BCMSN30CAG

8/13/2019 BCMSN30CAG

http://slidepdf.com/reader/full/bcmsn30cag 1/76

BCMSN

Course Management

Overview Building Cisco Multilayer Switched Networks (BCMSN) v3.0 is an instructor-led course presented by Cisco Systems Training partners. This five-day course will instruct the learner inhow to create an efficient and expandable enterprise network by installing, configuring,monitoring, and troubleshooting network infrastructure equipment according to the CampusInfrastructure module in the Enterprise Composite Network Model (ECNM).

OutlineThe Course Management section of the Course Administration Guide includes these topics:

Overview

Course Instruction Details

Post-Course Evaluations

Course VersionThis course updates Building Cisco Multilayer Switched Networks (BCMSN) v2.1.

Course Objectives Upon completing this course, the learner will be able to meet these overall objectives:

Describe the Campus Infrastructure module of the ECNM Define VLANs to segment network traffic and manage network utilization Explain the procedure for configuring both 802.1Q and ISL trunking between two switches

so that VLANs that span the switches can connect Describe how VLAN configuration of switches in a single management domain can be

automated with the Cisco proprietary VTP Implement high availability technologies and techniques using multilayer switches in a

campus environment Describe WLANs Describe and configure switch infrastructure to support voice Describe and implement security features in a switched network



2 Building Cisco Multilayer Switched Networks (BCMSN) v3.0 © 2006 Cisco Systems, Inc.

Target AudiencePeople who fulfill the following functions are the primary audience for this course:

An individual who is a network administrator, network engineer, network manager, orsystems manager

People who fulfill the following function are the secondary audience for this course:

An individual who is a network designer

Learner Skills and KnowledgeThe knowledge and skills that a learner must have before attending this course include thefollowing:

Completion of the course Interconnecting Cisco Network Devices (ICND)

Ability to complete the initial configuration of a switch

Ability to configure a switch with VLANs Ability to create basic interswitch connections

Ability to troubleshoot a VLAN

Ability to complete the initial configuration of a router



© 2006 Cisco Systems, Inc. Course Administration Guide 3

Course Instruction DetailsThis topic provides the information that you need to prepare the course materials and set up theclassroom environment.

Instructor RequirementTo teach this course, instructors must have attended the following training or completed thefollowing requirements:

Certified Cisco Systems Instructor who is certified in BCMSN delivery

Should have earned the Cisco CCNP ® or CCIE ® certification

Note Submit questions concerning instructor certification to [email protected].

Classroom Reference MaterialsThese items should be available for the learner during the course:

Student Guide

Paper, pen, pencils, and/or other miscellaneous office supplies needed to support learners

Class EnvironmentThis information describes recommended class size and classroom setup:

Room set up classroom-style, with chairs and tables Room sized for 16 learners

Eight pairs of chairs sharing access to eight laptops or terminals

Projector to display course PowerPoint slides

Projection screen as needed

Sufficient power for all equipment

For local labs, rack and floor space for all equipment

For remote labs, access to Internet for all learners and instructor




Course FlowThis is the suggested course schedule. You may make adjustments based on the skills,knowledge, and preferences of the learners in attendance. The presentation of all topics isoptional for noncertification offerings , but you are encouraged to use them because they are

designed to reinforce the lesson concepts and ensure that learners apply some of the concepts.

Day 1:

8:30–9:00(0830–0900)

Course Introduction

9:00–10:20(0900–1020)

Lesson 1-1: Introducing Campus Networks

10:30–12:00(1030–1200)

Quiz 1-1: Describing the Campus Infrastructure Module

Lab 1-2: Getting Started with Cisco Catalyst Equipment

12:00–1:00

(1200–1300)

Lunch

1:00–1:40(1300–1340)

Lesson 2-1: Implementing Best Practices for VLANTopologies

1:40-2:20(1340-1420)

Lesson 2-2: Implementing VLANs

2:20-3:00(1440-1500)

Lesson 2-3: Implementing Trunks

3:00-3:40(1500-1540)

Lesson 2-4: Propagating VLAN Configurations with VTP

3:40-4:20(1540-1620)

Lesson 2-5: Correcting Common VLAN ConfigurationErrors

4:20-5:00(1620-1700)

Lab 2-1: Configuring VLANs and VTP

5:00 (1700) Day ends

Day 2:

8:00–8:30(0800–0830)

Review of Day 1

8:30–9:30(0830–0930)

Lesson 3-1: Describing the STP

9:30–10:30(0930–1030)

Lab 3-1: Configuring Primary and Backup Root Bridges

10:30–11:00(1030–1100) Lesson 3-2: Implementing RSTP

11:00-12:00(1100–1200)

Lab 3-2: Implementing PVRST

12:00–1:00(1200–1300)

Lunch

1:00–1:20(1300–1320)

Lesson 3-3: Implementing MSTP

1:20-2:00(1320–1400)

Lab 3-3: Implementing MST

2:00-2:20(1400–1420)

Lesson 3-4: Configuring Link Aggregation withEtherChannel




2:20-3:10(1420–1510)

Lab 3-4: Configuring EtherChannel

Lab 3-5: Troubleshooting Spanning Tree

3:10-3:40(1510–1540)

Lesson 4:1: Describing Routing Between VLANs

Quiz 4-1: Describing Routing Between VLANs

3:40-4:00(1540–1600)

Lesson 4-2: Enabling Routing Between VLANs on aMultilayer Switch

4:00-5:001600–1700)

Lab 4-2: Routing Between VLANs

5:00 (1700) Day ends

Day 3:

8:00–8:30(0800–0830)

Review of Day 2

8:30-10:20(0830-1020)

Lab 4-2: Routing Between VLANs (continued fromDay 2)

10:20- 11:00(1020-1100)

Lesson 4-3: Deploying CEF-Based Multilayer Switching

11:00-12:00(1100–1200)

Lesson 5-1: Configuring Layer 3 Redundancy with HSRP

12:00–1:00(1200–1300)

Lunch

1:00–1:30(1300–1330)

Lesson 5-2: Optimizing HSRP

1:30-3:00(1330–1500)

Lab 5-1: Enabling and Optimizing HSRP

3:00-5:00

(1500–1700)

Lesson 5-3: Configuring Layer 3 Redundancy with VRRP

and GLBP 5:00 (1700) Day ends

Day 4: Wireless LANs

8:00–8:30(0800–0830)

Review of Day 3

8:30–10:00(0830–1000)

Lesson 6-1 Introducing WLANs

Lesson 6-2 Describing WLAN Topologies

10:10–12:00(1010–1200)

Lesson 6-3 Explaining WLAN Technology and Standards

12:00–1:00(1200–1300)

Lunch

1:00–3:00(1300–1500)

Lab 6-1: Configuring Switches for WLANs

Lesson 6-4 Configuring Cisco WLAN Clients

3:10–5:00(1510–1700)

Lesson 6-5 Implementing WLANs

Lesson 6-6 Configuring WLANs

Lab 6-2: Setting Up the WLAN Controller

Lab 6-3: Configuring the Controller via the Web BrowserLab 6-4: Configuring a Wireless Client (Optional)

5:00 (1700) Day ends




Day 5:

8:00–8:30(0800–0830)

Review of Day 4

8:30–9:15(0830–0915)

Lesson 7-1: Planning for Implementation of Voice in aCampus Network

9:15–10:00(0915–1000)

Lesson 7-2: Accommodating Voice Traffic on CampusSwitches

10:00–11:00(1000–1100)

Lab 7-1: Configuring IP Telephony Support

11:00-11:20(1100–1120)

Lesson 8-1: Understanding Switch Security Issues

11:20-11:40(1120–1140)

Lesson 8-2: Protecting Against VLAN Attacks

11:40-12:00(1140–1200)

Lesson 8-3: Protecting Against Spoof Attacks

12:00–1:00(1200–1300)

Lunch

1:00–1:20(1300–1320)

Lesson 8-4: Describing STP Security Mechanisms

1:20-1:40(1320–1340)

Lesson 8-5: Preventing STP Forwarding Loops

1:40-2:00(1340–1400)

Lesson 8-6: Securing Network Switches

2:00-2:45(1400–1445)

Case Study 8-1: Applying Security Practices to SecureDevices in the Campus

2:45-3:30(1445–1530)

Case Study 8-2: Using Security Tools to Secure Devicesin the Campus

3:30-5:00(1530-1700)

Lab 8-3: Applying Security Tools

5:00 (1700) Wrap-up




High-Level Course OutlineThis subtopic provides an overview of how the course is organized. The course contains thesecomponents:

Course Introduction Network Requirements

Defining VLANs

Implementing Spanning Tree

Implementing Inter-VLAN Routing

Implementing High Availability in a Campus Environment

Wireless LANs

Configuring Campus Switches to Support Voice

Minimizing Service Loss and Data Theft in a Campus Network Lab Guide

Detailed Course OutlineThis in-depth outline of the course structure lists each module, lesson, and topic.

