book

Network Warrior, 2nd Edition

Name: Network Warrior, 2nd Edition
Author: Gary A. Donahue
ISBN: 9781449309350

by Gary A. Donahue

May 2011

Intermediate to advanced

788 pages

23h 34m

English

O'Reilly Media, Inc.

Read now

Unlock full access

Network Warrior
Preface
Who Should Read This Book
Conventions Used in This Book
Using Code Examples
We’d Like to Hear from You
Safari® Books Online
Acknowledgments
1. What Is a Network?
2. Hubs and Switches
Hubs
Switches
Switch TypesPlanning a Chassis-Based Switch InstallationRack spacePowerCoolingInstalling and removing modulesRouting cables

3. Autonegotiation
What Is Autonegotiation?
How Autonegotiation Works
When Autonegotiation Fails
Autonegotiation Best Practices
Configuring Autonegotiation
4. VLANs
Connecting VLANs
Configuring VLANs
CatOSIOS Using VLAN DatabaseIOS Using Global CommandsNexus and NX-OS
5. Trunking
How Trunks WorkISL802.1QWhich Protocol to UseTrunk Negotiation
Configuring Trunks
IOSCatOSNexus and NX-OS
6. VLAN Trunking Protocol
VTP Pruning
Dangers of VTP
Configuring VTP
VTP DomainsIOSCatOSNX-OSVTP ModeIOSCatOSNX-OSVTP PasswordIOSCatOSNX-OSVTP PruningIOSCatOSNX-OS
7. Link Aggregation
EtherChannelEtherChannel Load BalancingConfiguring and Managing EtherChannelEtherChannel protocolsCatOS exampleIOS exampleNX-OS example
Cross-Stack EtherChannel
Multichassis EtherChannel (MEC)
Virtual Port Channel
Initial vPC ConfigurationAdding a vPC
8. Spanning Tree
Broadcast Storms
MAC Address Table Instability
Preventing Loops with Spanning Tree
How Spanning Tree Works
Managing Spanning Tree
Additional Spanning Tree Features
PortFastBPDU GuardUplinkFastBackboneFast
Common Spanning Tree Problems
Duplex MismatchUnidirectional LinksBridge Assurance
Designing to Prevent Spanning Tree Problems
Use Routing Instead of Switching for RedundancyAlways Configure the Root Bridge
9. Routing and Routers
Routing Tables
Route Types
The IP Routing Table
Host RouteSubnetSummary (Group of Subnets)Major NetworkSupernet (Group of Major Networks)Default Route
Virtual Routing and Forwarding
10. Routing Protocols
Communication Between Routers
Metrics and Protocol Types
Administrative Distance
Specific Routing Protocols
RIPRIPv2EIGRPOSPFBGP
11. Redistribution
Redistributing into RIP
Redistributing into EIGRP
Redistributing into OSPF
Mutual Redistribution
Redistribution Loops
Limiting Redistribution
Route TagsA Real-World ExampleAnother method
12. Tunnels
GRE Tunnels
GRE Tunnels and Routing Protocols
GRE and Access Lists
13. First Hop Redundancy
HSRP
HSRP Interface Tracking
When HSRP Isn’t Enough
Nexus and HSRP
GLBP
Object Tracking in GLBP
14. Route Maps
Building a Route Map
Policy Routing Example
Monitoring Policy Routing
15. Switching Algorithms in Cisco Routers
Process Switching
Interrupt Context Switching
Fast SwitchingOptimum SwitchingCEF
Configuring and Managing Switching Paths
Process SwitchingFast SwitchingCEF
16. Multilayer Switches
Configuring SVIsIOS (4500, 6500, 3550, 3750, etc.)Hybrid Mode (4500, 6500)NX-OS (Nexus 7000, 5000)
Multilayer Switch Models
17. Cisco 6500 Multilayer Switches
ArchitectureBusesEnhanced ChassisVertical Enhanced ChassisSupervisorsMSFCPFCModelsModulesModule interactionModule typesEthernet modulesFWSMsCSMsNAMIntrusion Detection System modulesFlexWAN modulesCommunication Media Modules
CatOS Versus IOS
Installing VSS
