Cisco CCNP Enterprise 300-420 ENSLD – Designing Layer 2 Campus Part 1

1. Designing Layer 2 Campus

Hello and welcome to the Designing Layer Two campus. This section is written in a guide format in that it covers a wide variety of topics in an extremely concise manner and explains how various architectures work, including relevant recommendations and their associated considerations. As a takeaway, you could create a design detailed enough to use as a working document for building a layer-two campus design. First of all, understand that the deployment is geared towards a small to large network with scalability, resiliency, security, low latency, and drop-sensitive application requirements. The first topic revolves around VLAN trunks and VTP.

We then explain how the spanning tree protocol works, emphasising the importance of rich placement manual versus automatic. Alignment to the First Hop redundancy protocol, including a detailed comparison with the standby routing protocol, and how to improve convergence using CiscoSTP toolkit features such as Port fast Ink Fast are also covered. This segues nicely into resolving the challenges of unidirectional links using loop-guarded unidirectional link detection with a comparison between the two and recommended practices. And regarding the number of VLANs on your campus, The next topic discusses the use and recommended practises of multiple instances of MST versus PTSD. Plus, it is important to understand how this VLAN and loop-avoidance mechanism works. So this section provides a nice breakdown of the various spanning tree protocols, including MST recommended practices.

The section then shifts to a related topic of how devices, access points, and telephony endpoints connect using power over Ethernet Poor. The discussion explains how Cisco IP phones communicate and connect to the local area network with information on power requirements, including a case study illustrating those requirements. Telephony traffic falls into the categories of low latency and drop sensitivity. Therefore, you will be presented with recommendations regarding bandwidth over subscription congestion.

Now, in terms of device management, we direct our attention to Wake on Land, which combines hardware and software to allow administrators to manage devices that are powered off. There is also a green IT technology that is presented called Cisco Energy Wise. There are also several aggregation technologies that are described with considerations and recommendations, such as Ether Channel Virtual Switching System and Cisco Stack Wise. As I mentioned, these topics include details on what it is, how it works, and design recommendations. The section then provides several topics revolving around redundancy.

Comparisons of the hot standby routing protocol HSRP and the virtual router redundancy protocol VRP in terms of redundancy protocols The comparison explains how each protocol responds to a failure and introduces the timers that can be adjusted as well as the load sharing and tracking capabilities. Continuing the theme of load sharing and redundancy The next subject is Globe Balancing Protocol, which describes packet load sharing among groups of routers along with the pros and cons. The theme of COVID on the topic of network requirements for applications is not altered in any way, and it provides insight into server and client endpoint placement, detailing both intra- and intra-building structure considerations to allow proper traffic flow based on tick types. The last topic refers to transmission media selection, including what to consider when choosing a type as well as media placement. A case study is included. As you can see from the breadth and depth of each topic, this is an excellent resource for designing layer two campuses. That is our overview. Thank you.

2. VLAN’s , Trunks, VTP and STP

The access layer devices use VLANs to separate traffic from different devices into the following logical networks: the data VLAN provides access to the network for all attached devices other than IP phones. The VLAN provides access to the network for IP phones. Both the dataVLAN and the voiceVLAN have user-facing interfaces configured. The management VLAN provides in-band access to the network for the switches’ interface. The management VLAN is not configured on any user-facing interface, and the VLAN face of the switch is the only member. Trunk considerations Cisco switch ports can run a dynamic protocol that can automatically negotiate a trunk link. This Cisco proprietary protocol can determine the operational throttling mode and protocol on a switch port when it is connected to another device that is also capable of throttling.

The default DTP mode, Trunk Negotiation, is dependent on the Cisco iOS software version and the plan. A general best practise is to set the interface to trunk or access and disable negotiation when a trunk link is required. On links where trunking is not intended, DTP should be turned off. An 802.1Q trunk is used for the connection to the subtree device, which allows the uplink to provide layer 3 services to VLANs defined on the access layer switch. If you have a lot of VLANs, pruning manually can save a lot of processor cycles, but it is not a good solution if users will never use those VLANs on the downstream switches. By manually allowing only the VLAN that you want over a trunk port, you have far more control over which VLANs can be used on which switches. considered good security practises to separate management and user data traffic. VLAN One is the DIP management VLAN. You should change it to some other VLAN, for example,VLAN 99 if it is not carrying user data traffic. The switchboard’s “no negotiate interface” command specifies that DTP negotiation packets are not sent.

