larger cover

Add To My Wish List

Register your product to gain access to bonus material or receive a coupon.

Implementing Cisco IP Switched Networks (SWITCH) Foundation Learning Guide: (CCNP SWITCH 300-115)

eBook

  • Your Price: $57.59
  • List Price: $71.99
  • Includes EPUB and PDF
  • About eBook Formats
  • This eBook includes the following formats, accessible from your Account page after purchase:

    ePub EPUB The open industry format known for its reflowable content and usability on supported mobile devices.

    Adobe Reader PDF The popular standard, used most often with the free Acrobat® Reader® software.

    This eBook requires no passwords or activation to read. We customize your eBook by discreetly watermarking it with your name, making it uniquely yours.

  • Description
  • Sample Content
  • Updates
  • Copyright 2015
  • Dimensions: 7-3/8" x 9-1/8"
  • Pages: 512
  • Edition: 1st
  • eBook
  • ISBN-10: 0-13-396411-6
  • ISBN-13: 978-0-13-396411-0

Now fully updated for the new Cisco SWITCH 300-115 exam, Implementing Cisco IP Switched Networks (SWITCH) Foundation Learning Guide is your Cisco® authorized learning tool for CCNP® or CCDP® preparation. Part of the Cisco Press Foundation Learning Series, it teaches you how to plan, configure, verify, secure, and maintain complex enterprise switching solutions using Cisco Catalyst® switches and Enterprise Campus Architecture.

The authors show you how to build scalable multilayer switched networks, create and deploy global intranets, and perform basic troubleshooting in environments using Cisco multilayer switches for client hosts and services. They begin by reviewing basic switching concepts, network design, and campus network architecture. Next, they present in-depth coverage of spanning-tree, inter-VLAN routing, first-hop redundancy, network management, advanced switch features, high availability, and campus network security.

Each chapter opens with a list of topics that clearly identify its focus. Each chapter ends with a summary of key concepts for quick study, as well as review questions to assess and reinforce your understanding. Throughout, configuration examples, and sample verification outputs illustrate critical issues in network operation and troubleshooting.

This guide is ideal for all certification candidates who want to master all the topics covered on the SWITCH 300-115 exam.

  • Serves as the official textbook for version 7 of the Cisco Networking Academy CCNP SWITCH course
  • Covers basic switching terminology and concepts, and the unique features of Cisco Catalyst switch designs
  • Reviews campus network design, including network structure, roles of Cisco Catalyst switches, and differences between Layer 2 and multilayer switches
  • Introduces VLANs, VTP, Trunking, and port-channeling
  • Explains Spanning Tree Protocol configuration
  • Presents concepts and modern best practices for interVLAN routing
  • Covers first-hop redundancy protocols used by Cisco Catalyst switches
  • Outlines a holistic approach to network management and Cisco Catalyst device security with AAA, NTP, 802.1x, and SNMP
  • Describes how to use advanced features to improve campus network resiliency and availability
  • Shows how to establish switch physical redundancy using Stackwise, VSS, or redundant supervisors
  • Explains advanced security features

