Access Layer Policy

The access layer is the entry point for users to access the network. Cable connections are generally pulled from an access layer switch to offices and cubicles in a company. For this reason, the network devices of the access layer are the most physically vulnerable. Anyone can plug a station into an access layer switch. You should take a couple of precautions at the access layer, including Port security Limit the Media Access Control (MAC) addresses allowed to use the switch to prevent...

Access Layer Port Security

Port security is a feature of the Cisco Catalyst switches that allows the switch to block input from a port when the MAC address of a station attempting to access the port is different from the configured MAC address. This situation is referred to as a MAC address lockdown. When a port receives a frame, the port compares the source address of the frame to the secure source address that was originally learned by the port. If the addresses do not match, the port is disabled and the LED for the...

Access Layer Switches

Recall that access layer devices should have these features High port density to connect to end users Uplinks to higher layers of the campus network Layer 2 services (traffic filtering and VLAN membership) For small campus networks, the Catalyst 1900 or 2820 series switches can be used as access layer devices. Their smaller port densities can connect 10BaseT users and hubs, while connecting to distribution layer switches with 100BaseX uplinks. The Catalyst 2900XL and 3500XL switches are useful...

Active Router

One router in each group is elected to be the active router. The election process occurs through the sending and receiving of hello messages. The hello message contains a priority level for the sending router. The router with the highest standby priority in the group becomes the active router. The active router forwards the packets sent to the virtual router. If the priority level is the same for each router in the group, the first router to come up and obtain the virtual router IP address...

Additional InterVLAN Routing Configurations

Once a route processor has been configured for interVLAN routing, end-user stations can use the processor. Normally, an end-user device knows only about its local subnet and can communicate only with stations on the local network or VLAN. To reach another station on a different VLAN, packets must be forwarded to a router. Therefore, each end-user device should be configured with the router's IP address on the local VLAN. This configuration is known as a default gateway. In addition, a switch...

Address Resolution Scenario 1 Using Ip Arp to Resolve MAC Addresses

Workstation A needs to contact Workstation B, but only knows its IP address. IP ARP is used to find Workstation B's MAC address Step 1 A workstation generates an ARP request broadcast on its local LAN (switch port) to find a MAC address. Step 2 The switch floods the broadcast out all VLAN ports, as well as to the ELAN associated with the VLAN. This flooding occurs on the switch's ATM module. Step 3 The LEC contacts the BUS with a broadcast frame to be delivered. Step 4 The BUS sends the...

Address Resolution Scenario 2 Using LEARP to Resolve NSAP Addresses

Workstation A needs to contact Workstation B, and Workstation A already knows both its IP and MAC addresses. Once Workstation A's LEC receives a unicast frame, it must find Workstation B's LEC via its NSAP address so that a Data Direct VC can be built between the LECs. LE_ARP is used to resolve the NSAP address Step 1 Workstation A sends a frame to Workstation B's MAC address. Workstation A's switch has an entry for the MAC address on its ATM module, pointing toward an ELAN. Step 2 Workstation...

Anatomy of an HSRP Message

All routers in a standby group send or receive HSRP messages. These messages are used to determine and maintain the router roles within the group. HSRP messages are encapsulated in the data portion of User Datagram Protocol (UDP) packets and use port number 1985. These packets are addressed to an all router multicast address with a Time to Live (TTL) of one (1). Figure 9-5 shows the general format for an HSRP message. Anatomy of an HSRP Message 1 Octet 1 Octet 1 Octet 1 Octet The HSRP message...

Answers to Chapter 10 Do I Know This Already Quiz

1 Name the three types of traffic available in today's multimedia environment Unicast traffic, broadcast traffic, and multicast traffic. 2 What Layer 4protocol is used to carry multicast traffic The transport layer protocol UDP is used to carry multicast traffic. UDP is a simpler, more efficient protocol because there is no flow control, reliability, or error recovery added to IP. 3 What Class of IP address is used in a multicast environment IP multicast is Class D. 4 Describe the makeup of the...

Answers to Chapter 11 Do I Know This Already Quiz

1 Which Internet Request for Comment (RFC) deals with multicasts RFC 1112 is titled Host Extensions for IP Multicasting and was the original specification. RFC 2236, titled Internet Group Management Protocol, Version 2, is the most recent. 2 What is the name of the industry standard protocol that deals with multicast groups The Cisco proprietary protocol IGMP is the industry standard, and CGMP is the Cisco proprietary protocol. 3 What command enables multicast routing on a Cisco router At the...

Answers to Chapter 12 Do I Know This Already Quiz

A policy is a firm's documented standard of network access for their users. 2 What is the access layer defined as The access layer is defined at the point at which a user enters the network. 3 Is HTTP access normally enabled on a Cisco router What is the main purpose of using HTTP HTTP access is normally disabled on a Cisco router. The main purpose of using it is to make configuration easier. 4 Name at least two components relating to controlling access to network devices. Physical security,...

Answers to Chapter 13 Do I Know This Already Quiz

1 What is the main method of out-of-band management for Cisco switches The main method of out-of-band management is the console connection. 2 What is an application that uses SNMP to perform in-band management CiscoWorks 2000. 3 CDP operates at what layer of the OSI model CDP operates at the data link layer. 4 What is the command to verify that RMON is enabled on the switch show snmp 5 Using a troubleshooting model, what step is generally taken after ascertaining all the facts 6 What is the...