The switch does not engage in DTP negotiation on this interface. Trunk interface. Configuration Commands This command returns an error if you attempt to exit in dynamic auto or desirable mode. Use the no form of this command to return to the default setting. The switch port negotiate command does not form a trunk link with ports in either dynamic diesel or dynamic auto modes. VTP Considerations VLAN Trunking Protocol is a Cisco-proprietary protocol that enables network administrators to centrally manage the virtual local area and network an database. This feature can save you a lot of time as it eliminates the repetitive tasks of configuring LANs on each switch in the network. You configure VLANs on a single switch, and VTP replicates those ends to all other switches in the VTP domain. Remember that if you add a switch with an annul domain name to your Nog, it will automatically learn and inherit the VTP domain name. VTP domain name CCDA In this example, VTP manages the VLA and database of all switches in a network from one single switch. VTP version three eliminates instabilities. However, VT Three is compatible with VT Two only if you do not use it to propagate private or extended VLANs. Vtpv-2 is commonly the default. You will need to configure VT Three if you want to use it. If your network only supports VTPV, do not use it; configure all switches in the VTP domain in transparent mode.

Changes to the VLAN ZP transparent mode switch stay local to that switch. Vtpv-3 addresses the shortcomings of version 2 by increasing network stability, among other things. Only one server can modify the VLANs in a VT main. This one server that is allowed to modify VLANs is called the VTP primary server, and it is configured. A new switch added to the network, client, or server cannot update the domain even if it has a higher configured revision number. VT Three is compatible with VT Two as long as you are not using it to propagate private or extended VLANs. A VTP version three device does not accept configuration information from a VTP version two or version one device. Devices that can only support VTP version 1 cannot communicate with VTP version 3 devices. VTP version three claims to support a limited number of devices. If your switches do not support VtpvThree, then do not use VTP. Table database synchronization with VTPV One and VTPV Two configures all switches in the network with VTP trunk mode. When you made a change to the VLA and configuration in VTP transparent mode, the change affected the local switch. The change does not propagate to other switches in the VTP domain. Transparent mode does forward VTP advertisements that it receives within the domain. Also consider the vault version of VTP, which is usually version two. If you want to use VT version three, you need to enable.

3. Understanding the Spanning Tree Protocol

Understanding the spanning tree protocol 802.1 d spanning tree protocol has a drawback of slogans. Cisco catalyst switches support three types of STPs: per VLA and spanning tree PVST Plus, rapid per VLA and spanning tree PVST Plus, and multiple spanning tree MST. PVST Plus is based on the IEEE 802.1d standard and includes Cisco proprietary engines such as backbone fast, uplink fast, and port fast. Rapid PVST Plus is based on the IPL 802-1 standard and converges faster than 802-1D. Understanding the Spanning tree protocol for better convergence, use Rapid versions of STP all switches Rapidversion of STP otherwise, convergence time will be that of non-rapid Stupide not disable PP in layer 2 environments.

When you implement STP, use rapid PVST plus or MST. Rapid PVST Plus uses the same bridge protocol dataunit (Bpdu) format as the 802 one. It is backward-compatible. This compatibility means you can run a mixed environment, such as a few switches in PVST Plus and a few switches in Rapid PVST Plus mode. The overall convergence time is the same as the convergence time Vest Plus mode. To take full advantage of Rapid PVST Plus, all the switches in the spanning tree must run Rapid PVST Plus. Do not disable STP without having a replacement mechanism to layer two loops, such as Flex Links, but STP is still necessary. Flex links do nothing to protect against loops on access ports. STP, if used properly and carefully, is a good and stable protocol for your two networks.

You may need to implement STP for reasons such as a VLA that spans access layer switches to business applications or to protect against user-side loops. Even if the recommended design does not get an STP to resolve link or node failure events, STP is required to protect against user-side loops. Loops can be introduced on the user-facing access layer posts. The selection of the root switch for a particular VLAN is very important. You can select the root switch or let the switches decide which is more dangerous. All the switches exchange information for use in the root switch selection and subsequent configuration of the network. DUs carry this information. Each switch compares the parameters in the Bpduthat the switch sends to a neighbor parameters in the Bpdu that the switch receives from the neighbor in the STP route selection process. If you switch, you will save money. ASW advertises a route ID that is a lower number than the route ID for that switch. DSW One advertisers received the information from Switch.

DSW One stops advertising its root ID and accepts the route ID of switch ASW. Lowest Mac address wins the tiebreaker. Because vendors assign Mac addresses in order, older switches will generally have lower Mac addresses. Imagine that you place an older switch in the access layer because requirements are lower than for the distribution layer and forget to change the configuration settings on any of the switches. Now DSW One, DSW Two and ASW all have bridge priority and among them ASW has the lowest Mac address because ASW becomes the root bridge spanning tree blocks the link between distribution layer switches all the traffic between DSW Two needs Togo through the access layer switch.