Course Introduction

The Course Introduction provides learners with the course objectives, prerequisite learner skillsand knowledge, and general administrative information. The Course Introduction presents thecourse flow diagram and the icons used in the course illustrations and figures. This coursecomponent also designates time for the learners to introduce themselves and describe their

backgrounds, giving the instructor valuable information about the knowledge and experiencelevels of the learners.

Overview

— Learner Skills and Knowledge

Course Goal and Objectives

Course Flow

Your Training Curriculum

— CCNP Career Certifications






The lesson includes these activities:

Quiz 1-1: Describing the Campus Infrastructure Module

Lab 1-2: Getting Started with Cisco Catalyst Equipment

Module 2: Defining VLANs

This module defines the purpose of VLANs and describes how VLAN implementation cansimplify network management and troubleshooting and can improve network performance.When VLANs are created, their names and descriptions are stored in a VLAN database that can

be shared between switches. The learner will see how design considerations determine whichVLANs will span all the switches in a network and which VLANs will remain local to a switch

block.

The configuration components of this module will describe how individual switch ports maycarry traffic for one or more VLANs, depending on their configuration as access or trunk ports.This module explains both why and how VLAN implementation occurs in an enterprisenetwork.

Lesson 1: Implementing Best Practices for VLAN Topologies

Upon completing this lesson, the learner will be able to identify how various technologies are best implemented within the Campus Infrastructure module. This ability includes being able tomeet these objectives:

List the issues that can occur in a poorly designed network

Given a sample organization, explain how to designate VLANs for the organization

Describe the different network interconnection technologies and identify their appropriateusage in a campus network

Determine the equipment and cabling needs on the various links of VLANs in a campusnetwork

Map a hierarchical IP addressing scheme to the VLANs in a campus network

Identify the most common traffic sources and their destination on a campus network

The lesson includes these topics:

Describing Issues in a Poorly Designed Network

Grouping Business Functions into VLANs

Describing Interconnection Technologies

Determining Equipment and Cabling Needs Mapping VLANs in a Hierarchical Network

Considering Traffic Source to Destination Paths

Lesson 2: Implementing VLANs

VLANs are used to create logical broadcast domains and Layer 3 segments in a given network.A VLAN is considered a logical segment because the traffic it carries may traverse multiple

physical network segments. This lesson will examine how switch ports can be staticallyconfigured to belong to one or more VLANs and how various ports on a single switch can

belong to different VLANs. End-to-end VLANs will be differentiated from local VLANs.




Local VLANs exist within the context of a single switch or switch block, whereas end-to-endVLANs span multiple network segments interconnected by switches.

Upon completing this lesson, the learner will be able to meet these objectives:

Define an end-to-end VLAN

Define a local VLAN

Describe the benefits of implementing local VLANs in a campus network

Describe the VLAN configuration modes and their functions

Define a VLAN access port

List the commands to implement a VLAN

List the steps to create a VLAN and associate it with an access port


Describing End-to-End VLANs

Describing Local VLANs

Benefits of Local VLANs in an Enterprise Campus Network

VLAN Configuration Modes

Explaining VLAN Access Ports

Describing VLAN Implementation Commands

Implementing a VLAN

Lesson 3: Implementing Trunks

Switch ports carrying traffic for multiple VLANs are called trunk ports. As frames frommultiple VLANs traverse trunk ports, the switch must identify each frame to associate it with agiven VLAN. This lesson will examine the differences between Inter-Switch Link (ISL) and802.1Q, two protocols used to mark frames on a trunk link.


Describe a VLAN trunk in an enterprise network

Describe ISL trunking

Describe 802.1Q trunking

Define an 802.1Q native VLAN

Explain VLAN ranges and their usage

Identify the commands used to configure trunking

Explain the procedure to configure trunking


Explaining VLAN Trunks

Describing ISL Trunking

Describing 802.1Q Trunking

Explaining 802.1Q Native VLANs




Explaining VLAN Ranges

Describing Trunking Configuration Commands

Configuring Trunking

Lesson 4: Propagating VLAN Configurations with VTP

When VLANs span multiple switches, a protocol is needed to accurately manage VLANinformation at each switch. This protocol is referred to as VLAN Trunk Protocol (VTP) and isused to ensure that all switches in a given group, or VTP domain, have the same informationabout the VLANs present in that domain. This lesson will examine VTP and how it allows eachswitch to participate in the VTP domain. The VTP mode determines if and when updates aresent by a switch.


Define a VTP domain in a campus network

Define VTP

Describe the three different VTP modes

Describe VTP Pruning

Describe how VTP distributes and synchronizes VLAN information

Describe the commands used to configure and verify a VTP management domain

Describe the procedures to configure a VTP management domain

Describe the procedure to add a new switch to an existing VTP domain


Explaining VTP Domains

Describing the VTP

VTP Modes

Describing VTP Pruning

Describing VTP Operation

Describing VTP Configuration Commands

Configuring a VTP Management Domain

Adding New Switches to an Existing VTP Domain




Lesson 5: Correcting Common VLAN Configuration Errors

When VLANs span multiple switches, there are configuration challenges and issues to beovercome. VLAN configuration problems include security issues related to the 802.1Q nativeVLAN and Dynamic Trunking Protocol (DTP).


Identify the security issues with 802.1Q native VLANs

Describe how to resolve the security issues with 802.1Q native VLANs

List key problems that result from trunk link configuration

Identify best practices for resolving trunk link problems

Identify common problems with VTP configuration

Describe best practice for VTP configuration


Describing Issues with 802.1Q Native VLANs

Resolving Issues with 802.1Q Native VLANs

Describing Trunk Link Problems

Resolving Trunk Link Problems

Common Problems with VTP Configuration

Best Practice for VTP Configuration

The lesson includes this activity:

Lab 2-1: Configuring VLANs and VTP




Module 3: Implementing Spanning Tree

This module introduces the fundamentals of Spanning Tree Protocol (STP) operation in aswitched network. The root bridge will be explained as well as how the root bridge and its

backup are elected. Features for enhancing the performance of STP will be covered—namely,

Rapid STP (RSTP) and Multiple STP (MSTP). The learner will discover how EtherChannel isconfigured and how it interoperates with STP. The module also provides guidelines onimproving STP resiliency when network faults occur.

Lesson 1: Describing the STP

In a campus network where there are redundant links between switches, STP manages whichlinks will provide an active Layer 2 path, which ones will be inactive, and which ones will

provide redundancy in the case of active path failure. This lesson will examine the generalcomponents and operation of STP in a switched network.


Describe a transparent bridge Identify the traffic patterns in a bridge loop

Define a loop-free network

Describe the 802.1D STP

Define a root bridge

Describe the four port roles

Describe PortFast, PVST+, RSTP, MSTP, and PVRST


Describing Transparent Bridges

Identifying Traffic Loops

Explaining a Loop-Free Network

Describing the 802.1D STP

Describing the Root Bridge

Describing Port Roles

Explaining Enhancements to STP



Lesson 2: Implementing RSTP

Rapid Spanning Tree Protocol (RSTP) is an improvement on the original 802.1D STP standard.RSTP provides much faster convergence when topology changes occur in a switched network.Through the use of specific port states, port roles, and link types, RSTP very quickly adapts tonetwork topology transitions. A proposal and agreement process between neighbor switches isunique to RSTP. Also, Topology Change Notifications (TCNs) are transferred in a verydifferent manner than they are in 802.1D STP operation. Configuration of RSTP is much thesame as in 802.1D, except for a few variations and identifiable characteristics in the spanningtree verification commands.





