Exploration LAN Switching Semester 3

8/14/2019 Exploration LAN Switching Semester 3

1/187

2006 Cisco Systems, Inc. All rights reserved. Cisco PublicITE I Chapter 6 1

LAN Design

LAN Switching and Wireless Chapter 1


2/187

2006 Cisco Systems, Inc. All rights reserved. Cisco PublicITE 1 Chapter 6 2

Objectives Describe how a hierarchical network supports the

voice, video and data needs of a small and medium-

sized business. Match the appropriate Cisco switch to each layer in

the hierarchical network design model.


3/187


Describe how a Hierarchical Network Supports

the Needs of a Small & Medium-Sized Business Describe the key principles of hierarchical network

design


4/187



the Needs of a Small & Medium-Sized Business


5/187



the Needs of a Small & Medium-Sized Business


6/187 2006 Cisco Systems, Inc. All rights reserved. Cisco PublicITE 1 Chapter 6 6


the Needs of a Small & Medium-Sized Business Describe the role of a converged network in supporting

small and medium-sized (SMB) business voice, video,

and data needs



Match the Appropriate Cisco Switch to each

Layer in the Hierarchical Network Design Model Identify the considerations used to select a switch for a

hierarchical network



Match the Appropriate Cisco Switch to each

Layer in the Hierarchical Network Design Model Identify the key features of switches that are used in

hierarchical networks



Match the Appropriate Cisco Switch to eachLayer in the Hierarchical Network Design Model

Identify the key features of switches that are used inhierarchical networks




Identify the switch features found in each level in ahierarchical network



Summary Hierarchical Design model addresses performance,

scalability, maintainability & manageability issues.

Traffic Analysis is used to monitor networkperformance.

Hierarchical Design Model is composed of 3 layers:

Access

Distribution

Core

Switches selected for each layer must meet the needsof each hierarchical layer as well as the needs of thebusiness.


14/187 2006 Cisco Systems, Inc. All rights reserved. Cisco PublicITE I Chapter 6 1

Configure a Switch




Objectives Summarize the operation of Ethernet as defined for

100/1000 Mbps LANs in the IEEE 802.3 standard.

Explain the functions that enable a switch to forwardEthernet frames in a LAN.

Configure a switch for operation in a network

designed to support voice, video, and datatransmissions.

Configure basic security on a switch that will operate

in a network designed to support voice, video, anddata transmissions.



Summarize the operation of Ethernet asdefined for 100/1000 Mbps LANs in the IEEE

802.3 standard Describe the key elements of Ethernet/802.3 networks:

CSMA/CD, half-, full-duplex, collisions

Ethernet frame, MAC address




802.3 standard Describe the design considerations for Ethernet/802.3

networks




802.3 standard

Describe the LAN design considerations to reduce network latency



Describe the switch forwarding methods: store-and-forawd & cut-through (fast-forward, fragment-free)

Explain the Functions that Enable a Switch to

Forward Ethernet Frames in a LAN




Forward Ethernet Frames in a LAN Explain symmetric and asymmetric Switching


21/187




Forward Ethernet Frames in a LAN Compare Layer 2 with Layer 3 switching



Configure a Switch for Operation in a Network Describe the Cisco IOS commands used to navigate

the command-line


24/187



Configure a Switch for Operation in a Network Describe the Cisco IOS commands used to access the

command history


26/187


Configure a Switch for Operation in a Network Describe the boot sequence of a Cisco switch


27/187


Configure a Switch for Operation in a Network Describe how to prepare the switch to be configured


28/187


Configure a Switch for Operation in a Network Describe how to perform a basic switch configuration


29/187


Configure a Switch for Operation in a Network

Describe how to perform a basic switch configuration


30/187


31/187


Configure a Switch for Operation in a Network Describe how to manage the Cisco IOS configuration

files


32/187


Configure Basic Security on a Switch Describe the Cisco IOS commands used to configure

password options


33/187


Describe the Cisco IOS commands used to configure alogin banner

Configure Basic Security on a Switch


34/187


Describe the how to configure Telnet and SSH on aswitch



35/187


Describe the key switch security attacks: MAC addressflooding, spoofing attacks, CDP attacks, and Telnet

attacks



36/187


Configure Basic Security on a Switch Describe the key switch security attacks: MAC address flooding,spoofing attacks, CDP attacks, and Telnet attacks


37/187


Describe how network security tools are used toimprove network security



38/187


Describe why you need to secure ports on a switchConfigure Basic Security on a Switch


39/187


Describe the Cisco IOS commands used to disableunused ports



40/187



Secure MAC Address Types


41/187




42/187




43/187


Summary

LAN Design

Process that explains how a LAN is to be

implemented

Factors to consider in LAN design include

Collision domainsBroadcast domains

Network latency

LAN segmentation


44/187


Summary

Switch forwarding methods

Store & forward used by Cisco Catalyst switches

Cut through 2 types

Cut throughFast forwarding


45/187


Summary

Symmetric switching

Switching is conducted between ports that have thesame bandwidth

Asymmetric switching

Switching is conducted between ports that haveunlike bandwidth


46/187


Summary

CISCO IOS CLI includes the following features

Built in helpCommand history/options

Switch security

Password protection

Use of SSH for remote access

Port security


47/187



48/187


VLANs



49/187


Objectives

Explain the role of VLANs in a converged network.