Answers to Chapter 2 Do I Know This Already Quiz

1 Describe the differences between Layer 2, Layer 3, and Layer 4 switching. In Layer 2 switching, frames are forwarded based on the Layer 2 source and destination MAC addresses. In Layer 3 switching, network layer source and destination addresses (IP, IPX, and so forth) are used. In Layer 4 switching, some application information is taken into account along with Layer 3 addresses. For IP, this information includes the port numbers from such protocol types as UDP and TCP. 2 What is multilayer...

Answers to Chapter 2 QA Section

1 Where is the most appropriate place to connect a block of enterprise servers Why A block of enterprise servers should be connected into the core, just as switch blocks are. This maximizes connectivity from the servers to all other devices in the network. In effect, all users will see the same number of switch hops to access a server. Connecting into the core also provides maximum scalability as more server blocks can be added in the future. 2 Describe the differences between Layer 2, Layer 3,...

Answers to Chapter 3 Do I Know This Already Quiz

1 What are the different Ethernet technologies and their associated IEEE standards Ethernet (10 Mbps, IEEE 802.3), Fast Ethernet (100 Mbps, IEEE 802.3u), and Gigabit Ethernet (1000 Mbps, IEEE 802.3z) 2 What benefits result with switched Ethernet over shared Ethernet Switched Ethernet ports receive dedicated bandwidth, have a reduced collision domain, and have increased performance due to segmentation or fewer users per port. 3 At what layer are traditional 10 Mbps Ethernet, Fast Ethernet, and...

Answers to Chapter 3 QA Section

1 What are the different Ethernet technologies and their associated IEEE standards Ethernet (10 Mbps, IEEE 802.3), Fast Ethernet (100 Mbps, IEEE 802.3u), and Gigabit Ethernet (1000 Mbps, IEEE 802.3z) 2 What benefits result with switched Ethernet over shared Ethernet Switched Ethernet ports receive dedicated bandwidth, have a reduced collision domain, and have an increased performance due to segmentation or fewer users per port. 3 When a 10 100 Ethernet link is autonegotiating, which will be...

Answers to Chapter 4 Do I Know This Already Quiz

1 What is a VLAN When is it used A VLAN is a group of devices on the same broadcast domain, as a logical subnet or segment. VLANs can span switch ports, switches within a switch block, or closets and buildings. VLANs are used to group users and devices into common workgroups across geographical areas. VLANs help provide segmentation, security, and problem isolation. 2 What are two types of VLANs, in terms of spanning areas of the campus network End-to-end (spans entire campus network) and local...

Answers to Chapter 4 QA Section

1 What is a VLAN When is it used A VLAN is a group of devices on the same broadcast domain, as a logical subnet or segment. VLANs can span switch ports, switches within a switch block, or closets and buildings. VLANs are used to group users and devices into common workgroups across geographical areas. VLANs help provide segmentation, security, and problem isolation. 2 When a VLAN is configured on a Catalyst switch port, in how much of the campus network will the VLAN number be unique and...

Answers to Chapter 5 Do I Know This Already Quiz

1 What is EtherChannel What types of switch links can it be used with EtherChannel is a method for aggregating multiple physical Ethernet ports into a single logical link. EtherChannel can be used with full-duplex Fast Ethernet or Gigabit Ethernet links. 2 How is traffic distributed over an EtherChannel Traffic is distributed according to addresses contained in frames passing through the switch not according to port loads or equal distribution across the individual ports in a bundle. Switches...

Answers to Chapter 6 Do I Know This Already Quiz

1 What is the basic unit of ATM data What is its basic format (header, payload, and so forth) The basic ATM data unit is the cell. An ATM cell consists of a 5-byte header and a 48-byte payload. 2 What is an ATM edge device What Cisco devices can be used An ATM edge device interfaces native ATM to other media. For example, Cisco Catalyst switches (5000 and 6000) can be used to bridge between LAN ports and an ATM LANE module. Also, Cisco routers (4500 4700, 7500, for example) can bridge between...

Answers to Chapter 7 Do I Know This Already Quiz

1 Where can a router be placed in relation to switches for interVLAN routing External to the switches or internal (integrated) to a switch. 2 What types of links can be used to interconnect switches and an external router How many VLANs can be carried on each Links can be used with one VLAN per physical link, using any supported media. Trunk links can also be used to carry multiple VLANs over a single link, using such media as Fast Ethernet, Gigabit Ethernet, ATM LANE, and FDDI. 3 What trunking...

Answers to Chapter 8 Do I Know This Already Quiz

1 What devices make up the basis for Layer 3 switching as it relates in a Cisco environment Catalyst switches 2 What device is the definition of a Multilayer Switch Engine (MLS-SE) The Multilayer Switch Engine is a Supervisor III card in a Catalyst switch with a Netflow Feature Card (NFFC) enabled on it. On a Catalyst 6000, the PFC MSFC combination can also perform MLS. 3 What devices can be used as a Multilayer Switch Route Processor (MLS-RP) A Route Switch Module (RSM) and any Cisco router...

Answers to Chapter 8 QA Section

1 What devices are the basis for Layer 3 switching as it relates in a Cisco environment Catalyst switches. 2 What device is the definition of a Multilayer Switch Engine (MLS-SE) The Multilayer Switch Engine is a Supervisor III card in a Catalyst switch with a Netflow Feature Card (NFFC) enabled on it. 3 What devices can be used as a Multilayer Switch Route Processor (MLS-RP) A Route Switch Module (RSM) or any Cisco router that supports MLS in software (Typically, a 75xx, 72xx, 45xx, 47xx, or...

