CCNP - Switching Study Guide

CCNP™ Switching Study Guide Todd Lammle Kevin Hales San Francisco • Paris • Düsseldorf • Soest • London Copyright ©2000 SYBEX , Inc., Alameda, CA www.sybex.com Associate Publisher: Neil Edde Contracts and Licensing Manager: Kristine O’Callaghan Acquisitions and Developmental Editor: Jill Schlessinger Editor: Judy Flynn Production Editor: Shannon Murphy Technical Editors: Errol Robichaux, Mark Tashiro Book Designer: Bill Gibson Graphic Illustrator: Tony Jonick Electronic Publishing Specialist: Nila Nichols Proofreaders: Laurie O’Connell, Erika Donald, Nanette Duffy, Laura Schattschneider, Camera Obscura Indexer: Jerilyn Sproston CD Coordinator: Kara Eve Schwartz CD Technician: Keith McNeil Cover Designer: Archer Design Cover Photographer: Tony Stone Images Copyright © 2001 SYBEX Inc., 1151 Marina Village Parkway, Alameda, CA 94501. World rights reserved. No part of this publication may be stored in a retrieval system, transmitted, or reproduced in any way, including but not limited to photocopy, photograph, magnetic, or other record, without the prior agreement and written permission of the publisher. Library of Congress Card Number: 00-106238 ISBN: 0-7821-2711-8 SYBEX and the SYBEX logo are trademarks of SYBEX Inc. in the USA and other countries. The CD interface was created using Macromedia Director, © 1994, 1997-1999 Macromedia Inc. For more information on Macromedia and Macromedia Director, visit http://www.macromedia.com This study guide and/or material is not sponsored by, endorsed by or affiliated with Cisco Systems, Inc. Cisco®, Cisco Systems®, CCDA, CCNA, CCDP, CCNP, CCIE, CCSI, the Cisco Systems logo and the CCIE logo are trademarks or registered trademarks of Cisco Systems, Inc. in the United States and certain other countries. All other trademarks are trademarks of their respective owners. TRADEMARKS: SYBEX has attempted throughout this book to distinguish proprietary trademarks from descriptive terms by following the capitalization style used by the manufacturer. The author and publisher have made their best efforts to prepare this book, and the content is based upon final release software whenever possible. Portions of the manuscript may be based upon pre-release versions supplied by software manufacturer(s). The author and the publisher make no representation or warranties of any kind with regard to the completeness or accuracy of the contents herein and accept no liability of any kind including but not limited to performance, merchantability, fitness for any particular purpose, or any losses or damages of any kind caused or alleged to be caused directly or indirectly from this book. Manufactured in the United States of America 10 9 8 7 6 5 4 3 2 1 Copyright ©2000 SYBEX , Inc., Alameda, CA www.sybex.com Software License Agreement: Terms and Conditions The media and/or any online materials accompanying this book that are available now or in the future contain programs and/or text files (the "Software") to be used in connection with the book. SYBEX hereby grants to you a license to use the Software, subject to the terms that follow. Your purchase, acceptance, or use of the Software will constitute your acceptance of such terms. The Software compilation is the property of SYBEX unless otherwise indicated and is protected by copyright to SYBEX or other copyright owner(s) as indicated in the media files (the "Owner(s)"). You are hereby granted a single-user license to use the Software for your personal, noncommercial use only. You may not reproduce, sell, distribute, publish, circulate, or commercially exploit the Software, or any portion thereof, without the written consent of SYBEX and the specific copyright owner(s) of any component software included on this media. In the event that the Software or components include specific license requirements or end-user agreements, statements of condition, disclaimers, limitations or warranties ("End-User License"), those End-User Licenses supersede the terms and conditions herein as to that particular Software component. Your purchase, acceptance, or use of the Software will constitute your acceptance of such End-User Licenses. By purchase, use or acceptance of the Software you further agree to comply with all export laws and regulations of the United States as such laws and regulations may exist from time to time. Reusable Code in This Book The authors created reusable code in this publication expressly for reuse for readers. Sybex grants readers permission to reuse for any purpose the code found in this publication or its accompanying CD-ROM so long as all three authors are attributed in any application containing the reusable code, and the code itself is never sold or commercially exploited as a stand-alone product. Software Support Components of the supplemental Software and any offers associated with them may be supported by the specific Owner(s) of that material but they are not supported by SYBEX. Information regarding any available support may be obtained from the Owner(s) using the information provided in the appropriate read.me files or listed elsewhere on the media. Should the manufacturer(s) or other Owner(s) cease to offer support or decline to honor any offer, SYBEX bears no responsibility. This notice concerning support for the Software is provided for your information only. SYBEX is not the agent or principal of the Owner(s), and SYBEX is in no way responsible for providing any support for the Software, nor is it liable or responsible for any support provided, or not provided, by the Owner(s). Warranty SYBEX warrants the enclosed media to be free of physical defects for a period of ninety (90) days after purchase. The Software is not available from SYBEX in any other form or media than that enclosed herein or posted to www.sybex. com. If you discover a defect in the media during this warranty period, you may obtain a replacement of identical format at no charge by sending the defective media, postage prepaid, with proof of purchase to: SYBEX Inc. Customer Service Department 1151 Marina Village Parkway Alameda, CA 94501 (510) 523-8233 Fax: (510) 523-2373 e-mail: info@sybex.com WEB: HTTP://WWW.SYBEX.COM After the 90-day period, you can obtain replacement media of identical format by sending us the defective disk, proof of purchase, and a check or money order for $10, payable to SYBEX. Disclaimer SYBEX makes no warranty or representation, either expressed or implied, with respect to the Software or its contents, quality, performance, merchantability, or fitness for a particular purpose. In no event will SYBEX, its distributors, or dealers be liable to you or any other party for direct, indirect, special, incidental, consequential, or other damages arising out of the use of or inability to use the Software or its contents even if advised of the possibility of such damage. In the event that the Software includes an online update feature, SYBEX further disclaims any obligation to provide this feature for any specific duration other than the initial posting. The exclusion of implied warranties is not permitted by some states. Therefore, the above exclusion may not apply to you. This warranty provides you with specific legal rights; there may be other rights that you may have that vary from state to state. The pricing of the book with the Software by SYBEX reflects the allocation of risk and limitations on liability contained in this agreement of Terms and Conditions. Shareware Distribution This Software may contain various programs that are distributed as shareware. Copyright laws apply to both shareware and ordinary commercial software, and the copyright Owner(s) retains all rights. If you try a shareware program and continue using it, you are expected to register it. Individual programs differ on details of trial periods, registration, and payment. Please observe the requirements stated in appropriate files. Copy Protection The Software in whole or in part may or may not be copyprotected or encrypted. However, in all cases, reselling or redistributing these files without authorization is expressly forbidden except as specifically provided for by the Owner(s) therein. Copyright ©2000 SYBEX , Inc., Alameda, CA www.sybex.com To my new friends at learnit.com. You’re all awesome! Todd Lammle To Claudia, Christopher, and Clarissa—the balance in my life. Kevin Hales Copyright ©2000 SYBEX , Inc., Alameda, CA www.sybex.com Acknowledgments We would all be millionaires if we could bottle Jill Schlessinger’s energy and great attitude. This project owes her a debt of gratitude. Thanks to Kevin Hales for hanging in there and adding the great material needed to make this book the best. Todd Lammle I would like to acknowledge the great support my wife has been. Again, thanks to Todd Lammle for including me on this project. A great deal of gratitude for all those at Sybex, especially Jill Schlessinger and Shannon Murphy. Kevin Hales We would both like to thank all the folks associated with Sybex who helped get this book on the shelves. Judy Flynn was a superb editor. This book would be a stack of typewritten pages without the layout finesse of Nila Nichols. Tony Jonick magically transformed sketches into works of art. Thanks to technical editors Errol Robichaux and Mark Tashiro for being our watchdogs. Finally, our other watchdogs are the proofreaders: thanks to Laurie O’Connell, Erika Donald, Nanette Duffy, Camera Obscura, and Laura Schattschneider. Copyright ©2000 SYBEX , Inc., Alameda, CA www.sybex.com Introduction The new Cisco certifications reach beyond the popular certifications, such as the MCSE and CNE, to provide you with an indispensable factor in understanding today’s network—insight into the Cisco world of internetworking. This book is intended to help you continue on your exciting new path toward obtaining CCNP and CCIE certification. Before reading this book, you should have at least read Sybex’s CCNA: Cisco Certified Network Associate Study Guide. Although you can take the Cisco tests in any order, you should pass the CCNA exam before pursuing your CCNP. Many questions in the CCNP Switching exam (640-504) are built upon the CCNA material. However, we have done everything possible to make sure you can pass the 640-504 exam by reading this book and practicing with Cisco routers. Cisco—A Brief History A lot of readers may already be familiar with Cisco and what they do. However, those of you who are new to the field, just coming in fresh from your MCSE, or those of you who have maybe 10 or more years in the field but wish to brush up on the new technology, may appreciate a little background on Cisco. In the early 1980s, Len and Sandy Bosack, a married couple who worked in different computer departments at Stanford University, were having trouble getting their individual systems to communicate (like many married people). So in their living room they created a gateway server that made it easier for their disparate computers in two different departments to communicate using the IP protocol. In 1984, they founded cisco Systems (notice the small c) with a small commercial gateway server product that changed networking forever. Some people think the name was intended to be San Francisco Systems but the paper got ripped on the way to the incorporation lawyers—who knows? In 1992, the company name was changed to Cisco Systems, Inc. The first product the company marketed was called the Advanced Gateway Server (AGS). Then came the Mid-Range Gateway Server (MGS), the Compact Gateway Server (CGS), the Integrated Gateway Server (IGS), and the AGS+. Cisco calls these “the old alphabet soup products.” In 1993, Cisco came out with the amazing 4000 router and then created the even more amazing 7000, 2000, and 3000 series routers. These are still around and evolving (almost daily, it seems). Copyright ©2000 SYBEX , Inc., Alameda, CA www.sybex.com Introduction xix Cisco has since become an unrivaled worldwide leader in networking for the Internet. Its networking solutions can easily connect users who work from diverse devices on disparate networks. Cisco products make it simple for people to access and transfer information without regard to differences in time, place, or platform. In the big picture, Cisco provides end-to-end networking solutions that customers can use to build an efficient, unified information infrastructure of their own or to connect to someone else’s. This is an important piece in the Internet/networking-industry puzzle because a common architecture that delivers consistent network services to all users is now a functional imperative. Because Cisco offers such a broad range of networking and Internet services and capabilities, users who need to access their local network or the Internet regularly can do so unhindered, making Cisco’s wares indispensable. Cisco answers this need with a wide range of hardware products that form information networks using the Cisco Internetwork Operating System (IOS) software. This software provides network services, paving the way for networked technical support and professional services to maintain and optimize all network operations. Along with the Cisco IOS, one of the services Cisco created to help support the vast amount of hardware it has engineered is the Cisco Certified Internetwork Expert (CCIE) program, which was designed specifically to equip people to effectively manage the vast quantity of installed Cisco networks. The business plan is simple: If you want to sell more Cisco equipment and install more Cisco networks, ensure that the networks you install run properly. However, having a fabulous product line isn’t all it takes to guarantee the huge success that Cisco enjoys—lots of companies with great products are now defunct. If you have complicated products designed to solve complicated problems, you need knowledgeable people who are fully capable of installing, managing, and troubleshooting them. That part isn’t easy, so Cisco began the CCIE program to equip people to support these complicated networks. This program, known colloquially as the Doctorate of Networking, has also been successful, primarily due to its extreme difficulty. Cisco continuously monitors the CCIE program, changing it as it sees fit, to make sure that it remains pertinent and accurately reflects the demands of today’s internetworking business environments. Building upon the highly successful CCIE program, Cisco Career Certifications permit you to become certified at various levels of technical proficiency, spanning the disciplines of network design and support. So whether Copyright ©2000 SYBEX , Inc., Alameda, CA www.sybex.com xx Introduction you’re beginning a career, changing careers, securing your present position, or seeking to refine and promote your position, this is the book for you! Cisco’s Network Support Certifications Cisco has created new certifications that will help