- Page 3:
Network Warrior
- Page 6 and 7:
Network Warrior, Second Edition by
- Page 8 and 9:
Configuring Trunks 42 IOS 42 CatOS
- Page 10 and 11:
Nexus and HSRP 189 GLBP 189 Object
- Page 12 and 13:
Bipolar Violation 362 CRC6 363 Erro
- Page 14 and 15:
Configuring Contexts 486 Interfaces
- Page 16 and 17:
Nonpriority Queue Too Large 624 Def
- Page 18 and 19:
Environmental 729 Leadership and Me
- Page 20 and 21:
I faced a very tough decision when
- Page 22 and 23:
Using Code Examples This book is he
- Page 24 and 25:
would not be published today. Her d
- Page 27 and 28:
CHAPTER 1 What Is a Network Before
- Page 29:
WAN A WAN is a network that is used
- Page 32 and 33:
I was surprised to learn that there
- Page 34 and 35:
equired. Collisions are also limite
- Page 36 and 37:
Hubs have a lot of drawbacks, and m
- Page 38 and 39:
destination MAC address and checks
- Page 40 and 41:
Switch Types Cisco switches can be
- Page 42 and 43:
Planning a Chassis-Based Switch Ins
- Page 44 and 45:
Installing and removing modules Mod
- Page 46 and 47:
How Autonegotiation Works First, le
- Page 48 and 49:
Figure 3-2. Full duplex frames cons
- Page 50 and 51:
Once you’ve set the speed, you ca
- Page 52 and 53:
Figure 4-1. VLANs on a switch Figur
- Page 54 and 55:
Another way to route between VLANs
- Page 56 and 57:
There are a lot of options when cre
- Page 58 and 59:
To create a VLAN, give the vlan com
- Page 60 and 61:
1004 fddinet-default act/unsup 1005
- Page 62 and 63:
This automatically puts us into int
- Page 64 and 65:
How Trunks Work Figure 5-2 is a vis
- Page 66 and 67:
Which Protocol to Use Why are there
- Page 68 and 69:
The default mode for most Cisco swi
- Page 70 and 71:
The output of show interface trunk
- Page 72 and 73:
Switch-2# (enable)clear trunk 3/5 1
- Page 75 and 76:
CHAPTER 6 VLAN Trunking Protocol In
- Page 77 and 78:
Switches with mismatched VTP domain
- Page 79 and 80:
Figure 6-3. Broadcast sent to all s
- Page 81 and 82:
In larger, more dynamic environment
- Page 83 and 84:
3750-IOS(config)#vtp mode client S
- Page 85 and 86:
IOS VTP pruning is enabled with the
- Page 87:
NX-OS NX-OS does not support VTP pr
- Page 90 and 91:
Figure 7-1. EtherChannel on IOS and
- Page 92 and 93:
• The source and destination port
- Page 94 and 95:
The only solutions for this problem
- Page 96 and 97:
Switch-2-CatOS: (enable)sho channel
- Page 98 and 99:
Port-channel: Po1 ------------ Age
- Page 100 and 101:
Input flow-control is off, output f
- Page 102 and 103:
Figure 7-6. VSS MEC versus Nexus vP
- Page 104 and 105:
Technically, you could bond port ch
- Page 106 and 107:
5 Po14 up success success 3-7,9 6 P
- Page 108 and 109:
The computer on Switch A sends out
- Page 110 and 111:
The numbers on the left side of the
- Page 112 and 113:
0 input packets with dribble condit
- Page 114 and 115:
Preventing Loops with Spanning Tree
- Page 116 and 117:
Figure 8-4. BPDU format Every port
- Page 118 and 119:
Root ID Priority 24577 Address 0009
- Page 120 and 121:
Here is the same command as seen on
- Page 122 and 123:
To disable PortFast on an interface
- Page 124 and 125:
UplinkFast should be configured onl
- Page 126 and 127:
If BackboneFast is used, it must be
- Page 128 and 129:
Figure 8-9. Unidirectional link pro
- Page 130 and 131:
Designing to Prevent Spanning Tree
- Page 132 and 133:
outer. Router is the term I will ge
- Page 134 and 135:
When a packet arrives at a router,
- Page 136 and 137:
Gateway of last resort is 11.0.0.1
- Page 138 and 139:
Subnet Subnets are indented under t
- Page 140 and 141:
Supernet (Group of Major Networks)
