Cisco 813-RF - 813 Router Spécifications

CCNP SWITCH 642-813Quick ReferenceChapter 1:Campus Network Design...4Chapter 2:VLAN Implementation...12Ch

CHAPTER 1Campus Network DesignPlanning a Network ImplementationIt is important to use a structured approach to planning and implementing any network c

CHAPTER 8Voice and Video in a Campus NetworkUsing AutoQoSWhen AutoQoS is enabled, the switch configures its interfaces based on a best-practices templ

CHAPTER 8Voice and Video in a Campus NetworkVideo over IPVideo traffic roughly falls into one of three categories: many-to-many, many-to-few, and few-

CHAPTER 9Wireless LANs in a Campus NetworkChapter 9Wireless LANs in a Campus NetworkWireless LANs (WLAN) transmit and receive data using radio or infr

CHAPTER 9Wireless LANs in a Campus NetworkThe Cisco Compatible Extensions Program tests other vendors’ devices for compatibility with Cisco wireless p

CHAPTER 9Wireless LANs in a Campus NetworkService Set Identifiers (SSID)An SSID maps to a VLAN and can be used to segment users into groups requiring

CHAPTER 9Wireless LANs in a Campus NetworkClient ConnectivityClients associate with an access point as follows:Access points send out beacons announci

CHAPTER 9Wireless LANs in a Campus NetworkCisco Wireless Network ComponentsCisco supports two types of wireless solutions: one using autonomous access

CHAPTER 9Wireless LANs in a Campus NetworkLightweight Access PointsLightweight APs divide the 802.11 processing between the AP and a Cisco Wireless LA

CHAPTER 9Wireless LANs in a Campus NetworkStep 3. The WLCs respond with an LWAPP or CAPWAP Discovery Response that includes the number of APscurrently

CHAPTER 9Wireless LANs in a Campus NetworkWireless LAN ControllersCisco WLAN controllers can be either an appliance, a module, or integrated into a 37

CHAPTER 1Campus Network DesignNetwork engineers at the CCNP level will likely be involved at the implementation and following phases. They can alsopar

CHAPTER 9Wireless LANs in a Campus NetworkIntegrating Wireless into the LANThis section covers configuring your switches for wireless APs and controll

CHAPTER 9Wireless LANs in a Campus NetworkPlanning for a Wireless ImplementationIn planning a wireless implementation, first gather requirements. Some

CCNP SWITCH Quick Reference Denise Donohue Copyright © 2010 Pearson Education, Inc.Published by:Cisco Press800 East 96th StreetIndianapolis, Indiana 4

CHAPTER 2VLAN ImplementationChapter 2VLAN ImplementationVLANs are used to break large campus networks into smaller pieces. The benefit of this is to m

CHAPTER 2VLAN Implementation[ 13 ]© 2010 Pearson Education, Inc. All rights reserved. This publication is protected by copyright. Please see page 112

CHAPTER 2VLAN ImplementationWhen planning a VLAN structure, consider traffic flows and link sizing. Take into account the entire traffic pattern ofapp

CHAPTER 2VLAN ImplementationCreating a VLAN and Assigning PortsVLANs must be created before they can be used. Creating VLANs is easy—in global configu

CHAPTER 2VLAN ImplementationOther verification commands include:n show running-config interface interface no: Use the following to verify the VLAN mem

CHAPTER 2VLAN ImplementationOperational Trunking Encapsulation: nativeNegotiation of Trunking: OnAccess Mode VLAN: 1 (default)Trunking Native Mode VLA

CHAPTER 2VLAN Implementationin either the ISL encapsulation or the 802.1Q tag. The switch on the other end of the trunk removes the ISL or 802.1Qinfor

CHAPTER 2VLAN ImplementationConfigure a port for trunking at the interface configuration mode:(config-if)#switchport mode {dynamic {auto | desirable}

About the AuthorDenise Donohue, CCIE No. 9566, is a senior solutions architect for ePlus Technology. She consults with companies todesign updates or a

CHAPTER 2VLAN ImplementationUsing the trunk keyword with the show interfaces command gives information about the trunk link:# show interfaces fastethe

CHAPTER 2VLAN ImplementationVTP works by using Configuration Revision numbers and VTP advertisements:n All switches send out VTP advertisements every

CHAPTER 2VLAN ImplementationThe two versions of VTP are Version 1 and Version 2. To use Version 2, all switches in the domain must be capable ofusing

