Cisco Networking Academy Program

CCNP 3: Multilayer SwitchingCompanion GuideSecond Edition

Wayne Lewis, Ph.D. Cisco Networking Academy Program

Cisco Press 800 East 96th Street Indianapolis, Indiana 46240 USAwww.ciscopress.com

ii

Cisco Networking Academy Program

CCNP 3: Multilayer Switching Companion GuideSecond EditionCisco Systems, Inc. Cisco Networking Academy Program Copyright 2005 Cisco Systems, Inc. Published by: Cisco Press 800 East 96th Street Indianapolis, Indiana 46240 USA All rights reserved. No part of this book may be reproduced or transmitted in any form or by any means, electronic or mechanical, including photocopying and recording, or by any information storage and retrieval system, without written permission from the publisher, except for the inclusion of brief quotations in a review. Printed in the United States of America 1 2 3 4 5 6 7 8 9 0 Library of Congress Cataloging-in-Publication Number: 2003114385 ISBN: 1-58713-143-9

Trademark AcknowledgmentsAll terms mentioned in this book that are known to be trademarks or service marks have been appropriately capitalized. Cisco Press or Cisco Systems, Inc. cannot attest to the accuracy of this information. Use of a term in this book should not be regarded as affecting the validity of any trademark or service mark.

Warning and DisclaimerThis book is designed to provide information about the Cisco Networking Academy Program CCNP 3: Multilayer Switching course. Every effort has been made to make this book as complete and accurate as possible, but no warranty or tness is implied. The information is provided on an as is basis. The author, Cisco Press, and Cisco Systems, Inc. shall have neither liability nor responsibility to any person or entity with respect to any loss or damages arising from the information contained in this book or from the use of the disks or programs that might accompany it. The opinions expressed in this book belong to the author and are not necessarily those of Cisco Systems, Inc.

This book is part of the Cisco Networking Academy Program series from Cisco Press. The products in this series support and complement the Cisco Networking Academy Program curriculum. If you are using this book outside the Networking Academy program, then you are not preparing with a Cisco trained and authorized Networking Academy provider. For information on the Cisco Networking Academy Program or to locate a Networking Academy, please visit www.cisco.com/edu.

Corporate and Government SalesCisco Press offers excellent discounts on this book when ordered in quantity for bulk purchases or special sales. For more information please contact: U.S. Corporate and Government Sales 1-800-382-3419 corpsales@pearsontechgroup.com For sales outside the United States please contact: International Sales international@pearsoned.com

iii

Feedback InformationAt Cisco Press, our goal is to create in-depth technical books of the highest quality and value. Each book is crafted with care and precision, undergoing rigorous development that involves the unique expertise of members of the professional technical community. Reader feedback is a natural continuation of this process. If you have any comments on how we could improve the quality of this book, or otherwise alter it to better suit your needs, you can contact us through e-mail at feedback@ciscopress.com. Please be sure to include the book title and ISBN in your message. We greatly appreciate your assistance. Publisher John Wait Editor-in-Chief Executive Editor Cisco Representative Cisco Press Program Manager Production Manager Senior Development Editor Project Editor Copy Editor Technical Editors Book/Cover Designer Compositor Indexer John Kane Mary Beth Ray Anthony Wolfenden Nannette M. Noble Patrick Kanouse Christopher Cleveland Marc Fowler Gayle Johnson Mark Gallo, Stanford M. Wong, Jim Yoshida Louisa Adair Octal Publishing, Inc. Larry Sweazy

iv

About the AuthorWayne Lewis is the Cisco Academy manager for the Pacic Center for Advanced Technology Training, based at Honolulu Community College. Since 1998, he has taught routing and switching, remote access, troubleshooting, network security, and wireless networking to instructors from universities, colleges, and high schools in Australia, Canada, Central America, China, Hong Kong, Indonesia, Japan, Mexico, Singapore, South America, Taiwan, and the United States, both onsite and at Honolulu Community College. Before teaching computer networking, Wayne began teaching math at age 20 at Wichita State University, followed by the University of Hawaii and Honolulu Community College. He received a Ph.D. in math from the University of Hawaii in 1992. He works as a contractor for Cisco Systems, developing curriculum for the Cisco Networking Academy Program. He enjoys surng the North Shore of Oahu when hes not distracted by work.

v

About the Technical ReviewersMark Gallo is a technical manager with America Online, where he leads a group of engineers responsible for the design and deployment of the domestic corporate intranet. His network certications include Cisco CCNP and Cisco CCDP. He has led several engineering groups responsible for designing and implementing enterprise LANs and international IP networks. He has a bachelor of science in electrical engineering from the University of Pittsburgh. He resides in northern Virginia with his wife, Betsy, and son, Paul. Stanford M. Wong, CCIE No. 8038, CCAI, MCSE, received his bachelor of science electrical engineering from the University of Hawaii and his master of business administration from the University of Phoenix. He is the owner and founder of Complete Network Solutions Corporation (CNSC). He is responsible for providing global enterprise networking solutions to the U.S. Government and commercial customers. He has 20 years in the networking industry; recently his work has focused on MPLS, VPN, and VoIP technologies. In addition, he instructs CCNP Cisco Networking Academy courses at Honolulu Community College. Jim Yoshida, CCDA, CCNP, is the Cisco Networking Academy Program main contact and a CCNA and CCNP instructor at Hawaii Community College. He has more than 20 years of teaching experience and has been involved with the Cisco Networking Academy Program since 1998. In addition to being responsible for overseeing the Cisco Networking Academy Program and conducting classes, he has worked closely with members of the Cisco World Wide Education team on CCNP curriculum development.

vi

OverviewForeword . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .xxii Introduction. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . xxiv Chapter 1 Chapter 2 Chapter 3 Chapter 4 Chapter 5 Chapter 6 Chapter 7 Chapter 8 Chapter 9 Chapter 10 Campus Networks and Design Models. . . . . . . . . . . . . . . . . . . . . .3 VLANs and VTP. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .67 Spanning Tree Protocol (STP) . . . . . . . . . . . . . . . . . . . . . . . . . . .153 Inter-VLAN Routing. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .259 Multilayer Switching . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .293 Redundancy . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .341 Cisco AVVID. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .385 Quality of Service . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .483 Monitoring and Security . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .545 Transparent LAN Services . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .649

Appendix A Check Your Understanding Answer Key. . . . . . . . . . . . . . . . . . .677 Appendix B Gigabit Ethernet and 10 Gigabit Ethernet Standards and Operation. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .701 Appendix C Using the Catalyst Operating System. . . . . . . . . . . . . . . . . . . . .709 Glossary 735 Index 755

vii

Table of ContentsForeword Introduction Chapter 1 xxii xxiv

Campus Networks and Design Models . . . . . . . . . . . . . . . . . . . . . 3 Overview of a Campus Network . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .3 Traditional Campus Networks . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .4 Issues with Traditional Campus Network Designs . . . . . . . . . . . . . . .5 Traditional 80/20 Rule of Network Trafc. . . . . . . . . . . . . . . . . . . . . .7 The New 20/80 Rule of Network Trafc . . . . . . . . . . . . . . . . . . . . . . .8 Key Requirements of the Evolving Campus Structure . . . . . . . . . . . .9 Evolving Campus Structure . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .10 Key Characteristics of Various Switching Technologies . . . . . . . . . . . .11 Overview . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .11 Layer 2 Switching . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .13 Layer 3 Switching . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .14 Layer 4 Switching . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .15 Multilayer Switching . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .16 Quality of Service (QoS) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .18 Multicast. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .19 Hierarchical Design Model for Campus Networks . . . . . . . . . . . . . .20 Building-Block Approach . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .23 The Switch Block. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .24 Scaling the Switch Block . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .25 Building the Core Block . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .26 Layer 2 and Layer 3 Backbone Scaling . . . . . . . . . . . . . . . . . . . . . . .29 Advantages of the Building-Block Approach . . . . . . . . . . . . . . . . . .31 Small Campus Networks . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .34 Medium Campus Networks . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .34 Large Campus Networks . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .35 Basic Conguration of the Switch. . . . . . . . . . . . . . . . . . . . . . . . . . . . .38 Cabling the Switch Block . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .38 Connecting to the Console Port . . . . . . . . . . . . . . . . . . . . . . . . . . . . .38 Connecting to an Ethernet Port . . . . . . . . . . . . . . . . . . . . . . . . . . . . .40 Clearing a Conguration . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .40 Setting a Password . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .44 Naming the Switch. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .46 Conguring the Switch for Remote Access . . . . . . . . . . . . . . . . . . . .46

