Transcription
CCNP Routing and Switching PortableCommand GuideScott EmpsonPatrick GarganoHans Roth800 East 96th StreetIndianapolis, Indiana 46240 USA
CCNP Routing and Switching Portable CommandGuidePublisherScott Empson, Patrick Gargano, Hans RothAssociate PublisherCopyright 2015 Cisco Systems, Inc.Paul BogerDave DusthimerPublished by:Business OperationManager, Cisco PressCisco PressJan Cornelssen800 East 96th StreetIndianapolis, IN 46240 USAAll rights reserved. No part of this book may be reproduced or transmitted in anyform or by any means, electronic or mechanical, including photocopying, recording, or by any information storage and retrieval system, without written permission from the publisher, except for the inclusion of brief quotations in a review.Printed in the United States of AmericaFirst Printing December 2014Library of Congress Control Number: 2014955978Executive EditorMary Beth RayManaging EditorSandra SchroederSenior DevelopmentEditorChristopher ClevelandSenior Project EditorTonya SimpsonISBN-13: 978-1-58714-434-9ISBN-10: 1-58714-434-4Copy EditorKeith ClineWarning and DisclaimerTechnical EditorThis book is designed to provide information about the CCNP Route (300-101)and CCNP SWITCH (300-115) exams. Every effort has been made to make thisbook as complete and as accurate as possible, but no warranty or fitness is implied.Diane TeareThe information is provided on an “as is” basis. The authors, Cisco Press, andCisco Systems, Inc. shall have neither liability nor responsibility to any person orentity with respect to any loss or damages arising from the information containedin this book or from the use of the discs or programs that may accompany it.The opinions expressed in this book belong to the author and are not necessarilythose of Cisco Systems, Inc.Trademark AcknowledgmentsAll terms mentioned in this book that are known to be trademarks or servicemarks have been appropriately capitalized. Cisco Press or Cisco Systems, Inc.,cannot attest to the accuracy of this information. Use of a term in this book shouldnot be regarded as affecting the validity of any trademark or service mark.Special SalesFor information about buying this title in bulk quantities, or for special salesopportunities (which may include electronic versions; custom cover designs;and content particular to your business, training goals, marketing focus, orbranding interests), please contact our corporate sales department atcorpsales@pearsoned.com or (800) 382-3419.For government sales inquiries, please contact governmentsales@pearsoned.com.For questions about sales outside the U.S., please contactinternational@pearsoned.com.Feedback InformationAt Cisco Press, our goal is to create in-depth technical books of the highestquality and value. Each book is crafted with care and precision, undergoingrigorous development that involves the unique expertise of members from theprofessional technical community.Readers’ feedback is a natural continuation of this process. If you have anycomments regarding how we could improve the quality of this book, or otherwisealter it to better suit your needs, you can contact us through email atfeedback@ciscopress.com. Please make sure to include the book title andISBN in your message.We greatly appreciate your assistance.Editorial AssistantVanessa EvansCover DesignerMark ShirarCompositionTricia BronkellaProofreaderJess DeGabriele