Such a traffic pattern is suboptimal. It will overwhelm your access layer switch and might even make it unresponsive. At times of high traffic, all clients that are connected to that switch will lose connectivity. What you need to do is manually assign one of the switches in the distribution layer—the root bridge. If you assign DSW One to be the root bridge by lowering its root bridge priority, STP will block the link between ASW and DSW Two.

Traffic between DSW One and DSW will flow directly between the two switches. alignment of STP with FHRP If you have a switched-access layer design, you will probably not use STP but also employ a first-hop redundancy protocol to provide a first-hop to your clients. Suppose that you are using the hot standby routing protocol, HSRP. A first-hop redundancy protocol issue arises when the HSRPS active router is not the same device as the route of STP for that VLAN. In this example, you can see that Destone is the root bridge for VLA clients.

DSW Two is the active HSRP router for VLAN two. STP frequently blocks one of the ports between ASW and DSW Two, and traffic from VLAN Two clients knows but to use the upping towards DSW One will then, instead of going directly to the call, go to W Two and then to the call. Such a situation will not only create suboptimal path situations and thus greater delay but will also lead to congestion on the link between DSW One and DSW Two. Fenland If you align the STP route bridge with HSRP, then active router traffic will have an optimal path. With this metric, a 100 mbps link would have a cost of 19, a 1 gaps link would have a cost of 4, and so on.

Mixers that calculate costs in a different way might produce suboptimal traffic paths. 802.1/4 increases the path cost to a 32-bit value, thus providing more granular costs and higher-speed interfaces. With this metric, a 100 mbps link would have cost $200,000, a 1 gaps link would cost $20,000, and so on. You might run into trouble if you have a network with a mix of switches that have 16-bit and 32-bit path cost values. The recommended practise is to be consistent in your configuration and have all devices use the new 32-bit path cost metrics. For example, a fast Ethernet will have a cost of $19 if it is using an 802 1D metric calculation. This cost has a better metric than2000 that was calculated for a ten gigabit Ethernet port using the 802 standard. To increase the path cost from a 16-bit to a 32-bit value, use the spanning tree path cost method long command.

Cisco STP toolkit Backbone fast and Port fast uplinks improve the urgency times of no rapid STP. Other tools provide stability and protect the network from STP if used properly. Then there’s the issue of sex. Both of these mechanisms are integrated into RTSP versions; therefore, you would not need to enable them. STP stability mechanism Recommendations You should use spanning tree and control its topology bymanually designating a root bridge. Once you create the tree, use the Cisco STP Toolkit to improve the overall performance of the mechanism and reduce the time that is lost during topology changes. The Cisco spanning tree protocol implementation is far superior to 802.11, DSTP, and EPVST Plus.

From a convergence standpoint, it greatly improves recovery times for any VLA, which necessitates topology convergence due to link up. It also greatly improves the convergence time over backbone fast for any indirect link failures and uplink fast for any uplink failures. The following are the recommended practises for using STP stability mechanisms. port “Fast Apply port” to all end-user ports. Secure Port Fast enabled ports always use a combination of Port Fast and Bpdu Guard. Route Guard: Apply route guard to all points where a route is never expected. Loop Guard: Apply loop guard to all ports that are or can be non-designated, depending on the security requirements of an organization. The port security feature can be used to restrict the traffic entering a port by limiting the Mac address that is allowed to send traffic into the port. Situations where you would need to implement a B.Pd. filter are very rare.

Never run both the Bpdu filter and the Bpdu guard on the same ACV. If a network includes switches from other vendors, you should isolate the different STP domains with layer routing to avoid STP compatibility issues. problem with unidirectional Bidderallinks enable traffic to flow in both directions. If for some reason one direction of traffic flow fails, it is a unidirectional link. Unidirectional links can cause a layer-two loop. problem with unidirectional So what would happen if the transmit circuitry in a gigabit interface converter or small form factor pluggable module failed?

In this example, SW One has a port connected to SW Two that blocks TP, but because SW One is no longer receiving BPD from SW Two, SW will unblock the port. The final result will be that all ports in the topology are forwarding, which causes two loops. Comparing Loop Guard with Dud The functionality of Loop Guard and Dud overlap partly in the sense that both protect against STP failures that are caused by unidirectional links. However, these two features differ in functionality and how they approach the problem. The highest level of protection is provided when you enable unidirectional link detection and loop guard together. UDL offers no protection against STP failures that are caused by software and that result in the designated switch not sending DUS. Individual failed links on an ether channel bundle will be disabled by dud.

