SECOND EDITION

Network Warrior

Gary A. Donahue

O'REILLY
Beijing Cambridge Farnharn Kln Sebastopol Tokyo

Table of Contents

Preface
1. What Is aNetwork?

xvii
1

2. Hubs and Switches

Hubs Switches Switch Types Planning a Chassis-Based Switch Installation

S
5 10 14 16

3. Autonegotiation
What Is Autonegotiation? How Autonegotiation Works When Autonegotiation Fails Autonegotiation Best Practices Configuring Autonegotiation

19
19 20 21 23 23

4. VlANs
Connecting VLANs Configuring VLANs CatOS 105 Using VLAN Database TOS Using Global Commands Nexus and NX-OS

2S
25 29 29 31 33 35

5. Trunking............................................................. 37
How Trunks Work ISL 802.1Q Which Protocol to Use Trunk Negotiation 38 39 39 40 40

Configuring Trunks lOS CatOS Nexus and NX-OS

42 42 44
46

6. VLAN Trunking Protocol

VTP Pruning Dangers of VTP Configuring VTP VTP Domains VTP Mode VTP Password VTP Pruning

49
52 54 55 55 56 57 58

7. Link Aggregation ..................................... 63

EtherChannel EtherChannel Load Balancing Configuring and Managing EtherChannel Cross-Stack EtherChannel Multichassis EtherChannel (MEC) Virtual Port Channel Initial vPC Configuration Adding a vPC 63 64 68 75 75 75 76 77

8. Spanning Tree
Broadcast Storms MAC Address Table Instability Preventing Loops with Spanning Tree How Spanning Tree Works Managing Spanning Tree Additional Spanning Tree Features PortFast BPDU Guard UplinkFast BackboneFast Common Spanning Tree Problems Duplex Mismatch Unidirectional Links Bridge Assurance Designing to Prevent Spanning Tree Problems Use Routing Instead of Switching for Redundancy Always Configure the Root Bridge

81 82
86 88 88 91

95 95 96
97

99

100 100 101 103 104

104 104

vi I Table ofContents

9. Routing and Routers

Routing Tables Route Types The IP Routing Table Host Route Subnet Summary (Group of Subnets) Major Network Supernet (Group of Major Networks) Default Route Virtual Routing and Forwarding

105
106 109 109 111 112 112 113 114 114 115

10. Routing Protocols

Communication Between Routers Metries and Protacol Types Administrative Distance Specific Routing Protocols RIP RIPv2 EIGRP OSPF BGP

119
120 123 125 127 129 132 133 137 143

11. Redistribution
Redistributing into RIP Redistributing into EIGRP Redistributing into OSPF Mutual Redistribution Redistribution Loops Limiting Redistribution Route Tags A Real-World Example

147
149 152 154 156 157 159 159 163

12. Tunnels
GRE Tunnels GRE Tunnels and Routing Protocols GRE and Access Lists

167
168 173 178

13. First Hop Redundancy

HSRP HSRP Interface Tracking When HSRP Isn't Enough

"

181
181 184 186

Table ofContents I vii

Nexus and HSRP GLBP Object Tracking in GLBP

189 189 194

14. Route Maps

Building a Route Map Policy Routing Example Monitoring Policy Routing

197
198 200 203

15. Switching Aigorithms in Cisco Routers

Process Switching Interrupt Context Switching Fast Switching Optimum Switching CEF Configuring and Managing Switching Paths Process Switching Fast Switching CEF

207
209 210 211 213 213 216 216 218 219

16. Multilayer Switches

Configuring SVls 105 (4500,6500,3550,3750, etc.) Hybrid Mode (4500,6500) NX-OS (Nexus 7000, 5000) Multilayer Switch Models

221
223 223 225 227 228

17. Cisco 6500 Multilayer Switches

Architecture Buses Enhanced Chassis Vertical Enhanced Chassis Supervisors Modules CatOS Versus 105 Installing VSS Other Recommended VSS Commands VSS Failover Commands Miscellaneous VSS Commands VSS Best Practices

