Index
Numbers
2.4 GHz band, 485
3DES (Triple DES), 447
5 GHz band, 486
port states, 37
port types, 37
802.1Q standard, 13
A
AAA (Authentication, Authorization, and Accounting), 770–771
configuring for network device access control, 773–776
verifying, 776
ABRs (area border routers), 197–199
absolute power values, 491–492
absolute-timeout command, 770
access ports, 11
ACLs (access control lists), 749–750
BGP network selection, 292–293
configuring for CoPP, 785
controlling access to vty lines, 764–765
extended, 292
IGP network selection, 292
AS Path ACL filtering, 305–306
Active state, 250
AD (administrative distance), 131–132
address families, 244
address-family unicast command, 228
addressing. See also NAT (Network Address Translation)
multicast, 332
administratively scoped block, 333
GLOP block, 333
IGMPv2, 335
IGMPv3, 337
internetwork control block, 332
local network control block, 332
SSM block, 333
well-known reserved addresses, 333
adjacencies
requirements for, 175
adjacency table, 28
Adj-RIB-In table, 257
Adj-RIB-Out table, 257–258, 260
administratively scoped block, 333
advanced configurations, LACP
interface priority, 116
LACP fast, 113
maximum number of port-channel member interfaces, 114–115
minimum number of port-channel member interfaces, 113–114
advertisements
from indirect sources, 261–263
LSAs, 127–128, 166, 201–202, 226–227
VTP, 95
AES (Advanced Encryption Standard), 447
agent-based automaton tools
agentless automation tools
aggregate-address command, 267, 270
AIGP (Accumulated Interior Gateway Protocol), 317–318
allowed VLANs, 14
AMP (Cisco Advanced Malware Protection), 713–714
isotropic, 495
leveraging for wireless coverage, 526
measuring power levels along the signal path, 495–497
Northbound, 819
REST, 820
Southbound, 820
tools and resources, 821
APs
compatibility with clients, 503–505
maximizing the AP-client throughput, 508–509
roaming, 542
between autonomous APs, 542–544
troubleshooting connectivity problems, 588–592
discontiguous networks, 209–210
area filter-list command, 219
area ID, 199
ARP (Address Resolution Protocol), 19
ASNs (autonomous system numbers), 242–243
private, 242
AS_Path attribute, 243
AS_SET path attribute, 270–273
associations, viewing, 398–399
Assured Forwarding PHB, 373–374
authentication
line local username and password, 760–761
username and password, 758
authentication header, 446
auto-cost reference-bandwidth command, 182
automation tools
AS (autonomous system), 125, 151
Auto-RP
candidate RPs, 355
B
backbone, 167
backward compatibility, EIGRP metrics, 157
bandwidth command, 441
bare-metal servers, 794
base-10 logarithm function, 492
basic BGP configuration, 251–253
Bc (Committed Burst Size), 379
BDR (backup designated router), 170–172
best-effort service, 375
eBGP over iBGP, 321
lowest IGP metric, 321
lowest neighbor address, 323
minimum cluster list length, 322
prefer the oldest eBGP path, 322
router ID, 322
weight attribute, 316
BGP (Border Gateway Protocol), 128, 240. See also BGP multihoming
address families, 244
attributes, AS_Path, 243
conditional matching, multiple conditions, 299
dynamic route summarization, 264
eBGP sessions, 247
fields, 259
inter-router communication, 244–245
Active, 250
Connect, 250
Established, 251
Idle, 249
OpenConfirm, 251
neighbors, 245
PAs, 244
path attributes, 243
route advertisements from indirect sources, 261–263
sessions, 245
summary fields, 253
BGP multihoming, 287
eBGP over iBGP, 321
lowest IGP metric, 321
lowest neighbor address, 323
minimum cluster list length, 322
prefer the oldest eBGP path, 322
router ID, 322
weight attribute, 316
branch transit routing, 289–290
clearing BGP connections, 308–309
communities, 309
conditionally matching, 310–312
enabling support, 310
extended, 309
well-known, 309
continue keyword, 301
distribute list filtering, 303–304
AS Path ACL filtering, 305–306
prefix list filtering, 304–305
deterministic routing, 289
Internet transit routing, 288–289
path selection, using longest match, 314–315
resiliency in service providers, 287–288
blocked designated switch ports, modifying location, 61–63
blocking port, 37
BPDUs (bridge protocol data units), 38
branch security, 708
branch transit routing, 289–290
broadcast domains, 6
broadcast networks, 188
broadcast traffic, 6
BSR (bootstrap router), 356–357
BSS (basic service set), 521, 560
BSS (business support system), 801
C
CAM (content addressable memory), 16
security, 708
CAPWAP, 521
CCKM (Cisco Centralized Key Management), 547
CEF (Cisco Express Forwarding), 25–26