CHAPTER 2VLAN ImplementationVerifying and Monitoring VTPTo get basic information about the VTP configuration, use show vtp status. The example shows t

CHAPTER 2VLAN ImplementationEtherChannelsAn EtherChannel is a way of combining several physical links between switches into one logical connection. No

CHAPTER 2VLAN ImplementationConfiguring an EtherChannelBasically, you should configure the logical interface and then put the physical interfaces into

CHAPTER 2VLAN ImplementationLink Aggregation Control Protocol (LACP) is an IEEE standard protocol, IEEE 802.3ad, which does the same thing.LACP modes

CHAPTER 2VLAN ImplementationTroubleshooting VLAN IssuesConfiguration problems can arise when user traffic must traverse several switches. The followin

CHAPTER 2VLAN ImplementationTroubleshooting VTPThe following are some common things to check when troubleshooting problems with VTP:n Make sure you ar

CHAPTER 3Spanning TreeChapter 3Spanning TreeEthernet network design balances two separate imperatives. First, Ethernet has no capacity for detecting c

Icons Used[ 3 ]© 2010 Pearson Education, Inc. All rights reserved. This publication is protected by copyright. Please see page 112 for more details.CC

CHAPTER 3Spanning TreeSpanning Tree Protocol (STP) works by selecting a root bridge and then selecting one loop-free path from the root bridgeto every

CHAPTER 3Spanning TreeSpanning Tree Election CriteriaSpanning Tree builds paths out from a central point along the fastest available links. It selects

CHAPTER 3Spanning TreeTable 3-1 Spanning Tree CostsLink Speed Previous IEEE Specification Current IEEE Specification10 Mb/s 100 100100 Mb/s 10 191 Gbp

CHAPTER 3Spanning TreeRoot Port ElectionThe root port is the port that leads back to the root. Continuing with Figure 3-1, when A is acknowledged as t

CHAPTER 3Spanning TreeBridge Protocol Data Units Switches exchange Bridge Protocol Data Units (BPDU). The two types of BPDUs are Configuration and Top

CHAPTER 3Spanning TreeTCN BPDUs are sent by a downstream switch toward the root when:n There is a link failure.n A port starts forwarding, and there i

CHAPTER 3Spanning TreeSpanning Tree Port StatesWhen a port is first activated, it transitions through the following stages shown in Table 3-2.Table 3-

CHAPTER 3Spanning TreeConfiguring Spanning TreeTo change the STP priority value, use the following:Switch (config)# spanning-tree vlan vlan_no. priori

CHAPTER 3Spanning TreePortfastPortfast is a Cisco-proprietary enhancement to Spanning Tree that helps speed up network convergence. It is for access(u

CHAPTER 3Spanning TreeRSTP Port RolesRSTP also defines different Spanning Tree roles for ports:n Root port: The best path to the root (same as STP)n D

CHAPTER 1Campus Network DesignChapter 1Campus Network DesignAn enterprise campus generally refers to a network in a specific geographic location. It c

CHAPTER 3Spanning Treen Link type: If you connect two switches through a point-to-point link and the local port becomes a designated port, itexchanges

CHAPTER 3Spanning Tree(config-mst)# revision number(config-mst)# instance number vlan vlan_range(config-mst)# end# show spanning-tree mstTo be compati

CHAPTER 3Spanning TreeUplinkFastUplinkFast is for speeding convergence when a direct link to an upstream switch fails. The switch identifies backup po

CHAPTER 3Spanning TreeConfigure this command on all switches in the network:(config)# spanning-tree backbonefastBPDU GuardBPDU Guard prevents loops if

CHAPTER 3Spanning TreeRoot GuardRoot Guard is meant to prevent the wrong switch from becoming the Spanning Tree root. It is enabled on ports other tha

CHAPTER 3Spanning TreeTo control UDLD on a specific fiber port, use the following command:(config-if)# udld port {aggressive | disable}To reenable all

CHAPTER 3Spanning TreeTo enable Loop Guard on a specific interface, use the following:(config-if)# spanning-tree guard loopLoop Guard automatically re

CHAPTER 3Spanning TreeIdentifying a Bridging LoopSuspect a loop if you see the following:n You capture traffic on a link and see the same frames multi

