Implementing Cisco IP Switched Networks (SWITCH) Foundation Learning Guide
Cisco Press (Verlag)
978-1-58720-664-1 (ISBN)
- Titel ist leider vergriffen;
keine Neuauflage - Artikel merken
The authors show you how to build scalable multilayer switched networks, create and deploy global intranets, and perform basic troubleshooting in environments using Cisco multilayer switches for client hosts and services. They begin by reviewing basic switching concepts, network design, and campus network architecture. Next, they present in-depth coverage of spanning-tree, inter-VLAN routing, first-hop redundancy, network management, advanced switch features, high availability, and campus network security.
Each chapter opens with a list of topics that clearly identify its focus. Each chapter ends with a summary of key concepts for quick study, as well as review questions to assess and reinforce your understanding. Throughout, configuration examples, and sample verification outputs illustrate critical issues in network operation and troubleshooting.
This guide is ideal for all certification candidates who want to master all the topics covered on the SWITCH 300-115 exam.
Serves as the official textbook for version 7 of the Cisco Networking Academy CCNP SWITCH course
Covers basic switching terminology and concepts, and the unique features of Cisco Catalyst switch designs
Reviews campus network design, including network structure, roles of Cisco Catalyst switches, and differences between Layer 2 and multilayer switches
Introduces VLANs, VTP, Trunking, and port-channeling
Explains Spanning Tree Protocol configuration
Presents concepts and modern best practices for interVLAN routing
Covers first-hop redundancy protocols used by Cisco Catalyst switches
Outlines a holistic approach to network management and Cisco Catalyst device security with AAA, NTP, 802.1x, and SNMP
Describes how to use advanced features to improve campus network resiliency and availability
Shows how to establish switch physical redundancy using Stackwise, VSS, or redundant supervisors
Explains advanced security features
Richard Froom, CCIE No. 5102, is a manager within the Solution Validation Services (SVS) team at Cisco. Richard previously worked as a network engineer in the Cisco TAC and in various customer-facing testing organizations within Cisco. Richard holds CCIEs in Routing and Switching and in Storage Networking. Richard currently focuses on expanding his team’s validation coverage to new technologies in the data center, including Application Centric Infrastructure (ACI), OpenStack, Intercloud Fabric, and big data solutions with Hadoop. Erum Frahim, CCIE No. 7549 , is a technical leader working in the Solution Validation Services (SVS) group at Cisco. In her current role, Erum is leading efforts to test data center solutions for several Cisco high-profile customers and leading all the cross-business units interlock. Most recently, she is working on Application Centric Infrastructure (ACI), UCS Director, OpenStack, and big data. Before this, Erum managed the Nexus platform escalation group and served as a team lead for the data center storage-area network (SAN) test lab under the Cisco data center business unit. Erum joined Cisco in 2000 as a technical support engineer. Erum has a Master of Science degree in electrical engineering from Illinois Institute of Technology and also holds a Bachelor of Engineering degree from NED University, Karachi, Pakistan. Erum also authors articles in Certification Magazine and on Cisco.com and has participated in many CiscoLive Events. In her spare time, Erum enjoys her time with her husband and child.
Introduction xx
Chapter 1 Fundamentals Review 1
Switching Introduction 2
Hubs and Switches 2
Bridges and Switches 2
Switches of Today 3
Broadcast Domains 3
MAC Addresses 4
The Basic Ethernet Frame Format 4
Basic Switching Function 5
VLANs 6
The Spanning Tree Protocol 6
Trunking 7
Port Channels 7
Multilayer Switching 8
Summary 8
Chapter 2 Network Design Fundamentals 9
Campus Network Structure 9
Hierarchical Network Design 10
Access Layer 12
Distribution Layer 13
Core Layer (Backbone) 14
Layer 3 in the Access Layer 17
The Cisco Enterprise Campus Architecture 19
The Need for a Core Layer 20
Types of Cisco Switches 22
Comparing Layer 2 and Multilayer Switches 24
MAC Address Forwarding 24
Layer 2 Switch Operation 25
Layer 3 (Multilayer) Switch Operation 26
Useful Commands for Viewing and Editing Catalyst Switch MAC Address Tables 27
