BCMSN30CAG

BCMSN
Course Management
Overview
Building Cisco Multilayer Switched Networks (BCMSN) v3.0 is an instructor-led course
presented by Cisco Systems Training partners. This five-day course will instruct the learner in
how to create an efficient and expandable enterprise network by installing, configuring,
monitoring, and troubleshooting network infrastructure equipment according to the Campus
Infrastructure module in the Enterprise Composite Network Model (ECNM).
Outline
The Course Management section of the Course Administration Guide includes these topics:
Overview
Course Instruction Details
Post-Course Evaluations
Course Version
This course updates Building Cisco Multilayer Switched Networks (BCMSN) v2.1.
Course Objectives
Upon completing this course, the learner will be able to meet these overall objectives:
Describe the Campus Infrastructure module of the ECNM
Define VLANs to segment network traffic and manage network utilization
Explain the procedure for configuring both 802.1Q and ISL trunking between two switches
so that VLANs that span the switches can connect
Describe how VLAN configuration of switches in a single management domain can be
automated with the Cisco proprietary VTP
Implement high availability technologies and techniques using multilayer switches in a
campus environment
Describe WLANs
Describe and configure switch infrastructure to support voice
Describe and implement security features in a switched network
2 Building Cisco Multilayer Switched Networks (BCMSN) v3.0 2006 Cisco Systems, Inc.
Target Audience
People who fulfill the following functions are the primary audience for this course:
An individual who is a network administrator, network engineer, network manager, or
systems manager
People who fulfill the following function are the secondary audience for this course:
An individual who is a network designer
Learner Skills and Knowledge
The knowledge and skills that a learner must have before attending this course include the
following:
Completion of the course Interconnecting Cisco Network Devices (ICND)
Ability to complete the initial configuration of a switch
Ability to configure a switch with VLANs
Ability to create basic interswitch connections
Ability to troubleshoot a VLAN
Ability to complete the initial configuration of a router
2006 Cisco Systems, Inc. Course Administration Guide 3
Course Instruction Details
This topic provides the information that you need to prepare the course materials and set up the
classroom environment.
Instructor Requirement
To teach this course, instructors must have attended the following training or completed the
following requirements:
Certified Cisco Systems Instructor who is certified in BCMSN delivery
Should have earned the Cisco CCNP
or CCIE
certification
Note Submit questions concerning instructor certification to icad@external.cisco.com.
Classroom Reference Materials
These items should be available for the learner during the course:
Student Guide
Paper, pen, pencils, and/or other miscellaneous office supplies needed to support learners
Class Environment
This information describes recommended class size and classroom setup:
Room set up classroom-style, with chairs and tables
Room sized for 16 learners
Eight pairs of chairs sharing access to eight laptops or terminals
Projector to display course PowerPoint slides
Projection screen as needed
Sufficient power for all equipment
For local labs, rack and floor space for all equipment
For remote labs, access to Internet for all learners and instructor
Course Flow
This is the suggested course schedule. You may make adjustments based on the skills,
knowledge, and preferences of the learners in attendance. The presentation of all topics is
optional for noncertification offerings, but you are encouraged to use them because they are
designed to reinforce the lesson concepts and ensure that learners apply some of the concepts.
Day 1:
8:309:00
(08300900)
Course Introduction
9:0010:20
(09001020)
Lesson 1-1: Introducing Campus Networks
10:3012:00
(10301200)
Quiz 1-1: Describing the Campus Infrastructure Module
Lab 1-2: Getting Started with Cisco Catalyst Equipment
12:001:00
(12001300)
Lunch
1:001:40
(13001340)
Lesson 2-1: Implementing Best Practices for VLAN
Topologies
1:40-2:20
(1340-1420)
Lesson 2-2: Implementing VLANs
2:20-3:00
(1440-1500)
Lesson 2-3: Implementing Trunks
3:00-3:40
(1500-1540)
Lesson 2-4: Propagating VLAN Configurations with VTP
3:40-4:20
(1540-1620)
Lesson 2-5: Correcting Common VLAN Configuration
Errors
4:20-5:00
(1620-1700)
Lab 2-1: Configuring VLANs and VTP
5:00 (1700) Day ends
Day 2:
8:008:30
(08000830)
Review of Day 1
8:309:30
(08300930)
Lesson 3-1: Describing the STP
9:3010:30
(09301030)
Lab 3-1: Configuring Primary and Backup Root Bridges
10:3011:00
(10301100)
Lesson 3-2: Implementing RSTP
11:00-12:00
(11001200)
Lab 3-2: Implementing PVRST
12:001:00
(12001300)
Lunch
1:001:20
(13001320)
Lesson 3-3: Implementing MSTP
1:20-2:00
(13201400)
Lab 3-3: Implementing MST
2:00-2:20
(14001420)
Lesson 3-4: Configuring Link Aggregation with
EtherChannel
2:20-3:10
(14201510)
Lab 3-4: Configuring EtherChannel
Lab 3-5: Troubleshooting Spanning Tree
3:10-3:40
(15101540)
Lesson 4:1: Describing Routing Between VLANs
Quiz 4-1: Describing Routing Between VLANs
3:40-4:00
(15401600)
Lesson 4-2: Enabling Routing Between VLANs on a
Multilayer Switch
4:00-5:00
16001700)
Lab 4-2: Routing Between VLANs
5:00 (1700) Day ends
Day 3:
8:008:30
(08000830)
Review of Day 2
8:30-10:20
(0830-1020)
Lab 4-2: Routing Between VLANs (continued from
Day 2)
10:20- 11:00
(1020-1100)
Lesson 4-3: Deploying CEF-Based Multilayer Switching
11:00-12:00
(11001200)
Lesson 5-1: Configuring Layer 3 Redundancy with HSRP