you get the coveted CCIE, as well as aid prospective employers in measuring skill levels. Before these new certifications, you took only one test and were then faced with the lab, which made it difficult to succeed. With these new certifications, which add a better approach to preparing for that almighty lab, Cisco has opened doors that few were allowed through before. So, what are these new certifications, and how do they help you get your CCIE? Cisco Certified Network Associate (CCNA) 2.0 The CCNA certification is the first in the new line of Cisco certifications and is a precursor to all current Cisco certifications. With the new certification programs, Cisco has created a stepping-stone approach to CCIE certification. Now you can become a Cisco Certified Network Associate for the meager cost of Sybex’s CCNA: Cisco Certified Network Associate Study Guide, plus $100 for the test. And you don’t have to stop there—you can continue with your studies and achieve a higher certification called the Cisco Certified Network Professional (CCNP). Someone with a CCNP has all the skills and knowledge needed to attempt the CCIE lab. However, because no textbook can take the place of practical experience, we’ll discuss what else you need to be ready for the CCIE lab shortly. Check www.routersim.com for a cost-effective Cisco router simulator. Cisco Certified Network Professional (CCNP) 2.0 Cisco Certified Network Professional (CCNP), Cisco’s new certification, has opened up many opportunities for those individuals wishing to become Cisco-certified but lacking the training, the expertise, or the bucks to pass the notorious and often failed two-day Cisco torture lab. The new Cisco certifications will truly provide exciting new opportunities for the CNE and MCSE who are unsure of how to advance to a higher level. Copyright ©2000 SYBEX , Inc., Alameda, CA www.sybex.com Introduction xxi So, you’re thinking, “Great, what do I do after passing the CCNA exam?” Well, if you want to become a CCIE in Routing and Switching (the most popular certification), understand that there’s more than one path to that muchcoveted CCIE certification. The first way is to continue studying and become a Cisco Certified Network Professional (CCNP), which means four more tests, in addition to the CCNA certification. The CCNP program will prepare you to understand and comprehensively tackle the internetworking issues of today and beyond—and it is not limited to the Cisco world. You will undergo an immense metamorphosis, vastly increasing your knowledge and skills through the process of obtaining these certifications. Todd Lammle offers a hands-on Cisco seminar (www.lammle.com) that provides two Cisco courses in one week of training. The Cisco CCNA/CCNP/CCDP seminars include CCNA/CCDA, Routing/Support, and Remote Access/Switching. Each course is six days long, and every student receives two routers and a switch to configure. Todd Lammle now offers a new three-day CCNA to help the busy professional. Although you don’t need to be a CCNP or even a CCNA to take the CCIE lab, it’s extremely helpful if you already have these certifications. What Skills Do You Need to Become a CCNP? Cisco demands a certain level of proficiency for its CCNP certification. In addition to mastering the skills required for the CCNA, you should have the following skills for the CCNP: Installing, configuring, operating, and troubleshooting complex routed LAN, routed WAN, and switched LAN networks, along with dial-access services Understanding complex networks, such as IP, IGRP, IPX, Async Routing, AppleTalk, extended access lists, IP RIP, route redistribution, IPX RIP, route summarization, OSPF, VLSM, BGP, serial, IGRP, Frame Relay, ISDN, ISL, X.25, DDR, PSTN, PPP, VLANs, Ethernet, ATM LAN Emulation (LANE), access lists, 802.10, FDDI, and transparent and translational bridging Copyright ©2000 SYBEX , Inc., Alameda, CA www.sybex.com xxii Introduction To meet the CCNP requirements, you must be able to perform the following: Install and/or configure a network to increase bandwidth, quicken network response times, and improve reliability and quality of service. Maximize performance through campus LANs, routed WANs, and remote access. Improve network security. Create a global intranet. Provide access security to campus switches and routers. Provide increased switching and routing bandwidth—end-to-end resiliency services. Provide custom queuing and routed priority services. How Do You Become a CCNP? After becoming a CCNA, you must take four exams to get your CCNP 2.0: Exam 640-503: Routing This exam continues to build on the fundamentals learned in the CCNA course. It focuses on large multiprotocol internetworks and how to manage them with access lists, queuing, tunneling, route distribution, router maps, BGP, OSPF, and route summarization. The forthcoming CCNP: Routing Study Guide covers all the exam objectives. Exam 640-504: Switching This exam tests your knowledge of the 1900 and 5000 series of Catalyst switches. This book, CCNP: Switching Study Guide, covers all the objectives you need to understand to pass the Switching exam. Exam 640-505: Remote Access This exam tests your knowledge of installing, configuring, monitoring, and troubleshooting Cisco ISDN and dial-up access products. You must understand PPP, ISDN, Frame Relay, and authentication. The new Sybex CCNP: Remote Access Study Guide covers all the exam objectives. Exam 640-506: Support This exam tests you on the Cisco IOS troubleshooting information available. You must be able to troubleshoot Ethernet and Token Ring LANs, IP, IPX, and AppleTalk networks, as well as ISDN, PPP, and Frame Relay networks. The new Sybex CCNP: Support Study Guide covers all the exam objectives. Copyright ©2000 SYBEX , Inc., Alameda, CA www.sybex.com Introduction xxiii If you hate tests, you can take fewer of them by signing up for the CCNA exam and the Support exam and then taking just one more long exam called the Foundation R/S exam (640-509). Doing this also gives you your CCNP—but beware, it’s a really long test that fuses all the material listed previously into one exam. Good luck! However, by taking this exam, you get three tests for the price of two, which saves you $100 (if you pass). Some people think it’s easier to take the Foundation R/S exam because you can leverage the areas in which you would score higher against the areas in which you wouldn’t. Remember that test objectives and tests can change at any time without notice. Always check the Cisco Web site (www.cisco.com) for the most up-todate information. Cisco Certified Internetwork Expert (CCIE) You’ve become a CCNP, and now you fix your sights on getting your Cisco Certified Internetwork Expert (CCIE) in Routing and Switching—what do you do next? Cisco recommends that before you take the lab, you take test 640-025: Cisco Internetwork Design (CID) and the Cisco authorized course called Installing and Maintaining Cisco Routers (IMCR). By the way, no Prometric test for IMCR exists at the time of this writing, and Cisco recommends a minimum of two years of on-the-job experience before taking the CCIE lab. After jumping those hurdles, you then have to pass the CCIE-R/S Exam Qualification (exam 350-001) before taking the actual lab. To become a CCIE, Cisco recommends the following: 1. Attend all the recommended courses at an authorized Cisco training center and pony up around $15,000–$20,000, depending on your corporate discount. 2. Pass the Drake/Prometric exam ($200 per exam—so hopefully you’ll pass it the first time). Copyright ©2000 SYBEX , Inc., Alameda, CA www.sybex.com xxiv Introduction 3. Pass the two-day, hands-on lab at Cisco. This costs $1,000 per lab, which many people fail two or more times. (Some never make it through!) Also, you might just need to add travel costs to that $1,000 because you can currently take the exam only in San Jose, California; Research Triangle Park, North Carolina; Sydney, Australia; Halifax, Nova Scotia; Tokyo, Japan; or Brussels, Belgium. Cisco is adding new sites for the CCIE lab; it is best to check the Cisco Web site for the most up-to-date information. What Skills Do You Need to Become a CCIE? The CCIE Routing and Switching exam includes the advanced technical skills that are required to maintain optimum network performance and reliability, as well as advanced skills in supporting diverse networks that use disparate technologies. CCIEs just don’t have problems getting jobs; these experts are basically inundated with offers to work for six-figure salaries! But that’s because it isn’t easy to attain the level of capability that is mandatory for Cisco’s CCIE. For example, a CCIE must have the following skills down pat: Installing, configuring, operating, and troubleshooting complex routed LAN, routed WAN, switched LAN, and ATM LANE networks, along with dial-access services Diagnosing and resolving network faults Using packet/frame analysis and Cisco debugging tools Documenting and reporting the problem-solving processes used Having general LAN/WAN knowledge, including data encapsulation and layering; windowing and flow control and their relation to delay; error detection and recovery; link-state, distance vector, and switching algorithms; management, monitoring, and fault isolation Having knowledge of a variety of corporate technologies—including major services provided by Desktop, WAN, and Internet groups—as well as the functions, addressing structures, and routing, switching, and bridging implications of each of their protocols Copyright ©2000 SYBEX , Inc., Alameda, CA www.sybex.com Introduction xxv Having knowledge of Cisco-specific technologies, including router/ switch platforms, architectures, and applications; communication servers; protocol translation and applications; configuration commands and system/network impact; and LAN/WAN interfaces, capabilities, and applications Designing, configuring, installing, and verifying voice-over-IP and voice-over-ATM networks Check www.netfix.com for a great price on used Cisco gear that can help you build a home lab. Cisco’s Network Design Certifications In addition to the network support certifications, Cisco has created another certification track for network designers. The two certifications within this track are the Cisco Certified Design Associate (CCDA) and Cisco Certified Design Professional (CCDP) certifications. If you’re reaching for the CCIE stars, we highly recommend the CCNP and CCDP certifications before attempting the lab (or attempting to advance your career). Preparing for these certifications will give you the knowledge to design routed LAN, routed WAN, and switched LAN and ATM LANE networks. Cisco Certified Design Associate (CCDA) To become a CCDA, you must pass the DCN (Designing Cisco Networks) test (640-441). To pass this test, you must understand how to do the following: Design simple routed LAN, routed WAN, and switched LAN and ATM LANE networks. Use Network-layer addressing. Filter with access lists. Use and propagate VLANs. Size networks. Copyright ©2000 SYBEX , Inc., Alameda, CA www.sybex.com xxvi Introduction Sybex’s CCDA: Cisco Certified Design Associate Study Guide is the most costeffective way to study for and pass your CCDA exam. Cisco Certified Design Professional (CCDP) 2.0 If you’re already a CCNP and want to get your CCDP, you can simply take the CID 640-025 test. If you’re not yet a CCNP, however, you must take the CCDA, CCNA, Routing, Switching, Remote Access, and CID exams. CCDP certification skills include the following: Designing complex routed LAN, routed WAN, and switched LAN and ATM LANE networks Building upon the base level of the CCDA technical knowledge CCDPs must also demonstrate proficiency in the following: Network-layer addressing in a hierarchical environment Traffic management with access lists Hierarchical network design VLAN use and propagation Performance considerations: required hardware and software; switching engines; memory, cost, and minimization What Does This Book Cover? This book covers everything you need to pass the CCNP Switching exam. The following list describes what you will learn in each chapter: Chapter 1 describes the traditional campus network model and moves into the new emerging campus model. Layer 2, 3, and 4 switching is also discussed. In addition, this chapter discusses the Cisco three-layer model, the Cisco switching product line, and how to build switch and core blocks. Chapter 2 describes the various Ethernet media types and how to log in and configure both a set-based and IOS-based Cisco Catalyst switch. Copyright ©2000 SYBEX , Inc., Alameda, CA www.sybex.com Introduction xxvii Chapter 3 covers VLANs—how they work and how to configure them in a Cisco internetwork. Trunking and VLAN Trunk Protocol (VTP) will be described and implemented. Chapter 4 will give you an in-depth look at the Spanning Tree Protocol (STP), its timers, and how to configure STP in a switch. Chapter 5 shows you how to configure STP timers and includes a discussion of root bridge selection. Redundant links with STP will also be covered. Chapter 6 covers Inter-Switch Link (ISL) routing. Both internal route processors and external route processors are covered, as well as how to configure both internal and external route processors to connect multiple VLANs. Chapter 7 will provide the fundamentals of multi-layer switching on both internal and external route processors. In addition to covering IP routing with MLS, we’ll show you how to configure the MLS engine. Chapter 8 gives you an extensive discussion of Hot Standby Routing Protocol (HSRP). The chapter provides HSRP as a solution to IP default gateway issues. Configuring HSRP is also covered. Chapter 9 covers the background of multicast addresses and how to translate from a layer 3 address to a layer 2 multicast address. Chapter 9 also covers IGMP and CGMP. Chapter 10 is about configuring multicast in a Cisco internetwork. Enabling multicast, joining a multicast group, and enabling CGMP are also covered. Chapter 11 ends this book by talking about access policies, how to create them, and how to implement them. Appendix A is a practice exam (see “How to Use This Book” later in this introduction for more on the practice exam). Appendix B includes all of the commands used in this book along with explanations of each command and how they are used with both access layer and distribution layer switches. Appendix C is a list of all multicast addresses as listed in RFC 1112. It also includes a list of all the assigned multicast addresses. Copyright ©2000 SYBEX , Inc., Alameda, CA www.sybex.com xxviii Introduction Each chapter begins with a list of the topics covered related to the CCNP Switching test, so make sure to read them over before working through the chapter. In addition, each chapter ends with review questions specifically designed to help you retain the knowledge presented. To really nail down your skills, read each question carefully, and if possible, work through the chapters’ hands-on labs. Where Do You Take the Exams? You may take the exams at any of the more than 800 Sylvan Prometric Authorized Testing Centers around the world. For the location of a testing center near you, call (800) 755-3926. Outside the United States and Canada, contact your local Sylvan Prometric Registration Center. To register for a Cisco Certified Network Professional exam: 1. Determine the number of the exam you want to take. (The Switching exam number is 640-504.) 