Академический Документы
Профессиональный Документы
Культура Документы
0 Exam Review
INTRODUCTION
This document provides a comprehensible guide to review every concept on the CCNP SWITCH v1.0 exam. This document was created by a student for students; in no way this replaces studying resources. This is a guide to easily review and remember forgotten concepts. Ive made efforts to make diagrams readable, understandable, and have used color coding to easily identify commands, output to watch out for and comments. However, Im not a graphic designer so This is an example:
Normal network device output (Switches and Routers) are displayed on green Commands are displayed on blue Lines that need attention that help troubleshooting easier are on red My own comments to explain certain are on yellow
1.1
VLAN FOUNDATIONS
VLANs are used to logically group users, configure specific access controls and help implement quality of service. Broadcast traffic is restrained to the specific VLAN segment; not forwarded through all switch ports Trunk Ports forward traffic from ALL VLANs Native VLAN is the VLAN assigned for all untagged packets (default native VLAN is 1) received on Trunk Links 1 VLAN = 1 Subnet
1.2
VLAN CONFIGURATION
Creating VLANs
Switch#configure terminal Switch(config)#vlan 10 Switch(config-vlan)#name CCNP Switch(config-vlan)#end
Verifying VLANs
Switch#show vlan brief VLAN Name Status ---- -------------------------------- --------1 default active #This is the native (default) #vlan
Ports ------------------------------Fa0/1, Fa0/2, Fa0/3, Fa0/4 Fa0/5, Fa0/6, Fa0/7, Fa0/8 Fa0/9, Fa0/10, Fa0/11, Fa0/12 Fa0/13, Fa0/14, Fa0/15, Fa0/16 Fa0/17, Fa0/18, Fa0/19, Fa0/20 Fa0/21, Fa0/22, Fa0/23, Fa0/24 Gig1/1, Gig1/2 #Unused VLANs added by Cisco to be #Industry compliant # #
VLAN information is not stored with the configuration file!, instead, the VLAN information is stored on Flash on the file: vlan.dat. When clearing a switch, dont forget to erase this file along with its startup-config with:
Switch#erase startup-config Erasing the nvram filesystem will remove all configuration files! Continue? [confirm] [OK] Erase of nvram: complete %SYS-7-NV_BLOCK_INIT: Initialized the geometry of nvram Switch#delete flash:vlan.dat Delete filename [vlan.dat]? Delete flash:/vlan.dat? [confirm]
1.3
VLAN TRUNKING
Trunking forwards packets from ALL VLANs through the trunking interfaces; leaves tags ON. The switch adds VLAN information into each frame (does not encapsulate) Trunking is a Layer 2 feature
1.3.1 802.1Q
Industry Standard Inserts a tag on the frame only
Dynamic Auto Dynamic Auto Dynamic Desirable Trunk Trunk & Nonegotiate Access Access Trunk Trunk Limited Connectivity Access
Trunk & Nonegotiate Limited Connectivity Limited Connectivity Trunk Trunk Limited Connectivity
1.4
VTP
The goal is to replicate VLANs among 2 or more Switches. All new switches start with rev0. As VLAN changes are made, revision is increased by 1. If a higher revision is detected on a neighbor switch, the local switch will replace its VLAN information with the neighbors since its a Newer version of the VLAN database on the network. For replication to take place, the switches must share the following parameters: VTP Version: Version 2 is the latest one VTP Domain: When Default (NULL), it will inherit the first domain it sees on the network. CASE SENSITIVE! VTP Password: Ignored if password is blank VTP Modes Server (Default): Can change VLAN information; sends/receives VTP Updates to other switches Client: Cannot change VLAN information; sends/receive VTP Updates from Server to other clients Transparent: Can change VLAN information; ignores updates from server BUT passes through these updates to other switches; does not send updates generated by itself. When in transparent mode, the revision will always be 0. VTP Pruning stops the switch from sending broadcast to other switches if they do not know about the VLAN where the broadcast generated.