Table of Contents

                Introduction xx

Chapter 1 Fundamentals Review 1

                Switching Introduction 2

                                Hubs and Switches 2

                                Bridges and Switches 2

                                Switches of Today 3

                                Broadcast Domains 3

                                MAC Addresses 4

                                The Basic Ethernet Frame Format 4

                                Basic Switching Function 5

                                VLANs 6

                                The Spanning Tree Protocol 6

                                Trunking 7

                                Port Channels 7

                                Multilayer Switching 8

                Summary 8

Chapter 2 Network Design Fundamentals 9

                Campus Network Structure 9

                                Hierarchical Network Design 10

                                Access Layer 12

                                Distribution Layer 13

                                Core Layer (Backbone) 14

                                Layer 3 in the Access Layer 17

                                The Cisco Enterprise Campus Architecture 19

                                The Need for a Core Layer 20

                Types of Cisco Switches 22

                                Comparing Layer 2 and Multilayer Switches 24

                                MAC Address Forwarding 24

                                Layer 2 Switch Operation 25

                                Layer 3 (Multilayer) Switch Operation 26

                                Useful Commands for Viewing and Editing Catalyst Switch MAC Address Tables 27

                                Frame Rewrite 28

                                Distributed Hardware Forwarding 28

                                Cisco Switching Methods 29

                                Route Caching 30

                                Topology-Based Switching 31

                                Hardware Forward Details 33

                Study Tips 34

                Summary 34

                Review Questions 35

Chapter 3 Campus Network Architecture 41

                Implementing VLANs and Trunks in Campus Environment 41

                                VLAN Overview 42

                                VLAN Segmentation 44

                                End-to-End VLANs 44

                                Local VLANs 45

                                Comparison of End-to-End VLANs and Local VLANs 46

                                Mapping VLANs to a Hierarchical Network 47

                                Implementing a Trunk in a Campus Environment 49

                                Understanding Native VLAN in 802.1Q Trunking 52

                                Understanding DTP 53

                VLAN Ranges and Mappings 54

                                Configuring, Verifying, and Troubleshooting VLANs and Trunks 55

                                Verifying the VLAN Configuration 57

                                Configuring VLANs and Trunks 61

                                Best Practices for VLANs and Trunking 65

                                Voice VLAN Overview 67

                                Switch Configuration for Wireless Network Support 69

                VLAN Trunking Protocol 70

                                VTP Overview 70

                                VTP Modes 71

                                VTP Versions 73

                                VTP Pruning 74

                                VTP Authentication 75

                                VTP Advertisements 75

                                VTP Messages Types 77

                                Summary Advertisements 77

                                Subset Advertisements 77

                                Configuring and Verifying VTP 78

                                Overwriting VTP Configuration (Very Common Issue with VTP) 87

                                Best Practices for VTP Implementation 93

                Implementing EtherChannel in a Switched Network 94

                                The Need for EtherChannel 94

                                EtherChannel Mode Interactions 97

                                LACP 97

                                PAgP 98

                                Layer 2 EtherChannel Configuration Guidelines 99

                                EtherChannel Load-Balancing Options 100

                                Configuring EtherChannel in a Switched Network 102

                                EtherChannel Configuration and Load Balancing 103

                                EtherChannel Guard 108

                Study Tips 109

                Summary 110

                Review Questions 110

Chapter 4 Spanning Tree in Depth 119

                Spanning Tree Protocol Overview 120

                                STP Need 120

                                STP Standards 121

                                STP Operations 122

                                Bridge Protocol Data Units 124

                                Root Bridge Election 124

                                Root Port Election 126

                                Designated Port Election 128

                                STP Port States 129

                                Per-VLAN STP Plus (PVST+) 130

                                STP Topology Changes 131

                Rapid Spanning Tree Protocol 133

                                RSTP Port Roles 134

                                Comparison of RSTP and STP Port States 135

                                RSTP Topology Changes 136

                                RSTP Link Types 138

                                Configuring and Modifying STP Behavior 140

                                Changing STP Priority 143

                                STP Path Manipulation 145

                                STP Timers 148

                Implementing STP Stability Mechanisms 151

                                Use UplinkFast 153

                                Use BackboneFast 154

                                Use PortFast 156

                                Securing PortFast Interface with BPDU Guard 158

                                Disabling STP with BPDU Filter 159

                                Use Root Guard 161

                                Loop Guard Overview 164

                                Use UDLD 166

                                UDLD Recommended Practices 170

                                Use FlexLinks 171

                                STP Stability Mechanisms Recommendations 175

                Configuring Multiple Spanning Tree Protocol 179

                                Introducing MST 179

                                MST Regions 182

                                STP Instances with MST 183

                                Extended System ID for MST 185

                                Configuring and Verifying MST 185

                                Configuring MST Path Cost 192

                                Configuring MST Port Priority 193

                                MST Protocol Migration 194

                                MST Recommended Practices 194

                Troubleshooting STP 196

                                Potential STP Problems 196

                                Duplex Mismatch 196

                                Unidirectional Link Failure 197

                                Frame Corruption 197

