index [ptgmedia.pearsoncmg.com]...index numerics “10/100” ports, 87 “10/100/1000” ports, 90...
TRANSCRIPT
Index
Numerics“10/100” ports, 87“10/100/1000” ports, 9010 Mbps Ethernet, 85–8610GbE, 90–91
PMD types, 91switch compatibility listing, website, 91
10-Gigabit Ethernet Alliance, 9020/80 rule, 19, 11880/20 rule, 18, 118802.11 standard
802.11a, 463–464802.11b, 460
channels, 461data rates, 462
802.11g, 463ASDs, 481authentication methods, 476–477backward compatibility, 463BSS, 440frame type compliance, 460regulatory agencies, 459–460security
EAP-based, 477–479WPA, 479–480WPA2, 480
service sets, ESS, 440802.1Q. See IEEE 802.1Q802.1x, configuring, 392
Aabsorption, 448–449access layer, 21accessing trunks with switch spoofing,
420–422aCEF (Accelerated CEF), 299
ACLs (access control lists), 64. See also VACLs
active scanning, 484–485active STP features, verifying on switch
ports, 254adding text descriptions to switch ports, 96ad-hoc wireless networks, 439adjacency table, 299
contents, displaying, 300discard adjacencies, 302drop adjacency, 301null adjacencies, 301punt adjacencies, 302
adjacent hosts, 297advertisements, VTP, 139–141
requests, 143–144subset advertisements, 142summary advertisements, 142
AES (Advanced Encryption Standard), 480
aggressive mode (UDLD), 252alternate port on RSTP topology, 264AM (amplitude modulation), 446anchor points, 518ANSI (American National Standards
Institute) X3T11 FibreChannel. See FibreChannel
answers to scenariosscenario 1, 544scenario 2, 544–545scenario 3, 545scenario 4, 545–546scenario 5, 547scenario 6, 547–548scenario 7, 548–549scenario 8, 550scenario 9, 551
antenna gain, 456
antennas, 457diversity, 458highly directional, 458–459omnidirectional, 457–458semi-directional, 458
application-specific integrated circuits (ASICs), 10
applying VACLs to VLAN interfaces, 414APs (access points), 440–442. See also
lightweight APsASDs, 481associations, 482–486autonomous
management processes, 504real-time processes, 504SSIDs, 502–503traffic patterns through, 502
cells, 442–443coverage, expanding, 444–445microcells, 445sizing, 488–489
channels, layout considerations, 489–492current running mode, displaying, 528lightweight
inter-controller roaming, 514–518intra-controller roaming, 512–513roaming, 511
overall gain, calculating, 456–457RF communication, EIRP, 456roaming, 444, 482–484
associations, 486implications of, 486–487scanning process, 484–485
security, implementing, 475–480signal strength, 452–453
dB values, 453–454increase in, 455–456loss of, 454–455
ARP inspection, configuring, 399–401ARP spoofing, 400ARP throttling, 301ASDs (application-specific devices), 481ASICs (application-specific integrated
circuits), 10assessing
current traffic patterns, 47interface data rates, 46–47
assigningdescriptions to switch ports, 96management addresses to VLANs, 40switch ports to VLANs, 116
associating secondary VLANs to primary VLAN SVI, 419–420
associations, 440, 482–486attributes of core devices, 22authentication
in 802.11 networks, 476–477MD5, 321port-based
configuring, 392–394example, 394
automatically configuring STP timers, 231–232
autonegotiation, 8710/100/1000 ports, 9autonomous APs, 501management processes, 504real-time processes, 504SSIDs, 502–503traffic patterns through, 502
Auto-QoS, 375–378autosensing on Catalyst switches, 92AVF (active virtual forwarder), 330–333AVG (active virtual gateway), 330–331avoiding collisions in WLANs, 436–437
DCF, 437–438
612
Bbaby giant frames, 123BackboneFast, 236
enabling, 236–237backup port on RSTP topology, 264backward compatibility of 802.11
standards, 463bands, 446
ISM, 461best effort QoS, 367–368best practices for securing Catalyst switches,
401–404Blocking state (STP), 197bootstrap process for LAPs, 508BPDU filtering, 254BPDU Guard, 248–249BPDUs (bridge protocol data units)
Configuration BPDUs, 189–190convergence, 267in RSTP topology, 265MST, 274protecting against sudden loss, 250Root Guard, 247–248RSTP, 265TCN BPDUs, 200
Bridge IDs, 191bridging, transparent
redundancy, 187–188versus Ethernet switches, 185–186
bridging loops, 187broadcast storms, 188preventing, 189
broadcast domains, 14flat networks, 113
broadcast storms, 188BSS (Basic Service Set), 440BSSI (Basic Service Set Identifier)
field, 460building access switches, 21building block model
core block, 36–38enterprise edge block, 40–41network management block, 40server farm block, 39–40service provider edge block, 41
bundled ports (EtherChannel), 165distributed EtherChannel traffic,
165–167troubleshooting, 172–175
Ccabling
Category 5 crossover cables, 93connecting to switch console port, 92Ethernet
distance limitations, 86Fast Ethernet specifications, 87
calculatingEIRP, 456Fresnel zone radius, 451–452overall gain, 456–457Root Path Cost, 193
CAM (Content Addressable Memory), 64CAM tables, 69–70
duplicate entries, handling, 70entries, viewing, 74stale entries, 69static entries, configuring, 69troubleshooting, 75
campus networks, 13building block model
core block, 36–38enterprise edge block, 40–41network management block, 40server farm block, 39–40service provider edge block, 41
dual-core with Layer 2 distribution switches, 41–42
LAN segmentation model, 15–17modular design, 31
core block, 35–38switch block, 32–35
network traffic models, 18–19predictable network model, 19–20shared network model, 13–14
campus-wide VLANs, deploying, 118–119canonical format, 123carrier signals, 446Catalyst switches
autosensing, 92Fast Ethernet ports, 92NSF, configuring, 343port security, 389–391PortFast feature, 205ports, configuring, 94power supply redundancy, configuring,
343–345redundancy modes, 339
configuring, 340–341
baby giant frames
613
securing, best practices, 401–404supervisor synchronization,
configuring, 342UDLD, default message interval times, 253
Category 5 crossover cables, 93CCX (Cisco Compatible Extensions), 481CDP (Cisco Discovery Protocol), 43
discovering network topology, 44–46CEF (Cisco Express Forwarding), 66, 295.
