|
Module 1: Campus Networks and Design Models |
|
|
Module Overview
|
|
| 1.1 |
Overview of a
Campus Network
|
1.1.1 |
Traditional
campus networks |
|
1.1.2 |
Issues with
traditional campus network designs |
|
1.1.3 |
Traditional
80/20 rule of network traffic |
|
1.1.4 |
The new 20/80
rule of network traffic |
|
1.1.5 |
Key
requirements of the evolving campus structure |
|
1.1.6 |
Evolving campus structure |
|
|
| 1.2 |
Key
Characteristics of Various Switching Technologies
|
1.2.1 |
Overview |
|
1.2.2 |
Layer 2
switching |
|
1.2.3 |
Layer 3
switching |
|
1.2.4 |
Layer 4
switching |
|
1.2.5 |
Multilayer
switching |
|
1.2.6 |
Quality of
Service (QoS) |
|
1.2.7 |
Multicast |
|
1.2.8 |
Hierarchical design model for
campus networks |
|
|
| 1.3 |
Building-Block
Approach
|
1.3.1 |
The switch
block |
|
1.3.2 |
Scaling the switch block |
|
1.3.3 |
Building the core block |
|
1.3.4 |
Layer 2 and 3 backbone scaling |
|
1.3.5 |
Advantages of the building-block approach |
|
1.3.6 |
Small campus networks |
|
1.3.7 |
Medium campus networks |
|
1.3.8 |
Large campus networks |
|
|
| 1.4 |
Basic
Configuration of the Switch
|
1.4.1 |
Cabling the
switch block |
|
1.4.2 |
Connecting to
the console port |
|
1.4.3 |
Connecting an
Ethernet port |
|
1.4.4 |
Clearing a configuration |
|
1.4.5 |
Setting a password |
|
1.4.6 |
Naming the switch |
|
1.4.7 |
Configure the switch for remote access |
|
1.4.8 |
Identifying individual ports |
|
1.4.9 |
Defining link speed and line mode on a switch |
|
|
| 1.5 |
Important IOS
Features
|
1.5.1 |
Command-line recall |
|
1.5.2 |
Using the help feature |
|
1.5.3 |
Password recovery |
|
1.5.4 |
Setting an IDLE timeout |
|
1.5.5 |
Verifying connectivity |
|
1.5.6 |
Backup and restoration of a configuration using a TFTP server |
|
1.5.7 |
HTTP access to the switch |
|
|
| 1.6 |
Hands-on Lab
Exercises
|
1.6.1 |
Catalyst 2950T and 3550 series basic setup |
|
1.6.2 |
Catalyst 2950T and 3550 configuration and IOS files |
|
1.6.3 |
Catalyst 2950T and 3550 series password recovery |
|
1.6.4 |
Fluke Network Inspector |
|
1.6.5 |
Fluke Protocol Expert |
|
|
|
Module Summary
|
|
|
Module
Quiz
|
|
|
Module 2: VLANs and VTP |
|
|
Module Overview
|
|
| 2.1 |
VLAN Basics
|
2.1.1 |
Describe a
VLAN |
|
2.1.2 |
Motivation
for VLANs |
|
2.1.3 |
VLANs and
network security |
|
2.1.4 |
VLANs and
broadcast distribution |
|
2.1.5 |
VLANs and bandwidth utilization |
|
2.1.6 |
VLANs versus router latency |
|
2.1.7 |
Wrong motives for implementing VLANs |
|
|
| 2.2 |
VLAN Security
|
2.2.1 |
Overview
|
|
2.2.2 |
Understanding
switch ACLs |
|
2.2.3 |
Router ACLs |
|
2.2.4 |
Configuring
router ACLs |
|
2.2.5 |
Configuring VLAN maps |
|
2.2.6 |
Using VLAN maps with router ACLs |
|
2.2.7 |
Applying router ACLs and VLAN maps on VLANs |
|
|
| 2.3 |
