Implementing Cisco IP Switched Networks (SWITCH) Foundation Learning Guide: Foundation learning for SWITCH 642-813

Implementing Cisco IP Switched Networks (SWITCH) Foundation Learning Guide: Foundation learning for SWITCH 642-813   Richard Froom, CCIE No. 5102 Balaji Sivasubramanian Erum Frahim, CCIE No. 7549   Implementing Cisco IP Switched Networks (SWITCH) Foundation Learning Guide is a Cisco® authorized learning tool for CCNP® and CCDP® preparation. As part of the Cisco Press foundation learning series, this book covers how to plan, configure, and verify the implementation of complex enterprise switching solutions using the Cisco Campus Enterprise Architecture. The Foundation Learning Guide also covers secure integration of VLANs, WLANs, voice, and video into campus networks.   Each chapter opens with the list of topics covered to clearly identify the focus of that chapter. At the end of each chapter, a summary and review questions provide you with an opportunity to assess and reinforce your understanding of the material. Throughout the book detailed explanations with commands, configurations, and diagrams serve to illuminate theoretical concepts.   Implementing Cisco IP Switched Networks (SWITCH) Foundation Learning Guide is ideal for certification candidates who are seeking a tool to learn all the topics covered in the SWITCH 642-813 exam.    - Serves as the official book for the Cisco Networking Academy CCNP SWITCH course  - Provides a thorough presentation of the fundamentals of multilayer switched network design  - Explains the implementation of the design features such as VLAN, Spanning Tree, and inter-VLAN routing in the multilayer switched environment  - Explains how to implement high-availability technologies and techniques  - Covers security features in a switched network  - Presents self-assessment review questions, chapter topics, summaries, command syntax explanations, network diagrams, and configuration examples to facilitate effective studying   This book is in the Foundation Learning Guide Series. These guides are developed together with Cisco® as the only authorized, self-paced learning tools that help networking professionals build their understanding of networking concepts and prepare for Cisco certification exams.

Table of Contents:
Chapter 1 Analyzing the Cisco Enterprise Campus Architecture Introduction to Enterprise Campus Network Design 2     Regulatory Standards Driving Enterprise Architectures 4     Campus Designs 5         Legacy Campus Designs 5         Hierarchical Models for Campus Design 6     Impact of Multilayer Switches on Network Design 7         Ethernet Switching Review 7         Layer 2 Switching 8         Layer 3 Switching 10         Layer 4 and Layer 7 Switching 11     Layer 2 Switching In-Depth 12     Layer 3 Switching In-Depth 12     Understanding Multilayer Switching 14     Introduction to Cisco Switches 15         Cisco Catalyst 6500 Family of Switches 15         Cisco Catalyst 4500 Family of Switches 15         Cisco Catalyst 4948G, 3750, and 3560 Family of Switches 16         Cisco Catalyst 2000 Family of Switches 16         Nexus 7000 Family of Switches 16         Nexus 5000 and 2000 Family of Switches 17     Hardware and Software-Switching Terminology 17     Campus Network Traffic Types 18         Peer-to-Peer Applications 21         Client/Server Applications 21         Client-Enterprise Edge Applications 23     Overview of the SONA and Borderless Networks 25 Enterprise Campus Design 27     Access Layer In-Depth 29     Distribution Layer 29     Core Layer 31         The Need for a Core Layer 32         Campus Core Layer as the Enterprise Network Backbone 33     Small Campus Network Example 33     Medium Campus Network Example 34     Large Campus Network Design 34     Data Center Infrastructure 35 PPDIOO Lifecycle Approach to Network Design and Implementation 37     PPDIOO Phases 37         Benefits of a Lifecycle Approach 38     Planning a Network Implementation 39         Implementation Components 40         Summary Implementation Plan 40         Detailed Implementation Plan 42 Summary 43 Review Questions 43 Chapter 2 Implementing VLANs in Campus Networks 51 Implementing VLAN Technologies in a Campus Network 52     VLAN Segmentation Model 53         End-to-End VLAN 54         Local VLAN 55         Comparison of End-to-End VLANs and Local VLANs 56         Mapping VLANs to a Hierarchical Network 57     Planning VLAN Implementation 58     Best Practices for VLAN Design 59     Configuring VLANs 60         VLAN Ranges 60     Verifying the VLAN Configuration 63     Troubleshooting VLANs 67         Troubleshooting Slow Throughput 67         Troubleshooting Communication Issues 68 Implementing Trunking in Cisco Campus Network 68     Trunking Protocols 69         Understanding Native VLAN in 802.1Q Trunking 71     Understanding