Index

Numerics“10/100” ports, 87“10/100/1000” ports, 9010 Mbps Ethernet, 85–8610GbE, 90–91

PMD types, 91switch compatibility listing, website, 91

10-Gigabit Ethernet Alliance, 9020/80 rule, 19, 11880/20 rule, 18, 118802.11 standard

802.11a, 463–464802.11b, 460

channels, 461data rates, 462

802.11g, 463ASDs, 481authentication methods, 476–477backward compatibility, 463BSS, 440frame type compliance, 460regulatory agencies, 459–460security

EAP-based, 477–479WPA, 479–480WPA2, 480

service sets, ESS, 440802.1Q. See IEEE 802.1Q802.1x, configuring, 392

Aabsorption, 448–449access layer, 21accessing trunks with switch spoofing,

420–422aCEF (Accelerated CEF), 299

ACLs (access control lists), 64. See also VACLs

active scanning, 484–485active STP features, verifying on switch

ports, 254adding text descriptions to switch ports, 96ad-hoc wireless networks, 439adjacency table, 299

contents, displaying, 300discard adjacencies, 302drop adjacency, 301null adjacencies, 301punt adjacencies, 302

adjacent hosts, 297advertisements, VTP, 139–141

requests, 143–144subset advertisements, 142summary advertisements, 142

AES (Advanced Encryption Standard), 480

aggressive mode (UDLD), 252alternate port on RSTP topology, 264AM (amplitude modulation), 446anchor points, 518ANSI (American National Standards

Institute) X3T11 FibreChannel. See FibreChannel

answers to scenariosscenario 1, 544scenario 2, 544–545scenario 3, 545scenario 4, 545–546scenario 5, 547scenario 6, 547–548scenario 7, 548–549scenario 8, 550scenario 9, 551

antenna gain, 456

antennas, 457diversity, 458highly directional, 458–459omnidirectional, 457–458semi-directional, 458

application-specific integrated circuits (ASICs), 10

applying VACLs to VLAN interfaces, 414APs (access points), 440–442. See also

lightweight APsASDs, 481associations, 482–486autonomous

management processes, 504real-time processes, 504SSIDs, 502–503traffic patterns through, 502

cells, 442–443coverage, expanding, 444–445microcells, 445sizing, 488–489

channels, layout considerations, 489–492current running mode, displaying, 528lightweight

inter-controller roaming, 514–518intra-controller roaming, 512–513roaming, 511

overall gain, calculating, 456–457RF communication, EIRP, 456roaming, 444, 482–484

associations, 486implications of, 486–487scanning process, 484–485

security, implementing, 475–480signal strength, 452–453

dB values, 453–454increase in, 455–456loss of, 454–455

ARP inspection, configuring, 399–401ARP spoofing, 400ARP throttling, 301ASDs (application-specific devices), 481ASICs (application-specific integrated

circuits), 10assessing

current traffic patterns, 47interface data rates, 46–47

assigningdescriptions to switch ports, 96management addresses to VLANs, 40switch ports to VLANs, 116

associating secondary VLANs to primary VLAN SVI, 419–420

associations, 440, 482–486attributes of core devices, 22authentication

in 802.11 networks, 476–477MD5, 321port-based

configuring, 392–394example, 394

automatically configuring STP timers, 231–232

autonegotiation, 8710/100/1000 ports, 9autonomous APs, 501management processes, 504real-time processes, 504SSIDs, 502–503traffic patterns through, 502

Auto-QoS, 375–378autosensing on Catalyst switches, 92AVF (active virtual forwarder), 330–333AVG (active virtual gateway), 330–331avoiding collisions in WLANs, 436–437

DCF, 437–438

612

Bbaby giant frames, 123BackboneFast, 236

enabling, 236–237backup port on RSTP topology, 264backward compatibility of 802.11

standards, 463bands, 446

ISM, 461best effort QoS, 367–368best practices for securing Catalyst switches,

401–404Blocking state (STP), 197bootstrap process for LAPs, 508BPDU filtering, 254BPDU Guard, 248–249BPDUs (bridge protocol data units)

Configuration BPDUs, 189–190convergence, 267in RSTP topology, 265MST, 274protecting against sudden loss, 250Root Guard, 247–248RSTP, 265TCN BPDUs, 200

Bridge IDs, 191bridging, transparent

redundancy, 187–188versus Ethernet switches, 185–186

bridging loops, 187broadcast storms, 188preventing, 189

broadcast domains, 14flat networks, 113

broadcast storms, 188BSS (Basic Service Set), 440BSSI (Basic Service Set Identifier)

field, 460building access switches, 21building block model

core block, 36–38enterprise edge block, 40–41network management block, 40server farm block, 39–40service provider edge block, 41

bundled ports (EtherChannel), 165distributed EtherChannel traffic,

165–167troubleshooting, 172–175

Ccabling

Category 5 crossover cables, 93connecting to switch console port, 92Ethernet

distance limitations, 86Fast Ethernet specifications, 87

calculatingEIRP, 456Fresnel zone radius, 451–452overall gain, 456–457Root Path Cost, 193

CAM (Content Addressable Memory), 64CAM tables, 69–70

duplicate entries, handling, 70entries, viewing, 74stale entries, 69static entries, configuring, 69troubleshooting, 75

campus networks, 13building block model

core block, 36–38enterprise edge block, 40–41network management block, 40server farm block, 39–40service provider edge block, 41

dual-core with Layer 2 distribution switches, 41–42

LAN segmentation model, 15–17modular design, 31

core block, 35–38switch block, 32–35

network traffic models, 18–19predictable network model, 19–20shared network model, 13–14

campus-wide VLANs, deploying, 118–119canonical format, 123carrier signals, 446Catalyst switches

autosensing, 92Fast Ethernet ports, 92NSF, configuring, 343port security, 389–391PortFast feature, 205ports, configuring, 94power supply redundancy, configuring,

343–345redundancy modes, 339

configuring, 340–341

baby giant frames

613

securing, best practices, 401–404supervisor synchronization,

configuring, 342UDLD, default message interval times, 253

Category 5 crossover cables, 93CCX (Cisco Compatible Extensions), 481CDP (Cisco Discovery Protocol), 43

discovering network topology, 44–46CEF (Cisco Express Forwarding), 66, 295.

