index [media.wiley.com] · aws (amazon web services), 1 0 b backu p boot sp orts in rstp, 84 backu...
TRANSCRIPT
bindex--.indd 02/28/2017 Page 435
Index
AA records, 209aaa authentication login
default group tacacs+local command, 270
AAA serverscentralized authentication,
269encryption, 271local users, 270ports, 253Telnet, 270
ABRs (area border routers)description, 145–146OSPF, 139, 143
access control lists (ACLs)configuring, 255–256deny any any rule, 254GRE tunnels, 197interfaces, 255IP spoofing, 250limits, 309master switches, 104matching statistics, 262Neighbor Discovery
packets, 262notes, 262packet comparisons, 254path trace analyses,
263–265quality of service, 202ranges, 253–254routed VLANs, 62–63SNMP, 276standard, 257verifying, 262VLANs, 60–61
access layerswitches, 13three-tier design model, 14
access-list deny command, 256
access-list deny tcp any eq command, 319
access-list deny tcp any host eq command, 257
access-list deny tcp host host eq access-list permit ip any any command, 257
access-list permit command,234–235, 309
access-list permit hostcommand, 256, 267, 309
access-list permit ip any any command, 319
access-list permit tcp host eq any command,258
access listsconfiguring, 258creating and applying,
266–267dynamic NAT, 233extended. See extended
access listsIPv6 addresses, 262IPv6 vs. IPv4, 262line numbers, 259–260NAT, 308placing, 259rules, 320Telnet, 319
access modeport security, 247switchports, 319
access portsdynamic VLANs, 60phones, 66PortFast mode, 92security, 62static, 62
switchports, 76, 303VLAN ID removal, 57, 301
access switches in BPDUGuard, 93
access violations in portsecurity, 244
ACK flags in three-way-handshakes, 312
Acknowledgment messages in DHCP, 215, 251
acknowledgmentsinform messages, 276UDP, 6
ACLs. See access control lists(ACLs)
activation keys for routers, 283
active modeEtherChannel, 103LACP, 99
active routers in HSRP, 223, 225, 307
active virtual forwarders in GLBP, 225
active virtual gateways inGLBP, 224–225
AD. See administrativedistance (AD)
Adaptive Security Appliance(ASA)
VPN tunnels, 194zone connections, 9
Address Resolution Protocol(ARP)
caches, 111–112Data Link layer, 312default gateway addresses,
111MAC addresses, 42, 109request packets, 111ROAS, 128time outs, 173
COPYRIG
HTED M
ATERIAL
bindex--.indd 02/28/2017 Page 436
436 addresses – autonomous systems (ASs) vs. iBGPs
addresses. See IP addresses;IPv6 addresses; MACaddresses
adjacenciesEIGRP, 160–162EIGRPv6, 165hello timers, 152OSPF, 140routers, 142, 144,
146–150, 154–155verifying, 142
administrative distance (AD)directly connected
networks, 122displaying, 150eBGP, 200EIGRP, 122OSPF, 122RIP, 121routes, 122, 304routing tables, 121static routes, 114, 122
administrative domains in IGPs, 133
administrative units in OSPF,134
administrator interventiondynamic routing, 129static routing, 129
ADSL (Asymmetrical Digital Subscriber Line), 195
advertised BPDU Guard, 94advertisements
BGP, 200–201CDP, 97eBGP, 199EIGRP, 156, 160, 163EIGRPv6, 164LLDP device intervals, 96OSPF, 142–144, 150RIP, 305RIPv2, 168–169, 172
aging times for MACaddresses, 43, 50
allowed lists for VLANs, 70–71, 78
alternate ports in RSTP, 84
Amazon Web Services (AWS), 10
ANDing process for hosts, 110
anycast addresses, 33–34anycasts, 25APIC-EM (Application
Policy InfrastructureController EnterpriseModule)
downloading, 263NDP, 263Path Trace ACL Analysis
tool, 263SDN, 298
Application layer, 3application program
interfaces (APIs), 298application-specific
integrated circuits (ASICs), 48
archivesrunning-config, 291–293time periods, 293
Area 0 in OSPF, 138area border routers (ABRs)
description, 145–146OSPF, 139, 143
area IDs for adjacencies, 149areas for routers, 150ARP. See Address Resolution
Protocol (ARP)ASA (Adaptive Security
Appliance)VPN tunnels, 194zone connections, 9
ASCII to EBCDICtranslation, 5
ASICs (application-specificintegrated circuits), 48
ASNs (autonomous system numbers)
BGP, 133EIGRP, 155–156,
159–160, 198ASs (autonomous systems)
vs. iBGPs, 198
asterisks (*) for connectedlines, 268
Asymmetrical DigitalSubscriber Line (ADSL), 195
attributes for eBGP path selection, 199
auth parameter in SNMP, 277authentication
centralized, 269EAP-TLS, 253802.1x, 252–253LCP, 177PPP, 178–179, 181PPPoE, 182–183, 186RADIUS, 270–271SNMP, 275, 277SSH, 268TACACS+, 309Telnet, 268WLCs, 7
Authentication Header (AH) protocol in IPSec, 197
authenticators in 802.1x, 252auto-cost reference-bandwidth
command, 151auto-disconnect, disabling, 267auto mode
negotiation notifications, 101
port channels, 100auto-negotiation in switches,
55auto qos trust cos command,
204auto-summarization in
EIGRP, 163automatic trunking
configuration for VLANhopping attacks, 319
autonomous system numbers (ASNs)
BGP, 133EIGRP, 155–156,
159–160, 198autonomous systems (ASs)
vs. iBGPs, 198
bindex--.indd 02/28/2017 Page 437
autonomous WAPs in star topology – Carrier Sense Multiple Access 437
autonomous WAPs in star topology, 15
AWS (Amazon Web Services), 10
Bbackup ports in RSTP, 84backups
configuration, 320IOS, 293startup-config, 281TACACS+ servers, 271
“Bad mask /24 for address”message, 126
bandwidthbest routes, 304EIGRP, 155FastEthernet and PAgP, 98links, 201OSPF, 141ROAS, 124routers, 126–127setting, 149static routing, 128switches, 60VNF devices, 12
bandwidth command, 149,159
banner login ^CCNA Routing and Switching^ command, 269
bannersexec, 269login, 269MOTD, 269
Bellman-Ford routing algorithm
dynamic routing protocols, 132
RIPv2, 170best path algorithm in eBGP
path selection, 199best routes in EIGRP, 304BGP. See Border Gateway
Protocol (BGP)binding port numbers, 6
Bittorrent service, 202blocked ports
description, 82DNS, 213
blocking traffic in path traceanalyses, 265
boot system command, 291boot system flash command,
290bootfile command, 217booting
images, 290–291IOS image decompression,
292IOS versions, 291PXE servers, 217TFTP servers, 291
bootup configuration for lost power, 281
Border Gateway Protocol (BGP)advertising, 200–201autonomous system
numbers, 133configuring, 200disabling, 201exterior gateway routing
protocols, 132neighbors, 198, 200process starting, 200routes, 134verifying, 201
BPDU Guardadvertised, 94edge switches, 94enabling, 93err-disable state, 303with PortFast, 93removing, 94switches, 93trunks, 93
break key sequence, 288bridge protocol data units
(BPDUs)alternate ports, 84backup ports, 84monitoring, 80topology changes, 83
bridgesIDs, 80, 82port roles, 81, 83priority, 82–83STP, 80–81, 83
broadcast domainsdetermining, 40, 46routers, 4VLANs, 60
broadcast networks, 140broadcast storms, 51–52broadcasts
broadcast frames vs. flooded frames, 48
DHCP, 25I/G bit, 52IP addresses, 19, 21purpose, 25request packets, 111
Ccables
crossover, 300disconnected, 541000Base-T, 15single-mode fiber, 312speed, 17switch stacks, 105types, 16
cachesARP, 111–112DNS, 212
capturing packets, 294CAPWAP (Control and
Provisioning of WirelessAccess Points), 7
Carrier Sense Multiple Access/Collision Avoidance (CSMA/CA), 8
Carrier Sense Multiple Access/Collision Detection (CSMA/CD), 4
438 CAT5e cable – “Command rejected” message
bindex--.indd 02/28/2017 Page 438
CAT5e cable1000Base-T, 15speed, 17
catalogs in cloud computing, 11
CBWFQ (Class-Based Weighted Fair Queuing),204
CDP. See Cisco DiscoveryProtocol (CDP)
“%CDP-4-NATIVE_VLAN_MISMATCH:”message, 69
CE (customer edge) routersMPLS, 193neighbors, 197
CEF (Cisco ExpressForwarding)
description, 316next hop information, 317packet forwarding, 110
central office (CO), 195centralized authentication
AAA servers, 269Lightweight WAPs, 7WLCs, 7
Challenge Handshake Authentication Protocol (CHAP), 178
channel-group mode active command, 103
channel-group mode desirable command, 100–102
channel-group mode oncommand, 100
channel-group mode passive command, 303
channelsDS1 serial connections, 192LACP modes, 99non-overlapping, 8port. See port channels
CHAP (Challenge HandshakeAuthentication Protocol),178
checksums in OSI reference model, 3
CIDR notation for subnetmasks, 19, 22
CIR (committed information rate)
Metro Ethernet, 198QoS policing, 204
Cisco Discovery Protocol(CDP)
advertising, 97details display, 97frame rate, 95holddown timers, 95neighboring devices, 95network mapping, 282,
287–288turning off, 95VLAN mismatches, 77VoIP phones, 61
Cisco Express Forwarding (CEF)
description, 316next hop information, 317packet forwarding, 110
Cisco License Manager, 283Class-Based Weighted Fair
Queuing (CBWFQ), 204Class of Service field for
802.1Q frames, 202classes for IP addresses, 19,
26, 313classless routing in RIP, 168clear arp cache command,
112clear counters interface fast
command, 54clear host command, 212clear ip bgp soft in
command, 200clear ip dhcp conflict
command, 221clear ip nat translation *
command, 233clear ip ospf command, 143clear ip ospf process
command, 316clear ipv6 ospf process
command, 153clear line vty 2 command, 269
clear mac-address-table dynamic command, 46
clear port-security dynamicinterface gi command, 248
clear text for passwords, 268
clearingNAT translations, 233routers, 281
client SSL/VPN security, 194–195
clock-rate command, 193clock set command, 287clock summer-time EDT
recurring command,284
clock timezone pst command, 284
clockingleased lines, 193serial connections, 193verifying, 192
clocksrouters, 236, 287switches, 236
cloud computingcatalogs, 11IaaS, 10NIST criteria, 11PaaS, 11public, 10SaaS, 11
CO (central office), 195collapsed-core model
description, 13small enterprises, 14star topology, 15
collision domainsdescription, 44determining, 40–41, 46switches, 3VLANs, 60
collisionslogin times, 45switches, 45
“Command rejected” message, 71
“Command rejected: FastEthernet0/1 is a dynamic port” message – crossover cable 439
bindex--.indd 02/28/2017 Page 439
“Command rejected:FastEthernet0/1 is adynamic port” message, 242
command strings, navigating, 286
commandsbreaks, 288previously entered, 285
committed information rate (CIR)
Metro Ethernet, 198QoS policing, 204
Common Spanning Tree (CST), 83
community strings in SNMP,276, 320
compression anddecompression in OSIreference model, 2
conditions in ACLs, 254config-register command,
290configuration backups, 320configuration mode,