Describe the RSTP

Describe the three RSTP port states

Describe the five different RSTP port roles

Explain an edge port

Describe the function of the different RSTP link types

Differentiate the 802.1w use of the BPDU from 802.1D

Describe the stages of the RSTP proposal and agreement process

Describe the process that RSTP uses to notify all bridges in the network of a TC

Describe the commands used to implement RSTP

Explain the procedure to implement RSTP in a switched network


Describing the RSTP

Describing RSTP Port States

Describing RSTP Port Roles

Explaining Edge Ports

Describing RSTP Link Types

Examining the RSTP BPDU

Identifying the RSTP Proposal and Agreement Process

Identifying the RSTP TCN Process

Describing PVRST Implementation Commands

Implementing PVRST Commands



Lesson 3: Implementing MSTP

Per VLAN Spanning Tree (PVST) creates a single instance of spanning tree for each VLAN inthe network. This may impose a processing load on a switch when many VLANs are present.Multiple Spanning Tree Protocol (MSTP) reduces this loading by allowing a single instance ofspanning tree to run for multiple VLANs. Specific configuration and verification steps must befollowed to properly implement MSTP.


Describe MSTP

Describe the characteristics of an MST region

Describe changes to the Bridge Priority field to accommodate the MSTP instance number

Describe how MSTP operates with CST

Describe the commands used to implement MSTP

Explain the procedure to implement MSTP in a switched network





Explaining MSTP

Describing MSTP Regions

Describing the Extended System ID

Interacting Between MSTP Regions and 802.1Q

Describing MSTP Implementation Commands

Configuring and Verifying MSTP


Lab 3-3: Implementing MST

Lesson 4: Configuring Link Aggregation with EtherChannel

When multiple physical links exist between two switches, these links can be bundled into a

single logical link that provides high aggregate bandwidth and fault tolerance for interswitchconnectivity. This lesson will examine the specifics of EtherChannel.


Describe EtherChannel

Compare the PAgP and LACP

Describe the commands used to configure EtherChannel

Describe the guidelines and best practices for configuring port channels usingEtherChannel

Configure load balancing among the ports included in an EtherChannel


Describing EtherChannel

Describing the PAgP and LACP Protocols

Describing EtherChannel Configuration

Configuring Port Channels Using EtherChannel

Configuring Load Balancing over EtherChannel


Lab 3-4: Configuring EtherChannel Lab 3-5: Troubleshooting Spanning Tree




Module 4: Implementing Inter-VLAN Routing

A switch with multiple VLANs requires a means of passing Layer 3 traffic between thoseVLANs. This module describes both the process and various methods of routing traffic fromVLAN to VLAN. A router that is external to the Layer 2 switch hosting the VLANs can

provide the inter-VLAN routing.When routing occurs within a Cisco Catalyst multilayer switch, Cisco Express Forwarding(CEF) is deployed to facilitate Layer 3 switching through hardware-based tables, providing anoptimal packet-forwarding process. When CEF is implemented, routing is enabled betweenVLANs through the configuration of switch virtual interfaces (SVIs) associated with thevarious VLANs on the multilayer switch.

Lesson 1: Describing Routing Between VLANs

Layer 2 switching involves processing frames with respect to their data link layer headers.Information from those headers is stored within the content addressable memory (CAM) tablein the switch, which in turn provides the information required to make the forwarding decisionsas frames traverse the switch. When multiple Layer 2 VLANs are configured on a switch, aLayer 3 process is required for inter-VLAN communication. VLAN-to-VLAN packet transfercan occur on a Layer 3 device external to the switch.


Describe how inter-VLAN routing works using an external router

Describe the commands used to configure inter-VLAN routing using an external router

Explain the procedure to configure inter-VLAN routing using an external router

Explain how switching interfaces use the forwarding engine to implement Layer 2 andLayer 3 switching

Describe the frame rewrite process


Inter-VLAN Routing Using an External Router

Describing Inter-VLAN Routing Using External Router Configuration Commands

Configuring Inter-VLAN Routing Using an External Router

Explaining Multilayer Switching

Frame Rewrite

Quiz 4-1: Describing Routing Between VLANs




Lesson 2: Enabling Routing Between VLANs on a Multilayer Switch

When multiple VLANs are configured on a multilayer switch, routing between those VLANscan occur on the switch itself through the configuration of Layer 3 switch virtual interfaces(SVIs). SVIs are configured and verified using Layer 3 Cisco IOS commands to facilitate inter-VLAN routing on a multilayer switch. It is also possible to convert Layer 2 switch ports tooperate as Layer 3 interfaces.


Describe a Layer 3 SVI

Describe commands used to configure inter-VLAN routing on a multilayer switch throughan SVI

Explain the procedure to configure inter-VLAN routing on a multilayer switch

Describe a routed port on a multilayer switch

Describe commands used to configure a routed port on a multilayer switch

Explain the procedure to configure routed ports on a multilayer switch


Describing Layer 3 SVI

Describing Configuration Commands for Inter-VLAN Communication on a MultilayerSwitch

Configuring Inter-VLAN Routing on a Multilayer Switch

Describing Configuration Commands for Routed Ports on a Multilayer Switch

Describing Routed Ports on a Multilayer Switch

Configuring Routed Ports on a Multilayer Switch

Lesson 3: Deploying CEF-Based Multilayer Switching

Layer 3 switching provides a wire-speed mechanism by which to route packets betweenVLANs using tables that store Layer 2 and Layer 3 forwarding information in hardware. CiscoExpress Forwarding (CEF) is the most efficient means of providing Layer 3 switching on amultilayer switch. CEF uses a very specific process to build forwarding tables in hardware andthen uses that table information to forward packets at line speed.


Explain Layer 3 switch processing

Explain a CEF-based multilayer switch

Describe the process that a multilayer switch uses to forward packets

Describe the commands used to configure CEF on Cisco Catalyst multilayer switches

Explain the procedure to enable CEF-based MLS

Describe common problems that can occur with CEF and solutions

Describe the commands used to troubleshoot CEF on multilayer switches

Explain the procedure to troubleshoot problems with CEF-based MLS





Explaining Layer 3 Switch Processing

Explaining CEF-Based Multilayer Switches

Identifying the Multilayer Switch Packet Forwarding Process

Describing CEF Configuration Commands

Enabling CEF-Based MLS

Describing Common CEF Problems and Solutions

Describing CEF Troubleshooting Commands

Troubleshooting Layer 3 CEF-Based MLS






Module 5: Implementing High Availability in a Campus Environment

A network with high availability provides alternative means by which all infrastructure pathsand key servers can be accessed at all times. The Hot Standby Router Protocol (HSRP) is oneof those software features that can be configured to provide Layer 3 redundancy to network

hosts. HSRP optimization provides immediate or link-specific failover as well as a recoverymechanism. Virtual Router Redundancy Protocol (VRRP) and Gateway Load BalancingProtocol (GLBP) are derivatives of HSRP, providing additional Layer 3 redundancy features,such as load balancing.

Lesson 1: Configuring Layer 3 Redundancy with HSRP

Businesses and consumers that rely on intranet and Internet services for their mission-criticalcommunications require and expect their networks and applications to be continuouslyavailable to them.

Customers can satisfy their demands for near-100 percent network uptime if they leverage theHSRP in Cisco IOS software. HSRP provides network redundancy for IP networks in a mannerthat ensures that user traffic immediately and transparently recovers from first-hop failures innetwork edge devices or access circuits.

However, routing issues exist as we examine various means of providing redundancy for thedefault gateway of each segment. Because of this, HSRP has very specific attributes thatwarrant further description, as does a delineation of HSRP operations on the network. HSRPinterfaces transition through a series of states as they find their role in the capacity of active orstandby HSRP router.


