SWITCH - Implementing Cisco IP Switched Networks v1.0

This course includes extensive hands-on labs to help you learn to plan, configure, and verify the implementation of complex enterprise switching solutions for campus environments using the Cisco Enterprise Campus Architecture. In order to gain a firm understanding of how to manage switches in an enterprise campus environment, you'll cover:

• VLANs and WLANs
• Spanning tree
• Inter-VLAN routing
• Security features

A Proven Impact Exclusive: Bonus Lab Credits

You'll receive 10 extra e-Lab credits (good for 30 Days ) to review a topic after class, refine your skills, or get in extra practice-whatever lab activities complete your training.

What You Will Learn

• Analyze campus network designs
• Implement VLANs in a network campus
• Implement spanning tree
• Implement inter-VLAN routing in a campus network
• Implement high-availability technologies and techniques using multilayer switches in a campus environment
• Implement security features in a switched network
• Integrate WLANs into a campus network
• Accommodate voice and video in campus networks

Audience

• Network engineers with at least one year of professional work experience who are ready to advance their skills and work independently on complex network solutions
• Network engineers, technical support personnel, or help desk technicians who will need to correctly implement and/or support switch-based solutions

Prerequistes

• CCNA certification

OR

• Familiarity with internetworking technologies; the ability to perform basic router configuration; experience installing, operating, and maintaining routers and switches in an enterprise environment
• Knowledge of IP, including the ability to perform IP subnetting on non-octal boundaries, configure IP standard and extended access lists, operate and configure distance vector routing protocol, configure serial interface, and interpret a routing table

Course Outline

1. Analyzing Campus Network Designs

• Enterprise Campus Architecture
  • Cisco SONA
  • Benefits of the enterprise campus architecture
  • Function of the core layer
  • Impact of traffic types on the network infrastructure
• Cisco Lifecycle Services and Network Implementation
  • PPDIOO lifecycle approach
  • PPDIOO implementation planning

2. Implementing VLANs in Campus Networks

• Best Practices for VLAN Topologies
  • VLAN segmentation models
  • Creating an implementation plan
  • Implementation choices and their consequences
  • Implementation and verification plans for a VLAN network with end-to-end VLANs and trunks and VLAN Trunk Protocol (VTP)
• Configuring Private VLANs (PVLANs)
  • Configure isolated and community PVLANs
  • Implementation and verification plans for a VLAN network design that contains PVLANs
  • Configure PVLANs across multiple switches
• Configuring Link Aggregation with EtherChannel
  • Benefits of EtherChannel
  • Compare the PAgP and the LACP
  • Create and execute an implementation and verification plan in a VLAN network with Layer 2 EtherChannel links and load balancing among the ports included in an EtherChannel

3. Implementing Spanning Tree

• Spanning Tree Protocol (STP) Enhancements
  • STP standards and operations
  • Implement and configure PVRST+ and MSTP
  • RSTP port roles
  • Verify RSTP configurations
• STP Stability Mechanisms
  • Protect and optimize the operation of STP
  • Configure BPDUGuard, BPDUFilter, RootGuard, and LoopGuard
  • Configure UDLD to detect and shut down unidirectional links

4. Implementing Inter-VLAN Routing

• Routing Between VLANs
  • Configure and verify inter-VLAN routing in a Layer 2 topology using an external router, a switch SVI, or a switch-routed interface
  • Configure both a switch and router to accommodate inter-VLAN packet transfer using an external router
  • Layer 3 SVI
  • Commands used to configure an SVI
  • A routed port on a multilayer switch
  • Commands used to configure a routed port on a multilayer switch
  • Configure Layer 3 EtherChannel links
  • Configure inter-VLAN routing on a multilayer switch
  • Configure DHCP services on a Layer 3 switch
• Deploying Multilayer Switching with Cisco Express Forwarding
  • Configure and verify inter-VLAN routing in a Layer 2 topology using multilayer switching with Cisco Express Forwarding
  • Multilayer switching and how it differs when you are performing Layer 2 vs. Layer 3 switching
  • Packet and frame header rewriting performed by a multilayer switch
  • Layer 3 switch processing
  • Switching methods available on a Cisco switch
  • Configure Cisco Express Forwarding on a Cisco switch

5. Implementing a Highly Available Network

• High Availability
  • Uses, requirements, benefits, and performance expectations
  • Resiliency for high availability
  • Design the network for optimal redundancy
• Implementing High Availability
  • Use Cisco StackWise technology on access switches
  • Evaluate the impact of too little redundancy
  • Assess the impact of uplink failure
• Implementing Network Monitoring
  • Configure IP SLA technology

6. Implementing Layer 3 High Availability

• Configuring Layer 3 Redundancy with HSRP
  • Routing issues
  • Router redundancy process
  • Configure HSRP operations
  • Fine-tune and troubleshoot HSRP
• Configuring Layer 3 Redundancy with VRRP and GLBP
  • VRRP operations process
  • Configure VRRP
  • GLBP operations process
  • Configure GLBP

7. Minimizing Service Loss and Data Theft in a Campus Network

• Switch Security Issues
  • Switch and Layer 2 security as a subset of an overall network security plan
  • How a rogue device gains unauthorized access to a network
  • Categorize switch attack types and list mitigation options
  • How a MAC flooding attack overflows a CAM Campus Backbone Layer table
  • How port security is used to block input from devices based on Layer 2 restrictions
  • Configure port security on a switch
  • Authentication methods using AAA
  • Port-based authentication using 802.1X
• Protecting Against VLAN Attacks
  • VLAN hopping
  • Configure a switch to mitigate VLAN hopping attacks
  • VACLs and their purpose as part of VLAN security
  • Configure VACLs
• Protecting Against Spoofing Attacks
  • DHCP spoofing attacks
  • Configure DHCP snooping
  • ARP poisoning
  • Protect against ARP spoofing attacks with DAI
• Securing Network Services
  • Cisco Discovery Protocol and LLDP vulnerabilities
  • Telnet protocol vulnerabilities
  • Configure SSH
  • Configure vty ACLs
  • Configure Cisco IOS secure HTTP server
  • Switch security considerations