Answers to Chapter 9 Do I Know This Already Quiz

1 What is the name of the protocol that allows a set of routers that are working together to form one virtual-router Hot Standby Router Protocol or HSRP. 2 What is the minimum number of routers needed to perform HSRP The minimum number of routers needed is at least two. One functions as an active router and one as a standby. 3 In a properly functioning virtual router, what happens when the active router fails In a properly functioning HSRP environment, packets will still be routed in the event...

Answers to Chapter 9 QA Section

1 What is the name of the protocol that allows a set of routers that are working together to form one virtual router Hot Standby router Protocol or HSRP. 2 What problem makes HSRP necessary The fact that there isn't a dynamic protocol to discover new default gateways for hosts in the event of failure. 3 What is the minimum number of routers needed to perform HSRP The minimum number of routers needed is at least two. One functions as an active router and one as a standby. 4 What is the RFC that...

Assigning a Port Description on a CLIBased Switch

For a switch with a CLI-based user interface, assign a port description with Switch(enable) set port name module number description-string Here, module is the switch module number where the port resides, and number is the port number on that module. The description string must be less than 21 characters, and can have embedded spaces with no special treatment. To remove a port description, use the set port name module number command, followed by a carriage return (no description string).

B

BCMSN (Building Cisco Multilayer Switched Networks), 8 BCRAN (Building Cisco Remote Access Networks), 8 behavior, active standby routers, 314 between, 246 blocking redundant paths, 160 blocks core, 43-48 switch, 40-42 BPDUs (Bridge Protocol Data Units), 160 breakout boxes, 453 Bridge Protocol Data Units (BPDUs), 160 bridging Root Bridge, 174-179 Token Rings'transparent bridges, 75-76 Broadcast and Unknown Server (BUS), domains, 24 traffic, 340 BSCN (Building Scalable Networks), 8 Building Cisco...

Backbone Fast Redundant Backbone Paths

In the network backbone, or Core layer, a different method is used to shorten STP convergence. BackboneFast works by having a switch actively determine if alternate paths exist to the root bridge in the event that the switch detects an indirect link failure. Indirect link failures occur when a link not directly connected to a switch fails. A switch detects an indirect link failure when it receives inferior BPDUs from its Designated Bridge on either its root port or a blocked port. (Inferior...

Basic Switch and Port Configuration

Chapter 2, Campus Network Design Models, dealt with the logical processes that can be used to design a campus network. Connections between switch blocks were discussed, such that traffic could be efficiently transported across the campus. Single connections, load balancing, and redundant paths were used to connect switches in modular blocks for complete connectivity. However, these paths were only functional paths no specifics were presented about how much traffic could be handled, or what...

Breakout Boxes Fox Boxes and BERTsBLERTs

Breakout boxes, fox boxes, and bit block error rate testers are digital interface testing tools used to measure the digital signals present at PCs, printers, modems, CSU DSUs, and other peripheral interfaces. These devices can monitor data line conditions, analyze and trap data, and diagnose problems common to data communication systems. Traffic from data terminal equipment (DTE) through data communications equipment (DCE) can be examined to help isolate problems, identify bit patterns, and...

Bridging Loops

Recall that a Layer 2 switch mimics the function of a transparent bridge. A transparent bridge must offer segmentation between two networks, while remaining transparent to all the end devices connected to it. For the purpose of this discussion, consider a two-port Ethernet switch and its similarities to a two-port transparent bridge. A transparent bridge (and the Ethernet switch) must operate as follows The bridge has no initial knowledge of the location of any end device therefore, the bridge...

Broadcast Traffic

In a broadcast design, an application sends only one copy of each packet using a broadcast address. If this technique is used, however, broadcasts either must be stopped at the broadcast domain boundary with a Layer 3 device or transmitted to all devices in the campus network. Broadcasting a packet to all devices can be inefficient if only a small group in the network actually needs to see the packet as demonstrated in Figure 10-3. Broadcast multimedia is dispersed throughout the network just...

Bundling Ports with Ether Channel

Fast EtherChannel is available on the Catalyst 1900, 2820, 2900, 2900XL, 3500XL, 4000, 5000, and 6000 families. Gigabit EtherChannel is supported only on the Catalyst 2900, 2900XL, 4000, 5000, and 6000 families. Most of the switch families support a maximum of four FE or GE links bundled in a single EtherChannel link. However, the Catalyst 6000 family supports up to eight bundled links for a total throughput of 1600 Mbps (FEC) or 16 Gbps (GEC). The Catalyst 6000 also supports up to 128...

Campus Network Design Models

As campus networks have grown and technologies have matured, network engineers and architects have many more options to consider than the bridges, hubs, and routers traditionally put in place. Switches can be used to improve network performance in many ways. It is not enough, however, to simply replace existing shared networks with switched networks. The switching function alone alleviates congestion and increases bandwidth (in addition to more complex capabilities) if properly placed and...

Campus Network Models

A campus network is an enterprise network consisting of many LANs in one or more buildings, all connected and all usually in the same geographic area. A company typically owns the entire campus network, as well as the physical wiring. Campus networks usually consist of Ethernet, Token Ring, and FDDI LANs and higher-speed Fast Ethernet, Fast EtherChannel, and Gigabit Ethernet LANs. An understanding of traffic flow is a vital part of the campus network design. While high-speed LAN technologies...

