Search

badly connected

Category

CCNP

Chapter 7 – Spanning-Tree Configuration

  • How can you enable STP?
    • It is enabled by default.
    • You can enable / disable it using the following command
      (config)#spanning-tree vlan VLAN-ID
  • What problems could cause a bad (maybe default) root bridge election?
    • root-bridge.PNG
Advertisements

Chapter 6 – Traditional Spanning Tree Protocol

  • What is the purpose of STP?
    • To prevent loops in the L2 network.
      bridging-loop.PNG
  • What is a bridging loop?
    • The process of forwarding a single frame around and around between two switches.
  • How does STP works?
    • It communicates (with Bridge Protocol Data Units, BPDU) among all connected switches on a network. Each switch executes the STP algorithm based on information received from neighbors. The algorithm chooses a reference point in the network and calculates all the redundant paths to that reference point. When redundant paths are found the STP picks one path by which to forward frames and disables or blocks the other redundant path.
  • How does BPDU work?
    • A switch sends a BPDU frame out a port, using the MAC of the port as source. The destination MAC address is a well-known STP multicast address: 01-80-c2-00-00-00.
  • What kind of BPDU messages exist?
    • Configuration BPDU: Used for STP computation
    • Topology Change Notification (TCN) BPDU: announce changes in the network topology
  • How is a root bridge selected?
    • The election is using the Bridge ID. The Bridge ID consists of:
      • Bridge Priority (2 bytes): default 32.768  You can modify it with the increments of 4096.
      • MAC Address (6 bytes): This MAC can come from the Supervisor module or the backplane.
    • First every switch considers itself as the Root Bridge. They start to send BPDU’s with a Root Bridge ID (first it’s their own ID) and the sender’s Bridge ID (always their own ID). The receiver will decide who is the Root Bridge based on the BPDU.
    • Tie breakers
      • The lower Bridge ID the better
      • The lower MAC address the better
        root-bridge.PNG
        (SwitchA is root)
  • What is a root port?
    • It’s a port which always points toward the current root bridge. (Only non-root switches have it)
  • What is the difference between root path cost and path cost?
    • root path cost: It is carried inside the BPDU and other switches can modify this value to make it cumulative.
    • path cost: This value however is only local (where the port resides) and not contained in BPDU.
  • What are the STP path cost values?
    • stp-path-cost.PNG
  • How is the root path cost evaluated?
    • The root bridge sends BPDU with root path cost of 0
    • The neighbour switch increments the root path cost with the cost of the port where the BPDU arrived.
    • NOTE: The root path cost is calculated with the port that receives the BPDU and not with the port that sends the BPDU
  • What is a designated port and how is it chosen?
    • The port that forwards traffic is the designated port. The port with the lowest cumulative root path cost is elected as the designated port.
  • What if 2 ports have the same root path cost?
    • lowest root bridge ID
    • lowest root path cost to root bridge
    • lowest sender bridge ID
    • lowest sender port ID
      port-selection.PNG
      Switch D’s root port cost is equal (Gi0/1, Gi0/2 = 8) so lowest ender port ID wins.
  • What STP port states exist?
    • Disabled: Port is shutdown by admin.
    • Blocking: After a port initializes, it begins in the Blocking state. It is not allowed to send/receive data nor MAC addresses to its address table. It only receives BPDUs.
    • Listening: Here the port is sending/receiving BPDUs so it can actively participate int he STP topology process. If the port loses its root or designated port status, it returns to Blocking state.
    • Learning: The port still cannot send data but is allowed to fill it’s MAC address table.
    • Forwarding: The port is fully functional.
      stp-port-states.PNG
  • How do you verify STP port states?
    • stp-port-states2.PNG
  • What type of timers do STP have?
    • Hello timer: The root bridge sends Configuration BPDUs every 2 seconds by default. The hello time is configured on the root bridge as the nonroot switches only relay  on the configuration BPDUs.
    • Forwarding timer: This time interval specifies that a switch port spends in both the Listening and Learning states. Default: 15 sec
    • Maximum Age timer: This is the time interval that a switch stores a BPDU before discarding it. Default: 20 sec