Describe routing issues that occur when using default gateways and proxy ARP

Describe how router device redundancy works

Describe HSRP

Describe how HSRP operates to provide a nonstop path redundancy for IP

Describe the six HSRP states and their functions

Describe the commands used to configure HSRP

Explain the procedure to enable HSRP

The lesson includes these topics

Describing Routing Issues

Identifying the Router Redundancy Process

Describing HSRP

Identifying HSRP Operations

Describing HSRP States

Describing HSRP Configuration Commands

Enabling HSRP




Lesson 2: Optimizing HSRP

HSRP has options that allow it to be configured to define the order in which the active andstandby router are selected for expedited failover, for recovery from failover, and to specifywhich interface is to be monitored for HSRP failover. Specific commands are used to optimizeand tune HSRP operations for greatest failover resiliency. There is also a set of commands for

verifying and debugging HSRP general and optimized operations.


Describe the options that can be configured to optimize HSRP

Explain the procedure to determine which HSRP operations require tuning in theirnetworks

Describe how a single router can be a member of multiple HSRP-standby groups tofacilitate load sharing

Describe the commands used to debug HSRP operations

Explain the procedure to debug HSRP operations


Describing HSRP Optimization Options

Tuning HSRP Operations

Describing Load Sharing

Describing HSRP Debug Commands

Debugging HSRP Operations


Lesson 3: Configuring Layer 3 Redundancy with VRRP and GLBP

As the name would imply, Virtual Router Redundancy Protocol (VRRP) provides routerinterface failover in a manner similar to HSRP but with added features and IEEE compatibility.The process by which VRRP operates is defined in this lesson. The Gateway Load BalancingProtocol (GLBP) and its operations will be defined and differentiated from both HSRP andVRRP. Specific commands are used to implement and to verify VRRP and GLBP.


Describe VRRP Describe how VRRP supports transitions from a master to a backup router

Describe the commands used to configure VRRP and GLBP Describe GLBP Describe how GLBP provides balanced traffic on a per-host basis, using a round-robin

scheme


Describing VRRP Identifying the VRRP Operations Process Configuring VRRP Describing the GLBP Identifying the GLBP Operations Process




Module 6: Wireless LANs

This module introduces wireless LANs (WLANs). WLAN is an access technology that has anincreasing significance for network access in offices, factories, hotels, airports, and at home.This module explains the differences between wired and wireless LANs, describes WLAN

topologies, and teaches the learner how to implement Cisco WLAN solutions.

Lesson 1: Introducing WLANs

This lesson introduces WLANs. WLAN is an access technology that has an increasingsignificance for network access in offices, factories, hotels, airports, and at home. Uponcompleting this lesson, the learner will be able to meet these objectives:

Describe the different wireless data technologies that are currently available

Describe WLANs

Distinguish WLANs from other wireless data networks

Describe similarities and differences between WLANs and wired LANs


Wireless Data Technologies

Wireless LANs

WLANs and Other Wireless Technologies

WLANS and LANs

Lesson 2: Describing WLAN Topologies

This lesson explains different WLAN topologies. WLAN topologies refer to the placement and

application of WLANs. Upon completing this lesson, the learner will be able to meet theseobjectives:

Describe types of WLAN topologies

Describe WLAN access topologies

Explain roaming between wireless cells

Describe WLAN support for VLANs and QoS

Describe wireless mesh networking


WLAN Topologies Typical WLAN Topologies

Roaming Through Wireless Cells

Wireless VLAN Support

Wireless Mesh Networking




Lesson 3: Explaining WLAN Technology and Standards

This lesson explains WLAN technology and the WLAN standards. This knowledge isimportant for the design, configuration, operation, and troubleshooting of WLANs. Uponcompleting this lesson, the learner will be able to meet these objectives:

Describe the WLAN frequency bands and RF transmission Describe WLAN regulations, standards, and certification bodies

Describe the IEEE 802.11b standard

Describe the IEEE 802.11a standard

Describe the IEEE 802.11g standard

Compare the 802.11b, 802.11g, and 802.11a standards for data rates, throughput, andcoverage

Identify best practices for WLAN office design

Explain the need for WLAN security and describe the available WLAN security solutions


Unlicensed Frequency Bands

WLAN Regulation and Standardization

IEEE 802.11b Standard

IEEE 802.11a Standard

IEEE 802.11g Standard

802.11 Comparison

General Office WLAN Design WLAN Security



Lesson 4: Configuring Cisco WLAN Clients

This lesson describes the Cisco 802.11a/b/g WLAN client and utilities to configure the clientadapter. Upon completing this lesson, the learner will be able to meet these objectives:

Install the Cisco WLAN client adapter and the Cisco ADU Use the Cisco ADU to configure the Cisco 802.11a/b/g WLAN client adapter

Use the Cisco ADU for diagnostics and troubleshooting of the WLAN client adapters

Use the Cisco Aironet Site Survey Utility to get information about available WLANs

Describe the WLAN configuration through Windows XP

Describe the Cisco ACAU

Describe the Cisco Wireless IP Phone

Describe the features and benefits of the Cisco Compatible Extensions program





Cisco 802.11a/b/g WLAN Client Adapters

Cisco ADU Installation

ADU Diagnostics: Advanced Statistics

Cisco Aironet Site Survey Utility: Associated AP Status

Windows XP WLAN Configuration

Cisco Aironet Client Administration Utility

Cisco Wireless IP Phone

Cisco Compatible Extensions Program for WLAN Client Devices

Lesson 5: Implementing WLANs

This lesson describes WLAN implementations. Both autonomous and lightweight WLANsolutions are described. Other topics include PoE (Power over Ethernet) and WLAN antennas.

Upon completing this lesson, the learner will be able to meet these objectives: Describe the implementation of the Cisco autonomous and lightweight WLAN solution that

is part of the Cisco implementation of WLANs

Describe how LWAPP is used in the Cisco lightweight WLAN implementation

Describe the components of the Cisco WLAN implementations

Describe Cisco Unified Wireless Networks

Describe Cisco Aironet access points and bridges

Describe PoE for access points and IP phones

Identify the types of antennas to use in WLAN environments

Explain multipath distortion

Describe the decibel calculation

Explain the established EIRP guidelines


Cisco WLAN Implementation

Lightweight Access Point Protocol

Describing WLAN Components

Cisco Unified Wireless Network Cisco Aironet Access Points and Bridges

Power over Ethernet

Explaining WLAN Antennas

Multipath Distortion

Definition of Decibel

Effective Isotropic Radiated Power




Lesson 6: Configuring WLANs

Upon completing this lesson, the learner will be able to configure autonomous and lightweightCisco WLAN solutions.


List the different methods that can be used to configure autonomous access points

Describe the role performed by autonomous access points and bridges in a radio network

Describe how to configure an autonomous access point

Describe how to configure a WLAN controller

Describe how to perform the initial configuration of WLAN controllers via the commandline and web browser

Describe how to configure WLAN controllers via the web browser


Autonomous Access Point Configuration

Role of Autonomous Access Points in a Radio Network

Autonomous Access Point Configuration via the Web Browser

Lightweight WLAN Controller Configuration

Cisco WLAN Controller Boot Menu

Web Wizard Initial Configuration



Lab 6-3: Configuring the Controller via the Web Browser

Lab 6-4: Configuring a Wireless Client (Optional)




Module 7: Configuring Campus Switches to Support Voice

When migrating to a VoIP network, all network requirements, including power and capacity planning, must be examined. In addition, congestion avoidance techniques should beimplemented. This module will highlight the basic issues and define initial steps to take to

ensure that the VoIP implementation works correctly.

Lesson 1: Planning for Implementation of Voice in a Campus Network

IP telephony services are often provided over the campus infrastructure. To have data and voiceapplication traffic harmoniously coexist, mechanisms must be set in place to differentiate trafficand to offer priority processing to delay sensitive voice traffic. Quality of service (QoS)

policies mark and qualify traffic as it traverses the campus switch blocks. Specific VLANs keepvoice traffic separate from other data to ensure that it is carried through the network withspecial handling and with minimal delay. Specific design and implementation considerationsshould be made at all campus switches supporting VoIP.


