| |
| |
| |
Analyzing the Cisco Enterprise Campus Architecture | |
| |
| |
Introduction to Enterprise Campus Network Design | |
| |
| |
Regulatory Standards Driving Enterprise Architectures | |
| |
| |
Campus Designs | |
| |
| |
Legacy Campus Designs | |
| |
| |
Hierarchical Models for Campus Design | |
| |
| |
Impact of Multilayer Switches on Network Design | |
| |
| |
Ethernet Switching Review | |
| |
| |
Layer 2 Switching | |
| |
| |
Layer 3 Switching | |
| |
| |
Layer 4 and Layer 7 Switching | |
| |
| |
Layer 2 Switching In-Depth | |
| |
| |
Layer 3 Switching In-Depth | |
| |
| |
Understanding Multilayer Switching | |
| |
| |
Introduction to Cisco Switches | |
| |
| |
Cisco Catalyst 6500 Family of Switches | |
| |
| |
Cisco Catalyst 4500 Family of Switches | |
| |
| |
Cisco Catalyst 4948G, 3750, and 3560 Family of Switches | |
| |
| |
Cisco Catalyst 2000 Family of Switches | |
| |
| |
Nexus 7000 Family of Switches | |
| |
| |
Nexus 5000 and 2000 Family of Switches | |
| |
| |
Hardware and Software-Switching Terminology | |
| |
| |
Campus Network Traffic Types | |
| |
| |
Peer-to-Peer Applications | |
| |
| |
Client/Server Applications | |
| |
| |
Client-Enterprise Edge Applications | |
| |
| |
Overview of the SONA and Borderless Networks | |
| |
| |
Enterprise Campus Design | |
| |
| |
Access Layer In-Depth | |
| |
| |
Distribution Layer | |
| |
| |
Core Layer | |
| |
| |
The Need for a Core Layer | |
| |
| |
Campus Core Layer as the Enterprise Network Backbone | |
| |
| |
Small Campus Network Example | |
| |
| |
Medium Campus Network Example | |
| |
| |
Large Campus Network Design | |
| |
| |
Data Center Infrastructure | |
| |
| |
PPDIOO Lifecycle Approach to Network Design and Implementation | |
| |
| |
PPDIOO Phases | |
| |
| |
Benefits of a Lifecycle Approach | |
| |
| |
Planning a Network Implementation | |
| |
| |
Implementation Components | |
| |
| |
Summary Implementation Plan | |
| |
| |
Detailed Implementation Plan | |
| |
| |
Summary | |
| |
| |
Review Questions | |
| |
| |
| |
Implementing VLANs in Campus Networks | |
| |
| |
Implementing VLAN Technologies in a Campus Network | |
| |
| |
VLAN Segmentation Model | |
| |
| |
End-to-End VLAN | |
| |
| |
Local VLAN | |
| |
| |
Comparison of End-to-End VLANs and Local VLANs | |
| |
| |
Mapping VLANs to a Hierarchical Network | |
| |
| |
Planning VLAN Implementation | |
| |
| |
Best Practices for VLAN Design | |
| |
| |
Configuring VLANs | |
| |
| |
VLAN Ranges | |
| |
| |
Verifying the VLAN Configuration | |
| |
| |
Troubleshooting VLANs | |
| |
| |
Troubleshooting Slow Throughput | |
| |
| |
Troubleshooting Communication Issues | |
| |
| |
Implementing Trunking in Cisco Campus Network | |
| |
| |
Trunking Protocols | |
| |
| |
Understanding Native VLAN in 802.1Q Trunking | |
| |
| |
Understanding DTP | |
| |
| |
Cisco Trunking Modes and Methods | |
| |
| |
VLAN Ranges and Mappings | |
| |
| |
Best Practices for Trunking | |
| |
| |
Configuring 802.1Q Trunking | |
| |
| |
Verifying Trunking Configurations | |
| |
| |
Troubleshooting Trunking | |
| |
| |