Explain the role of trunking VLANs in a converged

network.

Configure VLANs on the switches in a convergednetwork topology.

Troubleshoot the common software or hardwaremisconfigurations associated with VLANs on switchesin a converged network topology.


50/187


Explain the Role of VLANs in aConverged Network

Explain the role of VLANs in a converged network


51/187




52/187




53/187



Benefits of VLANs

E l i h R l f VLAN i


54/187



VLAN characteristics

E l i h R l f VLAN i


55/187




56/187

E l i th R l f VLAN i


57/187





58/187





59/187




60/187


Explain the Role of Trunking VLANs in aConverged Network

Explain the role of a trunk when using multiple VLANsin a converged network


61/187


Explain the Role of Trunking VLANs in aConverged Network 802.1Q tagging

The tag control information field contains:

3 bits of user priority - Used by the 802.1pstandard, which specifies how to provideexpedited transmission of Layer 2 frames. Adescription of the IEEE 802.1p is beyond thescope of this course; however, you learned alittle about it earlier in the discussion on voice

VLANs. 1 bit of Canonical Format Identifier (CFI) -

Enables Token Ring frames to be carriedacross Ethernet links easily.

12 bits of VLAN ID (VID) - VLAN identification

numbers; supports up to 4096 VLAN IDs.

E plain the Role of VLANs in a


62/187



Describe how to manage broadcast domains withVLANs

Explain the Role of Trunking VLANs in a


63/187



Describe how a trunk works



64/187



Dynamic Trunking Protocol (DTP)



65/187



Dynamic Trunking Protocol (DTP)

C fi VLAN h S i h i


66/187


Configure VLANs on the Switches in aConverged Network Topology

Describe the steps to configure trunks and VLANs

Configure VLANs on the Switches in a


67/187



Describe the Cisco IOS commands used to create aVLAN on a Cisco Catalyst switch



68/187





69/187



Describe the Cisco IOS commands used to manageVLANs on a Cisco Catalyst switch



70/187



Describe the Cisco IOS commands used to create atrunk on a Cisco Catalyst switch



71/187



Describe the Cisco IOS commands used to create atrunk on a Cisco Catalyst switch

T bl h t C S ft H d


72/187


Troubleshoot Common Software or HardwareMisconfigurations Associated with VLANs

Troubleshoot Common Software or Hardware


73/187




74/187

Troubleshoot Common Software or Hardware


75/187


IP subnet mismatch



76/187


Summary

VLANS

Allows an administrator to logically group devices

that act as their own network

Are used to segment broadcast domains

Some benefits of VLANs includeCost reduction, security, higher performance,better management


77/187


Summary

Types of Traffic on a VLAN include

DataVoice

Network protocol

Network management Communication between different VLANs requires the

use of

Routers


78/187


Summary

Trunks

A common conduit used by multiple VLANS forintra-VLAN communication

EEE 802.1Q

The standard trunking protocol

Uses frame tagging to identify the VLAN to which a

frame belongsDoes not tag native VLAN traffic


79/187



80/187


Implement VTP



81/187


Objectives

Explain the role of VTP in a converged switchednetwork

Describe the operation of VTP: VTP domains, VTPModes, VTP Advertisements, and VTP Pruning.

Configure VTP on the switches in a converged

network.

Explain the Role of VTP in a Converged


82/187


Explain the Role of VTP in a ConvergedSwitched Network

Explain the role of VTP in a multi-switch network



83/187





84/187





85/187




86/187


Describe the Operation of VTP


87/187



Explain the role of domains in VTP


88/187




89/187



Describe how VTP exchanges domain and VLANinformation between switches in the same VTP domain


90/187





91/187





92/187



VTP revision number


93/187



Describe the role VTP modes play in enabling VTP todistribute and synchronize domain and VLANconfiguration information in a network


94/187



Describe the role VTP modes play in enabling VTP todistribute and synchronize domain and VLANconfiguration information in a network


95/187



Explain how VTP pruning functions

Configure VTP on the Switches in a


96/187


gConverged Network

Configure VTP on a Cisco Catalyst Switch



97/187


gConverged Network

Configure VTP domain on server & client



98/187


Converged Network

Configure VTP mode



99/187


Converged Network

Manage VLANs on a VTP enabled network (Server)



100/187


Converged Network

Assign ports to VLANs on VTP Clients



101/187


Converged Network

Identify and troubleshoot common VTP configurationproblems



102/187


Converged Network




103/187


Converged Network


S


104/187


Summary

VTP is a Cisco proprietary protocol used to exchangeVLAN information across trunk links.

