book

Network Warrior, 2nd Edition

by Gary A. Donahue

May 2011

Intermediate to advanced

788 pages

23h 34m

English

O'Reilly Media, Inc.

Read now

Unlock full access

Who Should Read This Book
Hubs
Switch TypesPlanning a Chassis-Based Switch InstallationRack spacePowerCoolingInstalling and removing modulesRouting cables

What Is Autonegotiation?
Connecting VLANs
CatOSIOS Using VLAN DatabaseIOS Using Global CommandsNexus and NX-OS
How Trunks WorkISL802.1QWhich Protocol to UseTrunk Negotiation
IOSCatOSNexus and NX-OS
VTP Pruning
VTP DomainsIOSCatOSNX-OSVTP ModeIOSCatOSNX-OSVTP PasswordIOSCatOSNX-OSVTP PruningIOSCatOSNX-OS
EtherChannelEtherChannel Load BalancingConfiguring and Managing EtherChannelEtherChannel protocolsCatOS exampleIOS exampleNX-OS example
Initial vPC ConfigurationAdding a vPC
Broadcast Storms
How Spanning Tree Works
PortFastBPDU GuardUplinkFastBackboneFast
Duplex MismatchUnidirectional LinksBridge Assurance
Use Routing Instead of Switching for RedundancyAlways Configure the Root Bridge
Routing Tables
Host RouteSubnetSummary (Group of Subnets)Major NetworkSupernet (Group of Major Networks)Default Route
Communication Between Routers
RIPRIPv2EIGRPOSPFBGP
Redistributing into RIP
Route TagsA Real-World ExampleAnother method
GRE Tunnels
HSRP
Object Tracking in GLBP
Building a Route Map
Monitoring Policy Routing
Process Switching
Fast SwitchingOptimum SwitchingCEF
Process SwitchingFast SwitchingCEF
Configuring SVIsIOS (4500, 6500, 3550, 3750, etc.)Hybrid Mode (4500, 6500)NX-OS (Nexus 7000, 5000)
ArchitectureBusesEnhanced ChassisVertical Enhanced ChassisSupervisorsMSFCPFCModelsModulesModule interactionModule typesEthernet modulesFWSMsCSMsNAMIntrusion Detection System modulesFlexWAN modulesCommunication Media Modules
Other Recommended VSS CommandsVSS dual-active detectionVSS Failover CommandsMiscellaneous VSS CommandsVSS Best Practices
Nexus HardwareNexus 7000Nexus 5000Nexus 2000Nexus 1000 Series
NX-OS Versus IOSNo more speed-related interface namesNo hidden configuration in NX-OSInterface status displays operational state along with a reasonThe show interface brief commandNo more write memoryNo more do commandNo more show arpNo more interface range commandSlash notation supported on all IPv4 and IPv6 commandsTwo CLI help levelsRouting configuration mostly within interfacesMany more pipe options
Virtual Routing and ForwardingVirtual Device ContextsShared and Dedicated Rate-ModeConfiguring Fabric Extenders (FEXs)Describing FEXsPhysical connectionPinningFEX fabric uplinks using vPCVirtual Port ChannelConfig-SyncConfiguration RollbackUpgrading NX-OS
Stacking
Telecom Glossary
Understanding T1 Duplex
AMIB8ZS
D4/SuperframeExtended Super Frame
Loss of SignalOut of FrameBipolar ViolationCRC6Errored SecondsExtreme Errored Seconds
Red AlarmYellow AlarmBlue Alarm
Loopback TestsIntegrated CSU/DSUs
CSU/DSU ConfigurationCSU/DSU Troubleshooting
FramingM13C-BitsClear-Channel DS3 Framing
Clear-Channel DS3Channelized DS3
Ordering Frame Relay Service
Congestion Avoidance in Frame Relay
Basic Frame Relay with Two NodesBasic Frame Relay with More Than Two NodesFrame Relay Subinterfaces
Designing Access ListsNamed Versus NumberedWildcard MasksWhere to Apply Access ListsNaming Access ListsTop-Down ProcessingMost-Used on TopUsing Groups in ASA and PIX ACLsDeleting ACLsTurbo ACLsAllowing Outbound Traceroute and PingAllowing MTU Path Discovery Packets
Configuring Port ACLsConfiguring Router ACLsConfiguring VLAN Maps
Configuring Reflexive Access Lists
Basic (Non-AAA) AuthenticationLine PasswordsConfiguring Local UsersPPP AuthenticationPAPOne-way authenticationTwo-way authenticationDebugging PPP authenticationCHAPOne-way authenticationTwo-way authenticationChanging the sent hostname
Enabling AAAConfiguring Security Server InformationDefault RADIUS and TACACS+ server groupsCustom groupsCreating Method ListsIOS login authenticationNX-OS login authenticationPPP authenticationApplying Method Lists
Best Practices
Another DMZ ExampleMultiple DMZ Example
Contexts
Context TypesThe ClassifierNo shared interfacesShared outside interfacesShared inside interfaceSharing inside and outside interfacesCascading contextsConfiguring ContextsInterfaces and ContextsWrite Mem Behavior
Failover TerminologyUnderstanding FailoverConfiguring Failover—Active/StandbyMonitoring FailoverConfiguring Failover—Active/Active
NAT CommandsNAT ExamplesSimple PAT using the outside interfaceSimple PAT using a dedicated IP addressSimple PAT with public servers on the insidePort redirectionDMZ
Remote AccessSaving Configuration ChangesLogging
Wireless Standards
MAC Address Filtering
How VoIP WorksProtocolsTelephony TermsCisco Telephony TermsCommon Issues with VoIPLatencyPacket lossJitter
VLANsSwitch PortsQoS on the CME RouterDHCP for PhonesTFTP ServiceTelephony ServiceDial PlanVoice PortsConfiguring PhonesEphone-DNPagingEphonePTTMessage waiting lampsDial PeersPOTSVoIPDial-peer pattern matchingOutbound dial peersInbound dial peersSIPSIP and NAT
Phone RegistrationTFTPDial PeerSIP
Types of QoS
PrioritiesFlavors of QoSTraffic-shaping theory
QoS “Carves Up” a Link into Smaller Logical LinksQoS Limits BandwidthQoS Resolves a Need for More BandwidthQoS Prevents Packets from Being DroppedQoS Will Make You More Attractive to the Opposite Sex
LLQ ScenarioProtocolsPrioritiesDetermine Bandwidth Requirements
Class MapsPolicy MapsService Policies
Scenario 1: Ethernet HandoffScenario 2: Frame Relay Speed MismatchTraffic-shaping terminology
Determining Whether the Network Is Congested
Configuration
Incorrect Queue ConfigurationPriority Queue Too SmallPriority Queue Too LargeNonpriority Queue Too SmallNonpriority Queue Too LargeDefault Queue Too SmallDefault Queue Too Large
DocumentationRequirements DocumentsPort Layout SpreadsheetsIP and VLAN SpreadsheetsBay Face LayoutsPower and Cooling RequirementsTips for Network Diagrams
Corporate NetworksThree-tiered architectureCollapsed core—no distributionCollapsed core—no distribution or accessConfiguration concernsTrunksEtherChannelsSpanning treeVTPVLANsEcommerce WebsitesModern Virtual Server EnvironmentsSmall Networks
Public Versus Private IP Space
SequentialDivide by HalfReverse Binary
AddressingSubnet MasksAddress TypesSubnettingNAT
What Is Accurate Time?
NTP ClientNTP Server
Human Error
Remain CalmLog Your ActionsFind Out What ChangedCheck the Physical Layer First!Assume Nothing; Prove EverythingIsolate the ProblemDon’t Look for ZebrasDo a Physical AuditEscalateTroubleshooting in a Team EnvironmentThe Janitor Principle
Maxim #1PoliticsMoneyThe Right Way to Do It
SimplifyStandardizeStabilize
Lower CostsIncrease Performance or CapacityIncrease Reliability
Why Everything Is Messed Up
The Dangers of UpgradingValid Reasons to Upgrade
BehavioralEnvironmentalLeadership and Mentoring