hardware, 29
Central Web Authentication, 572
centralized forwarding, 27
centralized wireless topology, 516–517
channels, 487
CIR (Committed Information Rate), 379
Community page, 843
Discover page, 842
Events page, 844
Support page, 843
Technologies page, 842
Cisco DNA Center Assurance, 696
Cisco ENFV (Enterprise Network Functions Virtualization), 807–808
VNFs and applications, 810
x86 hosting platforms, 812
Cisco FlexVPN, 456
Cisco IBNS (Identity-Based Networking Service), 735
Cisco IOS
password types, 757
Cisco ISE (Identity Services Engine), 725–727
Cisco SD-WAN, 632. See also SD-WAN
Cloud OnRamp, 636
for IaaS, 639
for SaaS, 636
Cisco Umbrella, 715
class maps, configuring for CoPP, 785
Class Selector PHB, 372
clear ip bgp command, 308
clearing
NAT translations on pooled NAT, 429
CLI (command-line interface), 818–819
client requests, 95
Cloud OnRamp, 636
for IaaS, 639
cloud security, 709
CSMA/CD, 5
commands
absolute-timeout, 770
address-family unicast, 228
area filter-list, 219
auto-cost reference-bandwidth, 182
bandwidth, 441
clear ip bgp, 308
crypto ipsec profile, 459
crypto isakmp policy, 457
crypto map, 458
default-information originate, 181
distribute-list, 221
exec-timeout, 770
interface tunnel, 441
interface vlan, 22
ip access-list standard, 291
ip address secondary, 21
ip mtu, 441
ip nat outside, 421
ip ospf, 174
ip ospf cost, 182
ip prefix list, 295
ip route, 135
ipv6 prefix list, 295
ipv6 unicast routing, 142
keepalive, 441
keywords, 14
lacp port-priority, 116
mac address-table static mac-address vlan, 16
maximum-paths, 212
neighbor route-map, 306
network area, 172
no switchport, 22
ntp master, 397
ntp peer, 400
ospfv3 ipv4, 235
ospfv3 network, 235
passive, 174
port-channel min-links, 113–114
route-map, 297
router ospfv3, 228
sdm prefer, 30
show bgp, 258
show bgp ipv4 unicast summary, 260
show bgp ipv6 unicast summary, 276
show bgp summary, 253
show etherchannel port, 108–110
show etherchannel summary, 106–107
show glbp brief, 414
show interface tunnel, 443
show interfaces switchport, 16–17
show interfaces trunk, 12–13, 100–101
show ip nat translations, 422, 426
show ip ospf database summary, 207
show ip ospf interface brief, 184
show ip ospf neighbor, 231
show ip route ospf, 180
show ipv6 interface, 24
show ipv6 route ospf, 232
show lacp counters, 112
show lacp neighbor, 111
show mac address-table dynamic, 14–16
show ntp associations, 398–399
show ntp status, 397
show ospfv3 interface, 231–232
show ospfv3 interface brief, 232
show pagp counters, 112
show pagp neighbor, 111
show sdm prefer, 31
show spanning-tree interface, 46–47
show spanning-tree mst configuration, 83
show spanning-tree root, 40–41, 43
show spanning-tree vlan, 59–60, 62–64
show standby, 407
spanning-tree mode mst, 82
spanning-tree portfast, 66
standby track decrement, 408
switchport access, 11
switchport mode access, 11
switchport mode trunk, 12
switchport negotiate, 101
switchport trunk allowed, 14
switchport trunk native vlan, 13
traceroute, 650
track ip route reachability, 402
tunnel destination, 441
tunnel protection, 459
vlan, 8
vtp domain, 96
communication
VTP, 95
communities (BGP), 309
conditionally matching, 310–312
enabling support, 310
extended, 309
well-known, 309
comparison of IKEv1 and IKEv2, 452–453
complex conditional matching, 299–300
components, EtherChannel, 103
conditional debugging, 662–665
ACLs
extended, 292
continue keyword, 301
distribute list filtering, 303–304
multiple conditions, 299
AS Path ACL filtering, 305–306
prefix list filtering, 304–305
configuring
DTP, 100
MST, 82
peers, 400
interarea summarization, 215–217
interface-specific, 174
routed switch ports, 23
trunk ports, 12
Connect state, 250
continue keyword, 301
control messages, 345
control plane
LISP, 466
CoPP (Control Plane Policing), 784
applying the policy map, 786
configuring ACLs for, 785
configuring class maps for, 785
configuring policy map for, 786
creating
SVIs, 22
VLANs, 8
crypto ipsec profile command, 459
crypto isakmp policy command, 457
crypto map command, 458
crypto maps, 457
CSMA/CD (Carrier Sense Multiple Access/Collision Detect), 5–6
CST (Common Spanning Tree), 79–80
cty lines, 756
D
data center, security, 708
data link layer, 4
data path, LISP
data plane
dBd (dB-dipole), 496
dead interval timer, 183
debugging
computing with simple rules, 494
de-encapsulation, 439
Default Forwarding PHB, 373
default route advertisement, OSPF, 181–182
default-information originate command, 181
DEI (Drop Eligible Indicator) field, 7
DEI field, 371
demodulation, 502