8. Accommodating Voice and Video in Campus Networks

• Planning for Support of Voice in a Campus Network
  • Components of a VoIP network and IP telephony
  • Bandwidth consumption of voice traffic vs. data traffic
  • Video bandwidth consumption vs. voice and data bandwidth consumption
  • Solve for latency, jitter, bandwidth, packet loss, and reliability
  • Security for voice and video traffic integration into a data network
• Integrating and Verifying VoIP in a Campus Infrastructure
  • Plan for VoIP requirements
  • Voice VLANs
  • Configure and Verify Voice VLANs
  • Plan PoE requirements and configure PoE
  • Provide additional services required by VoIP devices
  • Create a Test Plan for VoIP integration
• Accommodate Voice and Video on Campus Switches
  • High availability applied to VoIP or video traffic
  • Build an integrated voice/video/data campus network
  • The need for QoS for VoIP and video integration
  • Configure basic QoS for voice and video VLANs

9. Integrating Wireless LANs into a Campus Network

• Comparing WLANs with Campus Networks
  • Compare wired and wireless LAN
  • Main wireless LAN topologies
  • Settings specific to WLANs, such as SSIDs, and WLAN-to-VLAN mapping
• Assessing the Impact of WLANs on Campus Network

  Course Labs

   

  Lab 1: New Hire Test

  • Prepare basic configuration templates for your switches
  • Explore the remote lab device connections
  • Deploy configuration templates on your switches
  • Verify your configurations according to the verification plan you created

  Lab 2: Design and Implement VLANs, Trunks, and EtherChannel

  • Plan a segmented Layer 2 network implementation
  • Create a Layer 2 implementation and verification plan
  • Implement a full Layer 2 solution including VLANs, trunks, pruning, VTP, and EtherChannel

  Lab 3: Troubleshoot Common VLAN Configuration and Security Issues

  • Diagnose and resolve Layer 2 connectivity problems
  • Diagnose and resolve VLAN and EtherChannel-related problems
  • Document troubleshooting progress, configuration changes, and problem resolution

  Lab 4: Configure Private VLANs

  • Plan a segmented private VLAN implementation
  • Create a private VLAN implementation and verification plan
  • Implement private VLANs

  Lab 5: Implement Multiple Spanning Tree

  • Design a spanning tree
  • Create a spanning tree implementation plan
  • Implement a spanning tree according to an implementation plan
  • Create a spanning tree verification plan
  • Verify the spanning tree according to the verification plan

  Lab 6: Implement PVSRT+

  • Design a migration plan to PVRST+
  • Create a PVRST+ implementation plan
  • Implement PVRST+ according to implementation plan
  • Create a PVRST+ verification plan
  • Verify the PVRST+ spanning tree according to the verification plan

  Lab 7: Troubleshoot Spanning Tree Issues

  • Develop a work plan to troubleshoot configuration and security issues in the STP
  • Isolate the causes of the problems
  • Correct all of the identified spanning tree issues
  • Document and report the troubleshooting findings and recommendations

  Lab 8: Implement Inter-VLAN Routing

  • Design a Layer 3 network
  • Create an implementation requirements list
  • Create a step-by-step implementation and verification plan
  • Implement and verify inter-VLAN routing and routing protocols

  Lab 9: Troubleshoot Inter-VLAN Routing

  • Develop a work plan to troubleshoot configuration and inter-VLAN routing issues
  • Isolate the causes of the problems
  • Correct all of the identified routing issues
  • Test the corrections made
  • Document and report the troubleshooting findings and recommendations

  Lab 10: Implement High Availability in a Network Design

  • Design a high availability solution consisting of a syslog, SNMP reporting, and an IP SLA solution
  • Create an implementation requirements list
  • Create a step-by-step implementation and verification plan
  • Implement and verify your solution

  Lab 11: Implement and Tune HSRP

  • Design an HSRP solution
  • Create an implementation requirements list
  • Create a step-by-step implementation and verification plan
  • Implement and verify your solution

  Lab 12: Implement VRRP

  • Design a VRRP solution
  • Create an implementation requirements list
  • Create a step-by-step implementation and verification plan
  • Implement and verify your solution

  Lab 13: Secure Network Switches to Mitigate Security Attacks

  • Perform a baseline assessment of network switch security settings
  • Identify possible threats, points of attack, and vulnerability points in the network
  • Write an implementation plan to implement security measures on network switches
  • Write a plan to test and verify security threat mitigation measures for VLANs
  • Configure port security and other switch security features
  • Configure a VACL
  • Verify the correct implementation of security measures
  • Document the switch and VLAN security plan, settings, operations, and maintenance

  Lab 14: Plan Implementation and Verification of VoIP in a Campus Network

  • Gather information regarding the implementation of VoIP
  • Prepare an implementation requirements list for VoIP readiness
  • Prepare an implementation and verification plan
  • Implement and verify the VoIP readiness plan

  Lab 15: Integrate Wireless in the Campus

  • Determine requirements for implementing wireless structure in a network
  • Prepare an implementation plan for wireless integration
  • Prepare the switched network for integration of wireless equipment
  • Verify that the switched network was properly provisioned