231
233 234 237 238 238 240 249 253 259 261 262 263

18. Cisco Nexus . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .. 265

Nexus Hardware
viii Table ofContents

265

Nexus 7000 Nexus 5000 Nexus 2000 Nexus 1000Series NX-OS NX-OS Versus 105 Nexus Iconography Nexus Design Features Virtual Routing and Forwarding Virtual Device Contexts Shared and Dedicated Rate-Mode Configuring Fabric Extenders (FEXs) Virtual Port Channel Config-Sync Configuration Rollback Upgrading NX-OS

266 268
270

272
273

274 279 280 281 283 287 290 294 300 309 312

19. Catalyst 3750 Features

Stacking Interface Ranges
Macr~

317
317 319

3W
324 325 329 332 336 338

Flex Links Storm Contral Port Security SPAN Voice VLAN QoS

20. Telecom Nomenclature

Telecom Glossary

341
342

21. Tl
Understanding Tl Duplex Types ofTI Encoding AMI B8ZS Framing D4/Superframe Extended Super Frame Performance Monitoring Loss of Signal Out of Frame

355
355 356 357 357 358 359 360 360 362 362 362

fable ofContents

ix

Bipolar Violation CRC6 Errored Seconds Extreme Errored Seconds Alarms Red Alarm Yellow Alarm Blue Alarm Troubleshooting T1s Loopback Tests Integrated CSU/DSUs Configuring Tls CSU/DSU Configuration CSU/DSU Troubleshooting

362 363 363 363 363 364 364 366 366 366 369 370 370 371

22. DS3
Framing M13 C-Bits Clear-Channel DS3 Framing Line Coding Configuring DS3s Clear-Channel DS3 Channelized DS3

375
375 376 377 378 379 379 379 381

23. Frame Relay . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .. 387

Ordering Frame Relay Service Frame Relay Network Design Oversubscription Local Management Interface Congestion Avoidance in Frame Relay Configuring Frame Relay Basic Frame Relay with Two Nodes Basic Frame Relay with More Than Two Nodes Frame Relay Subinterfaces Troubleshooting Frame Relay 390 391 393 394 395 396 396 398 401 403

24. MPlS............................................................... 409 25. Access lists

Designing Access Lists Named Versus Numbered Wildcard Masks
x

415
415 415 416

Table otcontents

Where to Apply Access Lists Naming Access Lists Top-Down Processing Most-Used on Top Using Groups in ASA and PIX ACLs Deleting ACLs Turbo ACLs Allowing Outbound Traceroute and Ping Allowing MTU Path Discovery Packets ACLs in Multilayer Switches Configuring Port ACLs Configuring Router ACLs Configuring VLAN Maps Reflexive Access Lists Configuring Reflexive Access Lists

417 418 419 419 421 424 424 425 426 427 427 428 429 431 433

26. Authentication in Cisco Devices

Basic (Non-AAA) Authentication Line Passwords Configuring Local Users PPP Authentication AAA Authentication Enabling AAA Configuring Security Server Information Creating Method Lists Applying Method Lists

437
437 437 439 442 449 449 450 453 456

27. Basic Firewall Theory

Best Practices The DMZ Another DMZ Example Multiple DMZ Example Alternate Designs

459
459 461 463 464 465

28. ASA Firewall Configuration

Contexts Interfaces and Security Levels Names Object Groups Inspeers Managing Contexts Context Types The Classifier

469
470 470 473 475 477 479 480 482

Table ofContents

xi

Configuring Contexts Interfaces and Contexrs Write Mem Behavior Failover Failover Terminology Understanding Failover Configuring Failover-Active/Standby Monitoring Failover Configuring Failover-Active/Active NAT NAT Commands NAT Examples Miscellaneous Remote Access Saving Configuration Changes Logging Troubleshooting

