index [media.wiley.com] · aws (amazon web services), 1 0 b backu p boot sp orts in rstp, 84 backu...

bindex--.indd 02/28/2017 Page 435

Index

AA records, 209aaa authentication login

default group tacacs+local command, 270

AAA serverscentralized authentication,

269encryption, 271local users, 270ports, 253Telnet, 270

ABRs (area border routers)description, 145–146OSPF, 139, 143

access control lists (ACLs)configuring, 255–256deny any any rule, 254GRE tunnels, 197interfaces, 255IP spoofing, 250limits, 309master switches, 104matching statistics, 262Neighbor Discovery

packets, 262notes, 262packet comparisons, 254path trace analyses,

263–265quality of service, 202ranges, 253–254routed VLANs, 62–63SNMP, 276standard, 257verifying, 262VLANs, 60–61

access layerswitches, 13three-tier design model, 14

access-list deny command, 256

access-list deny tcp any eq command, 319

access-list deny tcp any host eq command, 257

access-list deny tcp host host eq access-list permit ip any any command, 257

access-list permit command,234–235, 309

access-list permit hostcommand, 256, 267, 309

access-list permit ip any any command, 319

access-list permit tcp host eq any command,258

access listsconfiguring, 258creating and applying,

266–267dynamic NAT, 233extended. See extended

access listsIPv6 addresses, 262IPv6 vs. IPv4, 262line numbers, 259–260NAT, 308placing, 259rules, 320Telnet, 319

access modeport security, 247switchports, 319

access portsdynamic VLANs, 60phones, 66PortFast mode, 92security, 62static, 62

switchports, 76, 303VLAN ID removal, 57, 301

access switches in BPDUGuard, 93

access violations in portsecurity, 244

ACK flags in three-way-handshakes, 312

Acknowledgment messages in DHCP, 215, 251

acknowledgmentsinform messages, 276UDP, 6

ACLs. See access control lists(ACLs)

activation keys for routers, 283

active modeEtherChannel, 103LACP, 99

active routers in HSRP, 223, 225, 307

active virtual forwarders in GLBP, 225

active virtual gateways inGLBP, 224–225

AD. See administrativedistance (AD)

Adaptive Security Appliance(ASA)

VPN tunnels, 194zone connections, 9

Address Resolution Protocol(ARP)

caches, 111–112Data Link layer, 312default gateway addresses,

111MAC addresses, 42, 109request packets, 111ROAS, 128time outs, 173

COPYRIG

HTED M

ATERIAL


436 addresses – autonomous systems (ASs) vs. iBGPs

addresses. See IP addresses;IPv6 addresses; MACaddresses

adjacenciesEIGRP, 160–162EIGRPv6, 165hello timers, 152OSPF, 140routers, 142, 144,

146–150, 154–155verifying, 142

administrative distance (AD)directly connected

networks, 122displaying, 150eBGP, 200EIGRP, 122OSPF, 122RIP, 121routes, 122, 304routing tables, 121static routes, 114, 122

administrative domains in IGPs, 133

administrative units in OSPF,134

administrator interventiondynamic routing, 129static routing, 129

ADSL (Asymmetrical Digital Subscriber Line), 195

advertised BPDU Guard, 94advertisements

BGP, 200–201CDP, 97eBGP, 199EIGRP, 156, 160, 163EIGRPv6, 164LLDP device intervals, 96OSPF, 142–144, 150RIP, 305RIPv2, 168–169, 172

aging times for MACaddresses, 43, 50

allowed lists for VLANs, 70–71, 78

alternate ports in RSTP, 84

Amazon Web Services (AWS), 10

ANDing process for hosts, 110

anycast addresses, 33–34anycasts, 25APIC-EM (Application

Policy InfrastructureController EnterpriseModule)

downloading, 263NDP, 263Path Trace ACL Analysis

tool, 263SDN, 298

Application layer, 3application program

interfaces (APIs), 298application-specific

integrated circuits (ASICs), 48

archivesrunning-config, 291–293time periods, 293

Area 0 in OSPF, 138area border routers (ABRs)

description, 145–146OSPF, 139, 143

area IDs for adjacencies, 149areas for routers, 150ARP. See Address Resolution

Protocol (ARP)ASA (Adaptive Security

Appliance)VPN tunnels, 194zone connections, 9

ASCII to EBCDICtranslation, 5

ASICs (application-specificintegrated circuits), 48

ASNs (autonomous system numbers)

BGP, 133EIGRP, 155–156,

159–160, 198ASs (autonomous systems)

vs. iBGPs, 198

asterisks (*) for connectedlines, 268

Asymmetrical DigitalSubscriber Line (ADSL), 195

attributes for eBGP path selection, 199

auth parameter in SNMP, 277authentication

centralized, 269EAP-TLS, 253802.1x, 252–253LCP, 177PPP, 178–179, 181PPPoE, 182–183, 186RADIUS, 270–271SNMP, 275, 277SSH, 268TACACS+, 309Telnet, 268WLCs, 7

Authentication Header (AH) protocol in IPSec, 197

authenticators in 802.1x, 252auto-cost reference-bandwidth

command, 151auto-disconnect, disabling, 267auto mode

negotiation notifications, 101

port channels, 100auto-negotiation in switches,

55auto qos trust cos command,

204auto-summarization in

EIGRP, 163automatic trunking

configuration for VLANhopping attacks, 319

autonomous system numbers (ASNs)

BGP, 133EIGRP, 155–156,

159–160, 198autonomous systems (ASs)

vs. iBGPs, 198


autonomous WAPs in star topology – Carrier Sense Multiple Access 437

autonomous WAPs in star topology, 15

AWS (Amazon Web Services), 10

Bbackup ports in RSTP, 84backups

configuration, 320IOS, 293startup-config, 281TACACS+ servers, 271

“Bad mask /24 for address”message, 126

bandwidthbest routes, 304EIGRP, 155FastEthernet and PAgP, 98links, 201OSPF, 141ROAS, 124routers, 126–127setting, 149static routing, 128switches, 60VNF devices, 12

bandwidth command, 149,159

banner login ^CCNA Routing and Switching^ command, 269

bannersexec, 269login, 269MOTD, 269

Bellman-Ford routing algorithm

dynamic routing protocols, 132

RIPv2, 170best path algorithm in eBGP

path selection, 199best routes in EIGRP, 304BGP. See Border Gateway

Protocol (BGP)binding port numbers, 6

Bittorrent service, 202blocked ports

description, 82DNS, 213

blocking traffic in path traceanalyses, 265

boot system command, 291boot system flash command,

290bootfile command, 217booting

images, 290–291IOS image decompression,

292IOS versions, 291PXE servers, 217TFTP servers, 291

bootup configuration for lost power, 281

Border Gateway Protocol (BGP)advertising, 200–201autonomous system

numbers, 133configuring, 200disabling, 201exterior gateway routing

protocols, 132neighbors, 198, 200process starting, 200routes, 134verifying, 201

BPDU Guardadvertised, 94edge switches, 94enabling, 93err-disable state, 303with PortFast, 93removing, 94switches, 93trunks, 93

break key sequence, 288bridge protocol data units

(BPDUs)alternate ports, 84backup ports, 84monitoring, 80topology changes, 83

bridgesIDs, 80, 82port roles, 81, 83priority, 82–83STP, 80–81, 83

broadcast domainsdetermining, 40, 46routers, 4VLANs, 60

broadcast networks, 140broadcast storms, 51–52broadcasts

broadcast frames vs. flooded frames, 48

DHCP, 25I/G bit, 52IP addresses, 19, 21purpose, 25request packets, 111

Ccables

crossover, 300disconnected, 541000Base-T, 15single-mode fiber, 312speed, 17switch stacks, 105types, 16

cachesARP, 111–112DNS, 212

capturing packets, 294CAPWAP (Control and

Provisioning of WirelessAccess Points), 7

Carrier Sense Multiple Access/Collision Avoidance (CSMA/CA), 8

Carrier Sense Multiple Access/Collision Detection (CSMA/CD), 4

438 CAT5e cable – “Command rejected” message

bindex--.indd 02/28/2017 38

CAT5e cable1000Base-T, 15speed, 17

catalogs in cloud computing, 11

CBWFQ (Class-Based Weighted Fair Queuing),204

CDP. See Cisco DiscoveryProtocol (CDP)

“%CDP-4-NATIVE_VLAN_MISMATCH:”message, 69

CE (customer edge) routersMPLS, 193neighbors, 197

CEF (Cisco ExpressForwarding)

description, 316next hop information, 317packet forwarding, 110

central office (CO), 195centralized authentication

AAA servers, 269Lightweight WAPs, 7WLCs, 7

Challenge Handshake Authentication Protocol (CHAP), 178

channel-group mode active command, 103

channel-group mode desirable command, 100–102

channel-group mode oncommand, 100

channel-group mode passive command, 303

channelsDS1 serial connections, 192LACP modes, 99non-overlapping, 8port. See port channels

CHAP (Challenge HandshakeAuthentication Protocol),178

checksums in OSI reference model, 3

CIDR notation for subnetmasks, 19, 22

CIR (committed information rate)

Metro Ethernet, 198QoS policing, 204

Cisco Discovery Protocol(CDP)

advertising, 97details display, 97frame rate, 95holddown timers, 95neighboring devices, 95network mapping, 282,

287–288turning off, 95VLAN mismatches, 77VoIP phones, 61

Cisco Express Forwarding (CEF)

description, 316next hop information, 317packet forwarding, 110

Cisco License Manager, 283Class-Based Weighted Fair

Queuing (CBWFQ), 204Class of Service field for

802.1Q frames, 202classes for IP addresses, 19,

26, 313classless routing in RIP, 168clear arp cache command,

112clear counters interface fast

command, 54clear host command, 212clear ip bgp soft in

command, 200clear ip dhcp conflict

command, 221clear ip nat translation *

command, 233clear ip ospf command, 143clear ip ospf process

command, 316clear ipv6 ospf process

command, 153clear line vty 2 command, 269

clear mac-address-table dynamic command, 46

clear port-security dynamicinterface gi command, 248

clear text for passwords, 268

clearingNAT translations, 233routers, 281

client SSL/VPN security, 194–195

clock-rate command, 193clock set command, 287clock summer-time EDT

recurring command,284

clock timezone pst command, 284

clockingleased lines, 193serial connections, 193verifying, 192

clocksrouters, 236, 287switches, 236

cloud computingcatalogs, 11IaaS, 10NIST criteria, 11PaaS, 11public, 10SaaS, 11

CO (central office), 195collapsed-core model

description, 13small enterprises, 14star topology, 15

collision domainsdescription, 44determining, 40–41, 46switches, 3VLANs, 60

collisionslogin times, 45switches, 45

“Command rejected” message, 71

“Command rejected: FastEthernet0/1 is a dynamic port” message – crossover cable 439


“Command rejected:FastEthernet0/1 is adynamic port” message, 242

command strings, navigating, 286

commandsbreaks, 288previously entered, 285

committed information rate (CIR)

