Search

badly connected

Category

CCNP

Chapter 4 – VLANs and Trunks

  • How do you configure a VLAN?
    • vlan VLAN-NUMBER
         name VLAN-NAME
         exit
      interface NAME
      switchport mode access
      switchport access vlan
      VLAN-NUMBER
  • What is a dynamic VLAN? 
    • When a VLAN is assigned to a MAC address rather than a port.
  • What is an End-to-End VLAN?
    • When a VLAN is spanned the entire switch network, not only one switch block.
    • It is not recommended as the broadcast messages cause high CPU usage in the core layer. Also a broadcast storm could take down the whole campus.
  • What is the 80/20 rule?
    • Roughly it expects that 80% of traffic will stay in the local workgroup, whereas 20% is destined for a remote resource in the campus network.
  • What is the 20/80 rule?
    • 20% local, 80% remote
    • ie.: the users have to reach central resources
  • What is a local VLAN?
    • The VLANs stay within the switch block borders. In case of traffic which

Chapter 3 – Switch Port Configuration

Ethernet Concepts

  • How does half-duplex operation work?
    • By the nature of ethernet collision can happen. A technology called CSMA/CD (carrier sense multiple access collision detect) trying to resolve this by backing off for a random period of time when a collision occurs. After that the station can retransmit. The more crowded an Ethernet segment becomes the more collision will happen.
  • How does full-duplex work?
    • If we implement switches in an ethernet network the collision domains are broken. All switch port is a separate collision domain. This way the stations can transmit and receive simultaneously without the possibility of collision (so prevention is not needed either).
  • What are the specifications of FastEthernet?
    • maximum speed: 100Mbps
    • full- / half-duplex
    • UTP / fiber
    • UTP max length ~100 meter
    • Fast EtherChannel (FEC) up to 8 links
  • What are the specifications of GigabitEthernet?
    • maximum speed: 1Gbps
    • full- / half-duplex
    • UTP / fiber
    • support legacy ethernet speeds 10/100/1000
    • Gigabit EtherChannel (GEC) up to 8 links
  • What are the specifications of Ten-GigabitEthernet?
    • maximum speed: 10Gbps
    • only full duplex
    • Physical Media Dependent (PMD) interfaces:
      • LAN PHY: Interconnects switches in a campus network, predominantly in the core layer
      • WAN PHY: Interfaces with existing synchronous optical network (SONET) or synchronous digital hierarchy (SDH) network that were typically found in metropolitan-area networks (MAN)
  • What other scales exist in Ethernet?
    • 40Gbps and 100Gbps Ethernet. Both are bonds of multiple Ten-GigabitEthernet.
  • How does speed and duplex negotiation work?
    • speed is determined by electrical signaling so that either end of a link can determine what speed the other end is trying to use
    • Duplex is negotiated: If you want to use autonegotiation both side must be configured to autonegotiate, or else one side will NEVER get information about the other end’s duplexity.
      If autonegotiation fails a switch port always falls back to half-duplex because it offers collision detection.Speed and duplex mode can be configured or negotiated only on switch ports that support twisted-pair cabling.
  • What is “switchport auto negotiation” command used for?
    • The same as duplex and speed coomand. When autonegotiation is enabled, the port automatically detects the speed or pause method, and duplex of incoming signals based on the link partner. You can also detect link up conditions using the autonegotiation feature.
  • What is the numbering convention of a Cisco interface (ie.: Fa1/0/14) ?
    • interface type member/module/number
    • In the example: the 14th FastEthernet port on the first switch in the stack
  • What are the 2 ways to configure multiple interfaces at the same time?
    • interface range GigabitEthernet1/0/2, GigabitEthernet1/2/1
    • interface range GigabitEthernet1/0/1 – 1/0/10
  • How do you define interface macro?
    • define interface-range MyGroup Gig1/0/1, Gig2/0/10, Gig3/0/1 – 3/0/5
      interface range macro MyGroup
  • How do you configure port speed?
    • interface INTERFACE-NAME
        speed 10/100/1000
  • How do you configure port duplex mode?
    • interface INTERFACE-NAME
        duplex half/full
  • What is an error condition?
    • When an error condition is detected the switch port is put into errdisable  state and is disabled. This can be tuned so it is only triggered by specific errors.
    • Some options:
      all : Detects every possible cause
      arp-inspection : Detects errors with dynamic ARP inspection
      bpduguard : Detects when a spanning-tree bridge protocol data unit (BPDU) is received on a port configured for STP PortFast
      dhcp-rate-limit : Detects an error with DHCP snooping
      ■ dtp-flap : Detects when trunking encapsulation is changing from one type to another
      gbic-invalid : Detects the presence of an invalid GBIC or SFP module
      inline-power : Detects an error with offering PoE inline power
      l2ptguard : Detects an error with Layer 2 Protocol Tunneling
      ■ link-flap : Detects when the port link state is “flapping” between the up and down states
      loopback : Detects when an interface has been looped back
      pagp-flap : Detects when an EtherChannel bundle’s ports no longer have consistent configurations
      pppoe-ia-rate-limit : Detects errors with PPPoE Intermediate Agent rate limiting
      psecure-violation : Detects conditions that trigger port security configured on a port
      psp : Detects an error related to protocol storm protection
      security-violation : Detects errors related to 802.1X security
      sfp-config-mismatch : Detects errors related to SFP configuration mismatches
      small-frame : Detects errors when VLAN-tagged packets are too small and arrive above a certain rate
      storm-control : Detects when a storm control theshhold has been exceeded on a port
      udld: Detects when a link is seen to be unidirectional (data passing in only one direction)
  • How can you check the reason of being error disabled?
    • show interface status err-disabled 
  • How can be a port recovered from Error Condition?
    • Manually: shutdown then a no shutdown
    • Automatically:
        errdisable recovery cause ERROR-CONDITION
        errdisable recocvery interval TIME-IN-SEC 
  • How can you check which type of ERROR-CONDITIONs are going to be recovered automatically?
    • show errdisable recovery 
  • What is the point of reenabling an errdisable port automatically?
    • When it is more important to keep a link up until the problem can be resolved.
  • How can you check port status effectively?
    • show interface
    • show interface status