viii

Identifying Individual Ports . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .48 Dening Port Speed and Line Mode on a Switch . . . . . . . . . . . . . . .50 Important IOS Features . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .53 Command-Line Recall . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .53 Using the Help Feature . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .54 Password Recovery . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .56 Setting an Idle Timeout . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .57 Verifying Connectivity . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .57 Backup and Restoration of a Conguration Using a TFTP Server . .58 HTTP Access to the Switch . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .59 Summary . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .60 Key Terms . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .62 Check Your Understanding . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .63 Chapter 2 VLANs and VTP. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .67 VLAN Basics. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .68 Describe a VLAN. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .68 Motivation for VLANs . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .70 VLANs and Network Security . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .71 VLANs and Broadcast Distribution . . . . . . . . . . . . . . . . . . . . . . . . . .73 VLANs and Bandwidth Utilization . . . . . . . . . . . . . . . . . . . . . . . . . .74 VLANs Versus Router Latency . . . . . . . . . . . . . . . . . . . . . . . . . . . . .75 Wrong Motives for Implementing VLANs . . . . . . . . . . . . . . . . . . . .76 VLAN Security . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .76 Overview . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .77 Understanding Switch ACLs . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .78 Router ACLs and VLAN Maps . . . . . . . . . . . . . . . . . . . . . . . . . . . . .79 Conguring Router ACLs . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .81 Conguring VLAN Maps. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .83 Using VLAN Maps with Router ACLs . . . . . . . . . . . . . . . . . . . . . . .88 Applying Router ACLs and VLAN Maps on VLANs . . . . . . . . . . . .90 VLAN Types . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .92 VLAN Boundaries . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .93 End-to-End VLANs . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .94 Local VLANs . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .95 Establishing VLAN Memberships . . . . . . . . . . . . . . . . . . . . . . . . . . .96 Port-Based VLAN Membership. . . . . . . . . . . . . . . . . . . . . . . . . . . . .96 Dynamic VLANs . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .98

ix

Conguring VLANs and VMPS . . . . . . . . . . . . . . . . . . . . . . . . . . . . .100 Conguring Static VLANs. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .100 Verifying VLAN Conguration . . . . . . . . . . . . . . . . . . . . . . . . . . . .102 Deleting VLANs . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .102 VMPS Operation . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .103 VMPS Conguration Guidelines . . . . . . . . . . . . . . . . . . . . . . . . . . .105 Access Links and Trunk Links. . . . . . . . . . . . . . . . . . . . . . . . . . . . .109 VLAN Trunking and Dynamic Trunking Protocol . . . . . . . . . . . . . . .111 Trunking Overview . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .111 Conguring a VLAN Trunk . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .112 Removing VLANs from a Trunk . . . . . . . . . . . . . . . . . . . . . . . . . . .113 Basics of Dynamic Trunking Protocol . . . . . . . . . . . . . . . . . . . . . . .114 DTP Trunk and Access Modes. . . . . . . . . . . . . . . . . . . . . . . . . . . . .116 DTP Combinations. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .117 Verifying DTP . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .120 VLAN Identication . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .122 VLAN Frame Identication . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .123 Inter-Switch Link (ISL) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .123 The IEEE 802.1Q Protocol . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .125 The IEEE 802.10 Protocol . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .126 LAN Emulation (LANE) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .127 VLAN Trunking Protocol (VTP). . . . . . . . . . . . . . . . . . . . . . . . . . . . .128 VTP Benets . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .128 VTP Operation . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .129 VTP Modes . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .131 Adding a Switch to a VTP Domain . . . . . . . . . . . . . . . . . . . . . . . . .133 VTP Advertisements . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .134 VTP Conguration and VTP Pruning . . . . . . . . . . . . . . . . . . . . . . . . .138 Basic Conguration Steps . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .138 Conguring the VTP Version . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .139 Conguring the VTP Domain . . . . . . . . . . . . . . . . . . . . . . . . . . . . .140 Conguring the VTP Mode . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .141 Verifying VTP Conguration . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .142 Default Behavior of a Switch . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .143 Conguring VTP Pruning . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .144 Verifying VTP Pruning. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .145 Summary . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .146 Key Terms . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .147 Check Your Understanding . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .148

x

Chapter 3

Spanning Tree Protocol (STP) . . . . . . . . . . . . . . . . . . . . . . . . . . .153 STP Operation . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .154 STP Concepts . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .154 Broadcast Loops. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .154 Bridge Table Corruption. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .156 Bridge Priority . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .158 Path Cost . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .159 Port ID . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .160 STP Processes . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .161 STP Decisions and BPDU Exchanges . . . . . . . . . . . . . . . . . . . . . . .162 Three Steps of STP Convergence. . . . . . . . . . . . . . . . . . . . . . . . . . .163 Electing the Root Switch . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .164 Electing Root Ports . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .165 Electing Designated Ports . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .166 STP States . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .168 STP Timers. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .171 BPDU Format. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .174 Topology Changes and STP . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .176 STP Enhancements . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .177 Delay in STP Updates . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .177 PortFast . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .178 UplinkFast . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .180 BackboneFast . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .182 802.1w Rapid STP . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .185 RSTP States . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .186 RSTP Port Roles . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .187 RSTP Timers . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .190 RSTP BPDU Format . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .194 Evolution of Spanning Tree . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .195 PVST (Per-VLAN Spanning Tree), PVST+, and Mono Spanning Tree Modes. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .195 Enhanced PVST+. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .198 MST (802.1s) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .199 Load Sharing . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .201 Switchport Tuning Using BPDU Guard. . . . . . . . . . . . . . . . . . . . . .203 Switchport Tuning Using Root Guard . . . . . . . . . . . . . . . . . . . . . . .205 STP Conguration . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .207 Default STP Conguration. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .207 Enabling and Disabling STP . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .208 Modifying the Root Switch . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .208

xi

Setting the Priority for Ports and VLANs . . . . . . . . . . . . . . . . . . . .210 Setting the Port Cost . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .212 Conguring Switch Priority of a VLAN . . . . . . . . . . . . . . . . . . . . .213 Modifying Default Timers . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .214 Tuning, Verifying, and Troubleshooting STP . . . . . . . . . . . . . . . . . . .216 Conguring PortFast . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .216 Conguring UplinkFast . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .217 Conguring BackboneFast. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .218 Conguring BPDU Guard . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .219 Conguring Root Guard. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .220 Conguring Load Sharing . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .221 Verifying STP, RSTP, and MSTP Conguration . . . . . . . . . . . . . . .225 RSTP and MSTP Conguration . . . . . . . . . . . . . . . . . . . . . . . . . . . . .226 Default RSTP and MSTP Conguration . . . . . . . . . . . . . . . . . . . . .226 RSTP and MSTP Conguration Guidelines . . . . . . . . . . . . . . . . . .227 Enabling RSTP and MSTP . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .228 Conguring the MST Root Switch . . . . . . . . . . . . . . . . . . . . . . . . .230 Conguring MST Switch Priority . . . . . . . . . . . . . . . . . . . . . . . . . .232 Conguring MST Path Cost. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .232 Conguring MST Port Priority . . . . . . . . . . . . . . . . . . . . . . . . . . . .234 Conguring MSTP Timers. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .235 Conguring Maximum Hop Count . . . . . . . . . . . . . . . . . . . . . . . . .237 EtherChannel . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .237 EtherChannel Explained . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .238 Frame Distribution . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .240 EtherChannel Methods. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .241 Port Aggregation Protocol (PAgP) . . . . . . . . . . . . . . . . . . . . . . . . . .242 Link Aggregation Control Protocol (LACP) . . . . . . . . . . . . . . . . . .244 Modifying Port Cost for EtherChannel Groups . . . . . . . . . . . . . . . .245 EtherChannel Conguration Guidelines . . . . . . . . . . . . . . . . . . . . .245 Conguring Fast EtherChannel . . . . . . . . . . . . . . . . . . . . . . . . . . . .249 Summary . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .250 Key Terms . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .252 Check Your Understanding . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .254 Chapter 4 Inter-VLAN Routing . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 259 Methods of Inter-VLAN Routing . . . . . . . . . . . . . . . . . . . . . . . . . . . .259 Key Components of Inter-VLAN Routing. . . . . . . . . . . . . . . . . . . .259 Comparison of Layer 2 and Layer 3 Operations in the Core . . . . . .262 Inter-VLAN Routing Performance and Scalability Issues. . . . . . . .263

