CCNP 642-811 BCMSN Exam Certification Guide - Cisco press

586 designing campus networks

server farm block, 46

server provider edge block, 47 predictable network model, 19

designing hierarchical networks devices, 21–22

access layer switches, 22–23 core layer switches, 24 distribution layer switches, 23–24

detecting

switch port error conditions, 125 devices

distribution layers, 21

hierarchical network design, 21–22, 25, 28 access layer switches, 22–23

core layer switches, 24 distribution layer switches, 23–24

Layer 2 switching, 10 Layer 3 routing, 10 Layer 3 switching, 11 Layer 4 switching, 12

MLS (multilayer switching), 12

DiffServ

example QoS configuration, 417–422 mapping CoS values to internal DSCP

values, 407

mapping IP Precedence values to internal DSCP values, 408

marking, 389

packet classification, 388 packet scheduling, 390 policers, 389

policies

defining, 409–413 trust boundaries, 389

DiffServ QoS model, 383 congestion avoidance, 391

tail drops, 391

WRED, 392–393

Layer 2 classification, 384 Layer 3 classification, 384–385

class selector bits, 386 drop precedence, 386–387

dir command, 95 Disabled state (STP), 225 displaying

CDP information, 98 STP information, 255 VTP status, 178

distribution, 22, 24 distribution layer, 21

collapsed core bl, 42 distribution layer switches, 23–24 DSCP

internal DSCP value, 387

Layer 3 QoS classification, 384–385 class selector bits, 386

drop precedence, 386–387

DTP (Dynamic Trunking Protocol), 150 dual core blocks, 43–45

dual-homing, 46 dynamic VLANs, 144

E

EAPOL (Extensible Authentication Protocol over LANs )

configuring, 461–463 edge ports (RSTP), 286

EF (Expedited Forwarding), 386 egress queueing, 390

example configuration, 421–422

mapping packet to egress queues, 415–416 election process of Designated Ports, 223–224 election process of HSRP routers, 332–333 election process of Root Bridges, 218–219 election process of Root Ports, 220–222 enable mode (CatOS), 88

enabling

GLBP, 340

QoS, 405

tail drop operation, 416 VTP pruning, 182 WRED, 416

end-to-end VLANs deploying, 145

enterprise composite network model, 37 enterprise edge block, 47

EoMPLS (Ethernet over MPLS), 153, 157–158 erase flash command, 95

EtherChannel, 193 bundled ports, 194 configuring, 198 LACP, 198

configuring, 199–200

load balancing configuring, 195–197

PAgP, 197–198 configuring, 199

traffic distribution, 194–195 troubleshooting, 200–203 XOR operation, 194

Ethernet

10 Gigabit Ethernet, 118–119

10 Mbps Ethernet, 112–113 Fast Ethernet, 114

full-duplex, 115–116

Gigabit Ethernet, 117–118 LRE, 113–114

metro Ethernet, 119

switch block connections, 121

Gigabit Ethernet port cables, 121–122 example of TCAM tables, 73

example QoS configuration, 417–418 egress queueing, 421–422

traffic classification, 419–420 trust, 418–419

F

fallback bridging, 69, 317 verifying configuration, 321

Fast Ethernet, 114 full-duplex, 115–116

FDDI (Fiber Distributed Data Interface), 10 FIB (Forwarding Information Base), 67,

