the defaults on)
A extended VLAN is created the same way, but just with a higher number. Also it's not saved to the
VLAN database, but only to the running config.
NOTE! When a voice VLAN is configured, portfast is automatically enabled on the interface, however
when the voice vlan is removed, portfast is not.
Because VLANs isolate traffic to a defined broadcast domain and subnet, network devices in
different VLANs cannot communicate with each other natively. To communicate with someone in
another VLAN, a Layer 3 routing device is needed. A very common way to obtain routing is a router-
on-a-stick configuration. In that case, a trunk link is setup between the router and the switch. On the
router side of the trunk link there are several virtual VLAN sub-interfaces configured that can handle
the traffic in different VLANs. This is not the best course of actions since you have a single point of
failure. Another option is to work with multilayer switches.
Multilayer switches can use routed ports and virtual interfaces to handle the routing themselves
instead of sending the traffic to an external device. To use routed ports, go to a switchport and use:
Switch(config-if) no switchport
After doing this, you can used the routed port for point-to-point links, like for a WAN connection to
your ISP.
To route VLAN traffic in the hardware of the multilayer switch you can use switch virtual interfaces
(SVI) to do the job. To configure these, use the following commands:
The SVI performs a lot like a routed port and can be used just like it. For example it can be used as
the default gateway for underlying devices.
VTP advertisement are sent as multicast frames. A switch intercepts frames and processes them
locally. These advertisement can also be relayed or forwarded out trunk links toward neighboring
switches in all VTP modes, except off mode. VTP sends these advertisement every 5 minutes to
destination mac-address 01-00-0C-CC-CC-CC on vlan 1 by default.
Advertisements:
- Summary Advertisements: Sent every 300 seconds and/or when there has been a change and
contains information about the management domain.
- Subset Advertisements: Sent after a change and hold information about that change.
- Advertisement Request: Request from a client when it lacks information
VTP keeps track of changes based on a revision number which always starts with 0. After each
change, the number is incremented. A greater number is assumed to be better and changes are
applied. By default, there is no security enabled on the advertisements.
NOTE! Revision numbers are not reset when a switch reloads, so if you implement a new switch,
make sure it does not have an older revision number that is higher than the current one. It will
replace all your data.
- To reset the revision number, set the switch to VTP transparent mode
VTP Modes:
- Server. VTP servers have full control over VLAN creation and modification for their domains.
All VTP information is advertised to other switches in the domain, while all received
information is synchronized with the other switches. By default, a switch is in server mode.
- Client: Cannot create, change or delete a VLAN. Instead the listen to advertisements from
other switches and modify their VLAN configuration accordingly. This is a passive mode. All
received information is forwarded over the trunk links to other switches.
- Transparent: Switches do not participate in transparent mode. A switch does not advertise its
own information and it does not synchronize received information. In VTP version 1, a
transparent switch does not even relay the information. It does in version 2
- Off: Nothing is done. No synchronization or relay of information.
Versions:
Configuration:
- VTP version
Switch(config)# vtp version {1 | 2 | 3}
- Domain
Switch(config)# vtp domain domain-name
- Mode
Switch(config)# vtp mode {server | client | transparent | off}
- Password, used for secure VTP. Start with a password on the servers and move on to the
clients.
Switch(config)# vtp password password {hidden | secret}
Hidden only support on v3
Status:
Pruning:
- VTP pruning occurs as an extension to version 1, using an additional VTP message type. When
a switch has a port associated with a VLAN, the switch sends an advertisement to its neighbor
switches that have an active port in that VLAN. The neighbor keeps that information, enabling
them to decide whether flooded traffic from a VLAN should be allowed on the trunk links.
- To enable pruning
Switch(config)# vtp pruning
If this option is enabled on a server, it will announce to all switches to enable this
feature.
- VLAN 1 and VLAN 1002-1005 cannot be pruned. Extended VLAN 1005+ can also not be pruned
1.4.b dot1Q
Next to Cisco's proprietary standard ISL, there is dot1q for tagging frames on a link. It's an open
standard that is supported by almost all vendors.
