Note: Chapter 4 is for Part 1 and Chapter 5 is for Part 2. See upload section for the information
cmit_452_2.docx
switch_v7_ch05.pptx
switch_v7_ch04.pptx
Unformatted Attachment Preview
Part 1
Question 1: Local VLANs vs. End-to-End VLANs
Compare and contrast the advantages and use cases for when you would use end-to-end VLANs
versus local VLANs.
Question 2: The Spanning Tree Toolkit
In Enterprise and Campus networks (and even in some Data Center environments) Spanning
Tree plays a critical role in the prevention of loops at Layer 2 – the Data Link layer. While
similar to loops that you might see at Layer 3 (with IP packets), loops at Layer 2 (where the
MAC address is used to forward frames around the network) can be far more dangerous and
cause much more severe issues for networking professionals. With that in mind, it should be no
surprise that securing your Layer 2 environment is also a critical task. It is for this reason,
among a few others, that Cisco developed the Spanning Tree Toolkit (reference the “Reading
Assignment” PDF from this week for an overview) which is a series of Spanning Tree related
configuration options that can be used to enhance and better protect your environment from
unwanted Layer 2 threats/challenges.
In this post you will be taking what you have learned about Spanning Tree and the Spanning
Tree Toolkit to answer the following questions: What are some possible use cases for PortFast,
BPDUGuard, and RootGuard and how would you apply these features/settings in an enterprise
environment. You should also focus on why the two (2) Spanning Tree Toolkit features, namely
UplinkFast and BackboneFast, are no longer needed when using Cisco’s Rapid Per-VLAN
Spanning Tree (RPVST/RPVST+) and/or Multiple Spanning Tree (MST). Finally, while
PortFast is not recommended for use on trunk ports, can you provide a use case for when you
would want to have a trunk port with PortFast enabled.
Question 3: Spanning Tree Port States
During your reading of Chapter 4 (uploaded) in the Foundation Learning Guide (FLG) you
learned about Spanning Tree Protocol (STP) and Rapid Spanning Tree Protocol (RSTP) port
states. For example, when you plug a server into a Cisco switch port that port will transition
through the different port states on its way to the “forwarding” state. Your task for this post is
to compare and contrast the different port states for STP and RSTP in addition to addressing
how the use of Cisco’s port fast modifies the order of operations for the port states.
Note: Please provide an initial response for each question above consist of a minimum of 250
words and a maximum of 500 words; One (1) follow-up response for each question between 60
and 100 words; a minimum of two sources (references) for initial responses.
Part 2
Question 1: Cisco
Express Forwarding (CEF)
We discussed Cisco Express Forwarding (CEF) earlier on in the course and now we are going
to go a little deeper with respect to CEF. Cisco switches and routers have seen several
performance-related improvements with respect to the forwarding of IP packets over their
lifespan. It is important to remember that the forwarding of packets using an IP address is a
Layer 3 activity while the forwarding of frames using MAC addresses is a Layer 2 activity.
However, the forwarding of packets and frames are activities that are inextricably linked when
it comes to successful network functionality. The IP packet at Layer 3 depends on the MAC
address information at Layer 2 in order to get information from hop to hop. Cisco Express
Forwarding (CEF) is the current paradigm that Cisco routers and switches use to accomplish
the forwarding of packets and to ensure that this forwarding takes place as fast as possible. CEF
is based on two main data structures: The Forwarding Information Base (FIB) (the next-hop
Layer 3 information) and the adjacency table (the next-hop Layer 2 information).
For your post on this topic you should detail the operation of CEF in the context of MLS, the
previous methods Cisco used for the forwarding of packets (Process Switching and Fast
Switching), and detail why those methods were replaced by CEF.