Explain why an organization would want to run VoIP on the network

Describe the main components of a VoIP network, including IP-enabled PBX, user end-devices, gateways and gatekeepers, and the IP network

Compare the uniform bandwidth consumption of voice traffic to the intermittent bandwidthconsumption of data traffic

Describe a VoIP call flow through a network and where contention for bandwidth betweendata traffic and voice traffic will occur

Explain an auxiliary VLAN

Identify a solution for latency, jitter, bandwidth, packet loss, reliability, and security

Explain the importance of high availability in the campus network to support a VoIPimplementation, including such regulations as E911 that require 99.999 percent systemavailability for phones

Explain the need to add a UPS to wiring closets that do not already have them and to provision switches with inline power for IP phones


Explaining Converged Network Benefits

Describing VoIP Network Components

Explaining Traffic Characteristics of Voice and Data Describing VoIP Call Flow

Explaining Auxiliary VLANs

Describing QoS

Explaining the Importance of High Availability for VoIP

Explaining Power Requirements in Support of VoIP




Lesson 2: Accommodating Voice Traffic on Campus Switches

VoIP traffic and data will share the same infrastructure. To avoid congestion and subsequentintermittent VoIP communications, QoS must be configured as close to the end device as

possible. To accomplish this, QoS trust boundaries must be configured. Several options areavailable to accomplish this task. This module will provide a brief overview of those options.


Describe how QoS is applied for voice traffic in the campus module

Describe LAN-based classification and marking using a Layer 2 Cisco Catalyst workgroupswitch

Describe QoS trust boundaries and their significance in LAN-based classification andmarking

Explain the procedure to configure an access switch for the attachment of a Cisco IP Phone

Describe basic commands to be considered when voice traffic will traverse a switch

Explain the use of Cisco AutoQoS in Cisco Catalyst switches Describe the commands that enable Cisco AutoQoS on Cisco Catalyst switches


QoS and Voice Traffic in the Campus Model

LAN-Based Classification and Marking

Describing QoS Trust Boundaries

Configuring a Switch for Attachment of a Cisco IP Phone

Describing Basic Switch Commands to Support Attachment of a Cisco IP Phone

What Is Cisco AutoQoS VoIP?

Configuring Cisco AutoQoS VoIP on a Cisco Catalyst Switch






Module 8: Minimizing Service Loss and Data Theft in a Campus Network

This module defines the potential vulnerabilities within a network related to VLANs. After thevulnerabilities are identified, solutions for each vulnerability are discussed, and configurationcommands are defined. The module also discusses port security for denial of MAC spoofing,

MAC flooding, and using PVLANs and VACLs to control VLAN traffic. VLAN hopping,DHCP spoofing, ARP spoofing, and STP attacks are also explained. The learner will also learnabout potential problems, resulting solutions, the method to secure the switch access with useof vty ACLs, and implementing SSH for secure Telnet access.

Lesson 1: Understanding Switch Security Issues

Basic security measures should be taken to guard against a host of attacks that can be launchedat a switch and its ports. Specific measures can be taken to guard against MAC flooding, whichis a common Layer 2 malicious activity.


Describe switch and Layer 2 security as a subset of an overall network security plan Describe how a rogue device gains unauthorized access to a network

Categorize switch attack types and list mitigation options

Describe how a MAC flooding attack works to overflow a CAM Campus Backbone Layertable

Describe how port security is used to block input from devices based upon Layer 2restrictions

Describe the procedure to configure port security on a switch

Explain the sticky MAC option with port security

Describe security in a multilayer switched network

Describe the methods that can be used for authentication using AAA

Describe port-based authentication using 802.1x


Overview of Switch Security Concerns

Describing Unauthorized Access by Rogue Devices

Switch Attack Categories

Describing a MAC Flooding Attack

Describing Port Security

Configuring Port Security on a Switch

Port Security with Sticky MAC Addresses

Authentication, Authorization, and Accounting

Authentication and Authorization Methods

802.1x Port-Based Authentication




Lesson 2: Protecting Against VLAN Attacks

On networks using trunking protocols, there is a possibility of rogue traffic “hopping” from oneVLAN to another, thereby creating security vulnerabilities. These VLAN hopping attacks are

best mitigated by close control of trunk links.

Private VLANs (PVLANs) can be configured to establish security regions within a singleVLAN without subnetting, and VLAN access control lists (VACLs) can be used to filter trafficwithin a VLAN.


Describe how VLAN hopping occurs and why it is a security vulnerability

Explain the procedure to configure a switch to mitigate VLAN hopping attacks

Describe VACLs and their purpose as part of VLAN security

Explain the procedure to configure VACLs

Explain the purpose of a PVLAN

Explain the procedure to configure PVLANs as a means of network security


Explaining VLAN Hopping

Mitigating VLAN Hopping

VLAN Access Control Lists

Configuring VACLs

Explaining PVLANs

Configuring PVLANs

Lesson 3: Protecting Against Spoof Attacks

DHCP, MAC, and Address Resolution Protocol (ARP) spoofing are all methods used to gainunauthorized access to a network or to redirect traffic for malicious purposes. DHCP snooping,

port security, and dynamic ARP inspection (DAI) can be configured to guard against thesethreats.


Describe what happens in a network during a DHCP spoof attack

Describe how the DHCP snooping feature provides security by filtering trusted DHCPmessages and then using these messages to build and maintain a DHCP snooping bindingtable

Explain the procedure to configure DHCP snooping and IP Source Guard

Describe what happens in a network during an attack using ARP spoofing

Describe how DAI determines the validity of an ARP packet based on the valid MACaddress to IP address bindings stored in a DHCP snooping database

Describe the commands that can be used to configure DAI

Explain the procedure to protect a network from ARP spoofing attacks





Describing a DHCP Spoof Attack

Describing DHCP Snooping

Configuring DHCP Snooping

Describing ARP Spoofing

Describing DAI

Describing Commands to Configure DAI

Protecting Against ARP Spoofing Attacks

Lesson 4: Describing STP Security Mechanisms

After STP operations are stable in a switched network, the administrator may want to guardagainst rogue switches being attached to the network because these switches may take on therole of the root or backup root bridge. Bridge protocol data unit (BPDU) guard, BPDU filtering,

and root guard are features that attempt to contain the points at which switches and root bridgescan be attached to the network.


Describe the methods that are available to protect the operation of STP

Describe the commands to configure BPDU guard

Describe the commands to configure BPDU filtering

Describe how root guard is used to improve the stability of Layer 2 networks

Describe the commands used to configure root guard


Protecting the Operation of STP

Describing BPDU Guard Configuration

Describing BPDU Filtering Configuration

Describing Root Guard

Describing Root Guard Configuration Commands

Lesson 5: Preventing STP Forwarding Loops

Spanning tree operations can be severely disrupted by links that pass traffic in one direction andnot in the other direction. The Cisco Catalyst platform provides features to guard against thiscondition. Unidirectional Link Detection (UDLD) and loop guard protect the network fromanomalous conditions that result from unidirectional link conditions.


Describe how UDLD is used to detect and shut down unidirectional links

Describe how loop guard is used to protect against Layer 2 forwarding loops

Describe the commands used to configure UDLD and loop guard

Compare the features of loop guard and UDLD as they protect against unidirectional links





Describing UDLD

Describing Loop Guard

Configuring UDLD and Loop Guard

Preventing STP Failures Caused by Unidirectional Links

Lesson 6: Securing Network Switches

The devices on any network must be secured. A number of vulnerabilities can be reduced bysetting passwords on physical and virtual ports, disabling unneeded services, forcing theencryption of sessions, and enabling logging at the device level.


Describe how CDP can be used for an attack against a network

Describe the security vulnerabilities in the Telnet option

Describe security vulnerabilities in the SSH

Describe vty ACLs

Describe the commands used to apply ACLs to vtys

Describe general security considerations that should be applied in any switched network


Describing Vulnerabilities in the CDP

Describing Vulnerabilities in the Telnet Protocol

Describing Vulnerabilities in the SSH Describing vty ACLs

Describing Commands to Apply ACLs to vty

Best Practices: Switch Security Considerations


Case Study 8-1: Applying Security Practices to Secure Devices in the Campus

Case Study 8-2: Using Security Tools to Secure Devices in the Campus





Course EvaluationsCisco uses a post-course evaluation system, Metrics That Matter (MTM), for its instructor-ledcourses. The instructor must ensure that each learner is aware of the confidential evaluation

process and that all learners submit an evaluation for each course. There are two options forlearners to complete the evaluation.

