Upload
others
View
1
Download
0
Embed Size (px)
Citation preview
I N D E X
Symbols! (exclamation point) character, 124# (pound sign) character, 124
Numerics10GBASE-xyz, naming conventions, 6910GE, 68
distance limitations, 70–7110-Mbps Ethernet, 62802.1D, compatibility with RSTP, 250802.1Q, 176
misconfiguring, 178802.11 operational standards, 830–831802.11a standard, 834–835
calculating bandwidth, 838channel reuse, 836–838
802.11b standard, calculating bandwidth, 838802.11b/g standard, channel reuse, 836802.11g standard, 832–834
calculating bandwidth, 838
AAAA
accounting, configuring, 660–665authentication, configuring, 658–661authorization, configuring, 659–663on Cisco IOS-based Catalyst switches,
configuring, 658, 665–666aaa new-model command, 106absorption, 824access layer, 25access networks, 44access
to vty lines, securing, 654unauthorized, 95
access-layer switches, 64accounting, 660
configuring, 663–665ACLs (access control lists), 5
applying, 679–680configuring on Cisco Catalyst switches, 653PACLs, applying, 683–684RACLs, applying, 680–681VACLs, applying, 681–683
active keyword, 537active scanning, 857ad hoc mode, 815, 819adding switches, 206Address Resolution Protocol. See ARPaddresses
globally scoped, 506GLOP, 506–507IP multicast, 502limited-scope, 506MAC address notification, 337–338reserved link local, 505–506source-specific multicast, 506virtual MAC, VRRP, 596
adjacencies, 428adjacency tables, 413–414ADSL (asymmetric digital subscriber line), 71ADU (Aironet Desktop Utility), 860AES (Advanced Encryption Standard), 859AES-CCMP (Advanced Encryption Standard-
Counter Mode with Cipher Block Chaining Message Authentication Code Protocol), 852
agents, DHCP relay, 399aggregate policers, 468aggressive mode UDLD, 356–358
case study, 360–364configuration exercises, 374versus Loop Guard, 292
answers to review questionschapter 1, 881–883chapter 10, 892–893chapter 11, 893–894chapter 12, 894–895chapter 13, 895chapter 14, 896chapter 15, 897chapter 16, 897chapter 17, 898chapter 18, 899–900chapter 2, 884–885chapter 3, 885–886
902
chapter 4, 886–888chapter 5, 888–889chapter 6, 889chapter 7, 890–891chapter 8, 891chapter 9, 892
antenna diversity, 829antennas, 827
highly directional, characteristics of, 829omnidirectional, characteristics of, 828RP-TNC connectors, 829selecting, 828semidirectional, characteristics of, 829
AP-manager interfaces, 861–862application layer (Cisco SONA), 19applications
Cisco AVVID, 21statistics, checkuing, 311
applying ACLs, 679–680PACLs, 683–684RACLs, 680–681VACLs, 681–683
APsactive scanning, 857autonomous, 816Cisco Airespace, roaming, 848
Layer 2 roaming, 849Layer 3 roaming, 850–851
Cisco Airespace AP, 841Cisco Aironet 1500 Series Lightweight Outdoor
Mesh AP, 818Cisco wireless client AP association, 856–857Lightweight, 816–817
comparing with autonomous, 844–845managing, 845–846
LWAPP, 852AP association, 854–855combining with autonomous APs,
855–856Layer 2, 853Layer 3, 853
microcell architecture, 823passive scanning, 856wireless repeaters, 820
ARP (Address Resolution Protocol), 13throttling, 416–418
ASICs (application-specific integrated circuits), 6, 295
memory limitations, 7assured forwarding, 451–452asymmetrical routing, 674attenuation, 760, 824authentication, 658
802.1X, 675–677configuring, 661VTP, 192
authorization, 659–660configuring, 661–663
auto-negotiation issues, 67autonomous APs, 816
combining with LWAPP, 855–856comparing with lightweight APs, 844–845
Auto-RP, 517availability of VoIP, 4AVPs (attribute-value pairs), 659AVVID (Architecture for Voice, Video and
Integrated Data). See Cisco AVVIDAWP (Adaptive Wireless Path) protocol, 818
Bbaby giants, 177, 346BackboneFast, 280
configuration exe, 301, 304–306configuring, 284in RSTP, 247link failures, 281
backup ports, 245backup root bridges, 231bandwidth provisioning in IP telephony
installations, 629–630best practices for IP Telephony deployment in
Enterprise Composite Network Model, 633–634
bidir-PIM, 516binary image mode (Cisco IOS Software
Modularity), 572black holes, preventing with Loop Guard,
289–291blocking state, 226boot system flash command, 121bootstrap router (BSR), 518
answers to review questions
903
both keyword, traffic monitoring with SPAN, 768BPDUs (bridge protocol data units), 223
filtering, 286format, 246–247frame formats, 224TCN, 233timers, 224
BPDU Guard, 278, 284bridge IDs, 222bridge virtual interface (BVI), 393bridging
backup/primary root, 231loops, 218
building loop-free networks, 220Loop Guard, 290preventing, 219–220troubleshooting, 297
signaling topology changes, 233–235study tips, 260–261
broadcast domains, 9broadcast suppression, 344–345broadcasting packets, 502BSA (basic service area), 819BSR (bootstrap router), 518BSSs (Basic Service Sets), 819building
Layer 3 networks, 22–23loop-free networks, 220
Building Access submodule (Enterprise Composite Network Model), 31, 34, 633
building blocks of wireless bridges, 821–822Building Distribution submodule, 31, 34burst size, 467BUS mode (SFM), 726BVI (bridge virtual interface), 393
Ccabling standards, EIA/TIA 568A and 568B, 841calculating
bandwidth for 802.11 networks, 838WLAN transmit power, 826–827
CAM (content addressable memory), 418Campus Backbone layer, 82Campus Backbone submodule, 31, 34Campus Infrastructure module, 73
campus networks, 27, 153and data centers, 3Cisco Enterprise Campus Architecture, 3–4, 23VLANs, 152
Canonical Format Indicator (CFI), 176capturing traffic with VSPAN on Cisco
CatOS-based switches, 772case studies
aggressive mode UDLD, 360–364designing a Cisco multilayer switched network,
85–86VLAN hopping attacks, preventing, 698–700
CatOS 8.x, 95CCX (Cisco Compatible Extensions), 860–861CDP (Cisco Discovery Protocol), 331, 334
restricting use of, 655–656CEF (Cisco Express Forwarding), 5, 411
components, 413–415CEF-based MLS, 411–415
ARP throttling, 416–418centralized/distributed switching, 415–416commands, 434configuration, 424–426
viewing Layer 3 Engine adjacency table, 428–431
viewing Layer 3 Engine CEF table, 426distributed switching, 416load sharing, 424sample operation, 422–423study tips, 432–434switching table architectures
CAM, 418TCAM, 419–421
troubleshootingconfiguration exercise, 435–438debugging CEF on Layer 3 Engine, 430methodology, 431–432
verifying, 425centralized switching, 415–416CFI (Canonical Format Indicator), 176channel reuse
for 802.11a, 836–838for 802.11b/g, 836
channeling EtherChannel, 318chassis options
for Cisco Catalyst 4500 switches, 730for Cisco Catalyst 6500 switches, 722
chassis options
904
chromatic dispersion, 760Cisco ACAT (Aironet Configuration
Administration Tool), 859Cisco ACAU (Aironet Client Administration
Utility), 860Cisco Airespace APs, 841
