Symbols Numerics A

I N D E X

GLOP, 484–485 Symbols IP multicast, 480 limited-scope, 484 ! (exclamation point) character, 105 MAC address notification, 317–318 # (pound sign) character, 105 NAT, 649 reserved link local, 483–484 Numerics source-specific multicast, 484 virtual MAC, 573 10-Gigabit, 54 adjacencies, 393–394, 408 10-Mbps Ethernet, 48 ADSL (asymmetric digital subscriber line), 56 802.1D, compatibility with RSTP, 230 agents, relay (DHCP), 379 802.1Q, 156–158 aggregate policers, 448 802.1X Aggressive mode UDLD (A-UDLD), 336–338, 604 configuration exercise, 663–669 configuration exercises, 354 network access security, 639–641 versus Loop Guard, 272 AppleTalk Remote, 624 applications A Auto QoS, 463 Cisco AVVID, 16 AAA statistics, 291 accounting, 625, 629 voice, 596 authentication, 173, 623–626 Application-Speciﬁc Integrated Circuits. See ASICs authorization, 624, 627 applying RACLs, 643 configuration exercise, 663–669 Architecture for Voice, Video and integrated Data. configuring, 630–631 See Cisco AVVID aaa authentication login command, 626 ARP (Address Resolution Protocol), 12 aaa new-model command, 87, 626 DAI, 654–658 access as a security feature, 658–659 firewalls, 647–648 throttling, 396–398 hopping attacks (VLAN), 660–661 ASICs (Application-Speciﬁc Integrated Circuits), physical, 619 5–6, 275 unauthorized, 77 assured forwarding, 431–432 access control lists. See ACLs asymmetric digital subscriber line (ADSL), 56 access layer, 18 attacks, 655, 660–661 access-layer switches, 50 attenuation, 720 accounting, 625, 629 A-UDLD (Aggressive mode UDLD), ACLs (access control lists), 4, 618, 643 336–338, 604 PACLs, 646 configuration exercises, 354 RACLs, 643 versus Loop Guard, 272 security, 642 authentication, 173, 623–626 VACLs, 644 authorization, 624, 627 vty lines, 619 auth-proxy, 627 active keyword, 513 Auto QoS, 463 adding switches, 186 auto-negotiation, 53, 767 Address Resolution Protocol. See ARP Auto-RP, 494–495 addresses availability (VoIP), 4 globally scoped, 484 AVVID. See Cisco AVVID 788 baby giants

B C

baby giants, 157, 326 C, 39, 78 BackboneFast, 260 cable plants, 597 configuration.exe, 281–286 CallManager. See Cisco CallManager configuring, 264 CAM (content addressable memory), 398 link failures, 261 Campus Backbone in RSTP, 227 layer, 66 backup ports, 225 submodule, 23, 26 backup root bridges, 211 Campus Infrastructure module, 57 black holes, preventing, 269–271 campus networks, 19, 132–133 blocking state, 206 Canonical Format Indicator boot system ﬂash command, 102 (CFI), 156 bootstrap router (BSR), 495–496 case studies BPDUs (Bridge Protocol Data Units), 203 aggressive mode UDLD, filtering, 266 340–344 formats, 226–227 design (C language), 69–70 frames, 204 preventing VLAN hopping attacks, Guard, 258, 264 660–661 TCN, 213 Catalyst 2950 switches, 696–697 timers, 204 power redundancy, 552 bridge IDs, 202 reflector ports, 738 Bridge Protocol Data Units. See BPDUs WRR, 453 bridge virtual interface (BVI), 373 Catalyst 2955 switches, 738 bridging Catalyst 2970 switches, 453–454 backup/primary root, 211 Catalyst 3550 switches, 37–38, 694–696 loops, 198 power redundancy, 552 building loop-free networks, 200 security, 38–39 Loop Guard, 270 updating software versions, 105 preventing, 199–200 Catalyst 3560 switches, 37–39, 69, troubleshooting, 277 693–694 signaling topology changes, 213–215 Catalyst 3750 switches, 37–38, 691–693 study tips, 240–241 security, 38–39 broadcasting SRR, 453–454 domains, 7 Catalyst 4500 switches, 550–552, 688–691 packets, 480 high availability, 535 suppression, 324–325 redundancy, 534 BSR (bootstrap router), 495–496 security, 37 building, 462 SSO, 540–544 loop-free networks, 200 Catalyst 6500 modules, 686 networks (Layer 3), 16–17 Catalyst 6500 switches, 77, 679–682, 687 Building Access submodule, 23, 26 configuring, 452 Building Distribution submodule, 23, 26 deployment scenarios, 687 burst size, 447 features of, 34–35 BVI (bridge virtual interface), 373 high availability, 535 Cisco Firewall Services Module 789

hybrid-mode, 78 centralized/distributed switching, 395–396 line cards, 682 commands, 414 redundancy, 534 configuration, 404–406 redundant power supplies, 550–552 adjacency tables, 408–411 security, 36 CEF tables, 406 service modules, 681 distributed switching, 396 Supervisor Engine 720, 685 load sharing, 404 Supervisor Engine I, 682 sample operation, 402–403 Supervisor Engine II, 683–684 study tips, 412–414 VACL actions, 644 switching table architectures Catalyst QoS trust concept, 437 CAM, 398 Catalyst switches, 540–542, 549 TCAM, 399, 401 authorization, 624 troubleshooting BackboneFast, 263 configuration exercise, 415–418 bridge IDs, 202 debugging CEF on Layer 3 Engine, 410 Cisco IOS-based, 728 methodology, 411–412 configuring verification, 405 multilayer switching, 391 centralized switching, 395–396 voice VLANs, 608–612 CFI (Canonical Format Indicator), 156 as VTP servers, 174 channeling (EtherChannel), 298 EtherChannel, 298 chromatic dispersion, 720 L2 traceroute availability, 746 Cisco AVVID, 15, 41 multilayer, 369 applications, 16 policing, 448 IP, 597 pVLANs, 148 network topology, 16 QoS fundamentals, 433–443 supported components, 15 redundant Supervisor Engines, 533–542 Cisco CallManager, 165, 448, 596 RSPAN feature support, 738 Cisco Catalyst switches. See Catalyst switches security, 617 Cisco CatOS ACLs, 618 compared to Cisco IOS (Native Mode), 78 disabling, 620–621 configuring VLANs, 140 passwords, 618 converting to Cisco IOS (Native Mode), 106 physical access, 619 differences as compared to Cisco IOS, 79 software images, 96, 99–100 feature parity with Cisco IOS, 78–79 troubleshooting, 107 MDGs, 316–317 configuration commands, 109 switches, 82 connecting switches, 111 configuration changes, 94 debug commands, impact and use, 109 DNS lookup, 90 IP connectivity, 112 passwords, 86 show and debug commands, 108 Syslog destination, 91 updating software versions, 101–102, 105 time adjustments, 85 VMPS support, 135 Cisco CatOS-based switches wavelengths, 718 L2 traceroute command output, 748 CDP (Cisco Discovery Protocol), 311, 314, 621 SPAN configuration, 730 CEF (Cisco Express Forwarding), 4, 391–395, 539 Cisco Discovery Protocol (CDP), 311, 314, 621 CEF-based MLS, 391–395 Cisco Express Forwarding. See CEF ARP throttling, 396–398 Cisco Firewall Services Module, 34 790 Cisco IFS