2.1 SPANNING-TREE
By default, switches forward ALL broadcast packets out of every port except the one it received it from. Business requirements drive us to build redundant systems, networks, and infrastructure Spanning-tree allows us to build redundant network links while avoiding switching loops Original spanning-tree (802.1d) was designed to detect and prevent switch loops BPDUs (Bridge Protocol Data Units) are sent on every switchport as broadcast; if a specific BPDU arrives to the originating switch, spanning-tree will realize theres a loop somewhere and start blocking ports BPDUs also designate one of the switches to be the root bridge BPDUs are sent every 2 seconds The root bridge becomes the privileged switch; all ports become designated ports All the other switches find the best port to reach the root bridge (root port) and all other redundant links are evaluated to decide who blocks what. On every link, there must be at least 1 designated port. Bridge ID is determined by: Priority.MAC-Address.PortNumber. Lowest is better! (MACAddress of the switch, not the switchport!) MAC-Address of the switch port can be found with the `show version` command By default, the priority is 32,768; changeable every 4096 (for PVSTP) Lowest priority is 0, highest is 61,440 Link cost relates to link speed: 10Mbps = Cost 100 100Mbps = Cost 19 1Gbps = Cost 4 10Gbps = Cost 2 Switches will calculate the cost to reach the root bridge to find the best link Spanning-tree runs straight out of the box, no need to turn it on Edge ports are ports that connect to end devices, configured with the spanning-tree portfast command
2.1.2 PVST
PVST makes STP run individual instances for each VLAN All switches now support PVST PVST Changes the Bridge ID by adding the VLAN number to the Priority. For example, for VLAN1, the priority would be 32769 instead of 32768. Helps with load balancing as vlan traffic can be distributed among 2 or more switches. Usually the distribution switches are configured each to be the root bridge for different VLANs. Enabling PVST
Switch(config)#spanning-tree mode pvst
Interface Role ---------------- ---Fa0/1 Desg Fa0/3 Desg #Designates all ports
Sts Cost Prio.Nbr Type --- --------- -------- -------------------------------FWD 19 128.1 P2p FWD 19 128.3 P2p on FWD (Forwarding) State, cost is 19 so these are 100Mbps Links
Interface Role ---------------- ---Fa0/2 Desg Fa0/3 Root #One root port and at
Sts Cost Prio.Nbr Type --- --------- -------- -------------------------------FWD 19 128.2 P2p FWD 19 128.3 P2p least 1 Designated port per link (SwitchC must be blocking)
Sts Cost Prio.Nbr Type --- --------- -------- -------------------------------FWD 19 128.2 P2p FWD 19 128.3 P2p port before, has become Designated since we are the root bridge
Interface Role ---------------- ---Fa0/1 Desg Fa0/3 Root #One root port and at
Sts Cost Prio.Nbr Type --- --------- -------- -------------------------------FWD 19 128.1 P2p FWD 19 128.3 P2p least 1 Designated port per link (SwitchC must be blocking)
Blocking
If a port is blocked and link to root is lost, this port will stay blocked for 20 seconds to see if root link comes back up before it enables the failover link If link doesnt come up, the port moves to Listening (LST) state and waits 15 Seconds to send/receive BPDUs to detect loops After listening, the port starts to Learn (LRN) for the next 15 seconds to fill up CAM table with MAC Addresses
Listening
Learning
Forwarding
Takes up to 50 seconds to failover (OUCH!). Because STP was designed decades ago, this wasnt too much of a problem. Nowadays networks are way faster and can transfer data much quicker. Need for Speed
RSTP (802.1w) redefines port states, lowers the timers and can converge almost instantly; no more waiting 50 seconds. Must be enabled on ALL switches for it to work properly
Learning
Forwarding
3.1 ETHERCHANNEL
Etherchannel allows us to use multiple physical connections and put them together as one virtual link. This virtual link is called a channel group. Provides automatic failover; if one of the physical links fails, the channel group simply uses the rest of the links in the group. Protocols for Etherchannel are PAgP (Port Aggregation Protocol) and LACP (Link Aggregation Control Protocol). Make sure the interfaces configured with Etherchannel belong to the same VLAN! And on both sides! Changes made to the port-channel interface affects all switchports members of the channel
3.1.1 PAgP
Cisco Propietary Port Modes: On, Desirable, Auto PAgP On Desirable Auto On On On On
3.1.1 LACP
Industry Standard (802.3ad) Port Modes: On, Active, Passive Desirable On On On Auto On On Off
On On On On
Active On On On
Passive On On Off