A switch can be in one of 3 VTP operating modes

Client

Cannot create, modify or delete VLAN

ServerCan create, modify & delete VLAN

Transparent

Can create, modify, & delete LOCAL VLANForwards VTP advertisements.

S


105/187


Summary

VTP pruning

Limits unnecessary dissemination of VLAN information. Verify VTP configuration

Show VTP status

Show interfaces trunk


106/187



107/187


Implement SpanningTree Protocols


Obj ti


108/187


Objectives

Explain the role of redundancy in a convergednetwork

Summarize how STP works to eliminate Layer 2 loopsin a converged network

Explain how the STP algorithm uses three steps to

converge on a loop-free topology Implement rapid per VLAN spanning tree (rapid

PVST+) in a LAN to prevent loops between redundant

switches.

Explain the Role of Redundancy in aC d S it h d N t k


109/187


Converged Switched Network

Redundancy in a hierarchical network which path?



110/187



Redundancy in a hierarchical network path failure



111/187



Redundancy can disable a hierarchical network

Layer 2 loops may occur


112/187


broadcast

Layer 2 loops may occur


113/187


CAM change

Broadcast Storms


114/187


Spanning Tree Topology


115/187


Summarize How STP works to EliminateLayer 2 Loops in a Converged Network


116/187


Layer 2 Loops in a Converged Network



117/187





118/187





119/187



24576 or x4096below lowest BID

28672

Default priority:32768



120/187





121/187



Explain the role of the BPDU in STP



122/187



Describe the role of STP port states and BPDU timersin the operation of STP

Explain How the STP Algorithm Uses ThreeSteps to Converge on a Loop Free Topology


123/187


Steps to Converge on a Loop-Free Topology

Define convergence for a switched network andsummarize the 3 step process STP uses to create aloop free topology

Explain How the STP Algorithm Uses ThreeSteps to Converge on a Loop-Free Topology


124/187



Explain the STP decision sequence is used to elect aroot bridge for a network



125/187



Describe the process of electing a root port on a switch



126/187



Describe the process of electing designated ports andnon-designated ports on a switch



127/187





128/187



The port ID is appended to theport priority. For example, switch

port F0/2 has a default portpriority value of 112.2, where

112 is the configurable portpriority value, and .2 is the portID. (128 default)



129/187



Cisco PortFast Technology


130/187


Cisco PortFast Technology


131/187



132/187

Implement Rapid per VLAN SpanningTree (rapid PVST+) in a LAN


133/187


Tree (rapid PVST+) in a LAN

Describe the features of PVST+



134/187





135/187





136/187



Describe the features of RSTP



137/187





138/187


ee ( ap d S +) a

Describe RSTP edge ports



139/187


( p )

Describe the RSTP link types



140/187


( p )

Describe the RSTP port states and port roles



141/187


( p )

Describe how to configure rapid PVST+



142/187


( p )

Describe how to configure rapid PVST+



143/187


( p )

Describe how to design STP to avoid problems



144/187


( p )

Describe how to identify and solve the key STPconfiguration issues

Summary


145/187


y

Spanning Tree Protocol (STP) is used to prevent loopsfrom being formed on redundant networks

STP uses different port states & timers to logicallyprevent loops

There is at least one switch in a network that serves as

the root bridgeRoot bridge is elected using information found in BPDU frames

Root ports are determined by the spanning tree

algorithm and are closest to the root bridge

Summary


146/187


y

STP lengthy convergence time (50 seconds) facilitatedthe development of:

RSTP

convergence time is slightly over 6 seconds

Rapid PVST+

adds VLAN support to RSTP

is the preferred spanning-tree protocol on a Cisco switch

netowrk


147/187



148/187


Implement Inter-VLAN Routing


Objectives


149/187


Explain to the satisfaction of a qualified instructor hownetwork traffic is routed between VLANs in aconverged network.

Configure inter-VLAN routing on a router to enablecommunications between end-user devices onseparate VLANs

Troubleshoot common inter-VLAN connectivityissues.

Explain How Network Traffic is RoutedBetween VLANs in a Converged Network


150/187




151/187


Describe the routing options between VLANs

native

native

802.1q



152/187


Describe the role of interfaces and subinterfaces insupporting inter-VLAN routing

native

802.1q

802.1q

Configure Inter-VLAN Routing


153/187




154/187




155/187


Performance

-Because there is no contention for bandwidth on separatephysical interfaces, physical interfaces have better performancewhen compared to using subinterfaces.