                                Resource Errors 198

                                PortFast Configuration Errors 198

                Study Tips 198

                Summary 199

                Review Questions 200

Chapter 5 Inter-VLAN Routing 203

                Describing Inter-VLAN Routing 204

                                Introduction to Inter-VLAN Routing 204

                                Inter-VLAN Routing Using an External Router 206

                                Configuring Inter-VLAN Routing Using an External Router 207

                                Routing with an External Router 208

                                External Routers: Advantages Disadvantages 211

                                Inter-VLAN Routing Using Switch Virtual Interfaces 212

                                SVI: Advantages and Disadvantages 214

                                Routing with Routed Ports 214

                                Routed Ports: Advantages 215

                                Configuring Inter-VLAN Routing Using SVI and Routed Ports 216

                                Routing on a Multilayer Switch 217

                                Using the SVI autostate exclude Command 220

                                SVI Configuration Checklist 221

                                Troubleshooting Inter-VLAN Problems 222

                                Example of a Troubleshooting Plan 223

                Layer 2 Versus Layer 3 EtherChannel 225

                                Layer 3 EtherChannel Configuration 226

                                Verifying Routing Protocols 229

                Implementing DHCP 231

                                DHCP Overview 231

                                Configuring DHCP in Multilayer Switched Network 233

                                Configuring a DHCP Relay 239

                                Configuring DHCP Options 239

                Study Tips 240

                Summary 241

                Review Questions 242

Chapter 6 First-Hop Redundancy 247

                Overview of FHRP and HSRP 247

                                The Need for First-Hop Redundancy 248

                                HSRP Overview 250

                                HSRP State Transition 253

                                Aligning HSRP with STP Topology 254

                                Configuring and Tuning HSRP 255

                                Forwarding Through the Active Router 257

                                Load Sharing with HSRP 263

                                The Need for Interface Tracking with HSRP 265

                                HSRP Interface Tracking 266

                                HSRP and Object Tracking 268

                                Configuring HSRP Authentication 271

                                Tuning HSRP Timers 272

                                HSRP Versions 274

                Configuring Layer 3 Redundancy with VRRP 274

                                About VRRP 275

                                Configuring VRRP and Spotting the Differences from HSRP 276

                                VRRP and Authentication 279

                                Tracking and VRRP 280

                                Configuring Layer 3 Redundancy with GLBP 282

                                Introducing GLBP 282

                                Comparing GLPB to HSRP 283

                                GLBP States 284

                                Configuring and Verifying GLBP 285

                                GLBP Load-Balancing Options 294

                                GLBP Authentication 295

                                GLBP and STP 295

                                Tracking and GLBP 296

                Study Tips 300

                Summary 301

                References 301

                Review Questions 302

Chapter 7 Network Management 305

                AAA 305

                                Authentication Options 307

                                RADIUS and TACACS+ Overview 308

                                RADIUS Authentication Process 309

                                TACACS+ Authentication Process 310

                                Configuring AAA 311

                                Configuring RADIUS for Console and vty Access 311

                                Configuring TACACS+ for Console and vty Access 312

                                AAA Authorization 313

                                AAA Accounting 314

                                Limitations of TACACS+ and RADIUS 315

                Identity-Based Networking 316

                                IEEE 802.1X Port-Based Authentication Overview 316

                                IEEE 802.1X Configuration Checklist 318

                Network Time Protocols 319

                                The Need for Accurate Time 320

                                Configuring the System Clock Manually 320

                                Network Time Protocol Overview 323

                                NTP Modes 324

                                Other NTP Configuration Options 326

                                NTP Example 326

                                NTP Design Principles 329

                                Securing NTP 331

                                NTP Source Address 333

                                NTP Versions 333

                                SNTP 335

                                PTP/IEEE-1588 336

                SNMP 336

                                SNMP Overview 337

                                SNMP Versions 339

                                SNMP Best Practices 339

                                SNMPv3 Configuration Example 340

                                Verifying SNMP Version 3 Configuration 342

                Study Tips 344

                Summary 345

                Review Questions 345

Chapter 8 Switching Features and Technologies for the Campus Network 351

                Discovery Protocols 352

                                Introduction to LLDP 352

                                Basic Configuration of LLDP 353

                                Discovering Neighbors Using LLDP 355

                Unidirectional Link Detection 357

                                UDLD Mechanisms and Specifics 358

                                UDLD Configuration 358

                                Leveraging UDLD and STP Loop Guard Together 360

                Power over Ethernet 360

                                PoE Components 362

                                PoE Standards 362

                                PoE Negotiation 362

                                Configuring and Verifying PoE 363

                SDM Templates 364

                                SDM Template Types 365

                                Choosing the Right SDM Template 367

                                System Resource Configuration on Other Platforms 367

                Monitoring Features 368

                                SPAN and RSPAN Overview 368

                                SPAN Configuration 371

                                RSPAN Configuration 372

                IP SLA 374

                                Introduction to IP SLA 375

                                IP SLA Source and Responder 377

                                IP SLA Configuration 377

                                IP SLA Operation with Responder 379

                                IP SLA Time Stamps 381