2. Register with the nearest Sylvan Prometric Registration Center. At this point, you will be asked to pay in advance for the exam. At the time of this writing, the exams are $100 each and must be taken within one year of payment. You can schedule an exam up to six weeks in advance or as soon as one working day prior to the day you wish to take it. If something comes up and you need to cancel or reschedule your exam appointment, contact Sylvan Prometric at least 24 hours in advance. Same-day registration isn’t available for the Cisco tests. 3. When you schedule the exam, you’ll get instructions regarding all appointment and cancellation procedures, the ID requirements, and information about the testing-center location. Tips for Taking Your CCNP Exam The CCNP Switching test contains about 70 questions to be completed in 90 minutes. However, the number of exam questions and time may vary. Many questions on the exam have answer choices that at first glance look identical—especially the syntax questions! Remember to read through the choices carefully because “close enough” doesn’t cut it. If you get commands in the wrong order or forget one measly character, you’ll get the question Copyright ©2000 SYBEX , Inc., Alameda, CA www.sybex.com Introduction xxix wrong. So, to practice, do the hands-on exercises at the end of the chapters over and over again until they feel natural to you. Unlike Microsoft or Novell tests, the exam has answer choices that are syntactically similar—although some syntax is dead wrong, it is usually just subtly wrong. Some other syntax choices may be right, but they’re shown in the wrong order. Cisco does split hairs, and they’re not at all averse to giving you classic trick questions. Here’s an example: access-list 101 deny ip any eq 23 denies Telnet access to all systems. This question looks correct because most people refer to the port number (23) and think, “Yes, that’s the port used for Telnet.” The catch is that you can’t filter IP on port numbers (only TCP and UDP). Also, never forget that the right answer is the Cisco answer. In many cases, more than one appropriate answer is presented, but the correct answer is the one that Cisco recommends. Here are some general tips for exam success: Arrive early at the exam center, so you can relax and review your study materials. Read the questions carefully. Don’t just jump to conclusions. Make sure you’re clear about exactly what each question asks. Don’t leave any questions unanswered. They count against you. When answering multiple-choice questions that you’re unsure about, use the process of elimination to get rid of the obviously incorrect answers first. Doing this greatly improves your odds if you need to make an educated guess. You can no longer move forward and backward through the Cisco exams (except the CCIE written exam and the CCDA exam), so doublecheck your answer before moving to the next question. After you complete an exam, you’ll get immediate, online notification of your pass or fail status, a printed Examination Score Report that indicates your pass or fail status, and your exam results by section. (The test administrator will give you the printed score report.) Test scores are automatically forwarded to Cisco within five working days after you take the test, so you don’t need to send your score to them. If you pass the exam, you’ll receive confirmation from Cisco, typically within two to four weeks. Copyright ©2000 SYBEX , Inc., Alameda, CA www.sybex.com xxx Introduction How to Use This Book This book can provide a solid foundation for the serious effort of preparing for the Cisco Certified Network Professional Switching exam. To best benefit from this book, use the following study method: 1. Take the assessment test immediately following this introduction. (The answers are at the end of the test.) Carefully read over the explanations for any question you get wrong, and note which chapters the material comes from. This information should help you plan your study strategy. 2. Study each chapter carefully, making sure you fully understand the information and the test objectives listed at the beginning of each chapter. Pay extra close attention to any chapter where you missed questions in the assessment test. 3. Complete all hands-on exercises in the chapter, referring to the chap- ter so that you understand the reason for each step you take. If you do not have Cisco equipment available, make sure to study the examples carefully. Also, check www.routersim.com for a router simulator. 4. Answer the review questions related to each chapter. (The answers appear at the end of the chapter, after the review questions.) Note the questions that confuse you, and study those sections of the book again. 5. Take the practice exam in Appendix A. The answers appear at the end of the exam. 6. Try your hand at the bonus practice exam that is included on the CD that comes with this book. The questions in this exam appear only on the CD. This will give you a complete overview of what you can expect to see on the real thing. 7. Use the products on the CD included with this book. The electronic flashcards, the Boson Software utilities, and the EdgeTest exam preparation software have all been specifically picked to help you study for and pass your exam. Study on the road with the CCNP: Switching Study Guide electronic book in PDF, and be sure to test yourself with the electronic flashcards. Copyright ©2000 SYBEX , Inc., Alameda, CA www.sybex.com Introduction xxxi The electronic flashcards can be used on your Windows computer or on your Palm device. 8. Make sure to read the “Key Terms” and “Commands in This Chap- ter” lists at the end of the chapters. Appendix B includes all the commands used in the book, including explanations for each command. To learn all the material covered in this book, you’ll have to apply yourself regularly and with discipline. Try to set aside the same time period every day to study, and select a comfortable and quiet place to do so. If you work hard, you will be surprised at how quickly you learn this material. All the best! What’s on the CD? We worked hard to provide some really great tools on the CD to help you with your certification process. All of the following tools should be loaded on your workstation when you’re studying for the test. The EdgeTest for Cisco Switching Test Preparation Software Provided by EdgeTek Learning Systems, the test preparation software prepares you to successfully pass the Switching exam. In this test engine you will find all the questions from the book, plus an additional bonus practice exam that appears exclusively on the CD. You can take the assessment test, test yourself by chapter, take the practice exam that appears in the book or on the CD, or take an exam randomly generated from any of the questions. To find more test-simulation software for all Cisco and NT exams, look for the exam link on www.lammle.com. Electronic Flashcards for PC and Palm Devices To prepare for the exam, you can read this book, study the review questions at the end of each chapter, and work through the practice exams included in Copyright ©2000 SYBEX , Inc., Alameda, CA www.sybex.com xxxii Introduction the book and on the CD. But wait, there’s more! Test yourself with the flashcards included on the CD. If you can get through these difficult questions and understand the answers, you’ll know you’re ready for the CCNP Switching exam. The flashcards include more than 150 questions specifically written to hit you hard and make sure you are ready for the exam. Between the review questions, practice exams, and flashcards, you’ll be more than prepared for the exam. The Dictionary of Networking and the CCNP: Switching Study Guide in PDF Sybex offers the Cisco Certification books on CD so you can read them on your PC or laptop. The Dictionary of Networking and the CCNP: Switching Study Guide are in Adobe Acrobat format. Acrobat Reader 4 with Search is also included on the CD. This will be helpful to readers who travel and don’t want to carry a book, as well as to readers who prefer reading from their computer. Boson Software Utilities Boson Software is an impressive company: They provide many free services to help you, the student. Boson has the best Cisco exam preparation questions on the market at a very nice price. On this book’s CD, they have provided the following: IP Subnetter eeSuperPing System-Logging Wildcard Mask Checker Router GetPass CCNA Virtual Lab AVI Demo Files The CCNA Virtual Lab e-trainer provides a router and switch simulator to help you gain hands-on experience without having to buy expensive Cisco gear. The demos are AVI files that you can play in RealPlayer, which is Copyright ©2000 SYBEX , Inc., Alameda, CA www.sybex.com Introduction xxxiii included on the CD. The files will help you gain an understanding of the product features and the labs that the routers and switches can perform. Read more about the CCNA Virtual Lab e-trainer at www.sybex.com/ cgi-bin/rd_bookpg.pl?2728back.html. You can upgrade this product at www.routersim.com. How to Contact the Authors You can reach Todd Lammle through GlobalNet Training Solutions, Inc. (www.lammle.com)—his training and systems integration company in Colorado—or e-mail him at todd@lammle.com. You can e-mail Kevin Hales at kb7dfs@yahoo.com. Copyright ©2000 SYBEX , Inc., Alameda, CA www.sybex.com Assessment Test 1. Transparent bridging uses which protocol to stop network loops on layer 2 switched networks? A. IP routing B. STP C. VSTP D. UplinkFast Bridging 2. Choose the three components that make MLS implementation possible. A. MLS-CP B. MLSP C. MLS-SE D. MLS-RP 3. Why would you configure VTP version 2 on your network? (Choose all that apply.) A. You need to support Token Ring VLANs. B. To correct TLV errors. C. You want to forward VTP domain messages without the switches checking the version. D. You have all Cisco switches. 4. If you want to see the virtual IP address used on an HSRP router, which command should you use? A. show hsrp status B. show hsrp standby address C. show standby D. show hsrp address Copyright ©2000 SYBEX , Inc., Alameda, CA www.sybex.com Assessment Test xxxv 5. Which is the proper syntax for enabling IP multicast on a router? A. multicast ip routing B. ip-multicast routing C. ip multicast-routing D. ip mroute cache 6. Which of the following are true regarding the blocking state of an STP switch port? (Choose all that apply.) A. Blocking ports do not forward any frames. B. Blocking ports listen for BPDUs. C. Blocking port sforward all frames. D. Blocking ports do not listen for BPDUs. 7. Choose the correct definition of an XTAG. A. A value assigned to each packet to assign it to an MLS flow B. A value assigned by the router to each MLS-SE in the layer 2 network C. A value assigned by each MLS-SE for each MLS-RP in the layer 2 network D. A value assigned by the NFFC or PFC to identify each flow 8. What Cisco Catalyst switches provide distribution layer functions? (Choose all that apply.) A. 1900 B. 2926G C. 5000 D. 6000 E. 8500 Copyright ©2000 SYBEX , Inc., Alameda, CA www.sybex.com xxxvi Assessment Test 9. Which is used to find the hardware address of a router if none is spec- ified in the workstation’s configuration? A. HSRP B. IP addressing C. IP ARP D. Proxy ARP 10. What would you type at a 1900 console prompt to see the transmit and receive statistics of VTP? A. show vtp stat B. show stat C. sh vtp domain D. sh int e0/9 11. If you wanted to configure VLAN 6 on an internal route processor with an IP address of 10.1.1.1/24, which of the following commands would you use? A. set vlan6 ip address 10.1.1.1 255.255.255.0 B. config t, vlan6 ip address 10.1.1.1 255.255.255.0 C. int vlan 6, ip address 10.1.1.1 255.255.255.0 D. set int vlan6, ip address 10.1.1.1 255.255.255.0 12. Which is the correct multicast MAC address if it is mapped from the multicast IP address 224.127.45.254? A. 01-00-5e-7f-2d-fe B. 01-00-5e-7e-2d-fe C. 00-00-e0-7f-2d-fe D. 01-00-e0-7f-2d-fe Copyright ©2000 SYBEX , Inc., Alameda, CA www.sybex.com Assessment Test xxxvii 13. Which of the following describes local VLAN services? A. Users do not cross layer 3 devices and the network services are in the same broadcast domain as the users. This type of traffic never crosses the backbone. B. Users cross the backbone to log in to servers for file and print services. C. Users would have to cross a layer 3 device to communicate with the network services, but they might not have to cross the backbone. D. Layer 3 switches or routers are required in this scenario because the services must be close to the core and would probably be based in their own subnet. 