See also fallback bridgingadjacency table, 299, 301configuring, 303entry information, displaying, 298FIB, 296, 299glean state, ARP throttling, 301packet rewrites, 302–303process switching, 68verifying operation, 307–308

cells, 442–443coverage, expanding, 444–445microcells, 445sizing for WLAN design, 488–489

CFI (Canonical Format Indicator), 123channel reuse, 490channel-protocol command, 170channels, 447

802.11b, 461layout considerations, 489–492spectral masks, 461

Cisco ILP (Inline Power), 357Cisco IP Phones

inline power, 359–360PoE, 357

configuring, 360powered device detection, 358–360verifying power status, 360–361

trunking modes, 363Cisco Unified Wireless Network, 503

traffic patterns within, 509–511class selector bits, 371–372classification, 372–373clearing port cache, 390client mode (VTP), 140

configuring, 146collapsed core block, 36–37collision domain, 13collisions

avoiding in WLANs, 436–437DCF, 437–438

preventing, 15

commandschannel-protocol, 170debug spanning-tree switch state, 198errdisable detect cause, 98interface range, 95lacp port-priority, 172name, 116no shutdown, 294show adjacency summary, 300show cdp neighbors, 44show cdp neighbors detail, 45show dot1x all, 394show etherchannel load-balance, 175show etherchannel port, 173show etherchannel port-channel, 168show etherchannel summary, 173show glbp, 336show interface, 99show interface status, 305show interface switchport, 364show interface trunk, 129–130show interfaces switchport, 129show ip cef, 297show ip interface, 306show ip interface brief, 307show lacp sys-id, 175show mac address-table, 74show port-security interface,

391–392show power, 345show spanning-tree interface,

198, 229, 365show spanning-tree vlan,

232, 271show vlan, 116, 305show vlan id, 128show vpt counters, 148show vtp, 153show vtp status, 144, 148shutdown, 99, 305spanning-tree guard loop, 251spanning-tree guard root, 248spanning-tree portfast, 270speed, 97switchport, 116, 124, 292–293switchport host, 404switchport priority extend trust, 379udld, 252vtp mode transparent, 115

community VLANs, 415

community VLANs

614

comparingEthernet switches and transparent bridges,

185–186STP switch ports, roles versus states, 264wired and wireless LANs, 435–436wireless service sets, 439

conceding HSRP router election, 321–322

Configuration BPDUs, 189–190configuring

ARP inspection, 399–401BackboneFast, 236–237Catalyst switches

NSF, 343port security, 389–391power supply redundancy, 343–345redundancy mode, 340–341supervisor synchronization, 342

CEF, 303DHCP snooping, 395–397dual core blocks, 38EtherChannel, 170

LACP, 171load balancing, 167–168PAgP, 170

Ethernet switch ports, 88fallback bridging, 304interVLAN routing, 292

Layer 2 ports, 292Layer 3 ports, 293–294SVI ports, 294

IP Source Guard, 397–399LACP EtherChannel, 171–172LAPs, 524–528

power supply, 525switch port, 525–526

modular network designs, 31MST, 277–279PAgP negotiation, 170–171PoE, 360port-based authentication, 392

802.1x method lists, 393–394PortFast, 233–234PVLANs, 416–417

mapping promiscuous mode ports, 418–419

QoStrust, 374–375with Auto-QoS, 375–378

RPVST+, 271–272RSTP, 270static CAM table entries, 69static VLANs, 115–116STP

network diameter value, 200Root Bridge, 223–226timers, 230–231UDLD, 253

switch ports, 94–95duplex mode, 97speed, 96

UDLD message interval, 252VACLs, 413–414VLAN trunks, 124–126

example configuration, 126–127voice VLANs, 362–363VRRP, 328VTP, 144

client mode, 146example configuration, 148management domains, 145pruning, 151–152server mode, 145transparent mode, 146version, 146

WLC, 519–524congestion

80/20 rule, 18relieving, 13

connectingswitch block devices, 92–93to console ports, 92

connectivitycore blocks, 36–38logical, 113of switch ports, troubleshooting, 100–101

connectors for GbE, 93–94consistency checks, VTP version 2, 147console ports

connecting switch block devices, 92connecting to, 92

Control frames, 460controllers, foreign agents, 518convergence

controlling on STPwith BackboneFast, 236with PortFast, 233with UplinkFast, 234–235

comparing

615

of RSTP topology, 265port types, 266synchronization, 267–268

STP, tuning, 229–232STP timers, 199TCN BPDUs, 200

core block, 31, 35–38collapsed core, 36–37dual core, 37–38scaling, 38–39

core layer, 22CoS (class of service), 369criteria for process switching, 68crossover cables, Category 5, 93CSMA/CA (carrier sense multiple access

collision avoidance), 436–437CSMA/CD (carrier sense multiple access

collision detect), 85CST (Common Spanning Tree), 206current traffic patterns, assessing, 47customizing STP, 226–227

Port ID, 228–229Root Path Cost, 227–228timers, 230–231

DDAI (dynamic ARP inspection), 400

status information, displaying, 401Data frames, 460data rates for 802.11b standard, 462dB (decibel), 453dCEF (Distributed CEF), 299DCF (Distributed Coordination Function),

437–438debug spanning-tree switch state

command, 198decision processes for MLS packet

forwarding, 66–68default UDLD message interval times, 253defining

MST regions, 277–278VACL matching conditions, 413–414

delay, 367deleting VLANs from switch ports, 116demand-based switching, 65deploying VLANs, 117

end-to-end, 118–119local, 118

descriptions, adding to switch ports, 96designated ports

election procedure, 195–196on RSTP topology, 264selection of, 196–197

designingcampus networks

enterprise edge block, 40–41network management block, 40predictable network model, 19–20server farm block, 39–40service provider edge block, 41

enterprise networks, evaluating existing network, 42–47

hierarchical networksaccess layer, 21core layer, 22devices, 22distribution layer, 21