DES (Data Encryption Standard), 447
deterministic routing, 289
devices
locating in a wireless network, 552–555
Community page, 843
Discover page, 842
Events page, 844
Support page, 843
Technologies page, 842
DFZ (default-free zone), 464
DH (Diffie-Hellman), 448
Dijkstra algorithm, 128, 166, 226
directly attached static routes, 135–136
disabling, trunk port negotiation, 101
discontiguous networks, OSPF, 209–210
discovering WLCs, 523
displaying
BGP tables, 258
distance vector routing protocols, 126
distributed forwarding, 27
distribute-list command, 221
DMVPN (Cisco Dynamic Multipoint VPN), 455
downstream, 344
DP (designated port), 37
DR (designated router), 170–172, 183–184, 186–187
elections, 184
DROTHER, 179
DRS (dynamic rate shifting), 508–510
DSCP (Differentiated Services Code Point) per-hop behaviors, 372
Class Selector, 372
with decimal and binary equivalents, 375
Default Forwarding, 373
DSSS (Direct sequence spread spectrum), 503
DTP (Dynamic Trunking Protocol), 99–100
configuring, 100
disabling trunk port negotiation, 101
DUAL (diffuse update algorithm), 127, 150–151
Dynamic Link Aggregation Protocols
interface priority, 116
LACP fast, 113
maximum number of port-channel member interfaces, 114–115
minimum number of port-channel member interfaces, 113–114
viewing neighbor information, 111
port modes, 104
dynamic routing protocols. See routing protocols
E
E plane, 527
EAP (Extensible Authentication Protocol), 563–565, 729–732
configuring with external RADIUS servers, 566–568
configuring with Local EAP, 568–571
verifying configuration, 571
eBGP (exterior BGP) sessions, 125, 246–247
EEM (Embedded Event Manager), 858–859
EGPs (Exterior Gateway Protocols), 125
EIGRP (Enhanced Interior Gateway Routing Protocol), 127, 148
AS, 151
failure detection, 159
feasibility condition, 152
feasible successors, 152
K values, 154
backward compatibility, 157
neighbors, 154
RD, 152
successor routes, 152
successors, 152
timers, 159
unequal-cost load balancing, 158
variance multiplier, 157
EIRP (effective isotropic radiated power), 496
electromagnetic waves, 483
embedded wireless networks, 518
EMs (element managers), 801
enabling, BGP community support, 310
encapsulation, 439
encryption
IPsec supported methods, 447–448
endpoints, 711
ENFV (Enterprise Network Functions Virtualization), 807–808
VNFs and applications, 810
x86 hosting platforms, 812
enhanced distance vector routing protocols, 127
enterprise network architecture
hierarchical LAN design, 596–598
Layer 3 access layer, 607
SD-Access design, 610
simplified campus design, 607–609
equal cost multipathing, 132–133, 157
OSPF, 212
Error Recovery, 69
ERSPAN (encapsulated remote SPAN), 690–692
ESA (Cisco Email Security Appliance), 718–719
ESP (Encapsulating Security Payload), 446–448
Established state, 251
EtherChannel, 101–102. See also Dynamic Link Aggregation Protocols
components, 103
load balancing traffic, 117–118
logical interface status fields, 107
member interface status fields, 107–108
member interfaces, 102
PAgP, 105
static, 105
verifying, packets, 111
verifying port-channel status, 106
viewing port-channel interface status, 108
Ethernet
broadcast domains, 6
CSMA/CD, 5
MAC addresses, 4
exam, final preparation for, 890–894
exchanges, 452
EXEC timeout, 770
exec-timeout command, 770
Expedited Forwarding PHB, 374–375
extended ACLs (access control lists), 292
extended BGP communities, 309
F
fabric technologies, 612
Cisco DNA Assurance workflow, 631–632
Cisco DNA design workflow, 628–629
Cisco DNA policy workflow, 629–630
Cisco DNA provision workflow, 630–631
components, 616
fabric border nodes, 624
fabric control plane node, 624
fabric roles and components, 622–623
management layer, 628
overlay network, 619
physical layer, 617
technologies used in, 626
vAnalytics, 636
vBond Orchestrator, 635
vManage NMS, 634
vSmart controllers, 634
failure detection, 159
OSPF, 183
fast switching, 25
FD (feasible distance), 152, 158
feasibility condition, 152
feasible successors, 152
FHR (first hop router), 344
FHRP (First-Hop Redundancy Protocol), 401–402
FIB (forwarding information base), 28, 130
fields
BGP tables, 259
OSPF packets, 169
file dispositions, 713
final preparation for the exam, 890–894
FlexAuth, 735
FLexVPN, 456
floating static routes, 138–140
FMC (Cisco Firepower Management Center), 722
forward delay, 38
forwarding architectures, 25
CEF, 26
centralized forwarding, 27
distributed forwarding, 27
2.4 GHz band, 485
5 GHz band, 486
channels, 487
non-overlapping channel spacing, 488
radio, 485
