Feedback Information

At Cisco Press, our goal is to create in-depth technical books of the highest quality and value. Each book is crafted with care and precision, undergoing rigorous development that involves the unique expertise of members from the professional technical community. Readers' feedback is a natural continuation of this process. If you have any comments regarding how we could improve the quality of this book, or otherwise alter it to better suit your needs, you can contact us through email at...

A

LAPl's wired Ethernet connection will belong to VLAN 200, using IP address 192.168.200.10. The LAP will also need to provide VLAN 50 to its wireless clients. What commands could you use to configure Switch Al's FastEthernet 0 1 interface, where LAP1 connects 4. The WLC will use IP address 192.168.201.10 on VLAN 201 to form the LWAPP tunnels with the LAPs. On which WLC interface should you configure this address 5. LAP1 is located on VLAN 200 in the 192.168.200.0 24 subnet. Both LAPs need to...

About the Author

David Hucaby, CCIE No. 4594, is a lead network engineer for the University of Kentucky, where he works with healthcare networks based on the Cisco Catalyst, ASA, FWSM, and VPN product lines. David has a bachelor of science degree and master of science degree in electrical engineering from the University of Kentucky. He is the author of three previous books for Cisco Press, including Cisco ASA and PIX Firewall Handbook, Cisco Field Manual Router Configuration, and Cisco Field Manual Catalyst...

Access Point Operation

An AP's primary function is to bridge wireless data from the air to a normal wired network. An AP can accept connections from a number of wireless clients so that they become members of the LAN, as if the same clients were using wired connections. An AP can also act as a bridge to form a single wireless link from one LAN to another over a long distance. In that case, an AP is needed on each end of the wireless link. AP-to-AP or line-of-sight links are commonly used for connectivity between...

Adjacency Table

A router normally maintains a routing table containing Layer 3 network and next-hop information, and an ARP table containing Layer 3 to Layer 2 address mapping. These tables are kept independently. Recall that the FIB keeps the Layer 3 next-hop address for each entry. To streamline packet forwarding even more, the FIB has corresponding Layer 2 information for every next-hop entry. This portion of the FIB is called the adjacency table, consisting of the MAC addresses of nodes that can be reached...

Advanced Spanning Tree Protocol

Familiarity with the IEEE 802.1D STP standard is essential because that protocol is used universally to maintain loop-free bridged and switched networks. However, it now is considered a legacy protocol, offering topology change and convergence times that are not as acceptable as they once were. This chapter discusses the many STP enhancements that are available in new standards. Rapid STP (RSTP) is presented first because it provides the foundation for efficient STP activity. RSTP can be...

Aggregating Switch Links

In previous chapters, you learned about campus network design and connecting and organizing switches into blocks and common workgroups. Using these principles, end users can be given effective access to resources both on and off the campus network. However, today's mission-critical applications and services demand networks that provide high availability and reliability. This chapter presents technologies that you can use in a campus network to provide higher bandwidth and reliability between...

AP Association and Roaming

When a wireless client is associated with an AP, all data going to and from the client must pass through that AP. Recall from Chapter 17 that a client forms an association by sending an association request message to the AP. If the client is compatible with the WLAN by having the correct SSID, supporting the same data rates, and authenticating correctly, the AP responds with an association reply. An association is maintained with the AP as long as the client stays within range of the AP....

Associate Ports with Private VLANs

First, define the function of the port that will participate on a private VLAN using the following configuration command Switch(config-if) switchport mode private-vlan host I promiscuous If the host connected to this port is a router, firewall, or common gateway for the VLAN, use the promiscuous keyword. This allows the host to reach all other promiscuous, isolated, or community ports associated with the primary VLAN. Otherwise, any isolated or community port must receive the host keyword. For...

Associate Secondary VLANs to a Primary Vlan Svi

On switched virtual interfaces, or VLAN interfaces configured with Layer 3 addresses, you must configure some additional private VLAN mapping. Consider the SVI for the primary VLAN, VLAN 100, that has an IP address and participates in routing traffic. Secondary VLANs 40 (an isolated VLAN) and 50 (a community VLAN) are associated at Layer 2 with primary VLAN 100 using the configuration in Example 16-3. Example 16-3 Associating Secondary VLANs to a Primary VLAN Switch(config) vlan 40...

Avoiding Collisions in a WLAN

When two or more wireless stations transmit at the same time, their signals become mixed. Receiving stations can see the result only as garbled data, noise, or errors. No clear-cut way exists to determine whether a collision has occurred. Even the transmitting stations won't realize it because their receivers must be turned off while they are transmitting. As a basic feedback mechanism, whenever a wireless station transmits a frame, the receiving wireless station must send an acknowledgement...

B

Baby giant frames, 123 BackboneFast, 236 enabling, 236-237 backup port on RSTP topology, 264 backward compatibility of 802.11 ISM, 461 best effort QoS, 367-368 best practices for securing Catalyst switches, 401-404 Blocking state (STP), 197 bootstrap process for LAPs, 508 BPDU filtering, 254 BPDU Guard, 248-249 BPDUs (bridge protocol data units) Configuration BPDUs, 189-190 convergence, 267 in RSTP topology, 265 MST, 274 protecting against sudden loss, 250 Root Guard, 247-248 RSTP, 265 TCN...