escaping, 286configuration registers
changing, 290default, 289password recovery, 292router reloads, 310verifying, 291
configure replace flashcommand, 293
configure terminal command, 288
configured sessions in SPAN,295
configuringaccess lists, 258ACLs, 255–256BGP, 200daylight savings time,
284DHCP, 213DHCP pools, 218DNS, 210–211, 217EIGRP, 159
EIGRPv6, 164EtherChannel, 100GRE tunnels, 187–188interfaces, 57IP addresses, 117IP SLAs, 279logging, 285loopback interfaces, 285NMS, 310NTP, 284, 318OSPFv3, 151–153PAT, 234–235policy maps, 318port channels, 100port security, 241–242PPP, 177, 180RADIUS, 271relay agents, 217RIP, 168RIPv2, 170ROAS, 127–128routers, 115–116,
219–220, 281routes, 118, 120–121SNMP, 276SPAN, 295SSH, 267static routes, 129subinterfaces, 314syslog servers, 278TACACS+, 270VRRP, 226
conflicts in IP addresses, 220congestion
causes, 5tail drop, 205
connected lines, displaying,268
connection-oriented communication in OSIreference model, 2
connectivitychecking, 172IPv6 addresses, 30
console logginglimiting, 283severity levels, 284syslog messages, 310
contact information inSNMP, 276
contention methods in CSMA/CA, 8
Control and Provisioning of Wireless Access Points (CAPWAP), 7
control planerouting protocols, 298STP, 297
convergenceRIPv2, 170routing tables, 132spanning-tree, 92STP, 81
copy flash tftp command, 292copy running-config startup-
config command, 281copy startup-config tftp:
command, 281copy tftp flash command,
289copy tftp: running-config
command, 281core layer
switches, 13three-tier design model, 15
corporate firewallsDMZs, 248perimeter areas, 248
CoS valuedefault, 205VoIP phones, 204
costsEIGRP, 155, 157OSPF, 141routers, 147, 151RSTP, 80–81STP, 80
CPU utilization in routers,297
CRC in store and forward method, 44, 48–49
cross-stack EtherChannel,103
crossover cable568 specification, 300switch connections, 16
440 crypto key generate rsa command – designated state for switchports
bindex--.indd 02/28/2017 Page 440
crypto key generate rsa command, 267
CSMA/CA (Carrier Sense Multiple Access/Collision Avoidance), 8
CSMA/CD (Carrier SenseMultiple Access/Collision Detection), 4
CST (Common SpanningTree), 83
Ctrl+A keys, 286Ctrl+E keys, 286Ctrl+Shift+6 keys, 288customer edge (CE) routers
MPLS, 193neighbors, 197
cut-through mode forswitches, 47
DDAD (Duplicate Address
Detection), 32data centers, 17data integrity
AH protocol, 197VPN, 194
Data Link layerARP, 312frame checksums, 3LLC, 5switches, 2
data plane for packets, 298databases
NAT, 228neighborship, 140topology, 79, 131VLANs, 72, 78, 303, 315VTP, 77
dates for switches, 286daylight savings time, 284DDoS (distributed denial of
service) attacksdescription, 249IPSs, 250
dead timers, verifying, 152
debug ip dhcp server packetcommand, 216
debug ip nat command, 234debug ip packet command,
294debug ip rip command, 169debug level for syslog facility
logging, 320debug ntp packets command,
236debug ppp authentication
command, 179debug standby command,
228decapsulating packets, 111decrypt-password command,
309dedicated lines
E-Line services, 191IP mismatches, 191keepalives, 190pinging, 190T1 leased lines, 189
default administrativedistance, 114
default advertisementinterval, 96
default configuration registers, 289
default CoS value, 205default gateways, 20–21
DHCP pools, 217host addresses, 111IP addresses, 24
default idle time, 268default-information originate
command, 149, 169default load balancing in
EtherChannel, 100default mode in STP, 84default native VLANs, 251,
314default priority
HSRP, 223OSPF, 316routers, 226
default-router command, 217
default routescreating, 121destination, 114eBGP advertisements, 199IPv6 addresses, 28OSPF, 149RAM, 129routing tables, 114static routing, 128
default subnet masks, 19default timers for echo
probes, 279–280default variance for EIGRP,
160“Default VLAN 1 may not
have its name changed”message, 67
default VLANsvs. native, 63switch configuration, 56
default VTP mode, 68delays
description, 202EIGRP, 155switching path, 228VoIP traffic, 203
deletingleases, 218–219VLANs, 57, 59
demilitarized zones (DMZs)email servers, 9firewalls, 8, 248servers, 9
deny any any rule, 254description Connection to
Switch1 command, 287design flexibility, 56designated ports, 81–82designated routers (DRs)
determining, 145displaying, 148IPv6 addresses, 150–151OSPF, 140, 316priority, 150selecting, 148
designated state for switchports, 303
desirable mode – DMVPN (Dynamic Multipoint Virtual Private Network) 441
bindex--.indd 02/28/2017 Page 441
desirable modenegotiation notifications,
101port channels, 100switches, 102
destinationpackets, 116, 121routes, 119
destination IP addressesin routing decisions, 109–110
destination MAC addresses,52, 313
Ethernet frames, 301layer 3 broadcasts, 24local packets, 110remote packets, 109
destination networks in subnet masks, 109
destination next hopsaddresses, 122
destination ports in SPAN,295–296
DevNet site, 263DHCP
Acknowledgmentmessages, 215
configuring, 213Discover packets, 213GIADDR field, 214IP addresses, 27, 214–216
conflicts, 220duplicate, 220
ipconfig /all command, 215Layer 3 broadcasts, 25, 216leases
deleting, 218time, 216–217verifying, 222
link-local addresses, 220Offer packets, 214PAT, 235ports, 214–215rebinding, 218–219relay agents, 214–217Request messages, 219UDP, 216
DHCP binding tablesMAC addresses, 219message tracking, 248
DHCP conflict tables, removing addresses from, 221
DHCP poolsconfiguring, 218default gateways, 217displaying, 221exclusions, 217, 220, 222incorrect, 221
DHCP serversMAC addresses, 307NACK messages, 307
DHCP snoopingattack mitigation, 249binding tables, 248database viewing, 252Offer and
Acknowledgmentmessages, 251
ports, 251–252rate limiting, 249untrusted mode, 249, 251VLANs, 251
DHCPv6, stateful, 32, 34,218
DHCPv6 serversIPv6 verification, 218relay agents, 31, 217SLAAC, 216stateless, 31
dialer interfaces in PPPoE,182
dialer pools in PPPoE, 184dialog control of applications
in OSI reference model, 3
Differentiated Services Code Point (DSCP)
marking priority, 203MPLS, 194quality of service,
202–203, 306Diffusing Update Algorithm
(DUAL), 131, 157
Dijkstra routing algorithm, 131dir flash: command, 281, 289directly connected routes
administrative distances, 122
IPv6 routes, 135disabling
auto-disconnect, 267BGP peers, 201LLDP, 96
discarding port mode inRSTP, 84–85
disconnected cables, 54disconnecting network
admin, 269discontiguous IP addresses in
EIGRP, 160discontinuous network
support, 170Discover packets in DHCP,
213distance limits 1000Base-T, 16distance-vector protocols
re-advertising routes learned, 131
RIP, 112, 130routing loops, 131–132routing table convergence,
132small networks, 131
distributed denial of service (DDoS) attacks
description, 249IPSs, 250
distributed processes in STP, 79
distribution layerswitches, 13three-tier design model, 14
distribution switches inphysical data center, 10
DMVPN (DynamicMultipoint VirtualPrivate Network)
hub-and-spoke technology, 193, 307
NHRP, 189
442 DMZs (demilitarized zones) – EGPs (exterior gateway protocols)
bindex--.indd 02/28/2017 Page 442
DMZs (demilitarized zones)email servers, 9firewalls, 8, 248servers, 9
DNS. See Domain Name Services (DNS)
dns-server command, 217do show running-config
command, 287documenting problems, 312DoD model
Process/Applicationlayer, 3
routing, 3Domain Name Services (DNS)
A records, 209AAAA records, 209alternative, 209caches, 212configuring, 210–211, 217DHCPv6 servers, 31domain names, 209–210domain zone transfers,
209FQDNs, 208host resolution, 210hosts, 211ports, 208, 213private servers, 212PTR records, 208public clouds, 12TTL value, 209, 319UDP, 6verifying, 211
domain namesDNS, 209–210SSH encryption keys, 266
domain zone transfers, 209double tagging attacks, 251dropping frames, 51DRs. See designated routers
(DRs)DS0 channels, 192DS1 serial connections, 192DSCP (Differentiated
Services Code Point)marking priority, 203
MPLS, 194quality of service,
202–203, 306DSL, 181DSLAMs (DSL access
multipliers), 196DTE and DCE interfaces in
OSI reference model, 3DTP (Dynamic Trunking
Protocol)trunk links, 315turning off, 70VLAN hopping, 253
DUAL (Diffusing UpdateAlgorithm), 131, 157
dual-homed technologyEGPs, 133fault tolerance, 190MLPPP, 193
duplexdisplaying, 56mismatches, 53setting, 54–55switches, 314
duplex auto command, 55Duplicate Address Detection
(DAD), 32duplicate IP addresses, 220Dynamic Multipoint Virtual
Private Network(DMVPN)
hub-and-spoketechnology, 193, 307
NHRP, 189dynamic Network Address
Translation, 229, 233dynamic routers, 129dynamic routes, 113dynamic routing protocols
administrator intervention, 129
Bellman-Ford routingalgorithm, 132
Dijkstra routing algorithm, 131
DUAL, 132EIGRP, 131, 155
IPv6 addresses, 29link-state protocols, 132optimized route selection,
130resiliency, 129RIP, 129routing tables, 112scalability, 128
Dynamic Trunking Protocol(DTP)
trunk links, 315turning off, 70VLAN hopping, 253
dynamic VLANs, 60
EE-LAN services
mesh designs, 192neighbors, 195
E-Line (Ethernet Line) services point-to-point connections, 191
E-Tree serviceshub-and-spoke
technology, 191neighbors, 196
EAP (ExtensibleAuthentication Protocol), 253
EAP-TLS (ExtensibleAuthentication Protocol/Transport LayerSecurity), 253
eBGP. See external BorderGateway Protocol (eBGP)
edge switchesBPDU Guard, 94PortFast mode, 94
EGPs (exterior gatewayprotocols), 132
dual-homed, 133eBGP, 198vs. IGPs, 133
egress ports in path trace analyses – equal-cost routes 443
bindex--.indd 02/28/2017 Page 443
egress ports in path traceanalyses, 264
802.1d specification, 79802.1Q specification
Class of Service field, 202frame tags, 72, 314open standard, 69trunks, 124
802.1w specificationRapid PVST+
replacement, 83RSTP, 80traffic forwarding, 303
802.1x specificationauthentication, 252EAP, 253supplicants, 252–253switches, 252
802.11ac protocol, 300EIGRP. See Enhanced
Interior Gateway Routing Protocol (EIGRP)
eigrp router-id command, 160email
DMZs, 9SaaS, 11
enable command, 286enable algorithm-type scrypt
secret Password20! command, 268
enable secret Password20!command, 265
enablingBPDU Guard, 93IP routing, 125port security, 241Rapid Per-VLAN
Spanning Tree+, 85SCP, 290SSH, 266–267VLANs, 61
