CCNP Routing And Switching Portable Command Guide, 2/e

2y ago
341 Views
4 Downloads
654.11 KB
76 Pages
Last View : 1d ago
Last Download : 2m ago
Upload by : River Barajas
Transcription

CCNP Routing and Switching PortableCommand GuideScott EmpsonPatrick GarganoHans Roth800 East 96th StreetIndianapolis, Indiana 46240 USA

CCNP Routing and Switching Portable CommandGuidePublisherScott Empson, Patrick Gargano, Hans RothAssociate PublisherCopyright 2015 Cisco Systems, Inc.Paul BogerDave DusthimerPublished by:Business OperationManager, Cisco PressCisco PressJan Cornelssen800 East 96th StreetIndianapolis, IN 46240 USAAll rights reserved. No part of this book may be reproduced or transmitted in anyform or by any means, electronic or mechanical, including photocopying, recording, or by any information storage and retrieval system, without written permission from the publisher, except for the inclusion of brief quotations in a review.Printed in the United States of AmericaFirst Printing December 2014Library of Congress Control Number: 2014955978Executive EditorMary Beth RayManaging EditorSandra SchroederSenior DevelopmentEditorChristopher ClevelandSenior Project EditorTonya SimpsonISBN-13: 978-1-58714-434-9ISBN-10: 1-58714-434-4Copy EditorKeith ClineWarning and DisclaimerTechnical EditorThis book is designed to provide information about the CCNP Route (300-101)and CCNP SWITCH (300-115) exams. Every effort has been made to make thisbook as complete and as accurate as possible, but no warranty or fitness is implied.Diane TeareThe information is provided on an “as is” basis. The authors, Cisco Press, andCisco Systems, Inc. shall have neither liability nor responsibility to any person orentity with respect to any loss or damages arising from the information containedin this book or from the use of the discs or programs that may accompany it.The opinions expressed in this book belong to the author and are not necessarilythose of Cisco Systems, Inc.Trademark AcknowledgmentsAll terms mentioned in this book that are known to be trademarks or servicemarks have been appropriately capitalized. Cisco Press or Cisco Systems, Inc.,cannot attest to the accuracy of this information. Use of a term in this book shouldnot be regarded as affecting the validity of any trademark or service mark.Special SalesFor information about buying this title in bulk quantities, or for special salesopportunities (which may include electronic versions; custom cover designs;and content particular to your business, training goals, marketing focus, orbranding interests), please contact our corporate sales department atcorpsales@pearsoned.com or (800) 382-3419.For government sales inquiries, please contact governmentsales@pearsoned.com.For questions about sales outside the U.S., please contactinternational@pearsoned.com.Feedback InformationAt Cisco Press, our goal is to create in-depth technical books of the highestquality and value. Each book is crafted with care and precision, undergoingrigorous development that involves the unique expertise of members from theprofessional technical community.Readers’ feedback is a natural continuation of this process. If you have anycomments regarding how we could improve the quality of this book, or otherwisealter it to better suit your needs, you can contact us through email atfeedback@ciscopress.com. Please make sure to include the book title andISBN in your message.We greatly appreciate your assistance.Editorial AssistantVanessa EvansCover DesignerMark ShirarCompositionTricia BronkellaProofreaderJess DeGabriele

iiiContents at a GlanceIntroductionxixPart I: ROUTECHAPTER 1Basic Network and Routing Concepts1CHAPTER 2EIGRP ImplementationCHAPTER 3Implementing a Scalable Multiarea Network OSPF-BasedSolution 41CHAPTER 4Configuration of RedistributionCHAPTER 5Path Control ImplementationCHAPTER 6Enterprise Internet ConnectivityCHAPTER 7Routers and Router Protocol Hardening 1551391111119Part II: SWITCHCHAPTER 8Basic Concepts and Network DesignCHAPTER 9Campus Network ArchitectureCHAPTER 10 Implementing Spanning Tree191197221CHAPTER 11 Implementing Inter-VLAN Routing241CHAPTER 12 Implementing High-Availability NetworksCHAPTER 13 First-Hop Redundancy ImplementationCHAPTER 14 Campus Network Security259277311AppendixesAPPENDIX A Private VLAN Catalyst Switch Support MatrixAPPENDIX B Create Your Own Journal HereIndex 359339337