Question 2: Inter-VLAN Routing Scenarios
Your task for this post is to view the first 17 minutes of video tutorial below. Based on the
information in the video covering the topic of inter-VLAN routing, your task in this post is to
describe one (1) use case for each of the three (3) inter-VLAN routing scenarios. You should
focus on the details around why each of the inter-VLAN routing scenarios would be the best
configuration for your use case networks. Here is the 42.52 mins video you will need to view:
Question 3: Cisco Type 8 & Type 9 Password Hashes
The use of Type 5 (MD5) password hashes has been an approach used by Cisco for decades and
at one point were considered the most secure approach available. This was a true statement for
quite some time, but has changed significantly over the last few years with the emergence of
Type 8 and Type 9 password hashes. There is another discussion opportunity in this module
where you can investigate MD5 password hashes when used with the creation of Cisco user
passwords, but as the “Reading Assignment” for this unit demonstrates (“Next Generation
Encryption”), Type 5 passwords are considered to be legacy and should be avoided whenever
possible in favor of SHA-256.
For this post, compare and contrast the strengths and weaknesses between the Type 8 / Type 9
password hashes and the legacy Type 5 password hashes. Your post should pay special attention
to the details of each implementation and which one you would implement in your environment
and why.
Question 4: Cisco Security – Type 5 passwords
In order to keep your routers, firewalls, and switches secure, they need good passwords. Type
5 Cisco password hashes use a technique called salting. Discuss password hashes and ‘salting’
and discuss password cracking tools or websites that can be used to crack Cisco password
hashes. Some of the most popular tools are John the Ripper and hashcat, which are both already
included in the Kali Linux distribution. The Windows tool Cain can also crack Cisco passwords.
Here are a list of some password hashes. You may elect to crack some of them and explain how
you did it for part of this discussion.
$1$mERr$hx5rVt7rPNoS4wqbXKX7m0
$1$mERr$YQ646Kf5TOWpGsAlzF3y00
$1$mERr$CjvwLMsKfKkwyS5Ym6rig1
$1$mERr$nUTKlOqm6NHuFqY18TUav0
$1$mERr$V3AzF/pAhvRvjIsUimrC8.
Note: Choose any two above, provide an initial response consist of a minimum of 250 words
and a maximum of 500 words; two (2) follow-up responses between 60 and 100 words; a minimum
of two sources (references).
Chapter 5:
Inter-VLAN Routing
CCNP SWITCH: Implementing Cisco IP Switched Networks
SWITCH v7.1 Chapter 5
© 2007 – 2016, Cisco Systems, Inc. All rights reserved.
Cisco Public
1
Chapter 5 Objectives
▪ Given an enterprise network, design, implement, and verify
inter-VLAN routing using an external router or a multilayer
switch, using either switch virtual interfaces or routed
interfaces
▪ Understand Layer 3 EtherChannel and its configuration
▪ Understand DHCP operation and its implementation and
verification in a given enterprise network
Chapter 5
© 2007 – 2016, Cisco Systems, Inc. All rights reserved.
Cisco Public
2
Describing InterVLAN Routing
Chapter 5
© 2007 – 2016, Cisco Systems, Inc. All rights reserved.
Cisco Public
3
Describing Inter-VLAN Routing
▪
▪
▪
▪
▪
▪
Introduction to inter-VLAN routing
Inter-VLAN routing using an external router
Inter-VLAN routing with switch virtual interfaces
Routing with routed ports
Configuring inter-VLAN routing using SVI and routed ports
Troubleshooting inter-VLAN routing
Chapter 5
© 2007 – 2016, Cisco Systems, Inc. All rights reserved.
Cisco Public
4
Introduction to Inter-VLAN Routing
▪ Because VLANs isolate traffic to a defined broadcast
domain and subnet, network devices in different VLANs
cannot communicate with each other natively.
▪ The devices in each VLAN can communicate to the network
devices in another VLAN only through a Layer 3 routing
device
▪ The following devices can provide inter-VLAN routing:
• Any Layer 3 multilayer Catalyst switch
• Any external router with an interface that supports trunking (router-ona-stick)
• Any external router or group of routers with a separate interface in
each VLAN
Chapter 5
© 2007 – 2016, Cisco Systems, Inc. All rights reserved.
Cisco Public
5
Introduction to Inter-VLAN Routing
Chapter 5
© 2007 – 2016, Cisco Systems, Inc. All rights reserved.