show-int-status.PNG

  • What does the protocol and status means in a show int desc output?
    • protocol: physical or datalink layer
    • status: Layer 2
  • How can you notice a duplex mismatch?
    • Runts” and “Input errors” are visible in the show interface output.
  • What are the characteristics of Cisco Discovery Protocol?
    • it only work in one direction; advertisements are sent out periodically toward any listening device but nothing expected in return
    • works in Layer 2
    • by default CDP advertisements are sent out every 60 seconds
    • CDP is enabled by default
  • How do you turn off/on CDP?
    • It can be configured globally or under a specific interface
  • What is Layer Link Discovery Protocol (LLDP)?
    • Same as CDP but based on IEEE; work in multivendor network.
  • What are the characteristics of LLDP?
    • disabled by default (on Catalyst switches)
      You can check with: show lldp
  • How do you turn on/off LLDP?
    • globally: lldp run
    • globally: no lldp run

 

PoE (Power over Ethernet)

poeadapters-feature-device-protection

  • What type of PoE methods exist?
    • ILP (Cisco Inline Power) – 7W
    • PoE (IEEE 802.2af) – 15.4W
    • PoE+ (IEEE 802.3at) – 25.5W
    • UPoE (Cisco Universal PoE) – 60W
  • How can a PoE device detect a peer?
    • When a switch port is down, there power is also disabled ALTHOUGH the switch tries to detect whther a powered device is connected.
      It provides small voltage and measures the resistance wether the currect is being drawn by any other device.
  • How much power is sent?
    • By default the switch offer 15.4W / port. The peer can ask for more using CDP or LLDP advertisements and requests (it can ask up to 30W – 802.3at).
  • How do you configure PoE?
    • power inline auto/static max MILIWATTS
      • auto: the peer asks for power (CDP / LLDP)
      • static: you configure the exact power amount
      • max: you can configure the maximal power that could be asked by the peer (ie: 4000 = 4W)
  • What power classes exist?
    • 0 – 15.4W (default)
    • 1 – 4W
    • 2 – 7W
    • 3 – 15.4W
    • 4 – up to 30W (802.3at)
  • How do you turn off PoE?
    • power inline never
  • How do you verify PoE?
    • show power inline
      poe.PNG