Metro Ethernet, 198QoS policing, 204

Common Spanning Tree (CST), 83

community strings in SNMP,276, 320

compression anddecompression in OSIreference model, 2

conditions in ACLs, 254config-register command,

290configuration backups, 320configuration mode,

escaping, 286configuration registers

changing, 290default, 289password recovery, 292router reloads, 310verifying, 291

configure replace flashcommand, 293

configure terminal command, 288

configured sessions in SPAN,295

configuringaccess lists, 258ACLs, 255–256BGP, 200daylight savings time,

284DHCP, 213DHCP pools, 218DNS, 210–211, 217EIGRP, 159

EIGRPv6, 164EtherChannel, 100GRE tunnels, 187–188interfaces, 57IP addresses, 117IP SLAs, 279logging, 285loopback interfaces, 285NMS, 310NTP, 284, 318OSPFv3, 151–153PAT, 234–235policy maps, 318port channels, 100port security, 241–242PPP, 177, 180RADIUS, 271relay agents, 217RIP, 168RIPv2, 170ROAS, 127–128routers, 115–116,

219–220, 281routes, 118, 120–121SNMP, 276SPAN, 295SSH, 267static routes, 129subinterfaces, 314syslog servers, 278TACACS+, 270VRRP, 226

conflicts in IP addresses, 220congestion

causes, 5tail drop, 205

connected lines, displaying,268

connection-oriented communication in OSIreference model, 2

connectivitychecking, 172IPv6 addresses, 30

console logginglimiting, 283severity levels, 284syslog messages, 310

contact information inSNMP, 276

contention methods in CSMA/CA, 8

Control and Provisioning of Wireless Access Points (CAPWAP), 7

control planerouting protocols, 298STP, 297

convergenceRIPv2, 170routing tables, 132spanning-tree, 92STP, 81

copy flash tftp command, 292copy running-config startup-

config command, 281copy startup-config tftp:

command, 281copy tftp flash command,

289copy tftp: running-config

command, 281core layer

switches, 13three-tier design model, 15

corporate firewallsDMZs, 248perimeter areas, 248

CoS valuedefault, 205VoIP phones, 204

costsEIGRP, 155, 157OSPF, 141routers, 147, 151RSTP, 80–81STP, 80

CPU utilization in routers,297

CRC in store and forward method, 44, 48–49

cross-stack EtherChannel,103

crossover cable568 specification, 300switch connections, 16

440 crypto key generate rsa command – designated state for switchports


crypto key generate rsa command, 267

CSMA/CA (Carrier Sense Multiple Access/Collision Avoidance), 8

CSMA/CD (Carrier SenseMultiple Access/Collision Detection), 4

CST (Common SpanningTree), 83

Ctrl+A keys, 286Ctrl+E keys, 286Ctrl+Shift+6 keys, 288customer edge (CE) routers

MPLS, 193neighbors, 197

cut-through mode forswitches, 47

DDAD (Duplicate Address

Detection), 32data centers, 17data integrity

AH protocol, 197VPN, 194

Data Link layerARP, 312frame checksums, 3LLC, 5switches, 2

data plane for packets, 298databases

NAT, 228neighborship, 140topology, 79, 131VLANs, 72, 78, 303, 315VTP, 77

dates for switches, 286daylight savings time, 284DDoS (distributed denial of

service) attacksdescription, 249IPSs, 250

dead timers, verifying, 152

debug ip dhcp server packetcommand, 216

debug ip nat command, 234debug ip packet command,

294debug ip rip command, 169debug level for syslog facility

logging, 320debug ntp packets command,

236debug ppp authentication

command, 179debug standby command,

228decapsulating packets, 111decrypt-password command,

309dedicated lines

E-Line services, 191IP mismatches, 191keepalives, 190pinging, 190T1 leased lines, 189

default administrativedistance, 114

default advertisementinterval, 96

default configuration registers, 289

default CoS value, 205default gateways, 20–21

DHCP pools, 217host addresses, 111IP addresses, 24

default idle time, 268default-information originate

command, 149, 169default load balancing in

EtherChannel, 100default mode in STP, 84default native VLANs, 251,

314default priority

HSRP, 223OSPF, 316routers, 226

default-router command, 217

default routescreating, 121destination, 114eBGP advertisements, 199IPv6 addresses, 28OSPF, 149RAM, 129routing tables, 114static routing, 128

default subnet masks, 19default timers for echo

probes, 279–280default variance for EIGRP,

160“Default VLAN 1 may not

have its name changed”message, 67

default VLANsvs. native, 63switch configuration, 56

default VTP mode, 68delays

description, 202EIGRP, 155switching path, 228VoIP traffic, 203

deletingleases, 218–219VLANs, 57, 59

demilitarized zones (DMZs)email servers, 9firewalls, 8, 248servers, 9

deny any any rule, 254description Connection to

Switch1 command, 287design flexibility, 56designated ports, 81–82designated routers (DRs)

determining, 145displaying, 148IPv6 addresses, 150–151OSPF, 140, 316priority, 150selecting, 148

designated state for switchports, 303

desirable mode – DMVPN (Dynamic Multipoint Virtual Private Network) 441


desirable modenegotiation notifications,

101port channels, 100switches, 102

destinationpackets, 116, 121routes, 119

destination IP addressesin routing decisions, 109–110

destination MAC addresses,52, 313

Ethernet frames, 301layer 3 broadcasts, 24local packets, 110remote packets, 109

destination networks in subnet masks, 109

destination next hopsaddresses, 122

destination ports in SPAN,295–296

DevNet site, 263DHCP

Acknowledgmentmessages, 215

configuring, 213Discover packets, 213GIADDR field, 214IP addresses, 27, 214–216

conflicts, 220duplicate, 220

ipconfig /all command, 215Layer 3 broadcasts, 25, 216leases

deleting, 218time, 216–217verifying, 222

link-local addresses, 220Offer packets, 214PAT, 235ports, 214–215rebinding, 218–219relay agents, 214–217Request messages, 219UDP, 216

DHCP binding tablesMAC addresses, 219message tracking, 248

DHCP conflict tables, removing addresses from, 221

DHCP poolsconfiguring, 218default gateways, 217displaying, 221exclusions, 217, 220, 222incorrect, 221

DHCP serversMAC addresses, 307NACK messages, 307

DHCP snoopingattack mitigation, 249binding tables, 248database viewing, 252Offer and

Acknowledgmentmessages, 251

ports, 251–252rate limiting, 249untrusted mode, 249, 251VLANs, 251

DHCPv6, stateful, 32, 34,218

DHCPv6 serversIPv6 verification, 218relay agents, 31, 217SLAAC, 216stateless, 31

dialer interfaces in PPPoE,182

dialer pools in PPPoE, 184dialog control of applications

in OSI reference model, 3

Differentiated Services Code Point (DSCP)

marking priority, 203MPLS, 194quality of service,

202–203, 306Diffusing Update Algorithm

(DUAL), 131, 157

Dijkstra routing algorithm, 131dir flash: command, 281, 289directly connected routes

administrative distances, 122

IPv6 routes, 135disabling

auto-disconnect, 267BGP peers, 201LLDP, 96

discarding port mode inRSTP, 84–85

disconnected cables, 54disconnecting network

admin, 269discontiguous IP addresses in

EIGRP, 160discontinuous network

support, 170Discover packets in DHCP,

213distance limits 1000Base-T, 16distance-vector protocols

re-advertising routes learned, 131

RIP, 112, 130routing loops, 131–132routing table convergence,

132small networks, 131

distributed denial of service (DDoS) attacks

description, 249IPSs, 250

distributed processes in STP, 79

distribution layerswitches, 13three-tier design model, 14

distribution switches inphysical data center, 10

DMVPN (DynamicMultipoint VirtualPrivate Network)

hub-and-spoke technology, 193, 307

NHRP, 189

442 DMZs (demilitarized zones) – EGPs (exterior gateway protocols)


DMZs (demilitarized zones)email servers, 9firewalls, 8, 248servers, 9

DNS. See Domain Name Services (DNS)

dns-server command, 217do show running-config

command, 287documenting problems, 312DoD model

Process/Applicationlayer, 3

routing, 3Domain Name Services (DNS)

A records, 209AAAA records, 209alternative, 209caches, 212configuring, 210–211, 217DHCPv6 servers, 31domain names, 209–210domain zone transfers,

209FQDNs, 208host resolution, 210hosts, 211ports, 208, 213private servers, 212PTR records, 208public clouds, 12TTL value, 209, 319UDP, 6verifying, 211

domain namesDNS, 209–210SSH encryption keys, 266

domain zone transfers, 209double tagging attacks, 251dropping frames, 51DRs. See designated routers

(DRs)DS0 channels, 192DS1 serial connections, 192DSCP (Differentiated

Services Code Point)marking priority, 203

MPLS, 194quality of service,

202–203, 306DSL, 181DSLAMs (DSL access

multipliers), 196DTE and DCE interfaces in

OSI reference model, 3DTP (Dynamic Trunking

Protocol)trunk links, 315turning off, 70VLAN hopping, 253

DUAL (Diffusing UpdateAlgorithm), 131, 157

dual-homed technologyEGPs, 133fault tolerance, 190MLPPP, 193

duplexdisplaying, 56mismatches, 53setting, 54–55switches, 314

duplex auto command, 55Duplicate Address Detection

(DAD), 32duplicate IP addresses, 220Dynamic Multipoint Virtual

Private Network(DMVPN)

hub-and-spoketechnology, 193, 307

NHRP, 189dynamic Network Address

Translation, 229, 233dynamic routers, 129dynamic routes, 113dynamic routing protocols

administrator intervention, 129

Bellman-Ford routingalgorithm, 132

Dijkstra routing algorithm, 131

DUAL, 132EIGRP, 131, 155

IPv6 addresses, 29link-state protocols, 132optimized route selection,

130resiliency, 129RIP, 129routing tables, 112scalability, 128

Dynamic Trunking Protocol(DTP)

trunk links, 315turning off, 70VLAN hopping, 253

dynamic VLANs, 60

EE-LAN services

mesh designs, 192neighbors, 195

E-Line (Ethernet Line) services point-to-point connections, 191

E-Tree serviceshub-and-spoke

technology, 191neighbors, 196

EAP (ExtensibleAuthentication Protocol), 253

EAP-TLS (ExtensibleAuthentication Protocol/Transport LayerSecurity), 253

eBGP. See external BorderGateway Protocol (eBGP)

edge switchesBPDU Guard, 94PortFast mode, 94

EGPs (exterior gatewayprotocols), 132

dual-homed, 133eBGP, 198vs. IGPs, 133

egress ports in path trace analyses – equal-cost routes 443


egress ports in path traceanalyses, 264

802.1d specification, 79802.1Q specification

Class of Service field, 202frame tags, 72, 314open standard, 69trunks, 124

802.1w specificationRapid PVST+

replacement, 83RSTP, 80traffic forwarding, 303

802.1x specificationauthentication, 252EAP, 253supplicants, 252–253switches, 252

802.11ac protocol, 300EIGRP. See Enhanced

Interior Gateway Routing Protocol (EIGRP)

eigrp router-id command, 160email

DMZs, 9SaaS, 11

enable command, 286enable algorithm-type scrypt

secret Password20! command, 268

enable secret Password20!command, 265

enablingBPDU Guard, 93IP routing, 125port security, 241Rapid Per-VLAN

Spanning Tree+, 85SCP, 290SSH, 266–267VLANs, 61

Encapsulating SecurityPayload (ESP) protocol, 196

encapsulationframes, 304

GRE tunnels, 186mismatches, 180–181order, 4ROAS, 127serial connections, 177

encapsulation dot1qcommand, 125, 128

encapsulation dot1q nativecommand, 124

encapsulation isl command, 127

encapsulation ppp command, 177–178

encryptionAAA servers, 271ESP, 196IOS, 290OSI reference model, 2passwords, 268SNMP, 275, 277SSH keys, 266–267