roaming, 848Layer 2, 849Layer 3, 850–851
REAPs, 848Cisco Aironet 1000 Series Lightweight AP, 817Cisco Aironet 1500 Series Lightweight Outdoor
Mesh AP, 818Cisco Aironet 802.11a/b/g CardBus Wireless
LAN Client Adapter, 816Cisco Aironet 802.11a/b/g PCI Wireless LAN
Client Adapter, 816Cisco Aironet Power Injector products, 840Cisco Auto RF feature, 847Cisco AutoQoS, 483–484Cisco AVVID (Architecture for Voice, Video and
Integrated Data), 15, 20–21, 53Cisco Catalyst 2950 switches, 51
WRR, 473Cisco Catalyst 2960 switches, 51, 737–738
manageability features, 52Cisco Catalyst 2970 switches, SRR, 473–474Cisco Catalyst 3550 switches, 50
security, 50–51updating software versions, 124
Cisco Catalyst 3560 switches, 50, 86, 736available models, 736features, 736security, 50–51
Cisco Catalyst 3750 switches, 50, 733Cisco StackWise technology, 735features, 734security, 50–51SRR, 473–474
Cisco Catalyst 4500 switches, 47–48chassis options, 730fixed configuration models, 730–731high availability, 560redundancy, 558security, 49SSO, 562–566Supervisor Engines, 731–733
Cisco Catalyst 4948-10GE switch, 48Cisco Catalyst 6500 switches, 45, 95, 558, 721
chassis options, 722Cisco IOS Software Modularity, 571–572CPU monitoring, troubleshooting, 775EEM, 790–791ERSPAN performance monitoring,
configuring, 784features, 45–46FWSM, 684–685high availability, 560hybrid-mode, 96line cards, 724line modules, 727NAM, 791–792
configuring, 793–797troubleshooting, 799verifying configuration, 797–798
performance monitoring using VACLs with capture option, 785–787
recommended deployment scenarios, 729redundant Supervisor Engine Uplink
modules, 572redundant power supplies, 573–575security, 47service modules, 723, 728–729Supervisor Engines, 723
Supervisor Engine II, 725–727 Supervisor Engine 32, 724–725Supervisor Engine 720, 727
supported data paths, 724supported interfaces, 723WRR, configuring, 472
Cisco Catalyst QoS trust concept, 457Cisco Catalyst switches, 560–563. See also Cisco
Catalyst 29xx switches; Cisco Catalyst 35xx switches; Cisco Catalyst 4500 switches; Cisco Catalyst 6500 switches
ACLs, 679configuring, 653PACLs, applying, 683–684RACLs, applying, 680–681VACLs, applying, 681–683
BackboneFast, 283bridge IDs, 222CatOS 8.x, 95Cisco NAC, 678–679
chromatic dispersion
905
configuringas VTP servers, 193multilayer switching, 411
EtherChannel, 318management parameters, configuring, 98
clock and NTP settings, 101–103DNS, 108management IP address, 99–100system logging, 109system names, 98telnet and SSHs, 104–106
multilayer, 389overview, 44passwords, configuring, 653policing, 468pVLANs, 168QoS
enabling, 484fundamentals, 453–479marking, 463–464
redundant Supervisor Engines, 557–561, 564running Cisco IOS, configuring voice VLANs,
628–629software images, 114
naming, 118–119"top of rack", 65troubleshooting, 126
configuration commands, 128connecting to switches via
console ports, 130debug commands, impact and use, 128IP connectivity, 131–132show and debug commands, 127
updating software versions, 120–121, 124VLAN requirements, 156VLAN support, 157VMPS support, 155wavelengths, 758
Cisco CatOScompared to Cisco IOS (Native Mode), 96–97converting to Cisco IOS (Native Mode), 125feature parity with Cisco IOS (Native Mode),
96–97MDGs, 336–337VLANs, configuring, 161
Cisco CatOS-based Catalyst switches, 100configuration changes, 113DNS lookup, 108ERSPAN, supported switches, 784local SPAN, configuring, 771passwords, 104RSPAN performance monitoring, configuring,
780–782Syslog destination, 109time adjustments, 103traffic, capturing, 772
Cisco Data Center Network Architecture, 4Cisco Enterprise Branch Architecture, 24Cisco Enterprise Campus Architecture, 23Cisco Enterprise Data Center, 24, 41–42
access networks, 44data center interconnect, 44SANs, 43server fabrics, 42
Cisco Enterprise Teleworker Architecture, 24Cisco Enterprise WAN Architecture, 24Cisco Express Forwarding. See CEFCisco Firewall Services Module, 46Cisco IFS (IOS File System), 114
determining IFS size and contents, 116formatting and copying images, 114
Cisco IIN (Intelligent Information Network), 19–20, 54
Cisco IOS softwareCatalyst switches, configuration exercise,
134–141debug command, 127file system, 114
determing size and contents, 116image naming, 118–119
global configuration mode, 157, 159hybrid mode, naming conventions, 118ISSU, 572native mode, feature parity with Cisco CatOS,
96–97show command, 127SLB, 602switches
DNS lookup, 108NTP settings, 103
Cisco IOS software
906
Syslog destination, 109time adjustments, 103
VLAN database configuration mode, 157Cisco IOS Software Modularity, 571–572Cisco IOS-based Catalyst switches
AAA, configuring, 665–666ERSPAN, supported sessions, 784local SPAN, configuring, 771port security, configuring, 670RSPAN performance monitoring, configuring,
778–780traffic monitoring, 769VSPAN, configuring, 773
Cisco IP Telephony, components of, 623Cisco LRE (Long-Reach Ethernet), 71Cisco metro solutions, 743–745Cisco NAC (Network Admission Control),
678–679Cisco REAP (Remote Edge Access Point), 856Cisco SONA (Service-Oriented Network
Architecture), 17–18, 54, 632Cisco StackWise technology, 735Cisco Unified Wireless Network, 843–845Cisco WCS (Wireless Control System), 846Cisco WGB (Work Group Bridge), 820Cisco wireless clients
AP association, 856–857open authentication, 857pre-shared key authentication, 858
Cisco Wireless Location Appliance, WLAN management, 847
Cisco WiSM, WLAN management, 846Cisco WLANs
APs combining with autonomous APs,
855–856LWAPP, 852–855
Auto RF feature, 847group mode feature, 847mobility group feature, 848split MAC architecture, 851
Cisco WLCM (Wireless LAN Controller Module), WLAN management, 846
CiscoWorks WLSE (Wireless LAN Solution Engine), 844, 847
CiscoWorks WLSE Express, WLAN management, 847
classification, 464clear VLAN command, 161CLI (command-line interface), 95client adapters (WLANs), 816clients, 815commands
bridging, 261CEF-based MLS, 434clear, 539clear vlan, 161copy running-config startup-config, 121debug ip cef, 431encryption-type, 104line vty, 104multicast traffic deployment, 542QoS-related, 486redundancy, 609show catalyst 6000 traffic-meter, 310show interface, 101, 131show ip mroute, 536–537show ip route, 131show logging, 308show process cpu, 309show running-config interface, 163show system, 310shutdown interface-level, 310snmp-server user, 112spanning-tree portfast, 305srr-queue bandwidth shape, 474srr-queue bandwidth share, 474STP-related, 301switchport, 205switchport host, 160vtp domain domain-name, 204vtp mode, 204vtp password, 204vtp v2-mode, 193
community VLANs, 167Compact mode (SFM), 726comparing