Cisco Public
6
Router vs MLS for IVR
▪ Router-on-a-stick is simple to implement because routers are
usually available in every network, but most enterprise networks
use multilayer switches to achieve high packet processing rates
using hardware switching.
▪ Layer 3 switches usually have packet-switching throughputs in
the millions of packets per second (pps), whereas traditional
general-purpose routers provide packet switching in the range of
100,000 pps to more than 1 million pps.
All the Catalyst multilayer switches support three different types of
Layer 3 interfaces:
• Routed port: A pure Layer 3 interface similar to a routed port on a Cisco
IOS router.
• Switch virtual interface (SVI): A virtual VLAN interface for inter-VLAN
routing. In other words, switch virtual interfaces (SVIs) are the virtual
routed VLAN interfaces.
• Bridge virtual interface (BVI): A Layer 3 virtual bridging interface.
Chapter 5
© 2007 – 2016, Cisco Systems, Inc. All rights reserved.
Cisco Public
7
Inter-VLAN Routing Using an External Router
▪ Configure subinterfaces so that
R1 that will route between PC1
(VLAN10) and PC2 (VLAN20).
▪ Configure a trunk so that R1 will
receive the traffic that needs to
be routed.
Chapter 5
© 2007 – 2016, Cisco Systems, Inc. All rights reserved.
Cisco Public
8
Routing with an External Router Configuration
Configure router subinterface for routing of VLAN 10 / VLAN
20 traffic.
▪ R1(config)# interface ethernet 0/0.10
▪ R1(config-subif)# encapsulation dot1q 10
▪ R1(config-subif)# ip address 10.0.10.1 255.255.255.0
▪ R1(config)# interface ethernet 0/0.20
▪ R1(config-subif)# encapsulation dot1q 20
▪ R1(config-subif)# ip address 10.0.20.1 255.255.255.0
Configure a subinterface for native VLAN traffic.
▪ R1(config)# interface ethernet 0/0.1
▪ R1(config-subif)# encapsulation dot1q 1 native
▪ R1(config-subif)# ip address 10.0.1.1 255.255.255.0
Chapter 5
© 2007 – 2016, Cisco Systems, Inc. All rights reserved.
Cisco Public
9
Verify configuration
Chapter 5
© 2007 – 2016, Cisco Systems, Inc. All rights reserved.
Cisco Public
10
Routing with an External Router Configuration
Configure switch trunk port. Allow only VLAN 1, 10, and 20
traffic.
▪
▪
▪
▪
SW1(config)# interface ethernet 0/0
SW1(config-if)# switchport trunk encapsulation dot1q
SW1(config-if)# switchport mode trunk
SW1(config-if)# switchport trunk allowed vlan 1,10,20
Chapter 5
© 2007 – 2016, Cisco Systems, Inc. All rights reserved.
Cisco Public
11
External Routers: Advantages Disadvantages
The following are advantages of external router usage:
▪ An external router works with any switch because Layer 3
services are not required on the switch. Many switches do
not contain Layer 3 forwarding capability, especially
switches that are used at the access layer of a hierarchical
network.
▪ The implementation is simple. Only one switch port and one
router interface require configuration.
▪ If the network design includes only Layer 2 switches, the
design and also the process for troubleshooting traffic flow
become very simple because there is only one place in the
network where VLANs interconnect.
Chapter 5
© 2007 – 2016, Cisco Systems, Inc. All rights reserved.
Cisco Public
12
External Routers: Advantages Disadvantages
The following are disadvantages of external router usage:
▪ The router is a single point of failure.
▪ A single traffic path may become congested. With a routeron-a-stick model, the trunk link is limited by the speed of the
router interface being shared across all trunked VLANs
▪ Latency may be introduced as frames leave and reenter the
switch chassis multiple times and as the router makes
software-based routing decisions.
Chapter 5
© 2007 – 2016, Cisco Systems, Inc. All rights reserved.
Cisco Public
13
Inter-VLAN Routing Using Switch Virtual
Interfaces
▪ An SVI is a virtual interface configured within a multilayer
switch, as compared to external router configuration
▪ An SVI can be created for any VLAN that exists on the
switch. Only one VLAN associates with one SVI.