WLANs, 487AP cells, sizing, 488–489channel layout, 489–492

detectingduplex mode mismatches on links, 100–101switch port error conditions, 97–99

devicesdistribution layers, 21in hierarchical network design, 22Layer 2 switching, 10Layer 3 routing, 11Layer 3 switching, 11Layer 4 switching, 12MLS, 12

DHCP snooping, configuring, 395–397diffraction, 449–450DiffServ QoS model, 368–369

Layer 2 classification, 369Layer 3 classification, 370–371

class selector bits, 371–372drop precedence, 372

packet classification, 372–373trust boundaries, 373

DIFS (DCF interframe space), 437direct topology changes, 201–202Disabled state (STP), 197disabling

DTP, 126STP with BPDU filtering, 254

discard adjacencies, 302

discard adjacencies

616

discovering network topology, 43–47displaying

active EtherChannel parameters on ports, 175

adjacency table contents, 300AP current running mode, 528CAM table entries, 74CEF entry information, 298DAI status information, 401detailed GLBP configuration information,

337–338port configuration, 175port status, 391PortFast status, 234STP information, 237switch ports

in root-inconsistent state, 248speed, 99

trunking status, 126UpLinkFast status, 235VRRP status information, 328VTP management domain parameters, 148VTP status, 148–149

distributing EtherChannel traffic, 165–167distribution layer, 21

collapsed core block, 36diversity, 458“don’t care” bits, 72double tagging. See ISLdrop adjacencies, 301drop precedence, 372DSCP (Differentiated Service Code

Point), Layer 3 QoS classification, 370–371

DSSS (Direct Sequence Spread Spectrum), 462

DTP (Dynamic Trunking Protocol), 123–124disabling, 126

dual-core campus networks, 37–38with Layer 2 distribution switches, 41–42

dual-homing, 39duplex autonegotiation, 88duplex mode

link mismatches, detecting, 100–101switch port configuration, 97

duplicate CAM table entries, handling, 70dynamic auto trunking mode, 125dynamic data rate scaling, 462dynamic desirable trunking mode, 125dynamic VLANs, 117

EEAP-based security, 477–479

EAP-FAST, 479EAP-TLS, 478LEAP, 478PEAP, 479

EAP-FAST (EAP Flexible Authentication via Secure Tunneling), 479

EAPOL (Extensible Authentication Protocol over LANs )

configuring, 392port-based authentication, configuring,

392–394EAP-TLS (EAP-Transport Layer

Security), 478edge ports, RSTP, 266

configuring, 270EIRP (Effective Isotropic Radiated

Power), 456election process

of Designated Ports, 195–196

of Root Bridge, 191–192of Root Ports, 192–194

enablingBPDU guard as default, 249GLBP, 334–337loop guard as default, 251MST, 277–279PortFast, 270root guard, 248UDLD, 252VTP pruning, 151–152

encryption, AES, 480end-to-end VLANs, deploying,

118–119enterprise composite network model

core block, 35–36collapsed core block,

36–37dual core block, 37–38

enterprise edge block, 40–41network management block, 40server farm block, 39–40service provider edge block, 41switch block, 32–33

distribution layer, 33sizing, 33–35

enterprise edge block, 31, 40–41

discovering network topology

617

enterprise networksdesigning, 42–47end-to-end VLANs, deploying, 118

errdisable detect cause command, 98errdisable state, 249ESS (Extended Service Set), 440EtherChannel, 164

active parameters, displaying, 175bundled ports, 165configuring, 170hashing algorithm, 165LACP, 169

configuring, 171–172load balancing

configuring, 167–168verifying effectiveness of, 168

negotiation protocolsLACP, 169–170PAgP, 169–171

PAgP, 169configuring, 170

redundancy, 165routers, forwarding frames based on IP

address, 168traffic distribution, 165–167troubleshooting, 172–175XOR operation, 165

Ethernet10-Gigabit Ethernet, 90–9110-Mbps Ethernet, 85–86cabling, distance limitations, 86CSMA/CD, 85Fast Ethernet, 86

autonegotiation, 88backward compatibility, 87cabling specifications, 87FEC, 89FibreChannel, 89full-duplex, 87–89

full-duplex operation, 86GbE, 89–90

available SPF modules, 93–94port cables, 93–94

half-duplex operation, 85switch block connections, 92–93

Gigabit Ethernet port cables, 93–94examples

of port-based authentication, 394of TCAM tables, 72–73of VTP configuration, 148

expanding AP cell coverage, 444–445exploits, VLAN hopping, 422

thwarting, 423–424extended-range VLANs, 115

Ffallback bridging, 68, 303

configuring, 304verifying, 308verifying configuration, 308

Fast Ethernet, 86autonegotiation, 88backward compatibility, 87cabling specifications, 87Catalyst switch ports, 92FEC, 89FibreChannel, 89full-duplex, 87–89link speed, autonegotiation, 88links, duplex mismatches, 88switch ports, configuring, 88

FDDI (Fiber Distributed Data Interface), 10FEC (Fast EtherChannel), 89, 164FIB (Forwarding Information Base), 66,

296–298adjacency table, 299

Fiber Distributed Data Interface (FDDI), 10FibreChannel, 89fields of Configuration BPDUs, 190flat networks, 113flooding, VTP pruning, 149–152FM (frequency modulation), 446foreign agents, 518Forward Delay, 197Forward Delay timer (STP), 199, 230forwarding

framesdecision processes, 63–65Layer 2 switching, 10Layer 3 switching, 11oversize, 123

packetsLayer 3 routing, 11Layer 4 switching, 12

Forwarding state (STP), 197frame identification. See taggingframes

802.11 compliance, 460baby giants, 123

frames

618

BPDUsConfiguration BPDUs, 189–190TCN BPDUs, 200

forwarding through Layer 2 switches, 63–65

Layer 2 switching, 10Layer 3 switching, 11multicast, 14tagging

IEEE 802.1Q, 122internal tagging, 122

unknown unicast, 149, 186frequencies

bands, 446ISM, 461

channels, 447spectral masks, 461

modulationDSSS, 462ODFM, 463

Fresnel zones, 450–452full-duplex Ethernet, 435full-duplex Fast Ethernet, 87–89full-duplex operation, 86functionality, switching, 9–12functions of WLCs, 506–507