Cells and SAR

All types of traffic are transported over ATM as small cells. Using cells of an optimal fixed size allows the following benefits Low latency, high throughput Small cells can be moved very quickly from switch to switch with a low propagation delay for the short serialized data from each cell. Fixed-size cells then can be relayed at a predictable rate. ATM switches also use hardware-based switching and reduced addressing and decision spaces to speed cell relay. Multiservice traffic Traffic from...

Cisco Discovery Protocol

Cisco uses a proprietary protocol on both switches and routers to discover neighboring devices. The Cisco Discovery Protocol (CDP) can be enabled on interfaces to periodically advertise the existence of a device and exchange basic information with directly connected neighbors. The information exchanged in CDP messages includes the device type, links between devices, and the number of ports within each device. By default, CDP runs on each port of a Cisco switch that is capable of using the SNAP...

Cisco Discovery Protocol CDP

Cisco Discovery Protocol (CDP) is media- and protocol-independent and runs on all Cisco-manufactured equipment including routers, bridges, access and communication servers, and switches. With CDP, network management applications can retrieve the device type and the SNMP-agent address of neighboring devices (see Figure 13-5). Applications are now enabled to send SNMP queries to neighboring devices. Figure 13-5 A Typical Cisco Network Environment with CDP Enabled Figure 13-5 A Typical Cisco...

Cisco Products in the Hierarchical Design

Before delving into the design practices needed to build a hierarchical campus network, you should have some idea of the actual devices that can be placed at each layer. Cisco has switching products tailored for layer functionality, as well as the size of campus network. For the purposes of this discussion, a large campus can be considered to span across several or many buildings in a single location. A medium campus might have one or several collocated buildings, while a small campus might...

Cisco Works 2000

CiscoWorks 2000 is an integrated management solution for Cisco networks. For our purposes here, we are strictly concerned with the LAN Management Solution, which is just part of the overall architecture of CiscoWorks 2000. CiscoWorks 2000 provides configuration, administration, monitoring, and troubleshooting tools for the campus. This includes topology maps, configuration services, and important system, device, and performance information. CiscoWorks 2000 can be integrated with popular SNMP...

Cl

A Group-Specific Query also was added in IGMPv2 to allow the router to query membership in only a single group instead of all groups. This addition is an optimized way to quickly find out if any members are left in a group without asking all groups for a report. The difference between the Group-Specific query and the General Query is that a General Query is multicast to the all-hosts (224.0.0.1) address while a Group-Specific Query for group G is multicast to the group G multicast address. To...

Collapsed Core

A collapsed core block is one where the core layer of the hierarchy is collapsed into the distribution layer. Here, both distribution and core functions are provided within the same switch devices. This situation is usually found in smaller campus networks, where a separate core layer (and additional cost or performance) is not warranted. Figure 2-9 shows the basic collapsed core design. Although the distribution and core layer functions are performed in the same device, keeping these functions...

Common Spanning Tree CST

The IEEE 802.1Q standard specifies how VLANs are to be trunked between switches. As well, it specifies only a single instance of STP for all VLANs. This instance is referred to as the Common Spanning Tree (CST) or the Mono Spanning Tree (MST). All BPDUs are transmitted over VLAN 1, the management VLAN. Having a single STP for many VLANs simplifies switch configuration and reduces switch CPU load during STP calculations. However, the STP can cause limitations, too. Redundant links between...

Configure Routing Processes

Once connectivity has been configured between the switch and a route processor, you must also configure routing. Routes are paths to distant networks known on the local route processor, along with metrics for path costs and the addresses of next-hop route processors. In this fashion, a router hands off packets destined for a remote network to a neighboring router who is closer to the destination. Routers are used by end-user devices when the destination is not attached to the local network...

Configuring a Rendezvous Point

One of the features that you have to configure if you use PIM in sparse mode is a Rendezvous Point (RP). The routers learn that they are RPs automatically. RPs are used by multicast senders in a sparse mode environment to announce their existence. Through the destination, receivers learn about new senders. Multi-RP environments can be configured for any given multicast group. One term used in the description of RPs is leaf routers. Leaf routers are either directly connected to a multicast group...

Configuring a VTP Management Domain

Before a switch is added into a network, the VTP management domain should be identified. If this switch is the first one on the network, the management domain will need to be created. Otherwise, the switch may have to join an existing management domain with other existing switches. Configuring a VTP Management Domain on an IOS-Based Switch The following command can be used to assign a switch to a management domain, where the domain-name is a text string up to 32 characters long. Switch(vlan)...

Configuring an HSRP Standby Interface

To configure a router as a member of an HSRP standby group, enter the following command in interface configuration mode Router(config-if) standby group-number ip ip-address where the optional group-number argument indicates the HSRP group to which this interface belongs. Specifying a unique group number in the standby commands enables the creation of multiple HSRP groups. The default group is 0. The ip-address argument indicates the IP address of the virtual HSRP router While running HSRP, it...

Configuring CGMP Leave

In some cases, you may want multicast group to be removed from the forwarding tables, freeing up bandwidth. The command to accomplish this, called CGMP leave, is as follows A multicast router sends out group queries periodically. In a normal participating mode, the multicast hosts would send a reply to these queries. If, after a given number of queries no response is given by any members of a group, that group is then eligible to be pruned from the forwarding tables of the switch.