VLAN Trunking Protocol | |
| |
| |
VTP Pruning | |
| |
| |
VTP Versions | |
| |
| |
VTP Versions 1 and 2 | |
| |
| |
VTP Version 3 | |
| |
| |
VTP Messages Types | |
| |
| |
Summary Advertisements | |
| |
| |
Subset Advertisements | |
| |
| |
Advertisement Requests | |
| |
| |
VTP Authentication | |
| |
| |
Best Practices for VTP Implementation | |
| |
| |
Configuring VTP | |
| |
| |
Verifying the VTP Configuration | |
| |
| |
Troubleshooting VTP | |
| |
| |
Private VLANs | |
| |
| |
Private VLANs Overview | |
| |
| |
Private VLANs and Port Types | |
| |
| |
Private VLAN Configuration | |
| |
| |
Configuring Private VLANs in Cisco IOS | |
| |
| |
Verifying Private VLAN | |
| |
| |
Private VLAN Configuration Example | |
| |
| |
Single Switch Private Configuration | |
| |
| |
Private VLAN Configuration Across Switches | |
| |
| |
Port Protected Feature | |
| |
| |
Configuring Link Aggregation with EtherChannel | |
| |
| |
Describe EtherChannel | |
| |
| |
PAgP and LACP Protocols | |
| |
| |
PAgP Modes | |
| |
| |
LACP Modes | |
| |
| |
Configure Port Channels Using EtherChannel | |
| |
| |
Guidelines for Configuring EtherChannel | |
| |
| |
Layer 2 EtherChannel Configuration Steps | |
| |
| |
Verifying EtherChannel | |
| |
| |
EtherChannel Load Balancing Options | |
| |
| |
Summary | |
| |
| |
Review Questions | |
| |
| |
| |
Implementing Spanning Tree | |
| |
| |
Evolution of Spanning Tree Protocols | |
| |
| |
Spanning Tree Protocol Basics | |
| |
| |
STP Operation | |
| |
| |
Rapid Spanning Tree Protocol | |
| |
| |
RSTP Port States | |
| |
| |
RSTP Port Roles | |
| |
| |
Rapid Transition to Forwarding | |
| |
| |
RSTP Topology Change Mechanism | |
| |
| |
Bridge Identifier for PVRST+ | |
| |
| |
Compatibility with 802.1D | |
| |
| |
Cisco Spanning Tree Default Configuration | |
| |
| |
PortFast | |
| |
| |
Configuring the PortFast Feature | |
| |
| |
Configuring the Basic Parameters of PVRST+ | |
| |
| |
Multiple Spanning Tree | |
| |
| |
MST Regions | |
| |
| |
Extended System ID for MST | |
| |
| |
Configuring MST | |
| |
| |
Spanning Tree Enhancements | |
| |
| |
BPDU Guard | |
| |
| |
BPDU Filtering | |
| |
| |
Root Guard | |
| |
| |
Preventing Forwarding Loops and Black Holes | |
| |
| |
Loop Guard | |
| |
| |
UDLD | |
| |
| |
Comparison Between Aggressive Mode UDLD and Loop Guard | |
| |
| |
Flex Links | |
| |
| |
Recommended Spanning Tree Practices | |
| |
| |
Troubleshooting STP | |
| |
| |
Potential STP Problems | |
| |
| |
Duplex Mismatch | |
| |
| |
Unidirectional Link Failure | |
| |
| |
Frame Corruption | |
| |
| |
Resource Errors | |
| |
| |
PortFast Configuration Error | |
| |
| |
Troubleshooting Methodology | |
| |
| |
Develop a Plan | |
| |
| |
Isolate the Cause and Correct an STP Problem | |
| |
| |
Document Findings | |
| |
| |
Summary | |
| |
| |
References | |
| |
| |
Review Questions | |
| |
| |
| |
Implementing Inter-VLAN Routing | |
| |
| |
Describing Inter-VLAN Routing | |
| |
| |
Introduction to Inter-VLAN Routing | |
| |
| |
Inter-VLAN Routing Using an External Router (Router-on-a-Stick) | |