ivTable of ContentsIntroductionxixPart I: ROUTECHAPTER 1Basic Network and Routing Concepts1Cisco Hierarchical Network Model 1Cisco Enterprise Composite Network Model 2Typically Used Routing Protocols 2IGP Versus EGP Routing Protocols 3Routing Protocol Comparison 3Administrative Distance 3Static Routes: permanent Keyword 4Floating Static Routes 5Static Routes and Recursive Lookups 5Default Routes 6Verifying Static Routes 6Assigning IPv6 Addresses to Interfaces 7Implementing RIP Next Generation (RIPng) 7Verifying and Troubleshooting RIPng 8Configuration Example: RIPng 9IPv6 Ping 11IPv6 Traceroute 12CHAPTER 2EIGRP ImplementationConfiguring EIGRPEIGRP Router ID131415EIGRP AutosummarizationPassive EIGRP Interfaces1516“Pseudo” Passive EIGRP InterfacesEIGRP Timers1717Injecting a Default Route into EIGRP: Redistribution of a StaticRoute 18Injecting a Default Route into EIGRP: IP Default Network18Injecting a Default Route into EIGRP: Summarize to 0.0.0.0/019

vAccepting Exterior Routing Information: default-information 20Load Balancing: Maximum Paths 20Load Balancing: Variance 20Bandwidth Use 21Stub Networks 21EIGRP Unicast Neighbors 22EIGRP over Frame Relay: Dynamic Mappings 23EIGRP over Frame Relay: Static Mappings 24EIGRP over Frame Relay: EIGRP over Multipoint Subinterfaces 25EIGRP over Frame Relay: EIGRP over Point-to-PointSubinterfaces 26EIGRP over MPLS: Layer 2 VPN 28EIGRP over MPLS: Layer 3 VPN 30EIGRPv631Enabling EIGRPv6 on an Interface 31Configuring the Percentage of Link Bandwidth Used byEIGRPv6 32EIGRPv6 Summary Addresses 32EIGRPv6 Timers 32EIGRPv6 Stub Routing 32Logging EIGRPv6 Neighbor Adjacency Changes 33Adjusting the EIGRPv6 Metric Weights 33EIGRP Address Families 33Named EIGRP Configuration Modes 34Verifying EIGRP and EIGRPv6 35Troubleshooting EIGRP 37Configuration Example: EIGRPv4 and EIGRPv6 using Named AddressConfiguration 37CHAPTER 3Implementing a Scalable Multiarea Network OSPF-BasedSolution 41OSPF Message Types 42OSPF LSA Types 43Configuring OSPF 44Using Wildcard Masks with OSPF Areas 44Configuring Multiarea OSPF 45Loopback Interfaces 45Router ID 46DR/BDR Elections 46Passive Interfaces 46

viModifying Cost Metrics47OSPF auto-cost reference-bandwidthOSPF LSDB Overload ProtectionTimersIP MTU47484849Propagating a Default RouteOSPF Special Area TypesStub Areas494950Totally Stubby Areas50Not-So-Stubby Areas51Totally NSSARoute Summarization5152Interarea Route Summarization52External Route Summarization52Configuration Example: Virtual Links52OSPF and NBMA Networks53OSPF over NBMA Topology SummaryIPv6 and OSPFv35757Enabling OSPF for IPv6 on an InterfaceOSPFv3 and Stub/NSSA Areas5858Interarea OSPFv3 Route Summarization59Enabling an IPv4 Router ID for OSPFv359Forcing an SPF Calculation59IPv6 on NBMA Networks60OSPFv3 Address Families60Verifying OSPF ConfigurationTroubleshooting OSPF6163Configuration Example: Single-Area OSPFConfiguration Example: Multiarea OSPF6465Configuration Example: OSPF and NBMA NetworksConfiguration Example: OSPF and Broadcast Networks6972Configuration Example: OSPF and Point-to-Multipoint NetworksConfiguration Example: OSPF and Point-to-Point Networks UsingSubinterfaces 80Configuration Example: IPv6 and OSPFv3 83Configuration Example: OSPFv3 with Address Families 8676