Backbone Fast Redundant Backbone Paths

In the network backbone, or core layer, a different method is used to shorten STP convergence. BackboneFast works by having a switch actively determine whether alternative paths exist to the Root Bridge, in case the switch detects an indirect link failure. Indirect link failures occur when a link that is not directly connected to a switch fails. A switch detects an indirect link failure when it receives inferior BPDUs from its designated bridge on either its Root Port or a blocked port....

Basic RF Operation

Radio frequency (RF) communication begins with an oscillating signal transmitted from one device to be received on one or more other devices. This oscillating signal is based around a constant, known frequency. Because the transmitter uses a set frequency, a receiver can tune to the same frequency and receive the same signal. You have probably had this experience by tuning a radio receiver in a car. Basically, the transmitting station has a transmitter that generates the RF signal, an antenna,...

Best Effort Delivery

A network that simply forwards packets in the order they were received has no real QoS. Switches and routers then make their best effort to deliver packets as quickly as possible, with no regard for the type of traffic or the need for priority service. To get an idea of how QoS operates in a network, consider a fire truck or an ambulance trying to quickly work its way through a crowded city. The lights are flashing and the siren is sounding to signal that this is a priority vehicle needing to...

BPDU Guard

Recall that the traditional STP offers the PortFast feature, in which switch ports are allowed to immediately enter the Forwarding state as soon as the link comes up. Normally, PortFast provides quick network access to end-user devices, where bridging loops never are expected to form. Even while PortFast is enabled on a port, STP still is running and can detect a bridging loop. However, a loop can be detected only in a finite amount of time the length of time required to move the port through...

BPDUs in RSTP

In 802.1D, BPDUs basically originate from the Root Bridge and are relayed by all switches down through the tree. Because of this propagation of BPDUs, 802.1D convergence must wait for steady-state conditions before proceeding. RSTP uses the 802.1D BPDU format for backward compatibility. However, some previously unused bits in the Message Type field are used. The sending switch port identifies itself by its RSTP role and state. The BPDU version also is set to 2 to distinguish RSTP BPDUs from...

Bridging Loops

Recall that a Layer 2 switch mimics the function of a transparent bridge. A transparent bridge must offer segmentation between two networks while remaining transparent to all the end devices connected to it. For the purpose of this discussion, consider a two-port Ethernet switch and its similarities to a two-port transparent bridge. A transparent bridge (and the Ethernet switch) must operate as follows The bridge has no initial knowledge of any end device's location therefore, the bridge must...

Bundling Ports with Ether Channel

EtherChannel bundles can consist of up to eight physical ports of the same Ethernet media type and speed. Some configuration restrictions exist to ensure that only similarly configured links are bundled. Generally, all bundled ports first must belong to the same VLAN. If used as a trunk, bundled ports must be in trunking mode, have the same native VLAN, and pass the same set of VLANs. Each of the ports should have the same speed and duplex settings before being bundled. Bundled ports also must...

C

Category 5 crossover cables, 93 connecting to switch console port, 92 Ethernet distance limitations, 86 Fast Ethernet specifications, 87 calculating Fresnel zone radius, 451-452 overall gain, 456-457 Root Path Cost, 193 CAM (Content Addressable Memory), 64 CAM tables, 69-70 duplicate entries, handling, 70 entries, viewing, 74 stale entries, 69 static entries, configuring, 69 troubleshooting, 75 building block model core block, 36-38 enterprise edge block, 40-41 network management block, 40...

Campus Network Models

A campus network is an enterprise network consisting of many LANs in one or more buildings, all connected and all usually in the same geographic area. A company typically owns the entire campus network as well as the physical wiring. Campus networks commonly consist of Ethernet, 802.11 wireless LANs, higher-speed Fast Ethernet, Fast EtherChannel, and Gigabit Ethernet LANs. Some campus networks also consist of legacy Token Ring and FDDI. An understanding of traffic flow is a vital part of the...

Campus Network Overview

As campus networks have grown and technologies have matured, network engineers and architects have many more options to consider than the hubs, Ethernet switches, and routers traditionally put in place. You can use switches to improve network performance in many ways however, simply replacing existing shared networks with switched networks is not enough. The switching function alone alleviates congestion and increases bandwidth (in addition to more complex capabilities) if properly placed and...

Can I Use Layer 2 Distribution Switches

This chapter covers the best practice design that places Layer 3 switches at both the core and distribution layers. What would happen if you could not afford Layer 3 switches at the distribution layer Figure 2-5 shows a dual-core campus network with Layer 2 distribution switches. Notice how each access VLAN extends not only throughout the switch block but also into the core. This is because the VLAN terminates at a Layer 3 boundary present only in the core. As an example, VLAN A's propagation...

CEF Overview

NetFlow switching has given way to a more efficient form of multilayer switching Cisco Express Forwarding. Cisco developed CEF for its line of routers, offering high-performance packet forwarding through the use of dynamic lookup tables. CEF also has been carried over to the Catalyst switching platforms. The following platforms all perform CEF in hardware Catalyst 6500 Supervisor 720 (with an integrated MSFC3) Catalyst 6500 Supervisor 2 MSFC2 combination Catalyst 4500 Supervisor III, IV, and V...