IEEE 802.11 standards, 835–836PIM versions, 519–520shared/source trees, 512–513WLANs and Ethernet, 812–813
compression issues, 814environmental issues, 813–814mobility, 814
Cisco IOS software
907
privacy issues, 813regulatory issues, 814–815
componentsof CEF, 413–415of Cisco AVVID, 21of Internet Connectivity module, 37of IP telephony, 623–624of Remote Access module, 38of VPN module, 38of WLANs, 816–817
compression, comparing WLANs and Ethernet, 814
configuring, 593AAA, 658
accounting, 660–665authentication, 658–661authorization, 659–663on Cisco IOS-based Catalyst switches,
665–666aggressive mode UDLD, 363baby giant and jumbo frame support, 349BackboneFast, 284
configuration exercise, 301, 304–306BPDU filtering, 286broadcast and multicast suppression, 345burst size, 467CEF-based MLS, 424–426Cisco Catalyst switches, 653. See also Cisco
Catalyst switchesDAI, 693–695debounce timer feature, 343DNS lookup, 108EEM, 791ERSPAN, performance monitoring, 783–784EtherChannel, 324–326GLBP, 601HSRP, 585–592IEEE 802.1Q trunking, 182–183IEEE 802.1X, 676–677IGMP snooping, 534inter-VLAN routing, verifying
configuration, 396IPSG, 690–691ISL trunking, 181LACP, 321loop-free networks, 220MAC address notification, 338
MDGs, 337MST, 256, 258–259multilayer switching, 411NAM, verifying configuration, 797–798performance monitoring on RSPAN,
776–782policers, 468policy maps, 463PortFast, 277, 305–306protocol filtering, 340PVST+
port cost, 240root bridges, 239–240
Root Guard, 288configuration exercise, 305
SNMP, 111–112SPAN
destination ports, 770for CPU monitoring, 773–775source ports, 768
SRM, 569SSO, 564STP, 264
verifying configuration, 241–243switches for SSH, 106syslog destination, 109system logging, 657system warning banners, 654UDLD, 358–359UplinkFast, 279
configuration exercise, 304virtual servers, SLB, 606VLANs, 158–161
private VLANs, 168–171, 208–209verifying configuration, 162–163
voice VLANs on Catalyst switches running Cisco IOS, 628–629
VSPAN on Cisco IOS-based Catalyst switches, 773
VTP, 192–193verifying configuration, 195
WLANsavailabe interfaces, 861–864controllers, 865–869controllers, connecting to, 864–865
WRR on Catalyst 6500 switches, 472
configuring
908
connectivity, troubleshooting with L2 traceroute, 787–789
control packets, prioritizing, 299controllers
available interfaces, 861configuring, 865–869connecting to, 864–865verifying configuration, 869
with show 802.11 commands, 869with show advanced 802.11 commands,
869–870with show ap commands, 870with show client commands, 871–872with show radius commands, 872with show rogue ap commands, 872with show rogue client commands,
872–873with show stats commands, 870–871
converting Cisco CatOS to Cisco IOS (Native Mode), 125
copy command, 112copy running-config startup-config command,
121copy tftp flash command, 120copying images on Cisco IFS, 114core layer, 25cost of wireless bridging, 822count keyword, 537coverage holes, 813CPU monitoring
on Catalyst 6500 switches, troubleshooting, 775SPAN, configuring, 773–775
CQ (custom queuing), 476creating
loop-free spanning trees, 228–231VLANs, 161
VLAN database configuration mode, 159critical performance-management tasks, 766–767crypto key generate command, 106CSMA/CD (carrier sense multiple access/
collision detect), 811CST (Common Spanning Tree), 252current-generation NICs, 64custom queuing (CQ), 476
CWDM (coarse wavelength division multiplexing)
GBIC modules, 760metro Ethernet, 758–760OADM modules, 760
DDAI (Dynamic ARP Inspection), 692
configuring, 693–695Data Center access submodule (Enterprise
Composite Network Model), 633data center interconnect, 44data centers, 3–4
and campus networks, 3Cisco Enterprise Data Center Architecture, 24,
41–42access networks, 44data center interconnect, 44SANs, 43server fabrics, 42
data path support (Catalyst 6500), 724data link technologies, 67
10-Gigabit Ethernet, 6810-Mbps Ethernet, 62Fast Ethernet, 63GBICs, 71Gigabit Ethernet, 64
distance limitations, 66LRE, 71
data-planes, 413daylight savings time, Energy Policy Act of
2005, 103dB (decibel), 826dBi (isotropic decibel), 826dBm (decibels per milliwatt), 826dBW (decibels per watt), 826dCEF256 (distributed CEF 256) mode, 726debounce timer feature, 342
configuring, 343enabling, 342
debug all command, 129debug ip cef command, 431decibel to milliwatt conversion table, 826
connectivity, troubleshooting with L2 traceroute
909
default gateway router redundancy, 575GLBP, 598HSRP, 579–593IRDP, 577proxy ARP, 576VRRP, 594–597
deleting VLANs, 159deploying IP Telephony in Enterprise Composite
Network Model, best practices, 633–634designing
IP telephony installations, 625high availability, 632network bandwidth provisioning, 629–630network management, 631power considerations, 630–631QoS, 626–627security, 632–633voice VLANs, 627–629
loop-free networks, 220multilayer switched networks
case study, 85–86Cisco Catalyst switches and data link
technologies, 73data link technologies, 61large campus networks, 77, 79–80medium-sized campus networks, 76–77selecting Layer 2 or Layer 3 switches, 74Server Farm module, 80, 82–83small campus networks, 75
destination ports, configuring SPAN, 770devices, PDUs, 12DF (designated forwarder) election, 516DFC (Distributed Forwarding Cards), 415DHCP relay agents, enabling, 399DHCP snooping, 687, 689DHCP-based management IP configuration,
340–341DiffServ (differentiated services), 441, 448–450differences between Ethernet and WLANs, 812
compression issues, 814environmental issues, 813–814mobility, 814privacy issues, 813regulatory issues, 814–815
diffraction, 824disabled state, 226
disablingIntegrated HTTP daemon, 656multicast traffic monitoring on source
ports, 768Telnet access, 140unused services, 654–655
disaster recovery on multilayer switched networks, 5
discard adjacency, 428distance limitations
for Ethernet wire, 64for typical 10GE deployments, 70–71
Distributed Forwarding Cards (DFC), 415distributed switching, 416distribution layer, 25distribution-layer switches, 64DNS, configuring on switches, 108drop adjacency, 428DSCPs (differentiated services code points), 456DTP (Dynamic Trunking Protocol), 178duplex mismatch, 294DVS (directed VLAN service), 750DWDM (dense wavelength division multiplexing)
metro Ethernet, 754OADMs, 758optical multiplexers, 758wavelengths, 756
dynamic interfaces, 861–863dynamic NAT, 686dynamic VLANs, 155–156
EEAPoL (Extensible Authentication Protocol over
LAN), 675EDFAs (eribium doped fiber amplifiers), 758EEM (Embedded Event Manager), 790–791egress queuing, SRR, 474–475egress SPAN, 768EIA/TIA 568A and 568B cabling standards, 841EIGRP (Enhanced Interior Gateway Routing
Protocol), 79electing a root bridge, 228enabling
debounce timer feature, 342DHCP relay agents, 399
enabling