- Page 142 and 143:
Now I’ll assign a different inter
- Page 145 and 146:
CHAPTER 10 Routing Protocols A rout
- Page 147 and 148:
There may be more than one type of
- Page 149 and 150:
Metrics and Protocol Types The job
- Page 151 and 152:
Figure 10-6. OSPF uses bandwidth to
- Page 153 and 154:
Looking at Table 10-1, you can see
- Page 155 and 156:
is learned on one permanent virtual
- Page 157 and 158:
By default, no interfaces are inclu
- Page 159 and 160:
• Updates in RIPv2 are sent using
- Page 161 and 162:
As with all IGPs, you list the inte
- Page 163 and 164:
D 192.168.3.0/24 [90/2195456] via 1
- Page 165 and 166:
Autonomous System External (ASE) LS
- Page 167 and 168:
outers are assumed to be connected
- Page 169 and 170:
OSPF Router with ID (192.168.1.116)
- Page 171 and 172:
Dampening enabled. 2687 history pat
- Page 173 and 174:
CHAPTER 11 Redistribution Redistrib
- Page 175 and 176:
Regardless of which protocol you re
- Page 177 and 178:
Gateway of last resort is not set C
- Page 179 and 180:
Here are the arguments required for
- Page 181 and 182:
If you do not specify a default met
- Page 183 and 184:
outer ospf 100 redistribute eigrp 1
- Page 185 and 186:
autonomous systems using the same r
- Page 187 and 188:
P 10.10.10.0/24, 1 successors, FD i
- Page 189 and 190:
Gateway of last resort is not set 5
- Page 191 and 192:
Gateway of last resort is not set 5
- Page 193 and 194:
CHAPTER 12 Tunnels A tunnel is a me
- Page 195 and 196:
Figure 12-1. Simple network Given t
- Page 197 and 198:
Keepalive not set Tunnel source 10.
- Page 199 and 200:
To prove that the tunnel is running
- Page 201 and 202:
Router D: interface Loopback0 ip ad
- Page 203 and 204:
down the tunnel. Unfortunately, it
- Page 205:
PIX firewalls also support the keyw
- Page 208 and 209:
The details of Cisco’s HSRP can b
- Page 210 and 211:
To enable this behavior, you must c
- Page 212 and 213:
On each router, we have added the s
- Page 214 and 215:
Figure 13-5. HSRP limitations Metro
- Page 216 and 217:
of 1,024 GLBP groups per router int
- Page 218 and 219:
Weighting is used both for load dis
- Page 220 and 221:
Another nice GLBP command is show g
- Page 222 and 223:
If we wanted GLBP to enable the for
- Page 224 and 225:
metric route-type tag Match metric
- Page 226 and 227:
We used to be able to do AND operat
- Page 228 and 229:
simply provides the best path to th
- Page 230 and 231:
Policy routing overrides the routin
- Page 233 and 234:
CHAPTER 15 Switching Algorithms in
- Page 235 and 236:
Process Switching The original meth
- Page 237 and 238:
a. Is the destination reachable b.
- Page 239 and 240:
The drawbacks of this implementatio
- Page 241 and 242:
The term trie comes from the word r
- Page 243 and 244:
IP fast switching on the same inter
- Page 245 and 246:
CEF 30 ****************************
- Page 247 and 248:
CHAPTER 16 Multilayer Switches Swit
- Page 249 and 250:
Ethernet ports on routers tend to b
- Page 251 and 252:
Queueing strategy: fifo Output queu
- Page 253 and 254:
Another way to get to the MSFC is w
- Page 255:
A quick word is in order about choo
- Page 258 and 259:
Figure 17-1. Individual versus inte
- Page 260 and 261:
Because it controls the crossbar fa
- Page 262 and 263:
Figure 17-3. Cisco 6509 backplanes
- Page 264 and 265:
the standard 6500 chassis (40 Gbps
- Page 266 and 267:
Supervisor-720 This model represent
- Page 268 and 269:
etween the different buses. Specifi
- Page 270 and 271:
CSM for load-balancing needs, but t
- Page 272 and 273:
Interface Vlan30 "inside", is up, l
- Page 274 and 275:
Intrusion Detection System modules.