The channel itself remainsional. If other links are available, loop guard will put the entire channel into a loop in a consistent state if any physical link in the bundle fails. Loop Guard does not work on shared links or on a link that has been unidirectional since inhalation setup. The highest level of protection is provided by enabling both UDL and loop guard.

Recommended Practices by Dud supports both fiber optic and copper Ethernet cables to LAN-connected land ports. Dud protects against STP failures that are caused by directional links. Dud is typically deployed on any fiber optic interconnection. Aggressive Mode Dud For the best protection, turn on UDL in global configuration to avoid operations and misses. A recommended practise is to enable UDDDLD aggressive mode in all environments. Where fistic interconnections are used. You should enable UDL in global mode so that you do not have to enable every individual fiber optic interface.

4. Understand MST, POE, and EnergyWise

The main purpose of multiple instance spanning trees is to reduce the total number of spanning tree instances to match the topology of the network. Reducing the total number of spanning tree instances will reduce the central cross-unit load on a switch. The number of instances of spanning tree is reduced tithe number of lattice active parts that are available. In some scenarios, many Vasari spanning several switches. Grouping instances simplifies the tree structure. MST is backward-compatible with other STPs. In the example where PVST Plus was implemented, there could be up to 4094 instances of spanning trees, each with its own Bpdu conversations, route, bridge elections, and park selections. Imagine an example where the goal would be to achieve load distribution with VLANs 1 through 500 using one part and Lanes 501 through 1000 using the other part. Instead of creating 1000 PVST Plus instances, you can use MST with only two instances of spanning trees. The two ranges of Volans are mapped to two MST instances respectively. Rather than maintaining 1,000 spanning trees, each switch needs to maintain only two. Implemented in this fashion, MST converges faster than PVSTPlus and is backward-compatible with 802.11, DSTP, 802.11, Wrstp, and the Cisco PV Plus architecture. The IEEE 802 Three-Up amendment was approved multiple times, allowing low power levels to meet the power requirements of more power-hungry APS. An AP, as a power device, negotiates the appropriate power with power sourcing equipment. Power-sourcing equipment is typically a subpar switch. It is recommended that you use Category 5E (Cat. 5E) or better cables to connect APS to switchers. APS must have good cabling to draw enough power from the power sourcing device, which must be able to provide 15.4 or 30 watts of power for each AP. Assuming that APS do not require 30 watts, a 24 port switch will require 370 watts to provide 15.4 watts per port. Make the time Some modular-enabled switches consist of multiple 24 or 48-port line cards within the chassis.

The chassis might require 2000 watts for itself. Check how many ports on the switch are underutilized when planning for ports. A vendor might offer a 24-port switch with a power base of 200 watts, but the budget is only available for eight of the 24 ports. Another vendor might offer 200 watts and the budgets available on any of the 24 ports. You should monitor the power budget of a switch or mound switch to make sure that devices maintain power. If the power budget is exceeded, typically some APS will be able to draw enough power to fully function. Those APS will be rebooted to try to draw power. Again. Make sure that all power sourcingequipment has redundant power sourcing units. You do not want a single power supply unit failure resulting in 48 APS losing power. Supporting IP telephony should be aware that Cisco IP phones use the Cisco Discovery Protocol to communicate with switches. You need to know that the Cisco Discovery Protocol is enabled on the switch. A Cisco switch can indirectly configure the LAN on the phone, including voice VLAN and quality of service Qu’s settings for traffic that is received from HPC. Using the dynamic host configuration protocol to allocate addresses to IP phones is very common. You need to reserve IP subnets for IP telephony and correctly configure the DHCP server so that it will allocate addresses to IP phones. You also need to configure DHCP pools with the info about the trivial file transfer protocol.

Server. TFTP server information is passed to DHCP through option 150. Cisco IP phone configuration does not take place individually at the phone but is centralized in Cisco Unified Communications Manager. Cisco Unified Communication Manager generates device-specific configuration files and makes them available for download at one or more TFTP servers. IP phones will learn the IP address of the TFTP server via DHCP and then load the appropriate commission file automatically as part of their boot sequence. IP phones do not require wall power. It can obtain power over the Internet over a compliant land switch.