Cell Layout and Channel Usage

The previous section laid the foundation for roaming by describing movement between two AP cells. Most scenarios require more than two APs to cover the appropriate area within a building. Therefore, you need to consider the layout and configuration of more and more APs to scale the design to fit your wireless environment. For example, to cover the entire area of a warehouse or one floor of a building, APs must be placed at regular intervals throughout that space. A site survey is a vital step...

Command Syntax Conventions

The conventions used to present command syntax in this book are the same conventions used in the IOS Command Reference. The Command Reference describes these conventions as follows Boldface indicates commands and keywords that are entered literally as shown. In actual configuration examples and output (not general command syntax), boldface indicates commands that are manually input by the user (such as a show command). Italics indicate arguments for which you supply actual values. Vertical bars...

Common Spanning Tree

The IEEE 802.1Q standard specifies how VLANs are to be trunked between switches. It also specifies only a single instance of STP that encompasses all VLANs. This instance is referred to as the Common Spanning Tree (CST). All CST BPDUs are transmitted over trunk links using the native VLAN with untagged frames. Having a single STP for many VLANs simplifies switch configuration and reduces switch CPU load during STP calculations. However, having only one STP instance can cause limitations, too....

Comparing Wireless and Wired LANs

How exactly does a wireless LAN get integrated with a wired LAN Where does switching fit into a wireless LAN Before answering these questions, it might be helpful to see how the two technologies compare. At the most basic level, switched networks involve wires, and wireless networks don't. That might seem silly, but it points out some major differences in the physical layer. A traditional Ethernet network is defined by the IEEE 802.3 standards. Every Ethernet connection must operate under...

Configure the Private VLANs

To configure a private VLAN, begin by defining any secondary VLANs that are needed for isolation using the following configuration commands Switch(config-vlan) private-vlan isolated I community The secondary VLAN can be an isolated VLAN (no connectivity between isolated ports) or a community VLAN (connectivity between member ports). Now define the primary VLAN that will provide the underlying private VLAN connectivity using the following configuration commands Switch(config) vlan vlan-id...

Configuring a LACP Ether Channel

To configure switch ports for LACP negotiation, use the following commands Switch(config) lacp system-priority priority Switch(config) interface type mod num Switch(config-if) channel-protocol lacp Switch(config-if) channel-group number mode on I passive I active Switch(config-if) lacp port-priority priority First, the switch should have its LACP system priority defined (1 to 65,535 default 32,768). If desired, one switch should be assigned a lower system priority than the other so that it can...

Configuring a Trust Boundary

When a Cisco IP Phone is connected to a switch port, think of the phone as another switch (which it is). If you install the phone as a part of your network, you probably can trust the QoS information relayed by the phone. However, remember that the phone also has two sources of data The VoIP packets native to the phone The phone can control precisely what QoS information is included in the voice packets because it produces those packets. The user PC data switch port Packets from the PC data...

Configuring a VTP Management Domain

Before a switch is added into a network, the VTP management domain should be identified. If this switch is the first one on the network, the management domain must be created. Otherwise, the switch might have to join an existing management domain with other existing switches. You can use the following global configuration command to assign a switch to a management domain, where the domain-name is a text string up to 32 characters long Switch(config) vtp domain domain-name

Configuring CEF

CEF is enabled on all CEF-capable Catalyst switches by default. In fact, the Catalyst 6500 (with a Supervisor 720 and its integrated MSFC3, or a Supervisor 2 and MSFC2 combination) runs CEF inherently, so CEF never can be disabled. TIP Switches such as the Catalyst 3750 and 4500 run CEF by default, but you can disable CEF on a per-interface basis. You can use the no ip route-cache cef and no ip cef interface configuration commands to disable CEF on the Catalyst 3750 and 4500, respectively. You...

Configuring Power over Ethernet

PoE or inline power configuration is simple. Each switch port can automatically detect the presence of an inline power-capable device before applying power, or the feature can be disabled to ensure that the port can never detect or offer inline power. By default, every switch port attempts to discover an inline-powered device. To change this behavior, use the following interface-configuration commands Switch(config) interface type mod num Switch(config-if) power inline auto max milli-watts I...

Configuring the VTP Mode

Next, you need to choose the VTP mode for the new switch. The three VTP modes of operation and their guidelines for use are as follows Server mode Server mode can be used on any switch in a management domain, even if other server and client switches are in use. This mode provides some redundancy in case of a server failure in the domain. Each VTP management domain should have at least one server. The first server defined in a network also defines the management domain that will be used by...

Configuring the VTP Version

Two versions of VTP are available for use in a management domain. Catalyst switches are capable of running either VTP version 1 or VTP version 2. Within a management domain, the two versions are not interoperable. Therefore, the same VTP version must be configured on every switch in a domain. VTP version 1 is the default protocol on a switch. If a switch is capable of running VTP version 2, however, a switch can coexist with other version 1 switches, as long as its VTP version 2 is not enabled....

Console Port Cables Connectors

A terminal-emulation program on a PC usually is required to interface with the console port on a switch. Various types of console cables and console connectors are associated with each Cisco switch family. All Catalyst switch families use an RJ-45-to-RJ-45 rollover cable to make the console connection between a PC (or terminal or modem) and the console port. A rollover cable is made so that pin 1 on one RJ-45 connector goes to pin 8 on the other RJ-45 connector, pin 2 goes to pin 7, and so...