End of Row (EoR) switches,10

Enhanced Interior Gateway Routing Protocol (EIGRP)

adjacencies, 160–162administrative distances,

122advertising, 156, 160, 163autonomous system

numbers, 159–160best routes, 304configuring, 159costs, 155, 157default variance, 160discontiguous IP

addresses, 160DUAL, 131, 157dynamic routing protocol,

155vs. EIGRPv6, 165equal-cost links, 157feasible distance, 158–159Feasible-Successor routes,

161hello messages, 156, 317

hello packets, 158, 161hold intervals, 157hop counts, 156, 158hybrid protocols, 130interior gateway protocol,

133IPv6 addresses, 316load balancing, 161metrics, 131, 155, 161–163MPLS support, 198multicast addresses, 155neighbors, 155, 158protocol-dependent

module, 163reliable multicast,

156–157reported distance, 158RIDs, 160routing decisions, 123scalability, 156successor routes, 158topology tables, 156–159unequal-cost load-

balancing paths, 316updates, 158verifying, 163

Enhanced Interior Gateway Routing Protocol (EIGRP) v6

adjacencies, 165advertising, 164configuring, 164vs. EIGRP, 165hello packets, 164hello timers, 165interfaces, 165metrics, 165neighbors, 164route display, 165router instances, 164variance, 166

environment discovery in path trace analyses, 263

equal-cost routesEIGRP, 157OSPF, 141–142RIPv2, 172

444 erase startup-config command – filters


erase startup-config command, 281

err-disable stateBPDU Guard, 303ports, 308resetting, 245

err-disabled interfaces, 94err-disabled shutdown, 242errdisable recovery cause

psecure_violation command, 245

error counts, resetting, 54error detection and

correction in WAN, 317escalating problem, 18escaping, outside global, 318ESP (Encapsulating Security

Payload) protocol, 196ESSs (extended service sets), 7ESXi server connections, 77EtherChannel

administrator intervention, 126–127

aggregated interfaces, 97configuring, 100cross-stack, 103description, 97load balancing, 100–101maximum interfaces, 98modes, 103no control protocol, 102port aggregation, 98switches, 102trunks, 102–103

Ethernet framesdestination MAC address

field, 301networks, 301

Ethernet Line (E-Line) services point-to-point connections, 191

Ethernet protocolCSMA/CD, 4physical addresses, 53VLAN 1002 traffic, 79

Ethernet virtual circuits (EVCs)committed information

rate, 198Metro Ethernet, 195

EUI-64 method, 33–34IPv6 addresses, 301link-local addresses, 35

EVCs (Ethernet virtual circuits)

committed informationrate, 198

Metro Ethernet, 195events

OSPF, 139syslog, 279

exclamation marks (!) forping command, 113, 173

exclusions for DHCP pools, 217, 220, 222

exec banners, 269exec timeout, verifying, 288exec-timeout command,

267–268exit command, 63, 282expanded IPv6 addresses, 29extended access control lists,

placing, 260extended access lists

description, 260example, 258filters, 255named, 260ranges, 255

extended configuration for VLANs, 63

extended pingdescription, 173IP addresses, 295

extended ranges for VLANs, 58

extended service sets (ESSs), 7extended traceroute, 296extended VLAN IDs, 56extending history buffer, 285Extensible Authentication

Protocol (EAP), 253Extensible Authentication

Protocol/Transport Layer Security (EAP-TLS), 253

Exterior Border GatewayProtocol (eBGP)

message exchange, 199

path selection, 199route advertisements, 199scalability, 199single-homed, 199

exterior gateway protocols (EGPs), 132

dual-homed, 133eBGP, 198vs. IGPs, 133

external Border GatewayProtocol (eBGP)

administrative distance, 200

vs. iBGPs, 198prefix advertisements, 199routing by, 198

F“% Failed to create VLANS”

message, 66–67FastEthernet bandwidth, 98FAT filesystem for flash

memory, 293fault tolerance

dual-homed technology,190

single-homed technology,190

FCS (Frame Check Sequence) functions, 52

feasible distance in EIGRP,158–159

Feasible-Successor routes in EIGRP, 161

FHRP (first hop redundancy protocol)

HSRPv2, 225VRRP, 222

fiber optic standardmulti-mode, 16single-mode, 16

field lengths in IPv6addresses, 30

filtersextended access lists, 255running-config, 287, 289wildcard masks, 255–256

firewalls – hello intervals in OSPF 445


firewallscapabilities, 8DMZs, 8, 248key security boundaries, 8perimeter areas, 248physical access, 9TCP conversation state, 9trusted networks, 249URIs, 9

first hop redundancyprotocol (FHRP)

HSRPv2, 225VRRP, 222

5 GHz for non-overlappingchannels, 7

568B and 568B specification,300

flash memoryFAT filesystem, 293IOS image verification,

281MD5 hashes, 289size, 280, 289

flexibilityPAT, 231user management and

design, 56flooded frames vs. broadcast

frames, 48flooding

frames, 313MAC address attacks, 319switches, 49, 51

flow controlOSI reference model, 5UDP, 300

forward/filter decisions byswitches, 39, 44, 301

forward lookups with FQDNs, 208

forwardingframes, 42VLAN traffic, 62

forwarding tables for masterswitches, 104

FQDNs. See fully qualifieddomain names (FQDNs)

fragment-free mode forswitches, 44

Frame Check Sequence (FCS) functions, 52

frame checksums in OSI reference model, 3

frame forwardingports, 44switches, 39

frame rewrite for packets, 110

framesCDP, 95dropping, 51802.1Q protocol, 314encapsulation, 304flooding, 313forwarding, 42port blocking state, 82State Frame Delimiter

byte, 53tagging, 72type field, 53VLANs, 59, 68

free space in flash memory,289

FTP servers for configuration backups, 320

full mesh topologydescription, 15distribution layer, 14redundancy, 14

FULL state for neighbor tables, 146–147

fully qualified domain names(FQDNs)

description, 208forward lookups, 208IP addresses, 208periods, 210PTR records, 208reverse lookups, 208

GGARP (Gratuitous Address

Resolution Protocol), 220

Gateway Address (GIADDR)field in DHCP, 214

Gateway Load BalancingProtocol (GLBP)

active virtual forwarders,225

active virtual gateways, 224–225

load balancing, 223per-host load balancing,

228ports, 224

gatewaysdefault, 20–21, 24DHCP pools, 217host addresses, 111

Generic Routing Encapsulation (GRE)

ACLs, 197configuring, 187–188MTU, 188packet-in-packet

encapsulation, 186proprietary standard, 186protocol 47, 186route problems, 189traceroute, 188verifying, 188

Gigabit Ethernet, 126–127GLBP. See Gateway Load

Balancing Protocol (GLBP)

global configuration mode, 288

global unicast addresses, 32Gratuitous Address

Resolution Protocol(GARP), 220

GRE. See Generic Routing Encapsulation (GRE)

Group/Local (G/L) bit in MAC addresses, 52–53

Hhardware-based bridging, 48HDLC (High-Level Data

Link Control), 177hello intervals in OSPF,

142–143

446 hello messages in EIGRP – interface serial command


hello messages in EIGRP,156, 317

hello packetsEIGRP, 158, 161EIGRPv6, 164IPv6 addresses, 151OSPF, 143

hello timersEIGRPv6, 165HSRP, 228routers, 144verifying, 152

hierarchical OSPF design, 145High-Level Data Link

Control (HDLC), 177history buffer, extending,

285history size command, 285hold intervals in EIGRP, 157hold timers in HSRP, 224,

228holddown timers

CDP, 95LLDP, 96RIPv2, 171routing loops, 132

hop countsEIGRP, 156, 158RIP, 168

hopstraceroute, 188unresponsive, 294

host IDs in stateful DHCPv6, 218

hostname PGH-4-209 command, 285

hostnamesPPPoE, 183SSH encryption keys, 266verifying, 211

hostsdefault gateway addresses,

111destinations, 110DNS, 210–211IPv6 addresses, 30subnet masks, 19–20, 22virtualization, 10

Hot Standby Router Protocol (HSRP)

active routers, 223, 225,307

default priority, 223group numbers in MAC

addresses, 223groups

maximum number,225

virtual routers, 224hello and hold timers, 228HSRPv1 vs. HSRPv2, 224IDs in MAC addresses,

223ISP outages, 226–227member communication,

224ports, 223preemption, 225–226real-time diagnostics, 228routing, 226timers, 224verifying, 226virtual routers, 318

HTTP for REST APIs, 298hub-and-spoke technology

DMVPN, 193, 307E-Tree services, 191Internet service providers,

192hubs

displaying, 314multiport repeaters, 4PortFast mode, 92switch replacements, 43in switches, 56

hybrid protocols, EIGRP,130

hybrid topology in three-tierdesign model, 14

hypervisors, 10

IIaaS (Infrastructure as a

Service), 10

IANA (Internet Assigned Numbers Authority), 27

iBGP (internal Border Gateway Protocol) vs. eBGPs, 198

ICMP. See Internet ControlMessage Protocol(ICMP)

idle time, changing, 268IDSs (intrusion detection

systems)access control, 9description, 249

IFS (IOS File System),displaying, 290

IGMP (Internet GroupMessaging Protocol), 25

IGPs. See interior gatewayprotocols (IGPs)

images, booting, 290–291Individual/Group (I/G) bit

broadcasts and multicasts,52

MAC addresses, 4Inform SNMP messages,

275–276Infrastructure as a Service

(IaaS), 10ingress ports in path trace

analyses, 264inside local IP addresses,

229–231Inter-Switch Link (ISL), 72inter-VLAN routing (IVR),

123intercloud exchange, 11interface fast command, 63interface gi command, 259interface loopback command,