See also fallback bridgingadjacency table, 299, 301configuring, 303entry information, displaying, 298FIB, 296, 299glean state, ARP throttling, 301packet rewrites, 302–303process switching, 68verifying operation, 307–308
cells, 442–443coverage, expanding, 444–445microcells, 445sizing for WLAN design, 488–489
CFI (Canonical Format Indicator), 123channel reuse, 490channel-protocol command, 170channels, 447
802.11b, 461layout considerations, 489–492spectral masks, 461
Cisco ILP (Inline Power), 357Cisco IP Phones
inline power, 359–360PoE, 357
configuring, 360powered device detection, 358–360verifying power status, 360–361
trunking modes, 363Cisco Unified Wireless Network, 503
traffic patterns within, 509–511class selector bits, 371–372classification, 372–373clearing port cache, 390client mode (VTP), 140
configuring, 146collapsed core block, 36–37collision domain, 13collisions
avoiding in WLANs, 436–437DCF, 437–438
preventing, 15
commandschannel-protocol, 170debug spanning-tree switch state, 198errdisable detect cause, 98interface range, 95lacp port-priority, 172name, 116no shutdown, 294show adjacency summary, 300show cdp neighbors, 44show cdp neighbors detail, 45show dot1x all, 394show etherchannel load-balance, 175show etherchannel port, 173show etherchannel port-channel, 168show etherchannel summary, 173show glbp, 336show interface, 99show interface status, 305show interface switchport, 364show interface trunk, 129–130show interfaces switchport, 129show ip cef, 297show ip interface, 306show ip interface brief, 307show lacp sys-id, 175show mac address-table, 74show port-security interface,
391–392show power, 345show spanning-tree interface,
198, 229, 365show spanning-tree vlan,
232, 271show vlan, 116, 305show vlan id, 128show vpt counters, 148show vtp, 153show vtp status, 144, 148shutdown, 99, 305spanning-tree guard loop, 251spanning-tree guard root, 248spanning-tree portfast, 270speed, 97switchport, 116, 124, 292–293switchport host, 404switchport priority extend trust, 379udld, 252vtp mode transparent, 115
community VLANs, 415
community VLANs
614
comparingEthernet switches and transparent bridges,
185–186STP switch ports, roles versus states, 264wired and wireless LANs, 435–436wireless service sets, 439
conceding HSRP router election, 321–322
Configuration BPDUs, 189–190configuring
ARP inspection, 399–401BackboneFast, 236–237Catalyst switches
NSF, 343port security, 389–391power supply redundancy, 343–345redundancy mode, 340–341supervisor synchronization, 342
CEF, 303DHCP snooping, 395–397dual core blocks, 38EtherChannel, 170
LACP, 171load balancing, 167–168PAgP, 170
Ethernet switch ports, 88fallback bridging, 304interVLAN routing, 292
Layer 2 ports, 292Layer 3 ports, 293–294SVI ports, 294
IP Source Guard, 397–399LACP EtherChannel, 171–172LAPs, 524–528
power supply, 525switch port, 525–526
modular network designs, 31MST, 277–279PAgP negotiation, 170–171PoE, 360port-based authentication, 392
802.1x method lists, 393–394PortFast, 233–234PVLANs, 416–417
mapping promiscuous mode ports, 418–419
QoStrust, 374–375with Auto-QoS, 375–378
RPVST+, 271–272RSTP, 270static CAM table entries, 69static VLANs, 115–116STP
network diameter value, 200Root Bridge, 223–226timers, 230–231UDLD, 253
switch ports, 94–95duplex mode, 97speed, 96
UDLD message interval, 252VACLs, 413–414VLAN trunks, 124–126
example configuration, 126–127voice VLANs, 362–363VRRP, 328VTP, 144
client mode, 146example configuration, 148management domains, 145pruning, 151–152server mode, 145transparent mode, 146version, 146
WLC, 519–524congestion
80/20 rule, 18relieving, 13
connectingswitch block devices, 92–93to console ports, 92
connectivitycore blocks, 36–38logical, 113of switch ports, troubleshooting, 100–101
connectors for GbE, 93–94consistency checks, VTP version 2, 147console ports
connecting switch block devices, 92connecting to, 92
Control frames, 460controllers, foreign agents, 518convergence
controlling on STPwith BackboneFast, 236with PortFast, 233with UplinkFast, 234–235
comparing
615
of RSTP topology, 265port types, 266synchronization, 267–268
STP, tuning, 229–232STP timers, 199TCN BPDUs, 200
core block, 31, 35–38collapsed core, 36–37dual core, 37–38scaling, 38–39
core layer, 22CoS (class of service), 369criteria for process switching, 68crossover cables, Category 5, 93CSMA/CA (carrier sense multiple access
collision avoidance), 436–437CSMA/CD (carrier sense multiple access
collision detect), 85CST (Common Spanning Tree), 206current traffic patterns, assessing, 47customizing STP, 226–227
Port ID, 228–229Root Path Cost, 227–228timers, 230–231
DDAI (dynamic ARP inspection), 400
status information, displaying, 401Data frames, 460data rates for 802.11b standard, 462dB (decibel), 453dCEF (Distributed CEF), 299DCF (Distributed Coordination Function),
437–438debug spanning-tree switch state
command, 198decision processes for MLS packet
forwarding, 66–68default UDLD message interval times, 253defining
MST regions, 277–278VACL matching conditions, 413–414
delay, 367deleting VLANs from switch ports, 116demand-based switching, 65deploying VLANs, 117
end-to-end, 118–119local, 118
descriptions, adding to switch ports, 96designated ports
election procedure, 195–196on RSTP topology, 264selection of, 196–197
designingcampus networks
enterprise edge block, 40–41network management block, 40predictable network model, 19–20server farm block, 39–40service provider edge block, 41
enterprise networks, evaluating existing network, 42–47
hierarchical networksaccess layer, 21core layer, 22devices, 22distribution layer, 21
WLANs, 487AP cells, sizing, 488–489channel layout, 489–492