Encapsulating SecurityPayload (ESP) protocol, 196
encapsulationframes, 304
GRE tunnels, 186mismatches, 180–181order, 4ROAS, 127serial connections, 177
encapsulation dot1qcommand, 125, 128
encapsulation dot1q nativecommand, 124
encapsulation isl command, 127
encapsulation ppp command, 177–178
encryptionAAA servers, 271ESP, 196IOS, 290OSI reference model, 2passwords, 268SNMP, 275, 277SSH keys, 266–267
End of Row (EoR) switches,10
Enhanced Interior Gateway Routing Protocol (EIGRP)
adjacencies, 160–162administrative distances,
122advertising, 156, 160, 163autonomous system
numbers, 159–160best routes, 304configuring, 159costs, 155, 157default variance, 160discontiguous IP
addresses, 160DUAL, 131, 157dynamic routing protocol,
155vs. EIGRPv6, 165equal-cost links, 157feasible distance, 158–159Feasible-Successor routes,
161hello messages, 156, 317
hello packets, 158, 161hold intervals, 157hop counts, 156, 158hybrid protocols, 130interior gateway protocol,
133IPv6 addresses, 316load balancing, 161metrics, 131, 155, 161–163MPLS support, 198multicast addresses, 155neighbors, 155, 158protocol-dependent
module, 163reliable multicast,
156–157reported distance, 158RIDs, 160routing decisions, 123scalability, 156successor routes, 158topology tables, 156–159unequal-cost load-
balancing paths, 316updates, 158verifying, 163
Enhanced Interior Gateway Routing Protocol (EIGRP) v6
adjacencies, 165advertising, 164configuring, 164vs. EIGRP, 165hello packets, 164hello timers, 165interfaces, 165metrics, 165neighbors, 164route display, 165router instances, 164variance, 166
environment discovery in path trace analyses, 263
equal-cost routesEIGRP, 157OSPF, 141–142RIPv2, 172
444 erase startup-config command – filters
bindex--.indd 02/28/2017 Page 444
erase startup-config command, 281
err-disable stateBPDU Guard, 303ports, 308resetting, 245
err-disabled interfaces, 94err-disabled shutdown, 242errdisable recovery cause
psecure_violation command, 245
error counts, resetting, 54error detection and
correction in WAN, 317escalating problem, 18escaping, outside global, 318ESP (Encapsulating Security
Payload) protocol, 196ESSs (extended service sets), 7ESXi server connections, 77EtherChannel
administrator intervention, 126–127
aggregated interfaces, 97configuring, 100cross-stack, 103description, 97load balancing, 100–101maximum interfaces, 98modes, 103no control protocol, 102port aggregation, 98switches, 102trunks, 102–103
Ethernet framesdestination MAC address
field, 301networks, 301
Ethernet Line (E-Line) services point-to-point connections, 191
Ethernet protocolCSMA/CD, 4physical addresses, 53VLAN 1002 traffic, 79
Ethernet virtual circuits (EVCs)committed information
rate, 198Metro Ethernet, 195
EUI-64 method, 33–34IPv6 addresses, 301link-local addresses, 35
EVCs (Ethernet virtual circuits)
committed informationrate, 198
Metro Ethernet, 195events
OSPF, 139syslog, 279
exclamation marks (!) forping command, 113, 173
exclusions for DHCP pools, 217, 220, 222
exec banners, 269exec timeout, verifying, 288exec-timeout command,
267–268exit command, 63, 282expanded IPv6 addresses, 29extended access control lists,
placing, 260extended access lists
description, 260example, 258filters, 255named, 260ranges, 255
extended configuration for VLANs, 63
extended pingdescription, 173IP addresses, 295
extended ranges for VLANs, 58
extended service sets (ESSs), 7extended traceroute, 296extended VLAN IDs, 56extending history buffer, 285Extensible Authentication
Protocol (EAP), 253Extensible Authentication
Protocol/Transport Layer Security (EAP-TLS), 253
Exterior Border GatewayProtocol (eBGP)
message exchange, 199
path selection, 199route advertisements, 199scalability, 199single-homed, 199
exterior gateway protocols (EGPs), 132
dual-homed, 133eBGP, 198vs. IGPs, 133
external Border GatewayProtocol (eBGP)
administrative distance, 200
vs. iBGPs, 198prefix advertisements, 199routing by, 198
F“% Failed to create VLANS”
message, 66–67FastEthernet bandwidth, 98FAT filesystem for flash
memory, 293fault tolerance
dual-homed technology,190
single-homed technology,190
FCS (Frame Check Sequence) functions, 52
feasible distance in EIGRP,158–159
Feasible-Successor routes in EIGRP, 161
FHRP (first hop redundancy protocol)
HSRPv2, 225VRRP, 222
fiber optic standardmulti-mode, 16single-mode, 16
field lengths in IPv6addresses, 30
filtersextended access lists, 255running-config, 287, 289wildcard masks, 255–256
firewalls – hello intervals in OSPF 445
bindex--.indd 02/28/2017 Page 445
firewallscapabilities, 8DMZs, 8, 248key security boundaries, 8perimeter areas, 248physical access, 9TCP conversation state, 9trusted networks, 249URIs, 9
first hop redundancyprotocol (FHRP)
HSRPv2, 225VRRP, 222
5 GHz for non-overlappingchannels, 7
568B and 568B specification,300
flash memoryFAT filesystem, 293IOS image verification,
281MD5 hashes, 289size, 280, 289
flexibilityPAT, 231user management and
design, 56flooded frames vs. broadcast
frames, 48flooding
frames, 313MAC address attacks, 319switches, 49, 51
flow controlOSI reference model, 5UDP, 300
forward/filter decisions byswitches, 39, 44, 301
forward lookups with FQDNs, 208
forwardingframes, 42VLAN traffic, 62
forwarding tables for masterswitches, 104
FQDNs. See fully qualifieddomain names (FQDNs)
fragment-free mode forswitches, 44
Frame Check Sequence (FCS) functions, 52
frame checksums in OSI reference model, 3
frame forwardingports, 44switches, 39
frame rewrite for packets, 110
framesCDP, 95dropping, 51802.1Q protocol, 314encapsulation, 304flooding, 313forwarding, 42port blocking state, 82State Frame Delimiter
byte, 53tagging, 72type field, 53VLANs, 59, 68
free space in flash memory,289
FTP servers for configuration backups, 320
full mesh topologydescription, 15distribution layer, 14redundancy, 14
FULL state for neighbor tables, 146–147
fully qualified domain names(FQDNs)
description, 208forward lookups, 208IP addresses, 208periods, 210PTR records, 208reverse lookups, 208
GGARP (Gratuitous Address
Resolution Protocol), 220
Gateway Address (GIADDR)field in DHCP, 214
Gateway Load BalancingProtocol (GLBP)
active virtual forwarders,225
active virtual gateways, 224–225
load balancing, 223per-host load balancing,
228ports, 224
gatewaysdefault, 20–21, 24DHCP pools, 217host addresses, 111
Generic Routing Encapsulation (GRE)
ACLs, 197configuring, 187–188MTU, 188packet-in-packet
encapsulation, 186proprietary standard, 186protocol 47, 186route problems, 189traceroute, 188verifying, 188
Gigabit Ethernet, 126–127GLBP. See Gateway Load
Balancing Protocol (GLBP)
global configuration mode, 288
global unicast addresses, 32Gratuitous Address
Resolution Protocol(GARP), 220
GRE. See Generic Routing Encapsulation (GRE)
Group/Local (G/L) bit in MAC addresses, 52–53
Hhardware-based bridging, 48HDLC (High-Level Data
Link Control), 177hello intervals in OSPF,
142–143
446 hello messages in EIGRP – interface serial command
bindex--.indd 02/28/2017 Page 446
hello messages in EIGRP,156, 317
hello packetsEIGRP, 158, 161EIGRPv6, 164IPv6 addresses, 151OSPF, 143
hello timersEIGRPv6, 165HSRP, 228routers, 144verifying, 152
hierarchical OSPF design, 145High-Level Data Link
Control (HDLC), 177history buffer, extending,
285history size command, 285hold intervals in EIGRP, 157hold timers in HSRP, 224,
228holddown timers
CDP, 95LLDP, 96RIPv2, 171routing loops, 132
hop countsEIGRP, 156, 158RIP, 168
hopstraceroute, 188unresponsive, 294
host IDs in stateful DHCPv6, 218
hostname PGH-4-209 command, 285
hostnamesPPPoE, 183SSH encryption keys, 266verifying, 211
hostsdefault gateway addresses,
111destinations, 110DNS, 210–211IPv6 addresses, 30subnet masks, 19–20, 22virtualization, 10
Hot Standby Router Protocol (HSRP)
active routers, 223, 225,307
default priority, 223group numbers in MAC
addresses, 223groups
maximum number,225
virtual routers, 224hello and hold timers, 228HSRPv1 vs. HSRPv2, 224IDs in MAC addresses,
223ISP outages, 226–227member communication,
224ports, 223preemption, 225–226real-time diagnostics, 228routing, 226timers, 224verifying, 226virtual routers, 318
HTTP for REST APIs, 298hub-and-spoke technology
DMVPN, 193, 307E-Tree services, 191Internet service providers,
192hubs
displaying, 314multiport repeaters, 4PortFast mode, 92switch replacements, 43in switches, 56
hybrid protocols, EIGRP,130
hybrid topology in three-tierdesign model, 14
hypervisors, 10
IIaaS (Infrastructure as a
Service), 10
IANA (Internet Assigned Numbers Authority), 27
iBGP (internal Border Gateway Protocol) vs. eBGPs, 198
ICMP. See Internet ControlMessage Protocol(ICMP)
idle time, changing, 268IDSs (intrusion detection
systems)access control, 9description, 249
IFS (IOS File System),displaying, 290
IGMP (Internet GroupMessaging Protocol), 25
IGPs. See interior gatewayprotocols (IGPs)
images, booting, 290–291Individual/Group (I/G) bit
broadcasts and multicasts,52
MAC addresses, 4Inform SNMP messages,
275–276Infrastructure as a Service
(IaaS), 10ingress ports in path trace
analyses, 264inside local IP addresses,
229–231Inter-Switch Link (ISL), 72inter-VLAN routing (IVR),
123intercloud exchange, 11interface fast command, 63interface gi command, 259interface loopback command,
285interface multilink
command, 178interface range
gigabitethernet command, 320
interface serial commandblocking servers, 261–262EIGRP, 159
interface tracking preempt option – IP addresses 447
bindex--.indd 02/28/2017 Page 447
OSPFv3 structure, 153PPP authentication, 179
interface tracking preempt option, 319
interface vlan command, 125interfaces
configuring, 57EIGRPv6, 165error counts, 54mismatches, 77–78multiLink PPP, 178notes, 287route destinations, 119shut down, 54speed, 55subnet routing, 126verifying, 61
interior gateway protocols(IGPs)
administrative domains, 133vs. EGPs, 133EIGRP, 133OSPF, 134routers, 133
internal bandwidth usage foremail, 11
internal Border GatewayProtocol (iBGP) vs.eBGPs, 198
internal log space, 297internal network firewalls,
249internal time clock for routers
and switches, 236Internet Assigned Numbers
Authority (IANA), 27Internet Control Message
Protocol (ICMP)description, 112echo probes for IP SLAs,
279–280echo-requests in ping