Content preview from Network Warrior, 2nd Edition

Miscellaneous

The following items are things that trip me up again and again in the field.

Remote Access

To be able to telnet or SSH to your ASA, we must specify the networks from which we will do so. You do this with the telnet and ssh commands:

ASA-5540(config)# telnet 192.168.1.0 255.255.255.0 inside
ASA-5540(config)# ssh 192.168.1.0 255.255.255.0 inside

Saving Configuration Changes

If you read the first edition of this book, you may remember that I complained of the PIX not accepting wri as an abbreviation for write memory. I’m happy to report that wri does work on the ASA platform. Of course, Cisco will tell you that you should use copy run start, but I’m a curmudgeonly old pain in the ass who dislikes change:

ASA-5540(config)# wri
Building configuration...
Cryptochecksum: 7401aa77 0584c65f 9ff42fa9 d5ed86ab

3191 bytes copied in 3.280 secs (1063 bytes/sec)
[OK]

The copy running startup command works, but it’s ugly:

ASA-5540(config)# copy run startup-config

Source filename [running-config]?
Cryptochecksum: 7401aa77 0584c65f 9ff42fa9 d5ed86ab

3191 bytes copied in 3.280 secs (1063 bytes/sec)

When you’re configuring the active ASA in a failover pair, each command should be sent to the standby PIX automatically after it’s been submitted. And when you’re saving changes on the active ASA, the write memory command should write the configuration to the standby ASA. To force a save to the standby PIX, use the write standby command:

ASA-5540#write standby Building configuration... [OK] ASA-5540# ...

Become an O’Reilly member and get unlimited access to this title plus top books and audiobooks from O’Reilly and nearly 200 top publishers, thousands of courses curated by job role, 150+ live events each month,
and much more.

Start your free trial

Publisher Resources

ISBN: 9781449307974Errata Page

Network Warrior, 2nd Edition

by Gary A. Donahue

Miscellaneous

Remote Access

Saving Configuration Changes

Become an O’Reilly member and get unlimited access to this title plus top books and audiobooks from O’Reilly and nearly 200 top publishers, thousands of courses curated by job role, 150+ live events each month,
and much more.

You might also like

Computer Networks, Fifth Edition

Arista Warrior, 2nd Edition

CCNA 200-301 Official Cert Guide, Volume 1, 2nd Edition

Networking Essentials: A CompTIA Network+ N10-008 Textbook, 6th Edition

Publisher Resources