285interface multilink

command, 178interface range

gigabitethernet command, 320

interface serial commandblocking servers, 261–262EIGRP, 159

interface tracking preempt option – IP addresses 447


OSPFv3 structure, 153PPP authentication, 179

interface tracking preempt option, 319

interface vlan command, 125interfaces

configuring, 57EIGRPv6, 165error counts, 54mismatches, 77–78multiLink PPP, 178notes, 287route destinations, 119shut down, 54speed, 55subnet routing, 126verifying, 61

interior gateway protocols(IGPs)

administrative domains, 133vs. EGPs, 133EIGRP, 133OSPF, 134routers, 133

internal bandwidth usage foremail, 11

internal Border GatewayProtocol (iBGP) vs.eBGPs, 198

internal log space, 297internal network firewalls,

249internal time clock for routers

and switches, 236Internet Assigned Numbers

Authority (IANA), 27Internet Control Message

Protocol (ICMP)description, 112echo probes for IP SLAs,

279–280echo-requests in ping

sweep scans, 250packets

router processing, 113traceroute, 296

ping command, 113traceroute command, 174

Internet Control Message Protocol (ICMP)v6, 31,300

Internet Group Messaging Protocol (IGMP), 25

Internet layer for routing, 3Internet Protocol Control

Protocol (IPCP), 182Internet Protocol Security

(IPSec)AH protocol, 197ESP, 196scalability, 196WAN connections, 306

Internet service providers, hub-and-spoketechnology, 192

intrusion detection systems (IDSs)

access control, 9description, 249

intrusion prevention systems (IPSs)

DDoS attacks, 250description, 249

“Invalid input detected”message, 126

“% Invalid input detected at‘^’ marker” message, 68

invalid IP addresses, 126invalid timers in RIPv2, 169IOS

backups, 293downloading, 282encryption, 290images

bootstrap process, 292TFTP servers for

backups, 292universal, 282verifying, 281

restoring, 292upgrades, 289upgrades for switch

stacks, 105versions

booting, 291verifying, 292

IOS File System (IFS), displaying, 290

ip access-class in command, 267

ip access-group in command, 258

ip access-group named_list incommand, 261

ip access-group out command, 259, 261–262

ip access-list command, 255ip access-list deny command,

261–262ip access-list extended

named_list command, 260

ip access-list permit anycommand, 261–262

ip access-list permit tcp host any eq log command, 263

ip access-list resequencenamed_list command, 260

ip address commandinvalid addresses, 126loopback interfaces, 285MLPPP, 178SVI, 125

ip address dhcp command, 213

IP addressesA records, 209anycast, 25broadcast, 19, 21classes, 19, 313configuring, 117conflicts, 220DHCP, 27, 214–216duplicate, 220EIGRP, 160extended ping, 295FQDNs, 208gateways, 20–21, 24IANA, 27inside local, 229–231invalid, 126IPv6. See IPv6 addresseslease time, 216

448 ip default-gateway command – IPv6 addresses


life cycle, 216load balancing, 101local routes, 110MAC address mapping,

45–46mismatches in dedicated

lines, 191MPLS support, 193multicast, 19, 25–26NAT, 231network IDs, 23–24networks, 301outside global, 229–230packet routing, 117pools in PPPoE, 185PTR records, 208ranges, 20–21RFC 1918, 26RIDs, 139ROAS, 128routing tables, 109spoofing, 250subnet masks, 19–20supernetted, 22SVI, 125–126switch stacks, 104verifying, 117, 214web servers, 27

ip default-gateway command, 115

ip dhcp exclusion-addresscommand, 217

ip dhcp snooping trust command, 252

ip domain-name command,210

ip ftp password USERPASScommand, 320

ip ftp username USER command, 320

IP headers, TTL field in, 306ip helper-address command,

214ip host routerb command,

210ip name-server command,

210

ip nat inside command, 232ip nat inside source list

interface serial overload command, 235

ip nat inside source list pool EntPool overloadcommand, 234

ip nat inside source static command, 232

ip nat pool EntPool netmask command, 232, 234

IP networks for inter-VLAN routing, 123

ip ospf cost command, 141, 147

ip ospf priority command, 148, 150

ip route command, 115–116,118, 122, 137, 187–188

ip route dialer command,182

ip route null0 command, 201ip route serial command,

115, 119, 171IP routing, enabling, 125ip routing command, 124,

305, 317ip scp server enable

command, 290ip sla command, 280ip sla schedule life forever

start-time now command, 280

IP SLAsconfiguring, 279description, 279ICMP echo probes,

279–280schedules, 280sources, 279

ip split-horizon command, 172

ip ssh version command, 266ipconfig /all command, 173,

215IPCP (Internet Protocol

Control Protocol), 182

IPSEC. See Internet ProtocolSecurity (IPSec)

IPSs (intrusion preventionsystems)

DDoS attacks, 250description, 249

ipv6 access-list named_list command, 262

ipv6 address command, 28ipv6 address anycast

command, 33ipv6 address autoconfig

command, 31ipv6 address autoconfig

default command,137–138

ipv6 address dhcp command,218

IPv6 addressesAAAA records, 209access lists, 262anycast, 33bits, 27blocks, 30connectivity, 30default routes, 28designated routers,

150–151DHCP relay agents, 31DHCPv6 servers, 216directly connected routes

in, 135duplicate, 32dynamic routing

protocols, 29EIGRP, 316EIGRPv6, 164EUI-64, 301expanded, 29field lengths, 30hello packets, 151host addresses, 30interfaces, 28internal connections, 182joined multicast groups,

34link-local, 32–33

ipv6 dhcp relay destination command – Link Aggregation Control Protocol (LACP) 449


loopback, 34MAC addresses, 33–34MTU, 152multicast, 33multiple, 30NDP, 31, 263need for, 27network IDs, 33network prefixes, 29one-to-closest, 34one-to-many, 34pinging, 174RIP, 172routers, 29routing tables, 135shortened, 296to4 tunnel, 28SLAAC, 32, 300solicited-node multicast

messages, 313static addressing, 28subnets, 29–30unique-local, 32verifying, 134, 218Version field, 28

ipv6 dhcp relay destinationcommand, 31, 217

ipv6 eigrp command, 164ipv6 hello-interval eigrp

command, 165ipv6 ospf area command,

151–154ipv6 route command, 28,

136–137ipv6 route serial command,

121, 135–136ipv6 router ospf command,

150, 153ipv6 unicast-routing

command, 28, 152, 164“% IPv6 routing not

enabled” message, 152ISL (Inter-Switch Link), 72isolating problems, 18isolation

private WANs, 195segmentation, 48

ISP outages and HSRP, 226–227

IVR (inter-VLAN routing),123

Jjitter, 202joined multicast groups, 34jumbo frame support

devices, 62, 67VLANs, 58

KK metrics

EIGRP, 155, 161–163EIGRPv6, 165

keepalivesdedicated lines, 190serial interfaces, 189

key security boundaries in firewalls, 8

keysactivation, 283SSH encryption, 266–267

Llabels in MPLS, 318LACP. See Link Aggregation

Control Protocol (LACP)LAN Base feature, “Invalid

input detected” message,126

large networks, link-stateprotocols for, 132

latencySVI inter-VLAN routing,

123switches, 39, 48

layer 2port security, 241switches, 48

layer 2.5 protocol for MPLS, 194

layer 3 broadcastsdestination MAC, 24DHCP, 25, 216

layer switches in two-tier design model, 13

LCP (Link Control Protocol)authentication, 177multilink connections,

178process status, 179

leafs in E-Tree services, 196lease command, 217leased lines, clocking, 193leases in DHCP

deleting, 218DHCP rebinding, 218renewal, 219time, 216–217verifying, 222

license install usbflash0command, 309

licensesCisco License Manager,

283installing, 309right-to-use, 283

Lightweight APs (LWAPs)CAPWAP, 7WLCs, 7

line login passwords, 265–266

line numbers for access lists, 259–260

line password encryption,268

line vty command, 265, 267Link Aggregation Control

Protocol (LACP)active mode, 99channel modes, 99maximum interfaces, 98passive negotiating state,

303selecting, 98standard, 98

450 Link Control Protocol (LCP) – MAC addresses


Link Control Protocol (LCP)authentication, 177multilink connections,

178process status, 179

Link Layer DiscoveryProtocol (LLDP)

default advertisementinterval, 96

disabling, 96displaying devices, 96holddown timers, 96neighboring devices, 95

link-local addresses, 33DHCP, 220EUI-64, 35example, 32routing tables, 134–135

Link-State Advertisements(LSAs)

OSPF, 143–144, 306suppressing, 151

link-state protocolsdynamic routing

protocols, 132large networks, 132OSPF, 113, 130routing loops, 131

link status messages in PAgP, 99

linksOSPF, 139speed, 201STP costs, 80

LLC (Logical Link Control),5

LLDP. See Link LayerDiscovery Protocol(LLDP)

lldp run command, 96, 282LLQ (Low Latency Queue),

203load balancing

EIGRP, 161EtherChannel, 101GLBP routers, 223IP addresses, 101

RIPv2, 172verifying, 101

local packets, 110local routes in IP addresses,

110locally governed MAC

addresses, 52–53logged message display

console, 293port security violations, 243

loggingconfiguring, 285console messages, 283internal log space, 297limiting, 284time stamps, 284

logging buffered command,285, 297

logging console command, 284logging host command, 278logging synchronous

command, 283logging trap command, 284logging trap debugging

command, 278–279logical addressing in OSI

reference model, 2Logical Link Control (LLC),

5login banners

changing, 269description, 269SSH connections, 269

login command, 265login local command, 268login times and collisions, 45logins, requiring, 265loopback addresses, 34loopback interfaces

configuring, 285NTP, 284

loopsavoiding, 43PortFast mode, 92routing. See routing loopsSTP, 80

loss, description, 202

lost segments in UDP, 5Low Latency Queue (LLQ),

203low latency switches, 39LSAs (Link-State

Advertisements)OSPF, 143–144, 306suppressing, 151

LWAPs (Lightweight APs)CAPWAP, 7WLCs, 7

Mmac-address-table aging-time

command, 50MAC address tables

displaying, 41, 43forward/filter decisions,

39, 301ports, 49resetting, 46storing, 39

MAC addressesaging times, 43, 50ARP, 42, 109, 128connections, 43destination, 52, 313DHCP bindings table, 219DHCP servers, 307Discover packets, 213displaying, 47flooding attacks, 319forwarding decisions, 44GLBP, 224HSRP ID, 223HSRPv1 group number, 223I/G bits, 4IP address mapping,

45–46IPv6 addresses, 33–34, 313locally governed, 52–53Offer packets, 214port security, 241–242,