sweep scans, 250packets
router processing, 113traceroute, 296
ping command, 113traceroute command, 174
Internet Control Message Protocol (ICMP)v6, 31,300
Internet Group Messaging Protocol (IGMP), 25
Internet layer for routing, 3Internet Protocol Control
Protocol (IPCP), 182Internet Protocol Security
(IPSec)AH protocol, 197ESP, 196scalability, 196WAN connections, 306
Internet service providers, hub-and-spoketechnology, 192
intrusion detection systems (IDSs)
access control, 9description, 249
intrusion prevention systems (IPSs)
DDoS attacks, 250description, 249
“Invalid input detected”message, 126
“% Invalid input detected at‘^’ marker” message, 68
invalid IP addresses, 126invalid timers in RIPv2, 169IOS
backups, 293downloading, 282encryption, 290images
bootstrap process, 292TFTP servers for
backups, 292universal, 282verifying, 281
restoring, 292upgrades, 289upgrades for switch
stacks, 105versions
booting, 291verifying, 292
IOS File System (IFS), displaying, 290
ip access-class in command, 267
ip access-group in command, 258
ip access-group named_list incommand, 261
ip access-group out command, 259, 261–262
ip access-list command, 255ip access-list deny command,
261–262ip access-list extended
named_list command, 260
ip access-list permit anycommand, 261–262
ip access-list permit tcp host any eq log command, 263
ip access-list resequencenamed_list command, 260
ip address commandinvalid addresses, 126loopback interfaces, 285MLPPP, 178SVI, 125
ip address dhcp command, 213
IP addressesA records, 209anycast, 25broadcast, 19, 21classes, 19, 313configuring, 117conflicts, 220DHCP, 27, 214–216duplicate, 220EIGRP, 160extended ping, 295FQDNs, 208gateways, 20–21, 24IANA, 27inside local, 229–231invalid, 126IPv6. See IPv6 addresseslease time, 216
448 ip default-gateway command – IPv6 addresses
bindex--.indd 02/28/2017 Page 448
life cycle, 216load balancing, 101local routes, 110MAC address mapping,
45–46mismatches in dedicated
lines, 191MPLS support, 193multicast, 19, 25–26NAT, 231network IDs, 23–24networks, 301outside global, 229–230packet routing, 117pools in PPPoE, 185PTR records, 208ranges, 20–21RFC 1918, 26RIDs, 139ROAS, 128routing tables, 109spoofing, 250subnet masks, 19–20supernetted, 22SVI, 125–126switch stacks, 104verifying, 117, 214web servers, 27
ip default-gateway command, 115
ip dhcp exclusion-addresscommand, 217
ip dhcp snooping trust command, 252
ip domain-name command,210
ip ftp password USERPASScommand, 320
ip ftp username USER command, 320
IP headers, TTL field in, 306ip helper-address command,
214ip host routerb command,
210ip name-server command,
210
ip nat inside command, 232ip nat inside source list
interface serial overload command, 235
ip nat inside source list pool EntPool overloadcommand, 234
ip nat inside source static command, 232
ip nat pool EntPool netmask command, 232, 234
IP networks for inter-VLAN routing, 123
ip ospf cost command, 141, 147
ip ospf priority command, 148, 150
ip route command, 115–116,118, 122, 137, 187–188
ip route dialer command,182
ip route null0 command, 201ip route serial command,
115, 119, 171IP routing, enabling, 125ip routing command, 124,
305, 317ip scp server enable
command, 290ip sla command, 280ip sla schedule life forever
start-time now command, 280
IP SLAsconfiguring, 279description, 279ICMP echo probes,
279–280schedules, 280sources, 279
ip split-horizon command, 172
ip ssh version command, 266ipconfig /all command, 173,
215IPCP (Internet Protocol
Control Protocol), 182
IPSEC. See Internet ProtocolSecurity (IPSec)
IPSs (intrusion preventionsystems)
DDoS attacks, 250description, 249
ipv6 access-list named_list command, 262
ipv6 address command, 28ipv6 address anycast
command, 33ipv6 address autoconfig
command, 31ipv6 address autoconfig
default command,137–138
ipv6 address dhcp command,218
IPv6 addressesAAAA records, 209access lists, 262anycast, 33bits, 27blocks, 30connectivity, 30default routes, 28designated routers,
150–151DHCP relay agents, 31DHCPv6 servers, 216directly connected routes
in, 135duplicate, 32dynamic routing
protocols, 29EIGRP, 316EIGRPv6, 164EUI-64, 301expanded, 29field lengths, 30hello packets, 151host addresses, 30interfaces, 28internal connections, 182joined multicast groups,
34link-local, 32–33
ipv6 dhcp relay destination command – Link Aggregation Control Protocol (LACP) 449
bindex--.indd 02/28/2017 Page 449
loopback, 34MAC addresses, 33–34MTU, 152multicast, 33multiple, 30NDP, 31, 263need for, 27network IDs, 33network prefixes, 29one-to-closest, 34one-to-many, 34pinging, 174RIP, 172routers, 29routing tables, 135shortened, 296to4 tunnel, 28SLAAC, 32, 300solicited-node multicast
messages, 313static addressing, 28subnets, 29–30unique-local, 32verifying, 134, 218Version field, 28
ipv6 dhcp relay destinationcommand, 31, 217
ipv6 eigrp command, 164ipv6 hello-interval eigrp
command, 165ipv6 ospf area command,
151–154ipv6 route command, 28,
136–137ipv6 route serial command,
121, 135–136ipv6 router ospf command,
150, 153ipv6 unicast-routing
command, 28, 152, 164“% IPv6 routing not
enabled” message, 152ISL (Inter-Switch Link), 72isolating problems, 18isolation
private WANs, 195segmentation, 48
ISP outages and HSRP, 226–227
IVR (inter-VLAN routing),123
Jjitter, 202joined multicast groups, 34jumbo frame support
devices, 62, 67VLANs, 58
KK metrics
EIGRP, 155, 161–163EIGRPv6, 165
keepalivesdedicated lines, 190serial interfaces, 189
key security boundaries in firewalls, 8
keysactivation, 283SSH encryption, 266–267
Llabels in MPLS, 318LACP. See Link Aggregation
Control Protocol (LACP)LAN Base feature, “Invalid
input detected” message,126
large networks, link-stateprotocols for, 132
latencySVI inter-VLAN routing,
123switches, 39, 48
layer 2port security, 241switches, 48
layer 2.5 protocol for MPLS, 194
layer 3 broadcastsdestination MAC, 24DHCP, 25, 216
layer switches in two-tier design model, 13
LCP (Link Control Protocol)authentication, 177multilink connections,
178process status, 179
leafs in E-Tree services, 196lease command, 217leased lines, clocking, 193leases in DHCP
deleting, 218DHCP rebinding, 218renewal, 219time, 216–217verifying, 222
license install usbflash0command, 309
licensesCisco License Manager,
283installing, 309right-to-use, 283
Lightweight APs (LWAPs)CAPWAP, 7WLCs, 7
line login passwords, 265–266
line numbers for access lists, 259–260
line password encryption,268
line vty command, 265, 267Link Aggregation Control
Protocol (LACP)active mode, 99channel modes, 99maximum interfaces, 98passive negotiating state,
303selecting, 98standard, 98
450 Link Control Protocol (LCP) – MAC addresses
bindex--.indd 02/28/2017 Page 450
Link Control Protocol (LCP)authentication, 177multilink connections,
178process status, 179
Link Layer DiscoveryProtocol (LLDP)
default advertisementinterval, 96
disabling, 96displaying devices, 96holddown timers, 96neighboring devices, 95
link-local addresses, 33DHCP, 220EUI-64, 35example, 32routing tables, 134–135
Link-State Advertisements(LSAs)
OSPF, 143–144, 306suppressing, 151
link-state protocolsdynamic routing
protocols, 132large networks, 132OSPF, 113, 130routing loops, 131
link status messages in PAgP, 99
linksOSPF, 139speed, 201STP costs, 80
LLC (Logical Link Control),5
LLDP. See Link LayerDiscovery Protocol(LLDP)
lldp run command, 96, 282LLQ (Low Latency Queue),
203load balancing
EIGRP, 161EtherChannel, 101GLBP routers, 223IP addresses, 101
RIPv2, 172verifying, 101
local packets, 110local routes in IP addresses,
110locally governed MAC
addresses, 52–53logged message display
console, 293port security violations, 243
loggingconfiguring, 285console messages, 283internal log space, 297limiting, 284time stamps, 284
logging buffered command,285, 297
logging console command, 284logging host command, 278logging synchronous
command, 283logging trap command, 284logging trap debugging
command, 278–279logical addressing in OSI
reference model, 2Logical Link Control (LLC),
5login banners
changing, 269description, 269SSH connections, 269
login command, 265login local command, 268login times and collisions, 45logins, requiring, 265loopback addresses, 34loopback interfaces
configuring, 285NTP, 284
loopsavoiding, 43PortFast mode, 92routing. See routing loopsSTP, 80
loss, description, 202
lost segments in UDP, 5Low Latency Queue (LLQ),
203low latency switches, 39LSAs (Link-State
Advertisements)OSPF, 143–144, 306suppressing, 151
LWAPs (Lightweight APs)CAPWAP, 7WLCs, 7
Mmac-address-table aging-time
command, 50MAC address tables
displaying, 41, 43forward/filter decisions,
39, 301ports, 49resetting, 46storing, 39
MAC addressesaging times, 43, 50ARP, 42, 109, 128connections, 43destination, 52, 313DHCP bindings table, 219DHCP servers, 307Discover packets, 213displaying, 47flooding attacks, 319forwarding decisions, 44GLBP, 224HSRP ID, 223HSRPv1 group number, 223I/G bits, 4IP address mapping,
45–46IPv6 addresses, 33–34, 313locally governed, 52–53Offer packets, 214port security, 241–242,
244–248ports, 39
man in the middle attacks – Multiprotocol Label Switching (MPLS) 451
bindex--.indd 02/28/2017 Page 451
request packets, 111STP root bridges, 80switches, 41
man in the middle attacksrouge wireless access
points, 250vectors, 251
management informationbase (MIB)
object IDs, 276SNMP, 275
management IP addresses of neighbors, 282
management planeSDN, 310syslog, 297
mappingIP and MAC addresses,
45–46networks, 282, 287–288
markingsDSCP priority, 203traffic, 205
master switchesforwarding tables, 104priority, 106verifying, 105
matched packets, 263matching statistics for ACLs,
262maximum-paths command,
142, 316MD5 hashes for flash
memory, 289mesh designs for E-LAN
services, 192message exchange in eBGP, 199message of the day (MOTD)
banners, 269metrics
EIGRP, 155, 161–163EIGRPv6, 165RIPv2, 168routing tables, 114
Metro Ethernetcommitted information
rate, 198
connections, 194EVCs, 195neighbors, 195overages, 197quality of service, 198
MIB (managementinformation base)
object IDs, 276SNMP, 275
micro-segmentation, 50Microsoft Azure, 10mismatches
duplex, 53encapsulation, 180–181interface, 77–78IP, 191multilink groups, 180passwords, 181, 185, 265protocols, 71, 190username, 317VLAN, 72–75, 77