12:001:00
(12001300)
Lunch
1:001:30
(13001330)
Lesson 5-2: Optimizing HSRP
1:30-3:00
(13301500)
Lab 5-1: Enabling and Optimizing HSRP
3:00-5:00
(15001700)
Lesson 5-3: Configuring Layer 3 Redundancy with VRRP
and GLBP
5:00 (1700) Day ends
Day 4: Wireless LANs
8:008:30
(08000830)
Review of Day 3
8:3010:00
(08301000)
Lesson 6-1 Introducing WLANs
Lesson 6-2 Describing WLAN Topologies
10:1012:00
(10101200)
Lesson 6-3 Explaining WLAN Technology and Standards
12:001:00
(12001300)
Lunch
1:003:00
(13001500)
Lab 6-1: Configuring Switches for WLANs
Lesson 6-4 Configuring Cisco WLAN Clients
3:105:00
(15101700)
Lesson 6-5 Implementing WLANs
Lesson 6-6 Configuring WLANs
Lab 6-2: Setting Up the WLAN Controller
Lab 6-3: Configuring the Controller via the Web Browser
Lab 6-4: Configuring a Wireless Client (Optional)
5:00 (1700) Day ends
Day 5:
8:008:30
(08000830)
Review of Day 4
8:309:15
(08300915)
Lesson 7-1: Planning for Implementation of Voice in a
Campus Network
9:1510:00
(09151000)
Lesson 7-2: Accommodating Voice Traffic on Campus
Switches
10:0011:00
(10001100)
Lab 7-1: Configuring IP Telephony Support
11:00-11:20
(11001120)
Lesson 8-1: Understanding Switch Security Issues
11:20-11:40
(11201140)
Lesson 8-2: Protecting Against VLAN Attacks
11:40-12:00
(11401200)
Lesson 8-3: Protecting Against Spoof Attacks
12:001:00
(12001300)
Lunch
1:001:20
(13001320)
Lesson 8-4: Describing STP Security Mechanisms
1:20-1:40
(13201340)
Lesson 8-5: Preventing STP Forwarding Loops
1:40-2:00
(13401400)
Lesson 8-6: Securing Network Switches
2:00-2:45
(14001445)
Case Study 8-1: Applying Security Practices to Secure
Devices in the Campus
2:45-3:30
(14451530)
Case Study 8-2: Using Security Tools to Secure Devices
in the Campus
3:30-5:00
(1530-1700)
Lab 8-3: Applying Security Tools
5:00 (1700) Wrap-up
High-Level Course Outline
This subtopic provides an overview of how the course is organized. The course contains these
components:
Course Introduction
Network Requirements
Defining VLANs
Implementing Spanning Tree
Implementing Inter-VLAN Routing
Implementing High Availability in a Campus Environment
Wireless LANs
Configuring Campus Switches to Support Voice
Minimizing Service Loss and Data Theft in a Campus Network
Lab Guide
Detailed Course Outline
This in-depth outline of the course structure lists each module, lesson, and topic.
Course Introduction
The Course Introduction provides learners with the course objectives, prerequisite learner skills
and knowledge, and general administrative information. The Course Introduction presents the
course flow diagram and the icons used in the course illustrations and figures. This course
component also designates time for the learners to introduce themselves and describe their
backgrounds, giving the instructor valuable information about the knowledge and experience
levels of the learners.
Overview
Learner Skills and Knowledge
Course Goal and Objectives
Course Flow
Your Training Curriculum
CCNP Career Certifications
Module 1: Network Requirements
In this module, learners gain an understanding the Cisco hierarchical network model as it
pertains to the campus network.
Lesson 1: Introducing Campus Networks
This lesson begins by discussing operational problems found in nonhierarchical networks at
Layers 2 and 3 of the Open Systems Interconnection (OSI) model. The Enterprise Composite
Network Model (ECNM) is then introduced, and the features and benefits of ECNM are
explained. Learners will discover how issues that exist in traditionally designed networks can
be resolved by applying this state-of-the-art design to their networks.
Upon completing this lesson, the learner will be able to describe the Campus Infrastructure
module of the ECNM. The learner will also be able to identify the structure and components
used to build or expand a network in the Campus Infrastructure module. This ability includes
being able to meet these objectives:
Define IIN and Cisco SONA frameworks
Describe the Cisco enterprise architecture and how it maps to the traditional three-layer
hierarchical network model
Describe the devices in a nonhierarchical network
Identify problems that can occur in a nonhierarchical switched network
Identify problems that can occur in a nonhierarchical routed network
Define multilayer switches in a nonhierarchical network
List the issues that occur with multilayer switches and VLANs in a nonhierarchical
network
Describe the enterprise composite model, which can be used to divide the enterprise
network into physical, logical, and functional boundaries
List the benefits of the ECNM
Describe the Campus Infrastructure module of the ECNM
Identify the two interfaces used to configure Cisco Catalyst switches
The lesson includes these topics:
IIN and Cisco SONA Framework
Cisco Network Models
Describing Nonhierarchical Campus Network Issues
Describing Layer 2 Network Issues
Describing Routed Network Issues
What Is a Multilayer Switch?
Issues with Multilayer Switches and VLANs in a Nonhierarchical Network
The Enterprise Composite Network Model
Benefits of the ECNM
Describing the Campus Infrastructure Module
Reviewing Switch Configuration Interfaces

The lesson includes these activities:
Quiz 1-1: Describing the Campus Infrastructure Module
Module 2: Defining VLANs
This module defines the purpose of VLANs and describes how VLAN implementation can
simplify network management and troubleshooting and can improve network performance.
When VLANs are created, their names and descriptions are stored in a VLAN database that can
be shared between switches. The learner will see how design considerations determine which
VLANs will span all the switches in a network and which VLANs will remain local to a switch
block.