314–315

Fiber Distributed Data Interface (FDDI), 10 fields

of Configuration BPDUs, 218

file management on switches, 92

configuration files, 93–94 image files, 92–93 moving files, 94–95

Flash file systems, 92 flooding

VTP pruning, 180, 182 format flash command, 95 forward, 11

Forward Delay timer (STP), 227, 251

forwarding frames

Layer 2 switching, 10 Layer 3 switching, 11

packets

Layer 3 routing, 10 Layer 4 switching, 12

forwarding frames

decision processes, 63, 66 forwarding packets

MLS decision processes, 67, 69

Forwarding state (STP), 225 frames

BPDUs

TCN BPDUs, 228

forwarding through Layer switches, 63, 66 Layer 2 PDUs, 155

Layer 2 switching, 10 Layer 3 switching, 11 multicast, 14 tagging, 146

IEEE 802.1Q, 148–149 internal tagging, 149 ISL, 148

unknown unicast, 214 frames BPDUs

Configuration BPDUs, 217–218 full-duplex Fast Ethernet, 115–116 functionality

switching, 9–12

G

gateway addresses redundancy, 331

GLBP, 337–340

HSRP, 332–336

VRRP, 336–337

GBIC (Gigabit Interface Converter), 118 GBICs

Gigabit Ethernet media, 122

General Queries (IGMPv2), 361 Get Nearest Server (GNS), 13 Gigabit Ethernet, 117–118

port cables, 121–122

588 GLBP

GLBP

AVF, 339

AVG, 338 enabling, 340

load balancing, 340

GLBP (Gateway Load Balancing Protocol), 337–338

global synchronization, 391 GNS (Get Nearest Server), 13

Group-Specific Queries (IGMPv2), 361

H

hardware-based bridging, 10 Hello Timer (STP), 227, 251 hierarchical network design, 19

access layer, 20 core layer, 21

devices, 21–22, 25, 28

access layer switches, 22–23 core layer switches, 24 distribution layer switches, 23–24

distribution layer, 21 higher, 24

host mode (switch ports), 475 host names

changing, 88

HSRP

gateway addressing, 334 load balancing, 335–336

router election process, 332–333

HSRP (Hot Standby Router Protocol), 332

I

identifying

VLAN frames, 146

IEEE 802.1Q, 148–149 ISL, 148

identifying switch ports, 124 IEEE 802.1D

See STP (Spanning Tree Protocol)

IEEE 802.1Q, 148–149, 384 tunneling, 153–155

configuring, 155

IEEE 802.1x configuring, 461–463

IEEE 802.3

See Ethernet

IGMP, 360

IGMP snooping, 367–368 image files

switches, 92

naming conventions, 93 indirect failures on STP, 251 individual, 39

ingress queueing, 388

inline power for Cisco IP Phones, 435–436 configuring, 437

verifying, 443

interface configuration mode (CatOS), 88 internal DSCP, 387

internal tagging, 149 inter-switch communication

with CDP, 91 interVLAN routing

configuring, 310 interfaces, 310 Layer 2 mode

configuring, 310

Layer 3 mode configuring, 311

SVI ports configuring, 312

verifying, 318

IntServ QoS model, 382–383 IP multicast, 357

addressing, 358

reserved addresses, 358

IGMP, 360 multicast trees, 359 PIM, 361

Dense Mode, 362

Sparse Mode, 363 Sparse-Dense Mode, 365 verifying multicast routing, 369 Version 1, 366

Version 2, 367

RPF, 360 switching

CGMP, 368–369

IGMP snooping, 367–368 verifying multicast switching, 369

IP Precedence

mapping to internal DSCP values, 408

IP Telephony

Cisco IP Phones

inline power, 435–437

trunking modes, 438 verifying inline power, 443

QoS, 440

queuing mechanisms, 442 trust, configuring, 441 verifying, 444–447

voice packet classification, 442 voice VLANs, 437

configuring, 438, 440 verifying, 443–444

ISL (Inter-Switch Link), 148, 384 isolated VLANs, 475

IST (Internal Spanning Tree), 293 IST instances (MST), 293–294

J–L

jitter, 381

LACP (Link Aggregation Control Protocol), 198

configuring, 199–200

LAN segmentation model, 14–15, 17 LANs

campus network models, 12 shared network model, 13–14

Ethernet, 112–113

10 Gigabit Ethernet, 118–119

Fast Ethernet, 114–116 Gigabit Ethernet, 117–118 LRE, 113–114

metro Ethernet, 119 latency, 381

Layer 2 protocol tunnels, 155–156 configuring, 156

Layer 2 QoS classification, 384 Layer 2 switching, 10, 61

CAM table troubleshooting, 75–76

CAM tables, 70

frame processing, 63, 66 TCAM table, 71

example, 73

port operation, 74 structure, 71–72 troubleshooting, 76 transparent bridging, 61, 63