Ggateway redundancy, 317

GLBP, 330–337HSRP, 318–326verifying, 338VRRP, 327–329

GbE (Gigabit Ethernet)available SPF modules, 93–94port cables, 93–94

GBIC (Gigabit Interface Converter) modules, 93

Gigabit Ethernet media, 93–94GEC (Gigabit EtherChannel), 90, 164Get Nearest Server (GNS), 14Gigabit Ethernet, 89–90GLBP (Gateway Load Balancing

Protocol), 330AVF, 331–333AVG, 330–331displaying detailed configuration

information, 337–338

enabling, 334–337load balancing, 333verifying operation, 336

glean state, ARP throttling, 301GNS (Get Nearest Server), 14grouping resources into building blocks, 39

Hhalf-duplex operation, 85

in RSTP topology, 266in WLANs, 436

hardening Catalyst switches, best practices, 401–404

hardware-based bridging, 10hashing algorithm (EtherChannel), 165Hello Time interval (RSTP), 265Hello timer (STP), 199, 230hierarchical network design, 20

access layer, 21core layer, 22devices, 22distribution layer, 21migrating to, 47–50

highly directional antennas, 458–459host mode (switch ports), 416HSRP (Hot Standby Routing Protocol), 318

gateway addressing, 322–323hello time, decreasing, 319load balancing, 324–326MD5 authentication, 321plain-text authentication, 320router election, 318–320

conceding, 321–322

IIBSS (Independent Basic Service Set), 439identifying

switch ports, 96VLAN frames

IEEE 802.1Q, 122on trunk links. See tagging

IEEE 802.11 standard802.11a, 463–464802.11b, 460

channels, 461data rates, 462

802.11g, 463

frames

619

ASDs, 481authentication methods, 476–477backward compatibility, 463BSS, 440frame type compliance, 460regulatory agencies, 459–460security

EAP-based, 477–479WPA, 479–480WPA2, 480

service sets, ESS, 440IEEE 802.1d. See STP (Spanning Tree

Protocol)IEEE 802.1Q, 122, 272, 369

CST, 206native VLAN, 122TCI field, 123VID, 123

IEEE 802.1w. See RSTP (Rapid STP)IEEE 802.1x, configuring, 392IEEE 802.3 standard. See Ethernetimplementing

MST, 274security in WLANs, 475–476

EAP-based, 477–479WPA, 479–480WPA2, 480

independence, 265indirect failures on STP, 230indirect topology changes, 202–204initial LAP configuration, 526–528initial WLC configuration, 521inline power for Cisco IP Phones, 359–360.

See also PoE (Power over Ethernet)insignificant topology changes, 204–205inter-controller roaming, 514–518interface data rates, assessing, 46–47interface range command, 95interface range macro, 95interfaces

MAC addresses, clearing, 390SVIs, 294

internal tagging, 122interoperability of STP and RSTP, 265interVLAN routing, 291

configuring, 292interfaces, 292Layer 2 ports, configuring, 292Layer 3 ports, configuring, 293–294

multilayer switches, interface types, 292SVI ports, configuring, 294verifying, 304–307

intra-controller roaming, 512–513IntServ QoS model, 368IP addressing, VLANs, 117IP Source Guard, configuring,

397–399IP Telephony

Cisco IP Phonesinline power, 359PoE, 357–361trunking modes, 363

QoS, 366trust, configuring, 374–375verifying, 379

voice VLANs, 361–362configuring, 362–363verifying operation, 364–366

ISL (Inter-Switch Link), 121–122, 369ISM (Industrial, Scientific, and Medical)

band, 461isolated VLANs, 415IST (Internal Spanning Tree), 275

J-K-Ljitter, 367

keywords for CAM table commands, 69

LACP (Link Aggregation Control Protocol), 169–170

negotiation, configuring, 171–172lacp port-priority command, 172LAN PHY, 91LAN segmentation model, 15–17LAN switching, duplicate entries in CAM

table, handling, 70LANs

campus networkspredictable network model, 19–20shared network model, 13–14

Cisco Unified Wireless Network, 503Ethernet, 85–86

10-Gigabit Ethernet, 90–91cabling, distance limitations, 86CSMA/CD, 85Fast Ethernet, 86–87, 89

LANs

620

full-duplex operation, 86Gigabit Ethernet, 89–90half-duplex operation, 85

Token Ring, susceptibility to collisions, 13

LAPs (lightweight access points), 505bootstrap process, 508configuring, 524–528linking to WLCs, 505–506power supply, configuring, 525switch port, configuring, 525–526

latency, 367Layer 2 distribution switches on dual-core

campus networks, 41–42Layer 2 ports, interVLAN routing

configuration, 292Layer 2 QoS classification, 369Layer 2 switching, 10, 61

CAM table, 69–70entries, viewing, 74stale entries, 69static entries, configuring, 69troubleshooting, 74–75

frame processing, 63–65TCAM tables, 70

example, 72–73LOUs, 74port operation, 73structure, 70–71troubleshooting, 75VMR combinations, 71

transparent bridging, 61–63Layer 3 Engine, 296

CEFadjacency table, 299configuring, 303packet rewrites, 302–303

FIB, 296–297adjacency table, 299

Layer 3 ports, interVLAN routing configuration, 293–294

Layer 3 QoS classification, 370–372

class selector bits, 371–372drop precedence, 372

Layer 3 routing, 11Layer 3 switching, 11

MLS, 13Layer 4 switching, 12

layers, 9–12distribution, 21

LEAP (Lightweight EAP), 478Learning state (STP), 197lightweight APs

inter-controller roaming, 514–518intra-controller roaming, 512–513roaming, 511

limitationsof extended-range VLANs, 115of flat networks, 113

line-of-sight links, 441Fresnel zones, 451

link speed, autonegotiation, 88linking LAPs and WLCs, 505–506links

duplex mismatches, 88detecting, 100–101

EtherChannel, 164redundancy, 165

Listening state (STP), 197listing switch ports in root-inconsistent

state, 248load balancing

EtherChannel configuration, 167GLBP, 333HSRP, 324–326

local VLANs, deploying, 118logical addressing, 11logical connectivity, 113loop avoidance, STP, 250