detectingduplex mode mismatches on links, 100–101switch port error conditions, 97–99
devicesdistribution layers, 21in hierarchical network design, 22Layer 2 switching, 10Layer 3 routing, 11Layer 3 switching, 11Layer 4 switching, 12MLS, 12
DHCP snooping, configuring, 395–397diffraction, 449–450DiffServ QoS model, 368–369
Layer 2 classification, 369Layer 3 classification, 370–371
class selector bits, 371–372drop precedence, 372
packet classification, 372–373trust boundaries, 373
DIFS (DCF interframe space), 437direct topology changes, 201–202Disabled state (STP), 197disabling
DTP, 126STP with BPDU filtering, 254
discard adjacencies, 302
discard adjacencies
616
discovering network topology, 43–47displaying
active EtherChannel parameters on ports, 175
adjacency table contents, 300AP current running mode, 528CAM table entries, 74CEF entry information, 298DAI status information, 401detailed GLBP configuration information,
337–338port configuration, 175port status, 391PortFast status, 234STP information, 237switch ports
in root-inconsistent state, 248speed, 99
trunking status, 126UpLinkFast status, 235VRRP status information, 328VTP management domain parameters, 148VTP status, 148–149
distributing EtherChannel traffic, 165–167distribution layer, 21
collapsed core block, 36diversity, 458“don’t care” bits, 72double tagging. See ISLdrop adjacencies, 301drop precedence, 372DSCP (Differentiated Service Code
Point), Layer 3 QoS classification, 370–371
DSSS (Direct Sequence Spread Spectrum), 462
DTP (Dynamic Trunking Protocol), 123–124disabling, 126
dual-core campus networks, 37–38with Layer 2 distribution switches, 41–42
dual-homing, 39duplex autonegotiation, 88duplex mode
link mismatches, detecting, 100–101switch port configuration, 97
duplicate CAM table entries, handling, 70dynamic auto trunking mode, 125dynamic data rate scaling, 462dynamic desirable trunking mode, 125dynamic VLANs, 117
EEAP-based security, 477–479
EAP-FAST, 479EAP-TLS, 478LEAP, 478PEAP, 479
EAP-FAST (EAP Flexible Authentication via Secure Tunneling), 479
EAPOL (Extensible Authentication Protocol over LANs )
configuring, 392port-based authentication, configuring,
392–394EAP-TLS (EAP-Transport Layer
Security), 478edge ports, RSTP, 266
configuring, 270EIRP (Effective Isotropic Radiated
Power), 456election process
of Designated Ports, 195–196
of Root Bridge, 191–192of Root Ports, 192–194
enablingBPDU guard as default, 249GLBP, 334–337loop guard as default, 251MST, 277–279PortFast, 270root guard, 248UDLD, 252VTP pruning, 151–152
encryption, AES, 480end-to-end VLANs, deploying,
118–119enterprise composite network model
core block, 35–36collapsed core block,
36–37dual core block, 37–38
enterprise edge block, 40–41network management block, 40server farm block, 39–40service provider edge block, 41switch block, 32–33
distribution layer, 33sizing, 33–35
enterprise edge block, 31, 40–41
discovering network topology
617
enterprise networksdesigning, 42–47end-to-end VLANs, deploying, 118
errdisable detect cause command, 98errdisable state, 249ESS (Extended Service Set), 440EtherChannel, 164
active parameters, displaying, 175bundled ports, 165configuring, 170hashing algorithm, 165LACP, 169
configuring, 171–172load balancing
configuring, 167–168verifying effectiveness of, 168
negotiation protocolsLACP, 169–170PAgP, 169–171
PAgP, 169configuring, 170
redundancy, 165routers, forwarding frames based on IP
address, 168traffic distribution, 165–167troubleshooting, 172–175XOR operation, 165
Ethernet10-Gigabit Ethernet, 90–9110-Mbps Ethernet, 85–86cabling, distance limitations, 86CSMA/CD, 85Fast Ethernet, 86
autonegotiation, 88backward compatibility, 87cabling specifications, 87FEC, 89FibreChannel, 89full-duplex, 87–89
full-duplex operation, 86GbE, 89–90
available SPF modules, 93–94port cables, 93–94
half-duplex operation, 85switch block connections, 92–93
Gigabit Ethernet port cables, 93–94examples
of port-based authentication, 394of TCAM tables, 72–73of VTP configuration, 148
expanding AP cell coverage, 444–445exploits, VLAN hopping, 422
thwarting, 423–424extended-range VLANs, 115
Ffallback bridging, 68, 303
configuring, 304verifying, 308verifying configuration, 308
Fast Ethernet, 86autonegotiation, 88backward compatibility, 87cabling specifications, 87Catalyst switch ports, 92FEC, 89FibreChannel, 89full-duplex, 87–89link speed, autonegotiation, 88links, duplex mismatches, 88switch ports, configuring, 88
FDDI (Fiber Distributed Data Interface), 10FEC (Fast EtherChannel), 89, 164FIB (Forwarding Information Base), 66,
296–298adjacency table, 299
Fiber Distributed Data Interface (FDDI), 10FibreChannel, 89fields of Configuration BPDUs, 190flat networks, 113flooding, VTP pruning, 149–152FM (frequency modulation), 446foreign agents, 518Forward Delay, 197Forward Delay timer (STP), 199, 230forwarding
framesdecision processes, 63–65Layer 2 switching, 10Layer 3 switching, 11oversize, 123
packetsLayer 3 routing, 11Layer 4 switching, 12
Forwarding state (STP), 197frame identification. See taggingframes
802.11 compliance, 460baby giants, 123
frames
618
BPDUsConfiguration BPDUs, 189–190TCN BPDUs, 200
forwarding through Layer 2 switches, 63–65
Layer 2 switching, 10Layer 3 switching, 11multicast, 14tagging
IEEE 802.1Q, 122internal tagging, 122
unknown unicast, 149, 186frequencies
bands, 446ISM, 461
channels, 447spectral masks, 461
modulationDSSS, 462ODFM, 463
Fresnel zones, 450–452full-duplex Ethernet, 435full-duplex Fast Ethernet, 87–89full-duplex operation, 86functionality, switching, 9–12functions of WLCs, 506–507
Ggateway redundancy, 317
GLBP, 330–337HSRP, 318–326verifying, 338VRRP, 327–329
GbE (Gigabit Ethernet)available SPF modules, 93–94port cables, 93–94
