1 – Basic Concepts and Network Design
- Lesson 1: Analyzing Campus Network Structure
- Hierarchical Network Design
- Layers in the Hierarchical Model
- Building Cisco Enterprise Campus Architecture
- Access Layer
- Distribution Layer
- Core Layer
- Is a Core Layer Needed?
- Types of Cisco Switches
- Routed vs. Switched Campus Architecture
- Lesson 2: Comparing Layer 2 and Multilayer Switches
- Layer 2 Switch Operation
- Multilayer Switch Operation
- Frame Rewrite
- CAM and TCAM
- Distributed Hardware Forwarding
- Cisco Switching Methods
- Route Caching
- Topology-Based Switching
- Lesson 3: Using Cisco SDM Templates
- What Are SDM Templates?
- SDM Template Types
- Changing the SDM Template
- Choosing the Correct Template
- Lesson 4: Implementing LLDP
- LLDP Introduction
- Enabling LLDP
- Discovering Neighbors Using LLDP
- Lesson 5: Implementing PoE
- The Need for PoE
- PoE Components
- PoE Standards
- PoE Negotiation
- Configuring and Verifying PoE
2 – Campus Network Architecture
- Lesson 1: Implementing VLANs and Trunks
- The Native VLAN
- Switch Port Mode Interactions
- Deploying VLANs
- End-to-End vs. Local VLANs
- Voice VLAN Overview
- Voice VLAN Configuration
- Switch Configuration for Wireless Network Support
- Lesson 2: Introducing VTP
- The Role of VTP
- VTP Modes
- VTP Versions
- Default VTP Configuration
- Overwriting VTP Configuration
- VTP Configuration Recommendation
- Lesson 3: Implementing DHCP
- DHCP Overview
- DHCP Relay
- DHCP Options
- Lesson 4: Implementing DHCP for IPv6
- Stateless Autoconfiguration Overview
- DHCPv6 Overview
- DHCPv6 Operation
- Stateless DHCPv6 Overview
- DHCPv6 Relay Agent
- Lesson 5: Configuring Layer 2 Port Aggregation
- The Need for EtherChannel
- EtherChannel Mode Interactions
- Layer 2 EtherChannel Configuration Guidelines
- EtherChannel Load-Balancing Options
- EtherChannel Load-Balancing Operation
- EtherChannel Guard
3 – Spanning Tree Implementation
- Lesson 1: Implementing RSTP
- STP Overview
- STP Standards
- STP Operation
- Bridge Protocol Data Units
- Root Bridge Election
- Root Port Election
- Designated Port Election
- STP Port States
- Per VLAN Spanning Tree
- RSTP Port Roles
- Comparison of RSTP and STP Port States
- STP Topology Changes
- RSTP Topology Changes
- RSTP Link Types
- Lesson 2: Implementing STP Stability Mechanisms
- Cisco STP Toolkit
- UplinkFast
- BackboneFast
- PortFast
- Securing a PortFast Interface with BPDU guard
- Disabling STP with BPDU filter
- The Problem with Unidirectional Links
- Loop Guard Overview
- Loop Guard Configuration
- Loop Guard Verification
- UDLD Overview
- UDLD Configuration
- Comparing Loop Guard with UDLD
- UDLD Recommended Practices
- STP Stability Mechanism Recommendations
- Flex Links
- Lesson 3: Implementing MST
- Introducing MST
- MST Regions
- STP Instances with MST
- Extended System ID for MST
- Configuring MST Path Cost
- Configuring MST Port Priority
- MST Protocol Migration
- MST Recommended Practices
4 – Inter-VLAN Routing
- Lesson 1: Implementing Inter-VLAN Routing Using a Router
- Inter-VLAN Routing Using an External Router
- External Router: Advantages and Disadvantages
- Lesson 2: Configuring a Switch to Route
- Switch Virtual Interfaces
- Routed Switch Ports
- SVI autostate exclude Command
- SVI Configuration Checklist
- Layer 2 EtherChannel vs. Layer 3 EtherChannel
- Layer 3 EtherChannel Configuration
5 – High-Availability Networks
- Lesson 1: Configuring Network Time Protocol
- The Need for Accurate Time
- Configuring the System Clock Manually
- Network Time Protocol
- NTP Modes
- Securing NTP
- NTP Source Address
- NTP Versions
- NTP in an IPv6 Environment
- Simple Network Time Protocol
- SNTP Configuration
- Lesson 2: Implementing SNMP Version 3
- SNMP Overview
- SNMP Versions
- SNMP Recommendations
- SNMPv3 Configuration
- Verifying the SNMPv3 Configuration
- Lesson 3: Implementing the Cisco IOS IP SLA
- Cisco IOS IP SLA Introduction
- IP SLA Source and Responder
- IP SLA Operation with Responder
- IP SLA Responder Time Stamps
- Configuring Authentication for the IP SLA
- Configuration Example: UDP Jitter
- Lesson 4: Implementing Port Mirroring for Monitoring Support
- What Is SPAN?