MLPPP. See MultiLinkPoint-to-Point Protocol(MLPPP)
mode desirable auto, 73monitor session destination
interface command, 296monitor session source
interface bothcommand, 295
monitor session source vlan command, 295
monitoring solutions, 18more flash:/info command,
290MOTD (message of the day)
banners, 269MP-BGP (Multiprotocol-
Border Gateway Protocol), 196
MPLS. See Multiprotocol Label Switching (MPLS)
MTUGRE tunnels, 188IPv6 addresses, 152jumbo frame support,
62, 67
PPPoE, 181, 185size, 53
mtu command, 58multi-mode fiber optic, 16multicast addresses
description, 25EIGRP, 155examples, 19, 26, 33I/G bit, 52one-to-many, 34RIPv2, 168
multicast groups, joined, 34multicast packets in WAN
connections, 306multicast switches in IGMP,
25multicasts
HSRP, 224reliable, 156–157
multilinkauthentication, 181group mismatches, 180LCP connections, 178
MultiLink Point-to-PointProtocol (MLPPP)
benefits, 178dual-homed technology,
193interfaces, 178point-to-point
connections, 191verifying, 178
multiple IPv6 addresses, 30multiple switches for SPAN
sessions, 296multiport repeaters for hubs,
4Multiprotocol-Border
Gateway Protocol (MP-BGP), 196
Multiprotocol Label Switching (MPLS)
customer edge, 193EIGRP support, 198IP address support, 193layer 2.5 protocol, 194MP-BGP, 196
452 NACK messages for DHCP servers – NIST criteria in cloud computing
bindex--.indd 02/28/2017 Page 452
neighbors, 197OSPF, 307packet labels, 318PE routers, 197provider edge, 194quality of service, 194, 197for varied access links, 196
NNACK messages for DHCP
servers, 307name office command, 63, 66name resolution. See Domain
Name Services (DNS)named access control lists
applying, 261description, 256
namesrouters, 285subinterfaces, 125VLANs, 60, 66
NAT. See Network AddressTranslation (NAT)
native VLANschanging, 69, 252configuring, 100default, 63, 251mismatches, 75tagged traffic, 74
NBAR2 (Network Based Application Recognition version 2), 202
NBI (northbound interface) in SDN, 298
NCP (Network Control Protocol) encapsulation, 177
NDP (Neighbor Discovery Protocol)
IPv6 addresses, 263packets, 262SLAAC processes, 31
negotiation notifications non-silent option, 101
negotiation protocol portchannels, 99
Neighbor Discovery Protocol(NDP)
IPv6 addresses, 263packets, 262SLAAC processes, 31
neighbor IDs in adjacencies,147
neighbor remote-as command, 200–201
neighbor shutdowncommand, 201
neighbor tablesEIGRP, 156, 158FULL state, 146–147
neighborsBGP, 198, 200CDP, 95E-Tree services, 196EIGRP, 155, 158EIGRPv6, 164LLDP, 95management IP addresses,
282Metro Ethernet, 195MPLS, 197OSPF, 138, 140routers, 154
Netflix service, 202Network Address Translation
(NAT)access lists, 308clearing, 233description, 26displaying, 232, 234dynamic, 229, 233outside global IP address,
318overloading, 229, 231pools, 233private network interface,
232public IP addresses, 231RFC 1918 addresses, 228static, 228, 231–232switching path delays,
228network admin,
disconnecting, 269
network area command, 141,144
Network Based Application Recognition version 2(NBAR2), 202
network command, 160, 168–170, 218
Network Control Protocol (NCP) encapsulation,177
network IDscalculating, 134IP addresses, 23–24, 33stateful DHCPv6, 218
Network layer for logical addressing, 2
network management station (NMS)
configuring, 310SNMP, 275trap messages, 320
network mask command, 200network prefixes for IPv6
addresses, 29Network Time Protocol
(NTP)configuring, 284, 318loopback interfaces, 284public cloud
synchronization, 12routers and switches,
235–236setting up, 237time drift, 237
networksmapping, 282, 287–288routable, 118summary routes, 305
Next Hop Router Protocol (NHRP), 189
next hopsCEF, 317destination addresses, 122running-config, 119
NHRP (Next Hop RouterProtocol), 189
NIST criteria in cloud computing, 11
NMS (network management station) – operational mode 453
bindex--.indd 02/28/2017 Page 453
NMS (network managementstation)
configuring, 310SNMP, 275trap messages, 320
no command, 260no auto-summary command,
160, 170no cdp enable command, 95, 97no cdp run command, 95no control protocol
command, 102no ip address command, 127no ip domain-lookup
command, 210no ipv6 ospf hello-interval
command, 152no lldp transmit command,
96no metric weights command,
163no monitor session
command, 296no passive-interface
gigabitethernet command, 143
no passive-interface serialcommand, 161
no shutdown command, 61,125, 164, 244
no switchport commandport configuration, 123subnets, 126
no switchport port-security command, 245
no vlan command, 59non-designated port
switches, 86, 88non-overlapping channels
2.4 GHz, 85 GHz, 7
non-silent option innegotiation notifications, 101
non-volatile random-accessmemory (NVRAM)
running-config, 291startup-config, 281, 291
nonces in CHAP, 178normal ranges in VLANs, 59northbound interface (NBI)
in SDN, 298notes
ACLs, 262interfaces, 287
Notifications severity level, 297
nslookup command, 211NTP. See Network Time
Protocol (NTP)ntp master command, 236ntp server command, 236ntp source loopback
command, 284NVRAM (non-volatile
random-access memory)running-config, 291startup-config, 281, 291
Oobject IDs in management
information base, 276Offer messages, 214, 251on mode
EtherChannel, 103link aggregation, 98
one-to-closest addresses, 34one-to-many addresses, 341000Base-T
CAT5e cable, 15distance limits, 16
Open Shortest Path First(OSPF)
adjacencies, 140administrative distances,
122administrative units, 134advertising, 142–144,
150Area 0, 138bandwidth, 141costs, 141default priority, 316
Dijkstra routingalgorithm, 131
event-triggered updates,139
hello interval, 142–143hello packets, 143hierarchical design, 145IGPs, 134large networks, 132link-state protocols, 113,
130links, 139LSA packets, 306metrics, 141, 307neighbor discovery, 138neighborship database,
140packet forwarding, 143routers
area border, 139, 143configuration, 141costs, 147designated, 140, 316IDs, 142–143PE, 197
routesdefault, 149equal-cost, 141–142
scalability, 140Open Shortest Path First
(OSPF) v3adjacencies, 152configuring, 151–153designated routers, 150–
151hello/dead timers, 152hello packets, 151IDs, 150IPv6 routing, 152Link-State
Advertisements, 151MTU, 152vs. OSPFv2, 154process IDs, 152router IDs, 151, 154verifying, 151
operational mode,displaying, 61
454 optimal load balancing – Physical layer for DTE and DCE interfaces
bindex--.indd 02/28/2017 Page 454
optimal load balancing, 101optimized route selection
in dynamic routing protocols, 130
option ip command, 217organizationally unique
identifiers (OUIs), 52OSI reference model
ARP, 312ASCII to EBCDIC
translation, 5compression and
decompression, 2connection-oriented
communication, 2description, 2dialog control of
applications, 3DTE and DCE interfaces, 3encryption, 2flow control, 5frame checksums, 3layer order, 2logical addressing, 2PDUs, 4SNMP, 3SQL, 300switches, 2
OSPF. See Open ShortestPath First (OSPF)
OUIs (organizationally unique identifiers), 52
outrages, intermittent, 54–55outside global IP address,
229–230, 318overages in Metro Ethernet,
197overhead in RIP, 129overlapping channels in
802.11ac, 300overloading NAT, 229, 231
PPaaS (Platform as a Service),
11, 300
packet forwardingCEF, 110, 316OSPF, 143
packet-in-packet encapsulation, 186
packet shaping in QoS,204–205
packetsACLs, 254analyzing, 295capturing, 294data plane, 298decapsulating, 111destination, 116, 121frame rewrite, 110local, 110matched, 263remote, 109route forcing, 171routes, 173TTL value, 110
PAgP. See Port Aggregation Protocol (PAgP)
partial mesh topologylinks, 312uses, 15
passive-interface default command, 143, 317
passive-interface gicommand, 167
passive-interfacegigabitethernet command, 143
passive-interface serialcommand, 151, 161,164, 169
passive mode inEtherChannel, 102–103
password Password20!command, 265
“Password required, but none set” message, 266
passwordsCHAP, 178encryption, 268mismatches, 181, 185, 265recovering, 292, 309
routers, 265, 268setting, 265switches, 265, 268Telnet, 265, 267
PAT (Port AddressTranslation)
configuring, 234–235description, 231flexibility, 231
path costs in RSTP, 80–81path selection in eBGP, 199Path Trace ACL Analysis
toolAPIC-EM, 263end-to-end analysis, 264Path Trace option, 264
path trace analysesACLs, 263–265blocking traffic, 265egress and ingress ports,
264PDMs (protocol-dependent
modules), 163PDUs (protocol data units), 4PE (provider edge) routers
MPLS, 194, 318neighbors, 197super backbones, 197
per-host load balancing, 228Per-VLAN Spanning Tree+
(PVST+)bridge IDs, 82spanning tree instances,
82perimeter areas for corporate
firewalls, 248periods (.) in FQDNs, 210phones
PoE switches, 96ports, 66VoIP. See VoIP phones
physical access in firewalls, 9physical addresses in
Ethernet protocol, 53physical data centers, 10Physical layer for DTE and
DCE interfaces, 3
PIDs (product IDs) – ppp multilink group command 455
bindex--.indd 02/28/2017 Page 455
PIDs (product IDs), obtaining, 283
ping commandconnectivity, 172exclamation marks, 113,
173extended, 173, 295first IP address, 294ICMP, 113interface exits, 294IPv6 addresses, 174time outs, 173
ping sweep scans, stopping, 250
ping6 command, 30Platform as a Service (PaaS),
11, 300PoE (Power over an Ethernet)
switches for phones, 96point-to-point connections in
serial interfaces, 119Point-to-Point Protocol (PPP)
authentication, 178–179,181
configuring, 177, 180encapsulation, 177LCP, 177–178NCP, 177protocol compatibility, 177username mismatches,
317WAN, 306, 317
Point-to-Point Protocol overEthernet (PPPoE)
ADSL, 195authentication, 182–183,
186dialer interfaces, 182dialer pools, 184DSL, 181hostnames, 183IP pools, 185IPCP, 182MTU, 181, 185passwords, 185point-to-point technology,
192–193
PTA state, 184sessions display, 182–183
pointer (PTR) records, 208points of presence (PoPs), 195policing
LLQ, 203Metro Ethernet, 197
policy maps, configuring, 318PoPs (points of presence), 195Port Address Translation (PAT)
configuring, 234–235description, 231flexibility, 231
Port Aggregation Protocol(PAgP)
aggregated interfaces, 97bandwidth, 98Cisco standard, 99link status messages, 99port channel
configuration, 100switches, 100–101
port-channel interface, 103port-channel load-balance