GBIC (Gigabit Interface Converter) modules, 93
Gigabit Ethernet media, 93–94GEC (Gigabit EtherChannel), 90, 164Get Nearest Server (GNS), 14Gigabit Ethernet, 89–90GLBP (Gateway Load Balancing
Protocol), 330AVF, 331–333AVG, 330–331displaying detailed configuration
information, 337–338
enabling, 334–337load balancing, 333verifying operation, 336
glean state, ARP throttling, 301GNS (Get Nearest Server), 14grouping resources into building blocks, 39
Hhalf-duplex operation, 85
in RSTP topology, 266in WLANs, 436
hardening Catalyst switches, best practices, 401–404
hardware-based bridging, 10hashing algorithm (EtherChannel), 165Hello Time interval (RSTP), 265Hello timer (STP), 199, 230hierarchical network design, 20
access layer, 21core layer, 22devices, 22distribution layer, 21migrating to, 47–50
highly directional antennas, 458–459host mode (switch ports), 416HSRP (Hot Standby Routing Protocol), 318
gateway addressing, 322–323hello time, decreasing, 319load balancing, 324–326MD5 authentication, 321plain-text authentication, 320router election, 318–320
conceding, 321–322
IIBSS (Independent Basic Service Set), 439identifying
switch ports, 96VLAN frames
IEEE 802.1Q, 122on trunk links. See tagging
IEEE 802.11 standard802.11a, 463–464802.11b, 460
channels, 461data rates, 462
802.11g, 463
frames
619
ASDs, 481authentication methods, 476–477backward compatibility, 463BSS, 440frame type compliance, 460regulatory agencies, 459–460security
EAP-based, 477–479WPA, 479–480WPA2, 480
service sets, ESS, 440IEEE 802.1d. See STP (Spanning Tree
Protocol)IEEE 802.1Q, 122, 272, 369
CST, 206native VLAN, 122TCI field, 123VID, 123
IEEE 802.1w. See RSTP (Rapid STP)IEEE 802.1x, configuring, 392IEEE 802.3 standard. See Ethernetimplementing
MST, 274security in WLANs, 475–476
EAP-based, 477–479WPA, 479–480WPA2, 480
independence, 265indirect failures on STP, 230indirect topology changes, 202–204initial LAP configuration, 526–528initial WLC configuration, 521inline power for Cisco IP Phones, 359–360.
See also PoE (Power over Ethernet)insignificant topology changes, 204–205inter-controller roaming, 514–518interface data rates, assessing, 46–47interface range command, 95interface range macro, 95interfaces
MAC addresses, clearing, 390SVIs, 294
internal tagging, 122interoperability of STP and RSTP, 265interVLAN routing, 291
configuring, 292interfaces, 292Layer 2 ports, configuring, 292Layer 3 ports, configuring, 293–294
multilayer switches, interface types, 292SVI ports, configuring, 294verifying, 304–307
intra-controller roaming, 512–513IntServ QoS model, 368IP addressing, VLANs, 117IP Source Guard, configuring,
397–399IP Telephony
Cisco IP Phonesinline power, 359PoE, 357–361trunking modes, 363
QoS, 366trust, configuring, 374–375verifying, 379
voice VLANs, 361–362configuring, 362–363verifying operation, 364–366
ISL (Inter-Switch Link), 121–122, 369ISM (Industrial, Scientific, and Medical)
band, 461isolated VLANs, 415IST (Internal Spanning Tree), 275
J-K-Ljitter, 367
keywords for CAM table commands, 69
LACP (Link Aggregation Control Protocol), 169–170
negotiation, configuring, 171–172lacp port-priority command, 172LAN PHY, 91LAN segmentation model, 15–17LAN switching, duplicate entries in CAM
table, handling, 70LANs
campus networkspredictable network model, 19–20shared network model, 13–14
Cisco Unified Wireless Network, 503Ethernet, 85–86
10-Gigabit Ethernet, 90–91cabling, distance limitations, 86CSMA/CD, 85Fast Ethernet, 86–87, 89
LANs
620
full-duplex operation, 86Gigabit Ethernet, 89–90half-duplex operation, 85
Token Ring, susceptibility to collisions, 13
LAPs (lightweight access points), 505bootstrap process, 508configuring, 524–528linking to WLCs, 505–506power supply, configuring, 525switch port, configuring, 525–526
latency, 367Layer 2 distribution switches on dual-core
campus networks, 41–42Layer 2 ports, interVLAN routing
configuration, 292Layer 2 QoS classification, 369Layer 2 switching, 10, 61
CAM table, 69–70entries, viewing, 74stale entries, 69static entries, configuring, 69troubleshooting, 74–75
frame processing, 63–65TCAM tables, 70
example, 72–73LOUs, 74port operation, 73structure, 70–71troubleshooting, 75VMR combinations, 71
transparent bridging, 61–63Layer 3 Engine, 296
CEFadjacency table, 299configuring, 303packet rewrites, 302–303
FIB, 296–297adjacency table, 299
Layer 3 ports, interVLAN routing configuration, 293–294
Layer 3 QoS classification, 370–372
class selector bits, 371–372drop precedence, 372
Layer 3 routing, 11Layer 3 switching, 11
MLS, 13Layer 4 switching, 12
layers, 9–12distribution, 21
LEAP (Lightweight EAP), 478Learning state (STP), 197lightweight APs
inter-controller roaming, 514–518intra-controller roaming, 512–513roaming, 511
limitationsof extended-range VLANs, 115of flat networks, 113
line-of-sight links, 441Fresnel zones, 451
link speed, autonegotiation, 88linking LAPs and WLCs, 505–506links
duplex mismatches, 88detecting, 100–101
EtherChannel, 164redundancy, 165
Listening state (STP), 197listing switch ports in root-inconsistent
state, 248load balancing
EtherChannel configuration, 167GLBP, 333HSRP, 324–326
local VLANs, deploying, 118logical addressing, 11logical connectivity, 113loop avoidance, STP, 250
BPDU Guard, 248–249loop guard, 251Root Guard, 247–248troubleshooting, 254UDLD, 251–253
loop guard, 250–251enabling as default, 251ports, loop-inconsistent state, 250
loop-inconsistent state, 250loss, 367LOUs (Logical Operation Units), 74
MMAC addresses, sticky, 389macros
interface range macro, 95spanning-tree vlan command, 226
LANs
621
management addresses, assigning to VLANs, 40
management blocks, 31management domains, 139