Cisco IFS, 96 performance management, 757 determining IFS size and contents, 98 QoS, 465 formatting and copying images, 96 redundancy, 584 prefix descriptions, 97–98 RSPAN, 738 Cisco IOS, 163–164 security, 663–664 Catalyst switches, 115–121 show, 516 configuring AAA authorization, 628 show catalyst6000 traffic-meter, 290 debug command, 108 show interface, 83, 112 differences as compared to Cisco CatOS, 79 show ip mroute, 513–514 feature parity with Cisco CatOS, 78–79 show ip route, 112 file system, 96 show logging, 288 determining size and contents, 98 show process cpu, 289 image naming, 99–100 show running-config interface, 143 global configuration mode, 137–139 show system, 290 naming conventions, 100 shutdown interface-level, 290 show command, 108 snmp-server user, 94 switches spanning-tree portfast, 285 DNS lookup, 90 srr-queue bandwidth shape, 454 NTP settings, 85 srr-queue bandwidth share, 454 Syslog destination, 91 STP, 281 time adjustments, 85 study tips, 114 VLAN database configuration mode, 137 switchport, 185 voice VLANs, 599 switchport host, 140 Cisco IOS Server Load Balancing (SLB), 578–583 VLANs, 179, 381 Cisco IOS-based switches, SPAN configuration, 731 vtp domain domain-name, 184 Cisco IP Phones, 596 vtp mode, 184 configuring, 599 vtp password, 184 daisy-chain topology, 598 vtp v2-mode, 174 Cisco LRE (Long-Reach Ethernet), 55–56 Common Spanning Tree (CST), 232 Cisco Metro solutions, 703–705 community VLANs, 147 classification, 444 comparing clear commands, 516 PIM versions, 496–497 clear vlan command, 141 shared/source trees, 490–491 CLI (command-line interface), 77 compatibility of PIM, 496–497 command-line interface (CLI), 77 components commands CEF, 393–395 bridging, 241 Cisco AVVID, 15 CEF-based MLS, 414 Internet Connectivity module, 29 clear, 516 IP telephony, 595–596 copy running-config startup-config, 102 Remote Access module, 30 debug ip cef, 411 VPN module, 30 enable secret, 618 configuration exercises encryption-type, 86 802.1X, 663, 665–669 IP telephony, 607 AAA, 663–669 line vty, 86 aggressive mode UDLD, 354 local SPN, 731 Cisco IOS-based Catalyst switches, multicast traffic deployment, 518 115–121 CWDM modules 791

configuring policy maps, 443 BackboneFast, 281–286 PortFast, 257, 285–286 QoS on Catalyst switches, 466–472 protocol filtering, 320 Root Guard, 285 PVST+ RPR+, 586–588 port cost, 220 spanning-tree, 242–248 root bridges, 219–220 UplinkFast, 284 Root Guard, 268, 285 VLANs, 181–185 RSPAN, 738 voice VLANs, 608–612 SNMP, 93–94 EtherChannel, 346–350 SPAN, 730 HSRP, 589–591 SRM, 547 inter-VLAN routing, 385 SSO, 542 configuring, 115–121, 570, 653–654 STP, 221–223, 244 AAA, 630–631 switches for SSH, 88 accounting, 629 Syslog destination, 91 authentication, 626 UDLD, 338–339 authorization, 627 UplinkFast, 259, 284 aggressive mode UDLD, 343 VACL with the capture option, 744 Auto QoS, 463 virtual servers (SLB), 582 baby giant and jumbo frame support, 329 VLANs, 138–139, 141 BackboneFast, 264, 281–286 private VLANs, 148–151, 188–189 BPDU filtering, 266 verifying configuration, 141–143 broadcast and multicast suppression, 325 VSPAN, 732 burst size, 447 VTP, 173–176 CEF, 406 WRED, 460 CEF-based MLS, 404–406 WRR on Catalyst 6500 switches, 452 debounce timer feature, 323 connecting DHCP snooping, 651 IP telephony submodules, 604 DNS lookup, 90 redundancy, 290 EtherChannel, 304–306 content addressable memory (CAM), 398 HSRP, 562–569 control packets, prioritizing, 279 IEEE 802.1Q trunking, 162–163 converting Cisco CatOS to Cisco IOS (Native IGMP snooping, 511 mode), 106 Interface FastEthernet, 611–612 copy command, 94 inter-VLAN routing, 376 copy running-config startup-config command, IP Phones, 599 102, 538 IP telephony security, 603–604 copy tftp flash command, 101 ISL trunking, 161 copying images on the Cisco IFS, 96 LACP, 301 core layer, 18 local SPAN, 731 count keyword, 514 loop-free networks, 200 CQ (custom queuing), 456 MAC address notification, 318 creating loop-free spanning trees, 208–211 MDGs, 317 crypto key generate command, 87 MST, 236, 238–239 CST (Common Spanning Tree), 232 multilayer switching, 391 current-generation network interface cards, 51 PACLs, 646 custom queuing (CQ), 456 policers, 448 CWDM modules, 720 792 DAI (Dynamic ARP inspection)