Frame Rewrite 28
Distributed Hardware Forwarding 28
Cisco Switching Methods 29
Route Caching 30
Topology-Based Switching 31
Hardware Forward Details 33
Study Tips 34
Summary 34
Review Questions 35
Chapter 3 Campus Network Architecture 41
Implementing VLANs and Trunks in Campus Environment 41
VLAN Overview 42
VLAN Segmentation 44
End-to-End VLANs 44
Local VLANs 45
Comparison of End-to-End VLANs and Local VLANs 46
Mapping VLANs to a Hierarchical Network 47
Implementing a Trunk in a Campus Environment 49
Understanding Native VLAN in 802.1Q Trunking 52
Understanding DTP 53
VLAN Ranges and Mappings 54
Configuring, Verifying, and Troubleshooting VLANs and Trunks 55
Verifying the VLAN Configuration 57
Configuring VLANs and Trunks 61
Best Practices for VLANs and Trunking 65
Voice VLAN Overview 67
Switch Configuration for Wireless Network Support 69
VLAN Trunking Protocol 70
VTP Overview 70
VTP Modes 71
VTP Versions 73
VTP Pruning 74
VTP Authentication 75
VTP Advertisements 75
VTP Messages Types 77
Summary Advertisements 77
Subset Advertisements 77
Configuring and Verifying VTP 78
Overwriting VTP Configuration (Very Common Issue with VTP) 87
Best Practices for VTP Implementation 93
Implementing EtherChannel in a Switched Network 94
The Need for EtherChannel 94
EtherChannel Mode Interactions 97
LACP 97
PAgP 98
Layer 2 EtherChannel Configuration Guidelines 99
EtherChannel Load-Balancing Options 100
Configuring EtherChannel in a Switched Network 102
EtherChannel Configuration and Load Balancing 103
EtherChannel Guard 108
Study Tips 109
Summary 110
Review Questions 110
Chapter 4 Spanning Tree in Depth 119
Spanning Tree Protocol Overview 120
STP Need 120
STP Standards 121
STP Operations 122
Bridge Protocol Data Units 124
Root Bridge Election 124
Root Port Election 126
Designated Port Election 128
STP Port States 129
Per-VLAN STP Plus (PVST+) 130
STP Topology Changes 131
Rapid Spanning Tree Protocol 133
RSTP Port Roles 134
Comparison of RSTP and STP Port States 135
RSTP Topology Changes 136
RSTP Link Types 138
Configuring and Modifying STP Behavior 140
Changing STP Priority 143
STP Path Manipulation 145
STP Timers 148
Implementing STP Stability Mechanisms 151
Use UplinkFast 153
Use BackboneFast 154
Use PortFast 156
Securing PortFast Interface with BPDU Guard 158
Disabling STP with BPDU Filter 159
Use Root Guard 161
Loop Guard Overview 164
Use UDLD 166
UDLD Recommended Practices 170
Use FlexLinks 171
STP Stability Mechanisms Recommendations 175
Configuring Multiple Spanning Tree Protocol 179
Introducing MST 179
MST Regions 182
STP Instances with MST 183
Extended System ID for MST 185
Configuring and Verifying MST 185
Configuring MST Path Cost 192
Configuring MST Port Priority 193
MST Protocol Migration 194
MST Recommended Practices 194
Troubleshooting STP 196
Potential STP Problems 196
Duplex Mismatch 196
Unidirectional Link Failure 197
Frame Corruption 197
Resource Errors 198
PortFast Configuration Errors 198
Study Tips 198
Summary 199
Review Questions 200
Chapter 5 Inter-VLAN Routing 203
Describing Inter-VLAN Routing 204
Introduction to Inter-VLAN Routing 204
Inter-VLAN Routing Using an External Router 206
Configuring Inter-VLAN Routing Using an External Router 207
Routing with an External Router 208
External Routers: Advantages Disadvantages 211
Inter-VLAN Routing Using Switch Virtual Interfaces 212
SVI: Advantages and Disadvantages 214
Routing with Routed Ports 214
Routed Ports: Advantages 215
Configuring Inter-VLAN Routing Using SVI and Routed Ports 216
Routing on a Multilayer Switch 217
Using the SVI autostate exclude Command 220
SVI Configuration Checklist 221
Troubleshooting Inter-VLAN Problems 222
Example of a Troubleshooting Plan 223
Layer 2 Versus Layer 3 EtherChannel 225
Layer 3 EtherChannel Configuration 226
Verifying Routing Protocols 229
Implementing DHCP 231
DHCP Overview 231
Configuring DHCP in Multilayer Switched Network 233
Configuring a DHCP Relay 239
Configuring DHCP Options 239
Study Tips 240
Summary 241
Review Questions 242
Chapter 6 First-Hop Redundancy 247
Overview of FHRP and HSRP 247
The Need for First-Hop Redundancy 248
HSRP Overview 250
HSRP State Transition 253
Aligning HSRP with STP Topology 254
Configuring and Tuning HSRP 255
Forwarding Through the Active Router 257
Load Sharing with HSRP 263
The Need for Interface Tracking with HSRP 265
HSRP Interface Tracking 266
HSRP and Object Tracking 268
Configuring HSRP Authentication 271