910
passwords, 104VMPS, 155
encapsulation dot1Q 1 native command, 395encryption-type command, 104end-span devices, 840Energy Policy Act of 2005, 103Enterprise Campus Architecture, 3–4
infrastructure, 31meeting the needs of Enterprise networks, 33modules, 33–34
Enterprise Composite Network Model, 15, 25–26Campus Infrastructure module, 73Enterprise Campus, 30
submodules, 31–33Enterprise Edge, 27, 35
E-Commerce module, 36Internet Connectivity module, 37modules, 35Remote Access module, 38sample implementation, 39VPN module, 38WAN module, 38
IP Telephony deployment, best practices, 633–634
overview, 27sample implementation, 29Service Provider Edge, 27, 39
ISP module, 39PSTN module, 40sample implementation, 41
Enterprise Edge submodule, 5, 34, 84, 633enterprise MANs, metro Ethernet, 746enterprise network architectures
Cisco AVVID framework, 20Cisco IIN, 19–20Cisco SONA, 17–18regulatory standards, 6storage networks, 80
enterprise WLANs, top-ten issues, 842environmental issues, comparing WLANs and
Ethernet, 813–814erase startup-config command, 113eribium doped fiber amplifiers (EDFAs), 758error-disable feature, 349–353ERSPAN (Enhanced Remote SPAN), 782–784ESA (extended service area), 820ESCON (Enterprise Systems Connection), 745
ESS (Extended Service Set), 819EtherChannel, 318
configuration examples, 323–326configuration exercises, 366–370guidelines, 322LACP modes, 321–322link redundancy, 556load balancing, 329–331PAgP modes, 320
Ethernet, 63baby giants, 346comparing with WLANs, 812–813
compression issues, 814environmental issues, 813–814mobility, 814privacy issues, 813regulatory issues, 814–815
Gigabit Ethernet, deployment strategies, 65jumbo frames, 347, 349metro Ethernet, 72, 746
CDWM, 758, 760connectivity and transport, 747–750DWDM, 755optical distance challenges, 760–761SONET, 751–753WDM, 754
trunking modes, 181wire standards and maximum distances, 64
EtherType (TPID), 176ETSI (European Telecommunications Standards
Institute), 815, 830exam study tips, 635–637exclamation point (!) character, 124expedited forwarding, 452
FFast Ethernet, 63FCC (Federal Communications
Commission), 830FCIP (Fibre Channel over IP), 5, 80features
of Catalyst 3560 switches, 736of Catalyst 3750 switches, 734of port security, 666–671
MAC filtering, 671–673
enabling
911
sticky feature, 671unicast flood-blocking feature, 674
FFI (Full Flow Information), 412FIB (forwarding information base), 413–414Fibre Channel over IP (FCIP), 5FIBs (forwarding information bases), 413–414FIFO queuing, 470file systems, 114firewalls, 5, 684fixed configuration models for Catalyst 4500,
730–731flow control, IEEE 802.3, 354–355formatting images on the Cisco IFS, 114forwarding loops, 289–291forwarding state, 226Frame Relay, ATM, and PPP module, 40frames
baby giants, 177, 346BPDUs, 224corrupt, 295IEEE 802.1 Q, 176ISL, 174jumbo, 347–349
Fresnel zone, 839Full Flow Information (FFI), 412functional areas (Enterprise Composite Network
Model), 29FWSM (Firewall Services Module), 684–685
Ggain, 827GBICs (Gigabit Interface Converters), 71Gigabit Ethernet, 64
deployment strategies, 65Fast Ethernet and Gigabit Ethernet
auto-negotiation, 67GLBP (Gateway Load Balancing Protocol)
configuring, 601support, 598
global configuration mode, 159globally scoped addresses, 506GLOP addresses, 506–507group mode feature (Cisco WLANs), 847
groupsmulticast, 504SNMP, configuring, 112
Hhardware, 526–527
loops, troubleshooting, 310hardware-switching, 6hello time timer, 226hierarchy in IP addresses, 385–386high availability, 553–554, 560
for IP telephony installations, 632highly directional antennas, 827–829HSRP (Hot Standby Routing Protocol), 5, 10, 593
configuring, 614–616virtual MAC address, 582
hybrid mode Cisco IOS, naming conventions, 118
IIBSS (Independent Basic Service Set), 819IEEE (Institute of Electrical and Electronic
Engineers), 830IEEE 802.1d. standard, 222IEEE 802.1q standard, 173
implementing, 175–178trunks, 238Q-in-Q tunneling, 179
IEEE 802.1w standard, 243IEEE 802.1x, 675–677IEEE 802.3 flow control feature, 354–355IEEE 802.11 standards, 830–831
802.11a, 834–835802.11g, 832, 834comparing, 835–836
IGMP snooping, configuring, 534IIN (Intelligent Information Network), 19–20images
loading on Catalyst switches, 120naming, 118–119
implementingISL, 174pVLANs, 167SSO, 557, 562–563
implementing
912
individual policers, 468InfiniBand, 42, 65infrastructure of Enterprise Campus
networks, 31infrastructure mode, 815ingress SPAN, 768inline power, 840installed image mode (Cisco IOS Software
Modularity), 572Integrated HTTP daemon, disabling, 656interactive services layer (Cisco SONA), 19interfaces
Catalyst 2960 switch support, 737Catalyst 6500 switch support, 723
interference, 814multipath, 825
Inter-Switch Link (ISL), 173inter-VLAN routing, 385–389
configuration exercise, 405router on a stick, 393–395study tips, 400–401verifying, 396
IntServ model, 441, 448IP addresses
hierarchies, 385–386multicast, 502subnets, troubleshooting, 299
IP helper-address command, 399IP telephony
components of, 623–624network design recommendations, 625
high availability, 632network bandwidth provisioning, 629–630network management, 631power considerations, 630–631QoS, 626–627security, 632–633voice VLANs, 627–629
IPSG (IP Source Guard), 689–691IR (infrared), 811ISL (Inter-Switch Link), 173–174ISM (Industrial, Scientific, and Medical)
bands, 808isolated VLANs, 167–168ISPs (Internet service providers), 8ISSU (In-Service Software Upgrade), 571–572ITU grid, 757
J-Kjitter, 445, 502jumbo frames, 347, 349
keywordsactive, 537count, 537summary, 536
LL2 traceroute, 787–789LACP (Link Aggregation Control Protocol)
configuring, 321modes, 321–322
LANs (local-area networks), 809latency, 444Layer 2, 527–528
Cisco CatOS, 96legacy switches, 9loops, troubleshooting, 306–312multilayer switching, 15protocols
CDP, 331, 334UDLD, 355
redundancy, SSO protocol support, 562switching, 9, 12
Layer 2 LWAPP, 853Layer 3
entries, populating, 412marking, 463multilayer switching, 15networks, building, 22–23protocol filtering, 339–340switching, 10, 13, 21
ARP, 14packet rewriting, 13routing protocol support, 389
viewing Layer 3 Engine adjacency table, 428Layer 3 Engine CEF table, 426
Layer 3 LWAPP, 853
individual policers
913
Layer 4performance, 11QoS marking, 9terminology, 10
Layer 7 switching, 11layers
of Cisco SONA, 18of Network Design Hierarchical Model, 25of Server Farm module, 82
leaky token bucket algorithm, 466learning state, 226Lightweight APs, 816–817
comparing with autonomous APs, 844–845managing, 845–846
limited-scope addresses, 506limiting trunk connections, 657line cards (Catalyst 6500), 724, 727line vty command, 104listening state, 226LLDP (Link Layer Discovery Protocol), 331load balancing