244–248ports, 39

man in the middle attacks – Multiprotocol Label Switching (MPLS) 451


request packets, 111STP root bridges, 80switches, 41

man in the middle attacksrouge wireless access

points, 250vectors, 251

management informationbase (MIB)

object IDs, 276SNMP, 275

management IP addresses of neighbors, 282

management planeSDN, 310syslog, 297

mappingIP and MAC addresses,

45–46networks, 282, 287–288

markingsDSCP priority, 203traffic, 205

master switchesforwarding tables, 104priority, 106verifying, 105

matched packets, 263matching statistics for ACLs,

262maximum-paths command,

142, 316MD5 hashes for flash

memory, 289mesh designs for E-LAN

services, 192message exchange in eBGP, 199message of the day (MOTD)

banners, 269metrics

EIGRP, 155, 161–163EIGRPv6, 165RIPv2, 168routing tables, 114

Metro Ethernetcommitted information

rate, 198

connections, 194EVCs, 195neighbors, 195overages, 197quality of service, 198

MIB (managementinformation base)

object IDs, 276SNMP, 275

micro-segmentation, 50Microsoft Azure, 10mismatches

duplex, 53encapsulation, 180–181interface, 77–78IP, 191multilink groups, 180passwords, 181, 185, 265protocols, 71, 190username, 317VLAN, 72–75, 77

MLPPP. See MultiLinkPoint-to-Point Protocol(MLPPP)

mode desirable auto, 73monitor session destination

interface command, 296monitor session source

interface bothcommand, 295

monitor session source vlan command, 295

monitoring solutions, 18more flash:/info command,

290MOTD (message of the day)

banners, 269MP-BGP (Multiprotocol-

Border Gateway Protocol), 196

MPLS. See Multiprotocol Label Switching (MPLS)

MTUGRE tunnels, 188IPv6 addresses, 152jumbo frame support,

62, 67

PPPoE, 181, 185size, 53

mtu command, 58multi-mode fiber optic, 16multicast addresses

description, 25EIGRP, 155examples, 19, 26, 33I/G bit, 52one-to-many, 34RIPv2, 168

multicast groups, joined, 34multicast packets in WAN

connections, 306multicast switches in IGMP,

25multicasts

HSRP, 224reliable, 156–157

multilinkauthentication, 181group mismatches, 180LCP connections, 178

MultiLink Point-to-PointProtocol (MLPPP)

benefits, 178dual-homed technology,

193interfaces, 178point-to-point

connections, 191verifying, 178

multiple IPv6 addresses, 30multiple switches for SPAN

sessions, 296multiport repeaters for hubs,

4Multiprotocol-Border

Gateway Protocol (MP-BGP), 196

Multiprotocol Label Switching (MPLS)

customer edge, 193EIGRP support, 198IP address support, 193layer 2.5 protocol, 194MP-BGP, 196

452 NACK messages for DHCP servers – NIST criteria in cloud computing


neighbors, 197OSPF, 307packet labels, 318PE routers, 197provider edge, 194quality of service, 194, 197for varied access links, 196

NNACK messages for DHCP

servers, 307name office command, 63, 66name resolution. See Domain

Name Services (DNS)named access control lists

applying, 261description, 256

namesrouters, 285subinterfaces, 125VLANs, 60, 66

NAT. See Network AddressTranslation (NAT)

native VLANschanging, 69, 252configuring, 100default, 63, 251mismatches, 75tagged traffic, 74

NBAR2 (Network Based Application Recognition version 2), 202

NBI (northbound interface) in SDN, 298

NCP (Network Control Protocol) encapsulation, 177

NDP (Neighbor Discovery Protocol)

IPv6 addresses, 263packets, 262SLAAC processes, 31

negotiation notifications non-silent option, 101

negotiation protocol portchannels, 99

Neighbor Discovery Protocol(NDP)

IPv6 addresses, 263packets, 262SLAAC processes, 31

neighbor IDs in adjacencies,147

neighbor remote-as command, 200–201

neighbor shutdowncommand, 201

neighbor tablesEIGRP, 156, 158FULL state, 146–147

neighborsBGP, 198, 200CDP, 95E-Tree services, 196EIGRP, 155, 158EIGRPv6, 164LLDP, 95management IP addresses,

282Metro Ethernet, 195MPLS, 197OSPF, 138, 140routers, 154

Netflix service, 202Network Address Translation

(NAT)access lists, 308clearing, 233description, 26displaying, 232, 234dynamic, 229, 233outside global IP address,

318overloading, 229, 231pools, 233private network interface,

232public IP addresses, 231RFC 1918 addresses, 228static, 228, 231–232switching path delays,

228network admin,

disconnecting, 269

network area command, 141,144

Network Based Application Recognition version 2(NBAR2), 202

network command, 160, 168–170, 218

Network Control Protocol (NCP) encapsulation,177

network IDscalculating, 134IP addresses, 23–24, 33stateful DHCPv6, 218

Network layer for logical addressing, 2

network management station (NMS)

configuring, 310SNMP, 275trap messages, 320

network mask command, 200network prefixes for IPv6

addresses, 29Network Time Protocol

(NTP)configuring, 284, 318loopback interfaces, 284public cloud

synchronization, 12routers and switches,

235–236setting up, 237time drift, 237

networksmapping, 282, 287–288routable, 118summary routes, 305

Next Hop Router Protocol (NHRP), 189

next hopsCEF, 317destination addresses, 122running-config, 119

NHRP (Next Hop RouterProtocol), 189

NIST criteria in cloud computing, 11

NMS (network management station) – operational mode 453


NMS (network managementstation)

configuring, 310SNMP, 275trap messages, 320

no command, 260no auto-summary command,

160, 170no cdp enable command, 95, 97no cdp run command, 95no control protocol

command, 102no ip address command, 127no ip domain-lookup

command, 210no ipv6 ospf hello-interval

command, 152no lldp transmit command,

96no metric weights command,

163no monitor session

command, 296no passive-interface

gigabitethernet command, 143

no passive-interface serialcommand, 161

no shutdown command, 61,125, 164, 244

no switchport commandport configuration, 123subnets, 126

no switchport port-security command, 245

no vlan command, 59non-designated port

switches, 86, 88non-overlapping channels

2.4 GHz, 85 GHz, 7

non-silent option innegotiation notifications, 101

non-volatile random-accessmemory (NVRAM)

running-config, 291startup-config, 281, 291

nonces in CHAP, 178normal ranges in VLANs, 59northbound interface (NBI)

in SDN, 298notes

ACLs, 262interfaces, 287

Notifications severity level, 297

nslookup command, 211NTP. See Network Time

Protocol (NTP)ntp master command, 236ntp server command, 236ntp source loopback

command, 284NVRAM (non-volatile

random-access memory)running-config, 291startup-config, 281, 291

Oobject IDs in management

information base, 276Offer messages, 214, 251on mode

EtherChannel, 103link aggregation, 98

one-to-closest addresses, 34one-to-many addresses, 341000Base-T

CAT5e cable, 15distance limits, 16

Open Shortest Path First(OSPF)

adjacencies, 140administrative distances,

122administrative units, 134advertising, 142–144,

150Area 0, 138bandwidth, 141costs, 141default priority, 316

Dijkstra routingalgorithm, 131

event-triggered updates,139

hello interval, 142–143hello packets, 143hierarchical design, 145IGPs, 134large networks, 132link-state protocols, 113,

130links, 139LSA packets, 306metrics, 141, 307neighbor discovery, 138neighborship database,

140packet forwarding, 143routers

area border, 139, 143configuration, 141costs, 147designated, 140, 316IDs, 142–143PE, 197

routesdefault, 149equal-cost, 141–142

scalability, 140Open Shortest Path First

(OSPF) v3adjacencies, 152configuring, 151–153designated routers, 150–

151hello/dead timers, 152hello packets, 151IDs, 150IPv6 routing, 152Link-State

Advertisements, 151MTU, 152vs. OSPFv2, 154process IDs, 152router IDs, 151, 154verifying, 151

operational mode,displaying, 61

454 optimal load balancing – Physical layer for DTE and DCE interfaces


optimal load balancing, 101optimized route selection

in dynamic routing protocols, 130

option ip command, 217organizationally unique

identifiers (OUIs), 52OSI reference model

ARP, 312ASCII to EBCDIC

translation, 5compression and

decompression, 2connection-oriented

communication, 2description, 2dialog control of

applications, 3DTE and DCE interfaces, 3encryption, 2flow control, 5frame checksums, 3layer order, 2logical addressing, 2PDUs, 4SNMP, 3SQL, 300switches, 2

OSPF. See Open ShortestPath First (OSPF)

OUIs (organizationally unique identifiers), 52

outrages, intermittent, 54–55outside global IP address,

229–230, 318overages in Metro Ethernet,

197overhead in RIP, 129overlapping channels in

802.11ac, 300overloading NAT, 229, 231

PPaaS (Platform as a Service),

11, 300

packet forwardingCEF, 110, 316OSPF, 143

packet-in-packet encapsulation, 186

packet shaping in QoS,204–205

packetsACLs, 254analyzing, 295capturing, 294data plane, 298decapsulating, 111destination, 116, 121frame rewrite, 110local, 110matched, 263remote, 109route forcing, 171routes, 173TTL value, 110

PAgP. See Port Aggregation Protocol (PAgP)

partial mesh topologylinks, 312uses, 15

passive-interface default command, 143, 317

passive-interface gicommand, 167

passive-interfacegigabitethernet command, 143

passive-interface serialcommand, 151, 161,164, 169

passive mode inEtherChannel, 102–103

password Password20!command, 265

“Password required, but none set” message, 266

passwordsCHAP, 178encryption, 268mismatches, 181, 185, 265recovering, 292, 309

routers, 265, 268setting, 265switches, 265, 268Telnet, 265, 267

PAT (Port AddressTranslation)

configuring, 234–235description, 231flexibility, 231

path costs in RSTP, 80–81path selection in eBGP, 199Path Trace ACL Analysis

toolAPIC-EM, 263end-to-end analysis, 264Path Trace option, 264

path trace analysesACLs, 263–265blocking traffic, 265egress and ingress ports,

264PDMs (protocol-dependent

modules), 163PDUs (protocol data units), 4PE (provider edge) routers

MPLS, 194, 318neighbors, 197super backbones, 197

per-host load balancing, 228Per-VLAN Spanning Tree+

(PVST+)bridge IDs, 82spanning tree instances,

82perimeter areas for corporate

firewalls, 248periods (.) in FQDNs, 210phones

PoE switches, 96ports, 66VoIP. See VoIP phones

physical access in firewalls, 9physical addresses in

Ethernet protocol, 53physical data centers, 10Physical layer for DTE and

DCE interfaces, 3

PIDs (product IDs) – ppp multilink group command 455


PIDs (product IDs), obtaining, 283

ping commandconnectivity, 172exclamation marks, 113,

173extended, 173, 295first IP address, 294ICMP, 113interface exits, 294IPv6 addresses, 174time outs, 173

ping sweep scans, stopping, 250

ping6 command, 30Platform as a Service (PaaS),

11, 300PoE (Power over an Ethernet)

switches for phones, 96point-to-point connections in

serial interfaces, 119Point-to-Point Protocol (PPP)

authentication, 178–179,181

configuring, 177, 180encapsulation, 177LCP, 177–178NCP, 177protocol compatibility, 177username mismatches,

317WAN, 306, 317

Point-to-Point Protocol overEthernet (PPPoE)