ranges, 485
unit names, 485
fully specified static routes, 137–138
functions, 852
G
GET (Cisco Group Encrypted Transport) VPN, 455
basic Python components and scripts, 846–853
functions, 852
GLBP (Global Load Balancing Protocol), 413
load balancing methods, 416
roles, 413
weighted load balancing, verifying, 416–417
GLOP block, 333
GRE (Generic Routing Encapsulation), 439
encapsulation, 439
encapsulation overhead, 442
H
H plane, 527
hardware CEF, 29
hello packets, OSPF, 169
hello time, 38
hertz (Hz), 485
hierarchical configuration, viewing status of, 412–413
hierarchical LAN design
hierarchical VRRP configuration, 411–412
HSRP (Hot Standby Router Protocol), 404, 409
configuration, 406
linking object tracking to priority, 408
versions, 404
VIP gateway instance configuration, 405–406
HTTP status codes, 826
hybrid routing protocols, 127
I
IANA (Internet Assigned Numbers Authority), 242
multicast addresses, 332
iBGP (internal BGP) sessions, 245–247
idealistic antenna, 484
Idle state, 249
I/G (individual/group) bit, 334
IGMP (Internet Group Management Protocol), 329, 335
IGMPv3, 337
IGPS (Interior Gateway Protocols), 125
IIF (incoming interface), 344
IKE (Internet Key Exchange), 449
aggressive mode, 451
PFS, 451
phases of key negotiation, 450
quick mode, 451
IKEv2
exchanges, 452
inter-area routes, 199
interarea summarization, 214–217
interface priority, 116
interface STP cost, 39
interface tunnel command, 441
interface vlan command, 22
interface-specific OSPF configuration, 174
Internet transit routing, 288–289
internetwork control block, 332
inter-router communication
OSPF, 168
intra-area routes, 199, 210–211
intracontroller roaming, 545–547
IntServ model, 366
ip access-list standard command, 291
IP address assignment, 20–21, 144–145
to routed subinterfaces, 21–22
to routed switch ports, 22
to switched virtual interfaces, 22
ip address secondary command, 21
ip mtu command, 441
ip nat outside command, 421
ip ospf command, 174
ip ospf cost command, 182
ip prefix list command, 295
ip route command, 135
IPP (IP Precedence), 371
IPsec, 445
authentication header, 446
IKE, 449
aggressive mode, 451
PFS, 451
phases of key negotiation, 450
quick mode, 451
IKEv2
exchanges, 452
security services, 446
site-to-site configuration, 456
site-to-site VPNs
supported encryption methods, 447–448
transport mode, 447
tunnel mode, 447
Cisco FlexVPN, 456
DMVPN, 455
GET VPN, 455
site-to-site, 455
IPv4, 21
IPv6, 20
address verification, 24
route summarization, 234
ipv6 prefix list command, 295
ipv6 unicast routing command, 142
ISAKMP (Internet Security Association Key Management Protocol), 449
ISE (Identity Services Engine), 725–727
isotropic antenna, 495
IST (internal spanning tree), 81
VLAN assignment to, 87
J-K
JSON (JavaScript Object Notation), 825–826
K values, 154
keepalive command, 441
key caching, 547
keywords, 14
continue, 301
show mac address-table dynamic command, 15
L
LACP (Link Aggregation Control Protocol), 110–112
advanced configurations
interface priority, 116
LACP fast, 113
maximum number of port-channel member interfaces, 114–115
minimum number of port-channel member interfaces, 113–114
viewing neighbor information, 111
lacp max-bundle command, 114–115
lacp port-priority command, 116
lacp system-priority command, 115–116
latency
serialization delay, 365
Law of 10s, 493
Law of Zero, 492
access ports, 11
diagnostic commands, 14
interface status, displaying, 17–18
MAC address table, displaying, 14–16
troubleshooting, 16
trunk ports, 12
configuring, 12
allowed, 14
creating, 8
viewing assignments to port mapping, 8–9
Layer 2 marking, 370
Layer 2 multicast addresses, 333–335
Layer 3 forwarding, 18
to routed subinterfaces, 21–22
to routed switch ports, 22
to switched virtual interfaces, 22
local network forwarding, 19
verification of IP addresses, 23–24
Layer 3 marking, 371
Layer 7 classification, 369
legacy VRRP configuration, 410–411
leveraging antennas for wireless coverage, 526
LHR (last hop router), 344, 348
line local password authentication, 758–759
line local username and password authentication, 760–761
line protocols, tracking, 402–403
link budget, 496
link costs, optimizations, 182–183
link-state routing protocols, 127–128
LISP (Cisco Location/ID Separation Protocol), 436, 464–465
architecture components, 465–466
control plane, 466
map registration and notification, 468–469
map request and reply, 469–470
routing architecture, 466
LLQ (low-latency queueing), 366
load balancing. See also GLBP (Global Load Balancing Protocol)