dst-ip command, 101port channels
configuring, 100modes, 100negotiation protocol, 99VLAN access, 101
port numbers, binding, 6port security
access mode, 247access violations, 244configuring, 241–242description, 241enabling, 241err-disabled shutdown, 242Layer 2, 241logged security violations,
243MAC addresses, 241–242,
244–248static environments, 242status, 243, 246–248sticky, 243, 245violation mode, 248
PortFast modeaccess ports, 92BPDU Guard with, 93edge switches, 94spanning tree, 315state transitions, 93switching loops, 92verifying, 94
portsaccess. See access portsaggregation, 98designated, 81–82DHCP snooping, 251–252displaying, 42, 126DNS domain zone
transfers, 209eBGP messages, 199errdisable state, 308frame forwarding, 44MAC address flooding
attack, 319MAC address tables, 49MAC addresses, 39micro-segmentation, 50no switchport command,
123path costs, 80–81path trace analyses, 264phones, 66root. See root portsRSTP, 82–84, 302security. See port securitySMTP, 6SPAN, 295STP, 81–82TACACS+, 270UDP. See UDP portsverifying, 59
Power over an Ethernet (PoE)switches for phones, 96
PPP. See Point-to-Point Protocol (PPP)
ppp authentication chap papcommand, 179–180
ppp multilink command, 178ppp multilink group
command, 178
bindex--.indd 02/28/2017 Page 456
456 PPPoE – redundancy in full mesh topology
PPPoE. See Point-to-Point Protocol over Ethernet(PPPoE)
preambles for sync timing, 52preempt option in interface
tracking, 319preemption in HSRP, 225–226prefix advertisements in
eBGP, 199Presentation layer
ASCII to EBCDICtranslation, 5
compression anddecompression, 2
encryption, 2previously entered
commands, 285priority
bridges, 82–83designated routers, 150DSCP marking, 203GLBP active virtual
gateways, 225HSRP, 223master switches, 106OSPF, 316QoS queues, 203routers, 226VLANs, 85
private clouds, 11private DNS servers, 211–212private IP addresses
classes, 26NAT, 26purpose, 26RFC 1918, 26
private WANs, 195privileged exec mode
default idle time, 268entering, 286
probe counts in ICMPpackets, 296
problems, documenting, 312Process/Application layer in
DoD model, 3process IDs in OSPFv3, 152product IDs (PIDs),
obtaining, 283
protocol data units (PDUs), 4protocol-dependent modules
(PDMs), 163protocol mismatches
dedicated lines, 190trunking, 71
provider edge (PE) routersMPLS, 194, 318neighbors, 197super backbones, 197
pruningVLANs, 73VTP, 78–79
PTA state in PPPoE, 184PTR (pointer) records, 208public clouds
bandwidth, 12examples, 10intercloud exchange, 11synchronization, 12
public IP addresses in NAT,231
PVST+ (Per-VLAN Spanning Tree+)
bridge IDs, 82spanning tree instances, 82
PXE servers, booting from, 217
QQuad-A (AAAA) records,
209quality of service (QoS)
ACLs, 202DSCP, 202–203, 306LLQ, 203marking, 201Metro Ethernet, 198MPLS, 194, 197packet shaping, 204–205policing, 204queue starvation, 203round-robin schedulers,
204tail drop, 204traffic shaping, 203–204trust boundaries, 203, 307
queue starvation, 203
RRA (Router Advertisement)
messages, 31RADIUS authentication
configuring, 271ports, 270
radius-server host keyaaaauth command, 271
RAMdefault routing, 129dynamic routes, 113IOS image, 292MAC address tables, 39
rangesIP addresses, 20–21VLANs, 58–59
rapid elasticity, 312Rapid Per-VLAN Spanning
Tree+enabling, 85spanning tree instances, 83
Rapid Spanning TreeProtocol (RSTP)
alternate ports, 84backup ports, 84discarding port mode, 84discarding port state, 85802.1w specification, 80path costs, 80–81port transitions, 82root bridges, 88–91root ports, 89–90, 302STP compatibility, 83, 88
RARP (Reverse Address Resolution Protocol), 46
rate limiting in DHCPsnooping, 249
read-only SNMP communities, 276
real-time diagnostics in HSRP, 228
rebinding in DHCP, 218–219
recovering passwords, 292, 309
redundancy in full mesh topology, 14
Regional Internet Registry (RIR) – routers 457
bindex--.indd 02/28/2017 Page 457
Regional Internet Registry (RIR), 32
relay agentsconfiguring, 217DHCP, 214–217
reliability from administrative distances, 121
reliable multicast, 156–157remark command, 262remote packets, 109Remote Switch Port Analyzer
(RSPAN), 296removing
BPDU Guard, 94DHCP conflict table
addresses, 221DNS cache entries, 212
renaming VLANs, 60, 66renew dhcp gi command, 219renewing leases, 219repeaters, 4replacing switch stacks,
104–105replay attacks, 178reported distance in EIGRP,
158Representational State
Transfer (REST) APIs, 298
reprovisioning switches, 56Request messages in DHCP,
219request packets in ARP, 111request process for web
browsers, 5resiliency in dynamic routing
protocols, 129REST (Representational
State Transfer) APIs,298
restoring IOS, 292restricted OIDs in SNMP,
277Reverse Address Resolution
Protocol (RARP), 46reverse lookups in FQDNs,
208
RFC 1918IP addresses, 26IPv6 addresses, 33NAT addresses, 228
RIDs. See router IDs (RIDs)right-to-use licenses, 283RIP. See Routing Information
Protocol (RIP)RIR (Regional Internet
Registry), 32roaming, 7–8ROAS. See router on a stick
(ROAS)rogue wireless access points,
250rolled cable, 16rolling back running-config
archives, 293ROMMON system
booting, 292description, 291
root bridgesCST, 83RSTP, 88–91STP, 80switches, 84–85, 87,
91–92, 315root ports
RSTP, 89–90, 302STP, 81switches, 86–87VLANs, 91
round-robin schedulers, 204routable networks, 118route summarization for
dynamic routers, 129routed VLANs, 62–63Router Advertisement
messages, verifying, 174
router bgp command, 200router eigrp command, 159router-id command, 143,
153, 164router IDs (RIDs)
adjacencies, 147determining, 139EIGRP, 160
OSPF, 142–143OSPFv3, 151, 154
router on a stick (ROAS)ARP, 128bandwidth, 124configuring, 127–128encapsulation, 127examples, 305vs. inter-VLAN routing,
127interface configuration,
124IP addresses, 128multiple interfaces, 123routing, 124scalability, 123subinterface names, 125switch port mode, 125verifying, 127
router ospf command, 141router rip command, 170Router Solicitation (RS)
messages, 31routers
activation keys, 283adjacencies, 142, 144,
146–150, 152, 154–155
areas, 150bandwidth, 126–127broadcast domains, 4centralized authentication,
269clock, 287configuring, 115–116,
219–220, 281costs, 147, 151CPU utilization, 297default configuration
registers, 289default priority, 226disconnecting network
admin from, 269displaying, 227features display, 283hello timers, 144IGPs, 133internal time clock, 236
458 routes and routing – Secure Sockets Layer (SSL)
bindex--.indd 02/28/2017 Page 458
IP SLAs, 279IPv6 addresses, 29names, 285neighbors, 154passwords, 265, 268setup mode, 286switch connections, 16synchronizing, 235–236updates, 130wildcard masks, 146
routes and routingadministrative distance,
122, 304BGP, 134configuring, 118, 120–
121creating, 115, 120–121criteria, 109description, 112destination, 119determining, 161–162DoD model, 3EIGRP, 123HSRP, 226network administrator
intervention, 109packets, 173ROAS, 124secondary, 118to subinterfaces, 125summarization, 114testing, 112verifying, 201between VLANs, 65, 124,
135–137Routing Information
Protocol (RIP)administrative distance,
121advertising, 305Bellman-Ford routing
algorithm, 132configuring, 168distance-vector protocols,
112, 130hop counts, 168overhead, 129
router updates, 130topologies, 315
Routing Information Protocol (RIP) ng, 172
Routing Information Protocol (RIP) v2
advertising, 168–169, 172Bellman-Ford routing
algorithm, 170configuring, 170convergence wait time,
170default routes, 169discovered routes, 169holddown timers, 171invalid timers, 169load balancing, 172metrics, 168routing loops, 170routing tables, 172split horizons, 172
routing loopsdescription, 113distance-vector protocols,
131holddown timers, 132link-state protocols, 131RIPv2, 170split horizons, 316
routing tablesadministrative distances,
121convergence, 132default routes, 114displaying, 112dynamic routing, 112IP addresses, 109, 117IPv6 routes, 135link-local addresses,
134–135metrics, 114missing entries, 117RIPv2, 172route time in, 115static routes, 114
RS (Router Solicitation)messages, 31
RSPAN (Remote Switch PortAnalyzer), 296
RSTP. See Rapid Spanning Tree Protocol (RSTP)
rules for access lists, 320running-config file
archive process, 291archives, 292–293displaying, 287filters, 287, 289next hops, 119restoring configuration
to, 281VLANs in, 75
SSaaS (Software as a Service),
11SBI (southbound interface) in
SDN, 298scalability
dynamic routing protocols, 128
eBGP, 199EIGRP, 156IPSec, 196OSPF, 140ROAS, 123VPNs, 318
schedules for IP SLAs, 280scope with relay agents, 214SCP (SSH Copy Protocol)
access to, 290enabling, 290encryption, 290
sdm prefer lanbase-routingcommand, 125
SDM (Switching Database Manager), 126
SDN. See software-defined network (SDN)controllers
secondary routes, 118Secure Sockets Layer (SSL),
250
security – show ip ospf interface command 459
bindex--.indd 02/28/2017 Page 459
securityclient SSL/VPN, 194–195ports. See port securityprivate WANs, 195SNMP, 276static routing, 128VLANs, 58, 60–61WAN connections, 306
segmentation, switchesfor, 48
Sense column in IP SLAsICMP echo probes, 280
sequence andacknowledgmentnumbers in TCP, 6
serial cable terminal specifications, 16
serial connectionsclocking, 193encapsulation, 177wiring problems, 192
serial interfaceskeepalives, 189point-to-point
connections, 119serial numbers for switches,
289Serial0/0 is administratively
down message, 17Server Load Balancing as a
Server (SLBaaS), 12service-level agreements
(SLAs)checking, 279description, 279IP. See IP SLAs
service password-encryption command, 267
service-policy USER-MAPout command, 318
service timestamps log datetime command, 284
Session layerdialog control of
applications, 3SQL, 300
setup mode for routers, 286
severity levelsconsole logging, 284events, 279
sh cdp entry * command, 96shaping traffic
Metro Ethernet, 198quality of service, 203–204
shortened IPv6 addresses, 29show access-list command,
262show archive command,
292–293show cdp interface
command, 97show cdp neighbors detail
command, 96, 282, 288show clock command, 286show clock detail command,
236show controllers serial
command, 192show dhcp lease command,
214show etherchannel
command, 99, 102show etherchannel load-
balance command, 101show file systems command,