BPDU Guard, 248–249loop guard, 251Root Guard, 247–248troubleshooting, 254UDLD, 251–253

loop guard, 250–251enabling as default, 251ports, loop-inconsistent state, 250

loop-inconsistent state, 250loss, 367LOUs (Logical Operation Units), 74

MMAC addresses, sticky, 389macros

interface range macro, 95spanning-tree vlan command, 226

LANs

621

management addresses, assigning to VLANs, 40

management blocks, 31management domains, 139

advertisement process, 140–141advertisement requests, 143–144subset advertisements, 142summary advertisements, 142

configuring, 145parameters, displaying, 148viewing status, 148–149

management frames, 460manually configuring STP timers,

230–231mapping

promiscuous mode portsPVLAN configuration, 418–419to primary/secondary VLAN, 418

VLANs to multiple STP instances, 274–275IST, 275MSTIs, 275–277

matching conditions for VACLs, defining, 413–414

MaxAge timer (STP), 199, 230MD5 authentication, 321membership methods of VLANs,

port-based, 114message interval on UDLD, configuring, 252messages, TC (topology change), 269method lists (802.1x), configuring port-based

authentication, 393–394MIC (Message Integrity Check), 479–480microcells, 445migrating to hierarchical network design,

47–50mismatched duplex/speed on ports,

monitoring, 100–101mitigating spoofing attacks

with ARP inspection, 399–401with DHCP snooping, 395–397with IP Source Guard snooping,

397–399MLS (mulitlayer switching), 12

CAM table, 69–70duplicate entries, handling, 70entries, viewing, 74stale entries, 69static entries, configuring, 69troubleshooting, 74–75

CEF, 66, 295adjacency table, 299–301configuring, 303FIB, 296, 299glean state, 301packet rewrites, 302–303verifying operation, 307–308

interVLAN routingconfiguring, 292–294interfaces, 292verifying, 304–307

packet forwarding, exceptions for, 68packet processing, 66–68route-caching, 65TCAM table, 70

example, 72–73LOUs, 74port operations, 73structure, 70–71troubleshooting, 75VMR combinations, 71

topology-based, 65mobility groups, 518models of campus networks, 13modifying STP timers, 230–231modular network design, 31

core block, 35–36collapsed core, 36–37dual core, 37–38migrating to, 48–50

switch block, 32–33distribution layer, 33sizing, 33–35

modulation, 446DSSS, 462ODFM, 463

monitoring port speed/duplex mismatches, 100–101

MST (Multiple Spanning Tree), 273–274configuring, 277–279IST instances, 275MST instances, 276regions, 274

MSTIs (Multiple Spanning Tree instances), 275–277

MSTP (Multiple Spanning Tree Protocol), 272MT-RJ connectors, 92multicast frames, 14multicast traffic, 14

multicast traffic

622

multilayer switching (MLS), 12CEF, 295interface types, 292interVLAN routing

configuring, 292Layer 2 ports, configuring, 292Layer 3 ports, configuring, 293–294SVI ports, configuring, 294

router redundancy, 317GLBP, 330–337HSRP, 318–326VRRP, 327–329

multipath interference, 458

Nname command, 116native VLAN, 122negotiation protocols

LACP, 169–170configuring, 171–172

PAgP, 169configuring, 170–171

NetFlow switching, 295network diameter value, configuring, 200network management block, 40network topology, discovering, 43–47network traffic models, 18–19no shutdown command, 294normal mode (UDLD), 252NSF (non-stop forwarding), configuring on

Catalyst switches, 343null adjacencies, 301

OODFM (Orthogonal Frequency Division

Multiplexing), 463omnidirectional antennas, 457–458“one-armed router,” 291open authentication, 477overall gain, calculating, 456–457oversize frames, forwarding, 123

Ppacket filtering, configuring VACLs, 413–414packet forwarding, 317packet rewrites, 302–303

packetsCEF punt, 298classification, 372–373Layer 3 routing, 11Layer 4 switching, 12processing through multilayer switches,

66–68PAgP (Port Aggregation Protocol), 169

configuring, 170–171silent submode, 171

parameters of VTP management domains, displaying, 148

passive scanning, 484–485Path Cost, 193path loss, 454PDU (protocol data unit), 9PEAP (Protected EAP), 479physical connectivity, 113PKC (proactive key caching), 480plain-text HSRP authentication, 320PMD (Physical Media Dependent)

interfaces, 91PoE (Power over Ethernet), 357

configuring, 360power status, verifying, 360–361powered device detection, 358–360

point-to-point links, RSTP configuration, 270point-to-point ports (RSTP), 266port cables, GbE, 93–94port cache, clearing, 390port compatibility errors (EtherChannel),

troubleshooting, 175Port ID, tuning, 228–229port operations on TCAM tables, 73port priority value, 169port security, 389–391port speed, configuring, 96port states

of RSTP, 264of STP, 197–198

port-based authentication802.1x method lists, configuring, 393–394configuring, 392, 394example, 394

port-based VLAN membership, 114static VLAN configuration, 115–116

PortFast, 205, 233configuring, 233–234enabling, 270status, displaying, 234

multilayer switching (MLS)

623

portsactive EtherChannel parameters,

displaying, 175BPDU filtering, enabling, 254duplex mode, configuring, 97Fast Ethernet on Catalyst switches, 92in errdisable state, viewing, 391roles

assigned in Root guard, 247RSTP, 266versus states, 264

selecting as ranges, 95speed/duplex mismatches, monitoring,

100–101status, displaying, 391UDLD, enabling, 252verifying active STP protection

features, 254power supply

for LAPs, configuring, 525redundancy, configuring on Catalyst

switches, 343–345powered device detection (PoE), 358–360predictable network model, 19–20preparing for exam, scenarios

advanced STP, 539EtherChannel, 537–538implementing a wireless LAN, 542–543QoS in a switched network, 541router redundancy with HSRP and GLBP,

540–541securing access and managing traffic in a

switched network, 541–542traditional STP, 538trunking and DTP, 535–536VLANs, trunking, and VTP, 536–537

preventingbridging loops, 189collisions, 15routing loops with RSTP

BPDUs, 265configuring, 270convergence, 267port behavior, 263–264port states, 264

routing loops with STP, 230–232BackboneFast, 236–237PortFast, 233Root Bridge, configuring, 223–226