For Classes with Internet Access

A URL will be made available, specific to each Cisco Learning Partner. Obtain the URL fromyour MTM system administrator before the last day of class.

1. Upon completion of the course, instruct the learners to enter the URL into the browser.

2. Make sure that the learners enter their e-mail addresses (used only for a follow-upevaluation).

Note Sixty days following a learning event, learners will receive a brief follow-up evaluation, and,again, responses will be kept confidential. E-mail addresses will not be used for marketingpurposes. (If learners do not have e-mail addresses, they may type in a “dummy” address.)

3. Instruct the learners to select the appropriate course from the drop-down list.

4. Instruct the learners to complete the course evaluation and click Submit one time only.

5. Advise the learners to wait for “Thank you” to appear on the screen before leaving.

For Classes Without Internet Access

A paper-based version of the post-course evaluation is available. Your MTM systemadministrator can provide you with copies.

1. Distribute paper-based evaluations at the beginning of the last day of class.

2. Instruct the learners to complete the survey only after completing the course.

3. Collect the evaluations and submit them to your MTM system administrator.

To View Evaluation Results

To view your post-course evaluation results:

1. Go to www.metricsthatmatter.com/client . (Reminder: All data is confidential; you will see

only your own data.)2. Log in using your ID and the password sent to you from MTM or provided by the MTM

system administrator at your company, to ensure confidentiality.

3. Choose Menu Option > Learner Evaluation Reports :

— Evaluation Retrieval Tool

— Class Evaluation Summary Report

4. Search for and choose the appropriate class.




Lab Setup

OverviewThe purpose of the Lab Setup section is to assist in the setup and configuration of the trainingequipment for the course Building Cisco Multilayer Switched Networks (BCMSN) v3.0. Thissection includes these topics:

Lab Topology

Hardware and Software Requirements

Workstation Configuration

Lab Equipment Configuration

General Lab Setup

Lab 1-2: Getting Started with Cisco Catalyst Equipment Lab 2-1: Configuring VLANs and VTP



Lab 3-3: Implementing MSTP

Lab 3-4: Configuring EtherChannel

Lab 3-5: Troubleshooting Spanning Tree





Lab 6-3: Configuring the Controller via the Web Browser

Lab 6-4: Configuring a Wireless Client (Optional)



Configuration Files Summary

Lab Activity Solutions

Teardown and Restoration

Preparation for Non-Lab Activities




Lab TopologyThis topic describes the lab topology for Building Cisco Multilayer Switched Networks (BCMSN) v3.0.

© 2006 Cisco Systems, Inc. All rights reserved. BCMSN v3.0—1

Visual Objective

Each pod is created and configured independently of any other pod in the topology. Withineach lab, learners are responsible for only their pod equipment. A pod is a grouping of switchesand routers composed of client devices, access switches, distribution switches, and access to thecore. The learner is not responsible for the core equipment.

Device Name

DeviceNameAbbreviation

AssignedPod

AdditionalInformation

PC – 1 XPC1 X-POD “X” – Pod ID

PC – 2 XPC2 X-POD “X” – Pod ID

Access Sw 1 XASW1 X-POD “X” – Pod ID

Access Sw 2 XASW2 X-POD “X” – Pod ID

Distribution 1 XDSW1 X-POD “X” – Pod ID

Distribution 2 XDSW2 X-POD “X” – Pod ID




Hardware and Software RequirementsThese tables list the recommended equipment to support the lab activities.




Hardware Equipment List

Numberof Units

Cisco Part Number Product Description

Building Access Submodule Equipment

2 WS-C2950G-12-EI Cisco Catalyst 2950 with the following options:

Twelve 10/100 Fast Ethernet ports with two GigabitInterface Converter (GBIC) slots

IOS Enhanced Image

2 CAB-AC 110 V power cord (for Catalyst 2950)

Wireless LAN Equipment

4 AIR-AP1020-x-K9

Or

AIR-LAP1242AG-x-K9

Cisco Series Lightweight AP with external antennas

Replace “x” with country code

8 AIR-ANT4941 2.4 GHz,2.2 dBi Dipole Antenna (two per AP for externalantennas)

4 or 8 AIR-ANT5135D-R 5GHz 3.5dBi Dipole Antenna (one per AP 1020, or elsetwo per AP LAP1242AG)

12 or 16 Attenuators Suggested Option

(12 attenuators if AP1020 which has two 2.4 GHz + one 5GHz antennas, else 16 if AP LAP1242AG which has two2.4 + two 5 GHz atennas)

Approximately 10 to 40 dBi attenuators to reduce RFpower on external antennas. Needed when APs are in veryclose proximity (same rack). The exact amount ofattenuation will depend on AP surrounding environmentand APs proximity to each other.

Country power regulation will vary the specific type ofattenuators.

Example vendor: www.terrawaveonline.com

1 RF Cage/Rack Optional

Cage or rack for RF containment and isolation from otherproduction environment APs

Example vendor: www.equiptoelec.com

4 Clients Fixed client to associate to AP (Linksys USB print server

WPS54G has been tested and recommended)

4 AIR-PWR-1000 Cisco PoE power supply for AP (not necessary if usingPoE Cat 3560 switch)

4 AIR-WLC2006-K9 Cisco 2000 Series WLAN Controller

6 AIR-CB21AG-A-K9 Wireless client with a/b/g radio for laptop with cardbus slot

Building Distribution Submodule Equipment

2 WS-C3750G-24T-S Cisco Catalyst 3750 with the following options:

Twenty-four 10/100/1000 Ethernet ports and four SFP

ports




Numberof Units


IOS enhanced image, required to support EIGRProuting


Campus Backbone Submodule Equipment

2 WS-C4503-S2+48 Catalyst 4503 with the following option:



Additional Equipment

Software List

Cisco IOS Software Versions

Platform Cisco IOS Image Name Comment

Access Switches

WS-C2950G-12-EI c2950-i6q4l2-mz.121-22.EA1.bin Cisco Catalyst 2950

Distribution Switches

WS-C3750G-24T-S c3750-advipservicesk9-tar.122-25.SED.tar Cisco Catalyst 3750

Backbone Switches

WS-C4503-S2+48 cat4000-i9k91s-mz.122-25.EWA5.bin Cisco Catalyst 4503

PC Router

CISCO1721 c1700-sy-mz.121-17 If available for reuse

Term server Router

CISCO3640 c3640-ik8s-mz.122-11 If available for reuse

CISCO2811 c2800nm-ipbase-mz.124-4.T.bin Replaces 3640 for new labs




Lab Equipment ConfigurationThis equipment configuration information is necessary for initial setup of the lab configuration.

BCMSN v3.0 Updated Equipment ListThis table lists the recommended equipment to support the laboratory activities.




Laboratory Equipment List

Numberof Units


Building Access Submodule Equipment

8 WS-C2950G-12-EI Cisco Catalyst 2950 with the following options:

Twelve 10/100 Fast Ethernet ports with twoGigabit Interface Converter (GBIC) slots

IOS Enhanced Image

8 CAB-AC 110 V power cord (for Cisco Catalyst 2950)

Building Distribution Submodule Equipment: Order Through May 2, 2006

4 WS-C3550-12T Cisco Catalyst 3550 with the following options:

Twelve 10/100/1000 Ethernet ports and twoGBIC ports

IOS enhanced image, required to supportEnhanced Interior Gateway Routing Protocol(EIGRP) routing


OR

as 3550 Will be End of Sale After May 2 , 2006

4 WS-C3560G-24TS-E Cisco Catalyst 3560 with the following options:

Twenty-four 10/100/1000 Ethernet ports and fourSFP ports



Campus Backbone Submodule Equipment

2 WS-C3560G-24TS-E Cisco Catalyst 3560 with the following options:

Twenty-four 10/100/1000 Ethernet ports and fourSFP ports



Wireless Lab Equipment

1 WS-C3560-24PS-E Cisco Catalyst 3560 with the following options:

Twenty-four 10/100 Ethernet ports with Powerover Ethernet (PoE) and four SFP ports