iiiContents at a GlanceIntroductionxixPart I: ROUTECHAPTER 1Basic Network and Routing Concepts1CHAPTER 2EIGRP ImplementationCHAPTER 3Implementing a Scalable Multiarea Network OSPF-BasedSolution 41CHAPTER 4Configuration of RedistributionCHAPTER 5Path Control ImplementationCHAPTER 6Enterprise Internet ConnectivityCHAPTER 7Routers and Router Protocol Hardening 1551391111119Part II: SWITCHCHAPTER 8Basic Concepts and Network DesignCHAPTER 9Campus Network ArchitectureCHAPTER 10 Implementing Spanning Tree191197221CHAPTER 11 Implementing Inter-VLAN Routing241CHAPTER 12 Implementing High-Availability NetworksCHAPTER 13 First-Hop Redundancy ImplementationCHAPTER 14 Campus Network Security259277311AppendixesAPPENDIX A Private VLAN Catalyst Switch Support MatrixAPPENDIX B Create Your Own Journal HereIndex 359339337
ivTable of ContentsIntroductionxixPart I: ROUTECHAPTER 1Basic Network and Routing Concepts1Cisco Hierarchical Network Model 1Cisco Enterprise Composite Network Model 2Typically Used Routing Protocols 2IGP Versus EGP Routing Protocols 3Routing Protocol Comparison 3Administrative Distance 3Static Routes: permanent Keyword 4Floating Static Routes 5Static Routes and Recursive Lookups 5Default Routes 6Verifying Static Routes 6Assigning IPv6 Addresses to Interfaces 7Implementing RIP Next Generation (RIPng) 7Verifying and Troubleshooting RIPng 8Configuration Example: RIPng 9IPv6 Ping 11IPv6 Traceroute 12CHAPTER 2EIGRP ImplementationConfiguring EIGRPEIGRP Router ID131415EIGRP AutosummarizationPassive EIGRP Interfaces1516“Pseudo” Passive EIGRP InterfacesEIGRP Timers1717Injecting a Default Route into EIGRP: Redistribution of a StaticRoute 18Injecting a Default Route into EIGRP: IP Default Network18Injecting a Default Route into EIGRP: Summarize to 0.0.0.0/019
vAccepting Exterior Routing Information: default-information 20Load Balancing: Maximum Paths 20Load Balancing: Variance 20Bandwidth Use 21Stub Networks 21EIGRP Unicast Neighbors 22EIGRP over Frame Relay: Dynamic Mappings 23EIGRP over Frame Relay: Static Mappings 24EIGRP over Frame Relay: EIGRP over Multipoint Subinterfaces 25EIGRP over Frame Relay: EIGRP over Point-to-PointSubinterfaces 26EIGRP over MPLS: Layer 2 VPN 28EIGRP over MPLS: Layer 3 VPN 30EIGRPv631Enabling EIGRPv6 on an Interface 31Configuring the Percentage of Link Bandwidth Used byEIGRPv6 32EIGRPv6 Summary Addresses 32EIGRPv6 Timers 32EIGRPv6 Stub Routing 32Logging EIGRPv6 Neighbor Adjacency Changes 33Adjusting the EIGRPv6 Metric Weights 33EIGRP Address Families 33Named EIGRP Configuration Modes 34Verifying EIGRP and EIGRPv6 35Troubleshooting EIGRP 37Configuration Example: EIGRPv4 and EIGRPv6 using Named AddressConfiguration 37CHAPTER 3Implementing a Scalable Multiarea Network OSPF-BasedSolution 41OSPF Message Types 42OSPF LSA Types 43Configuring OSPF 44Using Wildcard Masks with OSPF Areas 44Configuring Multiarea OSPF 45Loopback Interfaces 45Router ID 46DR/BDR Elections 46Passive Interfaces 46
viModifying Cost Metrics47OSPF auto-cost reference-bandwidthOSPF LSDB Overload ProtectionTimersIP MTU47484849Propagating a Default RouteOSPF Special Area TypesStub Areas494950Totally Stubby Areas50Not-So-Stubby Areas51Totally NSSARoute Summarization5152Interarea Route Summarization52External Route Summarization52Configuration Example: Virtual Links52OSPF and NBMA Networks53OSPF over NBMA Topology SummaryIPv6 and OSPFv35757Enabling OSPF for IPv6 on an InterfaceOSPFv3 and Stub/NSSA Areas5858Interarea OSPFv3 Route Summarization59Enabling an IPv4 Router ID for OSPFv359Forcing an SPF Calculation59IPv6 on NBMA Networks60OSPFv3 Address Families60Verifying OSPF ConfigurationTroubleshooting OSPF6163Configuration Example: Single-Area OSPFConfiguration Example: Multiarea OSPF6465Configuration Example: OSPF and NBMA NetworksConfiguration Example: OSPF and Broadcast Networks6972Configuration Example: OSPF and Point-to-Multipoint NetworksConfiguration Example: OSPF and Point-to-Point Networks UsingSubinterfaces 80Configuration Example: IPv6 and OSPFv3 83Configuration Example: OSPFv3 with Address Families 8676
