- Page 3: Network Warrior
- Page 7 and 8: Table of Contents Preface . . . . .
- Page 9 and 10: 9. Routing and Routers . . . . . .
- Page 11 and 12: Nexus 7000 266 Nexus 5000 268 Nexus
- Page 13 and 14: Where to Apply Access Lists 417 Nam
- Page 15 and 16: Troubleshooting 567 Phone Registrat
- Page 17 and 18: NTP Server 696 39. Failures . . . .
- Page 19 and 20: Preface The examples used in this b
- Page 21 and 22: This book does not explain the OSI
- Page 23 and 24: Safari® Books Online Safari Books
- Page 25: I would like to thank Mike Loukides
- Page 28 and 29: name implies, local to something—
- Page 31 and 32: CHAPTER 2 Hubs and Switches Hubs In
- Page 33 and 34: As hubs became less expensive, extr
- Page 35 and 36: In large networks of this type, new
- Page 37 and 38: Layer-3 switch This is a switch wit
- Page 39 and 40: This information is also useful if
- Page 41 and 42: Flexibility The Cisco 6500 chassis
- Page 43 and 44: Depending on where you install your
- Page 45 and 46: CHAPTER 3 Autonegotiation When I ge
- Page 47 and 48: Because of the lack of widespread f
- Page 49 and 50: Autonegotiation Best Practices Usin
- Page 51 and 52: CHAPTER 4 VLANs Virtual LANs, or VL
- Page 53 and 54: Figure 4-3. Two switches connected
- Page 55 and 56:
With a Layer-3 switch, every port c
- Page 57 and 58:
1009 Voice Internal Vlan active 0 i
- Page 59 and 60:
1004 fddinet-default active 1005 tr
- Page 61 and 62:
Gi1/0/32, Gi1/0/33, Gi1/0/34 Gi1/0/
- Page 63 and 64:
CHAPTER 5 Trunking A trunk, using C
- Page 65 and 66:
ISL is capable of supporting only 1
- Page 67 and 68:
An interface running DTP sends fram
- Page 69 and 70:
none no VLANs remove remove VLANs f
- Page 71 and 72:
The command to view trunk status on
- Page 73:
NX-7K-1-Cozy(config-if)# switchport
- Page 76 and 77:
name Warehouse1 ! vlan 50 name Ware
- Page 78 and 79:
Every time a change is made on a VT
- Page 80 and 81:
Dangers of VTP VTP offers a lot of
- Page 82 and 83:
CatOS You can set or change the VTP
- Page 84 and 85:
3750-IOS(config)#vtp password MilkB
- Page 86 and 87:
3750-IOS(config-if)#switchport trun
- Page 89 and 90:
CHAPTER 7 Link Aggregation EtherCha
- Page 91 and 92:
Figure 7-2 shows how packets are di
- Page 93 and 94:
Another important point to remember
- Page 95 and 96:
set port name set port name set por
- Page 97 and 98:
no ip address switchport channel-gr
- Page 99 and 100:
0 lost carrier, 0 no carrier, 0 PAU
- Page 101 and 102:
These commands are great, but they
- Page 103 and 104:
established over the management int
- Page 105 and 106:
BPDUFilter, Edge BPDUGuard Disabled
- Page 107 and 108:
CHAPTER 8 Spanning Tree The Spannin
- Page 109 and 110:
3550-IOS#sho int f0/15 FastEthernet
- Page 111 and 112:
A quick look at the CPU utilization
- Page 113 and 114:
Figure 8-3. MAC address table incon
- Page 115 and 116:
The root ID is similarly composed o
- Page 117 and 118:
• The port receives and processes
- Page 119 and 120:
CatOS-6509: (enable)sho spantree VL
- Page 121 and 122:
VLAN0003 32771 000d.edc2.0000 19 2
- Page 123 and 124:
Cat-3550(config-if)#spanning-tree b
- Page 125 and 126:
BackboneFast When a switch receives
- Page 127 and 128:
Figure 8-8. Spanning tree half-dupl
- Page 129 and 130:
With the latest versions of IOS and
- Page 131 and 132:
CHAPTER 9 Routing and Routers Routi
- Page 133 and 134:
was learned. Thus, the same link ma
- Page 135 and 136:
e legitimate addresses within the 1
- Page 137 and 138:
First is the route code. In this ca
- Page 139 and 140:
The differentiation between superne
- Page 141 and 142:
Gateway of last resort is 10.0.0.1
- Page 143:
To make things easier, you can chan
- Page 146 and 147:
Communication Between Routers Route
- Page 148 and 149:
Figure 10-2. Two EIGRP processes on
- Page 150 and 151:
Figure 10-5. RIP uses hops to deter
- Page 152 and 153:
Figure 10-7. Competing routing prot
- Page 154 and 155:
Figure 10-8. Interconnected autonom
- Page 156 and 157:
Figure 10-9. RIP classful design pr
- Page 158 and 159:
E1/1. This can be accomplished with
- Page 160 and 161:
and share routes. You can do the sa
- Page 162 and 163:
There are very few instances where
- Page 164 and 165:
If you change the reference bandwid
- Page 166 and 167:
that the router is ineligible to be
- Page 168 and 169:
In addition to the inverse mask, yo
- Page 170 and 171:
Figure 10-13. Routing in BGP The pr
- Page 172 and 173:
Origin IGP, localpref 100, valid, e
- Page 174 and 175:
outes. Second, add the redistribute
- Page 176 and 177:
Notice the metric keyword on the re
- Page 178 and 179:
While sending useless broadcasts ma
- Page 180 and 181:
default-metric 100000 10 255 1 1500
- Page 182 and 183:
If you do not include the subnets k
- Page 184 and 185:
Here are the IP routing tables from
- Page 186 and 187:
Link ID ADV Router Age Seq# Checksu
- Page 188 and 189:
outes into OSPF 100, assign them a
- Page 190 and 191:
I like to tag my routes with the nu
- Page 192 and 193:
When redistributing other protocols
- Page 194 and 195:
access remote devices in addition t
- Page 196 and 197:
Next, we will add the loopback inte
- Page 198 and 199:
Digging into our EIGRP expertise, w
- Page 200 and 201:
Figure 12-3. Recursive routing exam
- Page 202 and 203:
Once we bring the tunnel up and EIG
- Page 204 and 205:
Figure 12-5. GRE through VPN The co
- Page 207 and 208:
CHAPTER 13 First Hop Redundancy Whe
- Page 209 and 210:
outers are found. If more than one
- Page 211 and 212:
Figure 13-3. Primary Internet link
- Page 213 and 214:
Figure 13-4. Two-link failover scen
- Page 215 and 216:
Figure 13-6. Better failover design
- Page 217 and 218:
Saying things like “percentage of
- Page 219 and 220:
001c.588b.f6a8 (10.0.0.3) There are
- Page 221 and 222:
glbp 10 weighting track 2 decrement
- Page 223 and 224:
CHAPTER 14 Route Maps Route maps ar
- Page 225 and 226:
entire route map. The default claus
- Page 227 and 228:
Figure 14-1. Policy routing example
- Page 229 and 230:
interface to which the packet would
- Page 231:
Here, a workstation on Company 2’
- Page 234 and 235:
• Cisco Express Forwarding (CEF)
- Page 236 and 237:
Figure 15-2. Process switching perf
- Page 238 and 239:
Fast switching uses the binary tree
- Page 240 and 241:
Figure 15-5. Optimum-switching mult
- Page 242 and 243:
CEF supports load balancing over eq
- Page 244 and 245:
Fast Switching Packets that are mal
- Page 246 and 247:
To show the CEF tables in an easy-t
- Page 248 and 249:
that was added to make the switch m
- Page 250 and 251:
Gi1/0/10, Gi1/0/11, Gi1/0/13 Gi1/0/
- Page 252 and 253:
On an IOS-only switch, there is alw
- Page 254 and 255:
As with many technologies on the Ne
- Page 257 and 258:
CHAPTER 17 Cisco 6500 Multilayer Sw
- Page 259 and 260:
The main advantages are supportabil
- Page 261 and 262:
The crossbar fabric shown in Figure
- Page 263 and 264:
Slot 5 Slot 5 is capable of housing
- Page 265 and 266:
PFC3. The PFC2 is paired with the S
- Page 267 and 268:
Nonfabric-enabled modules have conn
- Page 269 and 270:
6 0 20G 0 0 7 0 20G 0 0 7 1 20G 0 0
- Page 271 and 272:
firewall appliances have been repla
- Page 273 and 274:
The NAM is controlled through a web
- Page 275 and 276:
export, distribute or use encryptio
- Page 277 and 278:
Of all the errata, comments, and fe
- Page 279 and 280:
Switch-CatOS: (enable)show top 5 ut
- Page 281 and 282:
If the router will be running OSPF,
- Page 283 and 284:
eload the switch. Do you want to pr
- Page 285 and 286:
*Sep 23 15:25:01.363: %OIR-SW1_SPST
- Page 287 and 288:
VSS#sho switch virtual dual-active
- Page 289:
VSS Best Practices Cisco has a docu
- Page 292 and 293:
Nexus 7000 Nexus 7000s are currentl
- Page 294 and 295:
they can offer N+1 redundancy. That
- Page 296 and 297:
depth of a server cabinet. These sw
- Page 298 and 299:
Figure 18-7. A 2148 FEX mounted in
- Page 300 and 301:
things that seem to trip people up
- Page 302 and 303:
No hidden configuration in NX-OS Wh
- Page 304 and 305:
NX-7K-1-Cozy(config-vlan)# int e3/1
- Page 306 and 307:
Figure 18-11. New Nexus icons Nexus
- Page 308 and 309:
Be careful with VRFs, especially on
- Page 310 and 311:
2010 May 27 00:05:57 NX-7K-2 %$ VDC
- Page 312 and 313:
limit-resource u6route-mem minimum
- Page 314 and 315:
on the blade (4:1 oversubscription)
- Page 316 and 317:
NX-7K-1-Cozy(config-if)# int e7/1,
- Page 318 and 319:
Figure 18-16. Switch connectivity w
- Page 320 and 321:
description FEX0101 type "Nexus 214
- Page 322 and 323:
Figure 18-19. vPC design First, you
- Page 324 and 325:
The first thing you should check wh
- Page 326 and 327:
Native Vlan 1 1 1 MTU 1 1500 1500 A
- Page 328 and 329:
efore config-sync, that meant no ch
- Page 330 and 331:
-----------------------------------
- Page 332 and 333:
Now I can do what I came here to do
- Page 334 and 335:
Please avoid other configuration ch
- Page 336 and 337:
environment, since the only way to
- Page 338 and 339:
Holy panic attack—I need my VDCs
- Page 340 and 341:
[####################] 100% -- SUCC
- Page 342 and 343:
autoneg unmodified, ignoring Checki
- Page 344 and 345:
depending on model) and does not ti
- Page 346 and 347:
while ranges are shown as the start
- Page 348 and 349:
^ % Invalid input detected at '^' m
- Page 350 and 351:
If you’ve been wondering how to a
- Page 352 and 353:
Figure 19-2. Actual storm-control f
- Page 354 and 355:
Figure 19-3. Rising and falling thr
- Page 356 and 357:
3750(config-if)#switchport port-sec
- Page 358 and 359:
addresses are configured for them,
- Page 360 and 361:
x tx Monitor received traffic only
- Page 362 and 363:
Voice VLAN Voice VLAN allows the 37
- Page 364 and 365:
QoS QoS is covered in detail in Cha
- Page 366 and 367:
If you’re looking at someone else
- Page 368 and 369:
Most telecom words and phrases have
- Page 370 and 371:
Figure 20-2. Digital state changes
- Page 372 and 373:
Figure 20-3. DACCS Digital signal h
- Page 374 and 375:
Designator Transmission rate Voice
- Page 376 and 377:
Figure 20-5. Processing delay The b
- Page 378 and 379:
Figure 20-6. RBOC regions US West U
- Page 381 and 382:
CHAPTER 21 T1 In the 1950s, the onl
- Page 383 and 384:
Channelized T1 A channelized T1 is
- Page 385 and 386:
to a pattern including intentional
- Page 387 and 388:
Figure 21-5. DS1 framing ESF works
- Page 389 and 390:
substitution), this is considered a
- Page 391 and 392:
Figure 21-7. Yellow alarm A Yellow
- Page 393 and 394:
Figure 21-10. BPVs seen during loop
- Page 395 and 396:
Figure 21-12. Loopback testing prog
- Page 397 and 398:
CSU/DSU WIC with the service-module
- Page 399 and 400:
AIS alarm : 0, Remote alarm : 0, Mo
- Page 401 and 402:
CHAPTER 22 DS3 I’m going to treat
- Page 403 and 404:
Each T1 is brought up to a line rat
- Page 405 and 406:
Figure 22-4. Channelized versus cle
- Page 407 and 408:
SPA FPGA Invalid Channel Packets: T
- Page 409 and 410:
Cisco supports only M23 and C-bit f
- Page 411:
0 C-bit Errored Secs, 0 C-bit Sever
- Page 414 and 415:
Figure 23-1. Simple Frame Relay WAN
- Page 416 and 417:
of dedicated bandwidth must be allo
- Page 418 and 419:
Figure 23-5. Meshed Frame Relay net
- Page 420 and 421:
Figure 23-8. Subscription of a T1 u
- Page 422 and 423:
Configuring Frame Relay Once you un
- Page 424 and 425:
Ping works because the router has d
- Page 426 and 427:
Router C: Router-C(config-if)#frame
- Page 428 and 429:
Be careful when you choose your sub
- Page 430 and 431:
Physical layer first! Is the cable
- Page 432 and 433:
out pkts dropped 0 out bytes droppe
- Page 435 and 436:
CHAPTER 24 MPLS In my experience, t
- Page 437 and 438:
Figure 24-1. Multisite Frame Relay
- Page 439 and 440:
thing that appears to be different
- Page 441 and 442:
CHAPTER 25 Access Lists The technic
- Page 443 and 444:
To make things even more confusing,
- Page 445 and 446:
When you name access lists, it make
- Page 447 and 448:
Beware of assumptions. You may thin
- Page 449 and 450:
access-list Inbound permit udp any
- Page 451 and 452:
access-list Inbound line 1 permit u
- Page 453 and 454:
Firewalls: object-group icmp-type I
- Page 455 and 456:
IOS-3750(config-if)#int g1/0/2 IOS-
- Page 457 and 458:
Reflexive Access Lists Reflexive ac
- Page 459 and 460:
• The temporary entry will expire
- Page 461:
ip access-group TelnetOut out ! ip
- Page 464 and 465:
VTY is an abbreviation for Virtual
- Page 466 and 467:
Every command and user has an assoc
- Page 468 and 469:
Since my examples were from a lab w
- Page 470 and 471:
configured with usernames/passwords
- Page 472 and 473:
the other router. Notice also that
- Page 474 and 475:
Figure 26-2. CHAP authentication wi
- Page 476 and 477:
If you don’t execute this command
- Page 478 and 479:
As with TACACS+, you can add multip
- Page 480 and 481:
krb5-telnet Use the Kerberos 5 Teln
- Page 482 and 483:
The possible methods for PPP authen
- Page 485 and 486:
CHAPTER 27 Basic Firewall Theory A
- Page 487 and 488:
Deny everything; permit what you ne
- Page 489 and 490:
Outside network The outside network
- Page 491 and 492:
Figure 27-3. Multiple DMZs The fire
- Page 493:
Figure 27-5. Ecommerce website Alte
- Page 496 and 497:
Contexts Many ASAs can be divided i
- Page 498 and 499:
Figure 28-1. ASA interface security
- Page 500 and 501:
FileServer. Using the name command,
- Page 502 and 503:
considering firewalls. With the obj
- Page 504 and 505:
[GAD@someserver GAD]$telnet mail.my
- Page 506 and 507:
active failover also being possible
- Page 508 and 509:
The Classifier When there are multi
- Page 510 and 511:
A better way to configure this scen
- Page 512 and 513:
Configuring Contexts ASA firewalls
- Page 514 and 515:
GAD-Tech default GigabitEthernet0/0
- Page 516 and 517:
The write mem command saves only th
- Page 518 and 519:
is usually the standby when the pai
- Page 520 and 521:
ASA failover works so well that dev
- Page 522 and 523:
Once failover is successfully confi
- Page 524 and 525:
When I first heard the term active/
- Page 526 and 527:
Failover User Group configuration m
- Page 528 and 529:
NAT Commands A few commands are use
- Page 530 and 531:
dangerous, but because the outside
- Page 532 and 533:
networks that need Internet access
- Page 534 and 535:
0 - System Unusable 1 - Take Immedi
- Page 536 and 537:
TCP out 10.120.37.15:80 in LAB-PC:1
- Page 538 and 539:
that there are even more wireless s
- Page 540 and 541:
There are a few methods for securin
- Page 542 and 543:
convenience and paranoia. And yes,
- Page 544 and 545:
wep mandatory command makes it mand
- Page 546 and 547:
378073 packets output, 532095123 by
- Page 549 and 550:
CHAPTER 30 VoIP Voice over IP (VoIP
- Page 551 and 552:
In telephony terms, the control com
- Page 553 and 554:
(VAD), a feature that lowers or eli
- Page 555 and 556:
Processors (DSP). DSPs are speciali
- Page 557 and 558:
computational delay. The way to res
- Page 559 and 560:
If you’re building a VoIP solutio
- Page 561 and 562:
Figure 30-3. Cisco IP phone and wor
- Page 563 and 564:
Now, I’ll apply my policy map to
- Page 565 and 566:
R1-PBX(config)#telephony-service s
- Page 567 and 568:
Since this is a PBX, when you pick
- Page 569 and 570:
R1-PBX(config)#voice-port 0/1/0 R1-
- Page 571 and 572:
R1-PBX(config-ephone-dn)# call-forw
- Page 573 and 574:
Phones are referenced by their MAC
- Page 575 and 576:
Phone 2 ephone 2 description Lauren
- Page 577 and 578:
This, by the way, is why I didn’t
- Page 579 and 580:
Apologies are in order to all my in
- Page 581 and 582:
5. Default dial peer 0 My examples
- Page 583 and 584:
Figure 30-6. Two offices using SIP
- Page 585 and 586:
Notice that the SIP servers are ref
- Page 587 and 588:
If you’ve decided to actually app
- Page 589 and 590:
peer’s match. My MWI dial peer is
- Page 591 and 592:
Remember when I said I’d broken M
- Page 593 and 594:
R1-PBX(config-dial-peer)# destinati
- Page 595 and 596:
It’s also a great tool to use whe
- Page 597 and 598:
*Feb 3 01:17:07.740: //-1/xxxxxxxxx
- Page 599 and 600:
CHAPTER 31 Introduction to QoS Qual
- Page 601 and 602:
1,500,000 bits per second. When the
- Page 603 and 604:
In a nutshell, any traffic that can
- Page 605 and 606:
IP precedence goes way back to the
- Page 607 and 608:
Knowing that a value of 160 in the
- Page 609 and 610:
Figure 31-7. Traffic policing versu
- Page 611 and 612:
Figure 31-11. Too many bits in buff
- Page 613 and 614:
Now, say someone else starts a simi
- Page 615 and 616:
CHAPTER 32 Designing QoS Designing
- Page 617 and 618:
• ---to be determined--- • Ever
- Page 619 and 620:
WAN links should never be built wit
- Page 621 and 622:
Call Manager, the voice gateways, a
- Page 623 and 624:
On newer versions of IOS, you can s
- Page 625 and 626:
I’ve made this mistake so you won
- Page 627 and 628:
Service-policy output: Provider-Out
- Page 629 and 630:
Figure 32-2. Frame Relay mismatched
- Page 631 and 632:
Table 32-1. Traffic-shaping values
- Page 633 and 634:
CHAPTER 33 The Congested Network A
- Page 635 and 636:
The link is saturated, but only in
- Page 637 and 638:
So, let’s take a look at the othe
- Page 639:
Building B. In this case, the only
- Page 642 and 643:
The service-policy statement maps t
- Page 644 and 645:
interface# command. This command pr
- Page 646 and 647:
Match: any Queueing Flow Based Fair
- Page 648 and 649:
Now, let’s take another look at t
- Page 650 and 651:
traffic, the other queues never get
- Page 652 and 653:
Default Queue Too Small The size of
- Page 654 and 655:
Requirements Documents One of the t
- Page 656 and 657:
• Do all interfaces need to be gi