advertisement process, 140–141advertisement requests, 143–144subset advertisements, 142summary advertisements, 142
configuring, 145parameters, displaying, 148viewing status, 148–149
management frames, 460manually configuring STP timers,
230–231mapping
promiscuous mode portsPVLAN configuration, 418–419to primary/secondary VLAN, 418
VLANs to multiple STP instances, 274–275IST, 275MSTIs, 275–277
matching conditions for VACLs, defining, 413–414
MaxAge timer (STP), 199, 230MD5 authentication, 321membership methods of VLANs,
port-based, 114message interval on UDLD, configuring, 252messages, TC (topology change), 269method lists (802.1x), configuring port-based
authentication, 393–394MIC (Message Integrity Check), 479–480microcells, 445migrating to hierarchical network design,
47–50mismatched duplex/speed on ports,
monitoring, 100–101mitigating spoofing attacks
with ARP inspection, 399–401with DHCP snooping, 395–397with IP Source Guard snooping,
397–399MLS (mulitlayer switching), 12
CAM table, 69–70duplicate entries, handling, 70entries, viewing, 74stale entries, 69static entries, configuring, 69troubleshooting, 74–75
CEF, 66, 295adjacency table, 299–301configuring, 303FIB, 296, 299glean state, 301packet rewrites, 302–303verifying operation, 307–308
interVLAN routingconfiguring, 292–294interfaces, 292verifying, 304–307
packet forwarding, exceptions for, 68packet processing, 66–68route-caching, 65TCAM table, 70
example, 72–73LOUs, 74port operations, 73structure, 70–71troubleshooting, 75VMR combinations, 71
topology-based, 65mobility groups, 518models of campus networks, 13modifying STP timers, 230–231modular network design, 31
core block, 35–36collapsed core, 36–37dual core, 37–38migrating to, 48–50
switch block, 32–33distribution layer, 33sizing, 33–35
modulation, 446DSSS, 462ODFM, 463
monitoring port speed/duplex mismatches, 100–101
MST (Multiple Spanning Tree), 273–274configuring, 277–279IST instances, 275MST instances, 276regions, 274
MSTIs (Multiple Spanning Tree instances), 275–277
MSTP (Multiple Spanning Tree Protocol), 272MT-RJ connectors, 92multicast frames, 14multicast traffic, 14
multicast traffic
622
multilayer switching (MLS), 12CEF, 295interface types, 292interVLAN routing
configuring, 292Layer 2 ports, configuring, 292Layer 3 ports, configuring, 293–294SVI ports, configuring, 294
router redundancy, 317GLBP, 330–337HSRP, 318–326VRRP, 327–329
multipath interference, 458
Nname command, 116native VLAN, 122negotiation protocols
LACP, 169–170configuring, 171–172
PAgP, 169configuring, 170–171
NetFlow switching, 295network diameter value, configuring, 200network management block, 40network topology, discovering, 43–47network traffic models, 18–19no shutdown command, 294normal mode (UDLD), 252NSF (non-stop forwarding), configuring on
Catalyst switches, 343null adjacencies, 301
OODFM (Orthogonal Frequency Division
Multiplexing), 463omnidirectional antennas, 457–458“one-armed router,” 291open authentication, 477overall gain, calculating, 456–457oversize frames, forwarding, 123
Ppacket filtering, configuring VACLs, 413–414packet forwarding, 317packet rewrites, 302–303
packetsCEF punt, 298classification, 372–373Layer 3 routing, 11Layer 4 switching, 12processing through multilayer switches,
66–68PAgP (Port Aggregation Protocol), 169
configuring, 170–171silent submode, 171
parameters of VTP management domains, displaying, 148
passive scanning, 484–485Path Cost, 193path loss, 454PDU (protocol data unit), 9PEAP (Protected EAP), 479physical connectivity, 113PKC (proactive key caching), 480plain-text HSRP authentication, 320PMD (Physical Media Dependent)
interfaces, 91PoE (Power over Ethernet), 357
configuring, 360power status, verifying, 360–361powered device detection, 358–360
point-to-point links, RSTP configuration, 270point-to-point ports (RSTP), 266port cables, GbE, 93–94port cache, clearing, 390port compatibility errors (EtherChannel),
troubleshooting, 175Port ID, tuning, 228–229port operations on TCAM tables, 73port priority value, 169port security, 389–391port speed, configuring, 96port states
of RSTP, 264of STP, 197–198
port-based authentication802.1x method lists, configuring, 393–394configuring, 392, 394example, 394
port-based VLAN membership, 114static VLAN configuration, 115–116
PortFast, 205, 233configuring, 233–234enabling, 270status, displaying, 234
multilayer switching (MLS)
623
portsactive EtherChannel parameters,
displaying, 175BPDU filtering, enabling, 254duplex mode, configuring, 97Fast Ethernet on Catalyst switches, 92in errdisable state, viewing, 391roles
assigned in Root guard, 247RSTP, 266versus states, 264
selecting as ranges, 95speed/duplex mismatches, monitoring,
100–101status, displaying, 391UDLD, enabling, 252verifying active STP protection
features, 254power supply
for LAPs, configuring, 525redundancy, configuring on Catalyst
switches, 343–345powered device detection (PoE), 358–360predictable network model, 19–20preparing for exam, scenarios
advanced STP, 539EtherChannel, 537–538implementing a wireless LAN, 542–543QoS in a switched network, 541router redundancy with HSRP and GLBP,
540–541securing access and managing traffic in a
switched network, 541–542traditional STP, 538trunking and DTP, 535–536VLANs, trunking, and VTP, 536–537
preventingbridging loops, 189collisions, 15routing loops with RSTP
BPDUs, 265configuring, 270convergence, 267port behavior, 263–264port states, 264
routing loops with STP, 230–232BackboneFast, 236–237PortFast, 233Root Bridge, configuring, 223–226
Root Bridge, placement, 219–222tuning, 227UplinkFast, 234–235
primary VLANs, 415process switching, 68promiscuous mode ports, 416
mapping to primary/secondary VLANs, 418proposal messages (RSTP), switch