DHCP (Dynamic Handshake Challenge Protocol) D enabling relay agents, 379 snooping, 649–651 DAI (Dynamic ARP inspection), 654–658 DHCP-based management IP configuration, 320–321 data paths, 682 Differentiated Services Code Point (DSCP), 436 data-link technologies, 47, 53 DiffServ model, 421, 428 10-Gigabit Ethernet, 54 IP, 430 10-Mbps Ethernet, 48 packet, 429 Fast Ethernet, 49 disabling GBICs, 55 CDP, 621 Gigabit Ethernet, 50–52 state, 206 LRE, 55–56 Telnet access, 121 data-planes, 393 unneeded or unused services, 620 debounce timer feature, 322 disaster recovery, 3 configuring, 323 discard adjacency, 408 enabling, 322 disconnecting redundancy, 290 debug all command, 110 distance limitations, Ethernet wire, 50 debug command, 110 Distributed Forwarding Cards (DFC), 395 debug ip cef command, 411 distributed switching, 396 default gateway router redundancy, 552, 555 distribution layer, 18 GLBP, 575 distribution-layer switches, 50 HSRP, 556–560, 562–570 DNS (Domain Name Service), 90 IRDP, 554 drop adjacency, 408 proxy ARP, 553 DSCP (Differentiated Services Code Point), 436 VRRP, 571–574 DTP (Dynamic Trunk Protocol), 620 deleting VLANs, 139 duplex mismatch, 274 dense wavelength division multiplexing (DWDM) DVS (directed VLAN service), 710 metro Ethernet, 714 DWDM (dense wavelength division multiplexing) OADMs, 718 metro Ethernet, 714 optical multiplexers, 718 OADMs, 718 wavelengths, 716 optical multiplexers, 718 deploying IP telephony solutions, 604–605 wavelengths, 716 designing Dynamic ARP inspection (DAI), 654–658 loop-free networks, 200 dynamic NAT, 649 multilayer switched networks Dynamic Trunk Protocol (DTP), 620 case study, 69–70 dynamic VLANs, 135 Cisco Catalyst switches and data-link technologies, 57 data-link technologies, 47 large campus networks, 61–64 E medium-sized campus networks, 60 selecting Layer 2 or Layer 3 EDFAs (erbium doped fiber amplifiers), 718 switches, 58 egress queuing (SRR), 454–455 Server Farm module, 64–67 EIGRP (Enhanced Interior Gateway Routing small campus networks, 59 Protocol), 63 networks, 596–603 electing a root bridge, 208 devices, PDUs, 10 EMI (Enhanced Multilayer Image), 695 DFC (Distributed Forwarding Cards), 395 enable secret command, 618 Fibre Channel over IP (FCIP) 793

enabling sample implementation, 31 debounce timer feature, 322 VPN module, 30 DHCP relay agents, 379 WAN module, 30 NDE as source for NAM, 752 enterprise MANs, 706 passwords, 86 enterprise network storage, 64 VMPS, 135 erase startup-config command, 94 encapsulation dot1Q 1 native command, 375 erbium doped fiber amplifiers (EDFAs), 718 encryption (SNMP), 92 error-disable feature, 329–333 encryption-type command, 86 ESCON (Ethernet, Enterprise Systems Enhanced Multilayer Image (EMI), 695 Connection), 705 Enhanced Interior Gateway Routing Protocol EtherChannel, 298 (EIGRP), 63 configuration example, 303–306 enhancing network performance, 728, 736–737, configuration exercises, 346–350 743–744 guidelines, 302 critical success tasks, 726 LACP modes, 301–302 monitoring with RSPAN, 735, 739–740 link redundancy, 532 SPAN, 727–730 load balancing, 309–311 VSPAN PAgP modes, 300 configuration, 732 Ethernet, 49 guidelines and rest, 730 baby giants, 326 Enterprise Campus modules, 25–26 Gigabit Ethernet, 51 infrastructure, 22 jumbo frames, 327–329 meeting the needs of Enterprise networks, 25 metro Ethernet, 56, 706 Enterprise Composite Network Model, 13, 18 CDWM, 718, 720 Campus Infrastructure module, 57 connectivity and transport, 707–710 Enterprise Campus, 22–25 DWDM, 715 Enterprise Edge, 20, 27 optical distance challenges, 720–721 E-Commerce module, 28 SONET, 711–713 Internet Connectivity module, 29 WDM, 714 modules, 27 trunking modes, 160 Remote Access module, 30 wire standards and maximum sample implementation, 31 distances, 50 VPN module, 30 Ethernet, Enterprise Systems Connection WAN module, 30 (ESCON), 705 Gigabit Ethernet, 51 EtherType(TPID), 156 IP, 604–605 exclamation point (!) character, 105 overview, 19 expedited forwarding, 432 sample implementation, 21 external routers, 373 Service Provider Edge, 20, 31 ISP module, 31 PSTN module, 32 F sample implementation, 33 Enterprise Edge submodule, 4, 26, 68 Fast Ethernet, 49 E-Commerce module, 28 FCIP (Fibre Channel over IP), 4, 64 Internet Connectivity module, 29 FFI (Full Flow Information), 392 modules, 27 FIB (forwarding information base), 393–394, 705 Remote Access module, 30 Fibre Channel over IP (FCIP), 4, 64 794 FIFO queuing