local bridge identifier, 38
local network control block, 332
local network forwarding, 19
locating
blocked designated switch ports, 43–46
devices in a wireless network, 552–555
Loc-RIB table, 257
long mode, 39
longest match, BGP path selection, 314–315
LSAs (link-state advertisements), 127–128, 166, 201–202
age and flooding, 202
sequences, 202
M
MAB (MAC Authentication Bypass), 732–733
MAC (media access control) addresses, 4
OUIs, 5
MAC address table, 5
mac address-table static mac-address vlan command, 16
maintaining AP-client compatibility, 503–505
MANO (management and orchestration), 801
map registration and notification, LISP, 468–469
marking, 369
single-rate three-color, 382
max age, 38
maximal-ratio combining, 508
maximizing the AP-client throughput, 508–509
maximum-paths command, 212
MD5 (Message Digest 5), 448
MDT (multicast distribution tree), 330
measuring
power levels along the signal path, 495–497
MED (multiple-exit discriminator) attribute, 320–321
member interfaces, 102
Meraki SD-WAN, 632
metrics, 132
backward compatibility, 157
equal-cost multipathing, 132–133
unequal-cost load balancing, 133–134
MFIB (multicast forwarding information base), 344
MIMO (multiple-input, multiple-output) system, 505
misconfigurations, MST
trunk link pruning, 88
VLAN assignment to the IST, 87
MLSs (multilayer switches), 4
Mobility Express topology, 520
modulation, 502
MP-BGP (Multi-Protocol BGP), 244, 273
MQC (Modular QoS CLI), 369
MRIB (multicast routing information base), 344
MST (Multiple Spanning Tree)
configuring, 82
IST, 81
misconfigurations
trunk link pruning, 88
VLAN assignment to the IST, 87
regions, 81
not a root bridge for any VLAN, 89
as root bridge, 89
tuning, 86
changing MST interface cost, 86
changing MST interface priority, 86–87
verifying configuration, 83–85
viewing interface-specific settings, 85
MSTIs (Multiple Spanning Tree instances), 80–81
multicast. See also PIM (Protocol Independent Multicast)
addressing, 332
administratively scoped block, 333
GLOP block, 333
IGMPv2, 335
internetwork control block, 332
local network control block, 332
SSM block, 333
well-known reserved addresses, 333
broadcast traffic, 330
IGMPv3, 337
control messages, 345
RPF, 351
streams, 330
unicast traffic, 329
N
NAC (network access control)
NAT (Network Address Translation), 417–418. See also PAT (Port Address Translation); static NAT
NBAR2 (Network-Based Application Recognition), 369
need for QoS, 363
neighbor route-map command, 306
Active, 250
Connect, 250
Established, 251
Idle, 249
OpenConfirm, 251
neighbors
BGP, 245
EIGRP, 154
requirements for adjacencies, 175
verification of adjacencies, 179–180
NETCONF (Network Configuration Protocol), 836–840
network area command, 172
network diagnostic tools
traceroute, 650
network statement, 172–174, 255–256
network types
broadcast, 188
NFV (network functions virtualization), 792, 799–800
BSS, 801
EMs, 801
VNFs and applications, 810
management and orchestration, 801
OSS, 801
NFVI (NFV infrastructure), 800
NFVIS (Network Function Virtualization Infrastructure Software), x86 hosting platforms, 812
NGFW (Next-Generation Firewall), 721–722
NGIPS (Next-Generation Intrusion Prevention System), 719–721
NLRI (Network Layer Reachability Information), 243, 273
no switchport command, 22
non-overlapping channel spacing, 488
Northbound APIs, 819
NSF (nonstop forwarding), 29–30
NTP (Network Time Protocol), 396
associations, viewing, 398–399
peers, 400
preferences, 399
ntp master command, 397
ntp peer command, 400
number of edges formula, 170
O
OFDM (Orthogonal Frequency Division Multiplexing), 503
OIF (outgoing interface), 344
omnidirectional antennas, 531–534
OpenConfirm state, 251
order of processing, route maps, 300
OSI (Open Systems Interconnection) model, 3–4
data link layer, 4
OSPF (Open Shortest Path First), 164. See also OSPFv3
adjacencies, debugging, 656–662
area ID, 199
interface-specific, 174
dead interval timer, 183
default route advertisement, 181–182
discontiguous networks, 209–210
elections, 184
DROTHER, 179
equal cost multipathing, 212
inter-area routes, 199
confirmation, 177
output in brief format, 178
output in detailed format, 177–178
inter-router communication, 168
intra-area routes, 199
age and flooding, 202
sequences, 202
LSDB, 166
multicast addresses, 168
requirements for adjacencies, 175
verification of adjacencies, 179–180
broadcast, 188
number of edges formula, 170
optimizations
failure detection, 183
packets, 168
hello, 169
path selection, 210
pseudonodes, 171
RID, 169
route filtering, 217