Instead of encapsulating a header on each frame, dot1q embeds its tagging information within the
L2 frame, more specifically there is a 4-byte VLAN tag in the Ethernet Header. This method is
referred to as single tagging or internal tagging.
Switch(config-if)# switchport
Switch(config-if)# switchport mode {trunk | dyanmic {disirable | auto}}
Switch(config-if)# switchport trunk encapsulation {isl | dot1q | negotiate}
Switch(config-if)# switchport trunk native vlan vlan-id
Switch(config-if)# switchport trunk allow vlan {vlan-list | all} {add | except | remove}
Also, if you would like to tag native VLAN traffic to, you can use the following command.
This is used when you want all control traffic (CDP, VTP, STP, etc) to be tagged to.
Switch(config-if)# switchport trunk pruning vlan {{{add | except | remove} vlan-list | none}
You can also manually prune networks by changing the trunk allow list on a trunk link
- It relies on the existing switch ports, so there is no need to upgrade to new hardware
- Most of the configuration task can be done on the Etherchannel interface instead of each on
the individual ports, thus enforcing configuration consistency
- Load balancing is possible between the links of the same Etherchannel
LACP
LACP (Link Aggregation Control Protocol) is part of an IEEE specification (802.3ad) that allows several
ports to be bundled together to form a single logical channel. LACP allows a switch to negotiate an
automatic bundle by sending LACP packets to the peer. LACP checks for consistency and manages
additions and failures between switches. In ensures that when EtherChannel is created, all ports
have the same type of configuration speed, duplex setting and VLAN information. Any change made
on a port will also trigger a change on all other ports.
Modes:
Active Passive
Active Yes Yes
Passive Yes No
Configuration parameters:
- System Priority. Each switch running LACP must have a system priority which is based on the
MAC address automatically or set through the CLI.
- Port Priority. Each port in the must have a port priority which is set automatically based on the
port identifier or through the CLI. This priority is needed to determine which ports will be
standby and which will not.
- Administrative key. Each port in the switch must have an administrative key value, which can
be specified automatically or through CLI. The administrative key determines the capability of
a port to aggregate with other ports.
PAgP
PAgP (Port Aggregation Protocol) provides the same negotiation benefits as LACP, but is Cisco
proprietary.
Manual
- No negotiation
Guidelines:
Configuration:
Verify:
Layer 3:
- On layer 3 switches, you can convert switched ports to routed ports. You can also create
EtherChannel links on layer 3 links.
Default configuration can differ from switch to switch, but most of the time the load balancing
method src-dst-ip is chosen.
To configure:
To verify:
The hash algorithm calculates a binary pattern that selects a link within the bundle to forward the
traffic over. Traffic between to devices will always be sent over the same link. Furthermore, if only
one address or port is hashed, a switch looks at one or more low-order bits of the hash value. The
switch then uses those bits as index values to decide over which links in the bundle to send the
frames. The more addresses or ports there are, the more bits are used.
Example:
Enabling this feature (is on by default) you will see syslog messages when there is a configuration
mismatch
STP provides loop resolution by managing the physical path to the given network segment, by
performing three steps:
To participate in the spanning tree process, a switch port must go through several states. A port will
always start in the disabled state and will move through several states when it is enabled.
When a switch moves a port into a forwarding or blocking state it means the topology is changing.
The switch announces that change with a TCN BPDU out from the root port. This advertisement does
not contain data on the change, it just tells them it's coming. When the root receives this message it
first sends an acknowledgement and then signals all other switches to change to topology. There are
three forms of change:
- Direct topology change is when a link failure is detected and a TCN is sent. All switches lower
shorten the bridge again timer and with two times the forward delay convergence is run.
Normally the aging timer is 300 seconds.