486 489 489 490 491 492 494 496 497 501 502 502 506 506 506 507 509

29. Wireless
Wireless Standards Security Configuring a W AP MAC Address Filtering Troubleshooting

511
511

513 516 520 521

30. VoIP
How YoIP Works Protocols Telephony Terms Cisco Telephony Terms Common Issues with YoIP Small-Office YoIP Example YLANs Switch Ports QoS on the CME Router DHCP for Phones TFTP Service Telephony Service Dial Plan Yoice Ports Configuring Phones Dial Peers SIP

523
523

525
527

528 530 532 533 535 536 537 537 538 542 542 543 551 555

xii I Table oHontents

Troubleshooting Phone Registration TFTP Dial Peer SIP

567 567 568 569 570

31. Introduction to QoS

Types of QoS QoS Mechanics Priorities Flavors of QoS Common QoS Misconceptions QoS "Carves Up" a Link into Smaller Logical Links QoS Limits Bandwidth QoS Resolves a Need for More Bandwidth QoS Prevents Packets from Being Dropped QoS Will Make You More Attractive to the Opposite Sex

573
577 578 578 58 I 586 586 587 587 588 588

32. Designing QoS

LLQ Scenario Protocols Priorities Determine Bandwidth Requirernents Configuring the Routers Class Maps Policy Maps Service Policies Traffic-Shaping Scenarios Scenario 1: Ethernet Handoff Scenario 2: Frame Relay Speed Mismatch

589
589 589 590 592 594 594 596 597 598 598 602

33. The Congested Network

Determining Whether the Network Is Congested Resolving the Problem

607
607 612

34. The Converged Network

Configuration Monitoring QoS Troubleshooting a Converged Network Incorrect Queue Configuration Priority Queue Too Small Priority Queue Too Large Nonpriority Queue Too Small

615
615 617 620 620 621 623 624
Table of(ontents I xiii

Nonpriority Queue Too Large Default Queue Too Small Default Queue Too Large

624 626 626

35. Designing Networks

Documentation Requirements Documents Port Layout Spreadsheets IP and VLAN Spreadsheets Bay Face Layouts Power and Cooling Requirements Tips for Network Diagrams Naming Conventions for Devices Network Designs Corporate Networks Ecommerce Websites Modern Virtual Server Environments Small Networks

627
627 628 629 633 634 634 636 637 639 639 643 648 648

36. IP Design
Public Versus Private 1P Space VLSM CIDR Allocating 1P Network Space Allocating 1P Subnets Sequential Divide by Half Reverse Binary 1P Subnetting Made Easy

649
649 652 654 656 658 658 660 660 663

37. IPv6
Addressing Subnet Masks Address Types Subnetting NAT Simple Router Configuration

671
673 675 675 677 678 679

38. Network Time Protocol

What 1s Aceurate Time? NTP Design Configuring NTP NTP Client
xiv I Table ofContents

689
689 691 693 693

NTP Server

696

39. Failures................ . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .. 697

Human Error Multiple Component Failure Disaster Chains No Failover Testing Troubleshooting Remain Calm Log Your Actions Find Out What Changed Check the Physical Layer First! Assume Nothing; Prove Everything Isolate the Problem Don't Look for Zebras Do a Physical Audit Escalate Troubleshooting in a Team Environment The janitor Principle 697 698 699 700 700 701 701 701 702 702 703 703 703 704 704 704

40. GAD's Maxims

Maxim #1 Politics Money The Right Way to Do It Maxim#2 Simplify Standardize Stabilize
M~m~

705
705 706 707 707 708 709 709 709

ro9

Lower Costs Increase Performance or Capacity Increase Reliability

710 711 712

41. Avoiding Frustration. . . . . . . . . . . . .. . . . . . . . . .. . . . . . . . . . . . . . . .. . . . .. . . . .. 715

Why Everything Is Messed Up How to Seil Your Ideas to Management When to Upgrade and Why The Dangers of Upgrading Valid Reasons to Upgrade Why Change Control Is Your Friend How Not to Be a Computer jerk Behavioral 715 718 722 723 724 725 727 727

Table ofContents I xv

Environmental Leadership and Mentoring

729

730

Index

731

xvi I Table ofContents