| |
| |
External Router: Advantages and Disadvantages | |
| |
| |
Inter-VLAN Routing Using Switch Virtual Interfaces | |
| |
| |
SVI: Advantages and Disadvantages | |
| |
| |
Routing with Routed Ports | |
| |
| |
Routed Port: Advantage and Disadvantages | |
| |
| |
L2 EtherChannel Versus L3 EtherChannel | |
| |
| |
Configuring Inter-VLAN Routing | |
| |
| |
Inter-VLAN Configuration with External Router | |
| |
| |
Implementation Planning | |
| |
| |
Inter-VLAN Configuration with SVI | |
| |
| |
Implementation Plan | |
| |
| |
Switch Virtual Interface Configuration | |
| |
| |
SVI Autostate | |
| |
| |
Configuring Routed Port on a Multilayer Switch | |
| |
| |
Verifying Inter-VLAN Routing | |
| |
| |
Troubleshooting Inter-VLAN Problems | |
| |
| |
Example of a Troubleshooting Plan | |
| |
| |
Configuration of Layer 3 EtherChannel | |
| |
| |
Routing Protocol Configuration | |
| |
| |
Verifying Routing Protocol | |
| |
| |
Implementing Dynamic Host Configuration Protocol in a Multilayer Switched Environment | |
| |
| |
DHCP Operation | |
| |
| |
Configuring DHCP and Verifying DHCP | |
| |
| |
Configure DHCP on the Multilayer Switch | |
| |
| |
Configure DHCP Relay | |
| |
| |
Verifying DHCP Operation | |
| |
| |
Deploying CEF-Based Multilayer Switching | |
| |
| |
Multilayer Switching Concepts | |
| |
| |
Explaining Layer 3 Switch Processing | |
| |
| |
CAM and TCAM Tables | |
| |
| |
Distributed Hardware Forwarding | |
| |
| |
Cisco Switching Methods | |
| |
| |
Route Caching | |
| |
| |
Topology-Based Switching | |
| |
| |
CEF Processing | |
| |
| |
CEF Operation and Use of TCAM | |
| |
| |
CEF Modes of Operation | |
| |
| |
Address Resolution Protocol Throttling | |
| |
| |
Sample CEF-Based MLS Operation | |
| |
| |
CEF-Based MLS Load Sharing | |
| |
| |
Configuring CEF and Verifying CEF Configuration | |
| |
| |
CEF-Based MLS Configuration | |
| |
| |
CEF-Based MLS Verification | |
| |
| |
Troubleshooting CEF | |
| |
| |
Summary | |
| |
| |
Review Questions | |
| |
| |
| |
Implementing High Availability and Redundancy in a Campus Network | |
| |
| |
Understanding High Availability | |
| |
| |
Components of High Availability | |
| |
| |
Redundancy | |
| |
| |
Technology | |
| |
| |
People | |
| |
| |
Processes | |
| |
| |
Tools | |
| |
| |
Resiliency for High Availability | |
| |
| |
Network-Level Resiliency | |
| |
| |
High Availability and Failover Times | |
| |
| |
Optimal Redundancy | |
| |
| |
Provide Alternate Paths | |
| |
| |
Avoid Too Much Redundancy | |
| |
| |
Avoid Single Point of Failure | |
| |
| |
Cisco NSF with SSO | |
| |
| |
Routing Protocols and NSF | |
| |
| |
Implementing High Availability | |
| |
| |
Distributed VLANs on Access Switches | |
| |
| |
Local VLANs on Access Switches | |
| |
| |
Layer 3 Access to the Distribution Interconnection | |
| |
| |
Daisy Chaining Access Layer Switches | |
| |
| |
StackWise Access Switches | |
| |
| |
Too Little Redundancy | |
| |
| |
Implementing Network Monitoring | |
| |
| |
Network Management Overview | |
| |
| |
Syslog | |
| |
| |
Syslog Message Format | |