- SPAN Terminology
- Remote SPAN
- Local SPAN Configuration
- Verifying the Local SPAN Configuration
- RSPAN Configuration
- Verifying the RSPAN Configuration
- Lesson 5: Verifying Switch Virtualization
- The Need for Logical Switching Architectures
- What Is StackWise?
- StackWise Benefits
- Verifying StackWise
- Redundant Switch Supervisors
- Supervisor Redundancy Modes
- What Is VSS?
- VSS Benefits
- Verifying VSS
6 – First Hop Redundancy Protocol Implementation
- Lesson 1: Configuring Layer 3 Redundancy with HSRP
- The Need for First-Hop Redundancy
- The Idea Behind the First-Hop Redundancy Process
- HSRP State Transition
- HSRP and STP
- Load Sharing with HSRP
- The Need for Interface Tracking with HSRP
- HSRP Interface Tracking
- HSRP and Object Tracking
- HSRP Authentication
- HSRP Timers
- HSRP Versions
- Lesson 2: Configuring Layer 3 Redundancy with VRRP
- About VRRP
- Tracking and VRRP
- VRRP Interface-Tracking Configuration
- Lesson 3: Configuring Layer 3 Redundancy with GLBP
- Introducing GLBP
- GLBP vs. HSRP
- GLBP States
- GLBP Load-Balancing Options
- GLBP Authentication
- GLBP and STP
- Tracking and GLBP
- Lesson 4: Configuring First Hop Redundancy Protocol for IPv6
- IPv6 Native First-Hop Redundancy
- Why FHRP in IPv6?
- HSRP for IPv6
- GLBP for IPv6
7 – Campus Network Security
- Lesson 1: Implementing Port Security
- Overview of Switch Security Issues
- Recommended Practices for Switch Security
- Unauthorized Access by Rogue Devices
- Switch Attack Categories
- MAC Flooding Attack
- Introducing Port Security
- Port Error Conditions
- Error-Disabled Port Automatic Recovery
- Port Access Lists
- Configure Port Access Lists
- Lesson 2: Implementing Storm Control
- Storm Control
- Configuring Storm Control
- Verifying Storm Control Behavior
- Lesson 3: Implementing Access to External Authentication
- AAA Framework Overview
- Benefits of AAA Usage
- Authentication Options
- RADIUS and TACACS+
- Enabling AAA and Configuring a Local User for Fallback
- Configuring RADIUS for Console and vty Access
- Configuring TACACS+ for Console and vty Access
- Configuring Authorization and Accounting
- Limitations of TACACS+ and RADIUS
- Identity-Based Networking
- IEEE 802.1X Port-Based Authentication
- IEEE 802.1X Configuration Checklist
- Lesson 4: Mitigating Spoofing Attacks
- DHCP Spoofing Attacks
- DHCP Snooping
- DHCP Snooping Configuration
- IP Source Guard
- IP Source Guard Configuration
- ARP Spoofing
- Dynamic ARP Inspection
- DAI Configuration
- Lesson 5: Securing VLAN Trunks
- Switch Spoofing
- Protecting Against Switch Spoofing
- VLAN Hopping
- Protecting Against VLAN Hopping
- VLAN Access Lists
- VACL Interaction with ACL and PACL
- Configuring VACLs
- Lesson 6: Configuring PVLANs
- The Need for PVLANs
- Introduction to PVLANs
- PVLAN Port Types
- PVLAN Configuration
- PVLAN Verification
- PVLANs Across Multiple Switches
- Protected Port Feature