The configuration components of this module will describe how individual switch ports may
carry traffic for one or more VLANs, depending on their configuration as access or trunk ports.
This module explains both why and how VLAN implementation occurs in an enterprise
network.
Lesson 1: Implementing Best Practices for VLAN Topologies
Upon completing this lesson, the learner will be able to identify how various technologies are
best implemented within the Campus Infrastructure module. This ability includes being able to
meet these objectives:
List the issues that can occur in a poorly designed network
Given a sample organization, explain how to designate VLANs for the organization
Describe the different network interconnection technologies and identify their appropriate
usage in a campus network
Determine the equipment and cabling needs on the various links of VLANs in a campus
network
Map a hierarchical IP addressing scheme to the VLANs in a campus network
Identify the most common traffic sources and their destination on a campus network
Describing Issues in a Poorly Designed Network
Grouping Business Functions into VLANs
Describing Interconnection Technologies
Determining Equipment and Cabling Needs
Mapping VLANs in a Hierarchical Network
Considering Traffic Source to Destination Paths
Lesson 2: Implementing VLANs
VLANs are used to create logical broadcast domains and Layer 3 segments in a given network.
A VLAN is considered a logical segment because the traffic it carries may traverse multiple
physical network segments. This lesson will examine how switch ports can be statically
configured to belong to one or more VLANs and how various ports on a single switch can
belong to different VLANs. End-to-end VLANs will be differentiated from local VLANs.
Local VLANs exist within the context of a single switch or switch block, whereas end-to-end
VLANs span multiple network segments interconnected by switches.
Upon completing this lesson, the learner will be able to meet these objectives:
Define an end-to-end VLAN
Define a local VLAN
Describe the benefits of implementing local VLANs in a campus network
Describe the VLAN configuration modes and their functions
Define a VLAN access port
List the commands to implement a VLAN
List the steps to create a VLAN and associate it with an access port
Describing End-to-End VLANs
Describing Local VLANs
Benefits of Local VLANs in an Enterprise Campus Network
VLAN Configuration Modes
Explaining VLAN Access Ports
Describing VLAN Implementation Commands
Implementing a VLAN
Lesson 3: Implementing Trunks
Switch ports carrying traffic for multiple VLANs are called trunk ports. As frames from
multiple VLANs traverse trunk ports, the switch must identify each frame to associate it with a
given VLAN. This lesson will examine the differences between Inter-Switch Link (ISL) and
802.1Q, two protocols used to mark frames on a trunk link.
Describe a VLAN trunk in an enterprise network
Describe ISL trunking
Describe 802.1Q trunking
Define an 802.1Q native VLAN
Explain VLAN ranges and their usage
Identify the commands used to configure trunking
Explain the procedure to configure trunking
Explaining VLAN Trunks
Describing ISL Trunking
Describing 802.1Q Trunking
Explaining 802.1Q Native VLANs
Explaining VLAN Ranges
Describing Trunking Configuration Commands
Configuring Trunking
Lesson 4: Propagating VLAN Configurations with VTP
When VLANs span multiple switches, a protocol is needed to accurately manage VLAN
information at each switch. This protocol is referred to as VLAN Trunk Protocol (VTP) and is
used to ensure that all switches in a given group, or VTP domain, have the same information
about the VLANs present in that domain. This lesson will examine VTP and how it allows each
switch to participate in the VTP domain. The VTP mode determines if and when updates are
sent by a switch.
Define a VTP domain in a campus network
Define VTP
Describe the three different VTP modes
Describe VTP Pruning
Describe how VTP distributes and synchronizes VLAN information
Describe the commands used to configure and verify a VTP management domain
Describe the procedures to configure a VTP management domain
Describe the procedure to add a new switch to an existing VTP domain
Explaining VTP Domains
Describing the VTP
VTP Modes
Describing VTP Pruning
Describing VTP Operation
Describing VTP Configuration Commands
Configuring a VTP Management Domain
Adding New Switches to an Existing VTP Domain
Lesson 5: Correcting Common VLAN Configuration Errors
When VLANs span multiple switches, there are configuration challenges and issues to be
overcome. VLAN configuration problems include security issues related to the 802.1Q native
VLAN and Dynamic Trunking Protocol (DTP).
Identify the security issues with 802.1Q native VLANs
Describe how to resolve the security issues with 802.1Q native VLANs
List key problems that result from trunk link configuration
Identify best practices for resolving trunk link problems
Identify common problems with VTP configuration
Describe best practice for VTP configuration
Describing Issues with 802.1Q Native VLANs
Resolving Issues with 802.1Q Native VLANs
Describing Trunk Link Problems
Resolving Trunk Link Problems
Common Problems with VTP Configuration
Best Practice for VTP Configuration
The lesson includes this activity:

Module 3: Implementing Spanning Tree
This module introduces the fundamentals of Spanning Tree Protocol (STP) operation in a
switched network. The root bridge will be explained as well as how the root bridge and its
backup are elected. Features for enhancing the performance of STP will be coverednamely,
Rapid STP (RSTP) and Multiple STP (MSTP). The learner will discover how EtherChannel is
configured and how it interoperates with STP. The module also provides guidelines on
improving STP resiliency when network faults occur.
Lesson 1: Describing the STP
In a campus network where there are redundant links between switches, STP manages which
links will provide an active Layer 2 path, which ones will be inactive, and which ones will
provide redundancy in the case of active path failure. This lesson will examine the general
components and operation of STP in a switched network.
Describe a transparent bridge
Identify the traffic patterns in a bridge loop
Define a loop-free network
Describe the 802.1D STP
Define a root bridge
Describe the four port roles
Describe PortFast, PVST+, RSTP, MSTP, and PVRST
Describing Transparent Bridges
Identifying Traffic Loops
Explaining a Loop-Free Network
Describing the 802.1D STP
Describing the Root Bridge
Describing Port Roles
Explaining Enhancements to STP
Lesson 2: Implementing RSTP
Rapid Spanning Tree Protocol (RSTP) is an improvement on the original 802.1D STP standard.