 

  • What happens when the STP topology changes (ie.:a port moves from Forwarding/Learning to Block)?
    • The switch will send out a TCN BPDU update on it’s root port, so the root bridge receives news of the topology change.
    • The switch will NOT send TCN BPDU if it is configured as port fast.
    • The switch will keep  sending the TCN BPDU update until it receives an acknowledgement.
      The neighbor switch passes the TCN BPDU forward towards the root bridge and sends acknowledgement to the source of TCN BPDU .
      When the root bridge receives the TCN BPDU it will send it’s configuration BPDU.
      topology-change.PNG
  • What happens when an insignificant port goes down?
    • insignificant-stp.PNG
    • This will age out the entries of the bridge or CAM table. This could be a problem if a high number host hosts are connected.
    • To resolve this use Portfast feature.

 

Types of STP

  • What are the features of Common Spanning Tree?
    • It has only one instance of STP that encompasses all VLANs
    • It is transmitted over trunk links using native VLAN
    • Using a single STP process for many VLANs simplifies switch configurations and reduces CPU load during STP calculations
    • Redundant links between switches will be blocked with no capability for load balancing
  • What are the features of Per-VLAN Spanning Tree?
    • Cisco proprietary, so this only works with Inter-Switch Link (ISL) trunking.
    • You can configure each VLAN independently, offering a better performance and tuning.
    • Capable of load balancing (some vlans on one redundant links, some vlans on another)
  • What are the features of Per-VLAN Spanning Tree Plus?
    • It acts as a translator between groups of Common STP switches and groups of PVST switches.

 

Chapter 5 – VLAN Trunking Protocol

  • What is the purpose of VTP?
    • VTP uses L2 trunk frames to communicate VLAN information among a group of switches. VTP manages addition, deletion and renaming of VLANs across the network.
    • By default, every switch is running VTP server mode in the null management domain.
  • What are the 4 VTP modes?
    • server (default): can change, add, delete VLANs
    • client: cannot modify VLANs but receives updates
    • transparent: doesn’t participate in VTP but forwards VTP advertisements to neighbors
    • off:  doesn’t participate in VTP at all
  • What are the default security settings of VTP domains?
    • by default the advertisements are sent without a password
  • What is a VTP revision number?
    • VTP switches use an index called revision number to keep track of the latest information.
      The starting revision number is: 0
      revision number
  • What happens when the switch receives an update with greater VTP revision number?
    • It overwrites the VLAN information with the new one.
  • What kind of VTP advertisements exist?

    • Summary advertisement: The VTP domain server sends it every 300 seconds and every time the VLAN database changes.
    • Subset advertisement: The VTP domain server send subset advertisements after a VLAN configuration change occurs. These advertisements list the specific changes that have been performed such as creating or deleting a VLAN etc…
    • Advertisement request: A VTP client can request any VLAN infromation it lacks.
      Note: VTP advertisements are sent as multicast
  • How can you set the revision number back to 0?
    • Change the switch’s VTP mode to transparent and then change the mode back to server.
    • Change the switch’s VTP domain name to a nonexistent VTP domain name and then change the VTP domain back to the original name.
  • What happens if a VTP client has higher revision number than the VTP server?
    • The VTP client will send subset advertisement to the server and than the server will propagate to all VTP client.
  • What is the default VTP version? How can you change it?
    • version 1
    • vtp version { 1 | 2 | 3 }
  • How do you configure a VTP management domain?
    • vtp domain DOMAIN-NAME
  • How do you configure the VTP modes?
    • vtp mode { server | client | transparent | off }
  • How does security work in VTP?
    • The password can be configured on VTP servers and clients only. The password itself is not sent but an MD5 authentication or hash is computed and sent in the VTP advertisements (servers) and used to validate received advertisements (client).
    • vtp password PASSWORD 
  • How do you verify VTP functionality?
    • show vtp status