| |
| |
Configuring Syslog | |
| |
| |
SNMP | |
| |
| |
SNMP Versions | |
| |
| |
SNMP Recommendations | |
| |
| |
Configuring SNMP | |
| |
| |
IP Service Level Agreement | |
| |
| |
IP SLA Measurements | |
| |
| |
IP SLA Operations | |
| |
| |
IP SLA Source and Responder | |
| |
| |
IP SLA Operation with Responder | |
| |
| |
IP SLA Responder Timestamps | |
| |
| |
Configuring IP SLA | |
| |
| |
Implementing Redundant Supervisor Engines in Catalyst Switches | |
| |
| |
Route Processor Redundancy | |
| |
| |
Route Processor Redundancy Plus | |
| |
| |
Configuring and Verifying RPR+ Redundancy | |
| |
| |
Stateful Switchover (SSO) | |
| |
| |
Configuring and Verifying SSO | |
| |
| |
NSF with SSO | |
| |
| |
Configuring and Verifying NSF with SSO | |
| |
| |
Understanding First Hop Redundancy Protocols | |
| |
| |
Introduction to First Hop Redundancy Protocol | |
| |
| |
Proxy ARP | |
| |
| |
Static Default Gateway | |
| |
| |
Hot Standby Router Protocol (HSRP) | |
| |
| |
HSRP States | |
| |
| |
HSRP State Transition | |
| |
| |
HSRP Active Router and Spanning Tree Topology | |
| |
| |
Configuring HSRP | |
| |
| |
HSRP Priority and Preempt | |
| |
| |
HSRP Authentication | |
| |
| |
HSRP Timer Considerations and Configuration | |
| |
| |
HSRP Versions | |
| |
| |
HSRP Interface Tracking | |
| |
| |
HSRP Object Tracking | |
| |
| |
HSRP and IP SLA Tracking | |
| |
| |
Multiple HSRP Groups | |
| |
| |
HSRP Monitoring | |
| |
| |
Virtual Router Redundancy Protocol | |
| |
| |
VRRP Operation | |
| |
| |
VRRP Transition Process | |
| |
| |
Configuring VRRP | |
| |
| |
Gateway Load Balancing Protocol | |
| |
| |
GLBP Functions | |
| |
| |
GLBP Features | |
| |
| |
GLBP Operations | |
| |
| |
GLBP Interface Tracking | |
| |
| |
GLBP Configuration | |
| |
| |
GLBP with VLAN Spanning Across Access Layer Switches | |
| |
| |
Cisco IOS Server Load Balancing | |
| |
| |
Cisco IOS SLB Modes of Operation | |
| |
| |
Configuring the Server Farm in a Data Center with Real Servers | |
| |
| |
Configuring Virtual Servers | |
| |
| |
Summary | |
| |
| |
Review Questions | |
| |
| |
| |
Securing the Campus Infrastructure | |
| |
| |
Switch Security Fundamentals | |
| |
| |
Security Infrastructure Services | |
| |
| |
Unauthorized Access by Rogue Devices | |
| |
| |
Layer 2 Attack Categories | |
| |
| |
Understanding and Protecting Against MAC Layer Attack | |
| |
| |
Suggested Mitigation for MAC Flooding Attacks | |
| |
| |
Port Security | |
| |
| |
Port Security Scenario 1 | |
| |
| |
Port Security Scenario 2 | |
| |
| |
Configuring Port Security | |
| |
| |
Caveats to Port Security Configuration Steps | |
| |
| |
Verifying Port Security | |
| |
| |
Port Security with Sticky MAC Addresses | |
| |
| |
Blocking Unicast Flooding on Desired Ports | |
| |
| |
Understanding and Protecting Against VLAN Attacks | |
| |
| |
VLAN Hopping | |
| |
| |
VLAN Hopping with Double Tagging | |
| |
| |
Mitigating VLAN Hopping | |
| |
| |
VLAN Access Control Lists | |
| |
| |
Configuring VACL | |
| |
| |
Understanding and Protecting Against Spoofing Attacks | |