Root Bridge, placement, 219–222tuning, 227UplinkFast, 234–235

primary VLANs, 415process switching, 68promiscuous mode ports, 416

mapping to primary/secondary VLANs, 418proposal messages (RSTP), switch

synchronization, 267–268protect mode (switch ports), 390protecting against sudden BPDU loss, 250protocol data units (PDUs), 9pruning (VTP), 149–152PSK authentication, 477punt adjacencies, 302PVID (Port VLAN ID), 114PVLANs (private VLANs), 414–415

associating secondary VLANs to primary, 419–420

configuring, 416–419PVST (Per-VLAN STP), 206PVST+ (Per-VLAN Spanning Tree Plus),

207, 272

QQoS, 366

Auto-QoS, 375–378best effort, 367–368DiffServ, 368–369

Layer 2 classification, 369Layer 3 classification, 370–372

implementing on voice networks, 372–373IntServ, 368packet classification, 372–373trust, configuring, 374–375trust boundaries, 373verifying, 378–381

Rradius of Fresnel zones, calculating, 451–452ranges of ports, selecting, 95REAP (Cisco Remote Edge Access Point), 509reception of RF signals, factors affecting

absorption, 448–449diffraction, 449–450Fresnel zones, 450–452

reception of RF signals, factors affecting

624

reflection, 447–448refraction, 448scattering, 449

recovering from switch port error conditions, 99

redirect timer (AVFs), 332redundancy, 313

gateway addresses, 317HSRP, 318of Catalyst switches

non-stop forwarding, 343power supplies, 343–345supervisor synchronization, 342

of EtherChannel, 165of gateway addresses

GLBP, 330–337HSRP, 318–326VRRP, 327–329

of gateways, verifying configuration, 338within switch chassis, 339

redundant switch supervisors, 339–340redundancy modes of Catalyst switches, 339

configuring, 340–341redundant bridging, 187–188redundant link convergence (STP)

BackboneFast, 236PortFast, 233UplinkFast, 234–235

redundant switch supervisors, 339–340reflection, 447–448refraction, 448regions (MST), 274

defining, 277–278IST instances, 275MSTIs, 275

relieving network congestion, 13removing descriptions from switch ports, 96request advertisements (VTP), 143–144resources, grouping into building blocks, 39restrict mode (switch ports), 390revision number (VTP), setting to zero, 144RF (radio frequency) communication,

445–446modulation schemes, 447

RF communicationantennas, 457

highly directional, 458–459omnidirectional, 457–458semi-directional, 458

EIRP, 456multipath interference, 458overall gain, calculating, 456–457signal reception, factors affecting

absorption, 448–449diffraction, 449–450Fresnel zones, 450–452reflection, 447–448refraction, 448scattering, 449

signal strength, 452–453dB values, 453–454increase in, 455–456loss of, 454–455

roaming, 444, 482–484associations, 486implications of, 486–487on lightweight APs, 511

inter-controller roaming, 514–518intra-controller roaming,

512–513scanning process, 484–485

roles of RSTP switch ports, 264–266rollover cables, 92Root Bridge

configuring, 223–226election procedure, 191–192network diameter value, configuring, 200placement of, 219–222Root Bridge ID value, 191

Root Guard, 247–248Root Path Cost (STP), 192

calculating, 193tie conditions, 195tuning, 227–228

root portelection procedure, 192–194on RSTP topologies, 264–266

root-inconsistent STP state, 248route cache switching, 295route-caching, 65router election (HSRP), 318–320

conceding, 321–322“router on a stick,” 291routers

AVFs, 330–332redundancy, HSRP, 318

routing, 236. See also interVLAN routingLayer 3, 11

reception of RF signals, factors affecting

625

routing loops, 234preventing with RSTP

BPDUs, 265configuring, 270convergence, 267port behavior, 263–264port states, 264

preventing with STP, 232Root Bridge configuration, 223–226Root Bridge placement, 219–222

RPR (Route Processor Redundancy), 339–340RPVST+ (Rapid PVST+), 263, 270–272RSTP (Rapid STP)

BPDUs, 265configuring, 270convergence, 265–267

synchronization, 267–268edge ports, configuring, 270interoperability with STP, 265port behavior, 263–264port states, 264port types, 266switch ports

point-to-point links, configuring, 270role assignments, 264roles versus states, 264

topology changes, 269

SSAP (Service Advertising Protocol), 14SC connectors, 92scaling

core block, 38–39Layer 2 switching, 10VLANs, 118

scanning process, 484–485scattering, 449scenarios

advanced STP, 539answers, 547

EtherChannel, 537–538answers, 545

implementing a wireless LAN, 542–543answers, 551

QoS in a switched network, 541router redundancy with HSRP and GLBP,

540–541answers, 547–548

securing access and managing traffic in a switched network

answers, 549–550telephony in a switched network

answers, 548–549traditional STP, 538

answers, 545–546trunking and DTP, 535–536

answers, 544VLANs, trunking, and VTP, 536–537

answers, 544–545secondary VLANs, 415

associating to a primary VLAN, 419–420security in WLANs, 475–476

EAP-based, 477–479WPA, 479–480WPA2, 480

segmentation, 11selecting

Designated Ports, 195–197ranges of ports, 95Root Ports (STP), 192–194switch ports for configuration, 94–96

semi-directional antennas, 458server farm block, 31, 39–40server mode (VTP), 139

configuring, 145Service Advertisement Protocol (SAP), 14service provider edge block, 31, 41service sets, 438

BSS, 440comparing, 439ESS, 440IBSS, 439

setting VTP revision number to zero, 144SFP (small form factor pluggable)

modules, 93shared network model, 13–14, 436show adjacency summary command, 300show cdp neighbors command, 44show cdp neighbors detail command, 45show dot1x all command, 394show etherchannel load-balance

command, 175show etherchannel port command, 173show etherchannel port-channel

command, 168show etherchannel summary command, 173show glbp command, 336

show glbp command

626

show interface command, 99show interface status command, 305show interface switchport command, 364show interface trunk command, 129–130show interfaces switchport command, 129show ip cef command, 297show ip interface brief command, 307show ip interface command, 306show lacp sys-id command, 175show mac address-table command, 74show port-security interface command,