ADSL, 195authentication, 182–183,

186dialer interfaces, 182dialer pools, 184DSL, 181hostnames, 183IP pools, 185IPCP, 182MTU, 181, 185passwords, 185point-to-point technology,

192–193

PTA state, 184sessions display, 182–183

pointer (PTR) records, 208points of presence (PoPs), 195policing

LLQ, 203Metro Ethernet, 197

policy maps, configuring, 318PoPs (points of presence), 195Port Address Translation (PAT)

configuring, 234–235description, 231flexibility, 231

Port Aggregation Protocol(PAgP)

aggregated interfaces, 97bandwidth, 98Cisco standard, 99link status messages, 99port channel

configuration, 100switches, 100–101

port-channel interface, 103port-channel load-balance

dst-ip command, 101port channels

configuring, 100modes, 100negotiation protocol, 99VLAN access, 101

port numbers, binding, 6port security

access mode, 247access violations, 244configuring, 241–242description, 241enabling, 241err-disabled shutdown, 242Layer 2, 241logged security violations,

243MAC addresses, 241–242,

244–248static environments, 242status, 243, 246–248sticky, 243, 245violation mode, 248

PortFast modeaccess ports, 92BPDU Guard with, 93edge switches, 94spanning tree, 315state transitions, 93switching loops, 92verifying, 94

portsaccess. See access portsaggregation, 98designated, 81–82DHCP snooping, 251–252displaying, 42, 126DNS domain zone

transfers, 209eBGP messages, 199errdisable state, 308frame forwarding, 44MAC address flooding

attack, 319MAC address tables, 49MAC addresses, 39micro-segmentation, 50no switchport command,

123path costs, 80–81path trace analyses, 264phones, 66root. See root portsRSTP, 82–84, 302security. See port securitySMTP, 6SPAN, 295STP, 81–82TACACS+, 270UDP. See UDP portsverifying, 59

Power over an Ethernet (PoE)switches for phones, 96

PPP. See Point-to-Point Protocol (PPP)

ppp authentication chap papcommand, 179–180

ppp multilink command, 178ppp multilink group

command, 178


456 PPPoE – redundancy in full mesh topology

PPPoE. See Point-to-Point Protocol over Ethernet(PPPoE)

preambles for sync timing, 52preempt option in interface

tracking, 319preemption in HSRP, 225–226prefix advertisements in

eBGP, 199Presentation layer

ASCII to EBCDICtranslation, 5

compression anddecompression, 2

encryption, 2previously entered

commands, 285priority

bridges, 82–83designated routers, 150DSCP marking, 203GLBP active virtual

gateways, 225HSRP, 223master switches, 106OSPF, 316QoS queues, 203routers, 226VLANs, 85

private clouds, 11private DNS servers, 211–212private IP addresses

classes, 26NAT, 26purpose, 26RFC 1918, 26

private WANs, 195privileged exec mode

default idle time, 268entering, 286

probe counts in ICMPpackets, 296

problems, documenting, 312Process/Application layer in

DoD model, 3process IDs in OSPFv3, 152product IDs (PIDs),

obtaining, 283

protocol data units (PDUs), 4protocol-dependent modules

(PDMs), 163protocol mismatches

dedicated lines, 190trunking, 71

provider edge (PE) routersMPLS, 194, 318neighbors, 197super backbones, 197

pruningVLANs, 73VTP, 78–79

PTA state in PPPoE, 184PTR (pointer) records, 208public clouds

bandwidth, 12examples, 10intercloud exchange, 11synchronization, 12

public IP addresses in NAT,231

PVST+ (Per-VLAN Spanning Tree+)

bridge IDs, 82spanning tree instances, 82

PXE servers, booting from, 217

QQuad-A (AAAA) records,

209quality of service (QoS)

ACLs, 202DSCP, 202–203, 306LLQ, 203marking, 201Metro Ethernet, 198MPLS, 194, 197packet shaping, 204–205policing, 204queue starvation, 203round-robin schedulers,

204tail drop, 204traffic shaping, 203–204trust boundaries, 203, 307

queue starvation, 203

RRA (Router Advertisement)

messages, 31RADIUS authentication

configuring, 271ports, 270

radius-server host keyaaaauth command, 271

RAMdefault routing, 129dynamic routes, 113IOS image, 292MAC address tables, 39

rangesIP addresses, 20–21VLANs, 58–59

rapid elasticity, 312Rapid Per-VLAN Spanning

Tree+enabling, 85spanning tree instances, 83

Rapid Spanning TreeProtocol (RSTP)

alternate ports, 84backup ports, 84discarding port mode, 84discarding port state, 85802.1w specification, 80path costs, 80–81port transitions, 82root bridges, 88–91root ports, 89–90, 302STP compatibility, 83, 88

RARP (Reverse Address Resolution Protocol), 46

rate limiting in DHCPsnooping, 249

read-only SNMP communities, 276

real-time diagnostics in HSRP, 228

rebinding in DHCP, 218–219

recovering passwords, 292, 309

redundancy in full mesh topology, 14

Regional Internet Registry (RIR) – routers 457


Regional Internet Registry (RIR), 32

relay agentsconfiguring, 217DHCP, 214–217

reliability from administrative distances, 121

reliable multicast, 156–157remark command, 262remote packets, 109Remote Switch Port Analyzer

(RSPAN), 296removing

BPDU Guard, 94DHCP conflict table

addresses, 221DNS cache entries, 212

renaming VLANs, 60, 66renew dhcp gi command, 219renewing leases, 219repeaters, 4replacing switch stacks,

104–105replay attacks, 178reported distance in EIGRP,

158Representational State

Transfer (REST) APIs, 298

reprovisioning switches, 56Request messages in DHCP,

219request packets in ARP, 111request process for web

browsers, 5resiliency in dynamic routing

protocols, 129REST (Representational

State Transfer) APIs,298

restoring IOS, 292restricted OIDs in SNMP,

277Reverse Address Resolution

Protocol (RARP), 46reverse lookups in FQDNs,

208

RFC 1918IP addresses, 26IPv6 addresses, 33NAT addresses, 228

RIDs. See router IDs (RIDs)right-to-use licenses, 283RIP. See Routing Information

Protocol (RIP)RIR (Regional Internet

Registry), 32roaming, 7–8ROAS. See router on a stick

(ROAS)rogue wireless access points,

250rolled cable, 16rolling back running-config

archives, 293ROMMON system

booting, 292description, 291

root bridgesCST, 83RSTP, 88–91STP, 80switches, 84–85, 87,

91–92, 315root ports

RSTP, 89–90, 302STP, 81switches, 86–87VLANs, 91

round-robin schedulers, 204routable networks, 118route summarization for

dynamic routers, 129routed VLANs, 62–63Router Advertisement

messages, verifying, 174

router bgp command, 200router eigrp command, 159router-id command, 143,

153, 164router IDs (RIDs)

adjacencies, 147determining, 139EIGRP, 160

OSPF, 142–143OSPFv3, 151, 154

router on a stick (ROAS)ARP, 128bandwidth, 124configuring, 127–128encapsulation, 127examples, 305vs. inter-VLAN routing,

127interface configuration,

124IP addresses, 128multiple interfaces, 123routing, 124scalability, 123subinterface names, 125switch port mode, 125verifying, 127

router ospf command, 141router rip command, 170Router Solicitation (RS)

messages, 31routers

activation keys, 283adjacencies, 142, 144,

146–150, 152, 154–155

areas, 150bandwidth, 126–127broadcast domains, 4centralized authentication,

269clock, 287configuring, 115–116,

219–220, 281costs, 147, 151CPU utilization, 297default configuration

registers, 289default priority, 226disconnecting network

admin from, 269displaying, 227features display, 283hello timers, 144IGPs, 133internal time clock, 236

458 routes and routing – Secure Sockets Layer (SSL)


IP SLAs, 279IPv6 addresses, 29names, 285neighbors, 154passwords, 265, 268setup mode, 286switch connections, 16synchronizing, 235–236updates, 130wildcard masks, 146

routes and routingadministrative distance,

122, 304BGP, 134configuring, 118, 120–

121creating, 115, 120–121criteria, 109description, 112destination, 119determining, 161–162DoD model, 3EIGRP, 123HSRP, 226network administrator

intervention, 109packets, 173ROAS, 124secondary, 118to subinterfaces, 125summarization, 114testing, 112verifying, 201between VLANs, 65, 124,

135–137Routing Information

Protocol (RIP)administrative distance,

121advertising, 305Bellman-Ford routing

algorithm, 132configuring, 168distance-vector protocols,

112, 130hop counts, 168overhead, 129

router updates, 130topologies, 315

Routing Information Protocol (RIP) ng, 172

Routing Information Protocol (RIP) v2

advertising, 168–169, 172Bellman-Ford routing

algorithm, 170configuring, 170convergence wait time,

170default routes, 169discovered routes, 169holddown timers, 171invalid timers, 169load balancing, 172metrics, 168routing loops, 170routing tables, 172split horizons, 172

routing loopsdescription, 113distance-vector protocols,

131holddown timers, 132link-state protocols, 131RIPv2, 170split horizons, 316

routing tablesadministrative distances,

121convergence, 132default routes, 114displaying, 112dynamic routing, 112IP addresses, 109, 117IPv6 routes, 135link-local addresses,

134–135metrics, 114missing entries, 117RIPv2, 172route time in, 115static routes, 114

RS (Router Solicitation)messages, 31

RSPAN (Remote Switch PortAnalyzer), 296

RSTP. See Rapid Spanning Tree Protocol (RSTP)

rules for access lists, 320running-config file

archive process, 291archives, 292–293displaying, 287filters, 287, 289next hops, 119restoring configuration

to, 281VLANs in, 75

SSaaS (Software as a Service),

11SBI (southbound interface) in

SDN, 298scalability

dynamic routing protocols, 128

eBGP, 199EIGRP, 156IPSec, 196OSPF, 140ROAS, 123VPNs, 318

schedules for IP SLAs, 280scope with relay agents, 214SCP (SSH Copy Protocol)

access to, 290enabling, 290encryption, 290

sdm prefer lanbase-routingcommand, 125

SDM (Switching Database Manager), 126

SDN. See software-defined network (SDN)controllers

secondary routes, 118Secure Sockets Layer (SSL),

250

security – show ip ospf interface command 459


securityclient SSL/VPN, 194–195ports. See port securityprivate WANs, 195SNMP, 276static routing, 128VLANs, 58, 60–61WAN connections, 306