xii

Roles of the Different Types of VLANs. . . . . . . . . . . . . . . . . . . . . .265 Route Switch Processors . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .269 Router-on-a-Stick . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .271 When to Use the Router-on-a-Stick Design. . . . . . . . . . . . . . . . . . .272 Cisco Layer 3 Feature Cards . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .273 Conguring Inter-VLAN Routing . . . . . . . . . . . . . . . . . . . . . . . . . . . .274 Conguring Inter-VLAN Routing in a Switched Network . . . . . . .274 Conguring Inter-VLAN Routing Via the Switch Virtual Interface . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .274 Conguring Inter-VLAN Routing Via the Routed Port . . . . . . . . . .275 Conguring Routing Between an External Router and an Internal Route Processor . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .276 Conguring the Router for the Native VLAN . . . . . . . . . . . . . . . . .277 Conguring Router-on-a-Stick. . . . . . . . . . . . . . . . . . . . . . . . . . . . .279 Verifying the Inter-VLAN Routing Conguration. . . . . . . . . . . . . .282 Troubleshooting Inter-VLAN Routing. . . . . . . . . . . . . . . . . . . . . . .286 Summary . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .287 Key Terms . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .288 Check Your Understanding . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .289 Chapter 5 Multilayer Switching . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .293 Multilayer Switching . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .294 MLS Hardware and Software Requirements . . . . . . . . . . . . . . . . . .294 MLS Components . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .296 MLS Flows. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .297 MLS Operation . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .300 Cisco Express Forwarding (CEF) . . . . . . . . . . . . . . . . . . . . . . . . . . . .303 Comparing MLS and CEF . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .303 CEF Operation . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .308 CEF Forwarding Information Base . . . . . . . . . . . . . . . . . . . . . . . . .309 CEF Adjacency Table. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .311 Packet Flow for Layer 2 and Layer 3 Forwarding Decisions. . . . . .311 Additional Benets of CEF-Based Forwarding . . . . . . . . . . . . . . . .313 MLS and CEF Conguration Tasks. . . . . . . . . . . . . . . . . . . . . . . . . . .315 MLS-RP Conguration . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .315 MLS-SE Conguration . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .317 Conguring MLS Optional Parameters . . . . . . . . . . . . . . . . . . . . . .318 MLS Conguration Example . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .320 MLS Verication . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .326 CEF Conguration and Verication . . . . . . . . . . . . . . . . . . . . . . . . .331

xiii

Summary . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .334 Key Terms . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .335 Check Your Understanding . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .337 Chapter 6 Redundancy . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 341 Implementing Module Redundancy in a Multilayer Switched Network . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .342 Implementing Redundant Supervisor Engines in Catalyst Switches . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .342 Implementing Redundant Supervisor Uplink Modules in Catalyst Switches . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .344 Implementing Redundant Distributed Forwarding Cards in Catalyst Switches . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .347 Implementing Redundant Power Supplies . . . . . . . . . . . . . . . . . . . .348 Implementing Router Redundancy in a Switched Network . . . . . . . .349 Router Redundancy Operation. . . . . . . . . . . . . . . . . . . . . . . . . . . . .350 ICMP Router Discovery Protocol (IRDP) . . . . . . . . . . . . . . . . . . . .352 Hot Standby Router Protocol (HSRP) . . . . . . . . . . . . . . . . . . . . . . .352 Virtual Router Redundancy Protocol (VRRP) . . . . . . . . . . . . . . . . .355 Gateway Load Balancing Protocol (GLBP). . . . . . . . . . . . . . . . . . .356 Single Router Mode (SRM) Redundancy . . . . . . . . . . . . . . . . . . . .360 Server Load Balancing (SLB) . . . . . . . . . . . . . . . . . . . . . . . . . . . . .361 HSRP Operations. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .363 The Virtual Router MAC Address . . . . . . . . . . . . . . . . . . . . . . . . . .366 HSRP Messages . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .368 HSRP States . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .369 HSRP Conguration . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .369 How HSRP Addresses Redundancy Issues . . . . . . . . . . . . . . . . . . .371 HSRP Standby Priority . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .372 HSRP Standby Preempt . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .373 HSRP Hello Timers . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .373 HSRP Interface Tracking . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .375 Verify HSRP Conguration . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .376 HSRP over Trunk Links . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .377 Troubleshooting HSRP . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .378 Summary . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .379 Key Terms . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .380 Check Your Understanding . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .381

xiv

Chapter 7

Cisco AVVID. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .385 Introduction to Cisco AVVID . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .386 Examining the Cisco AVVID Framework . . . . . . . . . . . . . . . . . . . .386 Cisco AVVID Network Infrastructure . . . . . . . . . . . . . . . . . . . . . . .388 Cisco AVVID Intelligent Network Services. . . . . . . . . . . . . . . . . . .391 High Availability . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .393 Cisco AVVID Network Solutions . . . . . . . . . . . . . . . . . . . . . . . . . .395 Cisco AVVID Network Implementation Example . . . . . . . . . . . . . .401 Legacy Migration . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .403 Examining Multicast in a Multilayer Switched Network . . . . . . . . . .406 Multicast Overview . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .406 Multicast Addressing . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .408 Layer 3 Multicast Addressing . . . . . . . . . . . . . . . . . . . . . . . . . . . . .409 Layer 2 Multicast Addressing . . . . . . . . . . . . . . . . . . . . . . . . . . . . .411 IGMP . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .412 IGMP Version 1 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .412 IGMP Version 2 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .415 IGMP Version 1 and Version 2 Interoperability . . . . . . . . . . . . . . . .417 IGMP Version 3 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .418 IGMP Snooping . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .419 CGMP Operation . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .422 Routing Multicast Trafc. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .424 Distribution Trees. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .425 Managing Delivery of Multicast Packets . . . . . . . . . . . . . . . . . . . . .428 Reverse Path Forwarding (RPF). . . . . . . . . . . . . . . . . . . . . . . . . . . .430 Multicast Routing Protocols. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .432 Dense-Mode Routing Protocols . . . . . . . . . . . . . . . . . . . . . . . . . . . .432 Distance Vector Multicast Routing Protocol . . . . . . . . . . . . . . . . . .433 Protocol-Independent Multicast Dense Mode . . . . . . . . . . . . . . . . .433 Multicast Open Shortest Path First . . . . . . . . . . . . . . . . . . . . . . . . .434 Sparse Mode Routing Protocols. . . . . . . . . . . . . . . . . . . . . . . . . . . .434 Core-Based Trees . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .435 PIM-SM . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .436 Congure IP Multicast Routing . . . . . . . . . . . . . . . . . . . . . . . . . . . .437 Verify PIM Conguration . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .438 Congure Auto-RP (Optional) . . . . . . . . . . . . . . . . . . . . . . . . . . . . .439 Optional IP Multicast Routing Tasks . . . . . . . . . . . . . . . . . . . . . . . .441 Cisco IP Telephony . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .444 Introducing the Cisco IP Telephony Solution . . . . . . . . . . . . . . . . .445 Cisco IP Telephony Designs . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .450