SwitchA(config)#interface range fa0/1 - 3 SwitchA(config-if-range)#channel-group 1 mode ? active Enable LACP unconditionally auto Enable PAgP only if a PAgP device is detected desirable Enable PAgP unconditionally on Enable Etherchannel only passive Enable LACP only if a LACP device is detected SwitchA(config-if-range)#channel-group 1 mode on
SwitchA(config)#interface range fa0/1 - 3 SwitchA(config-if-range)#channel-group 1 mode on SwitchA(config-if-range)#no switchport #Interface Port-Channel 1 was just created SwitchA(config-if-range)#end SwitchA#show ip interface brief #Output omitted Port-channel 1 unassigned YES unset up SwitchA#configure terminal SwitchA(config)#interface port-channel 1 SwitchA(config-if)#no switchport SwitchA(config-if)#ip address 10.1.1.1 255.255.255.0
up
4.1
INTER-VLAN ROUTING
Done through Router-on-a-stick or Layer 3 Switch routing Needed to allow devices on one VLAN to talk to another device on a different VLAN 1. PC1 sends ARP request for its default gateway (a sub-interface on the router) 2. Router responds with the MAC address for this sub-interface 3. PC1 sends packet with VLAN 20 destination IP to Router 4. Switch forwards packet through trunk link to Router 5. Router detects the destination to be connected to his VLAN 20 sub interface 6. Router does ARP to contact PC2 7. PC2 responds to ARP 8. Router forwards packet to PC2 Etc
Switch(config)#interface fast Ethernet 0/10 Switch(config-if)#switchport mode access Switch(config-if)#switchport access vlan 10 Switch(config)#interface fast Ethernet 0/20 Switch(config-if)#switchport mode access Switch(config-if)#switchport access vlan 20 Switch(config)#interface vlan 10 #SVI vlan 10 has just been created Switch(config-if)#ip address 10.10.1.1 255.255.255.0 Switch(config)#interface vlan 20 #SVI vlan 10 has just been created Switch(config-if)#ip address 10.20.1.1 255.255.255.0 #Using Physical Interfaces Switch(config)#interface fast Ethernet Switch(config-if)#no switchport Switch(config-if)#ip address 10.10.1.1 Switch(config)#interface fast Ethernet Switch(config-if)#no switchport Switch(config-if)#ip address 10.20.1.1 0/10 255.255.255.0 0/20 255.255.255.0
5.1
GATEWAY REDUNDANCY
Redundancy protocols, allow you to configure many gateways as a single virtual gateway, transparent to clients. HSRP (Hot Standby Router Protocol), VRRP (Virtual Router Redundancy Protocol) and GLBP (Gateway Load Balancing Protocol) Automatic failover to backup gateway if the main one goes down Interface tracking allows you to detect specific link status and reduce priority accordingly to replace active gateway
5.1.1 HSRP
Hellos every 3 seconds, hold timer is 10 seconds (Default) Virtual IP & Virtual MAC shared by gateways Virtual MAC: 0000.0c07.ac?? (Group #) One Active, Others Standby Organized in Standby Groups Cisco Proprietary Init, Speak, Active, Standby
5.1.1 VRRP
Hellos every 1 second, hold timer is 3 seconds (Default) Virtual IP & Virtual MAC shared by gateways Virtual MAC: 0000.5e00.01?? (Group #) One Master, One Backup Organized in VRRP Groups Industry Standard (IETF)
5.1.1 GLBP
Hellos every 3 seconds, hold timer is 10 seconds (Default) Virtual IP & multiple virtual MAC Addresses from AVFs All gateways are loadbalanced One AVG, many AVFs Cisco Propietary
SwitchA(config)#interface vlan 1 SwitchA(config-if)#standby 1 timers msec 50 msec 200 SwitchB(config)#interface vlan 1 SwitchB(config-if)#standby 1 timers msec 50 msec 200 #This changes hello timer to 50msecs and hold down to 200msecs SwitchA(config-if)#standby 1 track fa0/1 60 #Now we tell it to decrement priority by 60 if fa0/1 dies SwitchA(config-if)#interface fast Ethernet 0/1 SwitchA(config-if)#shutdown Mar 1 00:22:37.719: %HSRP-5-STATECHANGE: FastEthernet0/1 Grp 1 state Active -> Init SwitchA(config-if)#do show standby Vlan 1 - Group 1 State is Init (interface down) #Output omitted; the standby switch has taken over! Hello time 50 msec, hold time 200 msec Priority 90 (configured 150) Track interface FastEthernet0/0 state Down decrement 60 IP redundancy name is "hsrp-Fa0/0-1" (default)
We should determine a timer that activates as soon as the switch becomes active. This timer will determine whats the minimum amount of time the switch will stay as active; this is to avoid problems with flapping interfaces, or if the active reboots, we dont want to give the active role to a router that is just learning routes!
SwitchA(config-if)#standby 1 preempt delay minimum 180 #Waits 180 seconds before giving up the active role after its promoted SwitchA(config-if)#standby 1 preempt delay reload 180 #Waits 180 seconds before preempting the active one after a reload
Additional tuning is possible with GLBP for configuring weights, load-balancing, etc; however its not covered on the exam.