14. What command do you use to add an access list to an HTTP server running on a router? A. access-class B. access-group C. vty access-list D. http access-list 15. Which of the following protocols is used to determine the locations of data loops and the election of a root bridge? A. STP B. VSTP C. BPDU D. BackboneFast Copyright ©2000 SYBEX , Inc., Alameda, CA www.sybex.com xxxviii Assessment Test 16. What is the syntax for configuring a router to be an RP Mapping Agent? A. ip multicast mapping-agent scope B. ip pim send-rp-discovery scope C. ip rp-mapping-agent scope D. ip auto-rp mapping-agent scope 17. Which of the following is an IEEE standard for frame tagging? A. ISL B. 802.3z C. 802.1q D. 802.3u 18. How do you set the enable mode password on a 5000 series switch? A. set sco password todd B. set user password todd C. set password todd D. set enablepass E. set enable password todd 19. Which of the following is true? A. You are required to assign a password to an RSM interface CLI. B. You must perform a no shutdown command for every subinter- face on an external route processor. C. You must perform a no shutdown command for every VLAN on an internal route processor. D. You can use a 2500 series router for ISL routing. Copyright ©2000 SYBEX , Inc., Alameda, CA www.sybex.com Assessment Test xxxix 20. Which version of IGMP is the Cisco proprietary version? A. IGMPv1 B. IGMPv2 C. CGMP D. None 21. If you wanted to set a default route on a 5000 series switch, which of the following commands would you use? A. route add 0.0.0.0 0.0.0.0 172.16.1.1 B. set route default 0.0.0.0 172.16.1.1 C. set route default 172.16.1.1 D. set route 0.0.0.0 0.0.0.0 172.16.1.1 22. Which of the following is a type of access policy that you can apply at the distribution layer? (Choose all that apply.) A. Port security B. Access lists C. Distribute lists D. Physical security 23. Which of the following defines remote VLAN services? A. Users do not cross layer 3 devices, and the network services are in the same broadcast domain as the users. This type of traffic never crosses the backbone. B. Users only cross layer 2 devices to find the network file and print services needed to perform their job function. C. Users would have to cross a layer 3 device to communicate with the network services, but they might not have to cross the backbone. D. Layer 3 switches or routers are required in this scenario because the services must be close to the core and would probably be based in their own subnet. Copyright ©2000 SYBEX , Inc., Alameda, CA www.sybex.com xl Assessment Test 24. If you want to clear the VTP prune eligibility from all VLANs except VLAN 2, what command would you type in on a set-based switch? A. delete pruneeligible 3, 4, 5, etc… B. delete vtp pruneeligible 1, 3-1005 C. clear vtp pruneeligible 3-1005 D. clear vtp pruneeligible 1, 3-1005 25. Which of the following devices is responsible for rewriting a layer 3 switched packet? (Choose all that apply.) A. Multilayer Switch Feature Card (MSFC) B. Route Switch Module (RSM) C. NetFlow Feature Card (NFFC) D. Policy Feature Card (PFC) 26. What command do you use to add an access list to a VTY line? A. access-class B. access-group C. vty access-list D. http access-list 27. If you wanted to have a 5000 switch supervisor module in a VLAN other than the default of VLAN 1, what should you type in? A. set int slo 3 B. set int sc0 2 C. set sco2 3 D. set vlan management 2 Copyright ©2000 SYBEX , Inc., Alameda, CA www.sybex.com Assessment Test xli 28. What does a switch do with a multicast frame received on an interface? A. Forwards the switch to the first available link B. Drops the frame C. Floods the network with the frame looking for the device D. Sends back a message to the originating station asking for a name resolution 29. Choose the effects of configuring PIM SM on an interface. A. Enabling IGMP B. Enabling CGMP C. Enabling IGMP and CGMP D. Enabling Auto-RP 30. Choose the three basic steps in establishing a shortcut cache (MLS cache) entry. A. Identification of the MLS-RP B. Identification of the MLS-SE C. Identification of a candidate packet D. Identification of an enable packet E. Identification of ISL trunking 31. What is the default VLAN on all switches? A. VLAN 64 B. VLAN 1005 C. VLAN 1 D. VLAN 10 Copyright ©2000 SYBEX , Inc., Alameda, CA www.sybex.com xlii Assessment Test 32. Which of the following is a type of access policy that you can apply at the access layer? A. Port security B. Access lists C. Distribute lists D. Physical security 33. Which of the following is true regarding the Cisco 2926G switch? A. Provides an enterprise solution for up to 96 users and up to 36 Gigabit Ethernet ports for servers B. Supports a large number of connections and also supports an inter- nal route processor module C. Only uses an external router processor like a 4000 or 7000 series router D. Also recommended for use at the core layer 34. How many bits are available for mapping a layer 3 IP address to a multicast MAC address? A. 16 B. 32 C. 23 D. 24 35. What command will set the enable mode password on a 1900 switch? A. 1900EN(config)#enable password level 1 todd B. 1900EN(config)#enable password level 15 todd C. 1900EN#set enable password todd D. 1900EN(Config)#enable password todd Copyright ©2000 SYBEX , Inc., Alameda, CA www.sybex.com Assessment Test xliii 36. What does the PVST protocol provide? A. One instance of spanning tree per network B. One instance of STP per VLAN C. Port Aggregation Protocol support D. Routing between VLANs 37. If you want to see the standby virtual MAC address used on an HSRP router, which command could you use? A. show standby B. show hsrp standby address C. show hsrp status D. show hsrp address 38. Which of the following are examples of out-of-band management? (Choose all that apply.) A. Console port B. VTY line C. Auxiliary port D. Telnet 39. Which of the following IP address ranges is the valid multicast address range? A. 127.0.0.0–127.255.255.255 B. 223.0.0.1–237.255.255.255 C. 224.0.0.1–239.0.0.0 D. 224.0.0.0–239.255.255.255 Copyright ©2000 SYBEX , Inc., Alameda, CA www.sybex.com xliv Assessment Test 40. Which of the following defines enterprise services? A. Users do not cross layer 3 devices, and the network services are in the same broadcast domain as the users. This type of traffic never crosses the backbone. B. No layer 3 switches or devices are used in this network. C. The users would have to cross a layer 3 device to communicate with the network services, but they might not have to cross the backbone. D. Layer 3 switches or routers are required in this scenario because the services must be close to the core and would probably be based in their own subnet. 41. What is the default LAN switch type for the 1900 switch? A. FastForward B. Cut-through C. LANSwitch type 1 D. FragmentFree E. Store-and-forward 42. Which is true regarding IRDP? A. It can be used only on Ethernet LANs. B. It is used to update ARP caches on workstations. C. IRDP works only with Unix devices. D. It uses ICMP to send update messages to clients regarding the default gateway address. 43. What type of cable must you use to connect between two switch uplink ports? A. Straight B. Rolled C. Cross-over D. Fiber Copyright ©2000 SYBEX , Inc., Alameda, CA www.sybex.com Assessment Test xlv 44. Which LAN switch methods have a fixed latency time? (Choose all that apply.) A. Cut-through B. Store-and-forward C. FragmentCheck D. FragmentFree 45. Which of the following are true regarding an RSFC card? (Choose all that apply.) A. Passwords are required to be set on the RSFC card. B. The RSFC takes one slot in a 5000 series chassis. C. The RSFC is a daughter card for the Supervisor Engine II G and Supervisor III G cards. D. The RSFC is a fully functioning router running the Cisco IOS. 46. Which of the following is used to provide fault-tolerant routing? (Choose all that apply.) A. Proxy ARP B. IP ARP C. RIP D. IRDP E. HSRP 47. How do you set the usermode password on a 5000 switch? A. set sco password todd B. set user password todd C. set password D. set enable password todd Copyright ©2000 SYBEX , Inc., Alameda, CA www.sybex.com xlvi Assessment Test 48. Which of the following is a Cisco proprietary protocol? A. IP B. ICMP C. HSRP D. Proxy ARP 49. When will a switch update its VTP database? A. Every 60 seconds. B. When a switch receives an advertisement that has a higher revision number, the switch will overwrite the database in NVRAM with the new database being advertised. C. When a switch broadcasts an advertisement that has a lower revi- sion number, the switch will overwrite the database in NVRAM with the new database being advertised. D. When a switch receives an advertisement that has the same revi- sion number, the switch will overwrite the database in NVRAM with the new database being advertised. 50. What is the typical time a switch port will go from blocking to for- warding state? A. 5 seconds B. 50 seconds C. 10 seconds D. 100 seconds 51. Which topology scenario(s) support Multi-Layer Switching (MLS)? (Choose all that apply.) A. Router on a stick B. Multiple switches connected via ISL trunks with only one switch connected to a router C. Multiple switches connected to a router D. Multiple routers connected to one switch Copyright ©2000 SYBEX , Inc., Alameda, CA www.sybex.com Assessment Test xlvii 52. Which of the following commands is used to view the configuration of an RSM? A. sh vlan B. show config C. sho run D. sh port slot/type 53. To configure a root bridge on a set-based switch, what command would be used? A. set spanning tree backup B. set spantree secondary C. set spantree root D. spanning tree 2 Copyright ©2000 SYBEX , Inc., Alameda, CA www.sybex.com Answers to Assessment Test 1. B. The Spanning Tree Protocol was designed to help stop networks loops that can happen with transparent bridge networks running redundant links. See Chapter 5 for more information. 2. B, C, D. MLSP is the routing protocol for MLS, MLS-SE is the switching engine, and MLS-RP is the route processor. MLS-CP is an invalid answer. See Chapter 7 for more information. 3. A, B, C. If you have Token Ring, you would want to run VTP version 2. For more information, see Chapter 3. 4. C. To see both the virtual IP address and the virtual hardware address used by HSRP, use the show standby command. See Chapter 8 for more information on HSRP. 5. C. The first two are not valid commands. Ip mroute cache allows the interface to use fast switching or other types of interface switching for multicast traffic. See Chapter 10 for more information. 6. A, B. When a port is in blocking state, no frames are forwarded. This is used to stop network loops. However, the blocked port will listen for BPDUs received on the port. For more information on STP, see Chapter 4. 7. C. XTAG values are locally significant values that are assigned by the Multilayer Switching Switching Engine (MLS-SE) to keep track of the Multilayer Switching Route Processors (MLS-RPs) in the network. See Chapter 7 for more information. 8. B, C, D. The 2926G, 5000 series, and 6000 series were specifically designed to provide distribution layer functions. See Chapter 1 for more information on the distribution layer and the Cisco switches designed to run at the distribution layer. Copyright ©2000 SYBEX , Inc., Alameda, CA www.sybex.com Answers to Assessment Test xlix 9. D. Proxy ARP will send an ARP broadcast for every packet sent on a device if the default gateway is set the same as the workstation’s IP address. Proxy ARP, running on the router, will forward these frames if necessary. See Chapter 8 for more information on Proxy ARP. 10. A. The command show vtp stat is used to see VTP updates being sent and received on your switch. For more information, see Chapter 3. 11. C. The command interface vlan # is used to create a VLAN inter- face. The IP address of the interface is then configured with the ip address command. See Chapter 6 for more information on internal and external route processors. 12. A. 23 bits allows us to use the 127 value in the second octet. The MAC prefix is always 01-00-5e. See Chapter 9 for more information. 13. A. Local VLAN services are network services that are located in the same VLAN as the user trying to access them. Packets will not pass through a layer 3 device. See Chapter 1 for more information. 14. A. Use the ip http access-class number command to set an access list on an HTTP server. See Chapter 11 for more information on HTTP servers. 15. C. Bridge Protocol Data Units are sent out every two seconds by default and provide information to switches throughout the internetwork. This includes finding redundant links, electing the root bridge, monitoring the links in the spanning tree, and notifying other switches in the network about link failures. See Chapter 5 for more information. 16. B. The router uses PIM to distribute RP information to multicast routers. The other syntax options are not valid. See Chapter 10 for more information. 17. C. Cisco’s propriety version of frame tagging is ISL. However, if you do not have all Cisco switches, the IEEE 802.1q version would be used. For more information, see Chapter 3. Copyright ©2000 SYBEX , Inc., Alameda, CA www.sybex.com l Answers to Assessment Test 18. D. The command set enablepass will set the password on a 5000 series switch. See Chapter 2 for more information on configuring the 5000 series of switches. 19. C. An external route processor configured with subinterfaces does not need a shutdown performed on each subinterface, only the main interface. However, an internal route processor must have a no shutdown command performed under every VLAN interface. See Chapter 6 for more information on internal and external route processors. 20. D. CGMP is not a version of IGMP. It was developed by Cisco Sys- tems, but it was never an additional version of IGMP. See Chapter 9 for more information. 21. C. The command set route default and the command set route 0.0.0.0 are the same command and can be used to set a default gateway on a 5000 series switch. See Chapter 6 for more information on configuring a 5000 series switch. 22. B, C. The distribution layer security can include access lists. Distrib- ute lists are access lists that you can use to filter routing tables. See Chapter 11 for more information on access policies. 23. C. To communicate to another VLAN, packets must cross a layer 3 device. See Chapter 1 for more information on local and remote VLAN services. 24. C. You cannot turn off Pruneeligible for VLAN 1, which makes C the only correct answer. For more information, see Chapter 3. 25. C, D. The Multilayer Switch Feature Card (MSFC) is a Route Pro- cessor (RP) and does not perform the rewrites for MLS packets. The same goes for the Route Switch Module (RSM). The NetFlow Feature Card (NFFC) and the Policy Feature Card (PFC) are responsible for the MLS packet rewrite. See Chapter 7 for more information. 26. A. Use the access-class number in/out command to set an access list on a VTY line. See Chapter 11 for more information on access lists. Copyright ©2000 SYBEX , Inc., Alameda, CA www.sybex.com Answers to Assessment Test li 27. B. The set command set int sc0 vlan# changes the default VLAN for the supervisor module to the specified VLAN. See Chapter 2 for more information. 28. C. The switch will flood the network with the frame looking for the device. For more information on LAN switching, see Chapter 4. 29. A. Adding the PIM configuration to the interface enables only Inter- net Group Management Protocol (IGMP) in addition to PIM. Auto-RP and Cisco Group Management Protocol (CGMP) must be configured separately. See Chapter 10 for more information. 30. A, C, D. The Multilayer Switching Switching Engine (MLS-SE) needs to know three things to create an entry: the Multilayer Switching Route Processor (MLS-RP), a candidate packet, and an enable packet. See Chapter 7 for more information. 31. C. VLAN 1 is a default VLAN and used for management by default. See Chapter 5 for more information. 32. A, D. Physical security of switches is one of the most important access policies you can create at the access layer. Stopping users from plugging into any port on a switch is part of port security. See Chapter 11 for more information on access policies. 33. C. The 2926G is not capable of handling an internal route processor. See Chapter 1 for more information regarding the 2926G switch. 34. C. Due to the prefix length and the high order bit already in use in the multicast MAC address, only 23 bits are left for mapping. See Chapter 9 for more information. 