EtherChannel, 329–331HSRP, 583SLB, 602
load sharing, CEF-based MLS, 424logging syslog servers, 109Loop Guard
Root Guard, 291versus aggressive mode UDLD, 292
loop-free networks, building, 220loops
bridging, 218building loop-free networks, 220preventing, 219–220
Layer 2, troubleshooting, 306–312loss, 827LWAPP (Lightweight Access Point Protocol), 817,
852AP association, 854–855combining with autonomous APs, 855–856Layer 2, 853Layer 3, 853
MMAC address notification, 337–338MAC addresses, 222MAC filtering, 671–673manageability features of Catalyst 2960 switches,
52management interfaces, 861–862managing
Catalyst switch configurations, 112WLANs
Cisco WCS, 846Cisco Wireless Location Appliance, 847Cisco WiSM, 846Cisco WLCM, 846CiscoWorks WLSE, 847CiscoWorks WLSE Express, 847lightweight APs, 845–846
man-in-the-middle attacks, mitigating with DAI inspection, 692
MANs (metropolitan-area networks), 809mapping multicast IP to MAC, 507MDGs (Multiple Default Gateways), 336–337membership in multicast groups, 504memory, ASICs, 7mesh networks, wireless, 818Metro Ethernet, 72, 746
CDWM, 758, 760connectivity and transport, 747
DVS, 750TLS, 748–749
DWDM, 755optical distance challenges, 760–761SONET, 751–753WDM, 754
metro solutions, 743–745MFIB (multicast forwarding information
base), 527MFSC (Multilayer Feature Switch Card)
model, 125MIC (Message Integrity Check), 859microcell architecture, 819, 823microflow policing, 468microwave networks, 823midspan devices, 840misconfiguring 802.1q, 178
misconfiguring 802.1q
914
MLS (multilayer switching), 5, 7, 411CEF-based MLS, 413–415
ARP throttling, 416–418centralized/distributed switching, 415–416configuration, 424–426distributed switching, 416load sharing, 424sample operation, 422–423study tips, 432–434switching table architectures, 418–421troubleshooting, 430–432, 435–438verifying, 425viewing Layer 3 Engine adjacency table,
428–429, 431viewing Layer 3 Engine CEF table, 426
traditional MLS, 412MMLS (multicast multilayer switching), 526mobility, comparing WLANs and Ethernet, 814mobility group feature (Cisco WLANs), 848mode rpr-plus command, 613modifying STP, identifying changes in topologies,
269–270modules
Cisco Firewall Services, 46Enterprise Campus, 33–34Network Management, 32
monitoring performance with SPAN and VSPAN, 767–768
moving configurations between devices, 112MSFC (Multilayer Switch Feature Card), 95MSFC 2A (Multilayer Switch Feature Card 2A),
725MST(Multiple Spanning Tree), 251–253
802.1Q, 252configuring, 256–259IST instances, 254istances, 256PVST+, 252regions, 253
multicast PIM, bidir-PIM, 516multicast forwarding information base
(MFIB), 527multicast IP addresses, 502Multicast Quick-Start Configuration Guide, 531multicast suppression, 345
multicast traffic, 501–503deploying, study tips, 540–541forwarding trees, 510–513hardware switching, 525
CEF-based MMLS, 526MFIB, 527MMLS, 526
IP addresses, 504–507IP protocols, 513, 530–531
configuring, 531–535IGMP, 520, 522–525monitoring, 535–539PIM, 513–520
Layer 2 protocols, 527–528CGMP, 529–530IGMP snooping, 528–529
MAC addresses, 507–508monitoring, disabling on source ports, 768reverse path forwarding, 508–510
Multilayer Feature Switch Card (MFSC) model, 95, 125
multilayer switched networks, 8Cisco AVVID
applications, 21supported components, 21
Cisco metro solutions, 744data link technologies, 61
10-Gigabit Ethernet, 6810-Mbps Ethernet, 62Fast Ethernet, 63Fast Ethernet and Gigabit Ethernet
auto-negotiation, 67GBICs, 71Gigabit Ethernet, 64–66LRE, 71
default gateway router redundancy, 575GLBP, 598HSRP, 579–593IRDP, 577proxy ARP, 576static default gateway configuration, 578VRRP, 594–597
designingcase study, 85–86large campus networks, 77–80medium-sized campus, 76–77selecting, 74
MLS (multilayer switching)
915
Server Farm module, 80–83small campus networks, 75
disaster recovery, 5Enterprise Composite Network Model,
15, 25, 38Enterprise Edge, 84EtherChannel, 323hardware switching, 525–526
MFIB, 527MMLS, 526
high availability, 553–555IP address hierarchies, 385–386Layer 2
design properties, 12switching, 9
Layer 2 protocols, 527–528CGMP, 529–530
Layer 3, 13, 21ARP, 14packet rewriting, 13switching, 10
Layer 4performance, 11terminology, 10
Layer 7 switching, 11multicast traffic, 501–503, 540–541
forwarding, 510–513IP addresses, 504–507IP protocols, 513–531MAC addresses, 507–508monitoring, 535–539
OSI reference model, 8QoS, 440–441, 480
assured forwarding, 451–452Building Access submodule, 482Building Distribution submodule, 482Campus Backbone, 483Catalyst fundamentals, 453–464congestion avoidance, 476–479congestion management, 469–472,
475–476DiffServ model, 448–450expedited forwarding, 452IntServ model, 448jitter, 445latency, 444need for, 442–443
packet loss, 446service models, 447traffic conditioning, 465–466, 468
routed ports, 390security, 5study tips, 53trunking, 173
multipath interference, 814, 825Multiple Default Gateways. See MDGs, 336Multiple Spanning Tree. See MST, 251
NNAM (Network Analysis Module), 791–792
autostart collection, configuring, 797configuring, 793data sources, 794
configuring, 793–797troubleshooting, 799verifying configuration, 797–798
naming conventionsfor 10GBASE-xyz, 69for Cisco IOS images, 118
NAS (Network Area Storage), 5NAT (Network Address Translation), 7, 686Native IOS, 96NBAR, 461network access security, 675–676
IEEE 802.1X, configuring, 676–677network bandwidth provisioning in IP telephony
installations, 629–630Network Design Hierarchical Model, 25network infrastructure layer (Cisco SONA), 18network management for IP telephony
installations, 631Network Management module, 32NMP (Network Management Processor), 724no switchport command, 324no switchport interface command, 390nonlinearities, 761non-root bridges, 839NSF (Non-Stop Forwarding), 557, 564–566NTP (Network Time Protocol), 10null adjacencies, 428
null adjacencies
916
OOADMs (optical add/drop multiplexers), 758–760OFDM (Orthogonal Frequency-Division
Multiplexing), 807omnidirectional antennas, 827–828open authentication, 857operating systems. See also Cisco IOS software
Cisco CatOS, compared to Cisco IOS (Native Mode), 96
Hybrid OS, 96optical add/drop multiplexers (OADMs), 758order-dependent ACL merge, 680order-independent ACL merge, 680OSI reference model, 8OSPF (Open Shortest Path First), 79
Ppacket rewriting, 13packets
broadcasting, 502loss, 446prioritizing, 299
PACLs, applying, 683–684PAgP modes, 320PANs (personal-area networks), 808parameters for GLBP configuration, 601passive scanning, 856passwords, 104
Catalyst Cisco IOS-based switches, 104configuring on Cisco Catalyst switches, 653