viiCHAPTER 4Configuration of Redistribution 91Defining Seed and Default Metrics 91Redistributing Connected Networks 93Redistributing Static Routes 93Redistributing Subnets into OSPF 93Assigning E1 or E2 Routes in OSPF 94Redistributing OSPF Internal and External Routes 95Configuration Example: Route Redistribution for IPv4 95Configuration Example: Route Redistribution for IPv6 97Verifying Route Redistribution 98Route Filtering Using the distribute-list Command 98Configuration Example: Inbound and Outbound Distribute ListRoute Filters 99Configuration Example: Controlling Redistribution withOutbound Distribute Lists 100Verifying Route Filters 100Route Filtering Using Prefix Lists 101Configuration Example: Using a Distribute List That Referencesa Prefix List to Control Redistribution 103Verifying Prefix Lists 104Using Route Maps with Route Redistribution 104Configuration Example: Route Maps 105Manipulating Redistribution Using Route Tagging 106Changing Administrative Distance for Internal and ExternalRoutes 108Passive InterfacesCHAPTER 5108Path Control Implementation111Verifying Cisco Express Forwarding 111Configuring Cisco Express Forwarding 111Path Control with Policy-Based Routing 112Verifying Policy-Based Routing 113Configuration Example: PBR with Route Maps 114Cisco IOS IP Service Level Agreements 115Step 1: Define One (or More) Probe(s) 116Step 2: Define One (or More) Tracking Object(s) 117Step 3a: Define the Action on the Tracking Object(s) 117Step 3b: Define Policy Routing Using the TrackingObject(s) 117Step 4: Verify IP SLA Operations 118

viiiCHAPTER 6Enterprise Internet Connectivity119Configuring a Provider Assigned Static or DHCP IPv4 AddressConfiguring Static NATConfiguring Dynamic NAT121Configuring NAT Overload (PAT)Verifying NAT120121122124NAT Virtual Interface124Configuration Example: NAT Virtual Interfaces and Static NATConfigure Basic IPv6 Internet ConnectivityConfiguring IPv6 ACLs124125126Verifying IPv6 ACLs127Configuring Redistribution of Default Routes with Different Metrics ina Dual-Homed Internet Connectivity Scenario 127Configuring BGP128BGP and Loopback AddressesiBGP Next-Hop BehavioreBGP Multihop129129130Verifying BGP Connections132Troubleshooting BGP ConnectionsDefault RoutesAttributes132133134Route Selection Decision Process 134Weight Attribute 134Using AS PATH Access Lists to Manipulate the WeightAttribute 136Using Prefix Lists and Route Maps to Manipulate the WeightAttribute 136Local Preference Attribute 137Using AS PATH Access Lists with Route Maps to Manipulatethe Local Preference Attribute 138AS PATH Attribute Prepending 139AS PATH: Removing Private Autonomous Systems 141MED Attribute 142Route Aggregation 144Route Reflectors 145Regular Expressions 146Regular Expressions: Examples 146BGP Route Filtering Using Access Lists and Distribute Lists 147

ixConfiguration Example: Using Prefix Lists and AS PATH AccessLists 149BGP Peer Groups 150MP-BGP151Configure MP-BGP Using Address Families to Exchange IPv4and IPv6 Routes 151Verifying MP-BGP 153CHAPTER 7Routers and Routing Protocol Hardening155Securing Cisco Routers According to Recommended Practices 156Securing Cisco IOS Routers Checklist 156Components of a Router Security Policy 157Configuring Passwords 157Password Encryption 158Configuring SSH 159Restricting Virtual Terminal Access 160Securing Access to the Infrastructure Using Router ACLs 161Configuring Secure SNMP 162Configuration Backups 165Implementing Logging 166Disabling Unneeded Services 169Configuring Network Time Protocol 169NTP Configuration 170NTP Design 171Securing NTP 172Verifying NTP 173SNTP174Setting the Clock on a RouterUsing Time Stamps174178Configuration Example: NTP 178Authentication of Routing Protocols 182Authentication Options for Different Routing Protocols 182Authentication for EIGRP 183Authentication for OSPF 185Authentication for BGP and BGP for IPv6 189