SPTs, 166
statistically setting the router ID, 174
timers, 183
OSPFv3, 224
passive interfaces, 233
ospfv3 ipv4 command, 235
ospfv3 network command, 235
OSS (operations support system), 801
OUI (organizationally unique identifier), 5
overlay networks, 436. See also fabric technologies
SD-Access, 619
OVS-DPDK, 805
P
packet loss, 366
packets
EtherChannel, verifying, 111
OSPF, 168
hello, 169
PAgP (Port Aggregation Protocol), 111–112
port modes, 104
viewing packet counters, 112
pairing, lightweight APs and WLCs, 521
PAs (path attributes), 244
passive command, 174
passive interfaces
OSPFv3, 233
passwords
authentication, 758
in Cisco IOS, 757
PAT (Port Address Translation), 418, 429–432
generating network traffic, 430–431
AS Path ACL filtering, 305–306
path attributes, 243
path selection
BGP using longest match, 314–315
metrics, 132
equal cost multipathing, 132–133
unequal-cost load balancing, 133–134
OSPF, 210
path vector routing protocols, 128–129
PCP (Priority code point) field, 7, 370–371
peers, NTP, 400
PFS (perfect forward secrecy), 450–451
phase, 489
PHBs (per-hop behaviors), 372
Class Selector, 372
Default Forwarding, 373
PIM (Protocol Independent Multicast), 329, 340
control messages, 345
source path trees, 348
sparse mode, 347
RPs, 354
shared trees, 348
source registration, 349
point-to-point networks, 188–189
polar plots, 528
single-rate three-color, 382–383
clearing NAT translations, 429
port channel, 102. See also EtherChannel
port modes
PAgP, 104
port states
802.1D STP, 37
RSTP, 52
port-channel min-links command, 113–114
port-channel status, verifying, 106
Postman
Cisco DNA Center APIs, 826–831
HTTP status codes, 826
power levels
comparing between transmitters, 491
comparing using dB, 493
measuring along the signal path, 495–497
pre-shared key, 448
private ASNs, 242
private BGP communities, 309, 312–313
CEF, 26
centralized forwarding, 27
Protocol Discovery, 369
pseudonodes, 171
PVST (Per-VLAN Spanning Tree), 80
simulation check, 89
Q
QoS (Quality of Service)
causes of quality issues
packet loss, 366
classification, 368
congestion management, 386–387
DSCP PHBs with decimal and binary equivalents, 375
marking, 369
need for, 363
PHBs, 372
Class Selector, 372
Default Forwarding, 373
single-rate three-color, 382–383
scavenger class, 375
token bucket algorithms, 379–381
wireless, 377
quality issues, causes of
packet loss, 366
serialization delay, 365
query modifiers, regular expressions, 296
R
radio frequency, 485
RD (reported distance), 152
receivers, power levels, 499–501
recursive static routes, 136–137
RED (random early detection), 390
refractive index, 364
regions, 89
MST, 81
as root bridge, 89
register message, 349
resiliency, network, 401
REST (Representational State Transfer) APIs, 820
RF fingerprinting, 554
RF signals
absolute power values, 491–492
demodulation, 502
maximal-ratio combining, 508
maximizing the AP-client throughput, 508–509
measuring power levels along the signal path, 495–497
modulation, 502
phase, 489
power levels at the receiver, 499–501
RIB (Routing Information Base), 26
RID (router ID), 169
statistically setting, 174
roaming, 542
between autonomous APs, 542–544
root bridge, 37
MST region as, 89
root bridge identifier, 38
root guard, 66
root path cost, 38
root ports
route aggregation
AS Path ACL filtering, 305–306
order of processing, 300
route summarization
routed subinterfaces, IP address assignment, 21–22
routed switch ports
configuring, 23
IP address assignment, 22
route-map command, 297
router ospfv3 command, 228
routers
OSPF, verification of, 180–181
routing protocols, 124. See also BGP (Border Gateway Protocol); EIGRP (Enhanced Interior Gateway Routing Protocol); OSPF (Open Shortest Path First); OSPFv3
AS, 125
distance vector, 126
EGPs, 125
enhanced distance vector, 127
hybrid, 127
IGPs, 125
path selection, 130
static routes, 134
routing tables, 130
order of processing, 132
RP (root port), 37
RPF (Reverse Path Forwarding), 343, 351
RPs (rendezvous points), 354
Auto-RP, 355
candidate RPs, 355
RPs (route processors), 29
RSTP (Rapid Spanning Tree Protocol), 52
port states, 52
port types, 53
RTLS (real-time location services), 553
S
SAs (security associations), 449
scavenger class, 375
Cisco DNA Assurance workflow, 631–632
Cisco DNA design workflow, 628–629
Cisco DNA policy workflow, 629–630
Cisco DNA provision workflow, 630–631
components, 616
fabric border nodes, 624
fabric control plane node, 624
fabric roles and components, 622–623
management layer, 628
overlay network, 619