PAT (Port Address Translation), 686PDUs (protocol data units), 11Per VLAN Spanning Tree Plus. See PVST+, 235performance, monitoring performance management, critical issues,
765–767performance monitoring
on Catalyst 6500 switches using VACLs with capture option, 785, 787
with NAM, 791–792autostart collection, 797configuring, 793data sources, 794
data sources, configuring, 793–797
verifying configuration, 797–798with ERSPAN, configuring, 783–784with RSPAN, 776–778
configuring, 778–782with SPAN and VSPAN, 767–768
permanent MAC filters, 673PFC 3B (Policy Feature Card 3B), 725physical security of network devices, 654pico cells, 835PIM (Protocol-Independent Multicast)
bidir-PIM, 516show commands, 539
plain old telephone service (POTS), 71PoE (Power-over-Ethernet), 840policy maps, configuring, 463populating Layer 3 entries, 412port cost, configuring, 240port roles, RSTP, 245port security
configuring on Cisco IOS-based Catalyst switches, 670
features provided by, 666–671MAC filtering, 671–673sticky feature, 671unicast flood-blocking, 674
violation detection, 668–670PortFast, 276
configuration errors, 296configuring, 277, 305–306verifying, 305–306
PortFast-enabled interfaces, receiving BPDUs, 286
portsbackup, 245checking status, 299EtherChannel, 322root port, selecting, 232Root Guard, 286–288routed, 390Spanning-tree port states, 227SSO, 563uplink ports, 573
POTS (plain old telephone service), 71power considerations for IP telephony
installations, 630–631
OADMs (optical add/drop multiplexers)
917
Power Injector Media Converter, 841power injectors, 841power supplies, redundancy, 573–575preparing for exam, study tips, 635–637pre-shared key authentication, 858preventing
bridging loops, 219–220VLAN hopping attacks, case study, 698–700
primary root bridges, 231priorities (STP), verifying, 264–267prioritizing control packets, 299priority queuing, 475privacy, comparing WLANs and Ethernet, 813pruning, 189punt adjacency, 428pVLANs (private VLANs), 695–696
configuring, 168–171, 208–209port structure, 166troubleshooting, 165–169
PVST+ (Per VLAN Spanning Tree Plus), 235–236configuring
port cost, 240root bridges, 239–240
MAC address allocation and reduction, 237MST, 252
QQoS (Quality of Service), 440–441, 697
Catalyst switches, 453–454classification, 455–462congestion avoidance, 476–479congestion management,
469–472, 475–476marking, 463–464traffic conditioning, 465–468
Cisco AutoQoS, 483–484commands, 486deploying in IP telephony installations,
626–627enabling on Catalyst switches running Cisco
IOS, 484jitter, 445latency, 444Layer 2 switching, 9marking in Layer 4, 9
multilayer switched networks, 480Building Access submodule, 482Building Distribution submodule, 482Campus Backbone, 483
need for, 442–443packet loss, 446service models, 447
assured forwarding, 451–452DiffServ model, 448
IP precedence bit mappings, 450packet classification, 449
expedited forwarding, 452IntServ model, 448
study tips, 485queuing, SRR, 474–475
RRACLs, applying, 680–681RADIUS, AVPs, 659random early detection (RED), 478ranges (VLANs), 156rapid transition to forwarding, 247–248RDMA (Remote Direct Memory Access), 42, 65recommended Catalyst 6500 deployment
scenarios, 729RED (random early detection), 478redundancy, 554
Catalyst 6500 switch SRM, 566configuring, 569displaying status, 570
commands, 609default, 577–598disconnecting, 310Layer 2, SSO protocol support, 562multilayer switched networks, 25redundant power supplies, 573–575study tips, 608–611
redundant Supervisor Engines, 48, 557, 559route processor redundancy, 560RPR+, 561, 564Uplink modules, 572
redundant switched networks, 554reflection, 824refraction, 824
refraction
918
regulatory agencies for wireless networks, 830regulatory issues
comparing WLANs and Ethernet, 814–815requirements as enterprise architecture
drivers, 6relay agents (DHCP), enabling, 399reserved link local addresses, 505–506resiliency (STP), 284restricting CDP usage, 655–656restrictions
for RSPAN performance monitoring, 776–778for SPAN traffic monitoring, 769–770for VSPAN traffic monitoring, 770
RF signalsabsorption, 824attenuation, 824coverage holes, 813diffraction, 824gain, 827interference, 814loss, 827multipath interference, 825reflection, 824refraction, 824scattering, 824units of measurement, 826
roaming, Cisco Airespace, 848–849Layer 2, 849Layer 3, 850–851
root bridges, 231, 838characteristics of, 839configuring, 239–240election process, 228planning selection, 229–230selection process, 232
Root Guard, 286–287configuration exercise, 305configuring, 288Loop Guard, 291
root mode (wireless bridges), 822root ports, selecting, 232–233routing
BSR, 518inter-VLAN routing, 385–388
bridge virtual interface, 393IP broadcast forwarding, 398–399multilayer Catalyst switches, 388–389
router on a stick, 393–395switch virtual interface, 391–393UDP broadcast forwarding, 399verifying configuration, 396
redundancy, Catalyst 6500 switch SRM, 566, 569–570
routing protocols, support for Cisco Catalyst Layer 3 switches, 389
RPs, automatic distribution of, 516–518RPR+, configuring, 611– 613RP-TNC (reverse-polarity TNC) connectors, 829RSPAN (Remote SPAN), performance
monitoring, 776–782RSTP (Rapid Spanning Tree Protocol), 243
802.1D compatibility, 250BackboneFast in, 247BPDU format, 246–247port roles, 245rapid transition to forwarding, 247–248topology change mechanism, 249–250
SS/D (Source and destination IP address), 412SANs (storage area networks), 43, 80scattering, 824secondary VLANs, types of, 167Secure-HTTP (S-HTTP), 10security
ACLs, applying, 679–680Catalyst 3550 switches, 50–51Catalyst 3560 switches, 50–51Catalyst 3750 switches, 50–51Catalyst 4500 switches, 49Catalyst 6500 switches, 47CDP, restricting usage, 655–656DAI, 692
configuring, 693–695DHCP snooping, 687, 689Enterprise Campus modules, 34firewalls, 684for IP telephony installations, 632–633for WLANs, 858–859Integrated HTTP daemon, disabling, 656IPSG, 689–691Layer 3 networks, 23
regulatory agencies for wireless networks
919
multilayer switched networks, 5NAT, 686PACLs, applying, 683–684port security, features provided by, 666–671,
673–674private VLANs, 695–696QoS, 444, 697RACLs, applying, 680–681SNMP-related issues, 110, 657STP, 697–698system logging, configuring, 657system warning banners, configuring, 654trunking connections, limiting, 657unused services, disabling, 654–655VACLs, applying, 681–683vty line access, 654vulnerabilities, SSH, 107–108
selectingantennas, 828root ports, 232
semidirectional antennas, 827characteristics of, 829
server fabrics, 42Server Farm module
SANs, 80access layer, 82–84distribution layer, 82switches, 81
Server Farm submodule, 34service modules for Catalyst 6500 switches, 723,