xPart II: SWITCHCHAPTER 8Basic Concepts and Network Design191Hierarchical Model (Cisco Enterprise Campus Architecture) 191Verifying Switch Content-Addressable Memory 192Switching Database Manager Templates 192Configuring SDM Templates 192Verifying SDM Templates 193LLDP (802.1AB) 194Configuring LLDP 194Verifying LLDP 195Power over Ethernet 196Configuring PoE 196Verifying PoE 196CHAPTER 9Campus Network ArchitectureVirtual LANs197198Creating Static VLANs198Normal-Range static VLAN Configuration198Extended-Range static VLAN ConfigurationAssigning Ports to Data and Voice VLANsUsing the range Command199199200Dynamic Trunking Protocol200Setting the Trunk Encapsulation and Allowed VLANsVerifying VLAN Information202Saving VLAN Configurations202Erasing VLAN Configurations203Verifying VLAN TrunkingVLAN Trunking Protocol203204Using Global Configuration ModeVerifying VTP201204206Configuration Example: VLANsLayer 2 Link Aggregation206209Link Aggregation Interface Modes210Guidelines for Configuring Link AggregationConfiguring L2 EtherChannel211Configuring L3 EtherChannel211210

xiVerifying EtherChannel212Configuring EtherChannel Load Balancing212Configuration Example: PAgP EtherChannelDHCP for IPv4213216Configuring Basic DHCP Server for IPv4216Configuring DHCP Manual IP Assignment for IPv4Implementing DHCP Relay IPv4Verifying DHCP for IPv4217218Implementing DHCP for IPv6218Configuring DHCPv6 Server219Configuring DHCPv6 Client219Configuring DHCPv6 Relay AgentVerifying DHCPv6220220CHAPTER 10 Implementing Spanning Tree221Spanning-Tree Standards 222Enabling Spanning Tree Protocol 222Configuring the Root Switch223Configuring a Secondary Root SwitchConfiguring Port Priority224224Configuring the Path Cost224Configuring the Switch Priority of a VLANConfiguring STP TimersVerifying STP225226Cisco STP Toolkit226Port Error ConditionsFlexLinks225231231Changing the Spanning-Tree Mode 231Extended System ID 232Enabling Rapid Spanning Tree 232Enabling Multiple Spanning Tree 233Verifying MST 235Troubleshooting Spanning Tree 235Configuration Example: PVST 235Spanning-Tree Migration Example: PVST to RapidPVST 239217

xiiCHAPTER 11 Implementing Inter-VLAN Routing241Inter-VLAN Communication Using an External Router: Router-on-aStick 241Inter-VLAN Routing Tips 242Removing L2 Switch Port Capability of a Switch Port 242Configuring SVI Autostate 243Inter-VLAN Communication on a Multilayer Switch Through a SwitchVirtual Interface 243Configuration Example: Inter-VLAN Communication 244Configuration Example: IPv6 Inter-VLAN Communication 251CHAPTER 12 Implementing High-Availability Networks259Configuring IP Service Level Agreements (Catalyst 3750) 260Configuring Authentication for IP SLA 262Monitoring IP SLA Operations 262Implementing Port Mirroring 262Default SPAN and RSPAN Configuration 262Configuring Local SPAN 263Local SPAN Guidelines for Configuration 263Configuring Local SPAN Example 264Configuring Remote SPAN 267Remote SPAN Guidelines for Configuration 267Configuring Remote SPAN Example 268Verifying and Troubleshooting Local and Remote SPAN 269Switch Virtualization 269StackWise 270Virtual Switching System 271CHAPTER 13 First-Hop Redundancy ImplementationFirst-Hop Redundancy278Hot Standby Router Protocol278Configuring Basic HSRP278Default HSRP Configuration SettingsVerifying HSRP277279HSRP Optimization OptionsMultiple HSRP Groups281279279

