SWITCH is a new course that replaces BCMSN as part of Cisco's recent changes to the CCNP, CCDP, and CCIP certification programs.
In SWITCH, you will learn to plan, configure, and verify the implementation of complex enterprise switching solutions for campus environments using the Cisco Enterprise Campus Architecture.
This course is a component of the Cisco CCNP Routing and Switching curriculum, a professional-level certification, and it is designed to give you a firm understanding of how to manage switches in an enterprise campus environment. Hands-on labs reinforce what you learn.
Prerequisites
- CCNA certification or familiarity with internetworking technologies and the ability to perform basic configuration of Cisco routers, including practical experience installing, operating, and maintaining Cisco routers and switches in an enterprise environment
- Knowledge of IP, including the ability to perform IP subnetting on non-octal boundaries, configure IP standard and extended access lists, operate and configure distance vector routing protocol, configure serial interface, and interpret a Cisco routing table
- CCNA Bootcamp v2.0
What You'll Learn
- Analyze campus network designs
- Implement VLANs in a network campus
- Implement spanning tree
- Implement inter-VLAN routing in a campus network
- Implement a highly available network
- Implement high-availability technologies and techniques using multilayer switches in a campus environment
- Implement security features in a switched network
- Integrate WLANs into a campus network
- Accommodate voice and video in campus networks
Who Needs to Attend
- Network engineers with at least one year of professional work experience who are ready to advance their skills and work independently on complex network solutions
- Network professionals, including network engineers, network operations center (NOC) technical support personnel, or help desk technicians, who will need to correctly implement switch-based solutions given a network design using Cisco IOS services and features
- Any individual involved in network operations and support
Course Outline
1. Analyzing Campus Network Designs
- Enterprise Campus Architecture
- Cisco SONA
- Benefits of the enterprise campus architecture
- Function of the core layer
- Impact of traffic types on the network infrastructure
- Cisco Lifecycle Services and Network Implementation
- The PPDIOO lifecycle approach
- PPDIOO implementation planning
- Lab 1-1 Debrief
2. Implementing VLANs in Campus Networks
- Applying Best Practices for VLAN Topologies
- VLAN segmentation models
- Given an enterprise VLAN network design, information needed to create an implementation plan, choices that need to be made, and the consequences of those choices
- Given an enterprise VLAN network design that contains end-to-end VLANs and trunks, create an implementation and verification plan then successfully execute that plan
- Given an enterprise VLAN network design that contains VTP, create an implementation and verification plan then successfully execute that plan
- Configuring Private VLANs (PVLANs)
- PVLANs
- Configure isolated PVLANs
- Configure community PVLANs
- Given an enterprise VLAN network design that contains PVLANs, create an implementation and verification plan then successfully execute that plan
- Configure PVLANs across multiple switches
- Configuring Link Aggregation with EtherChannel
- Benefits of EtherChannel
- Compare the PAgP and the LACP
- Given an enterprise VLAN network design that contains Layer 2 EtherChannel links, create an implementation and verification plan then successfully execute that plan
- Given an enterprise VLAN network design that contains load balancing among the ports included in an EtherChannel, create an implementation and verification plan, and then successfully execute that plan
- Lab 2-1 Debrief
- Lab 2-2 Debrief
- Lab 2-3 Debrief
3. Implementing Spanning Tree
- Spanning Tree Protocol (STP) Enhancements
- STP standards
- STP operations
- Implement and configure PVRST+
- RSTP port roles
- Verify RSTP configurations
- MSTP
- Implement and configure MSTP
- STP Stability Mechanisms
- Protect the operation of STP
- Configure BPDUGuard
- Configure BPDUFilter
- Configure RootGuard
- Configure LoopGuard
- Configure UDLD to detect and shut down unidirectional links
- Optimize STP operations by using the right combination of STP stability features
- Lab 3-1 Debrief
- Lab 3-2 Debrief
4. Implementing Inter-VLAN Routing
- Routing Between VLANs
- Configure and verify inter-VLAN routing in a Layer 2 topology using an external router, a switch SVI, or a switch-routed interface