Contents

Part I Overview and Design of a Campus Network 3 Do I Know This Already Quiz 5 Switching Functionality 9 Layer 2 Switching 10 Layer 3 Routing 11 Layer 3 Switching 11 Layer 4 Switching 12 Multilayer Switching 12 Campus Network Models 13 Shared Network Model 13 LAN Segmentation Model 15 Network Traffic Models 18 Predictable Network Model 19 Hierarchical Network Design 20 Access Layer 21 Distribution Layer 21 Core Layer 22 Do I Know This Already Quiz 27 Modular Network Design 31 Switch Block 32...

Contents at a Glance

Overview and Design of a Campus Network Traditional Spanning Tree Protocol 181 Protecting the Spanning Tree Protocol Topology 243 Router, Supervisor, and Power Redundancy Chapter 17 Wireless LAN Overview 431 Chapter 18 Wireless Architecture and Design 471 Chapter 19 Cisco Unified Wireless Network 497 Part VI Scenarios for Final Preparation 533 Chapter 20 Scenarios for Final Preparation 535 Appendix A Answers to Chapter Do I Know This Already Quizzes and Q& A Sections 555

Core Layer

A campus network's core layer provides connectivity of all distribution-layer devices. The core, sometimes referred to as the backbone, must be capable of switching traffic as efficiently as possible. Core devices, sometimes called campus backbone switches, should have the following attributes Very high throughput at Layer 2 or Layer 3 No costly or unnecessary packet manipulations (access lists, packet filtering) Redundancy and resilience for high availability Devices in a campus network's core...

Corporate and Government Sales

Cisco Press offers excellent discounts on this book when ordered in quantity for bulk purchases or special sales. For more information, please contact U.S. Corporate and Government Sales 1-800-382-3419 corpsales pearsontechgroup.com For sales outside of the U.S. please contact International Sales 1-317-581-3793 international pearsontechgroup.com

Deploying VLANs

To implement VLANs, you must consider the number of VLANs you need and how best to place them. As usual, the number of VLANs depends on traffic patterns, application types, segmentation of common workgroups, and network-management requirements. An important factor to consider is the relationship between VLANs and the IP addressing schemes used. Cisco recommends a one-to-one correspondence between VLANs and IP subnets. This recommendation means that if a subnet with a 24-bit mask (255.255.255.0)...

Detecting a Powered Device

The switch always keeps the power disabled when a switch port is down. However, the switch must continually try to detect whether a powered device is connected to a port. If it is, the switch must begin providing power so that the device can initialize and become operational. Only then will the Ethernet link be established. Because there are two PoE methods, a Catalyst switch tries both to detect a powered device. For IEEE 802.3af, the switch begins by supplying a small voltage across the...

Differentiated Services Model

As you might imagine, the IntServ model does not scale very well when many sources are trying to compete with each other to reserve end-to-end bandwidth. Another approach is the Differentiated Services (DiffServ) model, which permits each network device to handle packets on an individual basis. Each router or switch can be configured with QoS policies to follow, and forwarding decisions are made accordingly. DiffServ requires no advance reservations QoS is handled dynamically, in a distributed...

Diff Serv QoS

DiffServ is a per-hop behavior, with each router or switch inspecting each packet's header to decide how to go about forwarding that packet. All the information needed for this decision is carried along with each packet in the header. The packet itself cannot affect how it will be handled. Instead, it merely presents some flags, classifications, or markings that can be used to make a forwarding decision based on QoS policies that are configured into each switch or router along the path.

Distribution Layer

The distribution layer provides interconnection between the campus network's access and core layers. Devices in this layer, sometimes called building distribution switches, should have the following capabilities Aggregation of multiple access-layer devices High Layer 3 throughput for packet handling Security and policy-based connectivity functions through access lists or packet filters Scalable and resilient high-speed links to the core and access layers In the distribution layer, uplinks from...

Do I Know This Already

LWAPP is integral to operating a lightweight access point. What is so special about LWAPP Answer LWAPP is the protocol used to build a tunnel between a lightweight AP and a WLC. Through this protocol, the LAP can be centrally managed, can synchronize code images, and can transport wireless client traffic across a switched network from WLC to LAP. 2. How does a wireless client roam between two LAPs managed by the same WLC Answer The client must move its association from one LAP to another in...

Do I Know This Already Quiz

The purpose of the Do I Know This Already quiz is to help you decide whether you need to read the entire chapter. If you already intend to read the entire chapter, you do not necessarily need to answer these questions now. The 12-question quiz, derived from the major sections in the Foundation Topics portion of the chapter, helps you determine how to spend your limited study time. Table 8-1 outlines the major topics discussed in this chapter and the Do I Know This Already quiz questions that...

Dynamic Trunking Protocol

You manually can configure trunk links on Catalyst switches for either ISL or 802.1Q mode. In addition, Cisco has implemented a proprietary, point-to-point protocol called Dynamic Trunking Protocol (DTP) that negotiates a common trunking mode between two switches. The negotiation covers the encapsulation (ISL or 802.1Q) and whether the link becomes a trunk at all. This allows trunk links to be used without a great deal of manual configuration or administration. The use of DTP is explained in...

EAPBased Security Methods

Fortunately, wireless security has evolved to use other more robust methods. APs can use a variety of authentication methods that leverage external authentication and authorization servers and their user databases. The Extensible Authentication Protocol (EAP) forms the basis for many wireless security methods most of which have similar acronyms that rhyme, such as EAP, PEAP, and LEAP. EAP is defined in RFC 3748, and was originally designed to handle user authentication for PPP users. Because it...