xv

Single-Site Model . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .450 Multiple Sites with Independent Call Processing . . . . . . . . . . . . . .451 Multiple Sites with Distributed Call Processing . . . . . . . . . . . . . . .452 Multisite IP WAN with Centralized Call Processing . . . . . . . . . . . .454 Voice Quality Issues . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .455 Common Voice Issues . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .455 Implementing QoS for Voice . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .457 QoS. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .458 Trust Boundaries . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .459 Trafc Classication . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .461 Trafc Classication at Layer 2 . . . . . . . . . . . . . . . . . . . . . . . . . . . .462 Trafc Classication at Layer 3 . . . . . . . . . . . . . . . . . . . . . . . . . . . .463 Summary Recommendations for QoS Implementation . . . . . . . . . .464 Network Design Issues for Voice. . . . . . . . . . . . . . . . . . . . . . . . . . . . .465 IP Phone Physical Connectivity . . . . . . . . . . . . . . . . . . . . . . . . . . . .465 Power/Protection Options . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .465 Power to IP Phones . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .466 Infrastructure Considerations . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .467 High Availability . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .467 IP Addressing and Management . . . . . . . . . . . . . . . . . . . . . . . . . . .468 Implementing IP Telephony with Auxiliary VLANs . . . . . . . . . . . .470 Voice VLAN Conguration . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .470 Connecting to the Network with Auxiliary VLANs. . . . . . . . . . . . .471 Summary . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .472 Key Terms . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .475 Check Your Understanding . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .479 Chapter 8 Quality of Service . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 483 Quality of Service Requirements. . . . . . . . . . . . . . . . . . . . . . . . . . . . .484 Quality of Service Dened. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .484 Loss . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .485 Delay or Latency . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .485 Delay Variation or Jitter . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .486 Network Availability . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .486 Provisioning . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .487 Quality of Service Requirements for Data . . . . . . . . . . . . . . . . . . . .487 Quality of Service Requirements for Voice . . . . . . . . . . . . . . . . . . .488 Quality of Service Requirements for Video . . . . . . . . . . . . . . . . . . .488

xvi

Quality of Service Mechanisms. . . . . . . . . . . . . . . . . . . . . . . . . . . . . .490 Best-Effort Service. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .490 Integrated Services Model . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .491 Differentiated Services Model . . . . . . . . . . . . . . . . . . . . . . . . . . . . .492 Trafc Marking . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .492 Modular QoS Command-Line Interface (MQC) . . . . . . . . . . . . . . .495 Using the class-map Command to Dene Trafc Classes . . . . . . . .495 Dening the QoS Policy Using the Policy Map. . . . . . . . . . . . . . . .497 Applying the Policy to an Interface Using the Service Policy. . . . .499 Classication at the Access Layer . . . . . . . . . . . . . . . . . . . . . . . . . . . .499 Trusting the CoS. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .499 Conguring CoS Trust Using the IOS . . . . . . . . . . . . . . . . . . . . . . .500 Assigning CoS on a Per-Port Basis . . . . . . . . . . . . . . . . . . . . . . . . .501 Rewriting the CoS . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .501 Using a MAC ACL to Assign a DSCP Value . . . . . . . . . . . . . . . . . .502 Conguring DSCP Using a MAC ACL . . . . . . . . . . . . . . . . . . . . . .504 Using an IP ACL to Dene the DSCP or Precedence . . . . . . . . . . .507 Policing and Marking . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .509 Individual Policers . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .509 Aggregate Policers . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .510 Token Bucket . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .511 Classication and Policing Using Committed Access Rate (CAR) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .512 Conguring the Policed DSCP Map . . . . . . . . . . . . . . . . . . . . . . . .512 Conguring Classication Using CAR . . . . . . . . . . . . . . . . . . . . . .514 Conguring Policing Using CAR . . . . . . . . . . . . . . . . . . . . . . . . . .515 Scheduling . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .516 FIFO Queue . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .516 Weighted Fair Queuing (WFQ) . . . . . . . . . . . . . . . . . . . . . . . . . . . .516 WFQ and IP Precedence . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .518 Class-Based Weighted Fair Queuing (CBWFQ) . . . . . . . . . . . . . . .519 Conguring CBWFQ . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .520 CBWFQ Bandwidth Allocation . . . . . . . . . . . . . . . . . . . . . . . . . . . .522 Congestion Avoidance . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .522 Weighted Random Early Detection (WRED) . . . . . . . . . . . . . . . . .523 Conguring WRED on a Physical Interface . . . . . . . . . . . . . . . . . .524 Verifying WRED Conguration. . . . . . . . . . . . . . . . . . . . . . . . . . . .525 Conguring WRED with CBWFQ . . . . . . . . . . . . . . . . . . . . . . . . .525 Low Latency Queuing (LLQ) . . . . . . . . . . . . . . . . . . . . . . . . . . . . .526 Conguring LLQ . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .527

xvii

Trafc Shaping. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .528 Generic Trafc Shaping (GTS) . . . . . . . . . . . . . . . . . . . . . . . . . . . .529 Conguring GTS for an Interface . . . . . . . . . . . . . . . . . . . . . . . . . .530 GTS for Frame Relay Networks . . . . . . . . . . . . . . . . . . . . . . . . . . .531 Conguring GTS for Frame Relay Networks . . . . . . . . . . . . . . . . .532 Verifying GTS Conguration. . . . . . . . . . . . . . . . . . . . . . . . . . . . . .532 QoS Using Low-Speed Links . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .533 Link Efciency Mechanisms . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .534 Link Fragmentation and Interleaving (LFI) . . . . . . . . . . . . . . . . . . .534 Link Fragmentation and Interleaving (LFI): Multilink PPP . . . . . .535 Compressed Real-Time Protocol (CRTP) . . . . . . . . . . . . . . . . . . . .536 Conguring CRTP . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .537 Summary . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .538 Key Terms . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .539 Check Your Understanding . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .541 Chapter 9 Monitoring and Security . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 545 Monitoring Switched Network Performance with SPAN and VSPAN . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .545 Monitoring with SPAN on a Port Basis . . . . . . . . . . . . . . . . . . . . . .546 SPAN Interaction with Other Features. . . . . . . . . . . . . . . . . . . . . . .548 SPAN Conguration Limitations . . . . . . . . . . . . . . . . . . . . . . . . . . .549 Conguring SPAN Sessions. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .550 VSPANSPAN Using VLANs as Monitored Source. . . . . . . . . . .552 RSPAN. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .555 RSPAN Reector Ports . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .556 RSPAN Interaction with Other Features . . . . . . . . . . . . . . . . . . . . .557 RSPAN and RSPAN VLANs . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .557 Conguring RSPAN. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .558 Conguring RSPAN to Filter Trunks for Specic VLAN Trafc . .562 Network Analysis Modules and Switch Fabric Modules. . . . . . . . . . .564 The Network Analysis Module . . . . . . . . . . . . . . . . . . . . . . . . . . . .566 Using the NAM . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .567 Benets of Deploying a NAM . . . . . . . . . . . . . . . . . . . . . . . . . . . . .569 NAM Troubleshooting . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .569 Increasing Switching Fabric in Catalyst 6500 Series Switches . . . .570 Conguring the Switch Fabric Module . . . . . . . . . . . . . . . . . . . . . .572 Monitoring the Switch Fabric Module. . . . . . . . . . . . . . . . . . . . . . .572