Other Recommended VSS CommandsVSS dual-active detectionVSS Failover CommandsMiscellaneous VSS CommandsVSS Best Practices
18. Cisco Nexus
Nexus HardwareNexus 7000Nexus 5000Nexus 2000Nexus 1000 Series
NX-OS
NX-OS Versus IOSNo more speed-related interface namesNo hidden configuration in NX-OSInterface status displays operational state along with a reasonThe show interface brief commandNo more write memoryNo more do commandNo more show arpNo more interface range commandSlash notation supported on all IPv4 and IPv6 commandsTwo CLI help levelsRouting configuration mostly within interfacesMany more pipe options
Nexus Iconography
Nexus Design Features
Virtual Routing and ForwardingVirtual Device ContextsShared and Dedicated Rate-ModeConfiguring Fabric Extenders (FEXs)Describing FEXsPhysical connectionPinningFEX fabric uplinks using vPCVirtual Port ChannelConfig-SyncConfiguration RollbackUpgrading NX-OS
19. Catalyst 3750 Features
Stacking
Interface Ranges
Macros
Flex Links
Storm Control
Port Security
SPAN
Voice VLAN
QoS
20. Telecom Nomenclature
Telecom Glossary
21. T1
Understanding T1 Duplex
Types of T1
Encoding
AMIB8ZS
Framing
D4/SuperframeExtended Super Frame
Performance Monitoring
Loss of SignalOut of FrameBipolar ViolationCRC6Errored SecondsExtreme Errored Seconds
Alarms
Red AlarmYellow AlarmBlue Alarm
Troubleshooting T1s
Loopback TestsIntegrated CSU/DSUs
Configuring T1s
CSU/DSU ConfigurationCSU/DSU Troubleshooting
22. DS3
FramingM13C-BitsClear-Channel DS3 Framing
Line Coding
Configuring DS3s
Clear-Channel DS3Channelized DS3
23. Frame Relay
Ordering Frame Relay Service
Frame Relay Network Design
Oversubscription
Local Management Interface
Congestion Avoidance in Frame Relay
Configuring Frame Relay
Basic Frame Relay with Two NodesBasic Frame Relay with More Than Two NodesFrame Relay Subinterfaces
Troubleshooting Frame Relay
24. MPLS
25. Access Lists
Designing Access ListsNamed Versus NumberedWildcard MasksWhere to Apply Access ListsNaming Access ListsTop-Down ProcessingMost-Used on TopUsing Groups in ASA and PIX ACLsDeleting ACLsTurbo ACLsAllowing Outbound Traceroute and PingAllowing MTU Path Discovery Packets
ACLs in Multilayer Switches
Configuring Port ACLsConfiguring Router ACLsConfiguring VLAN Maps
Reflexive Access Lists
Configuring Reflexive Access Lists
26. Authentication in Cisco Devices
Basic (Non-AAA) AuthenticationLine PasswordsConfiguring Local UsersPPP AuthenticationPAPOne-way authenticationTwo-way authenticationDebugging PPP authenticationCHAPOne-way authenticationTwo-way authenticationChanging the sent hostname
AAA Authentication
Enabling AAAConfiguring Security Server InformationDefault RADIUS and TACACS+ server groupsCustom groupsCreating Method ListsIOS login authenticationNX-OS login authenticationPPP authenticationApplying Method Lists
27. Basic Firewall Theory
Best Practices
The DMZ
Another DMZ ExampleMultiple DMZ Example
Alternate Designs
28. ASA Firewall Configuration
Contexts
Interfaces and Security Levels
Names
Object Groups
Inspects
Managing Contexts
Context TypesThe ClassifierNo shared interfacesShared outside interfacesShared inside interfaceSharing inside and outside interfacesCascading contextsConfiguring ContextsInterfaces and ContextsWrite Mem Behavior
Failover
Failover TerminologyUnderstanding FailoverConfiguring Failover—Active/StandbyMonitoring FailoverConfiguring Failover—Active/Active
NAT