VLAN Types
|
2.3.1 |
VLAN
boundaries |
|
2.3.2 |
End-to-end
VLANs |
|
2.3.3 |
Local VLANs |
|
2.3.4 |
Establishing VLAN memberships |
|
2.3.5 |
Port-based VLAN membership |
|
2.3.6 |
Dynamic VLANs |
|
|
| 2.4 |
Configuring
VLANs and VMPS
|
2.4.1 |
Configuring
static VLANs |
|
2.4.2 |
Verifying
VLAN configuration |
|
2.4.3 |
Deleting VLANs |
|
2.4.4 |
VMPS operation |
|
2.4.5 |
VMPS configuration guidelines |
|
2.4.6 |
Access links and trunk links |
|
|
| 2.5 |
VLAN Trunking
and Dynamic Trunking Protocol (DTP)
|
2.5.1 |
Trunking
overview |
|
2.5.2 |
Configuring a VLAN trunk |
|
2.5.3 |
Removing VLANs from a trunk |
|
2.5.4 |
Basics of
Dynamic Trunking Protocol (DTP) |
|
2.5.5 |
DTP trunk and
access modes |
|
2.5.6 |
DTP combinations |
|
2.5.7 |
Verifying DTP |
|
|
| 2.6 |
VLAN
Identification
|
2.6.1 |
VLAN frame
identification |
|
2.6.2 |
Inter-Switch
Link |
|
2.6.3 |
The IEEE
802.1Q protocol |
|
2.6.4 |
The IEEE
802.10 protocol |
|
2.6.5 |
LAN emulation |
|
|
|
2.7 |
VTP Trunking
Protocol (VTP)
|
|
|
2.8 |
VTP
Configuration and VTP Pruning
|
2.8.1 |
Basic
configuration steps |
|
2.8.2 |
Configuring
the VTP version |
|
2.8.3 |
Configuring
the VTP domain |
|
2.8.4 |
Configure the
VTP mode |
|
2.8.5 |
Verifying VTP configuration |
|
2.8.6 |
Default behavior of a switch |
|
2.8.7 |
Configure VTP pruning |
|
2.8.8 |
Verifying VTP pruning |
|
|
|
2.9 |
Hands-on Lab
Exercises
|
2.9.1 |
Catalyst
2950T and 3550 series static VLANs |
|
2.9.2 |
Catalyst
2950T and 3550 series VTP domain and VLAN trunking |
|
2.9.3 |
Catalyst
2950T and 3550 series VTP pruning |
|
2.9.4 |
Catalyst 2950
and 3550 series intra-VLAN security |
|
|
|
Module Summary
|
|
|
Module
Quiz
|
|
|
Module 3: Spanning-Tree Protocol |
|
|
Module Overview
|
|
| 3.1 |
Spanning-Tree
Protocol Operation
|
|
| 3.2 |
STP Processes
|
3.2.1 |
STP decisions
and BPDU exchanges |
|
3.2.2 |
Three steps
of STP convergence |
|
3.2.3 |
Electing the
root bridge |
|
3.2.4 |
Electing root
ports |
|
3.2.5 |
Electing designated ports |
|
3.2.6 |
STP states |
|
3.2.7 |
STP timers |
|
3.2.8 |
BPDU format |
|
3.2.9 |
Topology changes and STP |
|
|
| 3.3 |
STP
Enhancements
|
|
| 3.4 |
802.1w Rapid
Spanning-Tree Protocol
|
|
| 3.5 |
Evolution of
Spanning Tree
|
3.5.1 |
PVST + |
|
3.5.2 |
Enhanced PVST + |
|
3.5.3 |
MST (802.1 s) |
|
3.5.4 |
Load balancing |
|
3.5.5 |
Switchport tuning using BPDU guard |
|
3.5.6 |
Switchport tuning using root guard |
|
|
| 3.6 |
STP
Configuration
|
3.6.1 |
Default STP configuration |
|
3.6.2 |
Enabling and disabling Spanning-Tree
Protocol |
|
3.6.3 |
Modifying the root bridge |
|
3.6.4 |
Setting the priority for ports and VLANs
|
|
3.6.5 |
Setting the port cost |
|
3.6.6 |
Configuring switch priority of a VLAN
|
|
3.6.7 |
Modifying default timers
|
|
|
| 3.7 |