xviii

Basic Security . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .575 Access Control Policy . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .575 Basic Security Measures . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .577 Physical Security . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .577 Connecting to the Switch . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .579 Out-of-Band Management . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .579 In-Band Management. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .581 Basic Password Protection . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .582 Securing Remote Management . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .585 Remote Management Security Options . . . . . . . . . . . . . . . . . . . . . .585 Advanced Username Options. . . . . . . . . . . . . . . . . . . . . . . . . . . . . .585 Encrypting Communications Using Secure Shell . . . . . . . . . . . . . .587 Encryption Key Pairs . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .589 Using VLANs to Restrict Remote Management . . . . . . . . . . . . . . .591 Securing the Web Management Interface . . . . . . . . . . . . . . . . . . . .592 Using Access Lists to Restrict Remote Management . . . . . . . . . . .593 Additional Remote Management Session Options . . . . . . . . . . . . .595 Conguring, Verifying, and Troubleshooting SSH Server. . . . . . . .596 Securing User Access . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .598 Using Port Security, Protected Ports, and Private VLANs. . . . . . . .598 Using Access Lists . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .600 Router ACLs. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .602 Port ACLs. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .604 VLAN ACLs and VLAN Maps . . . . . . . . . . . . . . . . . . . . . . . . . . . .604 Conguring and Verifying Port Security . . . . . . . . . . . . . . . . . . . . .607 Conguring and Verifying Protected Ports . . . . . . . . . . . . . . . . . . .609 Conguring and Verifying Access Lists. . . . . . . . . . . . . . . . . . . . . .610 Authentication, Authorization, and Accounting (AAA) . . . . . . . . . . .614 TACACS+ . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .615 RADIUS. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .616 Cisco Secure Access Control Server (ACS). . . . . . . . . . . . . . . . . . .618 Conguring AAA . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .619 Conguring TACACS+ and RADIUS Clients . . . . . . . . . . . . . . . . .620 Conguring AAA Authentication . . . . . . . . . . . . . . . . . . . . . . . . . .621 Conguring AAA Authorization . . . . . . . . . . . . . . . . . . . . . . . . . . .625 Conguring AAA Accounting . . . . . . . . . . . . . . . . . . . . . . . . . . . . .630 IEEE 802.1x Port-Based Authentication . . . . . . . . . . . . . . . . . . . . . . .634 Authentication Initiation and Message Exchange . . . . . . . . . . . . . .635 Ports in Authorized and Unauthorized States . . . . . . . . . . . . . . . . .637 Supported Topologies. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .638

xix

802.1x Conguration Guidelines . . . . . . . . . . . . . . . . . . . . . . . . . . .639 Conguring 802.1x Port-Based Authentication . . . . . . . . . . . . . . . .640 Summary . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .643 Key Terms . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .644 Check Your Understanding . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .645 Chapter 10 Transparent LAN Services . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 649 Ethernet Solutions for Transparent LAN Services (TLS) . . . . . . . . . .649 Same Network, New Services . . . . . . . . . . . . . . . . . . . . . . . . . . . . .649 VLAN Tunneling . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .651 Intermetro LAN Transport . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .652 Interservice POP Connectivity . . . . . . . . . . . . . . . . . . . . . . . . . . . . .653 Metro Segmentation . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .654 Introducing Transparent LAN Services Architecture . . . . . . . . . . . . .655 Metro Ethernet Services. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .655 IP+Optical . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .656 Point-to-Point Dedicated . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .657 Point-to-Multipoint Shared . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .658 Role of QoS in TLS . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .659 Examining Fiber-Optic Transports . . . . . . . . . . . . . . . . . . . . . . . . . . .660 Dening SONET and SDH . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .660 Applications for SONET/SDH. . . . . . . . . . . . . . . . . . . . . . . . . . . . .664 Implementing SONET/SDH Within a Metropolitan Network. . . . .664 Dening Dynamic Packet Transport (DPT) . . . . . . . . . . . . . . . . . . .665 Dening CWDM and DWDM . . . . . . . . . . . . . . . . . . . . . . . . . . . . .666 Implementing DWDM Over a MAN . . . . . . . . . . . . . . . . . . . . . . . .667 10 Gigabit Ethernet Standards . . . . . . . . . . . . . . . . . . . . . . . . . . . . .669 Summary . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .671 Key Terms . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .672 Check Your Understanding . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .672 Appendix A Check Your Understanding Answer Key . . . . . . . . . . . . . . . . . . 677 Appendix B Gigabit Ethernet and 10 Gigabit Ethernet Standards and Operation . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 701 Appendix C Using the Catalyst Operating System . . . . . . . . . . . . . . . . . . . . 709 Glossary 735 Index 755

xx

Cisco Systems Networking Icon LegendCisco Systems, Inc. uses a standardized set of icons to represent devices in network topology illustrations. The following icon legend shows the most commonly used icons you will encounter throughout this book.

Access Server Token Ring

PC

Laptop

Web Server

Cache Engine

Local Multilayer Director Switch Feature Card (MSFC)

Small Hub Token Ring File Server

Distributed Director Route/Switch Processor Multilayer Switch

Gateway

V

Firewall

POTS Phone

IP Phone

NetRanger

PIX Firewall

Router

Voice-Enabled Router

Database

Bridge Cisco Storage Router

Modem HubCisco CallManager Optical Services Router

PLSwitch ATM Switch Wireless Access PortMGX 8240

MMGX 8260 Optical Transport

Wireless Connection

Printer Network Cloud Cisco SoftPhone

ONS Device

EtherClient

VPN Concentrator

TransPath

Optical Cross-Connect

Ethernet Connection

Serial Connection

Circuit-Switched Connection

xxi

Command Syntax ConventionsThe conventions used to present command syntax in this book are the same conventions used in the Cisco IOS software Command Reference. The Command Reference describes these conventions as follows:

Bold indicates commands and keywords that are entered exactly as shown. Italic indicates arguments for which you supply values. Vertical bars (|) separate alternative, mutually exclusive elements. Square brackets ([ ]) indicate an optional element. Braces ({ }) indicate a required choice. Braces within brackets ([{ }]) indicate a required choice within an optional element.

xxii

ForewordThroughout the world, the Internet has offered tremendous new opportunities for individuals and their employers. Companies and other organizations are seeing dramatic increases in productivity by investing in robust networking capabilities. Some studies have shown measurable productivity improvements in entire economies. The promise of enhanced efciency, protability, and standard of living is real and growing. Such productivity gains arent achieved by simply purchasing networking equipment. Skilled professionals are needed to plan, design, install, deploy, congure, operate, maintain, and troubleshoot todays networks. Network managers must ensure that they have planned for network security and continued operation. They need to design for the required performance level in their organization. They must implement new capabilities as the demands of their organization, and its reliance on the network, expand. To meet the many educational needs of the internetworking community, Cisco Systems established the Cisco Networking Academy Program. The Networking Academy is a comprehensive learning program that provides students with the Internet technology skills that are essential in a global economy. The Networking Academy integrates face-to-face teaching, web-based content, online assessment, student performance tracking, hands-on labs, instructor training and support, and preparation for industry-standard certications. The Networking Academy continually raises the bar on blended learning and educational processes. The Internet-based assessment and instructor support systems are some of the most extensive and validated systems ever developed, including a 24/7 customer service system for Networking Academy instructors. Through community feedback and electronic assessment, the Networking Academy adapts the curriculum to improve outcomes and student achievement. The Cisco Global Learning Network infrastructure designed for the Networking Academy delivers a rich, interactive, personalized curriculum to students worldwide. The Internet has the power to change how people work, live, play, and learn, and the Cisco Networking Academy Program is at the forefront of this transformation. This Cisco Press book is one in a series of best-selling companion titles for the Cisco Networking Academy Program. Designed by Cisco Worldwide Education and Cisco Press, these books provide integrated support for the online learning content that is made available to Academies all over the world. These Cisco Press books are the only books authorized for the Networking Academy by Cisco Systems. They provide print and CD-ROM materials that ensure the greatest possible learning experience for Networking Academy students. I hope you are successful as you embark on your learning path with Cisco Systems and the Internet. I also hope that you will choose to continue your learning after you complete the Networking Academy curriculum. In addition to its Cisco Networking Academy Program titles, Cisco Press publishes an extensive list of networking technology and certication

xxiii

publications that provide a wide range of resources. Cisco Systems has also established a network of professional training companiesthe Cisco Learning Partnersthat provide a full range of Cisco training courses. They offer training in many formats, including e-learning, self-paced, and instructor-led classes. Their instructors are Cisco-certied, and Cisco creates their materials. When you are ready, please visit the Learning & Events area at Cisco.com to learn about all the educational support that Cisco and its partners have to offer. Thank you for choosing this book and the Cisco Networking Academy Program. The Cisco Networking Academy Team Cisco Systems, Inc.

xxiv

IntroductionThis companion guide is designed as a desk reference to supplement your classroom and laboratory experience with version 3 of the CCNP 3 course in the Cisco Networking Academy Program. CCNP 3: Multilayer Switching is the third of four courses leading to the Cisco Certied Network Professional certication. CCNP 3 teaches you how to design, congure, maintain, and scale multilayer switched networks. You will learn to use VLANs, STP, VTP, inter-VLAN routing, redundancy, QoS, and security on Catalyst switches. While taking the course, use this companion guide to help you prepare for the Building Cisco Multilayer Switched Networks (BCMSN) 642-811 BCMSN exam, which is one of the four required exams to obtain the CCNP certication.