- Page 276 and 277:
MSFC for Layer-3 functionality, the
- Page 278 and 279:
Queueing strategy: fifo Output queu
- Page 280 and 281:
Figure 17-9. VSS layout including P
- Page 282 and 283:
If you change your mind, just negat
- Page 284 and 285:
We can see the status of the VSS cl
- Page 286 and 287:
activity interval and global aging
- Page 288 and 289:
To reboot only the active switch an
- Page 291 and 292:
CHAPTER 18 Cisco Nexus At the time
- Page 293 and 294:
6509 and 6509E had side-to-side air
- Page 295 and 296:
ports. When mounting switches in ra
- Page 297 and 298:
Figure 18-6. Nexus 5010 with power
- Page 299 and 300:
Figure 18-8. Nexus 2148 FEX with po
- Page 301 and 302:
dhcp Enable/Disable DHCP Snooping d
- Page 303 and 304:
No more write memory Cisco has been
- Page 305 and 306:
on commands with big outputs, like
- Page 307 and 308:
Scalability The Nexus 7000 chassis
- Page 309 and 310:
The downside is that it makes the c
- Page 311 and 312:
Next, I’ll allocate all 32 ports
- Page 313 and 314:
Once I’m connected to the VDC, it
- Page 315 and 316:
NX-7K-1-Cozy(config-if)# rate-mode
- Page 317 and 318:
Figure 18-15. FEXs attached in cros
- Page 319 and 320:
The FEX associate command is what d
- Page 321 and 322:
Figure 18-17. Traditional spanning
- Page 323 and 324:
And the vPC peer keepalive: NX-7K-2
- Page 325 and 326:
Port Mode 1 access access Native Vl
- Page 327 and 328:
Imagine two Nexus 5010s, with large
- Page 329 and 330:
NX-5K-2(config-sync-sp)# sync-peers
- Page 331 and 332:
Here it says that it verified local
- Page 333 and 334:
spanning-tree port type edge trunk
- Page 335 and 336:
NX-5K-1# config sync NX-5K-1(config
- Page 337 and 338:
Name: GAD !Command: Checkpoint cmd
- Page 339 and 340:
tell it that we’re using the mana
- Page 341 and 342:
Install is in progress, please wait
- Page 343 and 344:
CHAPTER 19 Catalyst 3750 Features T
- Page 345 and 346:
As it says, I need to reboot, so I
- Page 347 and 348:
You create macros are created with
- Page 349 and 350:
An easier way to see where macros h
- Page 351 and 352:
Storm Control Storm control prevent
- Page 353 and 354:
Additionally, the latest releases o
- Page 355 and 356:
that this is measured every 200 ms,
- Page 357 and 358:
Protect When a violation occurs, th
- Page 359 and 360:
3750(config)#monitor session 1 des
- Page 361 and 362:
3750(config)#no monitor session S
- Page 363 and 364:
command. The options are cos and tr
- Page 365 and 366:
The interface’s configuration wil
- Page 367 and 368:
CHAPTER 20 Telecom Nomenclature The
- Page 369 and 370:
Digital refers to a signal that has
- Page 371 and 372:
CSU/DSU CSU stands for Channel Serv
- Page 373 and 374:
Designator Transmission rate Voice
- Page 375 and 376:
Figure 20-4. Different propagation
- Page 377 and 378:
POTS POTS is short for the clever p
- Page 379:
T-carrier T-carrier is the generic
- Page 382 and 383:
T1s are full-duplex links. Voice T1
- Page 384 and 385:
This allows for some interesting er
- Page 386 and 387:
Figure 21-4. One-channel sample T1s
- Page 388 and 389:
Performance Monitoring CSU/DSUs con
- Page 390 and 391:
though again, they are described fo
- Page 392 and 393:
Watch out for assumptions. Router D
- Page 394 and 395:
Not all models of CSU/DSU have all
- Page 396 and 397:
Figure 21-13. Integrated CSU/DSU lo
- Page 398 and 399:
Hardware revision is 0.112, Softwar
- Page 400 and 401:
(ninety-six 15-minute intervals), a
- Page 402 and 403:
clocking, framing, and encoding, wh
- Page 404 and 405:
sends a FEOOF signal back to the so
- Page 406 and 407:
You show the status of the interfac
- Page 408 and 409:
However, because this is a channeli
- Page 410 and 411:
Here, we can see the individual ser
- Page 413 and 414:
CHAPTER 23 Frame Relay Frame Relay
- Page 415 and 416:
dell-see). These DLCIs (and your da
- Page 417 and 418:
Figure 23-4. Frame Relay CIR and DE
- Page 419 and 420:
Figure 23-7. Six-node fully meshed
- Page 421 and 422:
ansi q933a Congestion Avoidance in
- Page 423 and 424:
out pkts dropped 0 out bytes droppe
- Page 425 and 426:
Router-B(config)#int s0/0 Router-B(
- Page 427 and 428:
Local IP addresses mapped to remote
- Page 429 and 430:
Figure 23-12. Three-node Frame Rela
- Page 431 and 432:
00:33:05: Serial0/0(in): Status, my
- Page 433:
Serial0/0.102 (up): point-to-point
- Page 436 and 437:
Because entire packets are prefixed
- Page 438 and 439:
So how do the branches communicate
- Page 440 and 441:
encapsulation ppp auto qos voip tru
- Page 442 and 443:
Wildcard Masks Wildcard masks (also
- Page 444 and 445: Reflexive access lists, covered lat
- Page 446 and 447: Here’s an actual example from a P
- Page 448 and 449: access-list Inbound permit icmp any
- Page 450 and 451: access-list Inbound line 8 permit i
- Page 452 and 453: Or using named access lists: ip acc
- Page 454 and 455: able to communicate only with the d
- Page 456 and 457: to contain a permit appletalk inste
- Page 458 and 459: Figure 25-4. Simple access list app
- Page 460 and 461: Reflexive access lists can only be
- Page 463 and 464: CHAPTER 26 Authentication in Cisco
- Page 465 and 466: NX-OS switches work a little differ
- Page 467 and 468: If you specify a command or menu th
- Page 469 and 470: e used when minimal security is des
- Page 471 and 472: CHAP CHAP is more secure than PAP b
- Page 473 and 474: Two-way authentication. As with PAP
- Page 475 and 476: Hostname ISP ! username Bob-01 pass
- Page 477 and 478: Nexus switches seem to be more gear
- Page 479 and 480: Creating Method Lists A method list
- Page 481 and 482: If you’re relying on external ser
- Page 483: interface Serial0/0/0:0 no ip addre
- Page 486 and 487: high level of security, but like yo
- Page 488 and 489: term referring to a zone created be
- Page 490 and 491: Figure 27-2. DMZ connecting to a ve
- Page 492 and 493: Figure 27-4 shows a simplified layo
- Page 496 and 497: Contexts Many ASAs can be divided i
- Page 498 and 499: Figure 28-1. ASA interface security
- Page 500 and 501: FileServer. Using the name command,
- Page 502 and 503: considering firewalls. With the obj
- Page 504 and 505: [GAD@someserver GAD]$telnet mail.my
- Page 506 and 507: active failover also being possible
- Page 508 and 509: The Classifier When there are multi
- Page 510 and 511: A better way to configure this scen
- Page 512 and 513: Configuring Contexts ASA firewalls
- Page 514 and 515: GAD-Tech default GigabitEthernet0/0
- Page 516 and 517: The write mem command saves only th
- Page 518 and 519: is usually the standby when the pai
- Page 520 and 521: ASA failover works so well that dev
- Page 522 and 523: Once failover is successfully confi
- Page 524 and 525: When I first heard the term active/
- Page 526 and 527: Failover User Group configuration m
- Page 528 and 529: NAT Commands A few commands are use
- Page 530 and 531: dangerous, but because the outside