RSTP provides much faster convergence when topology changes occur in a switched network.
Through the use of specific port states, port roles, and link types, RSTP very quickly adapts to
network topology transitions. A proposal and agreement process between neighbor switches is
unique to RSTP. Also, Topology Change Notifications (TCNs) are transferred in a very
different manner than they are in 802.1D STP operation. Configuration of RSTP is much the
same as in 802.1D, except for a few variations and identifiable characteristics in the spanning
tree verification commands.
Describe the RSTP
Describe the three RSTP port states
Describe the five different RSTP port roles
Explain an edge port
Describe the function of the different RSTP link types
Differentiate the 802.1w use of the BPDU from 802.1D
Describe the stages of the RSTP proposal and agreement process
Describe the process that RSTP uses to notify all bridges in the network of a TC
Describe the commands used to implement RSTP
Explain the procedure to implement RSTP in a switched network
Describing the RSTP
Describing RSTP Port States
Describing RSTP Port Roles
Explaining Edge Ports
Describing RSTP Link Types
Examining the RSTP BPDU
Identifying the RSTP Proposal and Agreement Process
Identifying the RSTP TCN Process
Describing PVRST Implementation Commands
Implementing PVRST Commands
Lesson 3: Implementing MSTP
Per VLAN Spanning Tree (PVST) creates a single instance of spanning tree for each VLAN in
the network. This may impose a processing load on a switch when many VLANs are present.
Multiple Spanning Tree Protocol (MSTP) reduces this loading by allowing a single instance of
spanning tree to run for multiple VLANs. Specific configuration and verification steps must be
followed to properly implement MSTP.
Describe MSTP
Describe the characteristics of an MST region
Describe changes to the Bridge Priority field to accommodate the MSTP instance number
Describe how MSTP operates with CST
Describe the commands used to implement MSTP
Explain the procedure to implement MSTP in a switched network
Explaining MSTP
Describing MSTP Regions
Describing the Extended System ID
Interacting Between MSTP Regions and 802.1Q
Describing MSTP Implementation Commands
Configuring and Verifying MSTP
Lab 3-3: Implementing MST
Lesson 4: Configuring Link Aggregation with EtherChannel
When multiple physical links exist between two switches, these links can be bundled into a
single logical link that provides high aggregate bandwidth and fault tolerance for interswitch
connectivity. This lesson will examine the specifics of EtherChannel.
Describe EtherChannel
Compare the PAgP and LACP
Describe the commands used to configure EtherChannel
Describe the guidelines and best practices for configuring port channels using
EtherChannel
Configure load balancing among the ports included in an EtherChannel
Describing EtherChannel
Describing the PAgP and LACP Protocols
Describing EtherChannel Configuration
Configuring Port Channels Using EtherChannel
Configuring Load Balancing over EtherChannel
Module 4: Implementing Inter-VLAN Routing
A switch with multiple VLANs requires a means of passing Layer 3 traffic between those
VLANs. This module describes both the process and various methods of routing traffic from
VLAN to VLAN. A router that is external to the Layer 2 switch hosting the VLANs can
provide the inter-VLAN routing.
When routing occurs within a Cisco Catalyst multilayer switch, Cisco Express Forwarding
(CEF) is deployed to facilitate Layer 3 switching through hardware-based tables, providing an
optimal packet-forwarding process. When CEF is implemented, routing is enabled between
VLANs through the configuration of switch virtual interfaces (SVIs) associated with the
various VLANs on the multilayer switch.
Lesson 1: Describing Routing Between VLANs
Layer 2 switching involves processing frames with respect to their data link layer headers.
Information from those headers is stored within the content addressable memory (CAM) table
in the switch, which in turn provides the information required to make the forwarding decisions
as frames traverse the switch. When multiple Layer 2 VLANs are configured on a switch, a
Layer 3 process is required for inter-VLAN communication. VLAN-to-VLAN packet transfer
can occur on a Layer 3 device external to the switch.
Describe how inter-VLAN routing works using an external router
Describe the commands used to configure inter-VLAN routing using an external router
Explain the procedure to configure inter-VLAN routing using an external router
Explain how switching interfaces use the forwarding engine to implement Layer 2 and
Layer 3 switching
Describe the frame rewrite process
Inter-VLAN Routing Using an External Router
Describing Inter-VLAN Routing Using External Router Configuration Commands
Configuring Inter-VLAN Routing Using an External Router
Explaining Multilayer Switching
Frame Rewrite
Quiz 4-1: Describing Routing Between VLANs
Lesson 2: Enabling Routing Between VLANs on a Multilayer Switch
When multiple VLANs are configured on a multilayer switch, routing between those VLANs
can occur on the switch itself through the configuration of Layer 3 switch virtual interfaces
(SVIs). SVIs are configured and verified using Layer 3 Cisco IOS commands to facilitate inter-
VLAN routing on a multilayer switch. It is also possible to convert Layer 2 switch ports to
operate as Layer 3 interfaces.