- Page 658 and 659:
Figure 35-2. Core switch hardware d
- Page 660 and 661:
Figure 35-5. IP address layout shee
- Page 662 and 663:
Figure 35-7. Power and BTU values f
- Page 664 and 665:
lax - Los Angeles 1 - It’s the fi
- Page 666 and 667:
Figure 35-8. Typical three-tiered c
- Page 668 and 669:
Figure 35-10. Collapsed-core networ
- Page 670 and 671:
special applications residing on th
- Page 672 and 673:
Remote management is often accompli
- Page 674 and 675:
Figure 35-16. Matching last octet o
- Page 676 and 677:
3. Private Address Space The Intern
- Page 678 and 679:
Assuming Company B would like its e
- Page 680 and 681:
Figure 36-3. Correct and incorrect
- Page 682 and 683:
324578 network entries using 392739
- Page 684 and 685:
Figure 36-5. Subnetting an existing
- Page 686 and 687:
In the first edition of this book,
- Page 688 and 689:
The exception to these rules for me
- Page 690 and 691:
The second rule astounds many peopl
- Page 692 and 693:
In practice, here’s what the Figu
- Page 694 and 695:
Figure 36-16. Subnet worksheet step
- Page 697 and 698:
CHAPTER 37 IPv6 You’ve no doubt h
- Page 699 and 700:
Expanded addressing capabilities IP
- Page 701 and 702:
Subnet Masks Masking IPv6 addresses
- Page 703 and 704:
inet addr:192.168.1.200 Bcast:192.1
- Page 705 and 706:
as much as perceived security throu
- Page 707 and 708:
connect devices just by telling the
- Page 709 and 710:
fascinating has happened. First, le
- Page 711 and 712:
!!!!! Success rate is 100 percent (
- Page 713 and 714:
tempted to write 0:0:0:0::0/0 to ma
- Page 715 and 716:
CHAPTER 38 Network Time Protocol Th
- Page 717 and 718:
NTP Design NTP is often not designe
- Page 719 and 720:
To find publicly available Internet
- Page 721 and 722:
loopfilter state is 'CTRL' (Normal
- Page 723 and 724:
CHAPTER 39 Failures Outright failur
- Page 725 and 726:
supervisor to get connectivity to t
- Page 727 and 728:
identified as such as quickly as po
- Page 729 and 730:
Isolate the Problem Problems are of
- Page 731 and 732:
CHAPTER 40 GAD’s Maxims Over the
- Page 733 and 734:
work to implement. The plan is perf
- Page 735 and 736:
Long-term thinking is the only way
- Page 737 and 738:
Equipment costs Hardware, cabling,
- Page 739:
If, on the other hand, you know wha
- Page 742 and 743:
experience. Networking professional
- Page 744 and 745:
ecause that was what they understoo
- Page 746 and 747:
I’ve had the pleasure of working
- Page 748 and 749:
I once had a boss whose rule for th
- Page 750 and 751:
experience.” My hope is that you
- Page 752 and 753:
that causes the site to become unav
- Page 754 and 755:
fact that you have friends indicate
- Page 756 and 757:
Leadership and Mentoring In my expe
- Page 758 and 759:
alarm indication signal (AIS), 366
- Page 760 and 761:
call quality, VoIP and, 524 call-fo
- Page 762 and 763:
functionality, 581 QoS and, 577 swi
- Page 764 and 765:
VSL support, 256 VSS support, 240 E
- Page 766 and 767:
group radius method, 454, 456 group
- Page 768 and 769:
outer configuration, 679-688 subnet
- Page 770 and 771:
CatOS versus IOS, 249-253 configuri
- Page 772 and 773:
administrative distance, 107, 126 b
- Page 774 and 775:
about, 573-577 Catalyst 3750 suppor
- Page 776 and 777:
RTP streams, 524 RTR (Response Time
- Page 778 and 779:
show spantree command, 92 show span
- Page 780 and 781:
Cisco routers and, 207 defined, 11,
- Page 782 and 783:
vlan command, 35 vlan database comm
- Page 785:
About the Author Gary A. Donahue is