35. B. The command to set the enable password on a 1900 switch is enable password level 15 password. See Chapter 2 for more information. 36. B. The Cisco proprietary protocol Per-VLAN Spanning Tree (PVST) uses a separate instance of spanning tree for each and every VLAN. See Chapter 5 for more information. Copyright ©2000 SYBEX , Inc., Alameda, CA www.sybex.com lii Answers to Assessment Test 37. A. To see both the virtual IP address and the virtual hardware address used by HSRP, use the show standby command. See Chapter 8 for more information on HSRP. 38. A, C. Connecting to the console port or auxiliary port is out-of-band management because you are not accessing the equipment from within the network. See Chapter 11 for more information on in-band and out-of-band management. 39. D. A is a Class B address. 223.0.0.1 does not have the proper mask. C is within the valid range, but it is not all-inclusive. See Chapter 9 for more information. 40. D. Enterprise services are defined as services that are provided to all users on the internetwork. See Chapter 1 for more information. 41. D. The 1900 defaults to FragmentFree, but it can be changed to store-and-forward. For more information on LAN switch types, see Chapter 4. 42. D. Internet Control Message Protocol (ICMP) is used by ICMP Router Discovery Protocol (IRDP) to update clients dynamically about default gateways. See Chapter 8 for more information regarding IRDP. 43. C. A cross-over cable is used to connect switches to switches and hubs to hubs. See Chapter 2 for more information on the Catalyst 5000 configuration. 44. A, D. Cut-through and FragmentFree always read only a fixed amount of a frame. For more information on LAN switch types, see Chapter 4. 45. C, D. The Route Switch Feature Card (RSFC) is a daughter card used on a supervisor II and III card to provide a fully functioning router IOS. See Chapter 6 for more information on internal and external route processors. Copyright ©2000 SYBEX , Inc., Alameda, CA www.sybex.com Answers to Assessment Test liii 46. A, C, D, E. Proxy ARP, dynamic routing protocols (RIP, for exam- ple), IRDP, and HSRP are used to provide fault tolerance in routed networks. See Chapter 8 for more information on HSRP. 47. C. The set command set password sets the usermode password on a 5000 series switch. See Chapter 2 for more information on configuring the 5000 series of switches. 48. C. Hot Standby Routing Protocol (HSRP) is a Cisco proprietary pro- tocol used for allowing redundant connections. See Chapter 8 for more information on HSRP. 49. B. Only when a VTP update is received with a higher data VTP revi- sion number will a switch update its VTP database. For more information, see Chapter 3. 50. B. Fifty seconds is the default time for changing from blocking to for- warding state. This is to allow enough time for all switches to update their STP database. For more information on STP, see Chapter 4. 51. A, B, D. The router on a stick is the typical and simplest topology for Multi-Layer Switching (MLS). Multiple switches connected to each other can use MLS if only one switch is connected to the router. Multiple routers can be connected to one switch as long as each router only has one link to the switch. See Chapter 7 for more information. 52. C. The RSM commands are the same for any Cisco IOS router, and the show running-config is used to view the current configuration. See Chapter 6 for more information on internal and external route processors. 53. C. The set spantree root command allows you to configure a root bridge. See Chapter 5 for more information. Copyright ©2000 SYBEX , Inc., Alameda, CA www.sybex.com Chapter The Campus Network THE CCNP EXAM TOPICS COVERED IN THIS CHAPTER INCLUDE THE FOLLOWING: Traditional campus internetworks The difference between the 80/20 rule and the 20/80 rule The new campus internetwork model Understanding the details of switching technologies The differences between layer 2 switching, layer 3 switching, routing, layer 4 switching, and multi-layer switching The three layers in the Cisco hierarchical model The different Cisco switch solutions available at the access layer The different Cisco switch solutions available at the distribution layer The different Cisco switch solutions available at the core layer The differences between a switch block and core block 1 Copyright ©2000 SYBEX , Inc., Alameda, CA www.sybex.com campus network is a building or group of buildings that connects to one network, called an enterprise network. Typically, one company owns the entire network, including the wiring between buildings. This local area network (LAN) typically uses Ethernet, Token Ring, Fiber Distributed Data Interface (FDDI), or Asynchronous Transfer Mode (ATM) technologies. The main challenge for network administrators is to make the campus network run efficiently and effectively. To do this, they must understand current campus networks as well as the new emerging campus networks. Therefore, in this chapter, you will learn about current and future requirements of campus internetworks. We’ll explain the limitations of traditional campus networks as well as the benefits of the emerging campus designs. You will learn how to choose from among the new generation of Cisco switches to maximize the performance of your networks. Understanding how to design for the emerging campus networks is not only critical to your success on the Switching exam, it’s also critical for implementing production networks. As part of the instruction in network design, we’ll discuss the specifics of technologies, including how to implement Ethernet and the differences between layer 2, layer 3, and layer 4 switching technologies. In particular, you will learn how to implement FastEthernet, Gigabit Ethernet, Fast EtherChannel, and Multi-Layer Switching (MLS) in the emerging campus designs. This will help you learn how to design, implement, and maintain an efficient and effective internetwork. Finally, you will learn about the Cisco hierarchical model, which is covered in all the Cisco courses. In particular, you will learn which catalyst switches can—and should—be implemented at each layer of the Cisco A Copyright ©2000 SYBEX , Inc., Alameda, CA www.sybex.com Campus Internetworks 3 model. And you will learn how to design networks based on switch and core blocks. This chapter, then, will provide you with a thorough overview of campus network design (past, present, and future) and teach you how, as a network administrator, to choose the most appropriate technology for a particular network’s needs. This will allow you to configure and design your network now, with the future in mind. Campus Internetworks t doesn’t seem that terribly long ago that the mainframe ruled the world and the PC was just used to placate some users. However, in their arrogance, mainframe administrators never really took the PC seriously, and like rock ‘n’ roll naysayers, they said it would never last. Maybe they were right after all—at least in a way. In the last year or two, server farms have replaced distributed servers in the field. In the last 15 years we have seen operators and managers of the mainframe either looking for other work or taking huge pay cuts. Their elitism exacerbated the slap in the face when people with no previous computer experience were suddenly making twice their salary after passing a few key certification exams. Mainframes were not necessarily discarded, they just became huge storage areas for data and databases. The NetWare and NT server took over as a file/print server and soon started running most other programs and applications as well. The last 20 years have witnessed the birth of the LAN and the growth of WANs and the Internet. So where are networks headed in the twenty-first century? Are we still going to see file and print servers at all branch locations? Are all workstations just going to connect to the Internet with ISPs to separate the data, voice, and other multimedia applications? I Copyright ©2000 SYBEX , Inc., Alameda, CA www.sybex.com 4 Chapter 1 The Campus Network Looking Backwards at Traditional Campus Networks n the 1990s, the traditional campus network started as one LAN and grew and grew until segmentation needed to take place just to keep the network up and running. In this era of rapid expansion, response time was secondary to just making sure the network was functioning. And by looking at the technology, you can see why keeping the network running was such a challenge. Typical campus networks ran on 10BaseT or 10Base2 (thinnet). As a result, the network was one large collision domain— not to mention even one large broadcast domain. Despite these limitations, Ethernet was used because it was scalable, effective, and somewhat inexpensive compared to other options. ARCnet was used in some networks, but Ethernet and ARCnet are not compatible, and the networks became two separate entities. ARCnet soon became history. Because a campus network can easily span many buildings, bridges were used to connect the buildings together; this broke up the collision domains, but the network was still one large broadcast domain. More and more users were attached to the hubs used in the network, and soon the performance of the network was considered extremely slow. I Performance Problems and Solutions Availability and performance are the major problems with traditional campus networks. Bandwidth helps compound these problems. The three performance problems in traditional campus networks included collisions, broadcasts and multicasts, and bandwidth. Collisions A campus network typically started as one large collision domain, so all devices could see and also collide with each other. If a host had to broadcast, then all other devices had to listen, even though they themselves were trying to transmit. And if a device were to jabber (malfunction), it could almost bring the entire network down. Because routers didn’t really become cost effective until the late 1980s, bridges were used to break up collision domains, but the network was still Copyright ©2000 SYBEX , Inc., Alameda, CA www.sybex.com Looking Backwards at Traditional Campus Networks 5 one large broadcast domain and the broadcast problems still existed. However, bridges did break up the collision domain, and that was an improvement. Bridges also solved distance-limitation problems because they usually had repeater functions built into the electronics and/or they could break up the physical segment. Bandwidth The bandwidth of a segment is measured by the amount of data that can be transmitted at any given time. Think of bandwidth as a water hose; the amount of water that can go through the hose depends on different elements: Pressure Distance The pressure is the current and the bandwidth is the size of the hose. If you have a hose that is only 1/4 inch in diameter, you won’t get much water through it regardless of the current or the size of the pump on the transmitting end. Another issue is distance. The longer the hose, the more the water pressure drops. You can put a repeater in the middle of the hose and reamplify the pressure of the line, which would help, but you need to understand that all lines (and hoses) have degradation of the signal, which means that the pressure drops off the farther the signal goes down the line. For the remote end to understand digital signaling, the pressure must stay at a minimum value. If it drops below this minimum value, the remote end will not be able to receive the data. In other words, the far end of the hose would just drip water instead of flow. You can’t water your crops with drips of water; you need a constant water flow. The solution to bandwidth issues is maintaining your distance limitations and designing your network with proper segmentation of switches and routers. Congestion on a segment happens when too many devices are trying to use the same bandwidth. By properly segmenting the network, you can eliminate some of the bandwidth issues. You never will have enough bandwidth for your users; you’ll just have to accept that fact. However, you can always make it better. Copyright ©2000 SYBEX , Inc., Alameda, CA www.sybex.com 6 Chapter 1 The Campus Network Broadcasts and Multicasts Remember that all protocols have broadcasts built in as a feature, but some protocols can really cause problems if not configured correctly. Some protocols that, by default, can cause problems if not correctly implemented are Internet Protocol (IP), Address Resolution Protocol (ARP), Network Basic Input Output System (NetBIOS), Internetworking Packet eXchange (IPX), Service Advertising Protocol (SAP), and Routing Information Protocol (RIP). However, remember that there are features built into the Cisco router Internetworking Operating System (IOS) that, if correctly designed and implemented, can alleviate these problems. Packet filtering, queuing, and choosing the correct routing protocols are some examples of how Cisco routers can eliminate some broadcast problems. Multicast traffic can also cause problems if not configured correctly. Multicasts are broadcasts that are destined for a specific or defined group of users. If you have large multicast groups or a bandwidth-intensive application like Cisco’s IPTV application, multicast traffic can consume most of the network bandwidth and resources. To solve broadcast issues, create network segmentation with bridges, routers, and switches. However, understand that you’ll move the bottleneck to the routers, which break up the broadcast domains. Routers process each packet that is transmitted on the network, which can cause the bottleneck if an enormous amount of traffic is generated. Virtual LANs (VLANs) are a solution as well, but VLANs are just broadcast domains with boundaries created by routers. A VLAN is a group of devices on different network segments defined as a broadcast domain by the network administrator. The benefit of VLANs is that physical location is no longer a factor for determining the port into which you would plug a device into the network. You can plug a device into any switch port, and the network administrator gives that port a VLAN assignment. Remember that routers or layer 3 switches must be used for different VLANs to communicate. The 80/20 Rule The traditional campus network placed users and groups in the same physical location. If a new salesperson was hired, they had to sit in the same physical location as the other sales personal and be connected to the Copyright ©2000 SYBEX , Inc., Alameda, CA www.sybex.com Looking Backwards at Traditional Campus Networks 7 same physical network segment in order to share network resources. Any deviation from this caused major headaches for the network administrators. Figure 1.1 shows the traditional 80/20 network. FIGURE 1.1 A traditional 80/20 network 172.16.20.0 172.16.30.0 172.16.10.0 