Describe a Layer 3 SVI
Describe commands used to configure inter-VLAN routing on a multilayer switch through
an SVI
Explain the procedure to configure inter-VLAN routing on a multilayer switch
Describe a routed port on a multilayer switch
Describe commands used to configure a routed port on a multilayer switch
Explain the procedure to configure routed ports on a multilayer switch
Describing Layer 3 SVI
Describing Configuration Commands for Inter-VLAN Communication on a Multilayer
Switch
Configuring Inter-VLAN Routing on a Multilayer Switch
Describing Configuration Commands for Routed Ports on a Multilayer Switch
Describing Routed Ports on a Multilayer Switch
Configuring Routed Ports on a Multilayer Switch
Lesson 3: Deploying CEF-Based Multilayer Switching
Layer 3 switching provides a wire-speed mechanism by which to route packets between
VLANs using tables that store Layer 2 and Layer 3 forwarding information in hardware. Cisco
Express Forwarding (CEF) is the most efficient means of providing Layer 3 switching on a
multilayer switch. CEF uses a very specific process to build forwarding tables in hardware and
then uses that table information to forward packets at line speed.
Explain Layer 3 switch processing
Explain a CEF-based multilayer switch
Describe the process that a multilayer switch uses to forward packets
Describe the commands used to configure CEF on Cisco Catalyst multilayer switches
Explain the procedure to enable CEF-based MLS
Describe common problems that can occur with CEF and solutions
Describe the commands used to troubleshoot CEF on multilayer switches
Explain the procedure to troubleshoot problems with CEF-based MLS

Explaining Layer 3 Switch Processing
Explaining CEF-Based Multilayer Switches
Identifying the Multilayer Switch Packet Forwarding Process
Describing CEF Configuration Commands
Enabling CEF-Based MLS
Describing Common CEF Problems and Solutions
Describing CEF Troubleshooting Commands
Troubleshooting Layer 3 CEF-Based MLS
Module 5: Implementing High Availability in a Campus Environment
A network with high availability provides alternative means by which all infrastructure paths
and key servers can be accessed at all times. The Hot Standby Router Protocol (HSRP) is one
of those software features that can be configured to provide Layer 3 redundancy to network
hosts. HSRP optimization provides immediate or link-specific failover as well as a recovery
mechanism. Virtual Router Redundancy Protocol (VRRP) and Gateway Load Balancing
Protocol (GLBP) are derivatives of HSRP, providing additional Layer 3 redundancy features,
such as load balancing.
Lesson 1: Configuring Layer 3 Redundancy with HSRP
Businesses and consumers that rely on intranet and Internet services for their mission-critical
communications require and expect their networks and applications to be continuously
available to them.
Customers can satisfy their demands for near-100 percent network uptime if they leverage the
HSRP in Cisco IOS software. HSRP provides network redundancy for IP networks in a manner
that ensures that user traffic immediately and transparently recovers from first-hop failures in
network edge devices or access circuits.
However, routing issues exist as we examine various means of providing redundancy for the
default gateway of each segment. Because of this, HSRP has very specific attributes that
warrant further description, as does a delineation of HSRP operations on the network. HSRP
interfaces transition through a series of states as they find their role in the capacity of active or
standby HSRP router.
Describe routing issues that occur when using default gateways and proxy ARP
Describe how router device redundancy works
Describe HSRP
Describe how HSRP operates to provide a nonstop path redundancy for IP
Describe the six HSRP states and their functions
Describe the commands used to configure HSRP
Explain the procedure to enable HSRP
The lesson includes these topics
Describing Routing Issues
Identifying the Router Redundancy Process
Describing HSRP
Identifying HSRP Operations
Describing HSRP States
Describing HSRP Configuration Commands
Enabling HSRP
Lesson 2: Optimizing HSRP
HSRP has options that allow it to be configured to define the order in which the active and
standby router are selected for expedited failover, for recovery from failover, and to specify
which interface is to be monitored for HSRP failover. Specific commands are used to optimize
and tune HSRP operations for greatest failover resiliency. There is also a set of commands for
verifying and debugging HSRP general and optimized operations.
Describe the options that can be configured to optimize HSRP
Explain the procedure to determine which HSRP operations require tuning in their
networks
Describe how a single router can be a member of multiple HSRP-standby groups to
facilitate load sharing
Describe the commands used to debug HSRP operations
Explain the procedure to debug HSRP operations
Describing HSRP Optimization Options
Tuning HSRP Operations
Describing Load Sharing
Describing HSRP Debug Commands
Debugging HSRP Operations
Lesson 3: Configuring Layer 3 Redundancy with VRRP and GLBP
As the name would imply, Virtual Router Redundancy Protocol (VRRP) provides router
interface failover in a manner similar to HSRP but with added features and IEEE compatibility.
The process by which VRRP operates is defined in this lesson. The Gateway Load Balancing
Protocol (GLBP) and its operations will be defined and differentiated from both HSRP and
VRRP. Specific commands are used to implement and to verify VRRP and GLBP.
Describe VRRP
Describe how VRRP supports transitions from a master to a backup router
Describe the commands used to configure VRRP and GLBP
Describe GLBP
Describe how GLBP provides balanced traffic on a per-host basis, using a round-robin
scheme
Describing VRRP
Identifying the VRRP Operations Process
Configuring VRRP
Describing the GLBP
Identifying the GLBP Operations Process
Module 6: Wireless LANs
This module introduces wireless LANs (WLANs). WLAN is an access technology that has an
increasing significance for network access in offices, factories, hotels, airports, and at home.
This module explains the differences between wired and wireless LANs, describes WLAN
topologies, and teaches the learner how to implement Cisco WLAN solutions.