segmentation, switchesfor, 48

Sense column in IP SLAsICMP echo probes, 280

sequence andacknowledgmentnumbers in TCP, 6

serial cable terminal specifications, 16

serial connectionsclocking, 193encapsulation, 177wiring problems, 192

serial interfaceskeepalives, 189point-to-point

connections, 119serial numbers for switches,

289Serial0/0 is administratively

down message, 17Server Load Balancing as a

Server (SLBaaS), 12service-level agreements

(SLAs)checking, 279description, 279IP. See IP SLAs

service password-encryption command, 267

service-policy USER-MAPout command, 318

service timestamps log datetime command, 284

Session layerdialog control of

applications, 3SQL, 300

setup mode for routers, 286

severity levelsconsole logging, 284events, 279

sh cdp entry * command, 96shaping traffic

Metro Ethernet, 198quality of service, 203–204

shortened IPv6 addresses, 29show access-list command,

262show archive command,

292–293show cdp interface

command, 97show cdp neighbors detail

command, 96, 282, 288show clock command, 286show clock detail command,

236show controllers serial

command, 192show dhcp lease command,

214show etherchannel

command, 99, 102show etherchannel load-

balance command, 101show file systems command,

280show history command, 285show hosts command, 211show interface command,

141show interface brief

command, 174show interface fastethernet

Switchport command, 69show interface gi switchport

command, 126show interface status

command, 17show interface trunk

command, 127show interface tunnel

command, 188show interfaces fast

switchport command, 18

show interfaces FastEthernetswitchport command, 61

show interfaces Gi command, 93

show interfaces gi trunkcommand, 78

show interfaces statuscommand, 42, 56

show interfaces switchport command, 61, 76

show interfaces trunkcommand, 68, 76

show ip access-list command,259

show ip arp command, 111show ip bgp neighbors

command, 200show ip cef command, 317show ip dhcp bindings

command, 222show ip dhcp conflict

command, 220show ip dhcp pool command,

221show ip dhcp snooping

binding command, 252show ip eigrp neighbors

command, 160show ip eigrp topology

command, 161show ip interface command,

214show ip interface brief

command, 126show ip interface fast

command, 262show ip interfaces brief

command, 117show ip nat statistics

command, 232show ip nat translations

command, 232show ip ospf command, 142show ip ospf database

command, 144show ip ospf interface

command, 143

460 show ip ospf neighbor command – Simple Network Management Protocol (SNMP)


show ip ospf neighborcommand, 142, 148

show ip protocols command,150, 161, 163, 168–169

show ip rip database command, 169, 172

show ip route command,112, 122, 150, 304

show ip route longer-prefixes command, 201

show ip routes static command, 130

show ip sla historycommand, 280

show ipv6 dhcp interfacecommand, 218

show ipv6 eigrp neighborscommand, 165

show ipv6 eigrp topologycommand, 166

show ipv6 interface gicommand, 34

show ipv6 interfaces brief command, 28, 134

show ipv6 neighbors command, 174

show ipv6 ospf command, 152show ipv6 ospf interface

command, 152show ipv6 ospf neighbors

command, 154show ipv6 protocols

command, 165show ipv6 route command,

29, 135show ipv6 route connected

command, 135show ipv6 route eigrp

command, 165show ipv6 route ospf

command, 151show license feature

command, 283show license udi command,

283show lldp neighbor detail

command, 96

show lldp neighbors detail command, 282

show mac address-table command, 17, 41

show mac address-table count command, 43

show mac address-table interfaces fast command, 47

show mls qos interface command, 205

show monitor session all command, 295

show ntp associations detailcommand, 236

show ntp status command,237

show port-securitycommand, 18, 243, 245

show port-security addresscommand, 247

show port-security interface gi command, 243,247–248

show ppp all command, 179show ppp multilink

command, 178show pppoe session

command, 182, 184show pppoe summary

command, 183show processes command, 297show running-config | begin

command, 289show running-config |

include snmp command, 287

show running-configurationcommand, 211, 245

show running gi command, 287

show snmp community command, 277

show snmp group command, 278

show snmp host command, 277

show snmp user command, 278

show spanning-treecommand, 92

show spanning-tree interface fa command, 94

show spanning-tree interface gi command, 91

show spanning-tree summarycommand, 85, 94

show spanning-tree vlan command, 85, 315

show standby command, 226show switch command, 105show switch stack-ports

command, 105show tcp brief command, 201show terminal command, 288show version command, 289,

291–292, 310show vlan command, 18, 59show vlan id command, 60show vtp status command,

68, 78–79shutdown command, 244Simple Mail Transfer

Protocol (SMTP)Process/Application layer,

3protocols and ports, 6

Simple Network Management Protocol(SNMP)

ACLs, 276authentication, 275, 277community names, 320community strings, 276configuring, 276contact information, 276encryption, 275Inform SNMP messages,

275–276management information

base, 275–276network management

stations, 275NMS polling, 275

single-homed technology – SQL (Structured Query Language) 461


OSI reference model, 3ports, 277Process/Application

layer, 3restricted OIDs, 277trap messages, 275–277,

320trap notification, 243verifying, 277–278views, 277–278

single-homed technologyeBGP, 199fault tolerance, 190

single-mode fiber cable,16, 312

6to4 tunnel, 28size

flash storage, 280, 289MTU, 53SPAN destination ports,

295terminal history, 285

SLA responders, 279–280SLAAC. See Stateless

Address Autoconfiguration (SLAAC)

SLAs (service-level agreements)

checking, 279description, 279IP. See IP SLAs

SLBaaS (Server LoadBalancing as a Server), 12

sliding windows in TCP, 6small enterprises, collapsed-

core model for, 14small networks

distance-vector protocols,131

static routing, 130SMARTnet contracts, 282SMTP (Simple Mail Transfer

Protocol)Process/Application layer, 3protocols and ports, 6

SNMP. See Simple Network Management Protocol(SNMP)

snmp-server communitysnmpreadonly read-onlycommand, 276

snmp-server contact command, 276

snmp-server enable traps command, 277

snmp-server host version 2cC0mmun1ty command, 277

snmp-server view INT-VIEW ifIndex include command, 278

SOA (Start of Authority) records, 319

soft resets for BGP neighbors, 200

Software as a Service(SaaS), 11

software-defined network(SDN) controllers

APIC-EM, 298control plane, 297management plane, 310NBI, 298SBI, 298

solicited-node multicastmessages, 313

solutions, monitoring, 18source interface

extended ping, 295SPAN, 295

source MAC addressesEtherChannel, 100learning, 39port security, 241

sources for IP SLAs, 279

southbound interface (SBI) in SDN, 298

SPAN. See Switch PortAnalyzer (SPAN)

spanning-tree bpduguarddisable command, 94

spanning-tree bpduguardenable command, 93

spanning-tree portfast command, 92

spanning-tree portfast defaultcommand, 92, 94

Spanning Tree Protocol (STP)bridge port roles, 81, 83bridge priority, 82–83control plane, 297convergence problems,

81, 92default mode, 84distributed process, 79802.1d specification, 79link costs, 80loops, 80port blocking state, 82port transitions, 81root bridges, 80root ports, 81RSTP compatibility, 83, 88switching loops, 39topology changes, 83unconfigured, 47

spanning-tree vlan prioritycommand, 85, 90–91

spanning treesPortFast mode, 315VLANs, 85

speedCAT5e cable, 17displaying, 56interfaces, 55link costs, 80links, 201setting, 54–55switches, 48–49

speed auto command, 55split horizons

RIPv2, 170, 172routing loops, 316

spoofing IP address, 250SQL (Structured Query

Language)routing protocols, 298Session layer, 300

462 SSH – Switch Port Analyzer (SPAN)


SSHaccess lists, 257authentication, 268configuring, 267default sessions, 293enabling, 266–267encryption keys, 266–267login banners, 269MOTD banners, 269vs. Telnet, 266

SSH Copy Protocol (SCP)access to, 290enabling, 290encryption, 290

SSIDsextended service sets, 7WLCs, 63

SSL (Secure Sockets Layer),250

stacking switches, 103–105StackWise 3750 platform,

104standard access control lists

conditions, 254configuring, 256named, 256placing, 260processing overhead, 254

standard access listsdescription, 257ranges, 254

standby preempt command, 226

standby timers msec mseccommand, 228

standby track serial command, 226–227

star topologyautonomous WAP, 15core layer, 15description, 14–15IOS versions, 288two-tier design model, 15

Start of Authority (SOA) records, 319

startup-config filebackups, 281

extended VLANconfiguration, 63

NVRAM, 281, 291startup configuration static

routes, 118State Frame Delimiter (SFB)

byte, 53state transitions in PortFast

mode, 93stateful DHCPv6

addressing, 34description, 218process, 32

Stateless AddressAutoconfiguration (SLAAC)

configuring, 31DAD, 32DHCPv6 servers, 216ICMPv6, 31, 300IPv6 hosts, 32

stateless DHCPv6 servers, 31static access ports, 62static environments for port

security, 242static hostname entries, 209static IPv6 addresses, 28static Network Address

Translation, 228, 231–232

static routesadministrative distances,

114, 122administrator

intervention, 129bandwidth, 128benefits, 117configuration time, 129default routing, 128displaying, 130network administrator

intervention, 109security, 128small networks, 130startup configuration, 118

static trunks, 78static VLANs, 60

statistics for IP SLAs ICMP echo probes, 280

sticky port security, 243, 245store and forward method in

CRC, 44, 48–49STP. See Spanning Tree

Protocol (STP)straight-through cable, 16,

300stratum in NTP, 318Structured Query Language

(SQL)routing protocols, 298Session layer, 300

subinterfacesconfiguring, 314names, 125routing to, 125

subnet masksCIDR notation, 19, 22default, 19destination networks, 109hosts, 19–20, 22

subnetsIPv6 addresses, 29–30routing, 126

subordinate switches, 105successor routes in EIGRP,

158summary routes, 114, 305super backbone routers, 197supernetted addresses, 22supplicants 802.1x, 252–253SVI inter-VLAN routing

(IVR), 123SVI routing

IP addresses, 125between VLANs, 124

SVI VLAN interfaces, 126Switch Port Analyzer (SPAN)

configured sessions, 295configuring, 295destination port, 295–296multiple switches, 296packet capturing, 294session removal, 296source interface, 295

switch stacks – switchport trunk allowed vlan add command 463


switch stackscables, 105forwarding tables, 104IOS upgrades, 105limits, 103managing, 104master switches, 104–106maximum, 103replacing, 104–105subordinate switches, 105

switchesauthentication, 268auto-negotiation, 55bandwidth, 60benefits, 39BPDU Guard, 93bridge IDs, 80bridge port roles, 81, 83bridge priority, 82–83CDP on, 95centralized authentication,

269collisions, 3, 45connections, 43, 67CRC, 44crossover cable

connections, 16cut-through mode, 47default configuration

registers, 289default VLANs, 56disconnecting network

admin from, 269displaying, 314duplex, 314802.1x, 252EtherChannel, 102features display, 283flooding, 49, 51forward/filter decisions,

39, 44, 301fragment-free mode, 44frame dropping, 51frame forwarding, 39hub replacements, 43hubs in, 56internal time clock, 236

latency, 48layer 2, 48loop avoidance, 43low latency, 39MAC addresses, 41micro-segmentation, 50mode desirable auto, 73non-designated ports, 86,