physical layer, 617
technologies used in, 626
SDM (Switching Database Manager) templates, 30–31
sdm prefer command, 30
vAnalytics, 636
vBond Orchestrator, 635
vManage NMS, 634
vSmart controllers, 634
security. See also IPsec
authentication
branch, 708
campus, 708
Cisco IBNS, 735
Cisco Umbrella, 715
cloud, 709
data center, 708
endpoints, 711
FMC, 722
IPsec, 445
authentication header, 446
Cisco FlexVPN, 456
DMVPN, 455
GET VPN, 455
IKE, 449
site-to-site VPNs, 455
NAC
security services, IPsec, 446
selecting, WLCs, 524
self zone, 777
serialization delay, 365
server virtualization, 792, 794
sessions, BGP, 245
SGT (Security Group Tag) tags, 735–743
SHA (Secure Hash Algorithm), 448
show bgp command, 258
show bgp ipv4 unicast summary command, 260
show bgp ipv6 unicast summary command, 276
show bgp summary command, 253
show etherchannel load-balance command, 118
show etherchannel port command, 108–110
show etherchannel summary command, 106–107
show glbp brief command, 414
show interface status command, 17–18
show interface tunnel command, 443
show interfaces switchport command, 16–17
show interfaces trunk command, 12–13, 100–101
show ip nat translations command, 422, 426
show ip ospf database summary command, 207
show ip ospf interface brief command, 184
show ip ospf neighbor command, 231
show ip route ospf command, 180
show ipv6 interface command, 24
show ipv6 route ospf command, 232
show lacp counters command, 112
show lacp neighbor command, 111
show mac address-table dynamic command, 14–16
show ntp associations command, 398–399
show ntp status command, 397
show ospfv3 interface brief command, 232
show ospfv3 interface command, 231–232
show pagp counters command, 112
show pagp neighbor command, 111
show sdm prefer command, 31
show spanning-tree command, 83–84
show spanning-tree interface command, 46–47
show spanning-tree mst command, 84–85
show spanning-tree mst configuration command, 83
show spanning-tree mst cost command, 86
show spanning-tree root command, 40–41, 43
show spanning-tree vlan command, 59–60, 62–64
show standby command, 407
show udld neighbors command, 73–74
show vtp status command, 97–98
simplified campus design, 607–609
single-rate three-color markers, 382–383
SISO (single-in, single-out) system, 505
site-to-site VPNs, 455
configuring, 456
SLA (service-level agreement), 364
slow path. See process switching
SNMP (Simple Network Management Protocol), 665–670
software switching. See process switching
source path trees, 348
Southbound APIs, 820
SPAN (Switch Port Analyzer), 684–685
spanning-tree mode mst command, 82
spanning-tree portfast command, 66
SPF (shortest path first), 128, 166
split-MAC architecture, 516
SPs (service providers), BGP multihoming, 287–288
SPTs (SPF trees), 166
SSH (Secure Shell), vty access, 768–769
SSIDs (service set identifiers), 514–515
SSM (source specific multicast) block, 333
SSO (stateful switchover), 29–30
standard ACLs (access control lists), 291–292
standby track decrement command, 408
static EtherChannel, 105
static NAT, 418
static routes, 134
statistically setting the router ID, 174
STP (Spanning Tree Protocol), 81. See also MST (Multiple Spanning Tree); RSTP (Rapid Spanning Tree Protocol)
802.1D, 36
port states, 37
port types, 37
BPDUs, 38
Error Recovery, 69
forward delay, 38
hello time, 38
local bridge identifier, 38
locating blocked designated switch ports, 43–46
max age, 38
path cost, 39
root bridge, 37
root bridge identifier, 38
root guard, 66
root path cost, 38
system priority, 38
convergence with direct link failures, 48–51
topology tuning
modifying port priority, 64–65
modifying STP root port and blocked switch port locations, 61–63
unidirectional links, 71
verifying VLANs on trunk links, 46–47
preferences, 399
streams, 330
strings, 848
subset advertisements, 95
successor routes, 152
successors, 152
summarization
summary advertisements, 95
SVIs (switched virtual interfaces)
creating, 22
IP address assignment, 22
switch port status, viewing, 16–17
switches, 5
access ports, 11
unknown unicast flooding, 6
switchport access command, 11
switchport mode access command, 11
switchport mode trunk command, 12
switchport negotiate command, 101
switchport trunk allowed command, 14
switchport trunk native vlan command, 13
T
Tc (Committed Time Interval), 379
TCAM (ternary content addressable memory), 26–27
TCI (Tag Control Information) field
DEI field, 371
VLAN ID field, 371
TCNs (topology change notifications), 47–48
TCP/IP (Transmission Control Protocol/Internet Protocol)., 20