An example of such a switch is the Cisco Catalyst switch. The use of poet eliminates the need for extra power adapters and cabling near the user’s desk. Check that the switch can supply enough power to all IP phones connected to it. Phones with big color screens will need more power than phones with smaller black and white screens. The Cisco IP phone contains a switch. You can use one port to connect to the switch and the other port to connect to the computer. Deploying IP phones in this daisy chain manner, where the IP phone connects to a switch and then the computer connects to the phone, will save you from using switch ports. In return, you need to make sure that the user experience stays good by using the voice VLAN feature of Cisco catalyst switches and IP phones.

At the land switch, the phone and computer can be combined into a single DVI-I port. Poor Requirements Calculation case study task You will determine how poverty will be factored into the design and implementation of wireless networks. In this task, you will determine how poor will be factored into the design and implementation of wireless networks. There are 36 IP phones requiring four watts each, making a total of 144 watts. There are 2170 access points, each requiring 15.4 watts, making a total of 38 watts. 2700 Cisco access points, each requiring 16 watts, make a total of 32 watts. The switch on this floor has a poor output of 740 watts, which is more than the total requirement of 172 watts. The switch on this floor has a poor output of 370 watts, which is more than the requirement of 174.8 watts. Poor Requirements Some devices have information on how much power they require as “maximum consumption,” while others have information as “poor consumption.

” If you are given a poor class, you need to look up the maximum power that needs to be provided from the power sourcing device. For building A, you should calculate how much power IP phones and access points need and determine the power budgets of switches. For the fifth floor of building A, you can calculate the budget of the stack, which is because they are in a power stack. Power Stack technology is a novel feature that aggregates all available power in a switch stack and manages it as a single common power pool for the entire stack. and flu and Since buying replacement poor capable switches is not an option, the customer will need to buy either individual poor injectors or larger mix pan devices. Individual Adapters: You would power each IP phone and assign it an individual power adapter. You need to make sure that you buy the correct adapter for each device. For example, if you buy an adapter that provides 15 watts of power for a 3700 series access point, the access point will not be fully functional. Oversubscription in Bandwidth Ten The recommended practise for data oversubscription is 20 to one for access to distribution links.

The recommendation is four to one for distribution. During times of congestion, you can employ Qu’s mechanisms to priorities links to important traffic. However, if Shin is frequent, it means that your design did not allocate enough bandwidth on uplinks. You can increase bandwidth by aggregating more links or upgrading to faster links. Asthmatic If congestion occurs frequently, it means that your design did not allocate enough uplink bandwidth. Just adding more uplinks between the distribution and core layers results in more peer relationships, and that increases overhead. By using Ether Channel to bundle uplinks, you reduce the number of peers to one, upgrading the uplinks between the distribution and core layers. Ten gigabit Ethernet is a better alternative to just adding gigabit Ethernet links. By just swapping for of a link. The system complexity has stayed the same, but that came at a price. Land’s Wake on LAN is a combination of hardware and software technologies to wake up sleeping systems. WOL sends specially coded network packets called Magic Packets to systems equipped and enabled to respond to these packets. This additional functionality enables administrators to perform system maintenance even if the user has pumped down the system.

The WOL feature allows the administrator to remotely power up all sleeping machines so that they can receive updates. WOL is based on the principle that when the Pushouts down, the Nick still receives power and keeps listening on the network for the magic packet to arrive. This magic packet can be sent over connectionless protocols like IPX, but UDP is most commonly used if you send WOL packets from remote networks. The routers must be configured to allow directed broadcasts. Therefore, only a local subnet IP broadcast packet is transmitted on the segment without an app. Only a layer 2 broadcast or an unknown unicast frame is sent out to all switch ports. All IP broadcast packets are addressed to the Broadcast Mac address. Here are the details of this network setup: PCs 1, 2, and 3 are the client PCs that need to be woken up. PC four is the WOL server and the DHCP server. PC Four is configured with a static IP address of 170, 216, and 3224. Client PCs are configured to obtain the IP address from a DHCP server.

For clients connected to VLANs 2, 3, and 4, the DHCP server is configured with three IP scopes. Cisco Energy wise Cisco Energy wise is a green networking technology that connects network devices and endpoints. It takes the network based approach to communicate messages that measure and control energy. The network does. Cisco Energy wise manages devices, monitors their power consumption, and takes action based on the business rules used.

Power Consumption Cisco Energy wise queries then summaries information from large sets of devices. It uses a unique domain naming system, making it simpler than traditional network management capabilities. They provide a management interface that allows facilities and network management applications to communicate with events and each other using a unifying network fabric. The management interface uses standard SSL or SNMP to integrate Cisco and third-party management systems. Multiple switches connected in the simian and imam Energy wise domain. The domain configuration includes UDP default port 43,004and 40 and a gigabit Ethernet port on switch two with a connected catalyst port switch.