Electing a Root Bridge

For all switches in a network to agree on a loop-free topology, a common frame of reference must exist to use as a guide. This reference point is called the Root Bridge. (The term bridge continues to be used even in a switched environment because STP was developed for use in bridges. Therefore, when you see bridge, think switch.) An election process among all connected switches chooses the Root Bridge. Each switch has a unique Bridge ID that identifies it to other switches. The Bridge ID is an...

Electing Designated Ports

By now, you should begin to see the process unfolding A starting or reference point has been identified, and each switch connects itself toward the reference point with the single link that has the best path. A tree structure is beginning to emerge, but links have only been identified at this point. All links still are connected and could be active, leaving bridging loops. To remove the possibility of bridging loops, STP makes a final computation to identify one Designated Port on each network...

Electing Root Ports

Now that a reference point has been nominated and elected for the entire switched network, each nonroot switch must figure out where it is in relation to the Root Bridge. This action can be performed by selecting only one Root Port on each nonroot switch. The Root Port always points toward the current Root Bridge. STP uses the concept of cost to determine many things. Selecting a Root Port involves evaluating the Root Path Cost. This value is the cumulative cost of all the links leading to the...

Enabling VTP Pruning

By default, VTP pruning is disabled on IOS-based switches. To enable pruning, use the following global configuration command Switch(config) vtp pruning If you use this command on a VTP server, it also advertises that pruning needs to be enabled for the entire management domain. All other switches listening to that advertisement also will enable pruning. When pruning is enabled, all general-purpose VLANs become eligible for pruning on all trunk links, if needed. However, you can modify the...

Ether Channel Configuration

For each EtherChannel on a switch, you must choose the EtherChannel negotiation protocol and assign individual switch ports to the EtherChannel. Both PAgP- and LACP-negotiated EtherChannels are described in the following sections. You also can configure an EtherChannel to use the on mode, which unconditionally bundles the links. In this case, neither PAgP nor LACP packets are sent or received. As ports are configured to be members of an EtherChannel, the switch automatically creates a logical...

Ethernet Concepts

This section reviews the varieties of Ethernet and their application in a campus network. Recall how the bandwidth requirements for each network segment are determined by the types of applications in use, the traffic flows within the network, and the size of the user community served. Ethernet scales to support increasing bandwidths and should be chosen to match the need at each point in the campus network. As network bandwidth requirements grow, you can scale the links between access,...

Ethernet Port Cables and Connectors

Catalyst switches support a variety of network connections, including all forms of Ethernet. In addition, Catalyst switches support several types of cabling, including UTP and optical fiber. Fast Ethernet (100BASE-FX) ports use two-strand multimode fiber (MMF) with MT-RJ or SC connectors to provide connectivity. The MT-RJ connectors are small and modular, each containing a pair of fiber-optic strands. The connector snaps into position, but you must press a tab to remove it. The SC connectors on...

Evaluating an Existing Network

If you are building an enterprise network from scratch, you might find that it is fairly straightforward to build it in a hierarchical fashion. After all, you can begin with switches in the core layer and fan out into lower layers to meet the users, server farms, and service providers. In the real world, you might be more likely to find existing networks that need an overhaul to match the hierarchical model. Hopefully, if you are redesigning your own network, you already know its topology and...

Fallback Bridging

For protocols that CEF can't route or switch, a technique known as fallback bridging is used. Sample protocols are IPX and AppleTalk, which are routable but not supported by CEF, as well as SNA and LAT, which are not routable. To summarize fallback bridging operation, each SVI associated with a VLAN in which nonroutable protocols are being used is assigned to a bridge group. Packets that cannot be routed from one VLAN to another are bridged transparently instead, as long as the two VLANs belong...

Forwarding Information Base

The Layer 3 engine (essentially a router) maintains routing information, whether from static routes or dynamic routing protocols. Basically, the routing table is reformatted into an ordered list with the most specific route first, for each IP destination subnet in the table. The new format is called a Forwarding Information Base (FIB) and contains routing or forwarding information that the network prefix can reference. In other words, a route to 10.1.0.0 16 might be contained in the FIB along...

Foundation Summary

The Foundation Summary is a collection of tables, figures, lists, and other information that provides a convenient review of many key concepts in this chapter. If you are already comfortable with the topics in this chapter, this summary might help you recall a few details. If you just read this chapter, this review should help solidify some key facts. If you are doing your final preparation before the exam, the following information is a convenient way to review the day before the exam. A...

Gigabit Ethernet Port Cables and Connectors

Gigabit Ethernet connections take a different approach by providing modular connectivity options. Catalyst switches with Gigabit Ethernet ports have standardized rectangular openings that can accept Gigabit Interface Converter (GBIC) or small form factor pluggable (SFP) modules. The GBIC and SFP modules provide the media personality for the port so that various cable media can connect. In this way, the switch chassis is completely modular and requires no major change to accept a new media type....

Hierarchical Network Design

You can structure the campus network so that each of the three types of traffic flows or services outlined in Table 1-3 is best supported. Cisco has refined a hierarchical approach to network design that enables network designers to logically create a network by defining and using layers of devices. The resulting network is efficient, intelligent, scalable, and easily managed. The hierarchical model breaks a campus network into three distinct layers, as illustrated in Figure 1-5. Figure 1-5...