Lesson 1: Introducing WLANs
This lesson introduces WLANs. WLAN is an access technology that has an increasing
significance for network access in offices, factories, hotels, airports, and at home. Upon
completing this lesson, the learner will be able to meet these objectives:
Describe the different wireless data technologies that are currently available
Describe WLANs
Distinguish WLANs from other wireless data networks
Describe similarities and differences between WLANs and wired LANs
Wireless Data Technologies
Wireless LANs
WLANs and Other Wireless Technologies
WLANS and LANs
Lesson 2: Describing WLAN Topologies
This lesson explains different WLAN topologies. WLAN topologies refer to the placement and
application of WLANs. Upon completing this lesson, the learner will be able to meet these
objectives:
Describe types of WLAN topologies
Describe WLAN access topologies
Explain roaming between wireless cells
Describe WLAN support for VLANs and QoS
Describe wireless mesh networking
WLAN Topologies
Typical WLAN Topologies
Roaming Through Wireless Cells
Wireless VLAN Support
Wireless Mesh Networking
Lesson 3: Explaining WLAN Technology and Standards
This lesson explains WLAN technology and the WLAN standards. This knowledge is
important for the design, configuration, operation, and troubleshooting of WLANs. Upon
completing this lesson, the learner will be able to meet these objectives:
Describe the WLAN frequency bands and RF transmission
Describe WLAN regulations, standards, and certification bodies
Describe the IEEE 802.11b standard
Describe the IEEE 802.11a standard
Describe the IEEE 802.11g standard
Compare the 802.11b, 802.11g, and 802.11a standards for data rates, throughput, and
coverage
Identify best practices for WLAN office design
Explain the need for WLAN security and describe the available WLAN security solutions
Unlicensed Frequency Bands
WLAN Regulation and Standardization
IEEE 802.11b Standard
IEEE 802.11a Standard
IEEE 802.11g Standard
802.11 Comparison
General Office WLAN Design
WLAN Security
Lesson 4: Configuring Cisco WLAN Clients
This lesson describes the Cisco 802.11a/b/g WLAN client and utilities to configure the client
adapter. Upon completing this lesson, the learner will be able to meet these objectives:
Install the Cisco WLAN client adapter and the Cisco ADU
Use the Cisco ADU to configure the Cisco 802.11a/b/g WLAN client adapter
Use the Cisco ADU for diagnostics and troubleshooting of the WLAN client adapters
Use the Cisco Aironet Site Survey Utility to get information about available WLANs
Describe the WLAN configuration through Windows XP
Describe the Cisco ACAU
Describe the Cisco Wireless IP Phone
Describe the features and benefits of the Cisco Compatible Extensions program

Cisco 802.11a/b/g WLAN Client Adapters
Cisco ADU Installation
ADU Diagnostics: Advanced Statistics
Cisco Aironet Site Survey Utility: Associated AP Status
Windows XP WLAN Configuration
Cisco Aironet Client Administration Utility
Cisco Wireless IP Phone
Cisco Compatible Extensions Program for WLAN Client Devices
Lesson 5: Implementing WLANs
This lesson describes WLAN implementations. Both autonomous and lightweight WLAN
solutions are described. Other topics include PoE (Power over Ethernet) and WLAN antennas.
Describe the implementation of the Cisco autonomous and lightweight WLAN solution that
is part of the Cisco implementation of WLANs
Describe how LWAPP is used in the Cisco lightweight WLAN implementation
Describe the components of the Cisco WLAN implementations
Describe Cisco Unified Wireless Networks
Describe Cisco Aironet access points and bridges
Describe PoE for access points and IP phones
Identify the types of antennas to use in WLAN environments
Explain multipath distortion
Describe the decibel calculation
Explain the established EIRP guidelines
Cisco WLAN Implementation
Lightweight Access Point Protocol
Describing WLAN Components
Cisco Unified Wireless Network
Cisco Aironet Access Points and Bridges
Power over Ethernet
Explaining WLAN Antennas
Multipath Distortion
Definition of Decibel
Effective Isotropic Radiated Power
Lesson 6: Configuring WLANs
Upon completing this lesson, the learner will be able to configure autonomous and lightweight
Cisco WLAN solutions.
List the different methods that can be used to configure autonomous access points
Describe the role performed by autonomous access points and bridges in a radio network
Describe how to configure an autonomous access point
Describe how to configure a WLAN controller
Describe how to perform the initial configuration of WLAN controllers via the command
line and web browser
Describe how to configure WLAN controllers via the web browser
Autonomous Access Point Configuration
Role of Autonomous Access Points in a Radio Network
Autonomous Access Point Configuration via the Web Browser
Lightweight WLAN Controller Configuration
Cisco WLAN Controller Boot Menu
Web Wizard Initial Configuration

Module 7: Configuring Campus Switches to Support Voice
When migrating to a VoIP network, all network requirements, including power and capacity
planning, must be examined. In addition, congestion avoidance techniques should be
implemented. This module will highlight the basic issues and define initial steps to take to
ensure that the VoIP implementation works correctly.
Lesson 1: Planning for Implementation of Voice in a Campus Network
IP telephony services are often provided over the campus infrastructure. To have data and voice
application traffic harmoniously coexist, mechanisms must be set in place to differentiate traffic
and to offer priority processing to delay sensitive voice traffic. Quality of service (QoS)
policies mark and qualify traffic as it traverses the campus switch blocks. Specific VLANs keep
voice traffic separate from other data to ensure that it is carried through the network with
special handling and with minimal delay. Specific design and implementation considerations
should be made at all campus switches supporting VoIP.
Explain why an organization would want to run VoIP on the network
Describe the main components of a VoIP network, including IP-enabled PBX, user end-
devices, gateways and gatekeepers, and the IP network
Compare the uniform bandwidth consumption of voice traffic to the intermittent bandwidth
consumption of data traffic
Describe a VoIP call flow through a network and where contention for bandwidth between
data traffic and voice traffic will occur
Explain an auxiliary VLAN
Identify a solution for latency, jitter, bandwidth, packet loss, reliability, and security
Explain the importance of high availability in the campus network to support a VoIP
implementation, including such regulations as E911 that require 99.999 percent system
availability for phones
Explain the need to add a UPS to wiring closets that do not already have them and to
provision switches with inline power for IP phones
Explaining Converged Network Benefits
Describing VoIP Network Components
Explaining Traffic Characteristics of Voice and Data
Describing VoIP Call Flow
Explaining Auxiliary VLANs
Describing QoS
Explaining the Importance of High Availability for VoIP
Explaining Power Requirements in Support of VoIP

Lesson 2: Accommodating Voice Traffic on Campus Switches
VoIP traffic and data will share the same infrastructure. To avoid congestion and subsequent
intermittent VoIP communications, QoS must be configured as close to the end device as
possible. To accomplish this, QoS trust boundaries must be configured. Several options are
available to accomplish this task. This module will provide a brief overview of those options.