FIFO queuing, 450 file systems, 96 H filtering hardware, 290, 502–504 BPDU, 266 hardware-switching, 5 DHCP snooping, 649 hello time timers, 206 MAC addresses, 636 hierarchies, IP addresses, 365–366 unicast, 637 high availability, 529–530, 535, 602 firewalls, 4, 647–648 hopping attacks (VLAN), 660–661 five nines uptime, 595 hosts, multicast groups, 480 flooding, 638–639 HSRP (Hot Standby Router Protocol), 4, 8, 570 flow control (IEEE 802.3), 334–335 configuration exercise, 589–591 formatting images on the Cisco IFS, 96 virtual MAC address, 559 forwarding information base (FIB), Hybrid OS, 78 393–394, 705 hybrid-mode, 78 forwarding loops, 269–271 state, 206 Frame Relay, ATM, and PPP module, 32 I frames baby giants, 157, 326 IEEE 802.1D, 202. See also STP BPDUs, 204 IEEE 802.1Q, 153–158, 218 corruption, 275 IEEE 802.1Q-in-Q tunneling, 159 IEEE 802.1 Q, 156 IEEE 802.1w, 223. See RSTP ISL, 154 IEEE 802.3 flow control feature, 334–335 jumbo, 327, 329 IGMP (Internet Group Management Protocol), 511 Full Flow Information (FFI), 392 images functional areas (Enterprise Composite Network loading on a Catalyst switch, 102 Model), 21 naming, 99–100 implementing ISL, 154 pVLANs, 147 G SSO, 533, 540–542 individual policers, 448 Gateway Load Balancing Protocol infrastructure (GLBP), 575 Enterprise Campus, 22 GBICs (Gigabit Interface Converters), 55 IP telephony, 596 Gigabit Ethernet, 50, 55 inpkts keyword, 730 auto-negotiation, 767 inspection, DAI, 654–658 deployment strategies, 51 integrated services model (IntServ model), 428 Fast Ethernet auto-negotiation, 53 Interface FastEthernet, configuring, 611–612 GLBP (Gateway Load Balancing interfaces Protocol), 575 Catalyst 6500 switches, 681 global configuration mode, 139 DHCP snooping, 650 globally scoped addresses, 484 IPSG, 652–654 GLOP addresses, 484–485 RACLs, 643 groups security, 621 multicast, 482 Internet service providers (ISPs), 6 SNMP, 94 Internetwork Packet Exchange (IPX), 624 layers 795

Inter-Switch Link (ISL), 153 keywords inter-VLAN routing, 365–369 active, 513 configuration exercise, 385 count, 514 IP broadcasts, 378–379 summary, 513 multiple, 371–373 router on a stick, 373–375 study tips, 380–381 L UDP, 379 verifying, 376 L2 traceroute command IntServ model, 428 availability on Catalyst switches, 746 IOS switches, conﬁguring AAA, 630–631 output from Cisco IOS-based IP (Internet Protocol), 279, 491, 507–508 switches, 747 IP addresses, 482–485 LACP (Link Aggregation Control Protocol), hierarchies, 365–366 301–302 multicast, 480 latency, 424 IP helper-address command, 379 Layer 1, 201 IP Phones, conﬁguring, 596–599 Layer 2, 504–505 IP Source Guard (IPSG), 603, 652–654 Cisco CatOS, 78 IP telephony IPSG, 652–654 commands, 607 legacy switches, 7 components, 595–596 loops, 286–292 deployment best practices, 604–605 multilayer switching, 13, 506–507 five nines uptime, 595 protocols high availability, 602 CDP, 311, 314 network design, 596–597 UDLD, 335 bandwidth, 600 redundancy, 541 management, 602 switching, 7, 10 power considerations, 601 Layer 3 QoS, 597 entries, 392 security, 603 marking, 443 voice (auxiliary), 598–599 multilayer switching, 13 security, 603–604 networks, 16–17 study tips, 605–606 protocol filtering, 319–320 submodules, 604 routing protocol support, 369 IPSG (IP Source Guard), 603, 652–654 switching, 8, 11, 15 IPX (Internetwork Packet Exchange), 624 ARP, 12 ISL (Inter-Switch Link), 153–154 packet rewriting, 11 isolation viewing, 406–408 pVLANs, 148 Layer 4 VLANs, 147 performance, 9 ISPs (Internet service providers), 6 QoS marking, 7 ITU grids, 717 terminology, 9 layers multiple, 6 J - K Network Design Hierarchical Model, 18 jitter, 425, 480 PDUs, 10 jumbo frames, 327–329 Server Farm module, 66 796 leaky token bucket algorithm

leaky token bucket algorithm, 446 merging, 643 learning state, 206 Metro Ethernet, 56, 706 levels of SNMP, 92 CDWM, 718, 720 limited-scope addresses, 484 connectivity and transport, 707 line cards, Catalyst 6500 switches, 682 DVS, 710 line vty command, 86 TLS, 708–709 Link Aggregation Control Protocol (LACP), DWDM, 715 301–302 optical distance challenges, 720–721 links SONET, 711–713 failures, 261 WDM, 714 spanning-tree path cost, 202 MFIB (multicast forwarding information base), 504 listening state, 206 MFSC (Multilayer Feature Switch Card) load balancing model, 106 EtherChannel, 309–311 microflow policing, 448 HSRP, 560 misconfiguring 802.1Q, 158 load sharing, CEF-based MLS, 404 MLS (multilayer switching), 4–5, 391 local SPAN, configuring, 731 CEF-based MLS, 393–395 logging onto syslog servers, 91 ARP throttling, 396–398 Loop Guard centralized/distributed switching, versus aggressive mode UDLD, 272 395–396 Root Guard, 271 configuration, 404–406 loop-free networks, building, 200 distributed switching, 396 loops load sharing, 404 bridging, 198 sample operation, 402–403 building loop-free networks, 200 study tips, 412–414 preventing, 199–200 switching table architectures, Layer 2, 286–292 398–401 troubleshooting, 410–418 verification, 405 M viewing, 406–409, 411 traditional MLS, 392 MAC (Media Access Control) addresses, 202, mls nde sender command, 752 317–318 MMLS (Multicast multilayer switching), 503 management mode rpr-plus command, 588 Catalyst switch configurations, 94 models, SNMP, 92 performance study tips, 756–757 modes, SSO, 540–544 man-in-the-middle attacks, 655 modifying STP, 249–250 mapping modules multicast IP-to-MAC, 485 Catalyst 6500, 686–687 policies, 443 Cisco Firewall Services Module, 34 VLANs, 158 Enterprise Campus, 25–26 MDGs (Multiple Default Gateways), 316–317 Network Management, 24 Media Access Control (MAC) addresses, 202, Server Farm, 24 317–318 monitors, 735, 739–740 membership, multicast groups, 482 moving configurations, 94 memory, ASICs, 6 MSFC (Multilayer Switch Feature Card), 77, 106 QoS 797