                                Configuring Authentication for IP SLA 382

                                IP SLA Example for UDP Jitter 383

                Study Tips 384

                Summary 385

                Review Questions 385

Chapter 9 High Availability 393

                The Need for Logical Switching Architectures 394

                What Is StackWise? 395

                                StackWise Benefits 396

                                Verifying StackWise 396

                What Is VSS? 397

                                VSS Benefits 398

                                Verifying VSS 399

                Redundant Switch Supervisors 401

                                Supervisor Redundancy Modes 402

                                Stateful Switchover 403

                Nonstop Forwarding 404

                Study Tips 405

                Summary 405

                Review Questions 406

                References 406

Chapter 10 Campus Network Security 409

                Overview of Switch Security Issues 410

                Cisco Switch Security Configuration Best Practices 411

                Campus Network Vulnerabilities 414

                                Rogue Access 414

                                Switch Vulnerabilities 415

                                MAC Flooding Attacks 417

                Introducing Port Security 419

                                Port Security Configuration 420

                                Port Error Conditions 422

                                Err-Disabled Automatic Recovery 423

                                Port Access Lists 424

                Storm Control 425

                                Introduction to Storm Control 426

                                Configuring and Verifying Storm Control on an Interface 427

                Mitigating Spoofing Attacks 430

                                DHCP Spoofing Attacks 430

                                DHCP Snooping 432

                                DHCP Option 82 433

                                DHCP Snooping Example Configuration 433

                                IP Source Guard 436

                                IPSG Configuration 438

                                ARP Spoofing 439

                                Dynamic ARP Inspection 440

                                DAI Configuration 441

                Securing VLAN Trunks 443

                                Switch Spoofing 444

                                VLAN Hopping 446

                                Protecting Against VLAN Hopping 447

                                VLAN Access Lists 448

                                VACL Interaction with ACLs and PACLs 449

                                Configuring VACLs 450

                Private VLANs 451

                                Introduction to PVLANs 452

                                PVLAN Port Types 453

                                PVLAN Configuration 454

                                PVLAN Verification 456

                                PVLANs Across Multiple Switches 457

                                Using the Protected Port Feature 458

                Study Tips 458

                Summary 459

                Review Questions 460

Appendix A Answers to Chapter Review Questions 469

9781587206641 TOC, 4/14/2015

Errata

We've made every effort to ensure the accuracy of this book and its companion content. Any errors that have been confirmed since this book was published can be downloaded below.

Download the errata

Submit Errata

Cisco Press Promotional Mailings & Special Offers

I would like to receive exclusive offers and hear about products from Cisco Press and its family of brands. I can unsubscribe at any time.

Overview

Pearson Education, Inc., 221 River Street, Hoboken, New Jersey 07030, (Pearson) presents this site to provide information about Cisco Press products and services that can be purchased through this site.

This privacy notice provides an overview of our commitment to privacy and describes how we collect, protect, use and share personal information collected through this site. Please note that other Pearson websites and online products and services have their own separate privacy policies.

Collection and Use of Information

To conduct business and deliver products and services, Pearson collects and uses personal information in several ways in connection with this site, including:

Questions and Inquiries

For inquiries and questions, we collect the inquiry or question, together with name, contact details (email address, phone number and mailing address) and any other additional information voluntarily submitted to us through a Contact Us form or an email. We use this information to address the inquiry and respond to the question.

Online Store

For orders and purchases placed through our online store on this site, we collect order details, name, institution name and address (if applicable), email address, phone number, shipping and billing addresses, credit/debit card information, shipping options and any instructions. We use this information to complete transactions, fulfill orders, communicate with individuals placing orders or visiting the online store, and for related purposes.

Surveys

Pearson may offer opportunities to provide feedback or participate in surveys, including surveys evaluating Pearson products, services or sites. Participation is voluntary. Pearson collects information requested in the survey questions and uses the information to evaluate, support, maintain and improve products, services or sites; develop new products and services; conduct educational research; and for other purposes specified in the survey.

Contests and Drawings

Occasionally, we may sponsor a contest or drawing. Participation is optional. Pearson collects name, contact information and other information specified on the entry form for the contest or drawing to conduct the contest or drawing. Pearson may collect additional personal information from the winners of a contest or drawing in order to award the prize and for tax reporting purposes, as required by law.

Newsletters

If you have elected to receive email newsletters or promotional mailings and special offers but want to unsubscribe, simply email information@ciscopress.com.

Service Announcements

On rare occasions it is necessary to send out a strictly service related announcement. For instance, if our service is temporarily suspended for maintenance we might send users an email. Generally, users may not opt-out of these communications, though they can deactivate their account information. However, these communications are not promotional in nature.

Customer Service

We communicate with users on a regular basis to provide requested services and in regard to issues relating to their account we reply via email or phone in accordance with the users' wishes when a user submits their information through our Contact Us form.

Other Collection and Use of Information

Application and System Logs

Pearson automatically collects log data to help ensure the delivery, availability and security of this site. Log data may include technical information about how a user or visitor connected to this site, such as browser type, type of computer/device, operating system, internet service provider and IP address. We use this information for support purposes and to monitor the health of the site, identify problems, improve service, detect unauthorized access and fraudulent activity, prevent and respond to security incidents and appropriately scale computing resources.