synchronization, 267–268protect mode (switch ports), 390protecting against sudden BPDU loss, 250protocol data units (PDUs), 9pruning (VTP), 149–152PSK authentication, 477punt adjacencies, 302PVID (Port VLAN ID), 114PVLANs (private VLANs), 414–415
associating secondary VLANs to primary, 419–420
configuring, 416–419PVST (Per-VLAN STP), 206PVST+ (Per-VLAN Spanning Tree Plus),
207, 272
QQoS, 366
Auto-QoS, 375–378best effort, 367–368DiffServ, 368–369
Layer 2 classification, 369Layer 3 classification, 370–372
implementing on voice networks, 372–373IntServ, 368packet classification, 372–373trust, configuring, 374–375trust boundaries, 373verifying, 378–381
Rradius of Fresnel zones, calculating, 451–452ranges of ports, selecting, 95REAP (Cisco Remote Edge Access Point), 509reception of RF signals, factors affecting
absorption, 448–449diffraction, 449–450Fresnel zones, 450–452
reception of RF signals, factors affecting
624
reflection, 447–448refraction, 448scattering, 449
recovering from switch port error conditions, 99
redirect timer (AVFs), 332redundancy, 313
gateway addresses, 317HSRP, 318of Catalyst switches
non-stop forwarding, 343power supplies, 343–345supervisor synchronization, 342
of EtherChannel, 165of gateway addresses
GLBP, 330–337HSRP, 318–326VRRP, 327–329
of gateways, verifying configuration, 338within switch chassis, 339
redundant switch supervisors, 339–340redundancy modes of Catalyst switches, 339
configuring, 340–341redundant bridging, 187–188redundant link convergence (STP)
BackboneFast, 236PortFast, 233UplinkFast, 234–235
redundant switch supervisors, 339–340reflection, 447–448refraction, 448regions (MST), 274
defining, 277–278IST instances, 275MSTIs, 275
relieving network congestion, 13removing descriptions from switch ports, 96request advertisements (VTP), 143–144resources, grouping into building blocks, 39restrict mode (switch ports), 390revision number (VTP), setting to zero, 144RF (radio frequency) communication,
445–446modulation schemes, 447
RF communicationantennas, 457
highly directional, 458–459omnidirectional, 457–458semi-directional, 458
EIRP, 456multipath interference, 458overall gain, calculating, 456–457signal reception, factors affecting
absorption, 448–449diffraction, 449–450Fresnel zones, 450–452reflection, 447–448refraction, 448scattering, 449
signal strength, 452–453dB values, 453–454increase in, 455–456loss of, 454–455
roaming, 444, 482–484associations, 486implications of, 486–487on lightweight APs, 511
inter-controller roaming, 514–518intra-controller roaming,
512–513scanning process, 484–485
roles of RSTP switch ports, 264–266rollover cables, 92Root Bridge
configuring, 223–226election procedure, 191–192network diameter value, configuring, 200placement of, 219–222Root Bridge ID value, 191
Root Guard, 247–248Root Path Cost (STP), 192
calculating, 193tie conditions, 195tuning, 227–228
root portelection procedure, 192–194on RSTP topologies, 264–266
root-inconsistent STP state, 248route cache switching, 295route-caching, 65router election (HSRP), 318–320
conceding, 321–322“router on a stick,” 291routers
AVFs, 330–332redundancy, HSRP, 318
routing, 236. See also interVLAN routingLayer 3, 11
reception of RF signals, factors affecting
625
routing loops, 234preventing with RSTP
BPDUs, 265configuring, 270convergence, 267port behavior, 263–264port states, 264
preventing with STP, 232Root Bridge configuration, 223–226Root Bridge placement, 219–222
RPR (Route Processor Redundancy), 339–340RPVST+ (Rapid PVST+), 263, 270–272RSTP (Rapid STP)
BPDUs, 265configuring, 270convergence, 265–267
synchronization, 267–268edge ports, configuring, 270interoperability with STP, 265port behavior, 263–264port states, 264port types, 266switch ports
point-to-point links, configuring, 270role assignments, 264roles versus states, 264
topology changes, 269
SSAP (Service Advertising Protocol), 14SC connectors, 92scaling
core block, 38–39Layer 2 switching, 10VLANs, 118
scanning process, 484–485scattering, 449scenarios
advanced STP, 539answers, 547
EtherChannel, 537–538answers, 545
implementing a wireless LAN, 542–543answers, 551
QoS in a switched network, 541router redundancy with HSRP and GLBP,
540–541answers, 547–548
securing access and managing traffic in a switched network
answers, 549–550telephony in a switched network
answers, 548–549traditional STP, 538
answers, 545–546trunking and DTP, 535–536
answers, 544VLANs, trunking, and VTP, 536–537
answers, 544–545secondary VLANs, 415
associating to a primary VLAN, 419–420security in WLANs, 475–476
EAP-based, 477–479WPA, 479–480WPA2, 480
segmentation, 11selecting
Designated Ports, 195–197ranges of ports, 95Root Ports (STP), 192–194switch ports for configuration, 94–96
semi-directional antennas, 458server farm block, 31, 39–40server mode (VTP), 139
configuring, 145Service Advertisement Protocol (SAP), 14service provider edge block, 31, 41service sets, 438
BSS, 440comparing, 439ESS, 440IBSS, 439
setting VTP revision number to zero, 144SFP (small form factor pluggable)
modules, 93shared network model, 13–14, 436show adjacency summary command, 300show cdp neighbors command, 44show cdp neighbors detail command, 45show dot1x all command, 394show etherchannel load-balance
command, 175show etherchannel port command, 173show etherchannel port-channel
command, 168show etherchannel summary command, 173show glbp command, 336
show glbp command
626
show interface command, 99show interface status command, 305show interface switchport command, 364show interface trunk command, 129–130show interfaces switchport command, 129show ip cef command, 297show ip interface brief command, 307show ip interface command, 306show lacp sys-id command, 175show mac address-table command, 74show port-security interface command,