4 AIR-WLC2006-K9 Wireless LAN Controller

4 CAB-AC 110 V power cord (for WLC2006)

4 AIR-LAP1242AG-x-K9 Lightweight access point with external antennas




Numberof Units


(recommended)

The console port of this access point can beconnected to the terminal server (optional)

Power over Ethernet required for lab

Replace “x” with country code (e.g., A for US, E forEurope)

4 AIR-AP1020-x-K9 Alternative lightweight access point with internalantennas (used by default) and external antennas

Replace “x” with country code (e.g., A for US, E forEurope)

8 AIR-ANT4941 Two 2.4 GHz dipole antennas per access point

4 (8) AIR-ANT5135D-R One or two 5 GHz dipole antennas per access point

(one per AP 1020, else two per AP LAP1242AG)

4 Wireless Client The selected device depends on the implementationof the lab. Optional, but strongly suggested to providea client to verify configuration via ping

The following devices have been tested as wirelessclients:

• Cisco AIR-CB21AG-x-K9 client adapter

• Linksys WUSB11 or WUSB54G USB clientadapter

• Linksys WPS54G USB print server(recommend as the simplified fixed clientsolution)

12 or 16 Attenuators Suggested option

(12 attenuators if AP1020, which has two 2.4 GHzplus one 5 GHz antennas, or else 16 if APLAP1242AG, which has two 2.4 plus two 5 GHzantennas)

Approximately 10 to 40 dBi attenuators to reduce RFpower on external antennas. Needed when APs are invery close proximity (same rack). The exact amount ofattenuation will depend on AP surroundingenvironment and APs proximity to each other.

Country power regulation will vary the specific type ofattenuators.

Example vendor: www.terrawaveonline.com

1 RF Cage/Rack Optional

Cage or rack for RF containment and isolation fromother production environment APs

Example vendor: www.equiptoelec.com

Additional Equipment

1 CISCO2811(or equivalent system)

Cisco router security bundle 2811 with AC power,2FE, 4HWICs, 2PVDMs, 1NME, 2AIMS, IP BASE, 64Flash/256DRAM (Could use anothermodel/combination as long as it supports NM-32A for






Cisco IOS Software Versions

Platform IOS Image Name Comment

Access Switches

WS-C2950G-12-EI c2950-i6q4l2-mz.121-22.EA1.bin Cisco Catalyst 2950

Distribution Switches

WS-C3550-12T-E c3550-i5q3l2-mz.121-22.EA2.bin Cisco Catalyst 3550

WS-C3560G-24TS-E c3560-ipservices-tar.122.SEB.tar For Cisco Catalyst 3550 starting onMay 3, 2006

Backbone Switches

WS-X4014 cat4000-i5s-mz.122-25.EW.bin Cisco Catalyst 4000 with SupervisorIII

WS-C3560G-24TS-E c3560-ipservices-tar.122.SEB.tar For Cisco Catalyst 4000 starting onJuly 26, 2004

PC Router

CISCO1721 c1700-sy-mz.121-17

CISCOSOHO91-K9-64

soho91-k9oy6-mz.124-1.bin Replaces 1721 for new labs

Term server Router

CISCO3640 c3640-ik8s-mz.122-11

CISCO2811 Cisco IOS 12.3 IP Plus software Replaces 3640 for new labs

Wireless Lab

WS-3560-24PS-E c3560-advipservicesk9-tar.122-25.SEE.tar

AIR-WLC2006-K9 AIR-WLC2006-K9-3-2-116-21.aes

General Lab SetupThis information details the procedure to set up and configure the lab equipment. Follow thesesteps carefully:

Step 1 Install Cisco IOS software on the access switches if necessary.

Step 2 Install Cisco IOS software on the distribution switches if necessary.

Step 3 Install Cisco IOS software on the backbone switches if necessary.

Step 4 Install Cisco IOS software on the Cisco PC routers if necessary.

Step 5 Install Cisco IOS software on the Cisco terminal server router if necessary.

Step 6 Copy the appropriate base configuration file into NVRAM on each of the switchesand PC routers. The files are as follows:

asw-wiped-config.txt for the Building Access switches

dsw-wiped-config.txt for the Building Distribution switches




bbsw-wiped-config.txt for the Campus Backbone switches

PC xy-base.txt for the PC routers, where x is the building number and y is thefloor number

Step 7 Copy the configuration files needed for the laboratory activities of Module 5 into NVRAM on the Campus Backbone switches:

bbsw1-lab5a-paste.txt and bbsw1-lab5b-paste.txt onto Campus Backboneswitch 1

bbsw2-lab5a-paste.txt and bbsw2-lab5b-paste.txt onto Campus Backboneswitch 2

Step 8 Configure the Cisco Router Terminal Server. The file BCMSN-3-0-Terminal-Server-Configuration.txt contains a terminal server configuration that you can use asthe basis for your configuration. The first laboratory activity instructs the learners toaccess the terminal server menu, so be certain that your menu configuration matchesthe activity or that appropriate instructions are provided to the learners. The

provided terminal server configuration requires the following wiring connections:

Aysnc 01 ==> ASW21Aysnc 02 ==> ASW22Aysnc 03 ==> ASW23Aysnc 04 ==> ASW24Aysnc 05 ==> DSW121Aysnc 06 ==> DSW122Aysnc 07 ==> BBSW2Aysnc 08 ==> ASW11Aysnc 09 ==> ASW12Aysnc 10 ==> ASW13Aysnc 11 ==> ASW14Aysnc 12 ==> DSW111

Aysnc 13 ==> DSW112Aysnc 14 ==> BBSW1Aysnc 15 ==> Power1 (optional)Aysnc 16 ==> Power2 (optional)Aysnc 25 ==> PC-Router11Aysnc 26 ==> PC-Router12Aysnc 27 ==> PC-Router13Aysnc 28 ==> PC-Router14Aysnc 29 ==> PC-Router21Aysnc 30 ==> PC-Router22Aysnc 31 ==> PC-Router23Aysnc 32 ==> PC-Router24

Step 9 Configure a TACACS-TFTP-FTP server running on either Windows NT server or

Windows 2000 server. Follow these steps: Start installing Cisco Secure 2.4 on the server, following the instructions

provided with the software.

When prompted for the authentication database, click the Check theCiscoSecure ACS database only radio button.

When prompted for access server details, specify authentication withTACACS+, and then provide the name and IP address of the first access switch.Use cisco as the key.

Do not select any advanced options, and make sure that login monitoring isenabled.




Follow the instructions to complete the installation.

Start Cisco Secure Access Control Server to begin configuration.

Use Group Setup to rename Group 1 to myway .

Use User Setup to add the user tacacstest to the group myway with the

password letmein .Use Network Configuration and the Add Entry button to configure each of the access switchesfor TACACS authentication, entering the name, IP address, and TACACS key for each.

WLANs LabStep 1 Install Cisco IOS software on the WLAN lab switch if necessary.

Step 2 Copy the appropriate base configuration file into NVRAM on each of the switchesand PC routers. The files are as follows:

WSW1-initial-config.txt for the WLAN lab switch

Step 3 Configure the Cisco Router Terminal Server. The file BCMSN-3-0-Terminal-Server-Configuration.txt contains a terminal server configuration that you can use asthe basis for your configuration. The first lab activity instructs the learners to accessthe terminal server menu, so be certain that your menu configuration matches theactivity or that appropriate instructions are provided to the learners. The providedterminal server configuration requires the following wiring connections:

Aysnc 01 ==> WSW1Aysnc 02 ==> 1WLC1Aysnc 03 ==> 1WLC2Aysnc 04 ==> 2WLC1Aysnc 05 ==> 2WLC2Aysnc 06 ==> 3WLC1Aysnc 07 ==> 3WLC2Aysnc 08 ==> 4WLC1Aysnc 09 ==> 4WLC2




Lab 1-2: Getting Started with Cisco CatalystEquipment

This topic details the lab activity for Lab 1-2.

ObjectivesYou will complete these tasks in this lab:

Run Telnet to connect to the remote lab

Access and use the class menu to verify connectivity to the remote lab terminal server

Establish a connection to the access and distribution switches and verify connectivity

Verify the initial switch configuration and connectivity between the switches

Visual ObjectiveThe figure displays the lab topology that you will use to complete this lab.