Describe how QoS is applied for voice traffic in the campus module
Describe LAN-based classification and marking using a Layer 2 Cisco Catalyst workgroup
switch
Describe QoS trust boundaries and their significance in LAN-based classification and
marking
Explain the procedure to configure an access switch for the attachment of a Cisco IP Phone
Describe basic commands to be considered when voice traffic will traverse a switch
Explain the use of Cisco AutoQoS in Cisco Catalyst switches
Describe the commands that enable Cisco AutoQoS on Cisco Catalyst switches
QoS and Voice Traffic in the Campus Model
LAN-Based Classification and Marking
Describing QoS Trust Boundaries
Configuring a Switch for Attachment of a Cisco IP Phone
Describing Basic Switch Commands to Support Attachment of a Cisco IP Phone
What Is Cisco AutoQoS VoIP?
Configuring Cisco AutoQoS VoIP on a Cisco Catalyst Switch
Module 8: Minimizing Service Loss and Data Theft in a Campus Network
This module defines the potential vulnerabilities within a network related to VLANs. After the
vulnerabilities are identified, solutions for each vulnerability are discussed, and configuration
commands are defined. The module also discusses port security for denial of MAC spoofing,
MAC flooding, and using PVLANs and VACLs to control VLAN traffic. VLAN hopping,
DHCP spoofing, ARP spoofing, and STP attacks are also explained. The learner will also learn
about potential problems, resulting solutions, the method to secure the switch access with use
of vty ACLs, and implementing SSH for secure Telnet access.
Lesson 1: Understanding Switch Security Issues
Basic security measures should be taken to guard against a host of attacks that can be launched
at a switch and its ports. Specific measures can be taken to guard against MAC flooding, which
is a common Layer 2 malicious activity.
Describe switch and Layer 2 security as a subset of an overall network security plan
Describe how a rogue device gains unauthorized access to a network
Categorize switch attack types and list mitigation options
Describe how a MAC flooding attack works to overflow a CAM Campus Backbone Layer
table
Describe how port security is used to block input from devices based upon Layer 2
restrictions
Describe the procedure to configure port security on a switch
Explain the sticky MAC option with port security
Describe security in a multilayer switched network
Describe the methods that can be used for authentication using AAA
Describe port-based authentication using 802.1x
Overview of Switch Security Concerns
Describing Unauthorized Access by Rogue Devices
Switch Attack Categories
Describing a MAC Flooding Attack
Describing Port Security
Configuring Port Security on a Switch
Port Security with Sticky MAC Addresses
Authentication, Authorization, and Accounting
Authentication and Authorization Methods
802.1x Port-Based Authentication
Lesson 2: Protecting Against VLAN Attacks
On networks using trunking protocols, there is a possibility of rogue traffic hopping from one
VLAN to another, thereby creating security vulnerabilities. These VLAN hopping attacks are
best mitigated by close control of trunk links.
Private VLANs (PVLANs) can be configured to establish security regions within a single
VLAN without subnetting, and VLAN access control lists (VACLs) can be used to filter traffic
within a VLAN.
Describe how VLAN hopping occurs and why it is a security vulnerability
Explain the procedure to configure a switch to mitigate VLAN hopping attacks
Describe VACLs and their purpose as part of VLAN security
Explain the procedure to configure VACLs
Explain the purpose of a PVLAN
Explain the procedure to configure PVLANs as a means of network security
Explaining VLAN Hopping
Mitigating VLAN Hopping
VLAN Access Control Lists
Configuring VACLs
Explaining PVLANs
Configuring PVLANs
Lesson 3: Protecting Against Spoof Attacks
DHCP, MAC, and Address Resolution Protocol (ARP) spoofing are all methods used to gain
unauthorized access to a network or to redirect traffic for malicious purposes. DHCP snooping,
port security, and dynamic ARP inspection (DAI) can be configured to guard against these
threats.
Describe what happens in a network during a DHCP spoof attack
Describe how the DHCP snooping feature provides security by filtering trusted DHCP
messages and then using these messages to build and maintain a DHCP snooping binding
table
Explain the procedure to configure DHCP snooping and IP Source Guard
Describe what happens in a network during an attack using ARP spoofing
Describe how DAI determines the validity of an ARP packet based on the valid MAC
address to IP address bindings stored in a DHCP snooping database
Describe the commands that can be used to configure DAI
Explain the procedure to protect a network from ARP spoofing attacks

Describing a DHCP Spoof Attack
Describing DHCP Snooping
Configuring DHCP Snooping
Describing ARP Spoofing
Describing DAI
Describing Commands to Configure DAI
Protecting Against ARP Spoofing Attacks
Lesson 4: Describing STP Security Mechanisms
After STP operations are stable in a switched network, the administrator may want to guard
against rogue switches being attached to the network because these switches may take on the
role of the root or backup root bridge. Bridge protocol data unit (BPDU) guard, BPDU filtering,
and root guard are features that attempt to contain the points at which switches and root bridges
can be attached to the network.