 

VTP Pruning

  • What is VTP pruning and how does it work?
    • When a device is sending broadcast frames it will be sent through all switches that has access port or trunk port within the same VLAN:
      prune-1.PNG
    • The problem with this is Catalyst B do not have any active port in VLAN 3, only the uplink trunk. This is wasting of bandwith.
      VTP Pruning is solving this by advertising the active vlans to it’s neighbours. ie.: CatB is advertising VLAN2 to CatA.
      The neighbours keep this information, enabling them to decide whether flooded traffic from a VLAN should be allowed on a trunk link or not.
      prune-2.PNG
  • How do you configure VTP pruning?
    • By default VTP pruning is disabled.
    • To enable : (config) vtp pruning
    • If you enable VTP pruning on a VTP server, all of the clients will enable VTP pruning.
  • What are the pruned VLANs by default? How can you modify it?
    • By default VLANs 2 – 1001 are enable for potential pruning on every trunk.
    • You can modify it:
      (interface) switchport trunk pruning vlan { add | exept | remove | VLAN-LIST | none }
  • What possible configuration problems do you know for VTP ?
    • switch is configured for VTP transparent
    • switch is configured as VTP client, but no reachable VTP server
    • the link toward the VTP server is not a trunk. Only trunks send VTP advertisements. 
    • VTP domain mismatch
    • password mismatch
    • incompatible VTP versions
  • How can you verify VTP prunning?
    • You can check it by “show interface INTERFACE trunk
      prunning-verification.PNG
      The first output is shown when prunning is enabled. The second output when prunning is disabled.

 

REAL LIFE PROBLEMS

  • Error message when trying to modify VLAN settings:
    VTP VLAN configuration not allowed when device is not the primary server for vlan database.

    • Not sure why, but setting VTP version to 1 or 2 allows you to configure vlans.

Chapter 4 – VLANs and Trunks

  • How do you configure a VLAN?
    • vlan VLAN-NUMBER
         name VLAN-NAME
         exit
      interface NAME
      switchport mode access
      switchport access vlan
      VLAN-NUMBER
  • What is a dynamic VLAN? 
    • When a VLAN is assigned to a MAC address rather than a port.
  • What is an End-to-End VLAN?
    • When a VLAN is spanned the entire switch network, not only one switch block.
    • It is not recommended as the broadcast messages cause high CPU usage in the core layer. Also a broadcast storm could take down the whole campus.
  • What is the 80/20 rule?
    • Roughly it expects that 80% of traffic will stay in the local workgroup, whereas 20% is destined for a remote resource in the campus network.
  • What is the 20/80 rule?
    • 20% local, 80% remote
    • ie.: the users have to reach central resources
  • What is a local VLAN?

    • The VLANs stay within the switch block borders.

 