Configuring Each LEC

You must configure a LEC on each device where required. One LEC is necessary for each ELAN that a device participates in. The LEC configuration also specifies which VLAN the ELAN will be bridged to on the switch. Each LEC is configured on a different ATM subinterface, using the following commands ATM(Config) interface atm number.subint multipoint ATM(Config-subif) lane client ethernet vlan-num elan-name The vlan-num argument references an existing VLAN number on the local switch. The elanname...

Configuring HSRP Standby Preempt

The standby router automatically assumes the active router role when the active router fails or is removed from service. This new active router remains the forwarding router even when the former active router with the higher priority regains service in the network. The former active router can be configured to resume the forwarding router role from a router with a lower priority. To enable a router to resume the forwarding router role, enter the following command in interface configuration mode...

Configuring HSRP Standby Priority

Each standby group has its own active and standby routers. The network administrator can assign a priority value to each router in a standby group, allowing the administrator to control the order in which active routers for that group are selected. To set the priority value of a router, enter the following command in interface configuration mode Router (config-if) standby group-number priority priority-value where group-number indicates the HSRP standby group. This number can be in the range of...

Configuring HSRP Tracking

To configure HSRP tracking, enter the following command in interface configuration mode Router(config-if) standby group-number track type-number interface-priority The command arguments for this command are defined as follows group-number This optional argument indicates the group number on the interface to which the tracking applies. The default number is 0. type This argument indicates the interface type (combined with the interface number) to be tracked. number This argument indicates the...

Configuring Internet Group Management Protocol IGMP

Internet Group Management Protocol (IGMP) is an important part of IP that must be supported by all multicast hosts on a network. Multicast routers use IGMP to keep track of multicast hosts on a network. Although two versions of IGMP are available, version 1 and version 2, IGMP version 2 is the default in all Cisco routers running IOS Release 11.3(2)T and later. To configure the multicast router to join a particular multicast group, enter the following command in the relevant interface...

Configuring IP Multicast

IP multicast and the task configuring it are somewhat advanced topics. Fortunately, the material on the CCNP Switching exam covers only the basics of configuring IP multicast. We will do the same here, but will list as optional a few of the advanced tasks. The two basic tasks in enabling multicast are Enabling IP multicast routing Enabling PIM on an interface Advanced tasks are optional and include the following Configuring a rendezvous point Configuring the Time To Live (TTL) threshold...

Configuring Multilayer Switching

The basic tasks for configuring multilayer switching include the following 2 Assigning a VLAN ID to a route processor interface. 3 Adding the interfaces to the same VLAN Trunking Protocol (VTP) domain as the switch. 4 Enabling MLS on every interface. 5 Configuring the MLS Management interface. Before you can configure MLS for a specific VLAN or interface, you must globally enable the MLSP that operates between the route processor and the switch. To enable MLSP on the route processor, enter the...

Configuring Port Security at the Access Layer

By default, the switch allows all MAC addresses to access the network. For network security purposes, the switch relies on mechanisms such as file server operating systems and applications. Port security allows a network administrator to configure a set of allowed devices or MAC addresses to provide additional security. If port security is enabled, only the MAC addresses that are explicitly allowed can use the port. A MAC address can be allowed as follows Static assignment of the MAC address...

Configuring Route Filtering

The basic method for configuring route filtering is by using the distribute-list command. This method is used frequently in large routed networks but can be used by Route Switch modules (RSMs) in a large switched network as well. The basic command syntax for configuring route filtering for inbound routing updates is R1(config-router) distribute-list access-list-number name in type number Similarly, the command syntax for configuring route filtering for outbound routing updates is...

Configuring SLIP on the Console Port

Catalyst series switches support out-of-band management through the use of a modem attached to the console port. This out-of-band connection works in conjunction with SLIP. The out-of-band connection can be used to Establish a Telnet session that provides access to the Cisco switch CLI. Use the Telnet Server feature. Establish an SNMP management session that provides the capability to use an SNMP-based management platform such as the CiscoWorks 2000 solution. To establish an out-of-band...

Configuring the Hello Message Timers

An HSRP-enabled router sends hello messages to indicate that the router is running and is capable of becoming either the active or standby router. The Hello message contains the priority of the router, as well as a hellotime and holdtime value. The hellotime value indicates the interval between the hello messages that the router sends. The holdtime value contains the amount of time that the current hello message is considered valid. If an active router sends a hello message, receiving routers...

Configuring the LECS

The LECS is configured on a major ATM interface, not on a subinterface. First you must build the LECS database of ELANs and their associated LES NSAP addresses. Configure the LECS database with the following commands ATM(Config) lane database database-name ATM(lane-config-database) name elan1-name server-atm-address les1-nsap-address ATM(lane-config-database) name elan2-name server-atm-address les2-nsap-address ATM(lane-config-database) name The database-name argument is a text string that...

Configuring the LES and BUS

The LES and BUS for an ELAN must be located on the same device and must use the same ATM subinterface. To configure both LES and BUS components for an ELAN, use the following commands ATM(Config) interface atm number.subint multipoint ATM(Config-subif) lane server-bus ethernet elan-name The subinterface number used can be arbitrarily chosen. Remember that each subinterface (or each ELAN) is segmented from the others. Therefore, you can configure a different LES BUS pair on one or more...

Configuring the VTP Mode

Next, the VTP mode needs to be chosen for the new switch. The three VTP modes of operation and their guidelines for use are as follows Server mode Server mode can be used on any switch in a management domain, even if other server and client switches are in use. This mode provides some redundancy in the event of a server failure in the domain. However, each VTP management domain must have at least one server. The first server defined in a network also defines the management domain that will be...