E1 E0 S0 S0 E1 E0 E2 E2 172.16.50.1 172.16.40.0 The rule that needed to be followed in this type of network was called the 80/20 rule because 80 percent of the users’ traffic was supposed to remain on the local network segment and only 20 percent or less was supposed to cross the routers or bridges to the other network segments. If more than 20 percent of the traffic crossed the network segmentation devices, performance issues arose. Because network administrators are responsible for the network design and implementation, network performance was improved in the 80/20 network by making sure all of the network resources for the users were contained within their own network segment. The resources include network servers, printers, shared directories, software programs, and applications. Copyright ©2000 SYBEX , Inc., Alameda, CA www.sybex.com 8 Chapter 1 The Campus Network The New 20/80 Rule With new Web-based applications and computing, any PC can be a subscriber or publisher at any time. Also, because businesses are pulling servers from remote locations and creating server farms (sounds like a mainframe, doesn’t it?) to centralize network services for security, reduced cost, and administration, the old 80/20 rule is obsolete and could not possibly work in this environment. All traffic must now traverse the campus backbone, which means we now have a 20/80 rule in effect. Twenty percent of what the user performs on the network is local, whereas up to 80 percent crosses the network segmentation points to get to network services. Figure 1.2 shows the new 20/80 rule network. FIGURE 1.2 A 20/80 network VLAN1 VLAN2 E0 E1 S0 S0 E1 E0 E2 E2 VLAN3 VLAN5 VLAN4 The problem with the 20/80 rule is not the network wiring and topology as much as it is the routers themselves. They must be able to handle an enormous amount of packets quickly and efficiently at wire speed. This is probably where we should be talking about how great Cisco routers are and how Copyright ©2000 SYBEX , Inc., Alameda, CA www.sybex.com Looking Backwards at Traditional Campus Networks 9 our networks would be nothing without them. We’ll get to that later in this chapter—trust me. Virtual LANs With this new 20/80 rule, more and more users need to cross broadcast domains (VLANs), and this puts the burden on routing, or layer 3 switching. By using VLANs within the new campus model, you can control traffic patterns and control user access easier than in the traditional campus network. Virtual LANs break up broadcast domains by using either a router or switch that can perform layer 3 functions. Figure 1.3 shows how VLANs are created and might look in an internetwork. FIGURE 1.3 VLANs break up broadcast domains in a switched internetwork. VLAN1 VLAN3 E0 E1 VLAN2 VLAN4 Chapter 3 includes detailed information about VLANs and how to configure them in an internetwork. It is imperative that you understand VLANs because the traditional way of building the campus network is being redesigned and VLANs are a large factor in building the new campus model. Copyright ©2000 SYBEX , Inc., Alameda, CA www.sybex.com 10 Chapter 1 The Campus Network The New Campus Model The changes in customer network requirements—in combination with the problems with collision, bandwidth, and broadcasts—have necessitated a new network campus design. Higher user demands and complex applications force the network designers to think more about traffic patterns instead of solving a typical isolated department issue. We can no longer just think about creating subnets and putting different departments into each subnet. We need to create a network that makes everyone capable of reaching all network services easily. Server farms, where all enterprise servers are located in one physical location, really take a toll on the existing network infrastructure and make the way we used to design networks obsolete. We must pay attention to traffic patterns and how to solve bandwidth issues. This can be accomplished with higher-end routing and switching techniques. Because of the new bandwidth-intensive applications, video and audio to the desktop, as well as more and more work being performed on the Internet, the new campus model must be able to perform the following: Fast Convergence When a network change takes place, the network must be able to adapt very quickly to new changes and keep data moving quickly. Deterministic paths Users must be able to gain access to a certain area of the network without fail. Deterministic failover The network design must have provisions that make sure the network stays up and running even if a link fails. Scalable size and throughput As users and new devices are added to the network, the network infrastructure must be able to handle the new increase in traffic. Centralized applications Enterprise applications accessed by all users must be available to support all users on the internetwork. The new 20/80 rule Instead of 80 percent of the users’ traffic staying on the local network, 80 percent of the traffic will now cross the backbone and only 20 percent will stay on the local network. Copyright ©2000 SYBEX , Inc., Alameda, CA www.sybex.com The New Campus Model 11 Multiprotocol support Campus networks must support multiple protocols, both routed and routing protocols. Routed protocols are used to send user data through the internetwork (for example, IP or IPX). Routing protocols are used to send network updates between routers, which will in turn update their routing tables. Examples of routing protocols include RIP, Enhanced Interior Gateway Routing Protocol (EIGRP), and Open Shortest Path First (OSPF). Multicasting Multicasting is sending a broadcast to a defined subnet or group of users. Users can be placed in multicast groups, for example, for videoconferencing. Network Services The new campus model provides remote services quickly and easily to all users. The users have no idea where the resources are located in the internetwork, nor should they. There are three types of network services, which are created and defined by the administrator and should appear to the users as local services: Local services Remote services Enterprise services Local Services Local services are network services that are located on the same subnet or network as the users accessing them. Users do not cross layer 3 devices and the network services are in the same broadcast domain as the users. This type of traffic never crosses the backbone. Remote Services Remote services are close to users but not on the same network or subnet as the users. The users would have to cross a layer 3 device to communicate with the network services. However, they might not have to cross the backbone. Copyright ©2000 SYBEX , Inc., Alameda, CA www.sybex.com 12 Chapter 1 The Campus Network Enterprise Services Enterprise services are defined as services that are provided to all users on the internetwork. Layer 3 switches or routers are required in this scenario because an enterprise service must be close to the core and would probably be based in its own subnet. Examples of these services include Internet access, e-mail, and possibly videoconferencing. When servers that host enterprise services are placed close to the backbone, all users would be the same distance from the servers, but all user data would have to cross the backbone to get to the services. Switching Technologies witching technologies are crucial to the new network design. Because the prices on layer 2 switching have been dropping dramatically, it is easier to justify the cost of buying switches for your entire network. This doesn’t mean that every business can afford switch ports for all users, but it does allow for a cost-effective upgrade solution when the time comes. To understand switching technologies and how routers and switches work together, you must understand the Open Systems Interconnection (OSI) model. This section will give you a general overview of the OSI model and the devices that are specified at each layer. S For more detailed information about the OSI model, please see CCNA: Cisco Certified Network Associate Study Guide, by Todd Lammle (Sybex, 2000). You’ll need a basic understanding of the OSI model to fully understand discussions in which it is included throughout the rest of the book. Open Systems Interconnection (OSI) Model As you probably already know, the OSI model has seven layers, each of which specifies functions that allow data to be transmitted from host to host on an internetwork. Figure 1.4 shows the OSI model and the functions of each layer. Copyright ©2000 SYBEX , Inc., Alameda, CA www.sybex.com Switching Technologies 13 FIGURE 1.4 The OSI model and the layer functions The OSI model is the cornerstone for application developers to write and create networked applications that run on an internetwork. What is important to network engineers and technicians is the encapsulation of data as it is transmitted on a network. Data Encapsulation Data encapsulation is the process by which the information in a protocol is wrapped, or contained, in the data section of another protocol. In the OSI reference model, each layer encapsulates the layer immediately above it as the data flows down the protocol stack. The logical communication that happens at each layer of the OSI reference model doesn’t involve many physical connections because the information each protocol needs to send is encapsulated in the layer of protocol information beneath it. This encapsulation produces a set of data called a packet (see Figure 1.5). Copyright ©2000 SYBEX , Inc., Alameda, CA www.sybex.com 14 Chapter 1 The Campus Network FIGURE 1.5 Data encapsulation at each layer of the OSI reference model Application Presentation Upper layer data TCP header IP header LLC header MAC header Upper layer data Data Data Data FCS FCS Physical Bits Session Transport Segment PDU Network Packet Data Link Frame 0101110101001000010 Looking at Figure 1.5, you can follow the data down through the model as it’s encapsulated at each layer of the OSI reference model. Cisco courses typically focus only on layers 2–4. Each layer communicates only with its peer layer on the receiving host, and they exchange Protocol Data Units (PDUs). The PDUs are attached to the data at each layer as it traverses down the model and is read only by its peer on the receiving side. Each layer has a specific name for the PDU, as shown in Table 1.1. TABLE 1.1 OSI Encapsulation OSI Layer Transport Network Data Link Physical Name of Protocol Data Units (PDUs) Segment Packet Frames Bits Copyright ©2000 SYBEX , Inc., Alameda, CA www.sybex.com Switching Technologies 15 Starting at the Application layer, data is converted for transmission on the network, then encapsulated in Presentation layer information. When the Presentation layer receives this information, it looks like generic data. The Presentation layer hands the data to the Session layer, which is responsible for synchronizing the session with the destination host. The Session layer then passes this data to the Transport layer, which transports the data from the source host to the destination host in a reliable fashion. But before this happens, the Network layer adds routing information to the packet. It then passes the packet on to the Data Link layer for framing and for connection to the Physical layer. The Physical layer sends the data as 1s and 0s to the destination host across fiber or copper wiring. Finally, when the destination host receives the 1s and 0s, the data passes back up through the model, one layer at a time. The data is de-encapsulated at each of the OSI model’s peer layers. At a transmitting device, the data encapsulation method is as follows: 1. User information is converted to data for transmission on the network. 2. Data is converted to segments at the Transport layer, and a reliable session is possibly set up. 3. Segments are converted to packets or datagrams at the Network layer, and routing information is added to the PDU. 4. Packets or datagrams are converted to frames at the Data Link layer, and hardware addresses are used to communicate with local hosts on the network medium. 5. Frames are converted to bits, and 1s and 0s are encoded within the dig- ital signal. Now that you have a sense of the OSI model and how routers and switches work together, it is time to turn our attention to the specifics of each layer of switching technology. Layer 2 Switching Layer 2 switching is hardware based, which means it uses the Media Access Control (MAC) address from the host’s network interface cards (NICs) to filter the network. Switches use Application-Specific Integrated Circuits Copyright ©2000 SYBEX , Inc., Alameda, CA www.sybex.com 16 Chapter 1 The Campus Network (ASICs) to build and maintain filter tables. It is OK to think of a layer 2 switch as a multiport bridge. Layer 2 switching provides the following: Hardware-based bridging (MAC) Wire speed High speed Low latency Low cost Layer 2 switching is so efficient because there is no modification to the data packet, only to the frame encapsulation of the packet, and only when the data packet is passing through dissimilar media (such as from Ethernet to FDDI). Use layer 2 switching for workgroup connectivity and network segmentation (breaking up collision domains). This allows you to create a flatter network design and one with more network segments than traditional 10BaseT shared networks. Layer 2 switching has helped develop new components in the network infrastructure: Server farms Servers are no longer distributed to physical locations because virtual LANs can be created to create broadcast domains in a switched internetwork. This means that all servers can be placed in a central location, yet a certain server can still be part of a workgroup in a remote branch, for example. Intranets Allows organization-wide client/server communications based on a Web technology. These new technologies are allowing more data to flow off of local subnets and onto a routed network, where a router’s performance can become the bottleneck. Limitations of Layer 2 Switching Layer 2 switches have the same limitations as bridge networks. Remember that bridges are good if you design the network by the 80/20 rule: users spend 80 percent of their time on their local segment. Copyright ©2000 SYBEX , Inc., Alameda, CA www.sybex.com Switching Technologies 17 Bridged networks break up collision domains, but the network is still one large broadcast domain. Similarly, layer 2 switches (bridges) cannot break up broadcast domains, which can cause performance issues and limits the size of your network. Broadcast and multicasts, along with the slow convergence of spanning tree, can cause major problems as the network grows. Because of these problems, layer 2 switches cannot completely replace routers in the internetwork. Routing We want to explain how routing works and how routers work in an