DTP 72         Cisco Trunking Modes and Methods 72         VLAN Ranges and Mappings 73     Best Practices for Trunking 73     Configuring 802.1Q Trunking 74     Verifying Trunking Configurations 76     Troubleshooting Trunking 77 VLAN Trunking Protocol 78     VTP Pruning 81     VTP Versions 82         VTP Versions 1 and 2 82         VTP Version 3 83     VTP Messages Types 83         Summary Advertisements 83         Subset Advertisements 84         Advertisement Requests 84     VTP Authentication 84     Best Practices for VTP Implementation 84     Configuring VTP 85     Verifying the VTP Configuration 85     Troubleshooting VTP 87 Private VLANs 87     Private VLANs Overview 88         Private VLANs and Port Types 88     Private VLAN Configuration 90         Configuring Private VLANs in Cisco IOS 91     Verifying Private VLAN 92     Private VLAN Configuration Example 93         Single Switch Private Configuration 93         Private VLAN Configuration Across Switches 94     Port Protected Feature 97 Configuring Link Aggregation with EtherChannel 97     Describe EtherChannel 98     PAgP and LACP Protocols 101         PAgP Modes 101         LACP Modes 103     Configure Port Channels Using EtherChannel 105         Guidelines for Configuring EtherChannel 105         Layer 2 EtherChannel Configuration Steps 106     Verifying EtherChannel 108     EtherChannel Load Balancing Options 110 Summary 112 Review Questions 113 Chapter 3 Implementing Spanning Tree 119 Evolution of Spanning Tree Protocols 119 Spanning Tree Protocol Basics 121     STP Operation 122 Rapid Spanning Tree Protocol 125     RSTP Port States 126     RSTP Port Roles 127     Rapid Transition to Forwarding 129     RSTP Topology Change Mechanism 132     Bridge Identifier for PVRST+ 136     Compatibility with 802.1D 137     Cisco Spanning Tree Default Configuration 137     PortFast 138     Configuring the PortFast Feature 138     Configuring the Basic Parameters of PVRST+ 140 Multiple Spanning Tree 141     MST Regions 143     Extended System ID for MST 144     Configuring MST 145 Spanning Tree Enhancements 150     BPDU Guard 152     BPDU Filtering 153     Root Guard 155     Preventing Forwarding Loops and Black Holes 158         Loop Guard 158         UDLD 161         Comparison Between Aggressive Mode UDLD and Loop Guard 165     Flex Links 166 Recommended Spanning Tree Practices 168 Troubleshooting STP 171     Potential STP Problems 171         Duplex Mismatch 172         Unidirectional Link Failure 172         Frame Corruption 173         Resource Errors 173         PortFast Configuration Error 174     Troubleshooting Methodology 174         Develop a Plan 175         Isolate the Cause and Correct an STP Problem 175         Document Findings 177 Summary 178 References 179 Review Questions 179 Chapter 4 Implementing Inter-VLAN Routing 183 Describing Inter-VLAN Routing 184     Introduction to Inter-VLAN Routing 184     Inter-VLAN Routing Using an External Router (Router-on-a-Stick) 186         External Router: Advantages and Disadvantages 189     Inter-VLAN Routing Using Switch Virtual Interfaces 190         SVI: Advantages and Disadvantages 192     Routing with Routed Ports 192         Routed Port: Advantage and Disadvantages 193     L2 EtherChannel Versus L3 EtherChannel 194 Configuring Inter-VLAN Routing 194     Inter-VLAN Configuration with External Router 195         Implementation Planning 195         Inter-VLAN Configuration with SVI 197         Implementation Plan 197         Switch Virtual Interface Configuration 198         SVI Autostate 199     Configuring Routed Port on a Multilayer Switch 200     Verifying Inter-VLAN Routing 201     Troubleshooting Inter-VLAN Problems 204         Example of a Troubleshooting Plan 205     Configuration of Layer 3 EtherChannel 206     Routing Protocol Configuration 208     Verifying Routing Protocol 208 Implementing Dynamic Host Configuration Protocol in a Multilayer Switched Environment 210     DHCP Operation 211         Configuring DHCP and Verifying DHCP 212         Configure DHCP on the Multilayer Switch 212         Configure DHCP Relay 213         Verifying DHCP Operation 214 Deploying CEF-Based Multilayer Switching 215     Multilayer Switching Concepts 215         Explaining Layer 3 Switch Processing 216         CAM and TCAM Tables 217         Distributed Hardware Forwarding 220     Cisco Switching Methods 221         Route Caching 222         Topology-Based Switching 223     CEF Processing 225         CEF Operation and Use of TCAM 227         CEF Modes of Operation 227         Address Resolution Protocol Throttling 228         Sample CEF-Based MLS Operation 230         CEF-Based MLS Load Sharing 231     Configuring CEF and Verifying CEF Configuration 232         CEF-Based MLS Configuration 232         CEF-Based MLS Verification 232 Troubleshooting CEF 236 Summary 