280show history command, 285show hosts command, 211show interface command,
141show interface brief
command, 174show interface fastethernet
Switchport command, 69show interface gi switchport
command, 126show interface status
command, 17show interface trunk
command, 127show interface tunnel
command, 188show interfaces fast
switchport command, 18
show interfaces FastEthernetswitchport command, 61
show interfaces Gi command, 93
show interfaces gi trunkcommand, 78
show interfaces statuscommand, 42, 56
show interfaces switchport command, 61, 76
show interfaces trunkcommand, 68, 76
show ip access-list command,259
show ip arp command, 111show ip bgp neighbors
command, 200show ip cef command, 317show ip dhcp bindings
command, 222show ip dhcp conflict
command, 220show ip dhcp pool command,
221show ip dhcp snooping
binding command, 252show ip eigrp neighbors
command, 160show ip eigrp topology
command, 161show ip interface command,
214show ip interface brief
command, 126show ip interface fast
command, 262show ip interfaces brief
command, 117show ip nat statistics
command, 232show ip nat translations
command, 232show ip ospf command, 142show ip ospf database
command, 144show ip ospf interface
command, 143
460 show ip ospf neighbor command – Simple Network Management Protocol (SNMP)
bindex--.indd 02/28/2017 Page 460
show ip ospf neighborcommand, 142, 148
show ip protocols command,150, 161, 163, 168–169
show ip rip database command, 169, 172
show ip route command,112, 122, 150, 304
show ip route longer-prefixes command, 201
show ip routes static command, 130
show ip sla historycommand, 280
show ipv6 dhcp interfacecommand, 218
show ipv6 eigrp neighborscommand, 165
show ipv6 eigrp topologycommand, 166
show ipv6 interface gicommand, 34
show ipv6 interfaces brief command, 28, 134
show ipv6 neighbors command, 174
show ipv6 ospf command, 152show ipv6 ospf interface
command, 152show ipv6 ospf neighbors
command, 154show ipv6 protocols
command, 165show ipv6 route command,
29, 135show ipv6 route connected
command, 135show ipv6 route eigrp
command, 165show ipv6 route ospf
command, 151show license feature
command, 283show license udi command,
283show lldp neighbor detail
command, 96
show lldp neighbors detail command, 282
show mac address-table command, 17, 41
show mac address-table count command, 43
show mac address-table interfaces fast command, 47
show mls qos interface command, 205
show monitor session all command, 295
show ntp associations detailcommand, 236
show ntp status command,237
show port-securitycommand, 18, 243, 245
show port-security addresscommand, 247
show port-security interface gi command, 243,247–248
show ppp all command, 179show ppp multilink
command, 178show pppoe session
command, 182, 184show pppoe summary
command, 183show processes command, 297show running-config | begin
command, 289show running-config |
include snmp command, 287
show running-configurationcommand, 211, 245
show running gi command, 287
show snmp community command, 277
show snmp group command, 278
show snmp host command, 277
show snmp user command, 278
show spanning-treecommand, 92
show spanning-tree interface fa command, 94
show spanning-tree interface gi command, 91
show spanning-tree summarycommand, 85, 94
show spanning-tree vlan command, 85, 315
show standby command, 226show switch command, 105show switch stack-ports
command, 105show tcp brief command, 201show terminal command, 288show version command, 289,
291–292, 310show vlan command, 18, 59show vlan id command, 60show vtp status command,
68, 78–79shutdown command, 244Simple Mail Transfer
Protocol (SMTP)Process/Application layer,
3protocols and ports, 6
Simple Network Management Protocol(SNMP)
ACLs, 276authentication, 275, 277community names, 320community strings, 276configuring, 276contact information, 276encryption, 275Inform SNMP messages,
275–276management information
base, 275–276network management
stations, 275NMS polling, 275
single-homed technology – SQL (Structured Query Language) 461
bindex--.indd 02/28/2017 Page 461
OSI reference model, 3ports, 277Process/Application
layer, 3restricted OIDs, 277trap messages, 275–277,
320trap notification, 243verifying, 277–278views, 277–278
single-homed technologyeBGP, 199fault tolerance, 190
single-mode fiber cable,16, 312
6to4 tunnel, 28size
flash storage, 280, 289MTU, 53SPAN destination ports,
295terminal history, 285
SLA responders, 279–280SLAAC. See Stateless
Address Autoconfiguration (SLAAC)
SLAs (service-level agreements)
checking, 279description, 279IP. See IP SLAs
SLBaaS (Server LoadBalancing as a Server), 12
sliding windows in TCP, 6small enterprises, collapsed-
core model for, 14small networks
distance-vector protocols,131
static routing, 130SMARTnet contracts, 282SMTP (Simple Mail Transfer
Protocol)Process/Application layer, 3protocols and ports, 6
SNMP. See Simple Network Management Protocol(SNMP)
snmp-server communitysnmpreadonly read-onlycommand, 276
snmp-server contact command, 276
snmp-server enable traps command, 277
snmp-server host version 2cC0mmun1ty command, 277
snmp-server view INT-VIEW ifIndex include command, 278
SOA (Start of Authority) records, 319
soft resets for BGP neighbors, 200
Software as a Service(SaaS), 11
software-defined network(SDN) controllers
APIC-EM, 298control plane, 297management plane, 310NBI, 298SBI, 298
solicited-node multicastmessages, 313
solutions, monitoring, 18source interface
extended ping, 295SPAN, 295
source MAC addressesEtherChannel, 100learning, 39port security, 241
sources for IP SLAs, 279
southbound interface (SBI) in SDN, 298
SPAN. See Switch PortAnalyzer (SPAN)
spanning-tree bpduguarddisable command, 94
spanning-tree bpduguardenable command, 93
spanning-tree portfast command, 92
spanning-tree portfast defaultcommand, 92, 94
Spanning Tree Protocol (STP)bridge port roles, 81, 83bridge priority, 82–83control plane, 297convergence problems,
81, 92default mode, 84distributed process, 79802.1d specification, 79link costs, 80loops, 80port blocking state, 82port transitions, 81root bridges, 80root ports, 81RSTP compatibility, 83, 88switching loops, 39topology changes, 83unconfigured, 47
spanning-tree vlan prioritycommand, 85, 90–91
spanning treesPortFast mode, 315VLANs, 85
speedCAT5e cable, 17displaying, 56interfaces, 55link costs, 80links, 201setting, 54–55switches, 48–49
speed auto command, 55split horizons
RIPv2, 170, 172routing loops, 316
spoofing IP address, 250SQL (Structured Query
Language)routing protocols, 298Session layer, 300
462 SSH – Switch Port Analyzer (SPAN)
bindex--.indd 02/28/2017 Page 462
SSHaccess lists, 257authentication, 268configuring, 267default sessions, 293enabling, 266–267encryption keys, 266–267login banners, 269MOTD banners, 269vs. Telnet, 266
SSH Copy Protocol (SCP)access to, 290enabling, 290encryption, 290
SSIDsextended service sets, 7WLCs, 63
SSL (Secure Sockets Layer),250
stacking switches, 103–105StackWise 3750 platform,
104standard access control lists
conditions, 254configuring, 256named, 256placing, 260processing overhead, 254
standard access listsdescription, 257ranges, 254
standby preempt command, 226
standby timers msec mseccommand, 228
standby track serial command, 226–227
star topologyautonomous WAP, 15core layer, 15description, 14–15IOS versions, 288two-tier design model, 15
Start of Authority (SOA) records, 319
startup-config filebackups, 281
extended VLANconfiguration, 63
NVRAM, 281, 291startup configuration static
routes, 118State Frame Delimiter (SFB)
byte, 53state transitions in PortFast
mode, 93stateful DHCPv6
addressing, 34description, 218process, 32
Stateless AddressAutoconfiguration (SLAAC)
configuring, 31DAD, 32DHCPv6 servers, 216ICMPv6, 31, 300IPv6 hosts, 32
stateless DHCPv6 servers, 31static access ports, 62static environments for port
security, 242static hostname entries, 209static IPv6 addresses, 28static Network Address
Translation, 228, 231–232
static routesadministrative distances,
114, 122administrator
intervention, 129bandwidth, 128benefits, 117configuration time, 129default routing, 128displaying, 130network administrator
intervention, 109security, 128small networks, 130startup configuration, 118
static trunks, 78static VLANs, 60
statistics for IP SLAs ICMP echo probes, 280
sticky port security, 243, 245store and forward method in
CRC, 44, 48–49STP. See Spanning Tree
Protocol (STP)straight-through cable, 16,
300stratum in NTP, 318Structured Query Language
(SQL)routing protocols, 298Session layer, 300
subinterfacesconfiguring, 314names, 125routing to, 125
subnet masksCIDR notation, 19, 22default, 19destination networks, 109hosts, 19–20, 22
subnetsIPv6 addresses, 29–30routing, 126
subordinate switches, 105successor routes in EIGRP,
158summary routes, 114, 305super backbone routers, 197supernetted addresses, 22supplicants 802.1x, 252–253SVI inter-VLAN routing
(IVR), 123SVI routing
IP addresses, 125between VLANs, 124
SVI VLAN interfaces, 126Switch Port Analyzer (SPAN)
configured sessions, 295configuring, 295destination port, 295–296multiple switches, 296packet capturing, 294session removal, 296source interface, 295
switch stacks – switchport trunk allowed vlan add command 463
bindex--.indd 02/28/2017 Page 463
switch stackscables, 105forwarding tables, 104IOS upgrades, 105limits, 103managing, 104master switches, 104–106maximum, 103replacing, 104–105subordinate switches, 105
switchesauthentication, 268auto-negotiation, 55bandwidth, 60benefits, 39BPDU Guard, 93bridge IDs, 80bridge port roles, 81, 83bridge priority, 82–83CDP on, 95centralized authentication,
269collisions, 3, 45connections, 43, 67CRC, 44crossover cable
connections, 16cut-through mode, 47default configuration
registers, 289default VLANs, 56disconnecting network
admin from, 269displaying, 314duplex, 314802.1x, 252EtherChannel, 102features display, 283flooding, 49, 51forward/filter decisions,
39, 44, 301fragment-free mode, 44frame dropping, 51frame forwarding, 39hub replacements, 43hubs in, 56internal time clock, 236
latency, 48layer 2, 48loop avoidance, 43low latency, 39MAC addresses, 41micro-segmentation, 50mode desirable auto, 73non-designated ports, 86,
88OSI reference model, 2PAgP, 100–101passwords, 265, 268Rapid Per-VLAN