MST (Multiple Spanning Tree), 231 IRDP, 554 802.1Q, 232 proxy ARP, 553 configuring, 236, 238–239 static default gateway configuration, 555 IST instances, 234 VRRP, 571–574 instances, 236 designing, 57 PVST+, 232 case study, 69–70 regions, 233 large campus networks, 61–64 multicast forwarding information base (MFIB), 504 medium-sized campus, 60 multicast IP addresses, 480 selecting, 58 Multicast multilayer switching (MMLS), 503 Server Farm module, 64–67 multicast suppression, 325 small campus networks, 59 multicast traffic, 479–481 DHCP snooping, 651 deploying (study tips), 517–518 disaster recovery, 4 forwarding trees, 488–491 Enterprise Composite Network Model, 13, 18, hardware switching, 502 28–33 CEF-based MMLS, 503 Enterprise Edge, 68 MFIB, 504 hardware switching, 502 MMLS, 503 MFIB, 504 IP addresses, 482–485 MMLS, 503 IP protocols, 491, 507–508 IP address hierarchies, 365–366 configuring, 508–512 IP telephony security, 603–604 IGMP, 497–502 Layer 2 monitoring, 512–516 CGMP, 506–507 PIM, 491–497 design properties, 10 Layer 2 protocols, 504–505 protocols, 504–506 CGMP, 506–507 switching, 7 IGMP snooping, 505–506 Layer 3, 11, 15 MAC addresses, 485–486 ARP, 12 reverse path forwarding, 486–488 packet rewriting, 11 Multilayer Switch Feature Card (MSFC), 77, 106 switching, 8 multilayer switched networks, 6, 303, 370, 618 Layer 4 Catalyst switch security, 617 performance, 9 Cisco AVVID, 15 terminology, 9 applications, 16 Layer 7 switching, 10 supported components, 15 multicast traffic, 479–488, 517–518 Cisco metro solutions, 704 connections, 508–512 data-link technologies, 47 forwarding, 488–491 10-Gigabit Ethernet, 54 IP addresses, 482–485 10-Mbps Ethernet, 48 IP protocols, 491–498, 500–508 Fast Ethernet, 49, 53 MAC addresses, 485–486 GBICs, 55 monitoring, 512–516 Gigabit Ethernet, 50–52 OSI reference model, 6 LRE, 55–56 QoS, 420–421, 460 default gateway router redundancy, 552 assured forwarding, 431–432 GLBP, 575 Building Access submodule, 462 HSRP, 556–560, 562–570 Building Distribution submodule, 462 798 QoS

Campus Backbone, 463 SPAN, 727–728, 730 Catalyst fundamentals, 433–444 VSPAN, 730, 732 congestion avoidance, 456–459 Ethernet, 56 congestion management, 449–456 FCIP, 64 DiffServ model, 428–430 firewalls, 647–648 expedited forwarding, 432 high availability, 529–531 IntServ model, 428 Layer 3, 16–17 jitter, 425 loops, 290 latency, 424 monitoring performance need for, 422–423 RSPAN, 735–740 packet loss, 426 VACL, 743–744 service models, 427 multilayer switched networks. See multilayer traffic conditioning, 445–448 switched networks trunking, 153 port security, 631–639 multilayer switching. See MLS security Multiple Default Gateways (MDG), 316–317 ACLs, 642 Multiple Spanning Tree. See MST network access (802.1X), 639–641 private VLANs, 658 QoS, 659 N VLANs, 131, 155, 158 configuring, 138–139, 141–151, NAM (Network Application Manager) 188–189 Catalyst 6500 switches, 748–753 deleting, 139 versions, 748 dynamic, 135 naming images, 99–100 implementing, 132–133 NAS (Network Area Storage), 4 ranges, 136, 158 NAT (network address translation), 6, 649 service provider-managed VLAN, 159 Native IOS, 78 static, 134 NBAR (Network Based Application Recognition), 441 study tips, 177–180 NDE (NetFlow Data Export), 750 troubleshooting, 144–149 enabling, 752 trunking, 152–154, 160–165 as a traffic source for NAM, 752 verifying configuration, 141–143 NetFlow Data Export. See NDE NMP (Network Management Processor), 683 network address translation (NAT), 6, 649 no monitor session command, 737 Network Analysis Module, 748 no switchport command, 304 Network Application Manager (NAM) no switchport interface command, 370 Catalyst 6500 switches, 748–753 nonlinearities, 721 versions, 748 NSF (Non-Stop Forwarding), 533, 543–544, 679 Network Area Storage (NAS), 4 NTP (Network Time Protocol), 9 Network Design Hierarchical Model, 18 null adjacency, 408 Network Management module, 24 Network Management Processor (NMP), 683 Network Time Protocol (NTP), 9 O networks designing IP telephony, 596–603 OADMs (optical add/drop multiplexers), 718–720 enhancing performance OIR (Online Insertion and Removal) of, 537 critical success tasks, 726 operating systems. See OS monitoring CPU interfaces, 733–734 optical add/drop multiplexers (OADMs), 718 protocols 799

OS (operating systems) PortFast-enabled interfaces, 266 Catalysts 6500 switches, 78 ports Cisco CatOS, 78 backup, 225 Hybrid OS, 78 checking status, 279 OSI reference model, 6 cost, 220 OSPF (Open Shortest Path First), 63 EtherChannel, 302 reflector, 738 roles, 225 P root, 212 Root Guard, 266–268 packets routed, 370 broadcasting, 480 security, 639 control, 279 blocking unicast flooding, loss, 102, 426 638–639 rewriting, 12 host MAC addresses, 632–635 PACLs (port access control lists), 646 restricting traffic, 636–637 PAgP (Port Aggregation Protocol), 300, 620 source (RSPAN), 736 passwords, 86, 618 spanning-tree port states, 207 PDUs (protocol data units), 10 SSO, 541 Per VLAN Spanning Tree Plus. See PVST+, 215 uplink, 550 performance POTS (plain old telephone enhancing, 727–730 service), 55 Layer 4 switching, 9 pound sign (#) character, 105 management (study tips), 756–757 power supplies NAM (Catalyst 6500 switches), 748 redundancy, 550–552 autostart collections, 753 UPS, 602 configuration, 749 preventing bridging loops, 199–200 data sources, 750 primary root bridges, 211 NDE as data source, 752 prioritizing troubleshooting common problems, 755 control packets, 279 verifying configuration, 754 STP, 244–247 permanent filters, 637 priority queuing, 455 per-port VLAN ACL (PVACL), 652 priority values, 765 PFC (Policy Feature Card), 683 private VLANs (pVLANs), 658 PIM show commands, 516 configuring, 148–151, 188–189 plain old telephone service (POTS), 55 structure, 146 plants (cable), 597 troubleshooting, 145–149 plug-n-play, 621 protocol data units (PDUs), 10 Policy Feature Card (PFC), 683 protocols policy maps, configuring, 443 ARP, 396–398 populating Layer 3 entries, 392 DTP, 620 port access control lists (PACLs), 646 Layer 2, 311–314 Port Aggregation Protocol (PAgP), 300, 620 MST, 239 PortFast, 256 PAgP, 620 configuration errors, 276 SNMP, 91–94 configuring, 257, 285–286 SSO support, 541 verifying, 285–286 STP, 197 800 protocols