-When subinterfaces are used for inter-VLAN routing, the trafficbeing routed competes for bandwidth on the single physical

interface. Access Ports and Trunk Ports

-Connecting physical interfaces for inter-VLAN routing requires

that the switch ports be configured as access ports.-Subinterfaces require the switch port to be configured as atrunk port so that it can accept VLAN tagged traffic on the trunklink.



156/187


Cost - financially, it is more cost-effective to usesubinterfaces over separate physical interfaces.Routers that have many physical interfaces cost morethan routers with a single interface. The same withswitches.

Complexity-Using subinterfaces for inter-VLAN routing results in a lesscomplex physical configuration than using separate physicalinterfaces, because there are fewer physical network cables

interconnecting the router to the switch.-On the other hand, using subinterfaces with a trunk port resultsin a more complex software configuration, which can bedifficult to troubleshoot.



157/187


Port Limits

-Physical interfaces are configured to have one interface perVLAN on the network. On networks with many VLANs, using asingle router to perform inter-VLAN routing is not possible.Routers have physical limitations that prevent them fromcontaining large numbers of physical interfaces.

-Subinterfaces allow a router to scale to accommodate moreVLANs than the physical interfaces permit. Inter-VLAN routingin large environments with many VLANs can usually be betteraccommodated by using a single physical interface with manysubinterfaces.

Troubleshoot Common Inter-VLANConnectivity Issues


158/187


When using the traditional routing model for inter-VLANrouting, ensure that the switch ports that connect to therouter interfaces are configured on the correct VLANs.



159/187


When you suspect that there is a problem with a switchconfiguration, use the various verification commands toexamine the configuration and identify the problem.

One of the most common inter-VLAN routerconfiguration errors is to connect the physical routerinterface to the wrong switch port, placing it on theincorrect VLAN and preventing it from reaching theother VLANs.



160/187


Describe the common switch configuration Issues

VLANmismatch



161/187


Describe the common IP Addressing Issues

WrongAddressSpace



162/187


Describe the common IP Addressing Issues

Trunkproblem



163/187



164/187

Summary

Router on a stick


165/187


this is an inter-VLAN routing topology that uses router subinterfaces connected to a layer 2 switch.

Each Subinterface must be configured with:

An IP address

Associated VLAN number

Configuration of inter VLAN routing

Configure switch ports connected to router with correct VLAN

Configure each router subinterface with the correct IP address& VLAN ID

Verify configuration on switch and router


166/187



167/187


Configure a WirelessRouter


Objectives


168/187


Describe the components and operations of basicwireless LAN topologies.

Describe the components and operations of basicwireless LAN security.

Configure and verify basic wireless LAN access.

Configure and troubleshoot wireless client access.

Explain the Components and Operationsof Basic Wireless LAN Topologies


169/187


Describe why wireless LANs are a popular choice forsmall business LAN implementations



170/187


Describe the 802.11 wireless standards



171/187


Describe the components of a 802.11-based wirelessinfrastructure



172/187


Describe how wireless networks operate



173/187


Describe how to plan a wireless LAN

Explain the Components and Operationsof Basic Wireless LAN Security


174/187


Describe the threats to wireless LAN security



175/187


Describe the wireless protocols. The description willinclude a description of 802.1x, a comparison of WPAand WPA2 as well as comparison of TKIP and AES



176/187


Describe how to secure a wireless LAN from the keysecurity threats

Configure and Verify Basic Wireless LANAccess


177/187


Configure a wireless access point

Configure and Verify Basic Wireless LANAccess


178/187


Configure a wireless NIC

Configure and Troubleshoot WirelessClient Access


179/187


Describe how to solve access point firmware issues



180/187


Describe how to solve incorrect channel settings



181/187


Describe how to solve common RF interference issues



182/187


Describe how to correct antenna misplacement



183/187


Describe how to solve the common problemsassociated with wireless LAN encryption types



184/187


Describe how to solve authentication problemsassociated with wireless LANs

Summary

Wireless LANs se standards s ch as


185/187


Wireless LANs use standards such as

IEEE 802.11a

IEEE 802.11b

IEEE 802.11g

IEEE 802.11n

Basic Service setMobile clients use a single access point for connectivity

Extended service set

Multiple access point that share an SSID

Summary

WLAN security practices/methods include

MAC address filtering


186/187


MAC address filtering

SSID making

Implementing WPA2

Configuration of wireless NIC and access point

Configure both of them the same way

SSID

Ensure that the latest firmware is installed

Troubleshooting WLANs include doing the following:

Check channel settingCheck for interference


187/187

Documents

Exploration LAN Switching Semester 3