Chapter 5
© 2007 – 2016, Cisco Systems, Inc. All rights reserved.
Cisco Public
14
Switch Virtual Interfaces
▪ An SVI is “virtual” in that there is no physical port dedicated
to the interface, yet it can perform the same functions for
the VLAN as a router interface would
▪ Can be configured in much the same way as a router
interface (IP address, inbound/outbound access control lists
[ACLs], and so on).
▪ The SVI for the VLAN provides Layer 3 processing for
packets to or from all switch ports associated with that
VLAN.
▪ By default, an SVI is created for the default VLAN (VLAN1)
to permit remote switch administration.
▪ Additional SVIs must be explicitly created and the number
used corresponds to the VLAN tag associated.
Chapter 5
© 2007 – 2016, Cisco Systems, Inc. All rights reserved.
Cisco Public
15
Reasons to configure SVI
▪ To provide a gateway for a VLAN so that traffic can be
routed into or out of that VLAN
▪ To provide fallback bridging if it is required for nonroutable
protocols
▪ To provide Layer 3 IP connectivity to the switch
▪ To support routing protocol and bridging configurations
Chapter 5
© 2007 – 2016, Cisco Systems, Inc. All rights reserved.
Cisco Public
16
SVI: Advantages and Disadvantages
The following are some of the advantages of SVI:
▪ It is much faster than router-on-a-stick because everything
is hardware switched and routed.
▪ No need for external links from the switch to the router for
routing.
▪ Not limited to one link. Layer 2 EtherChannels can be used
between the switches to get more bandwidth.
▪ Latency is much lower because it does not need to leave
the switch.
The following are some of the disadvantages:
▪ It needs a Layer 3 switch to perform inter-VLAN routing,
which is more expensive
Chapter 5
© 2007 – 2016, Cisco Systems, Inc. All rights reserved.
Cisco Public
17
Routing with Routed Ports
▪ A routed port is a physical port that acts
similarly to a port on a traditional router
with Layer 3 addresses configured.
▪ Unlike an access port, a routed port is
not associated with a particular VLAN. A
routed port behaves like a regular router
interface.
▪ Also, because Layer 2 functionality has
been removed, Layer 2 protocols.
▪ Link Aggregation Control Protocol
(LACP), which can be used to build
either Layer 2 or Layer 3 EtherChannel
bundles, would still function at Layer 3.
▪ Routed ports are used for point-to-point
links
▪ Routed interfaces do not support
subinterfaces as with Cisco IOS routers.
▪ To configure routed ports, make sure to
configure the respective interface as a
Layer 3 interface using the no
switchport interface command
Chapter 5
© 2007 – 2016, Cisco Systems, Inc. All rights reserved.
Cisco Public
18
Routed Ports: Advantages
Following are some of the advantages of routed ports:
▪ A multilayer switch can have SVI and routed ports in a
single switch. How is this an advantage of a routed port?
▪ Multilayer switches forward either Layer 2 or Layer 3 traffic
in hardware, so it helps to do routing faster.
Chapter 5
© 2007 – 2016, Cisco Systems, Inc. All rights reserved.
Cisco Public
19
Configuring Inter-VLAN Routing Using SVI and
Routed Ports
Chapter 5
© 2007 – 2016, Cisco Systems, Inc. All rights reserved.
Cisco Public
20
Configuring Routing on a Multilayer Switch
Step 1. Create VLANs 10 and 20:
▪ DSW1(config)# vlan 10
▪ DSW1(config-vlan)# vlan 20
Step 2. On DSW1, enable IPv4 routing:
▪ DSW1(config)# ip routing
Step 3. Configure SVI for VLANs with IP address
▪
▪
▪
▪
▪
▪
DSW1(config)# interface vlan 10
DSW1(config-if)# ip address 10.0.10.1 255.255.255.0
DSW1(config-if)# no shutdown
DSW1(config)# interface vlan 20
DSW1(config-if)# ip address 10.0.20.1 255.255.255.0
DSW1(config-if)# no shutdown
Chapter 5
© 2007 – 2016, Cisco Systems, Inc. All rights reserved.