How Power over Ethernet Works

A Catalyst switch can offer power over its Ethernet ports only if it is designed to do so. It must have one or more power supplies that are rated for the additional load that will be offered to the connected devices. PoE is available on many platforms, including the Catalyst 3750-PWR, Catalyst 4500, and Catalyst 6500. Two methods provide PoE to connected devices Cisco Inline Power (ILP) A Cisco-proprietary method developed before the IEEE 802.3af standard IEEE 802.3af A standards-based method...

How This Book Is Organized

Although this book can be read cover to cover, it is designed to be flexible and allow you to easily move between chapters and sections of chapters to cover only the material that you need more work with. Chapters 1 through 19 are the core chapters and can be covered in any order, though some chapters are related and build upon each other. If you do intend to read them all, the order in the book is an excellent sequence to use. When you finish with the core chapters, you have several options on...

How to Use This Book for Study

Retention and recall are the two features of human memory most closely related to performance on tests. This exam-preparation guide focuses on increasing both retention and recall of the topics on the exam. The other human characteristic involved in successfully passing the exam is intelligence this book does not address that issue Adult retention is typically less than that of children. For example, it is common for 4-year-olds to pick up basic language skills in a new country faster than...

I

IBSS (Independent Basic Service Set), 439 identifying IEEE 802.1Q, 122 on trunk links. See tagging IEEE 802.11 standard 802.11a, 463-464 802.11b, 460 channels, 461 data rates, 462 802.11g, 463 authentication methods, 476-477 backward compatibility, 463 BSS, 440 frame type compliance, 460 regulatory agencies, 459-460 security EAP-based, 477-479 WPA, 479-480 WPA2, 480 service sets, ESS, 440 IEEE 802.1d. See STP (Spanning Tree Protocol) IEEE 802.1Q, 122, 272, 369 CST, 206 native VLAN, 122 TCI...

Identifying Ports

You can add a text description to a switch port's configuration to help identify it. This description is meant as a comment field only, as a record of port use or other unique information. The port description is included when displaying the switch configuration and interface information. To assign a comment or description to a port, enter the following command in interface configuration mode Switch(config-if) description description-string The description string can have embedded spaces...

IEEE 8021D Overview

A robust network design not only includes efficient transfer of packets or frames, but also considers how to recover quickly from faults in the network. In a Layer 3 environment, the routing protocols in use keep track of redundant paths to a destination network so that a secondary path can be used quickly if the primary path fails. Layer 3 routing allows many paths to a destination to remain up and active, and allows load sharing across multiple paths. In a Layer 2 environment (switching or...

Ii

Now, each module should be addressed so that it can be migrated into a proper switch block. Remember that switch blocks always contain the switches necessary to connect a resource (users, servers, and so on) into the core layer. If this is done for the network in Figure 2-8, the network shown in Figure 2-9 might result. Figure 2-9 Migrating Network Modules into Switch Blocks Service Core or Server Farm Provider Module Collapsed Core Switch Block Figure 2-9 Migrating Network Modules into Switch...

Integrated Services Model

One approach to QoS is the Integrated Services (IntServ) model. The basic idea is to prearrange a path for priority data along the complete path, from source to destination. Beginning with RFC 1633, the Resource Reservation Protocol (RSVP) was developed as the mechanism for scheduling and reserving adequate path bandwidth for an application. The source application itself is involved by requesting QoS parameters through RSVP. Each network device along the way must check to see whether it can...

Inter Controller Roaming

In some cases, a client might roam from one controller to another. For example, a large wireless network might consist of too many LAPs to be supported by a single WLC. The LAPs could also be distributed over several controllers for load balancing or redundancy purposes. In Figure 19-10, a wireless client is using an association with WLC1 through API. This is similar to Figure 19-8, but now each of the adjacent LAP cells belongs to a different WLC. All the client's traffic passes through the...

Intra Controller Roaming

In Figure 19-8, a wireless client has an active wireless association at location A. The association is with WLC1 through AP1. As you might expect, all traffic to and from the client passes through the LWAPP tunnel between AP1 and WLC1. Figure 19-8 A Wireless Client in an LAP Cell Before Roaming Figure 19-8 A Wireless Client in an LAP Cell Before Roaming The client begins moving in Figure 19-9 and roams into the area covered by AP2. For this example, notice two things The cells provided by AP1...

IP Telephony

In addition to carrying regular data, switched campus networks can carry packets that are related to telephone calls. Voice over IP (VoIP), otherwise known as IP Telephony (IPT), uses IP Phones that are connected to switched Ethernet ports. To properly and effectively carry the traffic for a successful phone call, a combination of many switching features must be used. For example, the Catalyst switches can provide power to IP Phones, form trunk links with IP Phones, and provide the proper level...

Layer 2 QoS Classification

Layer 2 frames themselves have no mechanism to indicate the priority or importance of their contents. One frame looks just as important as another. Therefore, a Layer 2 switch can forward frames only according to a best-effort delivery. When frames are carried from switch to switch, however, an opportunity for classification occurs. Recall that a trunk is used to carry frames from multiple VLANs between switches. The trunk does this by encapsulating the frames and adding a tag indicating the...