237 Review Questions 237 Chapter 5 Implementing High Availability and Redundancy in a Campus Network 243 Understanding High Availability 244     Components of High Availability 244         Redundancy 245         Technology 246         People 246         Processes 247         Tools 248     Resiliency for High Availability 249         Network-Level Resiliency 249         High Availability and Failover Times 249     Optimal Redundancy 251         Provide Alternate Paths 252         Avoid Too Much Redundancy 253         Avoid Single Point of Failure 253         Cisco NSF with SSO 254         Routing Protocols and NSF 255 Implementing High Availability 255     Distributed VLANs on Access Switches 256     Local VLANs on Access Switches 256     Layer 3 Access to the Distribution Interconnection 257     Daisy Chaining Access Layer Switches 257     StackWise Access Switches 259     Too Little Redundancy 260 Implementing Network Monitoring 262     Network Management Overview 262     Syslog 263         Syslog Message Format 265         Configuring Syslog 267     SNMP 269         SNMP Versions 270         SNMP Recommendations 272         Configuring SNMP 272     IP Service Level Agreement 273         IP SLA Measurements 273         IP SLA Operations 275         IP SLA Source and Responder 275         IP SLA Operation with Responder 275         IP SLA Responder Timestamps 277         Configuring IP SLA 277 Implementing Redundant Supervisor Engines in Catalyst Switches 280     Route Processor Redundancy 281     Route Processor Redundancy Plus 282         Configuring and Verifying RPR+ Redundancy 283     Stateful Switchover (SSO) 284         Configuring and Verifying SSO 285     NSF with SSO 286         Configuring and Verifying NSF with SSO 287 Understanding First Hop Redundancy Protocols 288     Introduction to First Hop Redundancy Protocol 288         Proxy ARP 289         Static Default Gateway 290     Hot Standby Router Protocol (HSRP) 291         HSRP States 294         HSRP State Transition 295         HSRP Active Router and Spanning Tree Topology 296         Configuring HSRP 296         HSRP Priority and Preempt 297         HSRP Authentication 298         HSRP Timer Considerations and Configuration 299         HSRP Versions 301         HSRP Interface Tracking 302         HSRP Object Tracking 304         HSRP and IP SLA Tracking 305         Multiple HSRP Groups 306         HSRP Monitoring 307     Virtual Router Redundancy Protocol 309         VRRP Operation 311         VRRP Transition Process 312         Configuring VRRP 312     Gateway Load Balancing Protocol 315         GLBP Functions 316         GLBP Features 317         GLBP Operations 318         GLBP Interface Tracking 318         GLBP Configuration 322         GLBP with VLAN Spanning Across Access Layer Switches 322 Cisco IOS Server Load Balancing 323     Cisco IOS SLB Modes of Operation 325     Configuring the Server Farm in a Data Center with Real Servers 326     Configuring Virtual Servers 328 Summary 330 Review Questions 331 Chapter 6 Securing the Campus Infrastructure 333 Switch Security Fundamentals 334     Security Infrastructure Services 334     Unauthorized Access by Rogue Devices 336     Layer 2 Attack Categories 337 Understanding and Protecting Against MAC Layer Attack 339     Suggested Mitigation for MAC Flooding Attacks 341     Port Security 341         Port Security Scenario 1 341         Port Security Scenario 2 342         Configuring Port Security 343         Caveats to Port Security Configuration Steps 344         Verifying Port Security 345         Port Security with Sticky MAC Addresses 347     Blocking Unicast Flooding on Desired Ports 348 Understanding and Protecting Against VLAN Attacks 349     VLAN Hopping 349     VLAN Hopping with Double Tagging 350     Mitigating VLAN Hopping 351     VLAN Access Control Lists 352     Configuring VACL 353 Understanding and Protecting Against Spoofing Attacks 355     Catalyst Integrated Security Features 355     DHCP Spoofing Attack 356     DHCP Snooping 358     ARP Spoofing Attack 361     Preventing ARP Spoofing Through Dynamic     ARP Inspection 362     IP Spoofing and IP Source Guard 368         Configuring IPSG 370 Securing Network Switches 372     Neighbor Discovery Protocols 372     Cisco Discovery Protocol 373         Configuring CDP 373         Configuring LLDP 375     CDP Vulnerabilities 375     Securing Switch Access 376         Telnet Vulnerabilities 377         Secure Shell 377         VTY ACLs 378         HTTP Secure Server 379         Authentication Authorization Accounting (AAA) 380     Security Using IEEE 802.1X Port-Based Authentication 387         Configuring 802.1X 389 Switch Security Considerations 390     Organizational Security Policies 391     Securing Switch Devices and Protocols 391         Configuring Strong System Passwords 392         