testing a wireless client, 585–588
Thinnet, 5
time synchronization, 396. See also NTP (Network Time Protocol)
timers
EIGRP, 159
OSPF, 183
token bucket algorithms, 379–381
convergence with direct link failures, 48–51
topology tuning
modifying STP port priority, 64–65
modifying STP root port and blocked switch port locations, 61–63
TPID (Tag protocol identifier) field, 7
traceroute command, 650
track ip route reachability command, 402
transmitters, measuring power levels along the signal path, 495–497
transport input, controlling access to vty lines, 765–768
troubleshooting
connectivity problems at the AP, 588–592
Layer 2 forwarding, 16
unidirectional links, 71
wireless networking, client connectivity, 579–581
trunk link pruning, 88
trunk port negotiation, disabling, 101
trunk ports, 12
configuring, 12
TTL (time-to-live) field, 28–29
tuning
MST, 86
changing MST interface cost, 86
changing MST interface priority, 86–87
OSPF
failure detection, 183
tunnel destination command, 441
tunnel protection command, 459
tunneling, 436. See also VXLAN (Virtual Extensible Local Area Network)
GRE, 439
encapsulation, 439
encapsulation overhead, 442
site-to-site over IPsec, 457–462
U
UDLD (Unidirectional Link Detection), 72–74
Umbrella, 715
unequal-cost load balancing, 133–134, 158
unidirectional links, 71
unified wireless topology, 516–517
unique global unicast addressing, 274
unknown unicast flooding, 6
upstream, 344
username and password authentication, 758
V
vAnalytics, 636
variance multiplier, 157
vBond Orchestrator, 635
verifying
AAA configuration, 776
EAP configuration, 571
EtherChannel packets, 111
IPsec site-to-site VPNs, 461–462
IPv4 route exchange with OSPFv3, 236–237
OSPF timers, 183
port-channel status, 106
versions, of HSRP, 404
VID (VLAN identifier) field, 7
viewing
EtherChannel neighbors, 108–110
hierarchical VRRP status, 412–413
interface-specific MST settings, 85
LACP neighbor information, 111
PAgP packet counters, 112
port-channel interface status, 108
VLAN assignments to port mapping, 8–9
VIM (NFVI Virtualized Infrastructure Manager), 800–801
virtualization, 12. See also NFV (network functions virtualization); server virtualization
vlan command, 8
VLAN ID field, 371
access ports, 11
allowed, 14
assignment to the IST, 87
creating, 8
regions, 89
trunk ports, 12
configuring, 12
verifying on trunk links, 46–47
viewing assignments to port mapping, 8–9
VLSM (variable-length subnet masking), 164
vManage NMS, 634
VMs (virtual machines), 794–796
VNF (virtual network function), 800
OVS-DPDK, 805
VNIs (VXLAN network identifiers), 474
VPNs (virtual private networks), 436. See also IPsec
authentication header, 446
Cisco FlexVPN, 456
DMVPN, 455
GET VPN, 455
IKE, 449
security services, 446
site-to-site, 455
vQoE (Viptela Quality of Experience) score, 639
VRF (virtual routing and forwarding), 143–146
VRRP (Virtual Router Redundancy Protocol), 409
hierarchical configuration, 411–412
vSmart controllers, 634
VTEPs (virtual tunnel endpoints), 474
VTI, enabling over IPsec, 462–464
VTP (VLAN Trunking Protocol), 94–95
advertisements, 95
VLANs, creating on VTP domain server, 97–98
vtp domain command, 96
vty lines, 756
controlling access to, 764–768
VXLAN (Virtual Extensible Local Area Network), 436, 473
VNIs, 474
VTEPs, 474
W
WANs, 612
wavelength, measuring, 489–490
weight attribute, 316
well-known BGP communities, 309
well-known reserved multicast addresses, 333
wireless communication, troubleshooting connectivity problems at the AP, 588–592
wireless networking. See also antennas; RF signals; wireless theory
APs
authentication
CAPWAP, 521
conditions for successful wireless association, 579
embedded wireless networks, 518
leveraging antennas for wireless coverage, 526
locating devices in a wireless network, 552–555
maintaining AP-client compatibility, 503–505
maximal-ratio combining, 508
maximizing the AP-client throughput, 508–509
Mobility Express topology, 520
pairing lightweight APs and WLCs, 521
testing a wireless client, 585–588
WLCs
discovering, 523
selecting, 524
wireless QoS, 377
wireless theory, 482–483. See also antenna; power levels
phase 489
WLCs
checking client association and signal status, 582–584
checking client connection status from the GUI, 582
checking client mobility status, 584–585
checking client wireless policy, 585
client connectivity, troubleshooting, 579–581
discovering, 523
selecting, 524
WRED (weighted RED), 390
WSA (Cisco Web Security Appliance), 716–718
web reputation filters, 716
X
Y
Z
ZBFW (Zone-Based Firewall), 777
self zone, 777