CCNP SWITCH STUDY NOTES - FOR NON TECHNICAL

BLUEPRINT ITEMS
01 – 20 – 2011
john.lockie@gmail.com

Big disclaimer: in no way is this intended to be a full solution study guide for CCNP SWITCH exam.
In fact, these notes were compiled for my own personal use only, and specifically for the topics that
were surrounding PPDIOO and/or IMPLEMENTATIO and VERIFICATION PLANS (the most annoying parts!). That
said, if you find it helpful to passing let me know. I suggest you buy the books I reference,
because additional reading would be good – and it would be good to support the authors. They are (1)
Foundation Learning Guide Cisco Switched Networks by Richard Froom (2) CCNP SWITCH Quick Reference
Guide by Denise Donohue (3) CCNP SWITCH Official Certification Guide by David Hucaby. For the
technical aspects of this exam I recommend the SWITCH CERTIFICATION KIT which includes Denise’s book,
some online flash cards, and Hucaby videos (quite good ones). The exam engines I am using are Boson
and Transcenders. They each have their place.

PPDIOO / NETWORK DESIGN and IMPLEMENTATION

Foundation Learning Guide Chapter 1 pg. 37-38
PPDIOO Fundamentals
 Prepare: establishing organizational requirements and financial
justification
 Plan: identify initial network requirements
 Design: comprehensive detail uses as basis for implementation activities
 Implement: network is built according to design specifications
 Operate: correction and performance monitoring occurs through daily
operations, which is used for optimization
 Optimize: proactive management of network and can prompt a network
redesign

Benefits of PPDIOO approach are (pg. 38-39):

 Lowering TCO
 Increasing network availability
 Improving agility / competitiveness
 Speeding access to application and services (customer support)

Foundation Learning Guide Chapter 1 pg. 5

Well Designed Networks are:
 Modular (scalable)
 Resilient (100% uptime)
 Flexible (faster changes)

Foundation Learning Guide Chapter 1 pg. 6-7

Hierarchical Models for Campus Design
 Access Layer: most feature rich section applying security, access
controls, filters, and management
 Distribution Layer: service and control boundary between edge and core.
Where L3 happens
 Core Layer: high speed packet switching
Benefits of Hierarchical Model
 Modular
 Easily understood
 Flexibility
 Scalability
 Predictability
 Reduces troubleshooting complexity

Foundation Learning Guide Chapter 1 pg. 25-26, Quick Reference Chapter 1 pg. 9
SONA Layers (Service Oriented Network Architecture)
 Network Infrastructure Layer: the network
 Interactive Services Layer: security, mobility, voice, compute, storage,
identity, and virtualization – “delivery” is the focus
 Application Layer: unified messaging, conferencing, IP telephony, video,
IM, contact centers

Foundation Learning Guide Chapter 1 pg. 25-26

SONA Benefits
 Convergence
 Cost savings
 Productivity
 Faster deployment of new services and applications
 Enhanced business processes

Foundation Learning Guide Chapter 1 pg. 40

Implementation Components
 Description of step
 Reference to a design doc
 Detailed implementation guidelines
 Detailed roll-back guidelines
 Estimated time for completion
 Steps for verification

Quick Reference Chapter 1 pg. 8

Traffic Flow, Types, and Patters (usually used to determine network resources
needed for implementation)
 IP telephony, signaling, and media
 Core app traffic (ERP, CRM, etc.)
 Multicast media
 Network management
 Application data (web sites, email, files, database)
 Scavenger class (less than best effort traffic)

Traffic Flow
 Peer-to-Peer: IP phone calls, video conferencing, file sharing, IM, etc.
 Client to Server: email, file, database, etc.
 Client to Enterprise Edge: email, web servers, ecommerce
DETERMINE NETWORK RESOURCES NEEDED FOR IMPLEMENTING A VLAN BASED SOLUTION ON A
NETWORK
Foundation Learning Guide Chapter 1 pg. 18
 Identify traffic flows, types, and patterns

CREATE A VLAN BASED IMPLEMENTATION PLAN

Foundation Learning Guide Chapter 2 pg. 58-59
Implementation plan includes
 Subnets and associated VLANs
 VLAN Number
 VLAN Name
 VLAN Purpose
 VLAN to IP Address Scheme
 Physical location of VLANs (determine which switch has which VLANs)
 Assignment method (dot1x etc.)
 Placement of trunks, native VLAN for trunks, and allowed VLANs on trunks
 VTP configuration