- Page 532 and 533: networks that need Internet access
- Page 534 and 535: 0 - System Unusable 1 - Take Immedi
- Page 536 and 537: TCP out 10.120.37.15:80 in LAB-PC:1
- Page 538 and 539: that there are even more wireless s
- Page 540 and 541: There are a few methods for securin
- Page 542 and 543: convenience and paranoia. And yes,
- Page 544 and 545:
wep mandatory command makes it mand
- Page 546 and 547:
378073 packets output, 532095123 by
- Page 549 and 550:
CHAPTER 30 VoIP Voice over IP (VoIP
- Page 551 and 552:
In telephony terms, the control com
- Page 553 and 554:
(VAD), a feature that lowers or eli
- Page 555 and 556:
Processors (DSP). DSPs are speciali
- Page 557 and 558:
computational delay. The way to res
- Page 559 and 560:
If you’re building a VoIP solutio
- Page 561 and 562:
Figure 30-3. Cisco IP phone and wor
- Page 563 and 564:
Now, I’ll apply my policy map to
- Page 565 and 566:
R1-PBX(config)#telephony-service s
- Page 567 and 568:
Since this is a PBX, when you pick
- Page 569 and 570:
R1-PBX(config)#voice-port 0/1/0 R1-
- Page 571 and 572:
R1-PBX(config-ephone-dn)# call-forw
- Page 573 and 574:
Phones are referenced by their MAC
- Page 575 and 576:
Phone 2 ephone 2 description Lauren
- Page 577 and 578:
This, by the way, is why I didn’t
- Page 579 and 580:
Apologies are in order to all my in
- Page 581 and 582:
5. Default dial peer 0 My examples
- Page 583 and 584:
Figure 30-6. Two offices using SIP
- Page 585 and 586:
Notice that the SIP servers are ref
- Page 587 and 588:
If you’ve decided to actually app
- Page 589 and 590:
peer’s match. My MWI dial peer is
- Page 591 and 592:
Remember when I said I’d broken M
- Page 593 and 594:
R1-PBX(config-dial-peer)# destinati
- Page 595 and 596:
It’s also a great tool to use whe
- Page 597 and 598:
*Feb 3 01:17:07.740: //-1/xxxxxxxxx
- Page 599 and 600:
CHAPTER 31 Introduction to QoS Qual
- Page 601 and 602:
1,500,000 bits per second. When the
- Page 603 and 604:
In a nutshell, any traffic that can
- Page 605 and 606:
IP precedence goes way back to the
- Page 607 and 608:
Knowing that a value of 160 in the
- Page 609 and 610:
Figure 31-7. Traffic policing versu
- Page 611 and 612:
Figure 31-11. Too many bits in buff
- Page 613 and 614:
Now, say someone else starts a simi
- Page 615 and 616:
CHAPTER 32 Designing QoS Designing
- Page 617 and 618:
• ---to be determined--- • Ever
- Page 619 and 620:
WAN links should never be built wit
- Page 621 and 622:
Call Manager, the voice gateways, a
- Page 623 and 624:
On newer versions of IOS, you can s
- Page 625 and 626:
I’ve made this mistake so you won
- Page 627 and 628:
Service-policy output: Provider-Out
- Page 629 and 630:
Figure 32-2. Frame Relay mismatched
- Page 631 and 632:
Table 32-1. Traffic-shaping values
- Page 633 and 634:
CHAPTER 33 The Congested Network A
- Page 635 and 636:
The link is saturated, but only in
- Page 637 and 638:
So, let’s take a look at the othe
- Page 639:
Building B. In this case, the only
- Page 642 and 643:
The service-policy statement maps t
- Page 644 and 645:
interface# command. This command pr
- Page 646 and 647:
Match: any Queueing Flow Based Fair
- Page 648 and 649:
Now, let’s take another look at t
- Page 650 and 651:
traffic, the other queues never get
- Page 652 and 653:
Default Queue Too Small The size of
- Page 654 and 655:
Requirements Documents One of the t
- Page 656 and 657:
• Do all interfaces need to be gi
- Page 658 and 659:
Figure 35-2. Core switch hardware d