Configuring TimeToLive

Time-To-Live (TTL) works in this situation just like it does in other routing environments. Simply put, any packet that comes in with a higher TTL than the one configured will be forwarded and the TTL value decreased by one. TTL is expressed as a number that signifies the number of router hops. The default value of TTL is 0. A TTL of zero means that every packet is forwarded. Configuring the TTL limit is done on a per-interface basis. To configure a value other than the default, type the...

Console Port Cables Connectors

A terminal emulation program on a PC is usually required to interface with the console port on a switch. Various types of console cables and console connectors are associated with each Cisco switch family. All Catalyst switch families use an RJ-45-to-RJ-45 rollover cable to make the console connection between a PC (or terminal or modem) and the console port. A rollover cable is made so that pin 1 on one RJ-45 connector goes to pin 8 on the other RJ-45 connector, pin 2 goes to pin 7, and so...

Console Port Connection

The console port is the local (out-of-band) console terminal connection to the switch a DB-25 female connector shown in Figure 13-2. Other switches may require different console cables in conjunction with modular plugs instead of the DB-25. Figure 13-2 The Catalyst 5000 Console Port Figure 13-2 The Catalyst 5000 Console Port To use the console port, connect via a straight-through cable, an EIA TIA-232 terminal (configured for 9600 baud, no parity, eight data bits, and one stop bit), modem, or...

Contents at a Glance

Chapter 1 All About the Cisco Certified Network Professional and Design Professional Certification 3 Chapter 2 Campus Network Design Models 15 Chapter 3 Basic Switch and Port Configuration 65 Chapter 4 VLANs and Trunking 97 Chapter 5 Redundant Switch Links 145 Chapter 6 Trunking with ATM LANE 203 Chapter 7 InterVLAN Routing 241 Chapter 8 Multilayer Switching 265 Chapter 9 Overview of Hot Standby Routing Protocol 301 Chapter 11 Configuring Multicast Networks 369 Chapter 12 Controlling Access in...

Controlling Access in the Campus Environment

In this age of increased activity of interlopers on the Internet and other networks, the need for access control is greater than ever. This chapter covers some of the preventative measures that can be used in a Cisco campus environment. The first preventative measure involves creating an access policy. The components of an access policy are discussed, followed by the policies of each layer within the campus block. Certain configurations of security measures on Cisco devices are also discussed.

Controlling Routing Update Traffic

Controlling the routing table of the core block has several advantages Reduces the size of the routing table at the core block allowing it to process packets faster. Prevents users from getting to networks that have not been advertised unless they have a static or default route to get there. Prevents incorrect information from propagating through the core block. Two methods are available for controlling the routing information that is sent to the core block, as follows Route summarization...

Core Layer Policy

The core block is responsible for moving data quickly. All the devices that are designed to be core block solutions are optimized to move data as quickly as possible. For this reason, the core block should have little to no policy. The only policies that should be applied at the core block are those that relate to quality of service (QoS) commands for congestion management and congestion avoidance. QoS implementations vary, depending on hardware used and versions of IOS. Please see your...

Core Layer Switches

Let's recall the features required in core layer switches No expensive Layer 3 processing No unnecessary packet manipulations (access lists and packet filtering) No Layer 3 processing, unless required and very fast Redundancy and resiliency for high availability Devices in the core layer or backbone of a campus network should be optimized for highperformance Layer 2 or Layer 3 switching. Because the core layer must handle large amounts of campus-wide data (due to the new 20 80 rule of traffic...

Core Scalability

As the number of switch blocks increases, the core block must also be capable of scaling without redesign. Traditionally, hierarchical network designs have used Layer 2 switches at the access layer, Layer 3 devices at the distribution layer, and Layer 2 switches at the core. This design has been very cost effective and has provided high-performance connectivity between switch blocks in the campus. Network growth dictates more switch blocks, which in turn requires more distribution switches with...

Core Size in a Campus Network

The dual core is made up of redundant switches, and is bounded and isolated by Layer 3 devices. Routing protocols determine paths and maintain the operation of the core. As with any network, you must pay some attention to the overall design of the routers and routing protocols in the network. As routing protocols propagate updates throughout the network, network topologies might be undergoing change. The size of the network (the number of routers) then affects routing protocol performance, as...

D

IGMPv1, 347 IGMPv2, 350 debug command, 324, 451-453, 381 debugging HRSP, 323-324 multicast, 381 default gateways, HSRP, 306 deleting passwords, 81 dense mode enabling PIM, 375 routing protocols, 358-359 descriptions, assigning, 86 designated ports, electing, 165-166 designated router (DR), 376 desirable mode, 153 desktop Ethernet connectivity, 70 MLS (multilayer switching), 23 networks access layer policy, 406-407 core layer policy, 415 distribution layer policy, 408-415 managing, 400-405...

Debugging Multicast

Many potential commands can be used when debugging multicast. We will go over a couple of the most important here. You can find documentation on other debugging commands at CCO (www.cisco.com). The first command of significance, show ip pim neighbor, displays the PIM neighbor table as demonstrated earlier in Example 11-1. Another relevant command, show ip mroute, shows the entries in the multicast routing table. The general syntax for this command is as follows DallasR1> show ip mroute...