internetwork before discussing layer 3 switching in the next section. Routers and layer 3 switches are similar in concept but not design. In this section, we’ll discuss routers and what they provide in an internetwork today. Routers break up collision domains like bridges do. In addition, routers also break up broadcast/multicast domains. The benefits of routing include: Break up of broadcast domains Multicast control Optimal path determination Traffic management Logical (layer 3) addressing Security Routers provide optimal path determination because the router examines each and every packet that enters an interface and improves network segmentation by forwarding data packets to only a known destination network. Routers are not interested in hosts, only networks. If a router does not know about a remote network to which a packet is destined, it will just drop the packet and not forward it. Because of this packet examination, traffic management is obtained. The Network layer of the OSI model defines a virtual—or logical—network address. Hosts and routers use these addresses to send information from host to host within an internetwork. Every network interface must have a logical address, typically an IP address. Security can be obtained by a router reading the packet header information and reading filters defined by the network administrator (access lists). Copyright ©2000 SYBEX , Inc., Alameda, CA www.sybex.com 18 Chapter 1 The Campus Network Layer 3 Switching The only difference between a layer 3 switch and a router is the way the administrator creates the physical implementation. Also, traditional routers use microprocessors to make forwarding decisions, and the switch performs only hardware-based packet switching. However, some traditional routers can have other hardware functions as well in some of the higher-end models. Layer 3 switches can be placed anywhere in the network because they handle high-performance LAN traffic and can cost-effectively replace routers. Layer 3 switching is all hardware-based packet forwarding, and all packet forwarding is handled by hardware ASICs. Layer 3 switches really are no different functionally than a traditional router and perform the same functions, which are listed here: Determine paths based on logical addressing Run layer 3 checksums (on header only) Use Time to Live (TTL) Process and responds to any option information Can update Simple Network Management Protocol (SNMP) managers with Management Information Base (MIB) information Provide Security The benefits of layer 3 switching include the following: Hardware-based packet forwarding High-performance packet switching High-speed scalability Low latency Lower per-port cost Flow accounting Security Quality of service (QoS) Copyright ©2000 SYBEX , Inc., Alameda, CA www.sybex.com Switching Technologies 19 The Cisco 12000 Gigabit Switch router (GSR) performs (layer 3 switching) by using a crossbar switch matrix, but all in the Catalyst family of switches use ASIC switching. Layer 4 Switching Layer 4 switching is considered a hardware-based layer 3 switching technology that can also consider the application used (for example, Telnet or FTP). Layer 4 switching provides additional routing above layer 3 by using the port numbers found in the Transport layer header to make routing decisions. These port numbers are found in Request for Comments (RFC) 1700 and reference the upper-layer protocol, program, or application. Layer 4 information has been used to help make routing decisions for quite a while. For example, extended access lists can filter packets based on layer 4 port numbers. Another example is accounting information gathered by NetFlow switching in Cisco’s higher-end routers. The largest benefit of layer 4 switching is that the network administrator can configure a layer 4 switch to prioritize data traffic by application, which means a QoS can be defined for each user. For example, a number of users can be defined as a Video group and be assigned more priority, or bandwidth, based on the need for videoconferencing. However, because users can be part of many groups and run many applications, the layer 4 switches must be able to provide a huge filter table or response time would suffer. This filter table must be much larger than any layer 2 or 3 switch. A layer 2 switch might have a filter table only as large as the number of users connected to the network, maybe even less if some hubs are used within the switched fabric. However, a layer 4 switch might have five or six entries for each and every device connected to the network! If the layer 4 switch does not have a filter table that includes all the information, the switch will not be able to produce wire-speed results. Multi-Layer Switching (MLS) Multi-layer switching combines layer 2, 3, and 4 switching technologies and provides high-speed scalability with low latency. It accomplishes this high Copyright ©2000 SYBEX , Inc., Alameda, CA www.sybex.com 20 Chapter 1 The Campus Network combination of high-speed scalability with low latency by using huge filter tables based on the criteria designed by the network administrator. Multi-layer switching can move traffic at wire speed and also provide layer 3 routing, which can remove the bottleneck from the network routers. This technology is based on the idea of route once, switch many. Multi-layer switching can make routing/switching decisions based on the following: MAC source/destination address in a Data Link frame IP source/destination address in the Network layer header Protocol filed in the Network layer header Port source/destination numbers in the Transport layer header There is no performance difference between a layer 3 and a layer 4 switch because the routing/switching is all hardware based. MLS will be discussed in more detail in Chapter 8. It is important that you have an understanding of the different OSI layers and what they provide before continuing on to the Cisco three-layer hierarchical model. The Cisco Hierarchical Model ost of us learned about hierarchy early in life. Anyone with older siblings learned what it was like to be at the bottom of the hierarchy! Regardless of where you were first exposed to hierarchy, most of us experience it in many aspects of our lives. Hierarchy helps us to understand where things belong, how things fit together, and what functions go where. It brings order and understandability to otherwise complex models. If you want a pay raise, hierarchy dictates that you ask your boss, not your subordinate. That is the person whose role it is to grant (or deny) your request. Hierarchy has many of the same benefits in network design that it has in other areas. When used properly in network design, it makes networks more predictable. It helps us to define and expect at which levels of the hierarchy M Copyright ©2000 SYBEX , Inc., Alameda, CA www.sybex.com The Cisco Hierarchical Model 21 we should perform certain functions. You would ask your boss, not your subordinate, for a raise because of their positions in the business hierarchy. The hierarchy requires that you ask someone at a higher level than yours. Likewise, you can use tools like access lists at certain levels in hierarchical networks and you must avoid them at others. Let’s face it, large networks can be extremely complicated, with multiple protocols, detailed configurations, and diverse technologies. Hierarchy helps us to summarize a complex collection of details into an understandable model. Then, as specific configurations are needed, the model dictates the appropriate manner for them to be applied. Three-Layer Hierarchical Model The Cisco hierarchical model is used to help you design a scalable, reliable, cost-effective hierarchical internetwork. Cisco defines three layers of hierarchy, as shown in Figure 1.6, each with specific functionality. FIGURE 1.6 The Cisco hierarchical model Core layer Distribution layer Access layer The three layers are as follows: Core Distribution Access Copyright ©2000 SYBEX , Inc., Alameda, CA www.sybex.com 22 Chapter 1 The Campus Network Each layer has specific responsibilities. Remember, however, that the three layers are logical and not necessarily physical. Three layers do not necessarily mean three separate devices. Consider the OSI model, another logical hierarchy. The seven layers describe functions but not necessarily protocols, right? Sometimes a protocol maps to more than one layer of the OSI model, and sometimes multiple protocols communicate within a single layer. In the same way, when you build physical implementations of hierarchical networks, you may have many devices in a single layer, or you might have a single device performing functions at two layers. The definition of the layers is logical, not physical. Before we examine these layers and their functions, consider a common hierarchical design as shown in Figure 1.7. The phrase “keep local traffic local” has almost become a cliché in the networking world. However, the underlying concept has merit. Hierarchical design lends itself perfectly to fulfilling this concept. Now, let’s take a closer look at each of the layers. FIGURE 1.7 A hierarchical network design Core layer FDDI Ring Distribution layer Access layer Workgroups Users’ machines Users’ machines Users’ machines Copyright ©2000 SYBEX , Inc., Alameda, CA www.sybex.com The Cisco Hierarchical Model 23 Core Layer The core layer is literally the core of the network. At the top of the hierarchy, the core layer is responsible for transporting large amounts of traffic both reliably and quickly. The only purpose of the core layer of the network is to switch traffic as quickly as possible. The traffic transported across the core is common to a majority of users. However, remember that user data is processed at the distribution layer, and the distribution layer forwards the requests to the core, if needed. If there is a failure in the core, every single user can be affected. Therefore, fault tolerance at this layer is an issue. The core is likely to see large volumes of traffic, so speed and latency are driving concerns here. Given the function of the core, we can now look at some design specifics to consider. Let’s start with some things you know you don’t want to do: Don’t do anything to slow down traffic. This includes using access lists, routing between virtual local area networks (VLANs), and packet filtering. Don’t support workgroup access here. Avoid expanding the core when the internetwork grows (i.e., adding routers). If performance becomes an issue in the core, give preference to upgrades over expansion. Now, there are a few things that you want to make sure to get done as you design the core: Design the core for high reliability. Consider data-link technologies that facilitate both speed and redundancy, such as FDDI, FastEthernet (with redundant links), or even ATM. Design with speed in mind. The core should have very little latency. Select routing protocols with lower convergence times. Fast and redundant data-link connectivity is no help if your routing tables are shot! Distribution Layer The distribution layer is sometimes referred to as the workgroup layer and is the communication point between the access layer and the core. The primary function of the distribution layer is to provide routing, filtering, and Copyright ©2000 SYBEX , Inc., Alameda, CA www.sybex.com 24 Chapter 1 The Campus Network WAN access and to determine how packets can access the core, if needed. The distribution layer must determine the fastest way that user requests are serviced (for example, how a file request is forwarded to a server). After the distribution layer determines the best path, it forwards the request to the core layer. The core layer is then responsible for quickly transporting the request to the correct service. The distribution layer is the place to implement policies for the network. Here, you can exercise considerable flexibility in defining network operation. There are several items that generally should be done at the distribution layer: Implement tools such as access lists, packet filtering, and queuing. Implement security and network policies, including address translation and firewalls. Redistribute between routing protocols, including static routing. Route between VLANs and other workgroup support functions. Define broadcast and multicast domains. Things to avoid at the distribution layer are limited to those functions that exclusively belong to one of the other layers. Access Layer The access layer controls user and workgroup access to internetwork resources. The access layer is sometimes referred to as the desktop layer. The network resources that most users need will be available locally. Any traffic for remote services is handled by the distribution layer. The following functions should be included at this layer: Continued (from distribution layer) access control and policies. Creation of separate collision domains (segmentation). Workgroup connectivity to the distribution layer. Technologies such as dial-on-demand routing (DDR) and Ethernet switching are frequently seen here in the access layer. Static routing (instead of dynamic routing protocols) is seen here as well. Copyright ©2000 SYBEX , Inc., Alameda, CA www.sybex.com Cisco Catalyst Products 25 As already noted, three separate levels do not have to imply three separate routers. It could be fewer, or it could be more. Remember that this is a layered approach. Cisco Catalyst Products nderstanding the campus size and traffic is an important factor in network design. A large campus is defined as several or many colocated buildings, and a medium campus is one or more colocated buildings. Small campus networks have only one building. By understanding your campus size, you can choose Cisco products that will fit your business needs and grow with your company. Cisco switches are produced to fit neatly within its three-layer model. This helps you decide which equipment to use for your network efficiently and quickly. U Access Layer Switches The access layer, as you already know, is where users gain access to the internetwork. The switches deployed at this layer must be able to handle connecting individual desktop devices to the internetwork. The Cisco solutions at the access layer include the following: 1900/2800 Provide switched 10Mbps to the desktop or to 10BaseT hubs in small to medium campus networks. 2900 Provides 10/100Mbps switched access for up to 50 users and gigabit speeds for servers and uplinks. 4000 Provides a 10/100/1000Mbps advanced high-performance enterprise solution for up to 96 users and up to 36 Gigabit Ethernet ports for servers. 