391–392show power command, 345show spanning-tree interface command, 198,
229, 365show spanning-tree vlan command, 232, 271show vlan command, 116, 305show vlan id command, 128show vtp commands, 153show vtp counters command, 148show vtp status command, 144, 148shutdown command, 99, 305shutdown mode (switch ports), 390signal gain, 455–456signal loss, 454–455signal strength (RF), 452–453
dB values, 453–454increase in, 455–456loss of, 454–455
silent submode (PAgP), 171single-host support, configuring, 234single-tagging, 122site surveys, 443sizing switch blocks, 33–35spanning-tree guard loop command, 251spanning-tree guard root command, 248spanning-tree portfast command, 270Spanning-Tree Protocol, 33spanning-tree vlan command, 226spectral masks, 461speed command, 97split-MAC architecture, 505spoofing attacks, mitigating
with ARP inspection, 399–401with DCHP snooping, 395–397with IP Source Guard, 397–399
Spurgeon, Charles, 86SSIDs (service set identifiers), 438SSO (Stateful Switchover), 340
stale entries (CAM tables), 69static CAM table entries, configuring, 69static VLANs
configuring, 115–116port-based membership, 114
static WEP keys, 477sticky MAC addresses, 389store-and-forward switching, 61STP (Spanning Tree Protocol)
active protection features, verifying on switch ports, 254
Blocking state, 197BPDU Guard, 248–249BPDUs
Configuration BPDUs, 189–190protecting against sudden loss of, 250TCN BPDUs, 200
bridging loops, 187–189CST, 206customizing, 226–227Designated Ports
election procedure, 195–196selecting, 196–197
Disabled state, 197disabling with BPDU filtering, 254displaying information, 237Forwarding state, 197IEEE 802.1Q, 272interoperability with RSTP, 265Learning state, 197Listening state, 197loop guard feature, 250–251MST
IST instances, 275MST instances, 276
network diameter value, configuring, 200Path Cost, 193Port ID, tuning, 228–229port numbers, 228PVST, 206PVST+, 207redundant link convergence, 232
BackboneFast, 236–237PortFast, 233UplinkFast, 234–235
Root Bridgeconfiguring, 223–226election procedure, 191–192placement, 219–222
show interface command
627
Root Guard, 247–248Root Path Cost, 192
tuning, 227–228Root Ports, election procedure, 192–194running multiple instances of, 273switch ports, roles versus states, 264timers, 199
automatic configuration, 231–232manual configuration, 230–231modifying, 230–231
topology changesdirect topology changes, 201–202indirect topology changes, 202–204insignificant topology changes,
204–205troubleshooting, 237, 254UDLD, 251–253unknown unicast frames, 186
subset advertisements, 142summary advertisements, 142superior BPDUs, 248supervisor modules, redundant switch
supervisors, 339–340supervisor synchronization, 342supplicants, 439SVI (switched virtual interface), 292SVI ports, interVLAN routing
configuration, 294SVIs (switched virtual interfaces), 419–420switch block connections
console port, 92Ethernet port cables, 92–93Gigabit Ethernet port cables, 93–94
switch blocks, 31–33distribution layer, 33sizing, 33–35
switch chassis, redundant switch supervisors, 339–340
switch portsaggregation, EtherChannel, 164assigning to VLANs, 116BPDU filtering, enabling, 254configuring, 94connectivity, troubleshooting, 100–101duplex mode, configuring, 97errdisable state, 249error conditions, recovering from, 97–99for LAPs, configuring, 525–526identifying, 96
loop-inconsistent state, 250PortFast, configuring, 233–234role assignments
Root guard, 247RSTP, 264–266
selecting for configuration, 94–96speed
configuring, 96displaying, 99
text descriptions, adding, 96trunks
configuring, 124–126example configuration, 126–127
UDLD, enabling, 252verifying active STP protection
features, 254VLAN tagging
IEEE 802.1Q, 122ISL, 121–122
VLANsand multiple subnets, 119troubleshooting, 128–130trunk links, 119
switch spoofing, 420–422switches, 38
VLANs, deleting, 116VTP
configuring, 144–147example configuration, 148
switchingAuto-QoS, 375–378CAM table, 69–70
troubleshooting, 74–75console ports, connecting to, 92Fast Ethernet ports, 92frame processing, 63–65functionality, 9–12Layer 2, 10Layer 3, 11Layer 4, 12MLS, 65
packet processing, 66–68MLS (multilayer switching), 12port IDs, 228port security, 389–391redundant bridging, 187–188single host support, configuring, 234store-and-forward, 61TCAM table, troubleshooting, 75
switching
628
TCAM tables, 70example, 72–73port operations, 73structure, 70–71VMR combinations, 71
transparent bridging, 61–63trunks, 119–120
configuring, 124–126DTP, 123–124traffic identification methods, 120VLAN frame identification,
121–123VTP, 139–142
switchport command, 116, 124, 292–293switchport host command, 404switchport priority extend trust command, 379synchronization of RSTP switches,
267–268synchronization problem (VTP), 141syntax for CAM table commands, 69system priority value, 169
Ttagging, 121
IEEE 802.1Q, 122ISL, 121–122
TC (topology change) messages, 269TCAM (Ternary Content Addressable
Memory), 64, 413TCAM tables, 70
example of, 72–73LOUs, 74port operations, 73structure of, 70–71VMR combinations, 71
TCI (Tag Control Information) field, 123TCN BPDUs, 200text descriptions, adding to switch ports, 96throttling adjacencies, 301thwarting VLAN hopping, 423–424tie conditions of Root Path Cost, 195timers, STP, 199
automatic configuration, 231–232manual configuration, 230–231modifying, 230–231
TKIP (Temporal Key Integrity Protocol), 479–480
Token Ring collisions, susceptibility to, 13support on VTP version 2, 147
topologiesdirect changes, 201–202flat network, 113indirect changes, 202–204insignificant changes, 204–205RSTP, detecting, 269