728–729service provided-managed VLAN services, 179service providers, metro Ethernet, 746service-port interfaces, 861–863set boot system flash command, 121SFM (Switch Fabric Module) module, 726shaped round robin (SRR), 473–474shared round robin (SRR), 474–475shared trees, 511–513show 802.11 commands, 869show adjacency command, 429show adjacency detail command, 429show advanced 802.11 command, 869–870show ap command, 870show catalyst6000 traffic-meter command, 310show client command, 871–872
show command, 127show current command, 258show interface command, 101, 131show interfaces command, 163show IP cef command, 426show ip cef detail command, 426show ip mroute command, 536–537show ip route command, 131show looging command, 308show mac address-table interface command, 163show pending command, 258show process cpu command, 309show processes cpu command, 299show radius command, 872show rogue ap command, 872show rogue client command, 872–873show running-config command, 163show running-config interface command, 163show Spanning-Tree command, 242show stats command, 870–871show system command, 310show vlan command, 162show VTP domain command, 195–196show vtp status command, 195–196S-HTTP (Secure-HTTP), 10shutdown interface-level command, 310Single Router Mode (SRM), 566, 569SLB (Server Load Balancing), 602
configuring virtual servers, 606–607configurng the server farm withreal servers, 604modes of operation, 603
slow throughput, troubleshooting, 165SNAP (Subnetwork Access Protocol), 331\SNMP (Simple Network Management Protocol),
110–111configuring, 111–112security issues, 657
snmp-server user command, 112software, updating versions, 120–121, 124software-switching, 6SONET, metro Ethernet, 751–753source ports
multicast traffic monitoring, disabling, 768SPAN, configuring, 768
source trees, 510–513source-specific multicast addresses, 506
source-specific multicast addresses
920
SPAN (switch port analyzer)CPU monitoring on Catalyst switches, 773–775destination ports, configuring, 770performance, monitoring, 767–768source ports, configuring, 768traffic monitoring
on Cisco IOS-based Catalyst switches, 769
restrictions, 769–770Spanning-Tree portfast command, 305split MAC architecture, 851SPT (shortest path tree), 510SRM (Single Router Mode), redundancy on
Catalyst 6500 switches, 566–571SRR (shaped round robin), 473–475srr-queue bandwidth shape command, 474srr-queue bandwidth share command, 474SSH (Secure Shell), 5
accessing switches during an upgrade, 121configuring switches for, 106software support, 105study tips, 132vulnerabilities, 107–108
SSO (Stateful Switchover), 48, 557, 562–563conifguring, 564NSF, 564–566verifying, 564
SSTP (Shared STP), 238StackWise technology on Catalyst 3750
switches, 735standards for wireless networks, 830stateful inspection, 685Stateful Switchover (SSO), 48, 557, 562–563
configuring, 564NSF, 564–566verifying, 564
static default gateway configuration, 578static MAC filtering, 673static NAT, 686static VLANs, 154statistics on applications, checking, 311steady state STP, 357sticky feature of Cisco Catalyst switch port
security, 671
STP (Spanning Tree Protocol), 5, 217, 222BackboneFast, 280
configuring, 284link failures, 281
BPDUs, 223frame format, 224timers, 224
bridge IDs, 222commands, 301configuring, 264
verifying configuration, 241–243enhancements, 276events debug, 298IEEE 802.1Q trunks, 238Multiple Spanning Tree, 251, 253
802.1q, 252configuring, 256, 258–259IST instances, 254instances, 256PVST+, 252regions, 253
operation overview, 227planning root bridge selection, 229–230root bridge election, 228selection of root and designated ports,
230–231overview, 217path cost, 222port path cost, 240port states, 224–227PortFast, 276
configuring, 277resiliency, 284
BPDU filtering, 286BPDU Guard, 284Root Guard, 286–288
RTSP, 243BPDU format, 246–247port roles, 245rapid transition to forwarding, 247–248topology change mechanism, 249–250
sample election process scenario, 232–233security mechanisms, 697–698study tips, 300topologies, identifying changes in, 233–235,
269–270
SPAN (switch port analyzer)
921
troubleshooting, 293duplex mismatch, 294frame corruption, 295inappropriate STP diameter parameter
tuning, 296methodology, 297–299PortFast configuration errors, 296resource error, 295unidirectional link failures, 294
UplinkFast, 278, 300configuring, 279
STS-1 (synchronous transport signal-level 1), 752study tips for exam, 635–637subnets
routing packets between, 10troubleshooting, 299
Subnetwork Access Protocol (SNAP), 331summary keyword, 536Supervisor Engines
redundancy, 557, 559route processor redundancy, 560–561RPF+, 561, 564
Supervisor Engine 32 (Catalyst 6500), 723–725Supervisor Engine 720 (Catalyst 6500), 86, 727Supervisor Engine II (Catalyst 6500), 725–727Supervisor Engine V-10GE (Catalyst 4500), 48,
731–733support for VLANs on Catalyst switches, 157suppression broadcast, 344–345SVI (switch virtual interface), 391switch virtual interface (SVI), 391switching, 560
access layer, 64Cisco Catalyst 3550, 50
security, 50–51Cisco Catalyst 3560, 50, 86
security, 50–51Cisco Catalyst 3750, 50
security, 50–51Cisco Catalyst 4500
security, 49Cisco Catalyst 6500, 95
features of, 45–46hybrid-mode, 96security, 47
Cisco Catalyst switchesconfiguring, 98–100DNS, 108managing configurations, 112system switches, 109telnet and SSH, 104–106troubleshooting, 126
Cisco CatOS, 100MDGs, 336–337passwords, 104
Cisco IOS Software, NTP settings, 103configuring for SSH, 106distributed, 416distribution layer, 64hardware-switching, 6high availability, 553–555Layer 2, 9, 12Layer 3, 10, 21
ARP, 14packet rewriting, 13
Layer 4performance, 11terminology, 10
Layer 7, 11legacy Layer 2 switches, 9multilayer, 15physical security, 654port security, features provided by, 666–671,
673–674role of (study tips), 87–88Server Farm module, 81SNMP, 110–112software-switching, 6SSO, 562–566STP topology, securing, 657–658terminology, 8trunking connections, limiting, 657unauthorized access, 95VLANs, troubleshooting, 197VTP-transparent switches, 188
switching table architectures, 418–421switchport command, 205, 324switchport host command, 160synchronous data, 744synchronous transport signal-level 1 (STS-1), 752syslog servers, logging, 109
syslog servers, logging
922
system logging, configuring, 657system names, adding meaning to, 98system warning banners, configuring, 654
TTACACS+, AVPs, 659tail drop, 477TC (Topology Change) bit set, 233TCAM (ternary content addressable memory), 7Telnet
accessing switches during an upgrade, 121disabling access, 140establishing IP connectivity, 131–132
throttling (ARP), 416–418TKIP (Temporal Key Integrity Protocol), 859TLS (transparent LAN service), 748–749"top of rack" Catalyst switches, 65topologies