Layer 3 QoS classification, 384–385 class selector bits, 386

drop precedence, 386–387

Layer 3 routing, 10 Layer 3 switching, 11 Layer 4 switching, 12 layers, 9–12

access

switches, 23 distribution, 21

Learning state (STP), 225

Leave Group messages (IGMPv2), 361 links

EtherChannel, 193

Listening state (STP), 225 load balancing

GLBP, 337–338, 340

AVF, 339

AVG, 338

SLB, 343

configuring, 344–345 verifying configuration, 346 with HSRP, 335–336

local SPAN

configuring, 481–482, 484 local VLANs

deploying, 145 location of Root Bridge

selecting, 243–244, 246 login passwords

user EXEC mode configuring, 89

loop avoidance

STP

BPDU Guard, 268–269

BPDU skew detection, 270 loop guard, 271

protecting against sudden BPDU loss, 269

Root Guard, 267–268 troubleshooting, 273 UDLD, 271–273

loop guard, 271 loss, 381

LRE (Long Reach Ethernet), 113–114

590 management domains

M

management domains configuring, 175 viewing status, 178 VTP, 171

VTP advertisement process, 172–173 subset advertisements, 174 summary advertisements, 173

management VLAN

assigning IP address, 90–91 manipulating

switch configuration files, 95 mapping

CoS values to internal DSCP values, 407 IP Precedence values to internal DSCP

values, 408

mapping internal DSCP values to CoS values, 414–415

mapping packets to egress queues, 415–416 mapping promiscuous mode ports to VLANs,

478 marking

defining as QoS policy, 412 marking packets, 389 matching conditions for VACLs

defining, 473–474

MaxAge Timer (STP), 227, 251 Membership Report messages, 360 messages

BPDU skew detection, 270 IGMP Membership Report, 360

metro Ethernet, 119 microflow policers, 390 MLS

CAM table, 70 troubleshooting, 75–76

CEF, 312

adjacency table, 315–316 configuring, 316

fallback bridging, 317 FIB, 314–315

packet rewrites, 316 verifying, 319, 321

interVLAN routing configuring, 310–312 interfaces, 310 verifying, 318

TCAM table, 71 example, 73

port operation, 74 structure, 71–72 troubleshooting, 76

MLS, See multilayer switching (MLS) models

campus networks, 12 modifying STP timers, 250–251 modular network design, 37

core blocks, 41–42 collapsed core, 42–43 dual core, 43–45

switch blocks, 38–39 sizing, 39–41

monitoring switch ports with SPAN, 480 local SPAN, 481–482, 484

RSPAN, 484–486

VSPAN, 482–484 moving

Catalyst switch files, 94–95

MPLS

EoMPLS tunnels, 157–158

MSFC (Multilayer Switch Feature Card), 24 MST (Multiple Spanning Tree), 291–292

configuring, 295–296 IST instances, 293–294 MST instances, 294–295 regions, 292–293

MST instances (MST), 294–295 multicast, 357

PIM, 361

Dense Mode, 362

Sparse Mode, 363 Sparse-Dense Mode, 365 verifying multicast routing, 369 Version 1, 366

Version 2, 367 routing

IGMP, 360 multicast trees, 359 RPF, 360

switching

CGMP, 368–369

IGMP snooping, 367–368 verifying multicast switching, 369

multicast addressing, 358

OUI values, 358 reserved addresses, 358

multicast frames, 14 multicast groups, 357 multicast traffic, 14 multicast trees, 359

Multilayer Switch Feature Card (MSFC), 24 multilayer switching (MLS), 12, 66

redundancy

SLB, 343–345 router redundancy, 331

GLBP, 337–340

HSRP, 332–336

VRRP, 336–337 packet processing, 67

packet processing exceptions, 69

N

naming conventions

of switch image files, 93

NBAR (Network-Based Application Recognition), 410

negotiation protocols (EtherChannel)