391–392show power command, 345show spanning-tree interface command, 198,

229, 365show spanning-tree vlan command, 232, 271show vlan command, 116, 305show vlan id command, 128show vtp commands, 153show vtp counters command, 148show vtp status command, 144, 148shutdown command, 99, 305shutdown mode (switch ports), 390signal gain, 455–456signal loss, 454–455signal strength (RF), 452–453

dB values, 453–454increase in, 455–456loss of, 454–455

silent submode (PAgP), 171single-host support, configuring, 234single-tagging, 122site surveys, 443sizing switch blocks, 33–35spanning-tree guard loop command, 251spanning-tree guard root command, 248spanning-tree portfast command, 270Spanning-Tree Protocol, 33spanning-tree vlan command, 226spectral masks, 461speed command, 97split-MAC architecture, 505spoofing attacks, mitigating

with ARP inspection, 399–401with DCHP snooping, 395–397with IP Source Guard, 397–399

Spurgeon, Charles, 86SSIDs (service set identifiers), 438SSO (Stateful Switchover), 340

stale entries (CAM tables), 69static CAM table entries, configuring, 69static VLANs

configuring, 115–116port-based membership, 114

static WEP keys, 477sticky MAC addresses, 389store-and-forward switching, 61STP (Spanning Tree Protocol)

active protection features, verifying on switch ports, 254

Blocking state, 197BPDU Guard, 248–249BPDUs

Configuration BPDUs, 189–190protecting against sudden loss of, 250TCN BPDUs, 200

bridging loops, 187–189CST, 206customizing, 226–227Designated Ports

election procedure, 195–196selecting, 196–197

Disabled state, 197disabling with BPDU filtering, 254displaying information, 237Forwarding state, 197IEEE 802.1Q, 272interoperability with RSTP, 265Learning state, 197Listening state, 197loop guard feature, 250–251MST

IST instances, 275MST instances, 276

network diameter value, configuring, 200Path Cost, 193Port ID, tuning, 228–229port numbers, 228PVST, 206PVST+, 207redundant link convergence, 232

BackboneFast, 236–237PortFast, 233UplinkFast, 234–235

Root Bridgeconfiguring, 223–226election procedure, 191–192placement, 219–222

show interface command

627

Root Guard, 247–248Root Path Cost, 192

tuning, 227–228Root Ports, election procedure, 192–194running multiple instances of, 273switch ports, roles versus states, 264timers, 199

automatic configuration, 231–232manual configuration, 230–231modifying, 230–231

topology changesdirect topology changes, 201–202indirect topology changes, 202–204insignificant topology changes,

204–205troubleshooting, 237, 254UDLD, 251–253unknown unicast frames, 186

subset advertisements, 142summary advertisements, 142superior BPDUs, 248supervisor modules, redundant switch

supervisors, 339–340supervisor synchronization, 342supplicants, 439SVI (switched virtual interface), 292SVI ports, interVLAN routing

configuration, 294SVIs (switched virtual interfaces), 419–420switch block connections

console port, 92Ethernet port cables, 92–93Gigabit Ethernet port cables, 93–94

switch blocks, 31–33distribution layer, 33sizing, 33–35

switch chassis, redundant switch supervisors, 339–340

switch portsaggregation, EtherChannel, 164assigning to VLANs, 116BPDU filtering, enabling, 254configuring, 94connectivity, troubleshooting, 100–101duplex mode, configuring, 97errdisable state, 249error conditions, recovering from, 97–99for LAPs, configuring, 525–526identifying, 96

loop-inconsistent state, 250PortFast, configuring, 233–234role assignments

Root guard, 247RSTP, 264–266

selecting for configuration, 94–96speed

configuring, 96displaying, 99

text descriptions, adding, 96trunks

configuring, 124–126example configuration, 126–127

UDLD, enabling, 252verifying active STP protection

features, 254VLAN tagging

IEEE 802.1Q, 122ISL, 121–122

VLANsand multiple subnets, 119troubleshooting, 128–130trunk links, 119

switch spoofing, 420–422switches, 38

VLANs, deleting, 116VTP

configuring, 144–147example configuration, 148

switchingAuto-QoS, 375–378CAM table, 69–70

troubleshooting, 74–75console ports, connecting to, 92Fast Ethernet ports, 92frame processing, 63–65functionality, 9–12Layer 2, 10Layer 3, 11Layer 4, 12MLS, 65

packet processing, 66–68MLS (multilayer switching), 12port IDs, 228port security, 389–391redundant bridging, 187–188single host support, configuring, 234store-and-forward, 61TCAM table, troubleshooting, 75

switching

628

TCAM tables, 70example, 72–73port operations, 73structure, 70–71VMR combinations, 71

transparent bridging, 61–63trunks, 119–120

configuring, 124–126DTP, 123–124traffic identification methods, 120VLAN frame identification,

121–123VTP, 139–142

switchport command, 116, 124, 292–293switchport host command, 404switchport priority extend trust command, 379synchronization of RSTP switches,

267–268synchronization problem (VTP), 141syntax for CAM table commands, 69system priority value, 169

Ttagging, 121

IEEE 802.1Q, 122ISL, 121–122

TC (topology change) messages, 269TCAM (Ternary Content Addressable

Memory), 64, 413TCAM tables, 70

example of, 72–73LOUs, 74port operations, 73structure of, 70–71VMR combinations, 71

TCI (Tag Control Information) field, 123TCN BPDUs, 200text descriptions, adding to switch ports, 96throttling adjacencies, 301thwarting VLAN hopping, 423–424tie conditions of Root Path Cost, 195timers, STP, 199

automatic configuration, 231–232manual configuration, 230–231modifying, 230–231

TKIP (Temporal Key Integrity Protocol), 479–480

Token Ring collisions, susceptibility to, 13support on VTP version 2, 147

topologiesdirect changes, 201–202flat network, 113indirect changes, 202–204insignificant changes, 204–205RSTP, detecting, 269

topology-based MLS, 65ToS (type of service), 370traffic

20/80 rule, 118core blocks, 36–38flooding, VTP pruning, 151–152multicast, 14within Cisco Unified Wireless Networks,