Dense Mode Routing Protocols

The first method for multicast routing is based on the assumption that the multicast group members are densely distributed throughout the network and bandwidth is plentiful, meaning that almost all hosts on the network belong to the group. These dense mode multicast routing protocols rely on periodic flooding of the network with multicast traffic to set up and maintain the distribution tree. Dense mode routing protocols include the following Distance Vector Multicast Routing Protocol (DVMRP)...

Desktop Connectivity with Token Ring

Token Ring is also a LAN technology that provides shared media access to many connected stations. Rather than sharing a common bus or wire as Ethernet does, Token Ring stations are arranged in a ring, in a daisy-chain fashion. A token is passed from station to station around the ring, giving the current token holder permission to transmit a frame onto the ring. Once the frame is sent, it is passed around the ring until it is received again by the source. The sending station is responsible for...

Disabling MLS

Actually the title of this section should read, What not to do if you want your MLS to keep running. Believe it or not, there are a few commands that, if entered, will have the undesirable effect of disabling MLS. The basic guideline to follow is that if you enter any command that forces the router to examine the packet, MLS will be disabled. That includes a whole host of commands, but I thought I'd list a few of the most common here

Displaying Ether Channel Configuration

Information about the current EtherChannel configuration can be displayed using the show port channel mod port info statistics command on a CLI-based switch and the show port group group-number command on an IOS-based switch. Example 5-2 demonstrates how the show port channel info command can be used to view the current status of EtherChannel links on a CLI-based switch. Example 5-2 show port channel info Command Output Switch> (enable) show port channel info Switch Frame Distribution Method...

Displaying MLS Cache Entries

To display the MLS cache entries, enter the following command in privilege EXEC mode This command might be used as a troubleshooting tool or just to check the status of a particular flow that you're interested in. This command can be further defined to show MLS cache entries for the parameters defined in Table 8-2. To remove entries from the MLS cache, enter the clear mls entry command in privilege EXEC mode. Table 8-3 lists how to remove MLS cache entries based on given criteria. Table 8-2...

Displaying VTP Domain Information

Sometimes seeing VTP domain information is useful. The show mls rp vtp-domain command allows you to see domain information for a specific VTP domain Router show mls rp vtp-domain vtp domain name The display resulting from this command (see Example 8-4) shows a subset of the show mls rp command display. The following information is a result of issuing the show mls rp vtp-domain command The name of the VTP domain(s) in which the MLS-RP interfaces reside. Statistical information for each VTP...

Distribution Layer

The distribution layer provides interconnection between the access and core layers of the campus network. Devices in this layer should have the following capabilities High Layer 3 throughput for packet handling InterVLAN routing through Layer 3 operations Media translation to transport data between dissimilar access layer media types Security and policy-based connectivity functions through access lists or packet filters

Distribution Layer Policy

Most of the access control policy will be implemented at the distribution layer. This layer is also responsible for ensuring that data stays in the switch block unless that data is specifically permitted outside of the switch block. This layer is also responsible for sending the correct routing and service information to the core. A good policy at the distribution layer ensures that the core block or the WAN blocks are not burdened with traffic that has not been explicitly permitted. A...

Distribution Layer Switches

Switches used in the distribution layer should offer these features Aggregation of access layer devices High Layer 3 throughput InterVLAN routing Robust Layer 3 functionality In the distribution layer, uplinks from all access layer devices are aggregated, or come together. Therefore, the distribution layer switches must be capable of processing the total volume of traffic from all the connected devices. These switches should have a port density of high-speed links to support the collection of...

Distribution Trees

For efficient transmission of multicast traffic, designated routers construct a tree that connects all members of an IP multicast group. A distribution tree specifies a unique forwarding path between the subnet of the source and each subnet containing members of the multicast group. A distribution tree has just enough connectivity so that there is only one loop-free path between every pair of routers. Because each router knows which of its lines belong to the tree, the router can copy an...

Do I Know This Already Quiz

The purpose of the Do I Know This Already quiz is to help you decide which parts of this chapter to use. If you already intend to read the entire chapter, you do not necessarily need to answer these questions now. The quiz helps you make good choices of how to spend your limited study time. The quiz is sectioned into five smaller quizlets, which correspond to the five major headings in the Foundation Topics section of the chapter. Although your answer may differ somewhat from the answers given,...

Duplicate Ring Protocol DRiP

Catalyst switches also have a mechanism to monitor the use of TrCRFs or ring numbers within a domain of switches. The Duplicate Ring Protocol (DRiP) collects and maintains the status of TrCRFs that are interconnected by TrBRFs. This information is used for the following purposes Preventing duplicate ring numbers from being assigned to TrCRFs. Filtering All-Routes Explorer (ARE) frames from reentering TrCRFs that they have already visited. Operating the backup TrCRF function when an ISL trunk...

Dynamic Trunking Protocol

Trunk links on Catalyst switches can be manually configured for either ISL or 802.1Q mode. However, Cisco has implemented a proprietary point-to-point protocol called Dynamic Trunking Protocol (DTP) that will negotiate a common trunking mode between two switches. DTP is available in Catalyst supervisor engine software Release 4.2 and later. DTP negotiation should be disabled if a switch has a trunk link connected to a router because the router cannot participate in the DTP negotiation protocol....