This Books GoalThe goal of this book is to build on the switching concepts you learned while studying for the CCNA exam and to teach you the foundations of advanced switching concepts. The topics are designed to prepare you to pass the Building Cisco Multilayer Switched Networks (BCMSN) exam (642-811 BCMSN). The Building Cisco Multilayer Switched Networks exam is a qualifying exam for the CCNP, CCDP, and CCIP certications. The 642-811 BCMSN exam tests materials covered under the new Building Cisco Multilayer Switched Networks course and exam objectives. The exam certies that the successful candidate has the knowledge and skills necessary to use multilayer switching to implement campus networks with Catalyst switches. The exam covers campus network design, STP, VTP, inter-VLAN routing, redundancy techniques, basic Cisco IP BCMSN Telephony, QoS, and security. The key methodologies used in this book are to help you discover the exam topics you need to review in more depth, to help you fully understand and remember those details, and to help you prove to yourself that you have retained your knowledge of those topics. This book does not try to help you pass by memorization; it helps you truly learn and understand the topics. This book focuses on introducing techniques and technology for enabling WAN solutions. To fully benet from this book, you should be familiar with general networking terms and concepts and should have basic knowledge of the following:

Basic Cisco router and Catalyst switch operation and conguration TCP/IP operation and conguration VLANs, STP, VTP, and inter-VLAN routing

xxv

This Books AudienceThis book has a few different audiences. First, it is intended for students who are interested in multilayer switching technologies. In particular, it is targeted toward students in the Cisco Networking Academy Program CCNP 3: Multilayer Switching course. In the classroom, this book serves as a supplement to the online curriculum. This book is also appropriate for corporate training faculty and staff members, as well as general users. This book is also useful for network administrators who are responsible for implementing and troubleshooting enterprise Cisco routers and router conguration. Furthermore, it is valuable for anyone who is interested in learning advanced switching concepts and passing the Building Cisco Multilayer Switched Networks (BCMSN) exam (642-811 BCMSN).

This Books FeaturesMany of this books features help facilitate a full understanding of the topics covered in this book:

ObjectivesEach chapter starts with a list of objectives that you should have mastered by the end of the chapter. The objectives reference the key concepts covered in the chapter. Figures, examples, tables, and scenariosThis book contains gures, examples, and tables that help explain theories, concepts, commands, and setup sequences that reinforce concepts and help you visualize the content covered in the chapter. In addition, the specic scenarios provide real-life situations that detail the problem and its solution. Chapter summariesAt the end of each chapter is a summary of the concepts covered in the chapter. It provides a synopsis of the chapter and serves as a study aid. Key termsEach chapter includes a list of dened key terms that are covered in the chapter. The key terms appear in color throughout the chapter where they are used in context. The denitions of these terms serve as a study aid. In addition, the key terms reinforce the concepts introduced in the chapter and help you understand the chapter material before you move on to new concepts. Check Your Understanding questions and answersReview questions, presented at the end of each chapter, serve as a self-assessment tool. They reinforce the concepts introduced in the chapter and help test your understanding before you move on to a new chapter. An answer key to all the questions is provided in Appendix A, Check Your Understanding Answer Key.

xxvi

Certication exam practice questionsTo further assess your understanding, you will nd on the companion CD-ROM a test bank of questions exclusive to Cisco Press that covers the full range of exam topics published by Cisco Systems for the CCNP BCMSN # 642-811 exam. The robust test engine is powered by Boson Software, Inc. Skill-building activitiesThroughout the book are references to additional skillbuilding activities to connect theory with practice. You can easily spot these activities by the following icons:Interactive Media Activities

Interactive Media Activities included on the companion CD are hands-on drag-anddrop, ll-in-the-blank, and matching exercises that help you master basic networking concepts.

Lab Activity

The collection of lab activities developed for the course can be found in the Cisco Networking Academy Program CCNP 3: Multilayer Switching Lab Companion Guide, Second Edition.

How This Book Is OrganizedAlthough you could read this book cover to cover, it is designed to be exible and to allow you to easily move between chapters and sections of chapters to cover just the material you need to work with more. If you do intend to read all the chapters, the order in which they are presented is the ideal sequence. This book also contains three appendixes. The following list summarizes the topics of this books elements:

Chapter 1, Campus Networks and Design ModelsGood design is the key to the operation and maintenance of a multilayer switched network. Campus networks can be described in terms of component building blocks. Campus network design includes correct placement of Layer 2, Layer 3, and multilayer devices in a campus network. Basic network management command-line operations with Catalyst switches are introduced. Chapter 2, VLANs and VTP This chapter explores the role of VLANs and VLAN protocols in modern campus networks. You learn how to congure VLANs on Catalyst switches. Trunk encapsulation types are discussed as well as trunk negotiation with DTP. You learn how to understand and use VLAN management tools, such as VLAN Trunking Protocol (VTP).

xxvii

Chapter 3, Spanning Tree Protocol (STP)IEEE 802.1D species Spanning Tree Protocol. STP uses a number of variables to calculate the shortest-path tree for a Layer 2 switched network. You learn what these variables are and how STP is affected by them. Cisco enhanced the 802.1D standard with the PortFast, UplinkFast, and BackboneFast extensions. A brief history of STP leading to the present is given. Vendor-neutral RSTP and MST are introduced. Load sharing with EtherChannel is also described. Chapter 4, Inter-VLAN RoutingInter-VLAN routing can be congured with various physical and logical topologies. A router with several physical LAN interfaces can route between distinct connected VLANs. A router connected to a switch via an ISL or IEEE 802.1Q trunk can route between VLANs. A multilayer switch can route between VLANs without the intervention of a router. Finally, Catalyst multilayer switch ports can be congured as Layer 3 ports (router interfaces), in which case they do not participate in any VLANs. On chassis-based Catalyst switches, inter-VLAN routing is performed by a number of different line cards and daughter cards, depending on the platform. Chapter 5, Multilayer SwitchingTwo methods of multilayer switching, also known as wire-speed routing, have been employed by Catalyst switches in the past. Ciscos MLS was used for several years before CEF was invented. MLS operation and conguration are discussed in this chapter. CEF is now a standard feature on Catalyst switches and Cisco routers. It provides a method for wire-speed routing by using dedicated ASICs and two data structures (adjacency table and FIB). Chapter 6, RedundancyRedundancy in network design is critical to organizations being able to maintain services to customers and internal users. Redundancy, resiliency, and availability are all terms used to describe a networks ability to deliver services even when devices or interfaces fail. The goal is to reach the ve nines of redundancymaintaining uptime of 99.999%, during which the network is continuously operating. Redundancy is explored in the following cases: Router redundancy with IRDP, HSRP, VRRP, and GLBP Redundant uplinks in Catalyst switches Power module redundancy in chassis-based Catalyst switches Supervisor engine redundancy in Catalyst 6500 switches with SRM Server redundancy via SLB

Chapter 7, Cisco AVVIDArchitecture for Voice, Video, and Integrated Data (AVVID) is Ciscos hardware and software solution for the integration of voice, video, and data. AVVID has largely been driven by IP telephony and the push to be an industry leader in the migration to an IP-based world of communication. This chapter touches on the various aspects of AVVID in general and IP telephony in particular. Whenever

xxviii

IP telephony is discussed, QoS is brought into the conversation, because QoS smoothes the integration of voice, video, and data; without QoS, IP telephony on an Internet scale would never be realized. QoS and its role in AVVID is introduced. Multicasting allows for sending data from one source to many receivers without burdening hosts or network devices that do not need to receive the trafc. Multicast trafc optimizes bandwidth utilization by using only the links necessary to get the trafc from the source to the destination. This chapter explains multicasting from scratch and builds to discussing the three major function areas for multicast protocols: between hosts and routers, between routers and switches, and between routers.