| |
| |
Catalyst Integrated Security Features | |
| |
| |
DHCP Spoofing Attack | |
| |
| |
DHCP Snooping | |
| |
| |
ARP Spoofing Attack | |
| |
| |
Preventing ARP Spoofing Through Dynamic | |
| |
| |
ARP Inspection | |
| |
| |
IP Spoofing and IP Source Guard | |
| |
| |
Configuring IPSG | |
| |
| |
Securing Network Switches | |
| |
| |
Neighbor Discovery Protocols | |
| |
| |
Cisco Discovery Protocol | |
| |
| |
Configuring CDP | |
| |
| |
Configuring LLDP | |
| |
| |
CDP Vulnerabilities | |
| |
| |
Securing Switch Access | |
| |
| |
Telnet Vulnerabilities | |
| |
| |
Secure Shell | |
| |
| |
VTY ACLs | |
| |
| |
HTTP Secure Server | |
| |
| |
Authentication Authorization Accounting (AAA) | |
| |
| |
Security Using IEEE 802.1X Port-Based Authentication | |
| |
| |
Configuring 802.1X | |
| |
| |
Switch Security Considerations | |
| |
| |
Organizational Security Policies | |
| |
| |
Securing Switch Devices and Protocols | |
| |
| |
Configuring Strong System Passwords | |
| |
| |
Restricting Management Access Using ACLs | |
| |
| |
Securing Physical Access to the Console | |
| |
| |
Securing Access to vty Lines | |
| |
| |
Configuring System Warning Banners | |
| |
| |
Disabling Unneeded or Unused Services | |
| |
| |
Trimming and Minimizing Use of CDP/LLDP | |
| |
| |
Disabling the Integrated HTTP Daemon | |
| |
| |
Configuring Basic System Logging | |
| |
| |
Securing SNMP | |
| |
| |
Limiting Trunking Connections and Propagated VLANs | |
| |
| |
Securing the Spanning-Tree Topology | |
| |
| |
Mitigating Compromises Launched Through a Switch | |
| |
| |
Troubleshooting Performance and Connectivity | |
| |
| |
Techniques to Enhance Performance | |
| |
| |
Monitoring Performance with SPAN and VSPAN | |
| |
| |
Using SPAN to Monitor the CPU Interface of Switches | |
| |
| |
Monitoring Performance with RSPAN | |
| |
| |
Monitoring Performance with ERSPAN | |
| |
| |
Monitoring Performance Using VACLs with the Capture Option | |
| |
| |
Troubleshooting Using L2 Traceroute | |
| |
| |
Enhancing Troubleshooting and Recovery Using Cisco IOS Embedded Event Manager | |
| |
| |
Performance Monitoring Using the Network Analysis Module in the Catalyst 6500 Family of Switches | |
| |
| |
Summary | |
| |
| |
Review Questions | |
| |
| |
| |
Preparing the Campus Infrastructure for Advanced Services | |
| |
| |
Planning for Wireless, Voice, and Video Application in the Campus Network | |
| |
| |
The Purpose of Wireless Network Implementations in the Campus Network | |
| |
| |
The Purpose of Voice in the Campus Network | |
| |
| |
The Purpose of Video Deployments in the Campus Network | |
| |
| |
Planning for the Campus Network to Support Wireless Technologies | |
| |
| |
Introduction to Wireless LANs (WLAN) | |
| |
| |
Cisco WLAN Solutions as Applied to Campus Networks | |
| |
| |
Comparing and Contrasting WLANs and LANs | |
| |
| |
Standalone Versus Controller-Based Approaches to WLAN | |
| |
| |
Deployments in the Campus Network | |
| |
| |
Controller-Based WLAN Solution | |
| |
| |
Traffic Handling in Controller-Based Solutions | |