- Indirect topology change is when the device connected to a port like a firewalls starts filtering
the traffic of whatever and no BPDUs are received. Then it takes about 50 seconds, since no
TCN is sent to let everyone know that something happened. Everyone just has to wait for the
timers to run out since no BPDU's are received.
- Insignificant topology changes. For example when a PC is turned off. This does not affect the
STP topology.
PVST+
By default Cisco switches use PVST+. This is a Cisco proprietary protocol that allows one spanning-
tree instance per VLAN. Each VLAN can have a different root, which allows for load balancing over
redundant links when they are assigned to different VLANs. To do this you need a new BID for
switches. The BIDs in PVST+ contain:
- Bridge priority. A 4-bit field used to carry bridge priority. The default priority is 32.768. The
priority can be altered in steps of 4096.
- Extended system ID. 12-bit field carrying the VLAN ID
- MAC address. 6-byte field with the MAC address of the switch
RSTP
Rapid Spanning Tree Protocol (RSTP) is an evolution (802.1w) of the default STP, but with faster
convergence timers. It also has a few new post role and state to help with that faster convergence.
RSTP is also backwards compatible with the old STP variant. It can operates with legacy bridges on a
per-port basis. The benefits of RSTP do obviously not work on those ports.
- Root. The root port is the switch port on every non-root bridge that holds the path to the root
bridge.
- Designated. Downstream port. One for each segment.
- Alternate. Offers alternate port to root. It assumes the discarding state in an active topology.
- Backup, alternate port to designated switch. Also has the discarding state.
RSTP loses the listening and blocking state and only works with discarding, learning and forwarding:
RSTP only initiates a topology change when a non-edge port transitions to the forwarding state. This
means that loss of connectivity is no longer a reason in contrary to normal STP. A switch sends out a
BPDU with its TC bit set out of all non-edge designated ports. When a switch receives the message it
- Point-to-point. Operating in full duplex mode, assumes it's connected to one device
- Shared. Operating in half duplex mode, assumes it's connected to multiple devices
- Edge port link. Ports connected to end devices
For example, edge port link can be transitioned to the forwarding state immediately.
RPVST+
MST
Multiple Spanning Tree (MST) extends the RST algorithm to multiple spanning trees. The purpose of
MST is to reduce the total number of spanning-tree instances to match the physical topology of the
network and thus reduce the CPU cycles needed for a switch. Where PVST+ runs a spanning tree
instance for all VLANs, MST only uses a minimal set of instances.
MST allows for the building of multiple spanning trees over trunks by grouping and associating
VLANs to spanning-tree instances. Each instance may have a topology that is independent of other
spanning-tree instances. This architecture provides multiple forwarding paths for data traffic and
enables load balancing. A failure in one instance, does not affect others.
MST works with the concept of regions. Switches that are configured to use MST need to find out if
their neighbors are running MST.
When switches have the same attributes they will be in the same region. It's possible to have one or
more regions and do to so, the following attributes must match:
Within the MST region we will have one instance of spanning tree that will create a loop free
topology within the region. When you configure MST there is always one default instance used to
- Decide how many instances are needed in the switched topology, and keep in mind that an
instance translates to a logical topology
- Decide what VLANs to map onto those instances, and select a primary and secondary root
- Choose a configuration name, revision number that will be common to all switched in the
network.
- Avoid mapping VLANs in instance 0
Configuration:
To verify:
The command above learns the current root priority and lowers it by 4096. The other way to set the
priority manually:
Port priority
- If two possible root ports have the same cost, port priority is used to break the tie.
Port priority (128 by default)
If the priority is the same, port ID is used. Lowest wins
Note! Port ID selection is based on the port ID of the advertised neighboring switch
- Designated ports are based on:
Lowest root BID
Lowest root path cost to root bridge
Lowest sender BID
Lowest sender port ID
Path cost
- Ports with the lowest path cost to the root bridge are called root ports
To determine path costs. Bandwidth is used
10 Gbpps = 1
STP timers
- Hello time. The time between each BPDU that is sent on a port.