viiCHAPTER 4Configuration of Redistribution 91Defining Seed and Default Metrics 91Redistributing Connected Networks 93Redistributing Static Routes 93Redistributing Subnets into OSPF 93Assigning E1 or E2 Routes in OSPF 94Redistributing OSPF Internal and External Routes 95Configuration Example: Route Redistribution for IPv4 95Configuration Example: Route Redistribution for IPv6 97Verifying Route Redistribution 98Route Filtering Using the distribute-list Command 98Configuration Example: Inbound and Outbound Distribute ListRoute Filters 99Configuration Example: Controlling Redistribution withOutbound Distribute Lists 100Verifying Route Filters 100Route Filtering Using Prefix Lists 101Configuration Example: Using a Distribute List That Referencesa Prefix List to Control Redistribution 103Verifying Prefix Lists 104Using Route Maps with Route Redistribution 104Configuration Example: Route Maps 105Manipulating Redistribution Using Route Tagging 106Changing Administrative Distance for Internal and ExternalRoutes 108Passive InterfacesCHAPTER 5108Path Control Implementation111Verifying Cisco Express Forwarding 111Configuring Cisco Express Forwarding 111Path Control with Policy-Based Routing 112Verifying Policy-Based Routing 113Configuration Example: PBR with Route Maps 114Cisco IOS IP Service Level Agreements 115Step 1: Define One (or More) Probe(s) 116Step 2: Define One (or More) Tracking Object(s) 117Step 3a: Define the Action on the Tracking Object(s) 117Step 3b: Define Policy Routing Using the TrackingObject(s) 117Step 4: Verify IP SLA Operations 118
viiiCHAPTER 6Enterprise Internet Connectivity119Configuring a Provider Assigned Static or DHCP IPv4 AddressConfiguring Static NATConfiguring Dynamic NAT121Configuring NAT Overload (PAT)Verifying NAT120121122124NAT Virtual Interface124Configuration Example: NAT Virtual Interfaces and Static NATConfigure Basic IPv6 Internet ConnectivityConfiguring IPv6 ACLs124125126Verifying IPv6 ACLs127Configuring Redistribution of Default Routes with Different Metrics ina Dual-Homed Internet Connectivity Scenario 127Configuring BGP128BGP and Loopback AddressesiBGP Next-Hop BehavioreBGP Multihop129129130Verifying BGP Connections132Troubleshooting BGP ConnectionsDefault RoutesAttributes132133134Route Selection Decision Process 134Weight Attribute 134Using AS PATH Access Lists to Manipulate the WeightAttribute 136Using Prefix Lists and Route Maps to Manipulate the WeightAttribute 136Local Preference Attribute 137Using AS PATH Access Lists with Route Maps to Manipulatethe Local Preference Attribute 138AS PATH Attribute Prepending 139AS PATH: Removing Private Autonomous Systems 141MED Attribute 142Route Aggregation 144Route Reflectors 145Regular Expressions 146Regular Expressions: Examples 146BGP Route Filtering Using Access Lists and Distribute Lists 147