5000/5500 Used in large campuses to provide access for more than 250 users. The Catalyst 5000 series supports 10/100/1000Mbps Ethernet switching. Copyright ©2000 SYBEX , Inc., Alameda, CA www.sybex.com 26 Chapter 1 The Campus Network Distribution Layer Switches As discussed earlier, the primary function of the distribution layer is to provide routing, filtering, and WAN access and to determine how packets can access the core, if needed. Distribution layer switches are the aggregation point for multiple access switches and must be capable of handling large amounts of traffic from these access layer devices. The distribution layer switches must also be able to participate in multi-layer switching (MLS) and be able to handle a route processor. The Cisco switches that provide these functions are as follows: 2926G A robust switch that uses an external router processor like a 4000 or 7000 series router. 5000/5500 The most effective distribution layer switch, it can support a large amount of connections and also an internal route processor module called a Route Switch Module (RSM). It can switch process up to 176KBps. 6000 The Catalyst 6000 can provide up to 384 10/100 Ethernet connections, 192 100FX FastEthernet connections, and 130 Gigabit Ethernet ports. Core Layer Switches The core layer must be efficient and do nothing to slow down packets as they traverse the backbone. The following switches are recommended for use in the core: 5000/5500 The 5000 is a great distribution layer switch, and the 5500 is a great core layer switch. The Catalyst 5000 series of switches includes the 5000, 5002, 5500, 5505, and 5509. All of the 5000 series switches use the same cards and modules, which makes them cost effective and provides protection for your investment. 6500 The Catalyst 6500 series switches are designed to address the need for gigabit port density, high availability, and multi-layer switching for the core layer backbone and server-aggregation environments. These switches use the Cisco IOS to utilize the high speeds of the ASICs, which allows the delivery of wire-speed traffic management services end to end. Copyright ©2000 SYBEX , Inc., Alameda, CA www.sybex.com The Building Block 27 8500 The Cisco Catalyst 8500 is a core layer switch that provides highperformance switching. The Catalyst 8500 uses Application-Specific Integrated Circuits (ASICs) to provide multiple-layer protocol support including Internet Protocol (IP), IP multicast, bridging, Asynchronous Transfer Mode (ATM) switching, and CiscoAssure policy-enabled Quality of Service (QoS). All of these switches provide wire-speed multicast forwarding, routing, and Protocol Independent Multicast (PIM) for scalable multicast routing. These switches are perfect for providing the high bandwidth and performance needed for a core router. The 6500 and 8500 switches can aggregate multiprotocol traffic from multiple remote wiring closets and workgroup switches. The Building Block emember the saying “Everything I need to know I learned in kindergarten”? Well, it appears to be true. Cisco has determined that if you follow the hierarchical model they have designed, it promotes a building block approach to network design. If you did well with building blocks in your younger years, you can just apply that same technique to building large, multimillion-dollar networks. Kind of makes you glad it’s someone else’s money you’re playing with, doesn’t it? In all seriousness, Cisco has determined some fundamental campus elements that help you build network building blocks: Switch blocks Access layer switches connected to the distribution layer devices Core blocks Support of multiple switch blocks connected together with possibly 5500, 6500, or 8500 switches. Within these fundamental elements, there are three contributing variables: Server blocks Groups of network servers on a single subnet WAN blocks Multiple connections to an ISP or multiple ISPs Mainframe blocks Centralized services to which the enterprise network is responsible for providing complete access By understanding how these work, you can build large, expensive networks with confidence (using someone else’s money). Copyright ©2000 SYBEX , Inc., Alameda, CA R www.sybex.com 28 Chapter 1 The Campus Network Switch Block The switch block is a combination of layer 2 switches and layer 3 routers. The layer 2 switches connect users in the wiring closet into the access layer and provide 10 or 100Mbps dedicated connections; 1900/2820 and 2900 Catalyst switches can be used in the switch block. From here, the access layer switches will connect into one or more distribution layer switches, which will be the central connection point for all switches coming from the wiring closets. The distribution layer device is either a switch with an external router or a multi-layer switch. The distribution layer switch will then provide layer 3 routing functions, if needed. The distribution layer router will prevent broadcast storms that could happen on an access layer switch from propagating throughout the entire internetwork. The broadcast storm would be isolated to only the access layer switch in which the problem exists. Switch Block Size To understand how large a switch block can be, you must understand the traffic types and the size and number of workgroups that will be using them. The number of switches that can collapse from the access layer to the distribution layer depend on the following: Traffic patterns Routers at the distribution layer Number of users connected to the access layer switches Distance VLANs must traverse the network Spanning tree domain size If routers at the distribution layer become the bottleneck in the network (which means the CPU processing is too intensive), the switch block has grown too large. Also, if too many broadcasts or multicast traffic slow down the switches and routers, your switch blocks have grown too large. A large number of users does not determine whether the switch block is too large, the amount of traffic going across the network does. Copyright ©2000 SYBEX , Inc., Alameda, CA www.sybex.com The Building Block 29 Core Block If you have two or more switch blocks, the Cisco rule of thumb states that you need a core block. No routing is performed at the core, only transferring of data. It is a pass-through for the switch block, the server block, and the Internet. Figure 1.8 shows a possible core block. FIGURE 1.8 The core block Switch block A Switch block B Core Core The core is responsible for transferring data to and from the switch blocks as quickly as possible. You can build a fast core with a frame, packet, or cell (ATM) network technology. The Switching exam is based on an Ethernet core network. Typically, you would only have one subnet configured on the core network. However, for redundancy and load balancing, you could have two or more subnets configured. Switches can trunk on a certain port or ports. This means that a port on a switch can be a member of more than one VLAN at the same time. However, the distribution layer will handle the routing and trunking for VLANs, Copyright ©2000 SYBEX , Inc., Alameda, CA www.sybex.com 30 Chapter 1 The Campus Network and the core is only a pass-through once the routing has been performed. Because of this, core links will not carry multiple subnets per link, the distribution layer will. A Cisco 6500 or 8500 switch is recommended at the core, and even though only one of those switches might be sufficient to handle the traffic, Cisco recommends two switches for redundancy and load balancing. You could consider a 5500 Catalyst switch if you don’t need the power of the 6500 or the 8500. Collapsed Core A collapsed core is defined as one switch performing both core and distribution layer functions. The collapsed core is typically found in a small network; however, the functions of the core and distribution layer are still distinct. Redundant links between the distribution layer and the access layer switches and between each access layer switch may support more than one VLAN. The distribution layer routing is the termination for all ports. Figure 1.9 shows a collapsed core network design. FIGURE 1.9 Collapsed core Switch block A Switch block B Core connectivity Core connectivity In a collapsed core network, Spanning Tree Protocol (STP) blocks the redundant links to prevent loops. Hot Standby Routing Protocol (HSRP) can Copyright ©2000 SYBEX , Inc., Alameda, CA www.sybex.com The Building Block 31 provide redundancy in the distribution layer routing. It can keep core connectivity if the primary routing process fails. HSRP is covered in Chapter 8. Dual Core If you have more than two switch blocks and need redundant connections between the core and distribution layer, you need to create a dual core. Figure 1.10 shows a possible dual core configuration. Each connection would be a separate subnet. FIGURE 1.10 Dual core configuration Switch block A Switch block B Core block In Figure 1.10, you can see that each switch block is redundantly connected to each of the two core blocks. The distribution layer routers already have links to each subnet in the routing tables, provided by the layer 3 routing protocols. If a failure on a core switch takes place, convergence time will not be an issue. HSRP can be used to provide quick cutover between the Copyright ©2000 SYBEX , Inc., Alameda, CA www.sybex.com 32 Chapter 1 The Campus Network cores. Notice that there is no redundancy between the two core networks, so STP will not be used on the core. Core Size Routing protocols are the main factor in determining the size of your core. This is because routers, or any layer 3 device, isolate the core. Routers send updates to other routers, and as the network grows, so do these updates, so it takes longer to converge, or have all the routers update. Because at least one of the routers will connect to the Internet, it’s possible that there will be more updates throughout the internetwork. The routing protocol dictates the size of the distribution layer devices that can communicate to the core. Table 1.2 shows a few of the more popular routing protocols and the number of blocks each routing protocol supports. Remember that this includes all blocks, including server, mainframe, and WAN. TABLE 1.2 Blocks Supported by Routing Protocol Max Number of Supported Blocks 25 25 15 Routing Protocol OSPF EIGRP RIP Max Number of Peers 50 50 30 Number of Subnet Links to the Core 2 2 2 Scaling Layer 2 Backbones Typically, layer 2 switches are in the remote closets and represent the access layer, the layer where users gain access to the internetwork. Ethernet switched networks scale well in this environment, where the layer 2 switches then connect into a larger, more robust layer 3 switch representing the distribution layer. The layer 3 device is then connected into a layer 2 device representing the core. Because routing is not necessarily recommended in a classic design model at the core, the model then looks like Table 1.3. Copyright ©2000 SYBEX , Inc., Alameda, CA www.sybex.com The Building Block 33 TABLE 1.3 Classic Design Model Access Layer 2 switch Distribution Layer 3 switch Core Layer 2 switch Spanning Tree Protocol (STP) Chapters 4 and 5 details the Spanning Tree Protocol (STP), but some discussion is necessary here. STP is used by layer 2 bridges to stop network loops in networks that have more than one physical link to the same network. There is a limit to the number of links in a layer 2 switched backbone that needs to be taken into account. As you increase the number of core switches, the problem becomes that the number of links to distribution links must increase also, for redundancy reasons. If the core is running the Spanning Tree Protocol, then it can compromise the high-performance connectivity between switch blocks. The best design on the core is to have two switches without STP running. You can do this only by having a core without links between the core switches. This is demonstrated in Figure 1.11. FIGURE 1.11 Layer 2 backbone scaling without STP Figure 1.11 shows redundancy between the core and distribution layer without spanning tree loops. This is accomplished by not having the two Copyright ©2000 SYBEX , Inc., Alameda, CA www.sybex.com 34 Chapter 1 The Campus Network core switches linked together. However, each distribution layer 3 switch has a connection to each core switch. This means that each layer 3 switch has two equal-cost paths to every other router in the campus network. Scaling Layer 3 Backbones As discussed in “Scaling Layer 2 Backbones,” you’ll typically find layer 2 switches connecting to layer 3 switches, which connect to the core with the layer 2 switches. However, it is possible that some networks might have layer 2/layer 3/layer 3 designs (layer 2 connecting to layer 3 connecting to layer 3). But this is not cheap, even if you’re using someone else’s money. There is always some type of network budget, and you need to have good reason to spend the type of money needed to build layer 3 switches into the core. There are three reasons you would implement layer 3 switches into the core: Fast convergence Automatic load balancing Eliminate peering problems Fast Convergence If you have only layer 2 devices at the core layer, the STP will be used to stop network loops if there is more than one connection between core devices. The STP has a convergence time of over 50 seconds, and if the network is large, this can cause an enormous amount of problems if it has just one link failure. STP is not implemented in the core if you have layer 3 devices. Routing protocols, which have a much faster convergence time than STP, are used to maintain the network. Automatic Load Balancing If you provide layer 3 devices in the core, the routing protocols can load balance with multiple equal-cost links. This is not possible with layer 3 devices only at the distribution layer because you would have to selectively choose the root for utilizing more than one path. Copyright ©2000 SYBEX , Inc., Alameda, CA www.sybex.com Summary 35 Eliminate Peering Problems Because routing is typically performed in the distribution layer devices, each distribution layer device must have reachability information about each of the other distribution layer devices. These layer 3 devices use routing protocols to maintain the state and reachability information about neighbor routers. This means that each distribution device becomes a peer with every other distribution layer device, and scalability becomes an issue because every device has to keep information for every other device. If your layer 3 devices are located in the core, you can create a hierarchy, and the distribution layer devices will no longer be peer to each other’s distribution device. This is typical in an environment in which there are more than 100 switch blocks. Summary n this chapter, you learned about switches and the different models available from Cisco. It is imperative that you understand the different models and what they are used for in the Cisco hierarchical design. The past and future requirements of campus internetworks are an important part of you