2 seconds by default
Can be changed between 1 and 10 seconds
- Forward delay. The time that is spent in the listening and learning state.
15 seconds by default, per state!
Can be changed between 4 and 30 seconds
- Maximum age. Controls the length of time that passes before a bridge port saves its
configuration BPDU information.
20 seconds by default
Can be changed between 6 and 40 seconds
When changing timers, you should do so on the root bridge. The root bridge will tell the rest of the
network.
To verify:
When a device on an access port comes online, it takes about 30 seconds to go through blocking,
listening and learning state until it becomes forwarding. When PortFast is enabled. This can be done
much faster. Ports transition immediately from blocking to forwarding.
NOTE! Do not enable this on ports between switches. This can cause bridging loops.
PortFast is disabled by default, but can be enabled on an interface and globally. The global option
will only work for devices defined as access ports. If you want PortFast on a trunk link. You will have
to do it manually. Also, only do this when the trunk link is connected to a server or something. Not a
switch.
To verify:
NOTE! When a BPDU is received on a PortFast ports, this port immediately is set to a blocking state.
BPDU Guard
Like I said in the last topic. When a BPDU is received on a PortFast port, it is placed in a blocking
state. However this does not always protect the network against bridging loops, since a loop cannot
always be detected (in time). BPDU Guard is a feature that helps with this. Instead of just placing a
port in a blocking state. The port is placed in an error disable state when a BDPU is received. The
port will have to be manually recovered or through error disable recovery.
NOTE! This technique only works when a BPDU is detected. Unmanaged switch that do not send
BPDUs can still create a loop
Configuration can be done on an interface or on all ports that have PortFast enabled.
To verify:
BPDU Filter
Sometimes it can be useful to not always shut a port when a BPDU is enabled. For example, Service
Providers with customer networks connected all over do not want to share their spanning tree
topology with them. For situation like this, there is a BDPU filter that simply filters out all BDPU
when received on a PortFast port.
BDPU Filter can be configured globally or on a per-port basis, but do note, both situations have
different effects. When enabling the filter on a port:
To configure:
To verify:
When a forwarding uplink fails. It can take 30-50 seconds for another uplink to become active. To do
this, UplinkFast uses an uplink group. That group consists of the root and all alternate ports. When
the root port fails, the next port in the group with the lowest path cost is made active. To accelerate
the recovery time, the access switch will send dummy frames to the new forwarding port with all
MAC addresses as source, to populate the CAM table fast. Recovery time is therefore less than a
second.
It is recommended to only enable this feature on access switch with redundant links to the
distribution layer. Also RSTP has also integrated this feature by default.
BackboneFast
In the backbone, core and distribution layer BackboneFast can be used for fast convergence in non-
RSTP networks. When link fails, BackboneFast looks for an alternate path to the root bridge The
switch does this by declaring itself root when its uplink to the root bridge fails. It start by sending a
lot of BPDUs to all switches. However these BPDU's are inferior to the "real" root bridge ones.
Normally switches will not respond to inferior ones until the max aging time has passed, but when
an inferior frame is received on a block port. The switch assumes that it lost connectivity to the root
bridge.
After the switch identifies potential alternative ports, it starts sending Request Link Queries (RLQ).
These messages are fowarded until they reach the root bridge or a switch that has a connection to
the root bridge. In that case, a reply is sent. With this information, a switch that lost its connection
with the root bridge can find a new root fast.
When one of the ports in a physically redundant topology no longer receives BPDUs, the STP
conceives that the topology is loop free. Eventually, the blocking port from the alternate or backup
port becomes designated and moves to a forwarding state. This situation creates a loop.
The LoopGuard feature makes additional checks. If BPDUs are not received on a non-designated
port, and LoopGuard is enabled, that port is moved into a blocking state. Without the LoopGuard
feature, this port would have become forwarding and created a loop.
Configuration:
RootGuard
RootGuard is useful in avoiding Layer 2 loops during network anomalies. The RootGuard feature
forces an interface to become a designated port to prevent surrounding switches from becoming the
root bridge. To do this, when a superior BPDU is received on a RootGuard port, the port moves to a
STP-inconsistent state.