Tuning,
Verifying, and Troubleshooting Spanning-Tree Protocol
|
3.7.1 |
Configuring PortFast |
|
3.7.2 |
Configuring UplinkFast |
|
3.7.3 |
Configuring BackboneFast |
|
3.7.4 |
Configuring BPDU guard |
|
3.7.5 |
Configuring root guard |
|
3.7.6 |
Configuring load balancing |
|
3.7.7 |
Verifying STP, RSTP, and MTSP
configuration |
|
|
| 3.8 |
RSTP and MST
Configuration
|
3.8.1 |
Default RSTP and MSTP configuration |
|
3.8.2 |
RSTP and MSTP configuration guidelines |
|
3.8.3 |
Enabling RSTP and MSTP |
|
3.8.4 |
Configuring the MST root switch |
|
3.8.5 |
Configuring MST switch priority |
|
3.8.6 |
Configuring MST path cost |
|
3.8.7 |
Configuring MST port priority |
|
3.8.8 |
Configuring MSTP timers |
|
3.8.9 |
Configuring maximum hop count |
|
|
| 3.9 |
EtherChannel
|
3.9.1 |
EtherChannel explained |
|
3.9.2 |
Frame distribution |
|
3.9.3 |
EtherChannel methods |
|
3.9.4 |
Port Aggregation Protocol (PAgP) |
|
3.9.5 |
Link Aggregation Control Protocol (LACP)
|
|
3.9.6 |
Modifying port cost for EtherChannel groups |
|
3.9.7 |
EtherChannel configuration guidelines
|
|
3.9.8 |
Configuring Fast EtherChannel |
|
|
| 3.10 |
Hands-on Lab
Exercises
|
3.10.1 |
STP default behavior |
|
3.10.2 |
Use network inspector to observe
STP behavior |
|
3.10.3 |
Advanced PVST+ configuration |
|
3.10.4 |
Implementing MST |
|
3.10.5 |
Configuring Fast EtherChannel |
|
3.10.6 |
Per-VLAN spanning tree load balancing |
|
3.10.7 |
Port level tuning to control STP behavior |
|
|
|
Module Summary
|
|
|
Module
Quiz
|
|
|
Module 7: Cisco AVVID |
|
| Module
Overview
|
|
| 7.1 |
Introduction to Cisco AVVID
|
7.1.1 |
Examining the
Cisco AVVID framework |
|
7.1.2 |
Cisco AVVID
network infrastructure |
|
7.1.3 |
Cisco AVVID
intelligent network services |
|
7.1.4 |
High
availability |
|
7.1.5 |
Cisco AVVID
network solutions |
|
7.1.6 |
Cisco AVVID
network implementations example |
|
7.1.7 |
Legacy
migration |
|
|
| 7.2 |
Examining Multicast in a
Multilayer Switched Network
|
7.2.1 |
Multicast
overview |
|
7.2.2 |
Multicast
addressing |
|
7.2.3 |
Layer 3
multicast addressing |
|
7.2.4 |
Layer 2
multicast addressing |
|
7.2.5 |
IGMP and CGMP
operation |
|
7.2.6 |
IGMP version
1 |
|
7.2.7 |
IGMP version
2 |
|
7.2.8 |
IGMP version
1, 2 and 3 interoperability |
|
7.2.9 |
IGMP snooping |
|
7.2.10 |
CGMP
operation |
|
|
| 7.3 |
Routing Multicast Traffic
|
7.3.1 |
Overview |
|
7.3.2 |
Distribution
trees |
|
7.3.3 |
Managing
delivery of multicast packets |
|
7.3.4 |
Reverse Path
Forwarding (RPF) |
|
7.3.5 |
Multicast
Routing Protocols |
|
7.3.6 |
Distance
Vector Multicast Routing Protocol (DVMRP) |
|
7.3.7 |
Protocol
independent multicast dense mode |
|
7.3.8 |
Multicast
open shortest path first |
|
7.3.9 |
Sparse mode
routing protocols |
|
7.3.10 |
Core-based