©2006 Cisco Systems, Inc. All rights reserved. BCMSN v3.0—1

Visual Objective




SetupThe table describes how to set up lab configurations with equipment for this lab.

Device

Configuration

File to Install Configuration Instructions

PC router Default Default blank configuration

Access switch Default Default blank configuration

Distribution switch Default Default blank configuration

Additional Setup NotesEnsure that learners successfully prepare their lab equipment and successfully complete this lab

because it will enable successful completion of subsequent labs.

Common IssuesThis subtopic presents common issues for this lab.

Unsuccessful Completion of Lab: Ensure that each learner successfully completes this lab because it is required for the proper completion of the next lab.




Lab 2-1: Configuring VLANs and VTPThis topic details the lab activity for Lab 2-1.


Create a VTP management domain

Configure trunking

Configure VLANs

Verify the VTP and VLAN status

Associate VLANs with ports on your switch

Visual ObjectiveThe figure illustrates what you will accomplish in this activity.


Visual Objective





Device

Configuration


PC router Lab 2-1 start PC Sets router to beginning of lab configuration

Access switch Lab 2-1 start ASW Sets switch to beginning of lab configuration

Distribution switch Lab 2-1 start DSW Sets switch to beginning of lab configuration

Additional Setup NotesThis lab is dependent on proper overall configuration of the course lab and the consequentsuccessful completion of the previous lab exercise.






Lab 3-1: Configuring Primary and Backup RootBridges



Configure a new primary root bridge and a backup root bridge on each VLAN so that theloop-free topology uses the root bridge as a reference point

Use the show running-config , show spanning-tree detail , show spanning-tree root ,show spanning-tree vlan vlan-id bridge , and show spanning-tree vlan vlan-id rootcommands to confirm that the primary root bridge for the specific VLAN has moved to thenew primary root bridge

Verify that a backup root bridge exists

Visual ObjectiveThe figure illustrates what you will accomplish in this activity.


Visual Objective





Device

Configuration











Lab 3-2: Implementing PVRSTThis topic details the lab activity for Lab 3-2.


Configure PVRST in access and distribution switches

Ensure that PVRST is working through link failure testing



Visual Objective





Device

Configuration











Lab 3-3: Implementing MSTPThis topic details the lab activity for Lab 3-3.

ObjectivesYou will complete this task in this lab:

Configure MST on the Building Access and Building Distribution switches and verify theconfiguration



Visual Objective





Device

Configuration







Unsuccessful Completion of Lab: Ensure that each student successfully completes this lab because it is required for the proper completion of the next lab.




Lab 3-4: Configuring EtherChannelThis topic details the lab activity for Lab 3-4.

ObjectivesYou will complete this task in this lab:

Configure EtherChannel on the distribution switches so that the time for spanning tree toconverge after a network event is shortened, and available bandwidth is being betterutilized



Visual Objective





Device

Configuration











Lab 3-5: Troubleshooting Spanning TreeThis topic details the lab activity for Lab 3-5.


Troubleshoot trunks and VLANs in a multi-VLAN environment

Troubleshoot spanning-tree domains

Troubleshoot STP forwarding



Visual Objective





Device

Configuration








Ensure that the learner detects and solves each problem configured on the switches

Wrong VTP domain name

VLANs deleted




Lab 4-2: Routing Between VLANsThis topic details the lab activity for Lab 4-2.

Caution It is absolutely necessary that all of the previous multilayer switch steps have beensuccessfully configured and verified by the instructor before proceeding with this activity.


Configure a Building Distribution multilayer switch for routing

Configure VLAN interfaces for IP addresses with Layer 3 routing

Reconfigure the IP addresses in your network to enable inter-VLAN routing

Verify the Campus Backbone switch configuration for routing

Verify inter-VLAN Layer 3 routing

Disable routing and verify loss of Layer 3 connectivity



Visual Objective





Device

Configuration


PC router Lab4-2 start PC Sets router to beginning of lab configuration



Additional Setup NotesThis lab is dependent on proper overall configuration of the course lab and the consequentsuccessful completion of the previous lab exercise. The instructor should ensure that errorshave been introduced to each learner’s lab.






Lab 5-1: Enabling and Optimizing HSRPThis topic details the lab activity for Lab 5-1.

Activity ObjectiveYou will complete these tasks in this lab:

Configure HSRP on the router

Test HSRP on routers by simulating a failure

Test HSRP tuning enhancements using the preempt command

Troubleshoot HSRP on the routers

Visual Objective

The figure displays the topology that you will use to complete this lab.


Visual Objective






Lab 6-1: Configuring Switches for WLANsThis topic details the lab activity for Lab 6-1.


Configure VLANs on the switch

Configure DHCP on the switch

Prepare the switch for a WLAN controller and a lightweight access point

Visual ObjectiveThe figure displays the topology that you will use to complete this lab.


WLAN Lab






Lab 6-2: Setting Up the WLAN ControllerThis topic details the lab activity for Lab 6-2.


View the boot options screen and select the correct option to continue the system bootsequence

Answer questions presented by the startup wizard

Input basic configuration information when prompted by the startup wizard



WLAN Lab





Device

Configuration


Campus Backboneswitches

None None

Building Distributionswitches

None None

Building Access switches None None

Wireless lab switch None None



This lab initializes the WLAN controller for the next lab. Make sure that the IP addressesare configured correctly.

Ensure that each learner successfully completes this lab because it is required for the propercompletion of the next lab.

Sometimes the access point does not associate to the WLAN controller. This association is

required for the next lab and client connectivity for WLAN. The solution is to reboot theaccess point. Using Power over Ethernet, this can done by shutting down and thenre-enabling the switch port to which the access point is connected. The procedure isoutlined in the lab guide.




Lab 6-3: Configuring the Controller via the WebBrowser



Open the web browser and connect to the controller by entering the IP address of thecontroller

Establish a controller web session to your WLAN controller

Use the controller web to monitor the WLAN controller, log in and answer questions

Use the controller web to configure a WLAN

Use the controller web to configure connectivity to the WLAN controller Use the controller web to save configuration changes

Use the capabilities of the controller web to modify the default auto RF values

Use the controller web to check network connectivity



WLAN Lab





Device

Configuration



None None


None None



Additional Setup NotesThis lab is dependent on proper overall configuration of the course lab and the consequentsuccessful completion of the previous lab exercise. The instructor should ensure that errorshave been introduced to each learner’s lab.

Common IssuesThis subtopic presents a common issue for this lab.

This lab requires access via web browser to the WLAN controller.




Lab 6-4: Configuring Switches for WLANsThis topic details the lab activity for Lab 6-4.


Install the CB21AG client card

Configure the CB21AG client card



WLAN Lab





Device

Configuration



None None


None None



Additional Setup NotesThis lab is dependent on a WLAN in the classroom or remote access to a PC with a WLANclient adapter installed.

This lab is optional.

Common IssuesThere are no known issues for this lab.




Lab 7-1: Configuring IP Telephony SupportThis topic details the lab activity for Lab 7-1.


Configure access ports to carry voice traffic in 802.1Q frames

Configure CoS override for data frames on access switches

Configure voice traffic frames into the distribution layer

Configure CoS override for data frames on distribution switches

Visual Objective

The figure displays the lab topology that you will use to complete this lab.


Visual Objective






Lab 8-2: Applying Security ToolsThis topic details the lab activity for Lab 8-2.


Correctly identify security risks

Select the correct tools to minimize the identified risks

Configure devices to prevent attacks so that the potential risk for network serviceinterruption or data loss is reduced



Visual Objective





Device

Configuration











Configuration Files SummaryThis topic details the course configuration files, which provide information about the startingcondition of each lab.

Configuration Filename Comments

Core-BBS1 Core configuration for BBS1 Core router

Core-BBS2 Core configuration for BBS2 Core router




Teardown and RestorationThis topic describes how to tear down and restore the equipment that is used in the course.

If laptops are used for remote access, pack up the laptops and ensure that proper shipping isarranged for.



Documents

BCMSN30CAG