88OSI reference model, 2PAgP, 100–101passwords, 265, 268Rapid Per-VLAN

Spanning Tree+enabling, 85

reprovisioning, 56rolled cable connections,

16root bridge connections, 87root bridges, 84–85,

91–92, 315root ports, 86–90router connections, 16segmentation, 48serial numbers, 289store and forward

method, 48–49STP default mode, 84switching loops, 39synchronizing, 235time and date, 286topology changes, 83transparent mode, 315trunks and trunking,

64–65, 67–68,70–79, 102–103

VMs, 10VTP configuration for,

68–69VTP mode, 68wire speed, 48–49

switching, core layer, 13Switching Database Manager

(SDM), 126switching loops

PortFast mode, 92STP, 39

switching path delays in NAT, 228

switchport access vlan command, 57, 63, 66, 76

switchport mode accesscommand, 58, 76, 242, 303

switchport mode dynamicauto command, 76

switchport mode dynamicdesirable command, 76

switchport mode trunkcommand, 70–71, 73, 77–78

switchport nonegotiate command, 70, 76–77,303

switchport nonnegotiate command, 242

switchport port-security command, 241–242

switchport port-security aging time command, 248

switchport port-security mac-address command,244

switchport port-security mac-address stickycommand, 244

switchport port-security maximum 2 command,242

switchport port-security violation protect command, 243

switchport port-security violation restrictcommand, 243

switchport port-security violation shutdowncommand, 243

switchport trunk allowed vlan command, 301

switchport trunk allowed vlan add command,70–71, 79

464 switchport trunk allowed vlan all command – topology changes in STP


switchport trunk allowed vlan all command, 70

switchport trunkencapsulation dot1qcommand, 71, 73, 77

switchport trunkencapsulation 802.1qcommand, 67–68

switchport trunk native vlan command, 69

switchport voice vlan command, 57, 66

switchportsaccess, 301, 303access mode, 319access ports, 76, 303designated state, 303native VLANs, 252trunk configuration, 57,

302SYN flags in three-way-

handshake process, 312synchronization

preambles, 52public clouds, 12routers and switches,

235–236VLAN databases, 303

syslog console messages, 310syslog facility logging, debug

level, 320syslog servers

configuring, 278event security levels, 279management plane, 297ports, 278verifying, 278warnings, 284

TT1 leased lines, 189TACACS+ (Terminal Access

Controller Access Control System) protocol

authentication, 309

backups, 271benefits, 270configuring, 270encryption, 271ports, 270Telnet, 270

tagging frames, 72tail drop

congestion avoidance, 205QoS queues, 204

TCPsequence and

acknowledgmentnumbers, 6

SMTP, 6three-way handshakes,

6, 312window size, 6

TCP conversation state forfirewalls, 9

TCP portsDNS domain zone

transfers, 209eBGP messages, 199TACACS+, 270

telephone company central office, 195

TelnetAAA servers, 270access lists, 319authentication, 268connections, 174passwords, 265, 267Process/Application layer, 3vs. SSH, 266terminal emulation, 4

10GBase-CX data centers, 17terminal emulation in Telnet,

4terminal history size

command, 285terminal monitor command,

293terminal no monitor

command, 293terminal specifications for

serial cable, 16

testing routes, 112TFTP in Process/Application

layer, 3TFTP servers

booting, 291IOS image backups, 292IOS upgrades, 289

three-tier design modelaccess layer, 14access layer switches, 13core layer, 15core layer switches, 13description, 13distribution layer, 14distribution layer

switches, 13three-way-handshake process

requirements, 6SYN and ACK flags, 312window size, 6

time drift in NTP, 237time for switches, 286time-period command, 293time periods in archives, 293time stamps, logging, 284time synchronization for

routers and switches,235–236

time to live (TTL) valueARP caches, 111DNS, 209, 319IP headers, 306packets, 110

time zone settings, 284timers

adjacencies, 152CDP, 95EIGRPv6, 165HSRP, 224, 228IP SLAs ICMP echo

probes, 279–280LLDP, 96RIPv2, 169, 171routers, 144routing loops, 132verifying, 152

topology changes in STP, 83

topology databases – usernames 465


topology databaseslink-state protocols, 131STP, 79

topology tablesEIGRP, 156–159routers, 150

traceroute command, 17description, 173extended, 296hops, 188ICMP queries, 174

tracert command, 227traffic flow in StackWise

3750 platform, 104traffic forwarding

troubleshooting, 18VLANs, 62

traffic markings, 205traffic shaping

Metro Ethernet, 198quality of service,

203–204transparent VTP mode, 72,

75, 315Transport layer

connection-oriented communication, 2

flow control, 5PDUs, 4

transport ssh telnetcommand, 266

trap messages in SNMP, 243, 275–277, 320

troubleshootingescalating problem, 18isolating problems, 18monitoring solutions, 18

trunks and trunkingallowing, 70–71BPDU Guard, 93creating, 76DTP links, 315802.1Q protocol, 124EtherChannel, 102–103interface mismatches,

77–78ISL, 72

open standard protocols, 69

protocol mismatches, 71protocol support, 67–68ROAS, 125static trunks, 78switches, 64–65, 67, 302verifying, 68VLAN access, 69–70VLAN identifying

information, 68VLAN mismatches,

72–75, 77VLANs allowed, 78

trust boundaries in quality of service, 203, 307

trusted network firewalls, 249TTL. See time to live (TTL)

valuetunnels, GRE. See Generic

Routing Encapsulation(GRE)

2.4 GHz spectrum non-overlapping channels, 8

two-tier design modellayer switches, 13star topology, 15

2960-XR switches, 125type field

frames, 53purpose, 313

UUDP. See User Datagram

Protocol (UDP)UDP ports, 277

AAA servers, 253DHCP, 214–215DNS, 208GLBP, 224HSRP, 223NMS polling, 275RADIUS, 270SNMP, 277syslog servers, 278

UIDs (unique IDs),obtaining, 283

unequal-cost load-balancing paths in EIGRP, 316

unicastsEIGRP, 156–157global addresses, 32purpose, 25

Uniform Resource Identifiers(URIs) for firewalls, 9

unique IDs (UIDs), obtaining, 283

unique-local addresses,32, 35

universal images, 282“% Unrecognized host or

address or protocol not running” message,211

untrusted mode for DHCP snooping, 249, 251

updatesEIGRP, 158OSPF, 139routers, 130

upgrades, IOS, 289URIs (Uniform Resource

Identifiers) for firewalls, 9

User Datagram Protocol (UDP)

decision factors, 6DHCP, 216DNS, 6flow control, 300lost segments, 5ports. See UDP ports

user management, flexibility in, 56

username password ciscocommand, 179

username passwordPassword20! command, 267

usernamesmismatches, 317switches, 268

466 variance – VLANs


Vvariance

EIGRP, 160EIGRPv6, 166

variance 2 command, 161verify /md5 flash command,

289verifying

ACLs, 262adjacencies, 142BDP connections, 201BGP neighbors, 200clocking, 192configuration registers,

291DNS name resolution, 211EIGRP, 163exec timeout, 288flash storage, 280, 289GRE tunnels, 188hello/dead timers, 152hello packets, 143hostnames, 211HSRP, 226interfaces, 61IOS images, 281IOS versions, 292IP addresses, 117, 214IPv6 addresses, 134, 218leases, 222load balancing, 101master switches, 105multiLink PPP, 178network settings, 173OSPFv3, 151PortFast mode, 94ROAS, 127Router Advertisement

messages, 174router IDs, 142routes, 201SNMP, 277–278syslog servers, 278trunks, 68VLANs, 59VTP mode, 68

version 2 command, 168, 170Version field for IPv6

addresses, 28views in SNMP, 277–278violation mode in port

security, 248virtual interfaces for VLANs,

305virtual machines (VMs)

description, 10switches, 10

virtual network function (VNF) devices

benefits, 12examples, 12routers, 12

Virtual Private Networks(VPNs)

data integrity, 194scalability, 196, 318

Virtual Router Redundancy Protocol (VRRP)

configuring, 226FHRP, 222

virtual routersdescription, 12HSRP, 318HSRP groups, 224

virtual switches, 10vlan command, 58, 61, 63,

66vlan.dat database, 56, 315VLAN hopping attacks, 253,

319VLAN Trunking Protocol

(VTP)configuring for new

switches, 68–69database synchronization,

303database updates, 77functions, 72pruning, 73, 78–79transparent mode, 315versions, 58VLAN conformity, 74VLAN databases, 78

VLANsaccess lists, 301allowed, 78allowed list setting, 70–71bandwidth, 60broadcast domains, 60collision domains, 60conformity, 74creating, 59–60, 63–64database propagation, 72database synchronization,

303databases, 78default, 56default vs. native, 63deleting, 57, 59DHCP snooping, 251dynamic, 60enabling, 61Ethernet traffic, 79extended configuration,

63extended IDs, 56extended ranges, 58frame tags, 314frames, 59ID removal, 57, 301implementing, 64jumbo frame support, 58mismatches, 72–75MTU, 62, 67native. See native VLANsnormal ranges, 59port channel access, 101priority, 85pruning, 73renaming, 60, 66root bridges, 85, 91–92root ports, 91routed, 62–63routing between, 65, 124,

135–137running-config, 75security, 58, 60–61spanning trees, 85static, 60static access ports, 62

VMs (virtual machines) – zones in email servers 467


traffic forwarding, 18, 62trunk access, 69–70unnamed, 64verifying, 59virtual interfaces, 305vlan.dat database, 315VoIP phones, 57, 66VTP versions, 58

VMs (virtual machines)description, 10switches, 10

VMware ESXi serverconnections, 77

VNF (virtual networkfunction) devices

benefits, 12examples, 12routers, 12

VoIP phonesCoS value, 204delay, 203port security, 242provisioning, 61switching traffic to

VLANs, 57VLAN support, 66

VPNs (Virtual Private Networks)

data integrity, 194scalability, 196, 318

vrrp ip command, 226

VRRP (Virtual RouterRedundancy Protocol)

configuring, 226FHRP, 222

VTP. See VLAN TrunkingProtocol (VTP)

vtp domain corpnamecommand, 68–69

VTP modedefault, 68transparent, 66–67, 72, 75verifying, 68

vtp mode client command,68–69

vtp pruning command, 73

Wwait time in STP

convergence, 81WAN connections

DMVPN, 307error detection and

correction, 317multicast packets, 306PPP, 306scalability, 318

WAPs. See wireless access points (WAPs)

warnings in syslog servers, 284

web browser requestprocess, 5

web serversIP addresses, 27scaling in SLBaaS, 12

wildcard masksfilters, 255–256routers, 146

window size in TCP, 6wire speed of switches, 48–49wireless access points (WAPs)

extended service sets, 7man in the middle attacks,

250star topology, 15WLCs, 8

wireless LAN controllers (WLCs)

centralized authentication, 7

roaming, 7–8SSIDs, 63WAPs, 8

Wireshark utility, 295wiring problems for serial

connections, 192

Zzone connections in ASA, 9zones in email servers, 9

index [media.wiley.com] · aws (amazon web services), 1 0 b backu p boot sp orts in rstp, 84 backu...

Documents