Web Analytics

Pearson may use third party web trend analytical services, including Google Analytics, to collect visitor information, such as IP addresses, browser types, referring pages, pages visited and time spent on a particular site. While these analytical services collect and report information on an anonymous basis, they may use cookies to gather web trend information. The information gathered may enable Pearson (but not the third party web trend services) to link information with application and system log data. Pearson uses this information for system administration and to identify problems, improve service, detect unauthorized access and fraudulent activity, prevent and respond to security incidents, appropriately scale computing resources and otherwise support and deliver this site and its services.

Cookies and Related Technologies

This site uses cookies and similar technologies to personalize content, measure traffic patterns, control security, track use and access of information on this site, and provide interest-based messages and advertising. Users can manage and block the use of cookies through their browser. Disabling or blocking certain cookies may limit the functionality of this site.

Do Not Track

This site currently does not respond to Do Not Track signals.

Security

Pearson uses appropriate physical, administrative and technical security measures to protect personal information from unauthorized access, use and disclosure.

Children

This site is not directed to children under the age of 13.

Marketing

Pearson may send or direct marketing communications to users, provided that

  • Pearson will not use personal information collected or processed as a K-12 school service provider for the purpose of directed or targeted advertising.
  • Such marketing is consistent with applicable law and Pearson's legal obligations.
  • Pearson will not knowingly direct or send marketing communications to an individual who has expressed a preference not to receive marketing.
  • Where required by applicable law, express or implied consent to marketing exists and has not been withdrawn.

Pearson may provide personal information to a third party service provider on a restricted basis to provide marketing solely on behalf of Pearson or an affiliate or customer for whom Pearson is a service provider. Marketing preferences may be changed at any time.

Correcting/Updating Personal Information

If a user's personally identifiable information changes (such as your postal address or email address), we provide a way to correct or update that user's personal data provided to us. This can be done on the Account page. If a user no longer desires our service and desires to delete his or her account, please contact us at customer-service@informit.com and we will process the deletion of a user's account.

Choice/Opt-out

Users can always make an informed choice as to whether they should proceed with certain services offered by Cisco Press. If you choose to remove yourself from our mailing list(s) simply visit the following page and uncheck any communication you no longer want to receive: www.ciscopress.com/u.aspx.

Sale of Personal Information

Pearson does not rent or sell personal information in exchange for any payment of money.

While Pearson does not sell personal information, as defined in Nevada law, Nevada residents may email a request for no sale of their personal information to NevadaDesignatedRequest@pearson.com.

Supplemental Privacy Statement for California Residents

California residents should read our Supplemental privacy statement for California residents in conjunction with this Privacy Notice. The Supplemental privacy statement for California residents explains Pearson's commitment to comply with California law and applies to personal information of California residents collected in connection with this site and the Services.

Sharing and Disclosure

Pearson may disclose personal information, as follows:

  • As required by law.
  • With the consent of the individual (or their parent, if the individual is a minor)
  • In response to a subpoena, court order or legal process, to the extent permitted or required by law
  • To protect the security and safety of individuals, data, assets and systems, consistent with applicable law
  • In connection the sale, joint venture or other transfer of some or all of its company or assets, subject to the provisions of this Privacy Notice
  • To investigate or address actual or suspected fraud or other illegal activities
  • To exercise its legal rights, including enforcement of the Terms of Use for this site or another contract
  • To affiliated Pearson companies and other companies and organizations who perform work for Pearson and are obligated to protect the privacy of personal information consistent with this Privacy Notice
  • To a school, organization, company or government agency, where Pearson collects or processes the personal information in a school setting or on behalf of such organization, company or government agency.

Links

This web site contains links to other sites. Please be aware that we are not responsible for the privacy practices of such other sites. We encourage our users to be aware when they leave our site and to read the privacy statements of each and every web site that collects Personal Information. This privacy statement applies solely to information collected by this web site.

Requests and Contact

Please contact us about this Privacy Notice or if you have any requests or questions relating to the privacy of your personal information.

Changes to this Privacy Notice

We may revise this Privacy Notice through an updated posting. We will identify the effective date of the revision in the posting. Often, updates are made to provide greater clarity or to comply with changes in regulatory requirements. If the updates involve material changes to the collection, protection, use or disclosure of Personal Information, Pearson will provide notice of the change through a conspicuous notice on this site or other appropriate way. Continued use of the site after the effective date of a posted revision evidences acceptance. Please contact us if you have questions or concerns about the Privacy Notice or any objection to any revisions.

Last Update: November 17, 2020