Spanning Tree+enabling, 85
reprovisioning, 56rolled cable connections,
16root bridge connections, 87root bridges, 84–85,
91–92, 315root ports, 86–90router connections, 16segmentation, 48serial numbers, 289store and forward
method, 48–49STP default mode, 84switching loops, 39synchronizing, 235time and date, 286topology changes, 83transparent mode, 315trunks and trunking,
64–65, 67–68,70–79, 102–103
VMs, 10VTP configuration for,
68–69VTP mode, 68wire speed, 48–49
switching, core layer, 13Switching Database Manager
(SDM), 126switching loops
PortFast mode, 92STP, 39
switching path delays in NAT, 228
switchport access vlan command, 57, 63, 66, 76
switchport mode accesscommand, 58, 76, 242, 303
switchport mode dynamicauto command, 76
switchport mode dynamicdesirable command, 76
switchport mode trunkcommand, 70–71, 73, 77–78
switchport nonegotiate command, 70, 76–77,303
switchport nonnegotiate command, 242
switchport port-security command, 241–242
switchport port-security aging time command, 248
switchport port-security mac-address command,244
switchport port-security mac-address stickycommand, 244
switchport port-security maximum 2 command,242
switchport port-security violation protect command, 243
switchport port-security violation restrictcommand, 243
switchport port-security violation shutdowncommand, 243
switchport trunk allowed vlan command, 301
switchport trunk allowed vlan add command,70–71, 79
464 switchport trunk allowed vlan all command – topology changes in STP
bindex--.indd 02/28/2017 Page 464
switchport trunk allowed vlan all command, 70
switchport trunkencapsulation dot1qcommand, 71, 73, 77
switchport trunkencapsulation 802.1qcommand, 67–68
switchport trunk native vlan command, 69
switchport voice vlan command, 57, 66
switchportsaccess, 301, 303access mode, 319access ports, 76, 303designated state, 303native VLANs, 252trunk configuration, 57,
302SYN flags in three-way-
handshake process, 312synchronization
preambles, 52public clouds, 12routers and switches,
235–236VLAN databases, 303
syslog console messages, 310syslog facility logging, debug
level, 320syslog servers
configuring, 278event security levels, 279management plane, 297ports, 278verifying, 278warnings, 284
TT1 leased lines, 189TACACS+ (Terminal Access
Controller Access Control System) protocol
authentication, 309
backups, 271benefits, 270configuring, 270encryption, 271ports, 270Telnet, 270
tagging frames, 72tail drop
congestion avoidance, 205QoS queues, 204
TCPsequence and
acknowledgmentnumbers, 6
SMTP, 6three-way handshakes,
6, 312window size, 6
TCP conversation state forfirewalls, 9
TCP portsDNS domain zone
transfers, 209eBGP messages, 199TACACS+, 270
telephone company central office, 195
TelnetAAA servers, 270access lists, 319authentication, 268connections, 174passwords, 265, 267Process/Application layer, 3vs. SSH, 266terminal emulation, 4
10GBase-CX data centers, 17terminal emulation in Telnet,
4terminal history size
command, 285terminal monitor command,
293terminal no monitor
command, 293terminal specifications for
serial cable, 16
testing routes, 112TFTP in Process/Application
layer, 3TFTP servers
booting, 291IOS image backups, 292IOS upgrades, 289
three-tier design modelaccess layer, 14access layer switches, 13core layer, 15core layer switches, 13description, 13distribution layer, 14distribution layer
switches, 13three-way-handshake process
requirements, 6SYN and ACK flags, 312window size, 6
time drift in NTP, 237time for switches, 286time-period command, 293time periods in archives, 293time stamps, logging, 284time synchronization for
routers and switches,235–236
time to live (TTL) valueARP caches, 111DNS, 209, 319IP headers, 306packets, 110
time zone settings, 284timers
adjacencies, 152CDP, 95EIGRPv6, 165HSRP, 224, 228IP SLAs ICMP echo
probes, 279–280LLDP, 96RIPv2, 169, 171routers, 144routing loops, 132verifying, 152
topology changes in STP, 83
topology databases – usernames 465
bindex--.indd 02/28/2017 Page 465
topology databaseslink-state protocols, 131STP, 79
topology tablesEIGRP, 156–159routers, 150
traceroute command, 17description, 173extended, 296hops, 188ICMP queries, 174
tracert command, 227traffic flow in StackWise
3750 platform, 104traffic forwarding
troubleshooting, 18VLANs, 62
traffic markings, 205traffic shaping
Metro Ethernet, 198quality of service,
203–204transparent VTP mode, 72,
75, 315Transport layer
connection-oriented communication, 2
flow control, 5PDUs, 4
transport ssh telnetcommand, 266
trap messages in SNMP, 243, 275–277, 320
troubleshootingescalating problem, 18isolating problems, 18monitoring solutions, 18
trunks and trunkingallowing, 70–71BPDU Guard, 93creating, 76DTP links, 315802.1Q protocol, 124EtherChannel, 102–103interface mismatches,
77–78ISL, 72
open standard protocols, 69
protocol mismatches, 71protocol support, 67–68ROAS, 125static trunks, 78switches, 64–65, 67, 302verifying, 68VLAN access, 69–70VLAN identifying
information, 68VLAN mismatches,
72–75, 77VLANs allowed, 78
trust boundaries in quality of service, 203, 307
trusted network firewalls, 249TTL. See time to live (TTL)
valuetunnels, GRE. See Generic
Routing Encapsulation(GRE)
2.4 GHz spectrum non-overlapping channels, 8
two-tier design modellayer switches, 13star topology, 15
2960-XR switches, 125type field
frames, 53purpose, 313
UUDP. See User Datagram
Protocol (UDP)UDP ports, 277
AAA servers, 253DHCP, 214–215DNS, 208GLBP, 224HSRP, 223NMS polling, 275RADIUS, 270SNMP, 277syslog servers, 278
UIDs (unique IDs),obtaining, 283
unequal-cost load-balancing paths in EIGRP, 316
unicastsEIGRP, 156–157global addresses, 32purpose, 25
Uniform Resource Identifiers(URIs) for firewalls, 9
unique IDs (UIDs), obtaining, 283
unique-local addresses,32, 35
universal images, 282“% Unrecognized host or
address or protocol not running” message,211
untrusted mode for DHCP snooping, 249, 251
updatesEIGRP, 158OSPF, 139routers, 130
upgrades, IOS, 289URIs (Uniform Resource
Identifiers) for firewalls, 9
User Datagram Protocol (UDP)
decision factors, 6DHCP, 216DNS, 6flow control, 300lost segments, 5ports. See UDP ports
user management, flexibility in, 56
username password ciscocommand, 179
username passwordPassword20! command, 267
usernamesmismatches, 317switches, 268
466 variance – VLANs
bindex--.indd 02/28/2017 Page 466
Vvariance
EIGRP, 160EIGRPv6, 166
variance 2 command, 161verify /md5 flash command,
289verifying
ACLs, 262adjacencies, 142BDP connections, 201BGP neighbors, 200clocking, 192configuration registers,
291DNS name resolution, 211EIGRP, 163exec timeout, 288flash storage, 280, 289GRE tunnels, 188hello/dead timers, 152hello packets, 143hostnames, 211HSRP, 226interfaces, 61IOS images, 281IOS versions, 292IP addresses, 117, 214IPv6 addresses, 134, 218leases, 222load balancing, 101master switches, 105multiLink PPP, 178network settings, 173OSPFv3, 151PortFast mode, 94ROAS, 127Router Advertisement
messages, 174router IDs, 142routes, 201SNMP, 277–278syslog servers, 278trunks, 68VLANs, 59VTP mode, 68
version 2 command, 168, 170Version field for IPv6
addresses, 28views in SNMP, 277–278violation mode in port
security, 248virtual interfaces for VLANs,
305virtual machines (VMs)
description, 10switches, 10
virtual network function (VNF) devices
benefits, 12examples, 12routers, 12
Virtual Private Networks(VPNs)
data integrity, 194scalability, 196, 318
Virtual Router Redundancy Protocol (VRRP)
configuring, 226FHRP, 222
virtual routersdescription, 12HSRP, 318HSRP groups, 224
virtual switches, 10vlan command, 58, 61, 63,
66vlan.dat database, 56, 315VLAN hopping attacks, 253,
319VLAN Trunking Protocol
(VTP)configuring for new
switches, 68–69database synchronization,
303database updates, 77functions, 72pruning, 73, 78–79transparent mode, 315versions, 58VLAN conformity, 74VLAN databases, 78
VLANsaccess lists, 301allowed, 78allowed list setting, 70–71bandwidth, 60broadcast domains, 60collision domains, 60conformity, 74creating, 59–60, 63–64database propagation, 72database synchronization,
303databases, 78default, 56default vs. native, 63deleting, 57, 59DHCP snooping, 251dynamic, 60enabling, 61Ethernet traffic, 79extended configuration,
63extended IDs, 56extended ranges, 58frame tags, 314frames, 59ID removal, 57, 301implementing, 64jumbo frame support, 58mismatches, 72–75MTU, 62, 67native. See native VLANsnormal ranges, 59port channel access, 101priority, 85pruning, 73renaming, 60, 66root bridges, 85, 91–92root ports, 91routed, 62–63routing between, 65, 124,
135–137running-config, 75security, 58, 60–61spanning trees, 85static, 60static access ports, 62
VMs (virtual machines) – zones in email servers 467
bindex--.indd 02/28/2017 Page 467
traffic forwarding, 18, 62trunk access, 69–70unnamed, 64verifying, 59virtual interfaces, 305vlan.dat database, 315VoIP phones, 57, 66VTP versions, 58
VMs (virtual machines)description, 10switches, 10
VMware ESXi serverconnections, 77
VNF (virtual networkfunction) devices
benefits, 12examples, 12routers, 12
VoIP phonesCoS value, 204delay, 203port security, 242provisioning, 61switching traffic to
VLANs, 57VLAN support, 66
VPNs (Virtual Private Networks)
data integrity, 194scalability, 196, 318
vrrp ip command, 226
VRRP (Virtual RouterRedundancy Protocol)
configuring, 226FHRP, 222
VTP. See VLAN TrunkingProtocol (VTP)
vtp domain corpnamecommand, 68–69
VTP modedefault, 68transparent, 66–67, 72, 75verifying, 68
vtp mode client command,68–69
vtp pruning command, 73
Wwait time in STP
convergence, 81WAN connections
DMVPN, 307error detection and
correction, 317multicast packets, 306PPP, 306scalability, 318
WAPs. See wireless access points (WAPs)
warnings in syslog servers, 284
web browser requestprocess, 5
web serversIP addresses, 27scaling in SLBaaS, 12
wildcard masksfilters, 255–256routers, 146
window size in TCP, 6wire speed of switches, 48–49wireless access points (WAPs)
extended service sets, 7man in the middle attacks,
250star topology, 15WLCs, 8
wireless LAN controllers (WLCs)
centralized authentication, 7
roaming, 7–8SSIDs, 63WAPs, 8
Wireshark utility, 295wiring problems for serial
connections, 192
Zzone connections in ASA, 9zones in email servers, 9