VLAN Trunks

  • What happens when a trunk sends frames but the other side is a simple access port?
    • The VLAN identifier is removed before the frame is transmitted to the destination host.
  • What protocols are used for making trunks?
    • Inter-Switch Link (ISL) – cisco proprietary
    • IEEE 802.1Q
  • What is 802.1Q native vlan?
    • In this case the frames do not have any tagging information as if a trunk link was not being used.
  • How big is the overhead in case of ISL and in case of .1Q?
    • ISL: 30 bytes
    • 802.1Q: 4 bytes
  • How do you configure a VLAN trunk? 
switch(config-if)#switchport 
switch(config-if)#switchport trunk encapsulation { isl | dot1q | negotiate }
switch(config-if)#switchport trunk native vlan VLAN-ID
switch(config-if)#switchport trunk allowed vlan { VLAN-LIST | all | add | except | remove }
switch(config-if)#switchport mode {trunk | dynamic {desirable | auto }}
  • What are the options of “switchport trunk encapsulation …” ?
    • isl
    • dot1q
    • negotiate (default): The encapsulation will select ISL or dot1q, whichever both ends of the trunk support. If both end supports both types, ISL is favored.
  • What is the default native VLAN used by 802.1Q?
    • vlan 1
  • What is the point of “switchport trunk allowed vlan” ?
    • Defines which VLANs can be trunked over the link.
    • Default: all vlans allowed
  • How do you configure dynamic trunking protocol (DTP)?
    • (interface)switchport mode …
    • trunk
      The port is configured as trunk statically. If the other side is trunk, dynamic desirable or dynamic auto, trunking will be negotiated successfully.
    • dynamic desirable (default)
      The port actively attempts to convert the link into trunking mode. If the other side is trunk, dynamic desirable or dynamic auto, trunking will be negotiated successfully.
    • dynamic auto
      The port can be converted into a trunk link, but only if the far-end switch actively requests it. If  the other side is trunk or dynamic desirable, trunking will be negotiated successfully.
  • How often DTP frames are sent?
    • every 30 seconds
  • What happens to DTP when “switchport access” is configured?
    • DTP will still send frames. If you want to disable DTP entirely use:
      switchport nonegotiate
  • What happens when DTP communicates to a non-cisco device?
    • It cannot communicate to a non-cisco device since DTP is Cisco proprietary protocol.
      You should always disable DTP
  • What happens when you prune a vlan from the “allowed vlan” list, but only one side?
    • The other side will still flood broadcast using the bandwidth.
  • What command can you use for troubleshooting?
    • show interface Fa1/0 switchport
    • show interface status
    • show interface Fa1/0 trunk

Voice VLANs

  • What are the options for carrying the voice traffic?
C3750-mid(config-if)#switchport voice vlan ?
 <1-4094> Vlan for voice traffic
 dot1p Priority tagged on PVID. Tagged as VLAN 0
 none (Default) Don't tell telephone about voice vlan. Tagged same as the access VLAN.
 untagged Untagged on PVID. Native VLAN

voice-vlan.PNG

  • How can you check whether a VLAN is carried over the trunk link?
    • show spanning-tree interface

Wireless VLANs

  • What operational modes do switches have?
    • Autonomous mode: The AP operates independently and directly connects VLANs to WLANs on a one-to-one basis.
      autonomous-ap.PNG
    • Lightweight mode: The AP must join with a wireless LAN controller. The AP connects each of its own WLANs with a VLAN connected to the controller. All of the VLAN-WLAN traffic is encapsulated and carried over a special tunnel between the AP and the controller.
      lightweight-ap.PNG