trunking, 154 quality of service. See QoS IEEE 802.1 Q, 155–158 queuing, egress, 454–455 ISL, 154 VTP, 165–175 UDLD, 335 R pruning, 169 punt adjacency, 408 RACLs (router access control lists), 642–643 PVACL (per-port VLAN ACL), 652 RADIUS AVPs, 625 pVLANs (private VLANs) random early detection (RED), 458 configuring, 148–151, 188–189 ranges structure, 146 multicast IP addresses, 483 troubleshooting, 145–149 VLANs, 136, 158 PVST+ (Per VLAN Spanning Tree Plus), 215 Rapid Spanning Tree Protocol. configuring See RSTP port cost, 220 rapid transition to forwarding, 227–228 root bridges, 219–220 RED (random early detection), 458 MAC addresses, 217 redundancy, 530, 553, 574 MST, 232 Catalyst 6500 switch SRM, 545 configuring, 547 displaying status, 548 Q failure scenario, 547 commands, 584 QoS (quality of service), 5, 420–421, 659 default, 554–560, 562–567 ACLs, 642 default gateway routers, 552 Auto QoS, 463 disconnecting, 290 Catalyst switches, 433–434 Layer 2, 541 classification, 435–442 multilayer switched networks, 18 congestion avoidance, 456–459 power supplies, 550–552 congestion management, 449–456 study tips, 583–586 marking, 443–444 Supervisor Engines, 549 traffic conditioning, 445–448 switches, 533 classification, 596 Redundant Power Systems (RPS), 552 commands, 465 redundant Supervisor Engines, 37, 533–535 jitter, 425 route processor redundancy, latency, 424 535–536 Layer 2 switching, 7 RPR+, 537–542 marking in Layer 4, 7 redundant switched networks, 530 multilayer switched networks, 460 reflector ports, 738 Building Access submodule, 462 relay agents (DHCP), enabling, 379 Building Distribution submodule, 462 remote RSPAN, 736–737 Campus Backbone, 463 reserved link local addresses, need for, 422–423 483–484 packet loss, 426 resiliency (STP), 264 service models, 427 restrictions, pVLANs, 148 assured forwarding, 431–432 root bridges, 211 DiffServ model, 428 configuring, 219–220 expedited forwarding, 432 election, 208 IntServ model, 428 planning selection, 209–210 study tips, 464 selection (sample selection), 212 shared trees 801

Root Guard, 266–267, 604 authorization, 624, 627 configuration exercise, 285 configuring, 630–631 configuring, 268 ACLs, 642 Loop Guard, 271 Catalyst 3550 switches, 38–39 root ports, 212–213 Catalyst 3560 switches, 38–39 router access control lists (RACLs), 642 Catalyst 3750 switches, 38–39 routers Catalyst 4500 switches, 37 BSR, 495–496 Catalyst 6500 switches, 36 redundancy, 545–548 Catalyst switch configurations, 617, 621 routing ACLs, 618 inter-VLAN routing, 365–368 disabling unneeded services, 620 bridge virtual interface, 373 passwords, 618 IP broadcast forwarding, 378–379 physical access, 619 multilayer Catalyst switches, 368–370 commands, 663–664 router on a stick, 373–375 configuring, 639–641 switch virtual interface, 371–372 DAI, 654–658 UDP broadcast forwarding, 379 Enterprise Campus modules, 25 verifying configuration, 376 firewalls, 647–648 protocols, 369 interfaces, 621 RPSs (Redundant Power Systems), 552 IP telephony, 603–604 RSPAN Layer 3 networks, 16 configuring, 738–740 multilayer switched networks, 4 guidelines and restrictions, 736–737 NAT, 649 performance monitoring, 735 ports, 631–633, 639 remote, 736–737 blocking unicast flooding, 638–639 session support, 742 host MAC addresses, 632–635 RSTP (Rapid Spanning Tree Protocol), 223 restricting traffic, 636–637 802.1D compatibility, 230 private VLANs, 658 BackboneFast in RSTP, 227 QoS, 424, 659 BPDU format, 226–227 SNMP, 92, 622 port roles, 225 STP, 623 rapid transition to forwarding, 227–228 study tips, 662–664 topology change mechanism, 229–230 systems logging, 622 warning banners, 620 S vulnerabilities (SSH), 89 selecting root ports, 212 S/D (Source and destination IP address), 392 Server Farms, 24–26, 64–67 SANs (storage-area networks), 64 servers, logging, 91 secondary VLANs, types of, 147 service modules (Catalyst 6500 switches), 681–687 Secure Shell (SSH), 4 service provided-managed VLAN services, 159 Secure-HTTP (S-HTTP), 9 service providers (metro Ethernet), 706 security, 603 set boot system flash command, 102 AAA shaped round robin (SRR), 453–455 accounting, 625, 629 Shared STP. See SSTP authentication, 623–626 shared trees, 489–491 802 shortest path tree (SPT)