xiiiHSRP IP SLA Tracking 283HSRPv2 for IPv6 284Debugging HSRP 285Virtual Router Redundancy Protocol 285Configuring VRRP 285Interface Tracking 287Verifying VRRP 287Debugging VRRP 287Gateway Load Balancing Protocol 287Configuring GLBP 288Interface Tracking 290Verifying GLBP 290Debugging GLBP 291IPv4 Configuration Example: HSRP on L3 Switch 291IPv4 Configuration Example: GLBP 296IPv4 Configuration Example: VRRP on Router and L3 Switch 300IPv6 Configuration Example: HSRP on Router and L3 Switch 304CHAPTER 14 Campus Network Security311Switch Security Recommended Practices 312Configuring Switch Port Security 313Sticky MAC Addresses 313Verifying Switch Port Security 314Recovering Automatically from Error-Disabled Ports 315Verifying Autorecovery of Error-Disabled Ports 315Configuring Port Access Lists 315Creating and Applying Named Port Access List 316Configuring Storm Control 316Implementing Authentication Methods 317Local Database Authentication 317RADIUS Authentication 318TACACS Authentication 319Configuring Authorization and Accounting 321Configuring 802.1x Port-Based Authentication 322Configuring DHCP Snooping 323Verifying DHCP Snooping 324IP Source Guard 324

xivDynamic ARP Inspection 325Verifying DAI 326Mitigating VLAN Hopping: Best Practices 326VLAN Access Lists 327Verifying VACLs 329Configuration Example: VACLs 329Private VLANs 331Verifying PVLANs 332Configuration Example: PVLANs 333AppendixesAPPENDIX A Private VLAN Catalyst Switch Support MatrixAPPENDIX B Create Your Own Journal HereIndex 359339337

xvAbout the AuthorsScott Empson is the chair of the Bachelor of Applied Information Systems Technologydegree program at the Northern Alberta Institute of Technology in Edmonton, Alberta,Canada, where he teaches Cisco routing, switching, network design, and leadershipcourses in a variety of different programs (certificate, diploma, and applied degree) atthe postsecondary level. Scott is also the program coordinator of the Cisco NetworkingAcademy Program at NAIT, an area support center for the province of Alberta. He hasa Masters of Education degree along with three undergraduate degrees: a Bachelor ofArts, with a major in English; a Bachelor of Education, again with a major in English/Language Arts; and a Bachelor of Applied Information Systems Technology, witha major in Network Management. He currently holds several industry certifications,including CCNP, CCDP, CCAI, C EH, and Network . Before instructing at NAIT, hewas a junior/senior high school English/Language Arts/Computer Science teacher at different schools throughout Northern Alberta. Scott lives in Edmonton, Alberta, with hiswife, Trina, and two children, Zach and Shae.Patrick Gargano has been a Cisco Networking Academy Instructor since 2000. Hecurrently heads the Networking Academy program and teaches CCNA/CCNP-levelcourses at Collège La Cité in Ottawa, Canada, where he has successfully introducedmastery-based learning and gamification into his teaching. In 2013 and 2014, Patrickled the Cisco Networking Academy student “Dream Team,” which deployed the wiredand wireless networks for attendees of the Cisco Live conferences in the United States.In 2014, Collège La Cité awarded him the prize for innovation and excellence in teaching. Previously he was a Cisco Networking Academy instructor at Cégep de l’Outaouais(Gatineau, Canada) and Louis-Riel High School (Ottawa, Canada) and a Cisco instructor(CCSI) for Fast Lane UK (London). His certifications include CCNA (R&S), CCNAWireless, CCNA Security, and CCNP (R&S). #CiscoChampion @PatrickGarganoHans Roth is an instructor in the Electrical Engineering Technology department at RedRiver College in Winnipeg, Manitoba, Canada. Hans has been teaching at the collegefor 17 years and teaches in both the engineering technology and IT areas. He has beenwith the Cisco Networking Academy since 2000, teaching CCNP curricula. Beforeteaching, Hans spent 15 years on R&D/product development teams helping designmicrocontroller-based control systems for consumer products and for the automotive andagricultural industries.