Chapter 3 – Switch Port Configuration

Ethernet Concepts

  • How does half-duplex operation work?
    • By the nature of ethernet collision can happen. A technology called CSMA/CD (carrier sense multiple access collision detect) trying to resolve this by backing off for a random period of time when a collision occurs. After that the station can retransmit. The more crowded an Ethernet segment becomes the more collision will happen.
  • How does full-duplex work?
    • If we implement switches in an ethernet network the collision domains are broken. All switch port is a separate collision domain. This way the stations can transmit and receive simultaneously without the possibility of collision (so prevention is not needed either).
  • What are the specifications of FastEthernet?
    • maximum speed: 100Mbps
    • full- / half-duplex
    • UTP / fiber
    • UTP max length ~100 meter
    • Fast EtherChannel (FEC) up to 8 links
  • What are the specifications of GigabitEthernet?
    • maximum speed: 1Gbps
    • full- / half-duplex
    • UTP / fiber
    • support legacy ethernet speeds 10/100/1000
    • Gigabit EtherChannel (GEC) up to 8 links
  • What are the specifications of Ten-GigabitEthernet?
    • maximum speed: 10Gbps
    • only full duplex
    • Physical Media Dependent (PMD) interfaces:
      • LAN PHY: Interconnects switches in a campus network, predominantly in the core layer
      • WAN PHY: Interfaces with existing synchronous optical network (SONET) or synchronous digital hierarchy (SDH) network that were typically found in metropolitan-area networks (MAN)
  • What other scales exist in Ethernet?
    • 40Gbps and 100Gbps Ethernet. Both are bonds of multiple Ten-GigabitEthernet.
  • How does speed and duplex negotiation work?
    • speed is determined by electrical signaling so that either end of a link can determine what speed the other end is trying to use
    • Duplex is negotiated: If you want to use autonegotiation both side must be configured to autonegotiate, or else one side will NEVER get information about the other end’s duplexity.
      If autonegotiation fails a switch port always falls back to half-duplex because it offers collision detection.Speed and duplex mode can be configured or negotiated only on switch ports that support twisted-pair cabling.
  • What is “switchport auto negotiation” command used for?
    • The same as duplex and speed coomand. When autonegotiation is enabled, the port automatically detects the speed or pause method, and duplex of incoming signals based on the link partner. You can also detect link up conditions using the autonegotiation feature.
  • What is the numbering convention of a Cisco interface (ie.: Fa1/0/14) ?
    • interface type member/module/number
    • In the example: the 14th FastEthernet port on the first switch in the stack
  • What are the 2 ways to configure multiple interfaces at the same time?
    • interface range GigabitEthernet1/0/2, GigabitEthernet1/2/1
    • interface range GigabitEthernet1/0/1 – 1/0/10
  • How do you define interface macro?
    • define interface-range MyGroup Gig1/0/1, Gig2/0/10, Gig3/0/1 – 3/0/5
      interface range macro MyGroup
  • How do you configure port speed?
    • interface INTERFACE-NAME
        speed 10/100/1000
  • How do you configure port duplex mode?
    • interface INTERFACE-NAME
        duplex half/full
  • What is an error condition?
    • When an error condition is detected the switch port is put into errdisable  state and is disabled. This can be tuned so it is only triggered by specific errors.
    • Some options:
      all : Detects every possible cause
      arp-inspection : Detects errors with dynamic ARP inspection
      bpduguard : Detects when a spanning-tree bridge protocol data unit (BPDU) is received on a port configured for STP PortFast
      dhcp-rate-limit : Detects an error with DHCP snooping
      ■ dtp-flap : Detects when trunking encapsulation is changing from one type to another
      gbic-invalid : Detects the presence of an invalid GBIC or SFP module
      inline-power : Detects an error with offering PoE inline power
      l2ptguard : Detects an error with Layer 2 Protocol Tunneling
      ■ link-flap : Detects when the port link state is “flapping” between the up and down states
      loopback : Detects when an interface has been looped back
      pagp-flap : Detects when an EtherChannel bundle’s ports no longer have consistent configurations
      pppoe-ia-rate-limit : Detects errors with PPPoE Intermediate Agent rate limiting
      psecure-violation : Detects conditions that trigger port security configured on a port
      psp : Detects an error related to protocol storm protection
      security-violation : Detects errors related to 802.1X security
      sfp-config-mismatch : Detects errors related to SFP configuration mismatches
      small-frame : Detects errors when VLAN-tagged packets are too small and arrive above a certain rate
      storm-control : Detects when a storm control theshhold has been exceeded on a port
      udld: Detects when a link is seen to be unidirectional (data passing in only one direction)
  • How can you check the reason of being error disabled?
    • show interface status err-disabled 
  • How can be a port recovered from Error Condition?
    • Manually: shutdown then a no shutdown
    • Automatically:
        errdisable recovery cause ERROR-CONDITION
        errdisable recocvery interval TIME-IN-SEC 
  • How can you check which type of ERROR-CONDITIONs are going to be recovered automatically?
    • show errdisable recovery 
  • What is the point of reenabling an errdisable port automatically?
    • When it is more important to keep a link up until the problem can be resolved.
  • How can you check port status effectively?
    • show interface
    • show interface status