- Configure both a switch and router to accommodate inter-VLAN packet transfer using an external router
- Layer 3 SVI
- Commands that are used to configure an SVI
- A routed port on a multilayer switch
- Commands that are used to configure a routed port on a multilayer switch
- Configure Layer 3 EtherChannel links
- Configure inter-VLAN routing on a multilayer switch
- Configure DHCP services on a Layer 3 switch
- Deploying Multilayer Switching with Cisco Express Forwarding
- Configure and verify inter-VLAN routing in a Layer 2 topology using multilayer switching with Cisco Express Forwarding
- Process of multilayer switching and how it differs when you are performing Layer 2 vs. Layer 3 switching
- Packet and frame header rewriting performed by a multilayer switch
- Layer 3 switch processing
- Switching methods available on a Cisco switch
- Configure Cisco Express Forwarding on a Cisco switch
- Lab 4-1 Debrief
- Lab 4-2 Debrief
5. Implementing a Highly Available Network
- High Availability
- Evaluate the uses, requirements, benefits, and performance expectations of high availability in a given enterprise network design
- Resiliency for high availability
- Design the network for optimal redundancy
- Implementing High Availability
- Implement high availability at the switch level
- Use Cisco StackWise technology on access switches
- Evaluate the impact of too little redundancy
- Assess the impact of uplink failure
- Implementing Network Monitoring
- Implement network monitoring
- Configure IP SLA technology
- Lab 5-1 Debrief
6. Implementing Layer 3 High Availability
- Configuring Layer 3 Redundancy with HSRP
- Routing issues
- Router redundancy process
- Configure HSRP operations
- Fine-tune HSRP
- Troubleshoot HSRP
- Configuring Layer 3 Redundancy with VRRP and GLBP
- VRRP
- VRRP operations process
- Configure VRRP
- GLBP
- GLBP operations process
- Configure GLBP
- Lab 6-1 Debrief
- Lab 6-2 Debrief
7. Minimizing Service Loss and Data Theft in a Campus Network
- Switch Security Issues
- Switch and Layer 2 security as a subset of an overall network security plan
- How a rogue device gains unauthorized access to a network
- Categorize switch attack types and list mitigation options
- How a MAC flooding attack works to overflow a CAM Campus Backbone Layer table
- How port security is used to block input from devices based on Layer 2 restrictions
- Procedure for configuring port security on a switch
- Methods that can be used for authentication using AAA
- Port-based authentication using 802.1X
- Protecting Against VLAN Attacks
- How VLAN hopping occurs and why it is a security vulnerability
- Procedure for configuring a switch to mitigate VLAN hopping attacks
- VACLs and their purpose as part of VLAN security
- Procedure for configuring VACLs
- Protecting Against Spoofing Attacks
- DHCP spoofing attacks
- Prevent attacks using DHCP snooping
- Configure DHCP snooping
- ARP poisoning
- Protect against ARP spoofing attacks with DAI
- Securing Network Services
- Cisco Discovery Protocol and LLDP vulnerabilities
- Telnet protocol vulnerabilities
- Configure SSH
- Configure vty ACLs
- Configure Cisco IOS secure HTTP server
- Switch security considerations
- Lab 7-1 Debrief
8. Accommodating Voice and Video in Campus Networks
- Planning for Support of Voice in a Campus Network
- Components of a VoIP network and the components of IP telephony
- Uniform bandwidth consumption of voice traffic vs. the intermittent bandwidth consumption of data traffic
- Compare video bandwidth consumption to voice and data bandwidth consumption based on video application types
- Solution for latency, jitter, bandwidth, packet loss, reliability, and security for voice and video traffic integration into a data network
- Integrating and Verifying VoIP in a Campus Infrastructure
- Plan for VoIP requirements
- Voice VLANs
- Configure and Verify Voice VLANs
- Plan PoE requirements and configure PoE
- Provide additional services required by VoIP devices
- Create a Test Plan for VoIP integration
- Working with Specialists to Accommodate Voice and Video on Campus Switches
- High availability applied to VoIP or video traffic
- Build an integrated voice/video/data campus network
- The need for QoS for VoIP and video integration
- Configure basic QoS for voice and video VLANs
- Lab 8-1 Debrief
9. Integrating Wireless LANs into a Campus Network
- Comparing WLANs with Campus Networks
- WLANs
- Compare wired and wireless LAN
- Main wireless LAN topologies
- Settings specific to WLANs, such as SSIDs, and WLAN-to-VLAN mapping
- Assessing the Impact of WLANs on Campus Networks