trees and PIM sparse mode |
|
7.3.11 |
Configure IP
multicast routing |
|
7.3.12 |
Verify PIM
configuration |
|
7.3.13 |
Configure
auto-RP (optional) |
|
7.3.14 |
Optional
multicast routing tasks |
|
|
| 7.4 |
Cisco IP Telephony
|
7.4.1 |
Introducing
the Cisco IP telephony solution |
|
7.4.2 |
Cisco IP
telephony designs |
|
7.4.3 |
Single-site
model |
|
7.4.4 |
Multiple
sites with independent call processing |
|
7.4.5 |
Multiple
sites with distributed call processing |
|
7.4.6 |
Multisite IP
WAN with centralized call processing |
|
|
| 7.5 |
Voice Quality Issues
|
7.5.1 |
Common voice
issues |
|
7.5.2 |
Implementing
QoS for voice |
|
7.5.3 |
QoS |
|
7.5.4 |
Trust
boundaries |
|
7.5.5 |
Traffic
classification |
|
7.5.6 |
Traffic
classification at Layer 2 |
|
7.5.7 |
Traffic
classification at Layer 3 |
|
|
| 7.6 |
Network Design Issues for
Voice
|
7.6.1 |
IP Phone
physical connectivity |
|
7.6.2 |
Power
protection/options |
|
7.6.3 |
Power to IP
Phones |
|
7.6.4 |
Infrastructure considerations |
|
7.6.5 |
High
availability |
|
7.6.6 |
IP addressing
and management |
|
7.6.7 |
Implementing
IP telephony with auxiliary VLANs |
|
7.6.8 |
Voice VLAN
configuration |
|
7.6.9 |
Connecting to
the network with auxiliary VLANs |
|
|
| Module
Summary
|
|
|
Module
Quiz
|
|
|
Module 8: Quality of Service |
|
| Module
Overview |
|
| 8.1 |
Quality of Service
Requirements
|
8.1.1 |
Quality of
Service defined |
|
8.1.2 |
Loss |
|
8.1.3 |
Delay or
latency |
|
8.1.4 |
Delay
variation or jitter |
|
8.1.5 |
Network
availability |
|
8.1.6 |
Provisioning |
|
8.1.7 |
Quality of
Service requirements for data |
|
8.1.8 |
Quality of
Service requirements for voice |
|
8.1.9 |
Quality of
Service requirements for video |
|
|
| 8.2 |
Quality of Service
Mechanisms
|
8.2.1 |
Quality of
Service mechanisms |
|
8.2.2 |
Best-effort
service |
|
8.2.3 |
Integrated
services model |
|
8.2.4 |
Differentiated services model |
|
8.2.5 |
Traffic
marking |
|
8.2.6 |
Modular QoS
command-line interface (CLI) |
|
8.2.7 |
Using the class-map command to define traffic classes |
|
8.2.8 |
Defining the
QoS policy – the policy-map |
|
8.2.9 |
Applying the
policy to an interface – the service-policy |
|
|
| 8.3 |
Classification at the Access
Layer
|
8.3.1 |
Classification at the access layer |
|
8.3.2 |
Trusting the
CoS |
|
8.3.3 |
Configuring
CoS trust using the IOS |
|
8.3.4 |
Assigning CoS
on a per-port basis |
|
8.3.5 |
Re-writing
the CoS |
|
8.3.6 |
Using a MAC
ACL to assign a DSCP value |
|
8.3.7 |
Configuring
DSCP using a MAC ACL |
|
8.3.8 |
Using an IP
ACL to define the DSCP or precedence |
|
|
| 8.4 |
Policing and Marking
|
8.4.1 |
Policing and
marking |
|
8.4.2 |
Individual
policers |
|
8.4.3 |
Aggregate
policers |
|
8.4.4 |
Token bucket |
|
8.4.5 |
Classification and policing using Committed Access Rate (CAR) |