Quick Reference Guide Chapter 2 pg. 14

Implementation plan includes
 VLAN numbering, naming, and IP addressing scheme
 VLAN placement (local or multiple switches)
 Trunk requirements
 VTP parameters
 Test and verification plan

CREATE A VLAN BASED VERIFICATION PLAN

Foundation Chapter 2 pg64-65
Verification plan includes
 show vlan (VLAN #, Name, status, ports, MTU, STP, etc.)
 show running-config interface <interface> (vlan ID & trunk mode)
 show interface <interface> switchport (trunking mode)
 show mac-address-table interface <interface> vlan <vlan>

Quick Reference Guide Chapter 2 pg. 15

Verification plan includes
 show vlan brief
 show running-config interface <interface> (verify VLAN membership of a
port)
 show mac address-table interface <interface> <vlan>
 show interfaces <interface> switchport

DOCUMENT RESULTS OF VLAN IMPLEMENTATION AND VERIFICATION

Quick Reference Guide Chapter 5 pg. 62
Documentation should include
 Up to date network diagrams
 Network addresses
 VLAN information
 Interface information
 Important servers
 Applications
 Services
 Document the “WHY” and not just the “HOW”
DETERMINE NETWORK RESOURCES NEEDED FOR IMPLEMENTING A SECURITY SOLUTION
Foundation Learning Guide Chapter 1 pg. 18
 Identify traffic flows, types, and patterns

Transcenders Exam Engine

 Risk levels of devices
 Any applications currently used on the network
 User types for each device

CREATE A IMPLEMENTATION PLAN FOR THE SECURITY SOLUTION

Transcenders Exam Engine
Implementation plan includes
 STP design topology
 Rollback guidelines
 Summary and detailed implementation steps
 Incident response plan
 Security policy

Quick Reference Guide Chapter 7 pg. 89-90

Implementation plan includes
 Use strong passwords
 Limit telnet via access lists
 Use SSH in place of telnet
 Physically secure access to devices
 Use banners to warn on access
 Remove unused services (finger, TCP/UDP small servers, etc.)
 Set up and monitor syslog
 Disable automatic trunking
 Disable CDP on ports where it’s not needed

Foundation Chapter 6 pg. 391

Implementation plan includes
 Configure strong passwords
 Restrict management through ACLs
 Secure physical access to console
 Secure access to VTY lines
 Configure warning banners
 Disable unneeded or unused services (Finger, BOOTP, etc.)
 Trim and minimize the use of CDP/LLDP
 Disable the integrated HTTP daemon
 Configure basic system logging (syslog)
 Secure SNMP
 Limit trunking connections and propagated VLANs (pruning, disable
DTP/PAgP)
 Security STP (Root Guard, BPDU Guard + PortFast

Foundation Chapter 6 pg. 397

Mitigating Switch Threats (design best practices)
 Proactively configure unused router and switch ports
 Execute shutdown on all unused ports
 Place unused ports in a non-native VLAN for isolation
 Configure all unused ports as access ports and disallow trunk negotiation
 Use switchport host command to set port to access, enable portfast, and
disable etherchannel and trunking
 Secure switching closest physically
Foundation Chapter 6 pg. 391
Security Policy Defined (-LOW PRIORITY-)
 Provides process for auditing existing network security
 Provides general framework for implementing network security
 Defines disallowed behavior toward electronic data
 Determines which tools and procedures are needed for the organization
 Communicates consensus and defines responsibility of users and
administrators
 Defines a process for handling network security incidents
 Enables enterprise wide security implementation and enforcement plan

CREATE A VERIFICATION PLAN FOR THE SECURITY SOLUTION

Quick Reference Chapter 7 pg. 80-89
Verification plan includes
 port-security (prevents MAC attacks) show port-security interface
<interface>
 port-based authentication 802.1x (additional MAC protection) show dot1x
 show interface <interface> switchport to verity DTP, VLANs allowed on
trunk, PVLAN, and pruned VLANs, etc.
 show vlan filter display VACLs applied to VLANs
 show vlan access-map show filter configuration
 show interfaces private-vlan mapping verify private VLAN configuration
 show ip dhcp snooping verify DHCP snooping configuration

DOCUMENT RESULTS OF SECURITY IMPLEMENTATION AND VERIFICATION

Quick Reference Guide Chapter 5 pg. 62
Documentation should include
 Up to date network diagrams
 Network addresses
 VLAN information
 Interface information
 Important servers
 Applications
 Services
 Document the “WHY” and not just the “HOW”
DETERMINE NETWORK RESOURCES NEEDED FOR IMPLEMENTING A SWITCH BASED LAYER 3
SOLUTION
Quick Reference Chapter 1 pg. 8
 Idenfity traffic flows, types, and patterns