LACP, 198 PAgP, 197–198

nested IEEE 802.1Q trunks, 153 NetFlow LAN switching, 66 NetFlow switching, 313

network management block, 46–47 network traffic models, 17–18 networks, 24

campus models, 12

modular designs, 37 distribution layer, 21 swtiching functionality, 9–12

Normal mode (UDLD), 272 NVRAM

startup configuration, 89

O–P

operating systems, 87–88

CatOS

troubleshooting, 96–98

OUI (Organizationally Unique Identifier) values, 358

packet filtering

VACLs

configuring, 473–474 packet forwarding, 331 packet rewrites, 316

packets

classification, 388 congestion avoidance, 391

tail drops, 391

WRED, 392–393 ingress queueing, 388 Layer 3 routing, 10 Layer 4 switching, 12

mapping to egress queues, 415–416 processing through multilayer switches, 67,

69 queuing, 442

scheduling, 390

PAgP (Port Aggregation Protocol), 197–198 configuring, 199

passwords

CatOS, 89 recovering, 90

Path Cost, 220–221

PDU (protocol data unit), 9, 155 permitting

untrusted information on QoS, 407

PIM (Protocol Independent Multicast), 361

Dense Mode, 362 configuring, 362

Sparse Mode, 363 Sparse-Dense Mode, 365 verifying multicast routing

verifying

PIM multicast routing, 369

Version 1, 366

Version 2, 367

592 PMD (Physical Media Dependent) interfaces

PMD (Physical Media Dependent) interfaces, 118

point-to-point ports (RSTP), 286 policers, 389

policing

defining as QoS policy, 412–413

port compatibility errors (EtherChannel) troubleshooting, 202

Port ID (STP) tuning, 250

port mode configuring, 125

port operation of TCAM tables, 74 port security, 460–461

port speed configuring, 124

port states

RSTP, 284 STP, 225–226

port-based authentication configuring, 461–463

port-based membership static VLANs, 142

PortFast, 252

predictable network model, 19 preparing for exam

multicast, 503

QoS in a switched network, 504–505 scenarios, 497

advanced STP, 500–501

router redundancy with HSRP and GLBP, 501

traditional STP, 500 trunking and DTP, 497

VLANs, trunking, and VTP, 499 securing access and managing traffic in as

switched network, 505 preventing

collisions, 15 preventing routing loops

with RSTP

BPDUs, 285 configuring, 290 convergence, 285–286 port behavior, 283–284

port states, 284 synchronization, 287 topology changes, 288–289

preventing routing loops with STP redundant link convergence, 252

BackboneFast, 254–255 PortFast, 252 UplinkFast, 253

Root Bridges

configuring, 246–248 placement, 243–244, 246

STP timers, modifying, 250–251 tuning Port ID, 250

tuning Root Path Cost, 248–249 primary VLANs, 475

privileged EXEC mode (CatOS), 88 process switching, 69

promiscuous mode (switch ports), 475 mapping to VLANs, 478

protecting against sudden BPDU loss, 269 protocol data unit (PDU), 9

pruning (VTP), 179–180 enabling, 182

PVLANs (private VLANs), 474–475 associating secondary VLANs to primary

VLANs, 479 configuring, 477–479

PVST (Per-VLAN STP), 229

PVST+ (Per-VLAN Spanning Tree Plus), 230

Q

Q-in-Q tunnels, 153 QoS, 440

best effort, 382 congestion avoidance, 391

mapping internal DSCP values to CoS values, 414–415

mapping packets to egress queues,

415–416

tail drop, 391, 416

WRED, 392–393, 416–417

CoS

mapping to internal DSCP values, 407

DiffServ, 383

Layer 2 classification, 384 Layer 3 classification, 384–387

egress queueing

example configuration, 421–422 egress scheduling

tuning, 414 enabling, 405

example configuration, 417–418 ingress queueing, 388

IntServ, 382–383 IP Precedence

mapping to internal DSCP values, 408 marking, 389

packet classification, 388 packet scheduling, 390 policers, 389

policies

defining, 409–413 queuing mechanisms, 442 switch port queues, 393–395 traffic classification