|
8.4.6 |
Configuring
the policed DSCP map |
|
8.4.7 |
Configuring
classification using CAR |
|
8.4.8 |
Configuring
policing using CAR |
|
|
| 8.5 |
Scheduling
|
8.5.1 |
Scheduling |
|
8.5.2 |
FIFO queue |
|
8.5.3 |
Weighted Fair
Queuing (WFQ) |
|
8.5.4 |
WFQ and IP
precedence |
|
8.5.5 |
Class Based
Weighted Fair Queuing (CBWFQ) |
|
8.5.6 |
Configuring
CBWFQ |
|
8.5.7 |
CBWFQ
bandwidth allocation |
|
|
| 8.6 |
Congestion Avoidance
|
8.6.1 |
Congestion
avoidance |
|
8.6.2 |
Weighted
random early detection (WRED) |
|
8.6.3 |
Configuring
WRED on a physical interface |
|
8.6.4 |
Verifying
WRED configuration |
|
8.6.5 |
Configuring
WRED with CBWFQ |
|
8.6.6 |
Low Latency
Queuing (LLQ) |
|
8.6.7 |
Configuring
LLQ |
|
|
| 8.7 |
Traffic Shaping
|
8.7.1 |
Traffic
shaping overview |
|
8.7.2 |
Generic
Traffic Shaping (GTS) |
|
8.7.3 |
Configuring
GTS for an interface |
|
8.7.4 |
GTS for Frame
Relay networks |
|
8.7.5 |
Configuring
GTS for Frame Relay networks |
|
8.7.6 |
Verifying GTS
configuration |
|
|
|
8.8 |
QoS Using Low Speed Links
|
8.8.1 |
QoS using low
speed links |
|
8.8.2 |
Link
efficiency mechanisms |
|
8.8.3 |
Link
fragmentation and interleaving |
|
8.8.4 |
Link
fragmentation and interleaving (LFI): Multilink PPP |
|
8.8.5 |
Compressed
Real-Time Protocol (cRTP) |
|
8.8.6 |
Configuring
cRTP |
|
|
|
8.9 |
Hands-on Lab Exercises
|
8.9.1 |
Classifying
traffic using CoS at the access layer |
|
8.9.2 |
Introduction
to the modular QoS command-line interface |
|
8.9.3 |
QoS
classification and policing using CAR |
|
8.9.4 |
Weighted Fair
Queuing |
|
8.9.5 |
Configuring
WRED on an interface |
|
8.9.6 |
Configuring
WRED with CBWFQ |
|
8.9.7 |
Configuring
LLQ |
|
8.9.8 |
Configuring
GTS |
|
8.9.9 |
QoS manually
configured FRTS |
|
8.9.10 |
QoS
dynamically configured FRTS |
|
8.9.11 |
Link
fragmentation and interleaving |
|
8.9.12 |
QoS cRTP |
|
|
| Module Summary
|
|
|
Module
Quiz |
|
|
Module 9: Monitoring and Security |
|
|
Module Overview
|
|
| 9.1 |
Monitoring
Switched Network Performance with SPAN and VSPAN
|
9.1.1 |
Monitoring
switched network performance with SPAN and VSPAN |
|
9.1.2 |
Monitoring
with SPAN on a port basis |
|
9.1.3 |
SPAN
interaction with other features |
|
9.1.4 |
SPAN and
VSPAN configuration limitations |
|
9.1.5 |
Configuring
SPAN sessions |
|
9.1.6 |
VSPAN – SPAN
using VLANS as monitored source |
|
|
| 9.2 |
RSPAN
|
9.2.1 |
RSPAN
overview |
|
9.2.2 |
RSPAN
reflector ports |
|
9.2.3 |
RSPAN
interaction with other features |
|
9.2.4 |
RSPAN and
RSPAN VLANs |
|
9.2.5 |
Configuring
RSPAN |
|
9.2.6 |
Configuring
RSPAN to filter trunks for specific VLAN traffic |
|
|
| 9.3 |
Network
Analysis Modules and Switch Fabric Modules
|
9.3.1 |
Overview of
network analysis and switch fabric modules |