ixConfiguration Example: Using Prefix Lists and AS PATH AccessLists 149BGP Peer Groups 150MP-BGP151Configure MP-BGP Using Address Families to Exchange IPv4and IPv6 Routes 151Verifying MP-BGP 153CHAPTER 7Routers and Routing Protocol Hardening155Securing Cisco Routers According to Recommended Practices 156Securing Cisco IOS Routers Checklist 156Components of a Router Security Policy 157Configuring Passwords 157Password Encryption 158Configuring SSH 159Restricting Virtual Terminal Access 160Securing Access to the Infrastructure Using Router ACLs 161Configuring Secure SNMP 162Configuration Backups 165Implementing Logging 166Disabling Unneeded Services 169Configuring Network Time Protocol 169NTP Configuration 170NTP Design 171Securing NTP 172Verifying NTP 173SNTP174Setting the Clock on a RouterUsing Time Stamps174178Configuration Example: NTP 178Authentication of Routing Protocols 182Authentication Options for Different Routing Protocols 182Authentication for EIGRP 183Authentication for OSPF 185Authentication for BGP and BGP for IPv6 189
xPart II: SWITCHCHAPTER 8Basic Concepts and Network Design191Hierarchical Model (Cisco Enterprise Campus Architecture) 191Verifying Switch Content-Addressable Memory 192Switching Database Manager Templates 192Configuring SDM Templates 192Verifying SDM Templates 193LLDP (802.1AB) 194Configuring LLDP 194Verifying LLDP 195Power over Ethernet 196Configuring PoE 196Verifying PoE 196CHAPTER 9Campus Network ArchitectureVirtual LANs197198Creating Static VLANs198Normal-Range static VLAN Configuration198Extended-Range static VLAN ConfigurationAssigning Ports to Data and Voice VLANsUsing the range Command199199200Dynamic Trunking Protocol200Setting the Trunk Encapsulation and Allowed VLANsVerifying VLAN Information202Saving VLAN Configurations202Erasing VLAN Configurations203Verifying VLAN TrunkingVLAN Trunking Protocol203204Using Global Configuration ModeVerifying VTP201204206Configuration Example: VLANsLayer 2 Link Aggregation206209Link Aggregation Interface Modes210Guidelines for Configuring Link AggregationConfiguring L2 EtherChannel211Configuring L3 EtherChannel211210
xiVerifying EtherChannel212Configuring EtherChannel Load Balancing212Configuration Example: PAgP EtherChannelDHCP for IPv4213216Configuring Basic DHCP Server for IPv4216Configuring DHCP Manual IP Assignment for IPv4Implementing DHCP Relay IPv4Verifying DHCP for IPv4217218Implementing DHCP for IPv6218Configuring DHCPv6 Server219Configuring DHCPv6 Client219Configuring DHCPv6 Relay AgentVerifying DHCPv6220220CHAPTER 10 Implementing Spanning Tree221Spanning-Tree Standards 222Enabling Spanning Tree Protocol 222Configuring the Root Switch223Configuring a Secondary Root SwitchConfiguring Port Priority224224Configuring the Path Cost224Configuring the Switch Priority of a VLANConfiguring STP TimersVerifying STP225226Cisco STP Toolkit226Port Error ConditionsFlexLinks225231231Changing the Spanning-Tree Mode 231Extended System ID 232Enabling Rapid Spanning Tree 232Enabling Multiple Spanning Tree 233Verifying MST 235Troubleshooting Spanning Tree 235Configuration Example: PVST 235Spanning-Tree Migration Example: PVST to RapidPVST 239217
xiiCHAPTER 11 Implementing Inter-VLAN Routing241Inter-VLAN Communication Using an External Router: Router-on-aStick 241Inter-VLAN Routing Tips 242Removing L2 Switch Port Capability of a Switch Port 242Configuring SVI Autostate 243Inter-VLAN Communication on a Multilayer Switch Through a SwitchVirtual Interface 243Configuration Example: Inter-VLAN Communication 244Configuration Example: IPv6 Inter-VLAN Communication 251CHAPTER 12 Implementing High-Availability Networks259Configuring IP Servi
CCNP Routing and Switching Portable Command Guide Scott Empson Patrick Gargano Hans Roth 800 East 96th Street Indianapolis, Indiana 46240 USAFile Size: 654KBPage Count: 76