CHAPTER 3Spanning Treen Tune STP using the tools detailed in this section.n Enable UDLD aggressive mode on all fiber interfaces.n Design STP domains t

CHAPTER 4InterVLAN RoutingChapter 4InterVLAN RoutingVLANs divide the network into smaller broadcast domains but also prohibit communication between do

CHAPTER 1Campus Network Designn Distribution: Aggregation point for access switches. Provides availability, QoS, fast path recovery, and load balancin

CHAPTER 4InterVLAN Routingencapsulation dot1Q 20ip address 10.1.20.1 255.255.255.0!interface FastEthernet0/1.99description Native VLANencapsulation do

CHAPTER 4InterVLAN RoutingInput1. Receive frame2. Verify frame integrity3. Apply inbound VLAN ACL (VLAN Access Control List)4. Look up destination MAC

CHAPTER 4InterVLAN RoutingRouting1. Apply input ACL2. Switch if entry is in CEF cache3. Identify exit interface and next-hop address using routing tab

CHAPTER 4InterVLAN RoutingIn comparison, Multilayer Switching (MLS) uses aa Ternary Content Addressable Memory (TCAM) table to store infor-mation need

CHAPTER 4InterVLAN RoutingAn SVI is considered “up” as long as at least one port in its associated VLAN is active and forwarding. If all ports in theV

CHAPTER 4InterVLAN RoutingTo verify your configuration, use the commands show ip interface brief, show interface, or show running-config inter-face in

CHAPTER 4InterVLAN Routingn Separates control plane hardware from data plane hardware.n Controls plane runs in software and builds FIB and adjacency t

CHAPTER 4InterVLAN Routingn 802.3 (IPX) or other unsupported encapsulation typesn Packets with an expiring TTLn Packets that must be fragmentedConfigu

CHAPTER 4InterVLAN RoutingTroubleshoot CEF drops with the following:# show cef dropTroubleshoot CEF adjacencies with the following:# show adjacency[ 5

CHAPTER 5Implementing High AvailabilityChapter 5Implementing High AvailabilityA highly available network is the goal of every network engineer. Having

CHAPTER 1Campus Network DesignSmall Campus DesignIn a small campus, the core and distribution can be combined into one layer. Small is defined as fewe

CHAPTER 5Implementing High AvailabilityTechnologySome of the technologies found in Cisco routers and Layer 3 switches enhance availability by providin

CHAPTER 5Implementing High Availabilityn Communication and documentation: There should be good communication between teams responsible for thenetwork,

CHAPTER 5Implementing High Availabilityn Disaster recovery and business continuity plansn Evaluating the security impact of a proposed changeToolsA we

CHAPTER 5Implementing High AvailabilityNetwork Level ResiliencyRedundant links were discussed in Chapter 2. STP blocks a redundant link by default so

CHAPTER 5Implementing High AvailabilityOptimizing RedundancyYou should be aware that redundancy does not always equal resiliency. Too much redundancy

CHAPTER 5Implementing High AvailabilityDesigning for RedundancyFigure 5-1 shows where you would typically use redundancy within a campus network. Acce

CHAPTER 5Implementing High AvailabilityThere must be a physical link between distribution switches, and it should be a L2 trunk. Without that link, an

CHAPTER 5Implementing High AvailabilityIn Figure 5-4 the access switches are L3. This gives the faster convergence and is easiest to implement. All li

CHAPTER 5Implementing High AvailabilityUsing Nonchassis Based Access SwitchesUsing more than one stand-alone switch, such as the Cisco 3560 or 3750, i

CHAPTER 5Implementing High AvailabilitySyslogCisco devices produce system logging (or syslog) messages that can be output to the device console, VTY c

CHAPTER 1Campus Network DesignData Center DesignThe core layer connects end users to the data center devices. The data center segment of a campus can

CHAPTER 5Implementing High AvailabilitySNMPAn SNMP manager collects information from SNMP agents residing on network devices, either through regular p

CHAPTER 5Implementing High Availabilitycalled a responder. IP SLA probes can simulate various types of traffic, such as HTTP, FTP, DHCP, UDP jitter, U

CHAPTER 6First Hop RedundancyChapter 6First Hop RedundancySpecifying a default gateway leads to a single point of failure. Proxy Address Resolution Pr

CHAPTER 6First Hop RedundancyThe Active router forwards traffic. The Standby is backup. The standby monitors periodic hellos (multicast to 224.0.0.2,U