Restricting Management Access Using ACLs 392         Securing Physical Access to the Console 393         Securing Access to vty Lines 393         Configuring System Warning Banners 393         Disabling Unneeded or Unused Services 394         Trimming and Minimizing Use of CDP/LLDP 395         Disabling the Integrated HTTP Daemon 395         Configuring Basic System Logging 396         Securing SNMP 396         Limiting Trunking Connections and Propagated VLANs 396         Securing the Spanning-Tree Topology 396     Mitigating Compromises Launched Through a Switch 397 Troubleshooting Performance and Connectivity 398     Techniques to Enhance Performance 398     Monitoring Performance with SPAN and VSPAN 400     Using SPAN to Monitor the CPU Interface of Switches 403     Monitoring Performance with RSPAN 404     Monitoring Performance with ERSPAN 408     Monitoring Performance Using VACLs with the Capture Option 410     Troubleshooting Using L2 Traceroute 412     Enhancing Troubleshooting and Recovery Using Cisco IOS Embedded Event Manager 413     Performance Monitoring Using the Network Analysis Module in the Catalyst 6500 Family of Switches 414 Summary 415 Review Questions 416 Chapter 7 Preparing the Campus Infrastructure for Advanced Services 419 Planning for Wireless, Voice, and Video Application in the Campus Network 420     The Purpose of Wireless Network Implementations in the Campus Network 420     The Purpose of Voice in the Campus Network 421     The Purpose of Video Deployments in the Campus Network 423     Planning for the Campus Network to Support Wireless Technologies 423         Introduction to Wireless LANs (WLAN) 423         Cisco WLAN Solutions as Applied to Campus Networks 426         Comparing and Contrasting WLANs and LANs 428         Standalone Versus Controller-Based Approaches to WLAN         Deployments in the Campus Network 429         Controller-Based WLAN Solution 430         Traffic Handling in Controller-Based Solutions 433         Traffic Flow in a Controller-Based Solution 434         Hybrid Remote Edge Access Points (HREAP) 435         Review of Standalone and Controller-Based WLAN Solutions 436         Gathering Requirements for Planning a Wireless Deployment 436     Planning for the Campus Network to Support Voice 437         Introduction to Unified Communications 438         Campus Network Design Requirements for Deploying VoIP 439     Planning for the Campus Network to Support Video 440         Voice and Video Traffic 441         Video Traffic Flow in the Campus Network 442         Design Requirements for Voice, Data, and Video in the Campus Network 444 Understanding QoS 444     QoS Service Models 446     AutoQoS 447     Traffic Classification and Marking 448         DSCP, ToS, and CoS 448         Classification 449     Trust Boundaries and Configurations 450         Marking 451         Traffic Shaping and Policing 451         Policing 452     Congestion Management 453         FIFO Queuing 453         Weighted Round Robin Queuing 453         Priority Queuing 455         Custom Queuing 455     Congestion Avoidance 455         Tail Drop 456         Weighted Random Early Detection 456 Implementing IP Multicast in the Campus Network 458     Introduction to IP Multicast 459     Multicast IP Address Structure 462         Reserved Link Local Addresses 463         Globally Scoped Addresses 463         Source-Specific Multicast Addresses 463         GLOP Addresses 464         Limited-Scope Addresses 464     Multicast MAC Address Structure 464     Reverse Path Forwarding 465     Multicast Forwarding Tree 466         Source Trees 467         Shared Trees 468         Comparing Source Trees and Shared Trees 469     IP Multicast Protocols 470         PIM 470         Automating Distribution of RP 474         Auto-RP 474         Bootstrap Router 475         Comparison and Compatibility of PIM Version 1 and Version 2 476     Configuring Internet Group Management Protocol 478         IGMPv1 478         IGMPv2 478         IGMPv3 479         IGMPv3 Lite 479         IGMP Snooping 480 Preparing the Campus Infrastructure to Support Wireless 484     Wireless LAN Parameters 484     Configuring Switches to Support WLANs 484         Preparing the Campus Network for Integration of a Standalone WLAN Solution 484         Preparing the Campus Network for Integration of a Controller-Based WLAN Solution 485 Preparing the Campus Infrastructure to Support Voice 487     IP Telephony Components 487     Configuring Switches to Support VoIP 488         Voice VLANs 488         QoS for Voice Traffic from IP Phones 490         Power over Ethernet 491         Additional Network Requirements for VoIP 493 Preparing the Campus Infrastructure to Support Video 494     Video Components 494     Configuring Switches to Support Video 495 Summary 496 Review Questions 497 Appendix A 503