shortest path tree (SPT), 488 source-specific multicast addresses, 484 show commands, 108, 516 SPAN (Switched Port Analyzer), 727 show adjacency command, 409 configuring, 730 show adjacency detail command, 409 guidelines and restrictions, 728 show catalyst6000 traffic-meter command, 290 monitoring CPU interfaces, 733–734 show current command, 238 session support, 742 show interface command, 83, 112 troubleshooting, 735 show interfaces command, 143 spanning tree protocol. See STP show IP cef command, 406 spanning-tree show ip cef detail command, 406 path cost, 202, 220 show ip mroute command, 513–514 port states, 204–207 show ip route command, 112 portfast command, 285 show logging command, 288 SPT (shortest path tree), 488 show mac address-table interface SRM (Single Router Mode), 545–548 command, 143 SRR (shared round robin), 453–455 show pending command, 238 srr-queue bandwidth shape command, 454 show processes cpu command, 279, 289 srr-queue bandwidth share command, 454 show running-config command, 143 SSH (Secure Shell), 4 show running-config interface command, 143 accessing switches during an upgrade, 102 show spanning-tree command, 222 configuring switches for, 88 show system command, 290 software support, 87 show vlan command, 141 study tips, 113 show VTP domain command, 176 vulnerabilities, 89 show vtp status command, 176 SSO (Stateful Switchover), 37, 533, 540–542, 680 S-HTTP (Secure-HTTP), 9 configuring, 542 shutdown interface-level command, 290 NSF, 543–544 Simple Network Management Protocol (SNMP), verifying, 542 91–94, 662 SSTP (Shared STP), 218 Single Router Mode (SRM), 545–548 Standard Multilayer Image (SMI), 695 size, Cisco IFS, 98 Stateful Switchover (SSO), 37, 533, 540–542, 680 SLB (Cisco IOS Server Load Balancing), configuring, 542 578–583 NSF, 543–544 slow throughput, 144 verifying, 542 SMI (Standard Multilayer Image), 695 static default gateway configuration, 555 SNAP (Subnetwork Access Protocol), 311 static filters, 637 SNMP (Simple Network Management Protocol), static NAT, 649 91–93, 622 static VLANs, 134 snmp-server user command, 94 statistics, 291 snooping, 650–651 status (PortFast), 266 DHCP, 649 steady state STP, 337 IGMP, 511 storage-area networks (SANs), 64 software, updating versions, 101–102, 105 STP (spanning tree protocol), 197, 202 software-switching, 5 BackboneFast, 260 SONET (metro Ethernet), 711–713 configuring, 264 Source and destination IP address (S/D), 392 link failures, 261 Source Guard, 603 BPDUs, 203 source ports (RSPAN), 736 frame format, 204 source trees, 488–491 timers, 204 switches 803

bridge IDs, 202 STS-1 (synchronous transport signal-level 1), 712 commands, 281 study tips configuring, 221–223, 244 bridging, 240–241 enhancements, 256 CEF-based MLS, 412–414 events debug, 278 commands, 114 IEEE 802.1Q trunks, 218 inter-VLAN routing, 380–381 Multiple Spanning Tree (MST), 231, 233 IP telephony, 605–606 802.1Q, 232 multilayered network switching, 40 configuring, 236–239 performance management, 756–757 IST instances, 234 QoS, 464 instances, 236 redundancy, 583–584, 586 PVST+, 232 security, 662, 664 regions, 233 SSH, 113 operation overview, 207–211 STP, 280 overview, 197 switches PortFast, 256–257 roles, 71 PVST+. See PVST+ types, 698 resiliency, 264 VLANs, 177–180 BPDU filtering, 266 submodules BPDU Guard, 264 Enterprise Edge, 26 Root Guard, 266–268 IP telephony, 604 RSTP, 223 subnets BPDU format, 226–227 routing packets between, 8 port roles, 225 troubleshooting IPs, 279 rapid transition to forwarding, 227–228 Subnetwork Access Protocol (SNAP), 311 topology change mechanism, summary keyword, 513 229–230 Supervisor Engine, 549 sample election process scenario, 212–213 OIR, 537 security, 623 redundancy, 533 spanning-tree route processor redundancy, 535–537 path cost, 202 RPF+, 539, 542 port states, 204–207 RPR+, 538 study tips, 280 Supervisor Engine 720, 69, 685 topologies Supervisor Engine I, 682 identifying changes in, 249–250 Supervisor Engine II, 683–684 modifying, 213–215 Supervisor V-10GE Engine, 36 troubleshooting, 273 support duplex mismatch, 274 GLBP, 575 frame corruption, 275 uplink ports, 550 inappropriate STP diameter parameter suppression broadcast, 324–325 tuning, 276 SVI (switch virtual interface), 371 methodology, 277–279 switch virtual interface (SVI), 371 PortFast configuration errors, 276 Switched Port Analyzer. See SPAN resource error, 275 switches, 535 unidirectional link failures, 274 access-layer, 50 UplinkFast, 258, 280 adding, 186 804 switches

Auto QoS, 463 switching C, 108 distributed, 396 Cat, 109 hardware-switching, 5 Catalyst 2950, 696–697 Layer 2, 7, 10 Catalyst 3550, 37–39, 694–696 Layer 3, 8, 11, 15 Catalyst 3560, 37–38, 69, 693–694 ARP, 12 Catalyst 3750, 37–38, 691–693 packet rewriting, 11 Catalyst 4500, 688–691 Layer 4 Catalyst 6500, 77, 679–682, 687 performance, 9 deployment scenarios, 687 terminology, 9 features of, 34–35 Layer 7, 10 hybrid-mode, 78 software-switching, 5 line cards, 682 terminology, 6 security, 36 switching table architectures, 398–401 service modules, 681 switchport command, 185, 304, 729 Supervisor Engine 720, 685 switchport host command, 140 Supervisor Engine I, 682 synchronous data, 704 Supervisor Engine II, synchronous transport signal-level 1 (STS-1), 712 683–684 syslog servers, 91 Catalyst switches, 107 system logging, 622 Cisco Catalyst switches system names, configuring meaningful names, 80 clocks, 83–85 configuring, 80–82 DNS, 90 T managing configurations, 94 system switches, 91 TACACS+ AVPs, 625 telnet and SSH, 86–88 tail drop, 457 Cisco CatOS, 82 TC (Topology Change), 213 MDGs, 316–317 TCAM (ternary content addressable memory), 6 passwords, 86 Telnet Cisco IOS, 85 accessing switches during an upgrade, 102 configuring for SSH, 88 disabling access, 121 distribution-layer, 50 establishing IP connections, 112 high availability, 529–531 terminology IOS, 630–631 Layer 4 switching, 9 legacy Layer 2 switches, 7 switching, 6 multilayer, 13 ternary content addressable memory (TCAM), 6 redundancy, 533 TFTP (Trivial FTP) packet loss, 102 reflector ports, 738 throttling (ARP), 396–398 role of (study tips), 71 TLS (transparent LAN service), 708–709 Server Farm module, 65 topologies, 598 SNMP, 91–94 metro Ethernet, 57 SSO, 540–542 multiple Ethernet technologies, 48 NSF, 543–544 STP, 249–250 verifying, 542 topology change mechanism (RSTP), 229–230 types (study tips), 698 tracking, DHCP snooping, 650 unauthorized access, 77 traffic VTP-transparent switches, 168 DHCP snooping, 650–651 updating software versions on Catalyst switches 805