show-int-status.PNG

  • What does the protocol and status means in a show int desc output?
    • protocol: physical or datalink layer
    • status: Layer 2
  • How can you notice a duplex mismatch?
    • Runts” and “Input errors” are visible in the show interface output.
  • What are the characteristics of Cisco Discovery Protocol?
    • it only work in one direction; advertisements are sent out periodically toward any listening device but nothing expected in return
    • works in Layer 2
    • by default CDP advertisements are sent out every 60 seconds
    • CDP is enabled by default
  • How do you turn off/on CDP?
    • It can be configured globally or under a specific interface
  • What is Layer Link Discovery Protocol (LLDP)?
    • Same as CDP but based on IEEE; work in multivendor network.
  • What are the characteristics of LLDP?
    • disabled by default (on Catalyst switches)
      You can check with: show lldp
  • How do you turn on/off LLDP?
    • globally: lldp run
    • globally: no lldp run

 

PoE (Power over Ethernet)

poeadapters-feature-device-protection

  • What type of PoE methods exist?
    • ILP (Cisco Inline Power) – 7W
    • PoE (IEEE 802.2af) – 15.4W
    • PoE+ (IEEE 802.3at) – 25.5W
    • UPoE (Cisco Universal PoE) – 60W
  • How can a PoE device detect a peer?
    • When a switch port is down, there power is also disabled ALTHOUGH the switch tries to detect whther a powered device is connected.
      It provides small voltage and measures the resistance wether the currect is being drawn by any other device.
  • How much power is sent?
    • By default the switch offer 15.4W / port. The peer can ask for more using CDP or LLDP advertisements and requests (it can ask up to 30W – 802.3at).
  • How do you configure PoE?
    • power inline auto/static max MILIWATTS
      • auto: the peer asks for power (CDP / LLDP)
      • static: you configure the exact power amount
      • max: you can configure the maximal power that could be asked by the peer (ie: 4000 = 4W)
  • What power classes exist?
    • 0 – 15.4W (default)
    • 1 – 4W
    • 2 – 7W
    • 3 – 15.4W
    • 4 – up to 30W (802.3at)
  • How do you turn off PoE?
    • power inline never
  • How do you verify PoE?
    • show power inline
      poe.PNG

Chapter 2 – Switch Operation

  • How does an Ethernet switch isolates the connection between hosts?
    • the collision domain’s scope is limited
    • host connections can operate in full-duplex mode
    • each switch port offers dedicated bandwidth across switch fabric to another switch port
    • each frame received on a switch port is checked for errors
      “store-and-forward” mechanism: packets received -> stored for inspection -> forwarded
    • the broadcast limit can be limited to a volume threshold
  • What is unkown unicast flooding? 
    • When a switch receives a frame but the destination MAC address is not listed in its forwarding table (CAM) it will flood the frame on all ports (in the same VLAN).
  • How does a switch process a frame?
    • switch-processing.PNG
    • First the frame arrives into the ingress queue where it decides where should it forward the frame/ whether it should forward the frame.
  • What is a TCAM table?
    • ternary content-addressable memory: security and/or QoS ACLs are checking the frame
  • What types of multilayer switching (MLS) exists?
    • Route caching: the first packet is processed by the Route Processor and the Switch Engine creates a shortcut in the MLS cache. The remaining packets of the traffic flow is using this shortcut.
    • Topology based = CEF: The Forwarding Information Base is built based on the routing process.
      multilayer-processing.PNG
  • What multilayer switching decisions happen when a packet enters into an MLS?
    • L2 forwarding check: The destination MAC address is used as an index into the CAM table. If the frame contains a Layer 3 packet that needs to be forwarded from one subnet to another, the destination MAC address will contain the address of a Layer 3 port on the switch itself. In this case, the CAM table results are used only to decide that the frame should be processed at Layer 3.
    • L3 forwarding check: The destination IP is checked in the FIB table this way the next-hop IP is obtained. The FIB also contains the next-hop MAC address and egress switch port  + VLAN so no further lookup is necessary.
    • Security ACLs and QoS ACLs are also checked in TCAM.
  • What else happen in the forwarding process (L2/3 headers)? 
    • the source/destination MAC address is modified
    • the TTL is decreased by 1
    • as both L2 and L3 contents are modified, both L2 and L3 checksum need to be recalculated
  • What is a punt adjacency?
    • When CEF cannot process a packet it will be passed to CPU for process switching.
      • ARP requests replies
      • TTL expired
      • CDP
      • packet need encryption
      • etc…
  • What is a CAM table and how do they work?
    • when an incoming frame arrives to the switch an entry is going to be added to the CAM table: source MAC, VLAN, port of arrival, time stamp
  • What is a stale entry?
    • An address that have not been heard from for a period of time is aged out (stale). By default this is 300 seconds.
  • How can you modify the CAM aging timer? 
    • mac address-table aging-time seconds
  • How do you configure a CAM entry statically?
    • mac address-table static mac-address vlan vlan-id interface interface
  • What might be the point of adding a MAC address statically?
    • The MAC address is removed from the CAM table every 300 seconds in case there is no communication. We might don’t want this to happen. i.e.: troubleshooting reasons
  • What happens when a MAC is learned on a port then changes to another port?
    • When the switch is learning a new MAC it checks whether that MAC is already in the CAM table.
  • What happens when a MAC address is flapping?
    • That MAC is being learned from more than 1 port.