509–511transparent bridges, 61–63

redundancy, 187–188versus Ethernet switches, 185–186

transparent mode (VTP), 140configuring, 146version-dependent, 147

troubleshootingCAM table operation, 74–75EtherChannel, 172–175STP, 237, 254switch ports

connectivity, 100–101error conditions, 97–99

TCAM table operation, 75trunks, 128–130VLANs, 128–130VTP, 152–153

trunk links, 119VLAN tagging

IEEE 802.1Q, 122ISL, 121–122

trunks, 119–120accessing with switch spoofing, 420–422between switches in different VTP

domains, 124configuring, 124–126DTP, 123–126example configuration, 126–127IEEE 802.1Q, CST, 206status, displaying, 126troubleshooting, 128–130

switching

629

VLAN hopping, 422–424VTP, 139

advertisements, 139–144client mode, 140, 146configuring, 144example configuration, 148management domains, 139, 145pruning, 149–152server mode, 139server mode, configuring, 145status, displaying, 148–149summary advertisements, 142transparent mode, 140, 146troubleshooting, 152–153version, configuring, 146

trust boundaries, 373configuring, 374–375

tunneling between LAPs and WLCs, 505–506two-dimensional channel layout, 489–491

UUDLD (Unidirectional Link Detection), 251

default message interval times, 253enabling, 252message interval, configuring, 252

udld command, 252unidirectional links, 251U-NII (Unlicensed National Information

Infrastructure), 463unknown unicast flooding, 63unknown unicast frames, 149, 186unrecognized TLV (Type-Length-Value)

support, VTP version 2, 147uplink ports, enabling BPDU guard, 249UpLinkFast, 234–235

VVACLs, configuring, 413–414verifying

active STP features on switch ports, 254CEF operation, 307–308effectiveness of EtherChannel

load-balancing, 168fallback bridging, 308gateway redundancy, 338GLBP operation, 336

inline power for Cisco IP Phones, 360MLS, interVLAN routing, 304–307PoE power status, 360–361QoS, 379VLAN configuration, 116voice QoS operation, 378–381voice VLAN operation, 364

version-dependent transparent mode, 147VID (VLAN Identifier), 123viewing

CAM table entries, 74ports in errdisable state, 391STP information, 237switch port speed, 99switch ports in root-inconsistent state, 248trunking status, 126VTP status, 148–149

VLAN hopping, 422thwarting, 423–424

VLANs, 15, 113deleting, 116deploying, 117dynamic VLANs, 117end-to-end, deploying, 118–119extended-range, 115IEEE 802.1Q, CST, 206interVLAN routing, 291

configuring, 292–294interface types, 292Layer 2 ports, configuring, 292Layer 3 ports, configuring, 293–294SVI ports, configuring, 294verifying, 304–307

IP addressing scheme, 117local, deploying, 118management addresses, assigning, 40mapping to multiple STP instances,

274–275IST, 275MSTIs, 275–277

membership methods, port-based, 114MST

IST instances, 275MST instances, 276

PVLANs, 414–415configuring, 416–419

PVST, 206secondary, associating to primary VLAN

SVI, 419–420

VLANs

630

static VLANs, configuring, 115–116tagging, 121

IEEE 802.1Q, 122ISL, 121–122

troubleshooting, 128–130trunks, 119–120. See also VTP

configuring, 124–126DTP, 123–124example configuration, 126–127

verifying configuration, 116voice VLANs, 361–362

configuring, 362–363verifying, 365–366verifying operation, 364

VMR (Value, Mask, and Result) combinations, 71

voice networks, QoSimplementing, 372–373operation, verifying, 378–381

voice VLANs, 361–362configuring, 362–363verifying operation, 364–366

VoIP (Voice over IP)Cisco IP Phones

inline power, 359PoE, 357–361

QoS, 366trust, configuring, 374–375verifying, 379

voice VLANs, 361–362configuring, 362–363verifying operation, 364–366

VRRP (Virtual Router Redundancy Protocol), 327–329

configuring, 328status, displaying, 328

VTP (VLAN Trunking Protocol)advertisements, 139–141

requests, 143–144subset advertisements, 142summary advertisements, 142

client mode, 140, 146configuring, 144example configuration, 148extended-range VLAN membership, 115management domains, 139

configuring, 145parameters, displaying, 148viewing status, 148–149

pruning, 149–152revision number, setting to zero, 144server mode, 139, 145synchronization problem, 141transparent mode, 140, 146troubleshooting, 152–153version, configuring, 146version 2, consistency checks, 147version-dependent transparent

mode, 147vtp mode transparent command, 115VTPv3, 147

WW (Watts), 453WAN PHY, 91WCS (Cisco Wireless Control

System), 507WEP (Wireless Equivalence Protocol), 477WLANs

802.11 standards802.11a, 463–464802.11b, 460–462802.11g, 463frame type compliance, 460regulatory agencies, 459–460

ad-hoc, 439antennas, 457

highly-directional, 458–459omnidirectional, 457–458semi-directional, 458

APs, 440–442associations, 482–486cells, 442–445roaming, 444, 482–487

ASDs, 481collisions, avoiding, 436–437

DCF, 437–438designing, 487

AP cells, sizing, 488–489channel layout, 489–492

ESS, 440half-duplex transmission, 436modulation, 447RF communication

factors affecting reception, 447–452

signal strength, 452–456

VLANs

631

security, 475–476EAP-based, 477–479

EAP-FAST, 479EAP-TLS, 478LEAP, 478PEAP, 479

WPA, 479–480WPA2, 480

service sets, 438BSS, 440IBSS, 439

site surveys, 443SSIDs, 438supplicants, 439versus wired LANs, 435–436WLC, configuring, 519–524

WLC1, anchor points, 518

WLCs (wireless LAN controllers), 505configuring, 519–524functions of, 506–507interface types, 519linking to LAPs, 505–506mobility groups, 518platforms available, 507

workgroups, 18WPA (Wi-Fi Protected Access), 479–480WPA2, 480WWDM (wide-wavelength division

multiplexing), 91

X-Y-ZXOR (exclusive-OR) operation, 165

XOR (exclusive-OR) operation