CREATE AN IMPLEMENTATION PLAN FOR A SWITCH BASED LAYER 3 SOLUTION

Quick Reference Chapter 4 pg. 54
Implementation plan includes
 Enable IP routing
 Create VLAN
 Create SVIs
 Associate IP with each SVI
 Configure dynamic routing protocol

Foundation Chapter 4 pg. 195

Implementation plan includes
 How many VLANs need routing along with VLAN IDs
 Ports connected to router
 Native VLAN and trunk encapsulation type
 Dynamic routing
 Etherchannel
 DHCP
 CEF

CREATE A VERIFICATION PLAN FOR A SWITCH BASED LAYER 3 SOLUTION

Foundation Chapter 4 pg. 201
Verification plan includes
• show ip interface <interface> | <svi number>
• show interface <interface> | <svi number>
• show running interface <type port> | <svi number>
• ping
• show vlan
• show interface trunk
• show ip protocol
• show ip route
• show ip dhcp binding
• show ip dhcp server packet
• show ip cef
• show adjacency
• confirm correct VLANs on switches and trunks
• confirm correct routes
• confirm correct primary and secondary root bridges
• confirm correct IP address and subnet masks

DOCUMENT RESULTS OF SWITCH BASED LAYER 3 IMPLEMENTATION AND VERIFICATION

Quick Reference Guide Chapter 5 pg. 62
Documentation should include
 Up to date network diagrams
 Network addresses
 VLAN information
 Interface information
 Important servers
 Applications
 Services
 Document the “WHY” and not just the “HOW”
DETERMINE NETWORK RESOURCES NEEDED FOR IMPLEMENTING HIGH AVAILABILITY ON A
NETWORK
Quick Reference Guide Chapter 5 pg. 62, 60, 78
High availability design should include
 redundant links and devices
 quick failover between device and links
 redundancy within the hardware such as dual power, cold standby parts
 features that include fast failover
 network monitoring and management
 VLAN topology (end-to-end = HSRP/VRRP, local = GLBP)
 Establish understanding of business process and people’s work habits,
etc.
 Capacity audit
 IOS Versions
 Risk analysis

Quick Reference Chapter 1 pg. 8

 Idenfity traffic flows, types, and patterns

CREATE A HIGH AVAILABILITY IMPLEMENTATION PLAN

Quick Reference Guide Chapter 5 pg. 60
Implementing includes
 NSF (non stop forwarding)
 SSO (stateful switch over)
 Stackwise technology
 VSS (virtual switching system)
 SNMP & SYSLOG (monitoring tools)
 IP SLA (IP service level agreement)
 IOS versions (very important that they match with HA services)
 Corporate best-practice design compliance
 Disaster recovery plans
 Evaluate security impact of proposed changes
 Determine root bridge (HSRP/VRRP), priorities, tracking, and timers
 STP details

CREATE A HIGH AVAILABILITY VERIFICATION PLAN

Official Cert Guide Chapter 3 pg. 289
Verification plan includes
 display HSRP status show standby grief
 display HSRP on an interface show standby <interface>
 display VRRP status show vrrp brief all
 display VRRP on an interface show vrrp interface <interface>
 display status of GLBP group show glbp <group> [brief]

Quick Reference Chapter 5 pg. 68

Verification plan includes
 Network management tools (SYSLOG, SNMP, IP SLA)
DOCUMENT RESULTS OF HIGH AVAILABILITY IMPLEMENTATION AND VERIFICATION
Quick Reference Guide Chapter 5 pg. 62
Documentation should include
 Up to date network diagrams
 Network addresses
 VLAN information
 Interface information
 Important servers
 Applications
 Services
 Document the “WHY” and not just the “HOW”

Foundation Guide Chapter 5 pg. 248

Documentation should include
 Explanation of who and why the network evolved
 Key addresses, VLANs, and servers
 Services, applications, and virtual/physical servers

IMPLEMENT A VOIP SUPPORT SOLUTION

Where to read
 Foundation Learning Guide Chapter 7
 Quick Reference Guide Chapter 8
 Official Certification Guide Chapter 14

IMPLEMENT VIDEO SUPPORT SOLUTION

Where to read
 Foundation Learning Guide Chapter 7
 Quick Reference Guide Chapter 8