Chapter 2 – Switch Operation

  • How does an Ethernet switch isolates the connection between hosts?
    • the collision domain’s scope is limited
    • host connections can operate in full-duplex mode
    • each switch port offers dedicated bandwidth across switch fabric to another switch port
    • each frame received on a switch port is checked for errors
      “store-and-forward” mechanism: packets received -> stored for inspection -> forwarded
    • the broadcast limit can be limited to a volume threshold
  • What is unkown unicast flooding? 
    • When a switch receives a frame but the destination MAC address is not listed in its forwarding table (CAM) it will flood the frame on all ports (in the same VLAN).
  • How does a switch process a frame?
    • switch-processing.PNG
    • First the frame arrives into the ingress queue where it decides where should it forward the frame/ whether it should forward the frame.
  • What is a TCAM table?
    • ternary content-addressable memory: security and/or QoS ACLs are checking the frame
  • What types of multilayer switching (MLS) exists?
    • Route caching: the first packet is processed by the Route Processor and the Switch Engine creates a shortcut in the MLS cache. The remaining packets of the traffic flow is using this shortcut.
    • Topology based = CEF: The Forwarding Information Base is built based on the routing process.
      multilayer-processing.PNG
  • What multilayer switching decisions happen when a packet enters into an MLS?
    • L2 forwarding check: The destination MAC address is used as an index into the CAM table. If the frame contains a Layer 3 packet that needs to be forwarded from one subnet to another, the destination MAC address will contain the address of a Layer 3 port on the switch itself. In this case, the CAM table results are used only to decide that the frame should be processed at Layer 3.
    • L3 forwarding check: The destination IP is checked in the FIB table this way the next-hop IP is obtained. The FIB also contains the next-hop MAC address and egress switch port  + VLAN so no further lookup is necessary.
    • Security ACLs and QoS ACLs are also checked in TCAM.
  • What else happen in the forwarding process (L2/3 headers)? 
    • the source/destination MAC address is modified
    • the TTL is decreased by 1
    • as both L2 and L3 contents are modified, both L2 and L3 checksum need to be recalculated
  • What is a punt adjacency?
    • When CEF cannot process a packet it will be passed to CPU for process switching.
      • ARP requests replies
      • TTL expired
      • CDP
      • packet need encryption
      • etc…
  • What is a CAM table and how do they work?
    • when an incoming frame arrives to the switch an entry is going to be added to the CAM table: source MAC, VLAN, port of arrival, time stamp
  • What is a stale entry?
    • An address that have not been heard from for a period of time is aged out (stale). By default this is 300 seconds.
  • How can you modify the CAM aging timer? 
    • mac address-table aging-time seconds
  • How do you configure a CAM entry statically?
    • mac address-table static mac-address vlan vlan-id interface interface
  • What might be the point of adding a MAC address statically?
    • The MAC address is removed from the CAM table every 300 seconds in case there is no communication. We might don’t want this to happen. i.e.: troubleshooting reasons
  • What happens when a MAC is learned on a port then changes to another port?
    • When the switch is learning a new MAC it checks whether that MAC is already in the CAM table.
  • What happens when a MAC address is flapping?
    • That MAC is being learned from more than 1 port.

 

 

  • What is the use of TCAM?
    • It can process multiple access security/QoS access lists (in/out) simultaneously. This operation can happen without latency as the TCAM is a special piece of hardware (ASIC).
  • What components does TCAM have?
    • Feature Manager (FM): The FM compiles or merges the Access Control Entries into the TCAM table. The TCAM then can be consulted at full frame-forwarding speed.
    • Switching Database Manager (SDM):  The TCAM is partitioned into several areas that support different functions.
  • What is TCAM VMR?
    • value, mask, result
  • How can you check the contents of the CAM table?
    • show mac address-table
    • useful: show mac address-table address MAC
    • useful: clear mac address-table …
  • How can you recognize a TCAM overflow?
    • When you are configuring ACL entries a syslog message will be generated as the TCAM is trying to compile the ACL entry into TCAM.
    • Smaller devices like Cisco 2960, 3750 and 3850 have a fixed architecture with limited switching table space. The CAM, FIB and other tables must all share resources, so you need to choose the best distribution.
      Other models like Catalyst 4500 and 6500 have more resources so we don’t need to worry about this problem.
  • How can you tune TCAM?
    • checking: show platform tcam utilization
    • check configured template: show sdm prefer
    • configure sdm template: sdm prefer TEMPLATE
      The switch must be rebooted after the sdm modification!

Chapter 1 – Enterprise Campus Network Design

  • What is a campus network?
    • An enterprise network consisting of many LANs in one or more buildings, all connected and all usually in the same place.
  • How do you reduce the size of a collision domain?
    • Using switches – one host one switch port.
  • How do you reduce the size size of broadcast domain?
    • Using routers.
  • What is a collapsed core network?
    • When there are no 3 different layers in a campus, only 2. The distribution and core switches are combined.
  • What is a switch block?
    • A switch block contains the access and distribution devices.
      switch-block.PNG
  • What size should a switchblock have? What is it based on?
    • traffic types and behavior
    • size and number of common workgroups
  • What is the recommended boundary of VLANs?
    • The VLANs should not extend beyond the distribution switches.
  • What is the purpose of the Core layer?
    • It connects 2 or more switchblocks in the campus.
  • What is the recommended design regarding the load?
    • the upper layer device should be designed to carry the aggregated amount of traffic load handled by the connected lower layer devices
      ie.: the uplink/crosslink of a core switch should be able to carry the aggregated traffic of the connected distribution switches

 

colapsed-core

 

 

multicore

 

  • What are the desired properties of an access switch?
    • high port density
    • PoE
    • low cost

common-access-switches.PNG

  • What are the desired properties of distribution and core switches?
    • high Layer 3 switching throughput
    • high density of high-bandwidth optical media

dist-core.PNG

 

 

 

 

Blog at WordPress.com.

Up ↑