Configuration:
NOTE!
- A destination port cannot also be a source port
- Some platforms allow for more than one destination port
- Destination ports do not act as normal ports and do not participate in spanning-tree and so on.
Normal traffic flows through a destination.
Configuration:
Verify:
SPAN also supports monitoring traffic from an entire VLAN. In a single switch, this feature can be
useful, but do note that having an entire VLAN as a source might be to much for a switch to handle.
Next to the local SPAN feature above, you also have remote SPAN (RSPAN). With this feature you
can take traffic beyond a single switch to the network. It enables you to capture traffic on different
switch in the network. This can be helpful in a large network were you don't always have access to a
local sniffer. To do this you will need a special VLAN dedicated to trafficking the SPAN traffic.
Verify:
Filter
When you have a trunk port as the source of your SPAN session and you want only to see traffic for
1.8.a Stackwise
Cisco StackWirse technology provides a method for collectively utilizing the capabilities of a stack of
switches. Configuration and routing information is shared by every switch in the stack, creating a
single switching unit. Switches can be added to and deleted from a working stack without affecting
performance.
Switches can be stacked into a single logical unit, using special stack interconnect cables that create
a bidirectional closed-loop path. This bidirectional path acts as a switch fabric for all connected
switches. You can reach up to 32Gbps in both directions in the stack ring.
NOTE! All switches share almost everything except for STP. Each switch has their own spanning trees
for the VLANs they support. The master switch keeps a copy of all spanning tree tables for each
VLAN in the stack. When a VLAN is removed or added, all the switches are notified to update.
Cisco 3750-E, 3750-X and 3850 series switches support StackWise and you can support up to 9
switches. Catalyst 2960-S series support FlexStack, which is tailored for L2 switches and support up
to four switches.
Benefits:
Verify:
1.8.b VSS
This topic is not on the study guide, but is in the book. VSS (Virtual Switching System) is a network
system virtualization technology the combines a pair of Catalyst 4500 or 6500 switches into one
virtual switch. This helps with:
- Operational efficiency
- Boosting nonstop communications
- Scaling the system bandwidth capacity
- Simplifies network configuration and operation by reducing the number of Layer 3 routing
neighbors and providing a loop-free Layer 2 topology.
To setup a VSS you need a dedicated link between the two units, the Virtual switching link (VSL).
When this link is up, only one of the control places is active. Both chassis are kept in sync at all times,
so that a failover is possible upon failure. When all links in a VSL fail, the VSS transitions to the dual
active recovery mode, and only the new active virtual switch continues to forward traffic. To do this,
all interfaces are shut down on the formerly active virtual switch member, but the new active switch
NOTE! Neighbors see the VSS as a single L2 switching or L3 routing node, thus reducing control plane
traffic. There is also no need for a FHRP like HSRP.
Verify:
Redundancy modes:
- RPR, the redundant supervisor is only partially booted and initialized. When the active
modules fails, the standby module must reload every module in the switch and then initialize
all the supervisor functions. Takes >2 minutes.
- RPR+. The redundant supervisor is booted, allowing the supervisor and route engine to
initialize. No layer2 or layer3 functions are started. When the active modules fails, the standby
modules finishes initializing without reloading other swichs modules. This allows switch ports
to retain their state. Takes >30 seconds
- SSO. The redundant supervisor is fully booted and initialized. Both the startup and running
configuration contents are synchronized so that hardware switching can continue during a
failover. The state of the switch interfaces is also maintained on both supervisors so that links
do not flap during a failover. Takes > 1 second
You can enable another redundancy feature along with SSO. NSF is an interactive method that
focuses on quickly rebuilding the routing information base (RIB) table after a supervisor failover. The
RIB is used to generate the Forwarding information base (FIB) for CEF. With this you can provide
nonstop forwarding in the event of a failure of one of the supervisors.