Tuning HSRP Timers 272
HSRP Versions 274
Configuring Layer 3 Redundancy with VRRP 274
About VRRP 275
Configuring VRRP and Spotting the Differences from HSRP 276
VRRP and Authentication 279
Tracking and VRRP 280
Configuring Layer 3 Redundancy with GLBP 282
Introducing GLBP 282
Comparing GLPB to HSRP 283
GLBP States 284
Configuring and Verifying GLBP 285
GLBP Load-Balancing Options 294
GLBP Authentication 295
GLBP and STP 295
Tracking and GLBP 296
Study Tips 300
Summary 301
References 301
Review Questions 302
Chapter 7 Network Management 305
AAA 305
Authentication Options 307
RADIUS and TACACS+ Overview 308
RADIUS Authentication Process 309
TACACS+ Authentication Process 310
Configuring AAA 311
Configuring RADIUS for Console and vty Access 311
Configuring TACACS+ for Console and vty Access 312
AAA Authorization 313
AAA Accounting 314
Limitations of TACACS+ and RADIUS 315
Identity-Based Networking 316
IEEE 802.1X Port-Based Authentication Overview 316
IEEE 802.1X Configuration Checklist 318
Network Time Protocols 319
The Need for Accurate Time 320
Configuring the System Clock Manually 320
Network Time Protocol Overview 323
NTP Modes 324
Other NTP Configuration Options 326
NTP Example 326
NTP Design Principles 329
Securing NTP 331
NTP Source Address 333
NTP Versions 333
SNTP 335
PTP/IEEE-1588 336
SNMP 336
SNMP Overview 337
SNMP Versions 339
SNMP Best Practices 339
SNMPv3 Configuration Example 340
Verifying SNMP Version 3 Configuration 342
Study Tips 344
Summary 345
Review Questions 345
Chapter 8 Switching Features and Technologies for the Campus Network 351
Discovery Protocols 352
Introduction to LLDP 352
Basic Configuration of LLDP 353
Discovering Neighbors Using LLDP 355
Unidirectional Link Detection 357
UDLD Mechanisms and Specifics 358
UDLD Configuration 358
Leveraging UDLD and STP Loop Guard Together 360
Power over Ethernet 360
PoE Components 362
PoE Standards 362
PoE Negotiation 362
Configuring and Verifying PoE 363
SDM Templates 364
SDM Template Types 365
Choosing the Right SDM Template 367
System Resource Configuration on Other Platforms 367
Monitoring Features 368
SPAN and RSPAN Overview 368
SPAN Configuration 371
RSPAN Configuration 372
IP SLA 374
Introduction to IP SLA 375
IP SLA Source and Responder 377
IP SLA Configuration 377
IP SLA Operation with Responder 379
IP SLA Time Stamps 381
Configuring Authentication for IP SLA 382
IP SLA Example for UDP Jitter 383
Study Tips 384
Summary 385
Review Questions 385
Chapter 9 High Availability 393
The Need for Logical Switching Architectures 394
What Is StackWise? 395
StackWise Benefits 396
Verifying StackWise 396
What Is VSS? 397
VSS Benefits 398
Verifying VSS 399
Redundant Switch Supervisors 401
Supervisor Redundancy Modes 402
Stateful Switchover 403
Nonstop Forwarding 404
Study Tips 405
Summary 405
Review Questions 406
References 406
Chapter 10 Campus Network Security 409
Overview of Switch Security Issues 410
Cisco Switch Security Configuration Best Practices 411
Campus Network Vulnerabilities 414
Rogue Access 414
Switch Vulnerabilities 415
MAC Flooding Attacks 417
Introducing Port Security 419
Port Security Configuration 420
Port Error Conditions 422
Err-Disabled Automatic Recovery 423
Port Access Lists 424
Storm Control 425
Introduction to Storm Control 426
Configuring and Verifying Storm Control on an Interface 427
Mitigating Spoofing Attacks 430
DHCP Spoofing Attacks 430
DHCP Snooping 432
DHCP Option 82 433
DHCP Snooping Example Configuration 433
IP Source Guard 436
IPSG Configuration 438
ARP Spoofing 439
Dynamic ARP Inspection 440
DAI Configuration 441
Securing VLAN Trunks 443
Switch Spoofing 444
VLAN Hopping 446
Protecting Against VLAN Hopping 447
VLAN Access Lists 448
VACL Interaction with ACLs and PACLs 449
Configuring VACLs 450
Private VLANs 451
Introduction to PVLANs 452
PVLAN Port Types 453
PVLAN Configuration 454
PVLAN Verification 456
PVLANs Across Multiple Switches 457
Using the Protected Port Feature 458
Study Tips 458
Summary 459
Review Questions 460
Appendix A Answers to Chapter Review Questions 469
9781587206641 TOC, 4/14/2015
Erscheint lt. Verlag | 28.5.2015 |
---|---|
Verlagsort | Indianapolis |
Sprache | englisch |
Maße | 191 x 238 mm |
Gewicht | 1038 g |
Themenwelt | Mathematik / Informatik ► Informatik ► Netzwerke |
Informatik ► Weitere Themen ► Zertifizierung | |
ISBN-10 | 1-58720-664-1 / 1587206641 |
ISBN-13 | 978-1-58720-664-1 / 9781587206641 |
Zustand | Neuware |
Haben Sie eine Frage zum Produkt? |
aus dem Bereich