example configuration, 419–420 troubleshooting, 422–424

trust

configuring, 441

example configuration, 418–419 trust boundaries, 389

trusts

applying, 406 untrusted information

permitting, 407 verifying, 444–447 verifying operation, 422, 424

voice packet classification, 442 queueing

ingress, 388

switch port queues, 393–395 queuing, 442

egress scheduling, 414

R

recovering passwords

on CatOS switches, 90

recovering from switch port error conditions,

routing 593

redundancy

gateway addresses, 331 of EtherChannel, 193 of gateway addresses

GLBP, 337–340

HSRP, 332–336

VRRP, 336–337

SLB, 343

configuring, 344–345 verifying configuration, 346

redundant link convergence (STP), 252

BackboneFast, 254–255 PortFast, 252 UplinkFast, 253–254

regions

MST, 292–293

relieving network congestion, 13 remote access, 90–91

reserved IP multicast addresses, 358 restricting switch access

accounting, 459 authentication, 455–457 authorization, 457–458

Root Bridge

configuring, 246–248 election procedure, 218–219 placement of, 243–244, 246

Root Guard, 267–268 Root Path Cost (STP), 220

tie conditions, 223 tuning, 248–249

root ports (RSTP), 286

election procedure, 220–222 route cache switching, 313 router redundancy

verifying configuration, 346 routing

IP multicast

IGMP, 360

RPF, 360

Layer 3, 10 multicast

multicast trees, 359

See also interVLAN routing

594 routing loops

routing loops preventing with STP

modifying STP timers, 250–251 redundant link convergence, 252–255 Root Bridge configuration, 246–248 Root Bridge placement, 243–244, 246 tuning Port ID, 250

tuning Root Path Cost, 248–249

RP (Rendezvous Point), 363 auto-RP process, 365

RPF, 360

RSPAN

configuring, 484–486

RSTP

BPDUs, 285 configuring, 290 convergence, 285–286 port behavior, 283–284 port states, 284 synchronization, 287

topology changes, 288–289 rules

80/20, 18

S

SAP (Service Advertisement Protocol), 13 scaling

Layer 2 switching, 10 scenarios, 497

advanced STP, 500–501 multicast, 503

QoS in a switched network, 504–505 router redundancy with HSRP and GLBP,

501

securing access and managing traffic in as switched network, 505

traditional STP, 500 trunking and DTP, 497

VLANs, trunking, and VTP, 499 scheduling

egress scheduling tuning, 414

scheduling packets, 390 secondary VLANs, 475

associating to a primary VLANs, 479

security

CatOS

passwords, 89–90 segmentation, 11 selecting

Designated Ports (STP), 223–224 Root Ports (STP), 220–222

server farm blocks, 46 server mode (VTP), 171 configuring, 176

server provider edge block, 47

Service Advertisement Protocol (SAP), 13 shared network model, 13–14

show commands

troubleshooting CatOS, 96–97

show etherchannel port-channel command, 196

show vtp status command, 178 sizing

dual core blocks, 45 sizing switch blocks, 39–41

SLB (Server Load Balancing), 343 configuring, 344–345

SPAN (Switched Port Analyzer), 480 deleting sessions, 483

local SPAN, 481–482, 484 RSPAN, 484–486 VSPAN, 482–484

Spanning-Tree Protocol, 39 Sparse Mode (PIM), 363 Sparse-Dense Mode (PIM), 365 startup configuration, 89

static VLANs, 142 configuring, 143

store-and-forward switching, 61 STP (Spanning Tree Protocol)

Blocking state, 225 BPDU Guard, 268–269 BPDUs

Configuration BPDUs, 217–218 protecting against sudden loss, 269 skew detection, 270

TCN BPDUs, 228 bridging loop prevention, 217 CST, 229