NAT CommandsNAT ExamplesSimple PAT using the outside interfaceSimple PAT using a dedicated IP addressSimple PAT with public servers on the insidePort redirectionDMZ
Miscellaneous
Remote AccessSaving Configuration ChangesLogging
Troubleshooting
29. Wireless
Wireless Standards
Security
Configuring a WAP
MAC Address Filtering
Troubleshooting
30. VoIP
How VoIP WorksProtocolsTelephony TermsCisco Telephony TermsCommon Issues with VoIPLatencyPacket lossJitter
Small-Office VoIP Example
VLANsSwitch PortsQoS on the CME RouterDHCP for PhonesTFTP ServiceTelephony ServiceDial PlanVoice PortsConfiguring PhonesEphone-DNPagingEphonePTTMessage waiting lampsDial PeersPOTSVoIPDial-peer pattern matchingOutbound dial peersInbound dial peersSIPSIP and NAT
Troubleshooting
Phone RegistrationTFTPDial PeerSIP
31. Introduction to QoS
Types of QoS
QoS Mechanics
PrioritiesFlavors of QoSTraffic-shaping theory
Common QoS Misconceptions
QoS “Carves Up” a Link into Smaller Logical LinksQoS Limits BandwidthQoS Resolves a Need for More BandwidthQoS Prevents Packets from Being DroppedQoS Will Make You More Attractive to the Opposite Sex
32. Designing QoS
LLQ ScenarioProtocolsPrioritiesDetermine Bandwidth Requirements
Configuring the Routers
Class MapsPolicy MapsService Policies
Traffic-Shaping Scenarios
Scenario 1: Ethernet HandoffScenario 2: Frame Relay Speed MismatchTraffic-shaping terminology
33. The Congested Network
Determining Whether the Network Is Congested
Resolving the Problem
34. The Converged Network
Configuration
Monitoring QoS
Troubleshooting a Converged Network
Incorrect Queue ConfigurationPriority Queue Too SmallPriority Queue Too LargeNonpriority Queue Too SmallNonpriority Queue Too LargeDefault Queue Too SmallDefault Queue Too Large
35. Designing Networks
DocumentationRequirements DocumentsPort Layout SpreadsheetsIP and VLAN SpreadsheetsBay Face LayoutsPower and Cooling RequirementsTips for Network Diagrams
Naming Conventions for Devices
Network Designs
Corporate NetworksThree-tiered architectureCollapsed core—no distributionCollapsed core—no distribution or accessConfiguration concernsTrunksEtherChannelsSpanning treeVTPVLANsEcommerce WebsitesModern Virtual Server EnvironmentsSmall Networks
36. IP Design
Public Versus Private IP Space
VLSM
CIDR
Allocating IP Network Space
Allocating IP Subnets
SequentialDivide by HalfReverse Binary
IP Subnetting Made Easy
37. IPv6
AddressingSubnet MasksAddress TypesSubnettingNAT
Simple Router Configuration
38. Network Time Protocol
What Is Accurate Time?
NTP Design
Configuring NTP
NTP ClientNTP Server
39. Failures
Human Error
Multiple Component Failure
Disaster Chains
No Failover Testing
Troubleshooting
Remain CalmLog Your ActionsFind Out What ChangedCheck the Physical Layer First!Assume Nothing; Prove EverythingIsolate the ProblemDon’t Look for ZebrasDo a Physical AuditEscalateTroubleshooting in a Team EnvironmentThe Janitor Principle
40. GAD’s Maxims
Maxim #1PoliticsMoneyThe Right Way to Do It
Maxim #2
SimplifyStandardizeStabilize
Maxim #3
Lower CostsIncrease Performance or CapacityIncrease Reliability
41. Avoiding Frustration
Why Everything Is Messed Up
How to Sell Your Ideas to Management
When to Upgrade and Why
The Dangers of UpgradingValid Reasons to Upgrade
Why Change Control Is Your Friend
How Not to Be a Computer Jerk
BehavioralEnvironmentalLeadership and Mentoring
Index
About the Author
Colophon