Cisco Public
21
Configuring Routing on a Multilayer Switch
Step 4. Turn the interface that connects to R1 (Ethernet 0/0) into a
routed interface and configure it with IP address.
▪ DSW1(config)# interface ethernet 0/2
▪ DSW1(config-if)# no switchport
▪ *Nov 28 15:03:55.138: %LINK-3-UPDOWN: Interface Ethernet0/2,
changed state to up
▪ *Nov 28 15:03:56.142: %LINEPROTO-5-UPDOWN: Line protocol on
Interface Ethernet0/2, changed state to up
▪ DSW1(config-if)# ip address 10.0.99.1 255.255.255.0
Step 5. Configure a Routing Protocol
▪ DSW1(config)# router eigrp 1
▪ DSW1(config-router)# network 10.0.0.0
▪ *Nov 28 15:12:22.448: %DUAL-5-NBRCHANGE: EIGRP-IPv4 1:
Neighbor 10.0.99.2 (Ethernet0/2) is up: new adjacency
Chapter 5
© 2007 – 2016, Cisco Systems, Inc. All rights reserved.
Cisco Public
22
Using the SVI autostate exclude Command
▪ The SVI interface is brought up when one Layer 2 port in
the VLAN has had time to converge (transition from STP
listening-learning state to forwarding state).
▪ The default action when a VLAN has multiple ports is that
the SVI goes down when all ports in the VLAN go down.
▪ This action prevents features such as routing protocols from
using the VLAN interface as if it were fully operational and
minimizes other problems, such as routing black holes.
▪ You can use the SVI autostate exclude command to
configure a port so that it is not included in the SVI line-state
up-and-down calculation.
Chapter 5
© 2007 – 2016, Cisco Systems, Inc. All rights reserved.
Cisco Public
23
Configuring autostate exclude
▪ Switch(config)# interface interface slot/number
▪ Switch(config-if)# switchport autostate exclude
▪ This disables the SVI autostate and makes the SVI interface
permanently active.
Chapter 5
© 2007 – 2016, Cisco Systems, Inc. All rights reserved.
Cisco Public
24
SVI Configuration Checklist
▪ Identify which VLANs require a Layer 3 gateway.
▪ Create a VLAN on a multilayer switch if it does not already
exist.
▪ Create an SVI interface for each VLAN.
▪ Configure the SVI interface with an IP address.
▪ Enable the SVI interface.
▪ Enable IP routing on the multilayer switch.
▪ Determine whether a dynamic routing protocol is needed.
▪ Configure a dynamic routing protocol if needed.
▪ Identify any switch ports that require autostate exclude.
▪ Configure autostate exclude on identified switch ports.
Chapter 5
© 2007 – 2016, Cisco Systems, Inc. All rights reserved.
Cisco Public
25
Common Inter-VLAN Routing Problems
Chapter 5
© 2007 – 2016, Cisco Systems, Inc. All rights reserved.
Cisco Public
26
Troubleshooting Inter-VLAN Problems
▪
▪
▪
▪
Correct VLANs on all switches and trunks.
Correct routes.
Correct primary and secondary root bridges.
Correct IP address and subnet masks.
Chapter 5
© 2007 – 2016, Cisco Systems, Inc. All rights reserved.
Cisco Public
27
Layer 2 Versus
Layer 3
EtherChannel
Chapter 5
© 2007 – 2016, Cisco Systems, Inc. All rights reserved.
Cisco Public
28
Layer 2 Versus Layer 3 EtherChannel
▪ On a multilayer switch, you
can configure Layer 2 or
Layer 3 EtherChannels,
depending on what type of
devices that will be
connected, and depending
on their position in the
network.
Chapter 5
© 2007 – 2016, Cisco Systems, Inc. All rights reserved.
Cisco Public
29
Layer 3 EtherChannel Configuration
Step 1. Create a virtual Layer 2 interface:
▪ Switch(config)# interface port-channel 1
Step 2. Change interface to Laye …
Purchase answer to see full
attachment