Chapter 8, Quality of ServiceQoS lets network engineers prescriptively optimize trafc utilization on network links. The primary force behind the growing dependence on QoS is the integration of voice, video, and data on IP networks. Service providers also use QoS to provide various classes of service to their customers. Cisco divides QoS subject matter into the following six areas: Classication Congestion management Congestion avoidance Policing and shaping Signaling Link efciency mechanisms QoS models fall under either the IntServ model or the DiffServ model. This chapter deals almost entirely with the DiffServ model, which is by far the most common model used in real-world QoS implementations.

Chapter 9, Monitoring and SecurityMonitoring refers to any software or hardware technology that lets the network engineer monitor network trafc. SPAN, VSPAN, and RSPAN are software technologies used on Catalyst switches for trafc monitoring. The network analysis module for the Catalyst 6500 is a dedicated link card used as a LAN monitoring tool. Security is just as important in a switched network as it is in any other part of an enterprise or campus network. Cisco has a growing list of technologies available on Catalyst switches to ensure the integrity and condentiality of data traversing the switched network. This chapter explores the most common network security options deployed in switched networks. The content in this chapter roughly falls under the categories of SPAN technologies, basic Catalyst switch security options, securing remote management of Catalyst switches, and securing user access via ACLs, AAA, and 802.1X authentication.

xxix

Chapter 10, Transparent LAN ServicesTransparent LAN services are employed in metropolitan-area networks to provide geographically remote Ethernet service, VLAN sanctity over MANs, and integration with various high-speed Layer 1 and Layer 2 ber-optic transports. Ciscos ONS product line, along with the Catalyst 3550 and Catalyst 6500 switches and the Cisco 7600 routers, comprise a collection of network devices that can deliver state-of-the-art TLS. Appendix A, Check Your Understanding Answer KeyThis appendix lists the solutions to the Check Your Understanding Questions in each chapter. Appendix B, Gigabit Ethernet and 10 Gigabit Ethernet Standards and OperationThis appendix introduces the Gigabit and 10 Gigabit Ethernet standards. Appendix C, Using the Catalyst Operating SystemThis appendix introduces the Catalyst operating system. Companies over the years have deployed Catalyst switches, such as the 4000, 5000, and 6000 family switches, using the CatOS. Many of these companies opt not to migrate to the IOS-based alternatives to the CatOS, so Cisco continues to support CatOS options for these switches. This appendix describes how to congure common LAN switching features using the Catalyst OS. GlossaryThe glossary lists all the key terms that appear throughout the book.

About the CD-ROMThe CD-ROM included with this book contains eighteen Interactive Media Activities from Cisco Systems, Inc. The Interactive Media Activities are hands-on drag-and-drop, ll-in-theblank, and matching exercises that help you master basic networking concepts. The CD-ROM also contains a test engine by Boson Software, Inc. with a total of 200 multiple choice, drag and drop, and ll in the blank practice exam questions that are exclusive to Cisco Press. The questions cover the full range of exam topics published by Cisco Systems for the CCNP BCMSN # 642-811 exam. Boson Software, Inc. is a software and training company specializing in test preparation and hands-on skills acquisition product development. Boson was among the rst software vendors to support Cisco certications, and is now an authorized Cisco Learning Partner as well as Premier Reseller. Additional Boson practice tests, simulation products, and other study aids are available at www.boson.com.

ObjectivesAfter completing this chapter, you will be able to perform tasks related to the following:

Understand the multilayer switching approach to campus networking. Explain the correct placement of Layer 2, Layer 3, and multilayer devices on a campus network. Develop a logical design for the network irrespective of any product that might be implemented to guarantee continued scalability. Perform basic command-line interface (CLI) operations on Cisco Catalyst switches, such as command-line recall, command editing, and uploading and downloading code images and conguration les.

Chapter 1 Campus Networks and Design ModelsAs corporate intranets continue to evolve, network managers and architects are faced with a multitude of options in building and modifying their networks. Starting from a premise that the existing environment already has a combination of switches and routers within the network, this chapter shows you how to scale the campus intranet to meet the ever-increasing demands of the business. In this chapter, you learn about the approach to campus networking called multilayer switching. This chapter discusses the correct placement of Layer 2, Layer 3, and multilayer devices on a campus network. This chapter also describes a set of building blocks, which presents a logical design for the network irrespective of any product that might be implemented. The success of any campus intranet is based on the placement of network services that, when applied correctly, guarantee continued scalability. Finally, this chapter describes the command-line interface (CLI) on Cisco switches, including aspects such as command-line recall, command editing, uploading and downloading code images, and conguration les.

Overview of a Campus NetworkHere, traditional campus networks and their trafc patterns are described, followed by a discussion of the evolving trafc patterns in modern campus networks and their requirements.

4

Chapter 1: Campus Networks and Design Models

Traditional Campus NetworksIn the early days of networking, primarily research universities and the military experimented with computer networks. The term campus network derives from networks built on university campuses. Today, the term is used more broadly to include networks that span corporate campuses, consisting of buildings, portions of a building, or a collection of colocated buildings. Campus size is an important factor in network design. A large campus has several or many colocated buildings, a medium campus has one or several colocated buildings, and a small campus resides within a single building. Historically, campus networks consisted of a single LAN to which new users were added simply by connecting anywhere on the LAN. Because of the distance limitations of the networking media, campus networks usually were conned to a building or several buildings in close proximity, as shown in Figure 1-1.Figure 1-1 Traditional Campus Networks Connected Small Groups of Users to Share Local Resources

Broadcast Domain

Collision Domain 1

Collision Domain 2

The LAN was a physical network that connected the devices. In the case of Ethernet, all the devices shared the available half-duplex 10-Mbps network. Because of the carrier sense multiple access collision detect (CSMA/CD) access method used by Ethernet, the whole LAN was a single collision domain (such as Collision Domain 1 in Figure 1-1). Few design considerations were needed to provide user access to the network backbone. Because of Ethernets inherent limitations, physically adjacent users were sometimes connected to a single access device to minimize the number of taps into the backbone. Although hubs (see Figure 1-2) met this requirement and became standard devices for multiple network access, increased user demand quickly slowed network performance.

Overview of a Campus Network

5

Figure 1-2 Traditional Campus Networks Typically Used Hubs to Connect UsersWorkgroup Server Workgroup Server Workgroup Server

Building A Access LayerHubs

Building B

Building C

Hubs

Hubs

Distribution Layer

Core Layer

FDDI Backbone Dual-HomedEthernet or Fast Ethernet Port FDDI Port

FDDI Dual Ring Enterprise Servers

WDM LAN PH

Issues with Traditional Campus Network DesignsThe two major problems with traditional networks have always been availability and performance. These two problems are both affected by the amount of bandwidth available. In a single collision domain, frames are visible to all devices on the LAN and are free to collide. Multiport Layer 2 devices, such as bridges and switches, are used to segment the LAN into discrete collision domains and forward Layer 2 data frames to only the segment of the network that contains the destination address. For example, a 48-port switch has 48 collision domains. Because the Layer 2 ports separate the LAN into distinct physical segments, they also help resolve issues related to Ethernets distance limitations. However, frames containing the broadcast Media Access Control (MAC) address are still ooded throughout the entire broadcast domain. A single network device could malfunction and ood the network with noise, and this could bring down the network. This is where routers come in. Because routers operate at Layer 3 of the Open System Interconnection (OSI) model, they can make intelligent decisions about the ow of data to and from a network segment. Routers do not forward broadcasts, so if noise from excessive broadcasts cripples one logical segment, the router does not forward those broadcasts to other logical segments. Trafc that polls the network about component status or availability and that advertises network component status or availability can affect network performance. Two common types of broadcasts that poll the network are IP Address Resolution Protocol (ARP) requests and

6

Chapter 1: Campus Networks and Design Models

NetBIOS name requests. These broadcasts are normally propagated across an entire subnet and expect the target device to respond directly to the broadcast. In addition to broadcasts, multicast trafc can also consume a large amount of bandwidth. Multicast trafc is propagated to a specic group of users, so if deployed correctly, it actually conserves bandwidth relative to broadcast trafc. Depending on the number of users in a multicast group or the type of application data contained in the multicast packet, multicast trafc can consume most, if not all, of the network resources. An example of a multicast implementation is the Cisco IP/TV solution, which uses multicast packets to transport multimedia such as audio and video. As networks grow, so does the amount of broadcast trafc on the network. Excessive broadcasts reduce the bandwidth available to the end users and force end-user nodes to waste CPU cycles on unnecessary processes. In a worst-case scenario, broadcast storms can effectively shut down the network by monopolizing the available bandwidth. Two methods can address the broadcast issue for large switched LAN sites:

Using routers to create many subnets and logically segment the trafc Implementing virtual LANs (VLANs) within the switched network

With the option to use routers (see Figure 1-3), broadcasts do not pass through routers. Although this approach contains broadcast trafc, the CPU of a traditional router has to process each packet. This scenario can create a bottleneck in the network. If a router has an interface on a subnet in which a broadcast storm is occurring, the router CPU might be interrupted to the extent that the router is unable to process packets destined for other networks in a timely fashion.Figure 1-3 Routers Segment Trafc into Independent Broadcast Domains

10.1.1.0

10.1.2.0

10.1.3.0

Overview of a Campus Network

7

Figure 1-4 depicts the option to implement VLANs within the switched network. For the purpose of this curriculum, VLANs are basically dened as broadcast domains. A VLAN includes a group of end devices that populate multiple physical LAN segments and switch ports. They communicate as if they were on a single LAN segment. One of the primary benets of LAN switches with VLANs is that they can be used to effectively contain broadcast trafc and manage trafc ows. A router is required for trafc to traverse between VLANs. Although routers are almost always part of a network where VLANs exist, a switch also prevents broadcast trafc from one VLAN from affecting another VLAN.Figure 1-4 VLANs Allow for More Flexible Arrangements of Broadcast Domains

VLAN1

VLAN2

VLAN3

Traditional 80/20 Rule of Network TrafcIdeally, end users with common interests or work patterns are placed in the same logical network as the servers they access most. Most of the trafc within these logical networks is contained on the local LAN segment. This simple task effectively minimizes the load on the network backbone. As shown in Figure 1-5, the 80/20 rule (pertinent through much of the 1990s) states that in a properly designed network, 80 percent of the trafc on a given network segment is local. No more than 20 percent of the network trafc should move across the networks backbone. Backbone congestion indicates that trafc patterns are not meeting the 80/20 rule. In this

8

Chapter 1: Campus Networks and Design Models

case, rather than adding switches or replacing hubs with switches, network administrators can improve network performance by doing one of the following:

Moving resources such as applications, software programs, and les from one server to another to contain trafc locally within a workgroup Moving users logically, if not physically, so that the workgroups more closely reect the actual trafc patterns Adding servers so that users can access them locally without having to cross the backbone

Figure 1-5 The 80/20 Rule of Network Trafc

80+% VLAN1 Local Traffic

VLAN2

80+% Local Traffic

VLAN3 80+% Local Traffic 20% Remote Traffic

The New 20/80 Rule of Network TrafcIn todays networks, trafc patterns are moving toward what is called the 20/80 model (see Figure 1-6). In the 20/80 model, only 20 percent of trafc remains local to the workgroup LAN, and 80 percent of the trafc leaves the local network. Two factors have contributed to these changing trafc patterns:

The InternetWith web-based computing and Internet applications, a PC can be a tool for both publishing and accessing information. So information can now come from anywhere in the network, potentially creating massive amounts of trafc crossing subnet boundaries. Users hop transparently between servers across the enterprise by using hyperlinks, without having to worry about where the data is located. Server farmsThe second factor leading to the decline of local-centric networks is the move toward server consolidation. Enterprises are deploying centralized server farms for security purposes, ease of management, and reduced cost of ownership. All trafc from the client subnets to these servers must travel across the campus backbone.

Overview of a Campus Network

9

Figure 1-6 The 20/80 Rule of Network Trafc

20% VLAN1 Local Traffic

VLAN2

20% Local Traffic

80+% Remote Traffic VLAN3 20% Local Traffic

However, this change in trafc patterns requires the Layer 3 performance to approximate the Layer 2 performance. Because routing is a CPU-intensive process, this Layer 3 processing can create network bottlenecks. This increased reliance on Layer 3 processing is an important factor driving the continued increase in requirements on campus networks.

Key Requirements of the Evolving Campus StructureThe key requirements placing pressure on the emerging campus designs are as follows:

Fast convergenceThis requirement stipulates that the network must be able to adapt very quickly to changes in the network topology, such as failed links and insertion of new devices on the network. Fast convergence becomes even more critical as the campus network grows in geographic scope. Deterministic pathsThis requirement allows a device or administrator to make a decision based on the desirability of a given path to a destination for certain applications or user groups. RedundancyThis requirement species that a mechanism, such as redundant links, devices, or modules, is in place to ensure that the network is operational at all times. ScalableThis requirement states that as the network grows and new applications are added, the infrastructure must be able to handle the increased trafc demands. Centralized applicationsThis requirement dictates that centralized applications must be available to support most or all users on the network. The server farm is in a centralized location using the same hop count for each area of the network. The new 20/80 ruleThis requirement focuses on the shift in traditional trafc patterns.

10

Chapter 1: Campus Networks and Design Models

Multiprotocol supportThis requirement species that campus networks must be able to support multiprotocol environments, such as mixed Internet Protocol (IP) and Internetwork Packet Exchange (IPX) environments. MulticastingThis requirement demands that campus networks be able to support IP multicast trafc in addition to IP unicast trafc.

Evolving Campus StructureIncreased user demands and complex applications have forced network designers to focus on the networks actual trafc patterns. Networks can no longer be divided into subnetworks based only on the number of users. The emergence of enterprise servers that run applications serving all users also has a direct effect on the load across the network. A higher trafc load across the entire network results in the need for more efcient routing and switching techniques. In the new campus model, trafc patterns dictate the placement of the services required by the end user. To service the local trafc, Layer 2 switches have moved to the edge of the network and into the wiring closets. These switches connect end-user devices and servers into a common workgroup. Services can be separated into three categories:

Local services Remote services Enterprise services

A local service is one in which the entities that provide the service reside on the same subnet and, therefore, the same virtual network as the user. Local services remain in specic areas of the network. Trafc to and from local services is conned to links between the server, the switches, and the end users. Local trafc does not enter the network backbone or pass through a router. A remote service is an entity that might be geographically close to the end user but that is not on the same subnet or VLAN as the user. Trafc to and from remote services might or might not cross the backbone. Requests for the remote services have to cross broadcast domain boundaries because these services are remote to the requesting end user. Therefore, switches must connect to Layer 3 devices to allow for access to remote services. Enterprise services are services common to all users. Examples of enterprise services are e-mail, Internet access, and videoconferencing. Because all users need to access enterprise services, these servers and services exist within a separate subnet placed close to the backbone. Because enterprise services exist outside the end users broadcast domain, Layer 3 devices are required to access these services. The enterprise services might or might not be grouped by Layer 2 switches.

Key Characteristics of Various Switching Technologies

11

Assuming a hierarchical design, placing the enterprise servers close to the backbone ensures the same distance from each user. It also means that all trafc going to an enterprise server indeed crosses the network backbone.Interactive Media Activity Drag and Drop: Evolving Campus Structure

This activity helps you understand local, remote, and enterprise services.

Key Characteristics of Various Switching TechnologiesTwo primary factors govern a switched networks success:

Availability Performance

Other factors include

Reliability Scalability Cost

The range and variety of services now available on modern switches are extensive, can be overwhelming, and will continue to evolve over time because these services are driven by customer needs. Focus on the core concepts of these technologies instead of expecting to master each one. Many of these technologies will be replaced by completely independent solutions in the coming years.

OverviewModern networks should support data, voice, and video. This means the network devices must support quality of service (QoS) and multicast technologies. QoS is needed to provide acceptable levels of service to the end user. During periods of congestion, a QoS policy ensures that certain types of trafc, dened by the network engineer, receive preferential treatment over other types of trafc. In addition, QoS is not effective when chronic congestion exists. QoS is better suited to handle occasional periods of congestion. The network should also have a high-speed, reliable backbone. This means that one or more switches need to support large ca