|
9.3.2 |
The network
analysis module |
|
9.3.3 |
Using the NAM |
|
9.3.4 |
Benefits of
deploying a NAM |
|
9.3.5 |
NAM
troubleshooting |
|
9.3.6 |
Increasing
switching fabric in 6500 series switches |
|
9.3.7 |
Configuring
the Switch Fabric Module |
|
9.3.8 |
Monitoring
the Switch Fabric Module |
|
|
| 9.4 |
Basic Security
|
9.4.1 |
Access
control policy |
|
9.4.2 |
Basic
security measures |
|
9.4.3 |
Physical
security |
|
9.4.4 |
Connecting to
the switch |
|
9.4.5 |
Out-of-band
management |
|
9.4.6 |
In-band
management |
|
9.4.7 |
Basic
password protection |
|
|
| 9.5 |
Securing Remote
Management
|
9.5.1 |
Remote management security options |
|
9.5.2 |
Advanced user name options |
|
9.5.3 |
Encrypting communications using Secure
Shell |
|
9.5.4 |
Encryption key-pairs |
|
9.5.5 |
Using VLANs to restrict remote management |
|
9.5.6 |
Securing the web management interface |
|
9.5.7 |
Using access lists to restrict remote
management |
|
9.5.8 |
Additional remote management session
options |
|
9.5.9 |
Configuring verifying, and troubleshooting
SSH server |
|
|
| 9.6 |
Securing User
Access
|
9.6.1 |
Securing user access |
|
9.6.2 |
Using port security, protected ports, and
private VLANs |
|
9.6.3 |
Using access lists |
|
9.6.4 |
Router ACLs |
|
9.6.5 |
Port ACLs |
|
9.6.6 |
VLAN ACLs and VLAN maps |
|
9.6.7 |
Configuring and verifying port security |
|
9.6.8 |
Configuring and verifying protected ports |
|
9.6.9 |
Configuring and verifying access lists |
|
|
| 9.7 |
Authentication,
Authorization, and Accounting
|
9.7.1 |
Introduction to AAA and security protocols |
|
9.7.2 |
TACACS+ |
|
9.7.3 |
RADIUS |
|
9.7.4 |
Cisco Secure Access Control Server (ACS) |
|
9.7.5 |
Configuring AAA |
|
9.7.6 |
Configuring TACACS+ and RADIUS clients |
|
9.7.7 |
Configuring AAA authentication |
|
9.7.8 |
Configuring AAA authorization |
|
9.7.9 |
Configuring AAA accounting |
|
|
| 9.8 |
802.1X
Port-based Authentication
|
9.8.1 |
Understanding 802.1X |
|
9.8.2 |
Authentication initiation and message
exchange |
|
9.8.3 |
Ports in authorized and unauthorized
states |
|
9.8.4 |
Supported topologies |
|
9.8.5 |
802.1X configuration guidelines |
|
9.8.6 |
Configuring 802.1X port-base authentication |
|
|
| 9.9 |
Hands-on Lab
Exercises
|
9.9.1 |
SPAN configuration |
|
9.9.2 |
VSPAN configuration |
|
9.9.3 |
RSPAN configuration |
|
9.9.4 |
Setting encrypted passwords |
|
9.9.5 |
Using local usernames and passwords |
|
9.9.6 |
Advanced username options |
|
9.9.7 |
Management VLANs on a single switch |
|
9.9.8 |
Restricting virtual terminal sessions with
access lists |
|
9.9.9 |
Restricting web interface sessions with
access lists |
|
9.9.10 |
Configuring protected ports |
|
9.9.11 |
Configuring VLAN maps |
|
|
|
Module Summary
|
|
|
Module
Quiz
|
|