- WLAN implementations
- Compare WLAN solutions
- Assess traffic flow in an autonomous AP configuration and its impact on the campus LAN
- Assess traffic flow in an controller-based configuration and its impact on the campus LAN
- Preparing the Campus Infrastructure for WLANs
- Best placement for APs and controllers
- Configure switches for WLAN devices
- Gather WLAN requirements
- Plan WLAN integration
- Create a test plan
- Lab 9-1 Debrief
Labs
Lab 1-1: New Hire Test
- Prepare basic configuration templates for your switches
- Explore the remote lab device connections
- Deploy configuration templates on your switches
- Verify your configurations according to the verification plan you created
Lab 2-1: Design and Implement VLANs, Trunks, and EtherChannel
- Plan a segmented Layer 2 network implementation
- Create a Layer 2 implementation and verification plan
- Implement a full Layer 2 solution including VLANs, trunks, pruning, VTP, and EtherChannel
Lab 2-2: Troubleshoot Common VLAN Configuration and Security Issues
- Diagnose and resolve Layer 2 connectivity problems
- Diagnose and resolve VLAN and EtherChannel-related problems
- Document troubleshooting progress, configuration changes, and problem resolution
Lab 2-3: Configure Private VLANs
- Plan a segmented private VLAN implementation
- Create a private VLAN implementation and verification plan
- Implement private VLANs
Lab 3-1: Implement Multiple Spanning Tree
- Design a spanning tree
- Create a spanning tree implementation plan
- Implement a spanning tree according to an implementation plan
- Create a spanning tree verification plan
- Verify the spanning tree according to the verification plan
Lab 3-2: Implement PVSRT+
- Design a migration plan to PVRST+
- Create a PVRST+ implementation plan
- Implement PVRST+ according to implementation plan
- Create a PVRST+ verification plan
- Verify the PVRST+ spanning tree according to the verification plan
Lab 3-3: Troubleshoot Spanning Tree Issues
- Develop a work plan to troubleshoot configuration and security issues in the STP
- Isolate the causes of the problems
- Correct all of the identified spanning tree issues
- Document and report the troubleshooting findings and recommendations
Lab 4-1: Implement Inter-VLAN Routing
- Design a Layer 3 network
- Create an implementation requirements list
- Create a step-by-step implementation and verification plan
- Implement and verify inter-VLAN routing and routing protocols
Lab 4-2 Troubleshoot Inter-VLAN Routing
- Develop a work plan to troubleshoot configuration and inter-VLAN routing issues
- Isolate the causes of the problems
- Correct all of the identified routing issues
- Test the corrections made
- Document and report the troubleshooting findings and recommendations
Lab 5-1: Implement High Availability in a Network Design
- Design a high availability solution consisting of a syslog, SNMP reporting, and an IP SLA solution
- Create an implementation requirements list
- Create a step-by-step implementation and verification plan
- Implement and verify your solution
Lab 6-1: Implement and Tune HSRP
- Design an HSRP solution
- Create an implementation requirements list
- Create a step-by-step implementation and verification plan
- Implement and verify your solution
Lab 6-2: Implement VRRP
- Design a VRRP solution
- Create an implementation requirements list
- Create a step-by-step implementation and verification plan
- Implement and verify your solution
Lab 7-1: Secure Network Switches to Mitigate Security Attacks
- Perform a baseline assessment of network switch security settings
- Possible threats, points of attack, and vulnerability points in the network
- Write an implementation plan to implement security measures on network switches
- Write a plan to test and verify security threat mitigation measures for VLANs
- Configure port security and other switch security features
- Configure a VACL
- Verify the correct implementation of security measures
- Document the switch and VLAN security plan, settings, operations, and maintenance
Lab 8-1: Plan Implementation and Verification of VoIP in a Campus Network
- Gather information regarding the implementation of VoIP
- Prepare an implementation requirements list for VoIP readiness
- Prepare an implementation and verification plan
- Implement and verify the VoIP readiness plan
Lab 9-1: Integrate Wireless in the Campus
- Requirements for implementing wireless structure in a network
- Prepare an implementation plan for wireless integration
- Prepare the switched network for integration of wireless equipment
- Verify that the switched network was properly provisioned