Layer 2 Switching

Devices that forward frames at Layer 2 involve the following functions MAC addresses are learned from the incoming frames' source addresses. A table of MAC addresses and their associated bridge and switch ports is built and maintained. Broadcast and multicast frames are flooded out to all ports (except the one that received the frame). Frames destined for unknown locations are flooded out to all ports (except the one that received the frame). Bridges and switches communicate with each other...

Layer 3 Routing

Devices involved in Layer 3 routing perform the following functions Packets are forwarded between networks based on Layer 3 addresses. An optimal path is determined for a packet to take through a network to the next router. Packet forwarding involves a table lookup of the destination network, the next-hop router address, and the router's own outbound interface. An optimal path can be chosen from among many possibilities. Routers communicate with each other using routing protocols. By nature,...

Layer 3 Switching

Devices involved in Layer 3 switching perform the following functions Packets are forwarded at Layer 3, just as a router would do. Packets are switched using specialized hardware, ASIC, for high speed and low latency. Packets can be forwarded with security control and quality of service (QoS) using Layer 3 address information. Layer 3 switches are designed to examine and forward packets in high-speed LAN environments. Whereas a router might impose a bottleneck to forwarding throughput, a Layer...

Layer 4 Switching

Devices involved in Layer 4 switching perform the following functions Packets are forwarded using hardware switching, based on both Layer 3 addressing and Layer 4 application information. (Layer 2 addressing is also inherently used.) Layer 4 protocol types (UDP or TCP, for example) in packet headers are examined. Layer 4 segment headers are examined to determine application port numbers. Switching at Layer 4 allows finer control over the movement of information. For example, traffic can be...

Legacy Security

In 802.11 networks, clients can authenticate with an AP using one of the following methods Open authentication No authentication method is used any client is offered open access to the AP. Pre-shared key (PSK) The same secret key is statically defined on the client and the AP. If the keys match, the client is permitted to have access. Notice that the authentication process in these two methods stops at the AP. In other words, the AP has enough information on its own to independently determine...

Lightweight AP Association and Roaming

Wireless clients must negotiate an association with lightweight APs, as with any 802.11 wireless network. However, the split-MAC architecture has an interesting effect on client associations. Remember that an LAP handles mostly real-time wireless duties, so it will just pass the client's association requests on up to the WLC. In effect, the wireless clients negotiate their associations with the WLC directly. This is important for two reasons All client associations can be managed in a central...

Lightweight AP Operation

The lightweight AP is designed to be a zero-touch configuration. The LAP must find a WLC and obtain all of its configuration parameters, so you never have to actually configure it through its console port or over the network. The following sequence of steps detail the bootstrap process that an LAP must complete before it becomes active Step 1 The LAP obtains an IP address from a DHCP server. Step 2 The LAP learns the IP addresses of any available WLCs. Step 3 The LAP sends a join request to the...

Link Aggregation Control Protocol

LACP is a standards-based alternative to PAgP, defined in IEEE 802.3ad (also known as IEEE 802.3 Clause 43, Link Aggregation). LACP packets are exchanged between switches over EtherChannel-capable ports. As with PAgP, neighbors are identified and port group capabilities are learned and compared with local switch capabilities. However, LACP also assigns roles to the EtherChannel's endpoints. The switch with the lowest system priority (a 2-byte priority value followed by a 6-byte switch MAC...

M

Interface range macro, 95 spanning-tree vlan command, 226 VLANs, 40 management blocks, 31 management domains, 139 advertisement requests, 143-144 subset advertisements, 142 summary advertisements, 142 configuring, 145 parameters, displaying, 148 viewing status, 148-149 management frames, 460 manually configuring STP timers, PVLAN configuration, 418-419 to primary secondary VLAN, 418 VLANs to multiple STP instances, 274-275 1ST, 275 MSTIs, 275-277 matching conditions for VACLs, defining, 413-414...

Managing Error Conditions on a Switch Port

Traditionally, a network-management application was used to detect a serious error condition on a switch port. A switch periodically was polled and switch port error counters were examined to see if an error condition had occurred. If so, an alert was issued so that someone could take action to correct the problem. Catalyst switches can detect error conditions automatically, without any further help. If a serious error occurs on a switch port, that port can be shut down automatically until...

Mobility Groups

For inter-controller roaming, a client must be able to roam from one LAP to another, where the LAPs are managed by different controllers. The controllers must be able to hand off a client's association information to each other during a roam. To do this, the WLCs are configured into logical mobility groups. A client can roam to any LAP (and its associated WLC) as long as it stays within a mobility group. A mobility group can have up to 24 WLCs of any type or platform. The number of LAPs...

MST Configuration

You must manually configure the MST configuration attributes on each switch in a region. There is currently no method to propagate this information from one switch to another, as is done with a protocol such as VLAN Trunking Protocol (VTP). To define the MST region, use the following configuration commands in the order shown Switch(config) spanning-tree mode mst Step 2 Enter the MST configuration mode Switch(config) spanning-tree mst configuration Step 3 Assign a region configuration name (up...

MST Overview

MST is built on the concept of mapping one or more VLANs to a single STP instance. Multiple instances of STP can be used (hence the name MST), with each instance supporting a different group of VLANs. For the network shown in Figure 11-3, only two MST instances would be needed. Each could be tuned to result in a different topology so that Instance 1 would forward on the left uplink, whereas Instance 2 would forward on the right uplink. Therefore, VLAN A would be mapped to Instance 1, and VLAN B...