load balancing (EtherChannel), 309–311 PortFast configuration errors, 276 multicast, 479–481 unidirectional link failures, 274 CEF-based MMLS, 503 trunking, 165 CGMP, 506–507 VLANs, 144 configuring IP, 508–512 communication issues, 145 deploying (study tips), 517–518 private VLANs, 145, 148–149 forwarding trees, 488–491 slow throughput, 144 hardware switching, 502 VTP, 177 IGMP snooping, 505–506 trunking IP addresses, 482–485 limiting connections, 622 IP protocols, 491–498, 500–508 protocols (VTP), 165–175 Layer 2 protocols, 504–505 troubleshooting, 165 MAC addresses, 485–486 VLANs, 152 MFIB, 504 configuration, 161–163 MMLS, 503 IEEE 802.1 Q, 155–158 monitoring IP, 512–516 ISL, 154 reverse path forwarding, 486–488 modes and methods, 160 TrafficDirector application, 748 multilayer switched networks, 153 trees protocols, 154 shared, 489–491 verifying configurations, 163–165 source, 488–491 trusting DSCP, 436 Trivial FTP (TFTP) packet loss, 102 tunneling (IEEE 802.1Q-in-Q tunneling), 159 troubleshooting backup/primary root bridges, 211 building loop-free networks, 200 U Catalyst 6500 switches using SPAN, 735 Catalyst switches, 107 UDLD (Unidirectional Link Detection), 255, configuration commands, 109 335–338 connecting to a switch, 111 case study, 342 debug commands, impact and, 109 configuring, 338–339 IP connectivity, 112 protocols, 335 show and debug commands, 108 UDP (User Datagram Protocol) CEF-based MLS, 410 broadcast forwarding, 379 configuration, 415–418 multicast traffic, 481 methodology, 411–412 unauthorized access, 77 forwarding loops and black holes, 269 unicast, 480 IP subnets, 279 filtering, 637 L2 traceroute command flooding, 638–639 availability on Catalyst switches, 746 suppression, 325 output from Cisco IOS-based switches, 747 Unidirectional Link Detection. See UDLD Layer 2 loops, 286–292 unidirectional links preventing bridging loops, 199–200 failures, 274 STP, 273 Loop Guard, 270 duplex mismatch, 274 uninterruptible power supply (UPS), 601–602 frame corruption, 275 unshielded twisted-pair (UTP), 49 inappropriate STP, 276 updating software versions on Catalyst switches, methodology, 277–279 101–105 806 uplink port support

uplink port support, 550 implementing in campus networks, 132–133 UplinkFast, 258, 280 inter-VLAN routing, 365–368 configuration exercise, 284 IP broadcast forwarding, 378–379 configuring, 259 multilayer Catalyst switches, 368–370 UPS (uninterruptible power supply), 601–602 router on a stick, 373–375 User Datagram Protocol (UDP) study tips, 380–381 broadcast forwarding, 379 switch virtual interface, 371–373 multicast traffic, 481 UDP broadcast forwarding, 379 UTP (unshielded twisted-pair), 49 verifying configuration, 376 load balancing, 231 private VLANs as security feature, 658 V propagated, 622 PVST+, 216 VACLs (VLAN access control lists), 642 ranges, 136 Capture option, 743–744 ranges and mappings, 158 configuring, 663–669 service provider-managed VLANs, 159 validating DAI, 654–658 static, 134 values, priority, 765 study tips, 177, 179–180 verifying, 141, 143 troubleshooting, 144 CEF-based MLS, 405 communication issues, 145 PortFast, 285–286 private VLANs, 145–149 SSO, 542 slow throughput, 144 STP trunking, 152 bridges, 244–247 configuration, 161–163 configuration, 221–223 IEEE 802.1 Q, 155–158 VLAN, 187–188 ISL, 154 VTP, 176, 187–188 modes and methods, 160 versions, PIM, 496–497 multilayer switched networks, 153 virtual LANs. See VLANs protocols, 154 virtual MAC addresses, 573 troubleshooting, 165 virtual private networks. See VPNs verifying configurations, 163–165 Virtual Routers, 8 verifying, 187–188 Virtual Switched Port Analyzer. See VSPAN voice, 598 VLAN access control lists (VACLs), VMPSs (VLAN management policy 642, 139 servers), 135 VLAN management policy servers voice (VMPSs), 135 applications, 596 VLANs (Virtual LANs), 8, 129 Auto QoS, 463 Cisco metro solutions, 710 VoIP (voice over IP), 3 commands, 381 VPNs (virtual private networks), 3 configuring, 138–141 VRRP (Virtual Router Redundancy private VLANs, 148–151, 188–189 Protocol), 8, 573 verifying configuration, 141–143 VSPAN deleting, 139 Virtual Switch, 727 dynamic, 135 configuration, 732 hopping attacks, 660–661 configuring, 732 IDs, 156 guidelines and restrictions, 730 WS-X6380-NAM 807

VTP (VLAN Trunking Protocol), 165–166 advertisements, 168 W authentication, 173 warning banners, 620 configuring, 173–175 Wave Division Multiplexing (WDM), 714–715 modes of operation, 167 wavelengths (electromagnetic spectrum), 716 pruning, 169 WDM (Wave Division Multiplexing), 714–715 troubleshooting, 177 web interface security, 621 verifying, 187–188 weighted random early detection (WRED), 458 versions, 170–172 weighted round robin (WRR), 451 vtp domain domain-name command, 184 WRED (weighted random early detection), 458 vtp mode command, 184 write erase command, 94 vtp password command, 184 WRR (weighted round robin), 451–454 vtp v2-mode command, 174 WS-SVC-NAM-1, 748 VTP-transparent switches, 168 WS-SVC-NAM-2, 748 VTYs, securing access to, 619 WS-X6380-NAM, 748 vulnerabilities (SSH), 89