COMP08084 2012 Implementing Advanced Switching

Evaluate a campus network in order to design a reliable, scalable network

Configure, verify and troubleshoot switches using VTP, STP, Link aggregation

Assess a switched network in order to determine and implement appropriate security features.

Continuous assessment will take place in a laboratory environment employing simulation techniques as well as hands on testing using approved industry standard equipment

Analyzing the Cisco Enterprise Campus Architecture

• Standards, Campus Designs, Legacy Campus Designs, Hierarchical Models for Campus Design
• Impact of Multilayer Switches on Network Design - L2, L3 switches, L4, L7 switching
• Campus Network Traffic Types - Peer-to-Peer Applications, Client/Server Applications
• Overview of the SONA and Borderless Networks
• Enterprise Campus Design - Access Layer, Distribution Layer, Core Layer
• PPDIOO Lifecycle Approach to Network Design and Implementation 37

Implementing VLANs in Campus Networks

1. End-to-End VLAN, Local VLAN
2. Planning VLAN Implementation
3. Configuring, verify and troubleshoot VANs - ranges
4. Trunking in Cisco Campus Network - 802.1Q, ISL
5. VTP -  Pruning, versions, message type, advertisements, authentication
6. Private VLANs - Port Types
7. Link Aggregation with EtherChannel - PAgP and LACP Protocols, load Balancing Options

Implementing Spanning Tree

• Spanning Tree Protocol Basics - STP Operations, portfast, recommended practices and defaults
• Rapid Spanning Tree Protocol - Port States, Port Roles, Transition to Forwarding, Topology Change Mechanism
• Per VLAN Spanning Tree + - Bridge Identifier, Compatibility with 802.1D
• Multiple Spanning Tree - Regions, Extended System ID for MST,
• Enhancements - BPDU Guard, BPDU Filtering, Root Guard, Preventing Loops and Black Holes, Loop Guard, 
• UDLD - Comparison Between Aggressive Mode UDLD and Loop Guard, Flex Links
• Potential STP Problems - Duplex Mismatch, Unidirectional Link Failure, Frame Corruption, Resource Errors, PortFast Configuration Error
• Troubleshooting Methodology - Develop a Plan, Isolate the Cause and Correct an STP Problem, Document Findings

Implementing Inter-VLAN Routing

• Using an External Router (Router-on-a-Stick) and Switch Virtual Interfaces
• Routing with Routed Ports - Advantage and Disadvantages
• L2 EtherChannel Versus L3 EtherChannel
• Configuring, verify, troubleshoot Inter-VLAN Routing - Implementation Planning, SVI Autostate, Multilayer Switch, EtherChannel, Routing Protocol,
• DHCP - Operation, DHCP Relay, configure, verify and troubleshoot
• Deploying CEF-Based Multilayer Switching - Concepts, Layer 3 Switch Processing, CAM and TCAM, Distributed Hardware Forwarding
• Cisco Switching Methods - Route Caching, Topology-Based Switching, CEF Processing, Operation and Use of TCAM, CEF Modes of Operation, Address Resolution Protocol Throttling, Load sharing

Implementing High Availability and Redundancy in a Campus Network

• Understanding High Availability - Components, Redundancy, 
• Resiliencey for High Availability - Network-Level Resiliency, High Availability and Failover Times, 
• Provide Alternate Paths
• Avoid - Too much Redundancy, Single Point of Failure
• Implementing Network Monitoring,
• Network Management Overview - Syslog, SNMP, IP Service Level Agreement
• Hot Standby Router Protocol (HSRP) - States, State Transition, Active Router and STP
• Configure HSRP - Priority and Preempt, Authentication, Timers, Interface + Object Tracking, Groups, Monitoring
• Virtual Router Redundancy Protocol - Operation, Transition Process, Configuring VRRP
• Gateway Load Balancing Protocol - Functions, Features, Operations, Interface Tracking
• Cisco IOS Server Load Balancing - Modes of Operation, Server Farm, Virtual Servers

Securing the Campus Infrastructure

• Attacks - Rogue Devices, Layer 2 Attacks, MAC Layer Attack, MAC Flooding Attacks, Port Security
• Understnading and preventing VLAN Attacks - VLAN Hopping, VLAN Access Control Lists
• Understanding and preventing Spoofing Attacks - DHCP Spoofing + Snooping, ARP Spoofing, IP Spoofing and IP Source Guard
• Securing Network Switches - Neighbor discovery protocols - CDP, LLDP
• Securing Switch Access - Telnet, SSH, VTY ACLs, HTTP Secure Server, (AAA), Port-Based Authentication
• Switch Security Considerations - Security Policies, Strong System Passwords, Restricting Management Access Access to the Console, vty Lines, Warning Banners, Disabling Unneeded or Unused Services, Disabling the Integrated HTTP Daemon, Basic System Logging, Securing SNMP
• Monitoring Performance with SPAN, VSPAN, RSPAN, ERSPAN, VACL