MST Regions

MST is different from 802.1Q and PVST+, although it can interoperate with them. If a switch is configured to use MST, it somehow must figure out which of its neighbors are using which type of STP. This is done by configuring switches into common MST regions, where every switch in a region runs MST with compatible parameters. In most networks, a single MST region is sufficient, although you can configure more than one region. Within the region, all switches must run the instance of MST that is...

Multilayer Switching

Devices involved in MLS perform the following functions Packets are forwarded in hardware that combines Layer 2, Layer 3, and Layer 4 switching. Packets are forwarded at wire speed. The traditional Layer 3 routing function is provided using Cisco Express Forwarding (CEF), in which a database of routes to every destination network is maintained and distributed to switching ASICs for very high forwarding performance. Cisco switches perform multilayer switching at Layer 3 and Layer 4. At Layer 3,...

Multiple Spanning Tree Protocol

Chapter 8 covered two flavors of spanning-tree implementations IEEE 802.1Q and PVST+ both based on the 802.1D STP. These also represent the two extremes of STP operation in a network 802.1Q Only a single instance of STP is used for all VLANs. If there are 500 VLANs, only one instance of STP will be running. This is called the Common Spanning Tree (CST) and operates over the trunk's native VLAN. PVST+ One instance of STP is used for each active VLAN in the network. If there are 500 VLANs, 500...

Network Traffic Models

To design and build a successful campus network, you must gain a thorough understanding of the traffic generated by applications in use, plus the traffic flow to and from the user communities. All devices on the network will produce data to be transported across the network. Each device can involve many applications that generate data with differing patterns and loads. Applications such as email, word processing, printing, file transfer, and most web browsers bring about data traffic patterns...

Objectives and Methods

The most important and somewhat obvious objective of this book is to help you pass the Cisco BCMSN exam (642-812). In fact, if the primary objective of this book were different, the book's title would be misleading however, the methods used in this book to help you pass the BCMSN exam are designed to also make you much more knowledgeable about how to do your job. Although this book and the accompanying CD-ROM have many sample test questions, the method in which they are used is not to simply...

Official Exam Certification Guide Fourth Edition

Published by Cisco Press 800 East 96th Street Indianapolis, IN 46240 USA All rights reserved. No part of this book may be reproduced or transmitted in any form or by any means, electronic or mechanical, including photocopying, recording, or by any information storage and retrieval system, without written permission from the publisher, except for the inclusion of brief quotations in a review. Printed in the United States of America 1 2 3 4 5 6 7 8 9 0 Library...

P

Packet filtering, configuring VACLs, 413-414 packet forwarding, 317 packet rewrites, 302-303 CEF punt, 298 classification, 372-373 Layer 3 routing, 11 Layer 4 switching, 12 processing through multilayer switches, 66-68 PAgP (Port Aggregation Protocol), 169 configuring, 170-171 silent submode, 171 parameters of VTP management domains, displaying, 148 passive scanning, 484-485 Path Cost, 193 path loss, 454 PDU (protocol data unit), 9 PEAP (Protected EAP), 479 physical connectivity, 113 PKC...

Packet Forwarding Review

When a host must communicate with a device on its local subnet, it can generate an Address Resolution Protocol (ARP) request, wait for the ARP reply, and exchange packets directly. However, if the far end is located on a different subnet, the host must rely on an intermediate system (a router, for example) to relay packets to and from that subnet. A host identifies its nearest router, also known as the default gateway or next hop, by its IP address. If the host understands something about...

Packet Rewrite

When a multilayer switch finds valid entries in the FIB and adjacency tables, a packet is almost ready to be forwarded. One step remains The packet header information must be rewritten. Keep in mind that multilayer switching occurs as quick table lookups to find the next-hop address and the outbound switch port. The packet is untouched and still has the original destination MAC address of the switch itself. The IP header also must be adjusted, as if a traditional router had done the forwarding....

Overview and Design of a Campus Network

Chapter 1 Campus Network Overview Chapter 2 Modular Network Design This chapter covers the following topics that you need to master for the CCNP BCMSN exam Switching Functionality This section covers the use of switches in the OSI model layers. You learn about the functions and application of routing and switching in Layers 2, 3, and 4, along with the concept of multilayer switching. Campus Network Models This section presents the concept of a campus network, and describes the traditional...

Building a Campus Network

Chapter 3, Switch Operation This chapter covers Layer 2 and multilayer switch operation, how various CAM and TCAM tables are used to make switching decisions, and how to monitor these tables to aid in troubleshooting. Chapter 4, Switch Port Configuration This chapter covers basic Ethernet concepts, how to use scalable Ethernet, how to connect switch block devices, and how to verify switch port operation to aid in troubleshooting. Chapter 5, VLANs and Trunks This chapter covers basic VLAN...

Campus Network Services

Chapter 14, IP Telephony This chapter covers how a Catalyst switch can provide power to operate a Cisco IP Phone, how voice traffic can be carried over the links between an IP Phone and a Catalyst switch, QoS for voice traffic, and how to verify that IP Telephony features are functioning properly. Chapter 15, Securing Switch Access This chapter covers switch Authentication, Authorization, and Accounting (AAA) port security using MAC addresses port-based security using IEEE 802.1x DHCP snooping...