xviAbout the Technical ReviewerDiane Teare, P.Eng, CCNP, CCDP, CCSI, PMP, is a professional in the networking, training, project management, and e-learning fields. She has more than 25 yearsof experience in designing, implementing, and troubleshooting network hardware andsoftware and has been involved in teaching, course design, and project management. Shehas extensive knowledge of network design and routing technologies. Diane is a CiscoCertified Systems Instructor (CCSI) and holds her Cisco Certified Network Professional(CCNP), Cisco Certified Design Professional (CCDP), and Project ManagementProfessional (PMP) certifications. She is an instructor, and the course director for theCCNA and CCNP Routing and Switching curriculum with one of the largest authorizedCisco Learning Partners. She was the director of e-learning for the same company,where she was responsible for planning and supporting all of the company’s e-learningofferings in Canada, including Cisco courses. Diane has a bachelor’s degree in appliedscience in electrical engineering and a master’s degree in applied science in managementscience. Diane has authored, co-authored, and se

Manager, Cisco Press Jan Cornelssen Executive Editor Mary Beth Ray Managing Editor Sandra Schroeder Senior Development Editor Christopher Cleveland Senior Project Editor Tonya Simpson Copy Editor Keith Cline Technical Editor Diane Teare Editorial Assistant Vanessa Evans Cover Desi

Related Documents:

CCIE Collaboration CCIE Data Center CCDE CCIE Routing & Switching CCIE Security CCIE SP CCIE Wireless Network Programmability Service Provider Internet of Things CCNP Wireless CCNP SP CCNP Security CCNP Routing & Switching CCDP CCNP Data Center CCNP Collaboration CCNP Cloud Customer Success Security Data Center CCNA Wireless

Routing & Switching [CCNA, CCNP] CCIE Security [CCNA, CCNP] CCIE Data Center [CCNA, CCNP] CCIE Service Provider [CCNA, CCNP] CCIE Wireless [CCNA, CCNP] CCIE Collaboration [CCNA, CCNP] CCIE Network Design [CCNA, CCNP] CCIE Cyber Ops CCNA

CCNP Routing and Switching TSHOOT 300-135 Official Cert Guide CCNP TSHOOT Lab Manual Consider practicing your skills by taking advantage of an online lab like Boson.com. Or jump into the CBT Nuggets Hands-on Exam Prep course (see guide at end of this plan).

CCNP SWITCH 642-813 Official Certification Guideis an excellent self-study resource for the CCNP SWITCH exam. Passing this exam is a crucial step to attaining the valued CCNP Routing and Switching certification. Gaining certification in Cisco technology is key to the continuing educational develop-ment of today's networking professional.

Cisco Notecards CCNP / CCIE CCNP flash cards CCIE flash cards Hands on cisco training Study guides CCIE study plan Cisco TSHOOT 642-813 preparation Cisco SWITCH 642-832 preparation Cisco ROUTE 642-902 preparation Cisco CCIE study summary CCIE mobile app CCNP mobile app ANKI CCIE APP ANKI CCNP APP CCNP Ankidroid CCIE Ankidroid TCP / IP training .

CCNA Routing and Switching Certification CCENT (ICND1) and CCNA Routing and Switching (ICND2) exams are only available in English and Simplified Chinese Milestones for CCNA Routing and Switching English General Availability st1 courses June 6, 2013 Translation Plans Translate 4 recommended courses - 6-9 months after

CCNP – Routing and Switching www.zoomgroup.com Troubleshooting and Maintaining Cisco IP Networks (TSHOOT) (Exam :300-135) Course Outline 1. Network Principles Use Cisco IOS troubleshooting tools o Debug, conditional debug o Ping and trace route with extended options Apply troubleshooting methodologies

18 CCNP Routing and Switching SWITCH 300-115 Official Cert Guide Switch Block Redundancy In any network design, the potential always exists for some component to fail. For example, if an electrical circuit breaker is tripped or shuts off, a switch might lose power. A better design is to use a switch that has two independent power supplies. Each .