topology-based MLS, 65ToS (type of service), 370traffic
20/80 rule, 118core blocks, 36–38flooding, VTP pruning, 151–152multicast, 14within Cisco Unified Wireless Networks,
509–511transparent bridges, 61–63
redundancy, 187–188versus Ethernet switches, 185–186
transparent mode (VTP), 140configuring, 146version-dependent, 147
troubleshootingCAM table operation, 74–75EtherChannel, 172–175STP, 237, 254switch ports
connectivity, 100–101error conditions, 97–99
TCAM table operation, 75trunks, 128–130VLANs, 128–130VTP, 152–153
trunk links, 119VLAN tagging
IEEE 802.1Q, 122ISL, 121–122
trunks, 119–120accessing with switch spoofing, 420–422between switches in different VTP
domains, 124configuring, 124–126DTP, 123–126example configuration, 126–127IEEE 802.1Q, CST, 206status, displaying, 126troubleshooting, 128–130
switching
629
VLAN hopping, 422–424VTP, 139
advertisements, 139–144client mode, 140, 146configuring, 144example configuration, 148management domains, 139, 145pruning, 149–152server mode, 139server mode, configuring, 145status, displaying, 148–149summary advertisements, 142transparent mode, 140, 146troubleshooting, 152–153version, configuring, 146
trust boundaries, 373configuring, 374–375
tunneling between LAPs and WLCs, 505–506two-dimensional channel layout, 489–491
UUDLD (Unidirectional Link Detection), 251
default message interval times, 253enabling, 252message interval, configuring, 252
udld command, 252unidirectional links, 251U-NII (Unlicensed National Information
Infrastructure), 463unknown unicast flooding, 63unknown unicast frames, 149, 186unrecognized TLV (Type-Length-Value)
support, VTP version 2, 147uplink ports, enabling BPDU guard, 249UpLinkFast, 234–235
VVACLs, configuring, 413–414verifying
active STP features on switch ports, 254CEF operation, 307–308effectiveness of EtherChannel
load-balancing, 168fallback bridging, 308gateway redundancy, 338GLBP operation, 336
inline power for Cisco IP Phones, 360MLS, interVLAN routing, 304–307PoE power status, 360–361QoS, 379VLAN configuration, 116voice QoS operation, 378–381voice VLAN operation, 364
version-dependent transparent mode, 147VID (VLAN Identifier), 123viewing
CAM table entries, 74ports in errdisable state, 391STP information, 237switch port speed, 99switch ports in root-inconsistent state, 248trunking status, 126VTP status, 148–149
VLAN hopping, 422thwarting, 423–424
VLANs, 15, 113deleting, 116deploying, 117dynamic VLANs, 117end-to-end, deploying, 118–119extended-range, 115IEEE 802.1Q, CST, 206interVLAN routing, 291
configuring, 292–294interface types, 292Layer 2 ports, configuring, 292Layer 3 ports, configuring, 293–294SVI ports, configuring, 294verifying, 304–307
IP addressing scheme, 117local, deploying, 118management addresses, assigning, 40mapping to multiple STP instances,
274–275IST, 275MSTIs, 275–277
membership methods, port-based, 114MST
IST instances, 275MST instances, 276
PVLANs, 414–415configuring, 416–419
PVST, 206secondary, associating to primary VLAN
SVI, 419–420
VLANs
630
static VLANs, configuring, 115–116tagging, 121
IEEE 802.1Q, 122ISL, 121–122
troubleshooting, 128–130trunks, 119–120. See also VTP
configuring, 124–126DTP, 123–124example configuration, 126–127
verifying configuration, 116voice VLANs, 361–362
configuring, 362–363verifying, 365–366verifying operation, 364
VMR (Value, Mask, and Result) combinations, 71
voice networks, QoSimplementing, 372–373operation, verifying, 378–381
voice VLANs, 361–362configuring, 362–363verifying operation, 364–366
VoIP (Voice over IP)Cisco IP Phones
inline power, 359PoE, 357–361
QoS, 366trust, configuring, 374–375verifying, 379
voice VLANs, 361–362configuring, 362–363verifying operation, 364–366
VRRP (Virtual Router Redundancy Protocol), 327–329
configuring, 328status, displaying, 328
VTP (VLAN Trunking Protocol)advertisements, 139–141
requests, 143–144subset advertisements, 142summary advertisements, 142
client mode, 140, 146configuring, 144example configuration, 148extended-range VLAN membership, 115management domains, 139
configuring, 145parameters, displaying, 148viewing status, 148–149
pruning, 149–152revision number, setting to zero, 144server mode, 139, 145synchronization problem, 141transparent mode, 140, 146troubleshooting, 152–153version, configuring, 146version 2, consistency checks, 147version-dependent transparent
mode, 147vtp mode transparent command, 115VTPv3, 147
WW (Watts), 453WAN PHY, 91WCS (Cisco Wireless Control
System), 507WEP (Wireless Equivalence Protocol), 477WLANs
802.11 standards802.11a, 463–464802.11b, 460–462802.11g, 463frame type compliance, 460regulatory agencies, 459–460
ad-hoc, 439antennas, 457
highly-directional, 458–459omnidirectional, 457–458semi-directional, 458
APs, 440–442associations, 482–486cells, 442–445roaming, 444, 482–487
ASDs, 481collisions, avoiding, 436–437
DCF, 437–438designing, 487
AP cells, sizing, 488–489channel layout, 489–492
ESS, 440half-duplex transmission, 436modulation, 447RF communication
factors affecting reception, 447–452
signal strength, 452–456
VLANs
631
security, 475–476EAP-based, 477–479
EAP-FAST, 479EAP-TLS, 478LEAP, 478PEAP, 479
WPA, 479–480WPA2, 480
service sets, 438BSS, 440IBSS, 439
site surveys, 443SSIDs, 438supplicants, 439versus wired LANs, 435–436WLC, configuring, 519–524
WLC1, anchor points, 518
WLCs (wireless LAN controllers), 505configuring, 519–524functions of, 506–507interface types, 519linking to LAPs, 505–506mobility groups, 518platforms available, 507
workgroups, 18WPA (Wi-Fi Protected Access), 479–480WPA2, 480WWDM (wide-wavelength division
multiplexing), 91
X-Y-ZXOR (exclusive-OR) operation, 165
XOR (exclusive-OR) operation