- Page 660 and 661:
Figure 35-5. IP address layout shee
- Page 662 and 663:
Figure 35-7. Power and BTU values f
- Page 664 and 665:
lax - Los Angeles 1 - It’s the fi
- Page 666 and 667:
Figure 35-8. Typical three-tiered c
- Page 668 and 669:
Figure 35-10. Collapsed-core networ
- Page 670 and 671:
special applications residing on th
- Page 672 and 673:
Remote management is often accompli
- Page 674 and 675:
Figure 35-16. Matching last octet o
- Page 676 and 677:
3. Private Address Space The Intern
- Page 678 and 679:
Assuming Company B would like its e
- Page 680 and 681:
Figure 36-3. Correct and incorrect
- Page 682 and 683:
324578 network entries using 392739
- Page 684 and 685:
Figure 36-5. Subnetting an existing
- Page 686 and 687:
In the first edition of this book,
- Page 688 and 689:
The exception to these rules for me
- Page 690 and 691:
The second rule astounds many peopl
- Page 692 and 693:
In practice, here’s what the Figu
- Page 694 and 695:
Figure 36-16. Subnet worksheet step
- Page 697 and 698:
CHAPTER 37 IPv6 You’ve no doubt h
- Page 699 and 700:
Expanded addressing capabilities IP
- Page 701 and 702:
Subnet Masks Masking IPv6 addresses
- Page 703 and 704:
inet addr:192.168.1.200 Bcast:192.1
- Page 705 and 706:
as much as perceived security throu
- Page 707 and 708:
connect devices just by telling the
- Page 709 and 710:
fascinating has happened. First, le
- Page 711 and 712:
!!!!! Success rate is 100 percent (
- Page 713 and 714:
tempted to write 0:0:0:0::0/0 to ma
- Page 715 and 716:
CHAPTER 38 Network Time Protocol Th
- Page 717 and 718:
NTP Design NTP is often not designe
- Page 719 and 720:
To find publicly available Internet
- Page 721 and 722:
loopfilter state is 'CTRL' (Normal
- Page 723 and 724:
CHAPTER 39 Failures Outright failur
- Page 725 and 726:
supervisor to get connectivity to t
- Page 727 and 728:
identified as such as quickly as po
- Page 729 and 730:
Isolate the Problem Problems are of
- Page 731 and 732:
CHAPTER 40 GAD’s Maxims Over the
- Page 733 and 734:
work to implement. The plan is perf
- Page 735 and 736:
Long-term thinking is the only way
- Page 737 and 738:
Equipment costs Hardware, cabling,
- Page 739:
If, on the other hand, you know wha
- Page 742 and 743:
experience. Networking professional
- Page 744 and 745:
ecause that was what they understoo
- Page 746 and 747:
I’ve had the pleasure of working
- Page 748 and 749:
I once had a boss whose rule for th
- Page 750 and 751:
experience.” My hope is that you
- Page 752 and 753:
that causes the site to become unav
- Page 754 and 755:
fact that you have friends indicate
- Page 756 and 757:
Leadership and Mentoring In my expe
- Page 758 and 759:
alarm indication signal (AIS), 366
- Page 760 and 761:
call quality, VoIP and, 524 call-fo
- Page 762 and 763:
functionality, 581 QoS and, 577 swi
- Page 764 and 765:
VSL support, 256 VSS support, 240 E
- Page 766 and 767:
group radius method, 454, 456 group
- Page 768 and 769:
outer configuration, 679-688 subnet
- Page 770 and 771:
CatOS versus IOS, 249-253 configuri
- Page 772 and 773:
administrative distance, 107, 126 b
- Page 774 and 775:
about, 573-577 Catalyst 3750 suppor
- Page 776 and 777:
RTP streams, 524 RTR (Response Time
- Page 778 and 779:
show spantree command, 92 show span
- Page 780 and 781:
Cisco routers and, 207 defined, 11,
- Page 782 and 783:
vlan command, 35 vlan database comm
- Page 785:
About the Author Gary A. Donahue is