| |
| |
Traffic Flow in a Controller-Based Solution | |
| |
| |
Hybrid Remote Edge Access Points (HREAP) | |
| |
| |
Review of Standalone and Controller-Based WLAN Solutions | |
| |
| |
Gathering Requirements for Planning a Wireless Deployment | |
| |
| |
Planning for the Campus Network to Support Voice | |
| |
| |
Introduction to Unified Communications | |
| |
| |
Campus Network Design Requirements for Deploying VoIP | |
| |
| |
Planning for the Campus Network to Support Video | |
| |
| |
Voice and Video Traffic | |
| |
| |
Video Traffic Flow in the Campus Network | |
| |
| |
Design Requirements for Voice, Data, and Video in the Campus Network | |
| |
| |
Understanding QoS | |
| |
| |
QoS Service Models | |
| |
| |
AutoQoS | |
| |
| |
Traffic Classification and Marking | |
| |
| |
DSCP, ToS, and CoS | |
| |
| |
Classification | |
| |
| |
Trust Boundaries and Configurations | |
| |
| |
Marking | |
| |
| |
Traffic Shaping and Policing | |
| |
| |
Policing | |
| |
| |
Congestion Management | |
| |
| |
FIFO Queuing | |
| |
| |
Weighted Round Robin Queuing | |
| |
| |
Priority Queuing | |
| |
| |
Custom Queuing | |
| |
| |
Congestion Avoidance | |
| |
| |
Tail Drop | |
| |
| |
Weighted Random Early Detection | |
| |
| |
Implementing IP Multicast in the Campus Network | |
| |
| |
Introduction to IP Multicast | |
| |
| |
Multicast IP Address Structure | |
| |
| |
Reserved Link Local Addresses | |
| |
| |
Globally Scoped Addresses | |
| |
| |
Source-Specific Multicast Addresses | |
| |
| |
GLOP Addresses | |
| |
| |
Limited-Scope Addresses | |
| |
| |
Multicast MAC Address Structure | |
| |
| |
Reverse Path Forwarding | |
| |
| |
Multicast Forwarding Tree | |
| |
| |
Source Trees | |
| |
| |
Shared Trees | |
| |
| |
Comparing Source Trees and Shared Trees | |
| |
| |
IP Multicast Protocols | |
| |
| |
PIM | |
| |
| |
Automating Distribution of RP | |
| |
| |
Auto-RP | |
| |
| |
Bootstrap Router | |
| |
| |
Comparison and Compatibility of PIM Version 1 and Version 2 | |
| |
| |
Configuring Internet Group Management Protocol | |
| |
| |
IGMPv1 | |
| |
| |
IGMPv2 | |
| |
| |
IGMPv3 | |
| |
| |
IGMPv3 Lite | |
| |
| |
IGMP Snooping | |
| |
| |
Preparing the Campus Infrastructure to Support Wireless | |
| |
| |
Wireless LAN Parameters | |
| |
| |
Configuring Switches to Support WLANs | |
| |
| |
Preparing the Campus Network for Integration of a Standalone WLAN Solution | |
| |
| |
Preparing the Campus Network for Integration of a Controller-Based WLAN Solution | |
| |
| |
Preparing the Campus Infrastructure to Support Voice | |
| |
| |
IP Telephony Components | |
| |
| |
Configuring Switches to Support VoIP | |
| |
| |
Voice VLANs | |
| |
| |
QoS for Voice Traffic from IP Phones | |
| |
| |
Power over Ethernet | |
| |
| |
Additional Network Requirements for VoIP | |
| |
| |
Preparing the Campus Infrastructure to Support Video | |
| |
| |
Video Components | |
| |
| |
Configuring Switches to Support Video | |
| |
| |
Summary | |
| |
| |
Review Questions | |
| |
| |
Appendix A | |
| |
| |
9781587058844 TOC 5/20/2010 | |