 

 

  • What is the use of TCAM?
    • It can process multiple access security/QoS access lists (in/out) simultaneously. This operation can happen without latency as the TCAM is a special piece of hardware (ASIC).
  • What components does TCAM have?
    • Feature Manager (FM): The FM compiles or merges the Access Control Entries into the TCAM table. The TCAM then can be consulted at full frame-forwarding speed.
    • Switching Database Manager (SDM):  The TCAM is partitioned into several areas that support different functions.
  • What is TCAM VMR?
    • value, mask, result
  • How can you check the contents of the CAM table?
    • show mac address-table
    • useful: show mac address-table address MAC
    • useful: clear mac address-table …
  • How can you recognize a TCAM overflow?
    • When you are configuring ACL entries a syslog message will be generated as the TCAM is trying to compile the ACL entry into TCAM.
    • Smaller devices like Cisco 2960, 3750 and 3850 have a fixed architecture with limited switching table space. The CAM, FIB and other tables must all share resources, so you need to choose the best distribution.
      Other models like Catalyst 4500 and 6500 have more resources so we don’t need to worry about this problem.
  • How can you tune TCAM?
    • checking: show platform tcam utilization
    • check configured template: show sdm prefer
    • configure sdm template: sdm prefer TEMPLATE
      The switch must be rebooted after the sdm modification!

Chapter 1 – Enterprise Campus Network Design

  • What is a campus network?
    • An enterprise network consisting of many LANs in one or more buildings, all connected and all usually in the same place.
  • How do you reduce the size of a collision domain?
    • Using switches – one host one switch port.
  • How do you reduce the size size of broadcast domain?
    • Using routers.
  • What is a collapsed core network?
    • When there are no 3 different layers in a campus, only 2. The distribution and core switches are combined.
  • What is a switch block?
    • A switch block contains the access and distribution devices.
      switch-block.PNG
  • What size should a switchblock have? What is it based on?
    • traffic types and behavior
    • size and number of common workgroups
  • What is the recommended boundary of VLANs?
    • The VLANs should not extend beyond the distribution switches.
  • What is the purpose of the Core layer?
    • It connects 2 or more switchblocks in the campus.
  • What is the recommended design regarding the load?
    • the upper layer device should be designed to carry the aggregated amount of traffic load handled by the connected lower layer devices
      ie.: the uplink/crosslink of a core switch should be able to carry the aggregated traffic of the connected distribution switches

 

colapsed-core

 

 

multicore

 

  • What are the desired properties of an access switch?
    • high port density
    • PoE
    • low cost

common-access-switches.PNG

  • What are the desired properties of distribution and core switches?
    • high Layer 3 switching throughput
    • high density of high-bandwidth optical media

dist-core.PNG

 

 

 

 

Create a free website or blog at WordPress.com.

Up ↑