metro Ethernet, 73multiple Ethernet technologies, 62RTSP, change mechanism, 249–250STP, identifying changes in, 269–270
top-ten enterprise WLAN issues, 842traffic
load balancing, EtherChannel, 329–331multicast, 501–503
CEF-based MMLS, 526CGMP, 529–530configuring IP, 531–535deploying (study tips), 540–541forwarding trees, 510–513hardware switching, 525IGMP snooping, 528–529IP addresses, 504–507IP protocols, 513–525, 530–531Layer 2 protocols, 527–528MAC addresses, 507–508MFIB, 527MMLS, 526monitoring IP, 535–539reverse path forwarding, 508–510
traffic monitoringon Cisco IOS-based Catalyst switches, 769with SPAN, restrictions, 769–770with VSPAN, restrictions, 770
transmit power (WLANs), calculating, 826–827trees
shared, 511–513source, 510–513
troubleshootingbackup/primary root bridges, 231building loop-free netwo, 220Catalyst switches, 126
configuration commands, 128IP connectivity, 131–132show and debug commands, 127
CEF-based MLS, 430configuration, 435–438methodology, 431–432
CPU monitoring on Catalyst 6500 switches, 775forwarding loops and black holes, Loop Guard,
289–291IP subnets, 299Layer 2 loops, 306–312NAM, 799preventing bridging loops, 219–220STP, 293
duplex mismatch, 294frame corruption, 295inappropriate STP diameter parameter
tuning, 296methodology, 297–299PortFast configuration errors, 296unidirectional link failures, 294
trunking, 185using L2 traceroute, 787–789VLANs, 164
communication issues, 165private VLANs, 165–169slow throughput, 165trunking issues on switches, 197
VTP, 196Trucated mode (SFM), 726trunking
connections, limiting, 657DTP, 178troubleshooting, 185VLANs, 172
configuring, 181–183IEEE 802.1q, 175–178ISL, 174modes and methods, 181
system logging, configuring
923
multilayer switched networks, 173protocols, 174verifying configurations, 183–185
VTP, 185–193trusting DSCP, 456tunneling, IEEE 802.1Q-in-Q tunneling, 179
UUDLD (Unidirectional Link Detection), 275,
355–358case study, 362configuring, 358–359
UDP (User Datagram Protocol)broadcast forwarding, 399multicast traffic, 503
unauthorized access, 95unicast flood-blocking feature, 674unicast suppression, 345unidirectional links
failures, 294Loop Guard, 290
UNII (Unlicensed National Information Infrastructure) band, 808
unused services, disabling, 654–655updating software versions on Catalyst swtiches,
120–124uplink port support, 573UplinkFast, 278,–300
configuration exercise, 304configuring, 279
UPS systems for IP telephony installations, 631UTP (unshielded twisted-pair), 63
VVACLs
applying, 681–683with capture option, performance monitoring on
Catalyst 6500 switches, 785–787verifying
CEF-based MLS, 425controller configuration, 869
show 802.11 commands, 869
show advanced 802.11 commands, 869–870
show ap commands, 870show client commands, 871–872show radius commands, 872show rogue ap commands, 872show rogue client commands, 872–873show stats commands, 870–871
NAM configuration, 797–798PortFast, 305–306SSO, 564STP bridges, 264–267STP configuration, 241–243VLAN, 207–208VTP configuration, 195, 207–208
virtual interfaces, 861–862virtual LANs. See VLANVirtual LANs. See also VLANs, 9, 149virtual MAC addresses, VRRP, 596virtualization, 4VLAN database configuration mode, deleting
VLANs, 159VLAN hopping attacks, preventing, case study,
698–700VLAN IDs, 176VLANs (virtual LANs), 5, 9, 149–151
Cisco metro solutions, 750commands, 401configuring, 158–161
private VLANs, 168–171, 208–209verifying configuration, 162–163
deleting, 159dynamic, 155implementing in campus networks, 152
end-to-end and local VLANs, 153inter-VLAN routing, 385–388
IP broadcast forwarding, 398–399multilayer Catalyst switches, 388–390router on a stick, 393–395study tips, 400–401switch virtual interface, 391–393UDP broadcast forwarding, 399verifying configuration, 396
load balancing, 251PVST+, 236ranges, 156ranges and mappings, 178
VLANs (virtual LANs)
924
service provider-managed VLAN services, 179static, 154study tips, 197, 199–200support for on Catalyst switches, 157troubleshooting, 164, 197
communication issues, 165private VLANs, 165–169slow throughput, 165
trunking, 172configuration, 181–183IEEE 802.1 Q, 175–178ISL, 174modes and methods, 181multilayer switched networks, 173protocols, 174troubleshooting, 185verifying configurations, 183–185
VMPSs (VLAN management policy servers), 154–155
voice VLANsconfiguring on Catalyst switches running Cisco
IOS, 628–629deploying in IP telephony installations,
627–629VoIP (Voice over IP), deploying in converged
networks, reasons for, 622–623VPNs (Virtual Private Networks), 4VRRP (Virtual Router Redundancy Protocol),
10, 596VSPAN
on Cisco CatOS-based switches, capturing traffic, 772
on Cisco IOS-based Catalyst switchesconfiguring, 773
performance monitoring, 767–768traffic monitoring, restrictions, 770
VTP (VLAN Trunking Protocol), 185–186advertisements, 188authentication, 192configuring, 192–193modes of operation, 187pruning, 189troubleshooting, 196verifying, 207–208versions, 190–191
vtp domain domain-name command, 204vtp mode command, 204
vtp password command, 204vtp v2-mode command, 193VTP-transparent switches, 188vty lines, securing access to, 654vulnerabilities of SSH, 107–108
WWANs (wide-area networks), 809wavelengths (electromagnetic spectrum), 756WDM (Wave Division Multiplexing), metro
Ethernet, 754–755WEP (Wired Equivalent Privacy), 813Wi-Fi Alliance, 830wireless bridges
building blocks, 821–822cost of, 822non-root bridges, 839root bridges 838root mode, 822
wireless clients, AP association, 856–857Wireless LAN Controllers, 817wireless networks, 818
ISM bands, 808microwave, 823regulatory agencies and standards, 830UNII band, 808
wireless repeaters, 820WLANA (Wireless LAN Association), 830WLANs, 818
ad hoc mode, 815, 819antennas, 827–828
highly directional, 829omnidirectional, 828selecting, 828semidirectional, 829
APsautonomous, 816Lightweight, 816lightweight, 817microcell architecture, 823wireless repeaters, 820
BSSs, 819Cisco WCS, 846Cisco Wireless Location Appliance, 847Cisco WiSM, 846
VLANs (virtual LANs)
925
Cisco WLCM, 846CiscoWorks WLSE, 847CiscoWorks WLSE Express, 847clients, 815–816comparing with Ethernet, 812–813
compression issues, 814environmental issues, 813–814mobility, 814privacy issues, 813regulatory issues, 814–815
controllersconfiguring, 865–869connecting to, 864–865verifying configuration, 869–873
ESS, 819infrastructure mode, 815interfaces, configuring, 861, 863–864lightweight APs, managing, 845–846RF gain, 827security, 858–859topology building blocks, 819–820transmit power, calculating, 826–827Wireless LAN Controllers, 817
WRED (weighted random early detection), 478write erase command, 113WRR (weighted round robin), 471
X-Y-ZYagi antennas, 829ynamic, 156
ynamic