Content preview from Network Warrior, 2nd Edition

ACLs in Multilayer Switches

Multilayer switches, by nature of their design, allow for some security features not available on Layer-2 switches or routers.

The 3750 switch supports IP ACLs and Ethernet (MAC) ACLs. Access lists on a 3750 switch can be applied in the following ways:

Port ACLs: Port ACLs are applied to Layer-2 interfaces on the switch. They cannot be applied to EtherChannels, SVIs, or any other virtual interfaces. Port ACLs can be applied to trunk interfaces, in which case they will filter every VLAN in the trunk. Standard IP, extended IP, and MAC ACLs can be assigned as port ACLs. Port ACLs can be applied only in the inbound direction.
Router ACLs: Router ACLs are applied to Layer-3 interfaces on the switch. SVIs, Layer-3 physical interfaces (configured with no switchport, for example), and Layer-3 EtherChannels can have router ACLs applied to them. Standard IP and extended IP ACLs can be assigned as router ACLs, while MAC ACLs cannot. Router ACLs can be applied in both inbound and outbound directions.
VLAN maps: VLAN maps are similar in design to route maps. They are assigned to VLANs, and can be configured to pass or drop packets based on a number of tests. VLAN maps control all traffic routed into, out of, or within a VLAN. They have no direction.

Configuring Port ACLs

Port ACLs are ACLs attached to a specific physical interface. Port ACLs can be used to deny a host within a VLAN access to any other host within the VLAN. They can also be used to limit access outside the VLAN. ...

Become an O’Reilly member and get unlimited access to this title plus top books and audiobooks from O’Reilly and nearly 200 top publishers, thousands of courses curated by job role, 150+ live events each month,
and much more.

Read now

Unlock full access

More than 5,000 organizations count on O’Reilly

O’Reilly covers everything we've got, with content to help us build a world-class technology community, upgrade the capabilities and competencies of our teams, and improve overall team performance as well as their engagement.

Julian F.

Head of Cybersecurity

I wanted to learn C and C++, but it didn't click for me until I picked up an O'Reilly book. When I went on the O’Reilly platform, I was astonished to find all the books there, plus live events and sandboxes so you could play around with the technology.

Addison B.

Field Engineer

I’ve been on the O’Reilly platform for more than eight years. I use a couple of learning platforms, but I'm on O'Reilly more than anybody else. When you're there, you start learning. I'm never disappointed.

Amir M.

Data Platform Tech Lead

I'm always learning. So when I got on to O'Reilly, I was like a kid in a candy store. There are playlists. There are answers. There's on-demand training. It's worth its weight in gold, in terms of what it allows me to do.

Mark W.

Embedded Software Engineer

Publisher Resources

ISBN: 9781449307974Errata Page

Cloud Computing

Data Engineering

Data Science

AI & ML

Programming Languages

Software Architecture

IT/Ops

Security

Design

Business

Soft Skills

Network Warrior, 2nd Edition

by Gary A. Donahue

ACLs in Multilayer Switches

Configuring Port ACLs

Become an O’Reilly member and get unlimited access to this title plus top books and audiobooks from O’Reilly and nearly 200 top publishers, thousands of courses curated by job role, 150+ live events each month,
and much more.

More than 5,000 organizations count on O’Reilly

Julian F.

Addison B.

Amir M.

Mark W.

You might also like

Arista Warrior, 2nd Edition

Computer Networks, Fifth Edition

Networking Essentials: A CompTIA Network+ N10-008 Textbook, 6th Edition

CCNA 200-301 Official Cert Guide, Volume 1

Publisher Resources