CHAPTER 6First Hop RedundancyConfiguring HSRPTo begin configuring HSRP, use the standby group-number ip virtual-IP-address command in interface config

CHAPTER 6First Hop RedundancyTracking an interface can trigger an election if the active router is still up but a critical interface (such as the one

CHAPTER 6First Hop RedundancyThe VRRP Master router forwards traffic. The master is chosen because it owns the real address, or it has the highestpri

CHAPTER 6First Hop RedundancyTo change the timers on the backup routers, use the following command because they hear the hellos from the master:Router

CHAPTER 6First Hop RedundancyThe actual router used by a host is its Active Virtual Forwarder (AVF). GLBP group members multicast hellos every 3second

CHAPTER 7Campus Network SecurityChapter 7Campus Network SecurityAttention has traditionally been paid to network perimeter security, such as firewall,

CHAPTER 1Campus Network DesignNetwork Traffic FlowThe need for a core layer and the devices chosen for the core also depend on the type of network tra

CHAPTER 7Campus Network SecurityMAC Address-Based AttacksCommon MAC address-based attacks rely on flooding the CAM table and can be mitigated by using

CHAPTER 7Campus Network SecurityTABLE 7-1 Port Security CommandsCommand Descriptionswitchport port-security Enables port security on that interface.sw

CHAPTER 7Campus Network SecurityMaximum MAC Addresses : 2Total MAC Addresses : 0Configured MAC Addresses : 0Sticky MAC Addresses : 0Last

CHAPTER 7Campus Network SecurityTable 7-2 Configuring 802.1x Port AuthenticationCommand Description(config-if)#dot1x port- control Enables 802.1x auth

CHAPTER 7Campus Network Security802.1Q Double-TaggingA double-tagging attack is possible because 802.1Q trunking does not tag frames from the native V

CHAPTER 7Campus Network SecurityVACLsCisco switches support of various kinds of ACLs:n Traditional Router ACL (RACL)n QoS ACLn VA C LVLAN access contr

CHAPTER 7Campus Network SecurityPrivate VLANsPrivate VLANs (PVLAN) enable large companies or service providers to isolate users into separate multiacc

CHAPTER 7Campus Network SecurityTable 7-3 Configuring Private VLANsCommand Descriptionprivate-vlan association Associates secondary VLANs with the pri

CHAPTER 7Campus Network SecuritySpoof AttacksSpoof attacks include DHCP spoofing, MAC address spoofing, and ARP spoofing.DHCP SpoofingA DHCP spoofing

CHAPTER 7Campus Network SecurityEnable IP Source Guard for both IP and MAC addresses on host access interfaces with the command ip verify sourceport-s

CHAPTER 1Campus Network Designn Client-Enterprise Edge applications are located on servers at the WAN edge, reachable from outside the company.These c

CHAPTER 7Campus Network Securityn Use SSH instead of Telnet.n Physically secure access to the device.n Use banners that warn against unauthorized acce

CHAPTER 8Voice and Video in a Campus NetworkChapter 8Voice and Video in a Campus NetworkVoice over IP (VoIP) has become common in the business world,

CHAPTER 8Voice and Video in a Campus NetworkData requirements typically include high bandwidth, but delay and jitter are not crucial. A highly availab

CHAPTER 8Voice and Video in a Campus NetworkVoIP traffic consists of two types: voice bearer and call control signaling. Voice bearer traffic is carri

CHAPTER 8Voice and Video in a Campus Networkn Electrical power for the IP phones: Use either PoE from Catalyst switch or power inline module, or a pow

CHAPTER 8Voice and Video in a Campus NetworkCisco IP phones have a small internal switch that places an 802.1q tag on voice traffic and marks the Clas

CHAPTER 8Voice and Video in a Campus Networkn Allows service to be tailored to network needsn Allows mission-critical applications to share the networ

CHAPTER 8Voice and Video in a Campus Networkn Dropping: Normally interface queues accept packets until they are full and then drop everything after th

CHAPTER 8Voice and Video in a Campus NetworkVoice bearer traffic uses an Expedited Forwarding value of DSCP 46 to give it higher priority within the n

CHAPTER 8Voice and Video in a Campus Network4. Fast Convergency: To enhance high availability, tune the routing and HSRP/VRRP/GLBP timers.5. Test Plan