Electing a Root Bridge

For all switches in a network to agree on a loop-free topology, a common frame of reference must exist to use as a guide. This reference point is called the Root Bridge. (The term bridge continues to be used even in a switched environment because STP was developed for use in bridges. Therefore, when you see bridge, think switch.) The Root Bridge is chosen by an election process among all connected switches. Each switch has a unique Bridge ID that it uses to identify itself to other switches....

Electing Designated Ports

By now, you should begin to see the process unfolding a starting or reference point has been identified, and each switch connects itself toward the reference point with the closest single link. A tree structure is beginning to emerge, but links have only been identified at this point. All links are still connected and could be active, leaving bridging loops. To remove the possibility of bridging loops, STP makes a final computation to identify one Designated Port on each network segment....

Electing Root Ports

Now that a reference point has been nominated and elected for the entire switched network, each non-root switch must figure out where it is in relation to the Root Bridge. This action can be performed by selecting only one Root Port on each non-root switch. STP uses the concept of cost to determine many things. Selecting a Root Port involves evaluating the Root Path Cost. This value is the cumulative cost of all the links leading to the Root Bridge. A particular switch link has a cost...

Embedded Remote Monitoring

Cisco switches provide support for the Embedded Remote Monitoring (RMON) of Ethernet and Fast Ethernet ports. Embedded RMON provides you with visibility into network activity. It enables you to access and remotely monitor the RMON specification RFC 1757 groupings of statistics, historical information, alarms, and events for any port through SNMP or the TrafficDirector Management application. The RMON feature monitors network traffic at the data link layer of the OSI model without requiring a...

Enabling and Verifying Port Security Using the set CLI on set Command Based Switches

Use the following commands to enable and verify port security on a set command-based switch Switch (enable) set port security mod_num port_num enable mac address Switch (enable) show port mod_num port_num For example, consider the setup in Figure 12-5. Figure 12-5 Enabling and Verifying Port Security Example 12-8 demonstrates how to enable and then verify port security for the set command-based switch in Figure 12-5. Example 12-8 Enabling Verifying Port Security on a set Command-Based Switch...

Enabling CDP and Viewing CDP Information on a CLIBased Switch

To enable or disable CDP, use the following command Switch(enable) set cdp enable disable module port The module and port parameters are included to enable or disable CDP on individual ports. If these values are excluded, CDP is enabled or disabled on a global basis for all ports on the switch. To view information learned from CDP advertisements of neighboring Cisco devices, use a form of the following command Switch(enable) show cdp neighbors module port vlan duplex...

Enabling CDP and Viewing CDP Information on an IOSBased Switch

CDP is enabled by default on all switch interfaces. To enable CDP, use the following interface configuration command (use the no form to disable CDP) Switch(config-if) cdp enable Switch(config-if) no cdp enable To view information learned from CDP advertisements of neighboring Cisco devices, use one of the following commands Switch show cdp interface type module port Switch show cdp neighbors type module port detail The first command displays CDP information pertaining to a specific interface....

Enabling IP Multicast Routing

Enabling IP multicast routing allows the Cisco IOS software to forward multicast packets. Much like enabling other routing protocols, you must make an entry in global configuration mode to turn this on for the entire router. Then, using interface commands, you can turn on various modes of multicast routing using only specific interfaces. To enable IP multicast routing on the router, enter the following command in global configuration mode. To disable IP multicast routing, enter the no ip...

Enabling MLS

MLS is enabled on a per-interface basis. Just because you put an interface into a particular VTP domain doesn't mean that you've activated MLS. MLS must be enabled on every interface that you desire to participate in Layer 3 switching. On a router or RSM interface, enter the following command in interface configuration mode in order to enable MLS The running configuration in Example 8-5 shows that the VLAN19 interface of the MLS-RP is enabled to participate in MLS. To disable MLS on an...

Enabling PIM on an Interface

When you enable multicast routing on a route processor or router, it is processed on an individual interface basis. Enabling each individual interface used with a specific multicast routing protocol is necessary. The command to enable PIM on an interface is DallasR1> (config-if) ip pim dense-mode sparse-mode sparse-dense-mode The options for this command are defined as follows. dense-mode Enables dense mode of operation. Dense mode is used when all routers in the network will need to...

Enabling Remote Access on a CLIBased Switch

An IP address can also be configured for in-band management on a switch with a CLI-based user interface by entering the following commands in privileged mode Switch(enable) set interface sc0 ip-address netmask broadcast-address Switch(enable) set interface sc0 vlan Switch(enable) set ip route default gateway The first command line defines the IP address and subnet mask for the switch management interface, sc0. The broadcast address must also be given to match the subnet and subnet mask values....

Enabling Remote Access on an IOSBased Switch

On a switch with an IOS-based user interface, an IP address can be assigned to the management VLAN (default is VLAN 1) with the following commands in global configuration mode Switch(config) interface vlan 1 Switch(config-if) ip address ip-address netmask Switch(config-if) ip default-gateway ip-address As demonstrated by the preceding command syntax, an IP address and subnet mask are assigned to the VLAN1 interface, which is really the switch supervisor's IP stack listening on VLAN1. In order...

Enabling VTP Pruning on a CLIBased Switch

VTP pruning is enabled using the set vtp pruning enable command. If this command is used on a VTP server, pruning is enabled for the entire management domain. By default, VTP pruning is disabled. When pruning is enabled with this command, all VLANs become eligible for pruning on all trunk links, if needed. The default list of pruning eligibility can be modified. Like VLAN trunking, you can first clear VLANs from the eligibility list using the clear vtp pruneeligible vlan-range command. Then,...