6.1
WIRELESS LANS
WAPs (Wireless Access Points) communicate like hubs. Only one wireless client can talk at a time since its a shared signal in half duplex. Wireless works on Layer1 and Layer2 of the OSI model. Uses CSMA/CA (Collition Avoidance) instead of CSMA/CD (Collition Detection) used in Ethernet technology Suffers from interference from other devices using radio frequency (wireless phones, microwaves), and other physical obstacles (walls, columns, etc) Wireless is an extension to a physical network. A Workgroup Bridge connects two LANs through a wireless connection. Number of users connecting through a workgroup bridge is very limited; enough for about 10 people. Can be used to connect branches in the same MAN (Metropolitan Area Network) in a cost effective way without having to lease lines, run own cables and without paying monthly fees.
6.1.1 SSIDs
Service Set Identifier (SSID) is a unique identifier that represents a VLAN or a network. Connecting to an SSID
Figure 1 Figure 2
Figure 3
Figure 4
Figure 1 When a client first tries to connect, it will send a probe as a broadcast, requesting all access points that it can reach to reply a beacon Figure 2 The Access Points that were able to hear the probe will reply with a beacon to the host. This can be disabled. Figure 3 The client will choose one from the list of beacons that replied (the list of wireless networks available to you in Windows). Figure 4 Assuming there is no security enabled, the wireless access point will add the MAC address of the new wireless client to the list of connected devices and provide it with an IP if DHCP is available and enabled.
Repeaters should have a 50% area overlap to be able to reproduce signals properly APs should have up to 15% area overlap to be able to roam from one to another without losing connection to an SSID Neighbor Access Points must use non-overlapping channels
As the client gets far from its AP, beacons from the AP starts to miss probes (which are sent periodically from the client), signal starts to get weaker. As signal gets weaker, the client analyzes other Access Points with the same SSID that may provide better signal. If so, it attempts to roam to this new access point. Wireless Access Points can support multiple VLANs. This means we can create different SSIDs (one per VLAN), each one can have different security mechanisms, and the AP would trunk to a switch to allow communication for all VLANs.
6.1.5 802.11a
Up to 54Mbps NOT Compatible with b or g 12 to 23 non overlapping channels
6.1.5 802.11b
Up to 11Mbps Most popular standard 3 non overlapping channels: 1,6,11
6.1.5 802.11g
Up to 54Mbps Compatible with b 3 non overlapping channels: 1,6,11
6.1.7.1 Autonomous AP
Stand Alone Controlled with WDS (Wireless Domain Services) for Roaming Managed with WLSE (WLAN Solution Engine) through Ciscoworks IOS Based with web interface Costs more, can convert into Lightweight AP based on IOS
6.1.7.1 Lightweight AP
Server-Dependant or Controller Based Controlled using WLC (Wireless LAN Controller)
Only Lightweight
6.1.11 Omni
6.1.11 Directional
6.1.11 Yagi
No signal behind the antenna which is aimed towards the desired area
Antenna pointed towards desired area, much more range and the angle of beam can be adjusted; the small it is the more powerful the signal and the longer it can travel
7.1
VoIP
VoIP used to save costs on voice transmission Low Bandwidth, centralized data and voice Saves costs on staff and move, add and changes PC daisy chains to the network through the switch 64Kbps that take a normal voice line converts to 8Kbps through VoIP Integration of data world and voice world.
SwitchA(config-if)#switchport mode access SwitchA(config-if)#switchport access vlan 200 SwitchA(config-if)#switchport voice vlan 100 #The switch will send CDP packets to make sure a Cisco phone is plugged in
7.1.3 QoS
-Marking packets for QoS:
Classification of packets occur when a packet is inspected to see what kind of traffic it contains Packets can be categorized with access-lists, source ports, etc. Classification is CPU intensive CoS is marking frames at Layer 2. No deep packet inspection; looks at CoS tag on the frame, 3 Bits of marking for 7 levels of marking (0 to 7). For Example, all SQL traffic can be marked. Levels 6 and 7 are reserved by Cisco for routing protocols, etc. At Layer3, CoS is dropped since its Layer 2 and replaced with ToS. IP Precedence was the old way of marking at Layer 3, up to 7 levels of marking. DSCP now provides up to 64. Routers can look at the ToS to determine priority without having to do deep packet inspection
Auto QoS is available to automatically implement the most appropriate QoS parameters on the interface based on bandwidth, switchport, etc. to meet Ciscos best practices
SwitchA(config-if)#auto qos voip cisco-phone #This auto detects the best priority for this type of traffic