Describe the methods that are available to protect the operation of STP
Describe the commands to configure BPDU guard
Describe the commands to configure BPDU filtering
Describe how root guard is used to improve the stability of Layer 2 networks
Describe the commands used to configure root guard
Protecting the Operation of STP
Describing BPDU Guard Configuration
Describing BPDU Filtering Configuration
Describing Root Guard
Describing Root Guard Configuration Commands
Lesson 5: Preventing STP Forwarding Loops
Spanning tree operations can be severely disrupted by links that pass traffic in one direction and
not in the other direction. The Cisco Catalyst platform provides features to guard against this
condition. Unidirectional Link Detection (UDLD) and loop guard protect the network from
anomalous conditions that result from unidirectional link conditions.
Describe how UDLD is used to detect and shut down unidirectional links
Describe how loop guard is used to protect against Layer 2 forwarding loops
Describe the commands used to configure UDLD and loop guard
Compare the features of loop guard and UDLD as they protect against unidirectional links

Describing UDLD
Describing Loop Guard
Configuring UDLD and Loop Guard
Preventing STP Failures Caused by Unidirectional Links
Lesson 6: Securing Network Switches
The devices on any network must be secured. A number of vulnerabilities can be reduced by
setting passwords on physical and virtual ports, disabling unneeded services, forcing the
encryption of sessions, and enabling logging at the device level.
Describe how CDP can be used for an attack against a network
Describe the security vulnerabilities in the Telnet option
Describe security vulnerabilities in the SSH
Describe vty ACLs
Describe the commands used to apply ACLs to vtys
Describe general security considerations that should be applied in any switched network
Describing Vulnerabilities in the CDP
Describing Vulnerabilities in the Telnet Protocol
Describing Vulnerabilities in the SSH
Describing vty ACLs
Describing Commands to Apply ACLs to vty
Best Practices: Switch Security Considerations
Case Study 8-1: Applying Security Practices to Secure Devices in the Campus
Case Study 8-2: Using Security Tools to Secure Devices in the Campus

Course Evaluations
Cisco uses a post-course evaluation system, Metrics That Matter (MTM), for its instructor-led
courses. The instructor must ensure that each learner is aware of the confidential evaluation
process and that all learners submit an evaluation for each course. There are two options for
learners to complete the evaluation.
For Classes with Internet Access
A URL will be made available, specific to each Cisco Learning Partner. Obtain the URL from
your MTM system administrator before the last day of class.
1. Upon completion of the course, instruct the learners to enter the URL into the browser.
2. Make sure that the learners enter their e-mail addresses (used only for a follow-up
evaluation).
Note Sixty days following a learning event, learners will receive a brief follow-up evaluation, and,
again, responses will be kept confidential. E-mail addresses will not be used for marketing
purposes. (If learners do not have e-mail addresses, they may type in a dummy address.)
3. Instruct the learners to select the appropriate course from the drop-down list.
4. Instruct the learners to complete the course evaluation and click Submit one time only.
5. Advise the learners to wait for Thank you to appear on the screen before leaving.
For Classes Without Internet Access
A paper-based version of the post-course evaluation is available. Your MTM system
administrator can provide you with copies.
1. Distribute paper-based evaluations at the beginning of the last day of class.
2. Instruct the learners to complete the survey only after completing the course.
3. Collect the evaluations and submit them to your MTM system administrator.
To View Evaluation Results
To view your post-course evaluation results:
1. Go to www.metricsthatmatter.com/client. (Reminder: All data is confidential; you will see
only your own data.)
2. Log in using your ID and the password sent to you from MTM or provided by the MTM
system administrator at your company, to ensure confidentiality.
3. Choose Menu Option > Learner Evaluation Reports:
Evaluation Retrieval Tool
Class Evaluation Summary Report
4. Search for and choose the appropriate class.
Lab Setup
Overview
The purpose of the Lab Setup section is to assist in the setup and configuration of the training
equipment for the course Building Cisco Multilayer Switched Networks (BCMSN) v3.0. This
section includes these topics:
Lab Topology
Hardware and Software Requirements
Workstation Configuration
Lab Equipment Configuration
General Lab Setup
Lab 3-3: Implementing MSTP
Configuration Files Summary
Lab Activity Solutions
Teardown and Restoration
Preparation for Non-Lab Activities
Lab Topology
This topic describes the lab topology for Building Cisco Multilayer Switched Networks
(BCMSN) v3.0.
2006 Cisco Systems, Inc. All rights reserved. BCMSN v3.01
Visual Objective

Each pod is created and configured independently of any other pod in the topology. Within
each lab, learners are responsible for only their pod equipment. A pod is a grouping of switches
and routers composed of client devices, access switches, distribution switches, and access to the
core. The learner is not responsible for the core equipment.

Device Name
Device
Name
Abbreviation

Assigned
Pod

Additional
Information
PC 1 XPC1 X-POD X Pod ID
PC 2 XPC2 X-POD X Pod ID
Access Sw 1 XASW1 X-POD X Pod ID
Access Sw 2 XASW2 X-POD X Pod ID
Distribution 1 XDSW1 X-POD X Pod ID
Distribution 2 XDSW2 X-POD X Pod ID
Hardware and Software Requirements
These tables list the recommended equipment to support the lab activities.
Hardware Equipment List
Number
of Units
Cisco Part Number Product Description
Building Access Submodule Equipment
2 WS-C2950G-12-EI Cisco Catalyst 2950 with the following options:
Twelve 10/100 Fast Ethernet ports with two Gigabit
Interface Converter (GBIC) slots
IOS Enhanced Image
2 CAB-AC 110 V power cord (for Catalyst 2950)
Wireless LAN Equipment
4 AIR-AP1020-x-K9
Or
AIR-LAP1242AG-x-K9
Cisco Series Lightweight AP with external antennas
Replace x with country code
8 AIR-ANT4941 2.4 GHz,2.2 dBi Dipole Antenna (two per AP for external
antennas)
4 or 8 AIR-ANT5135D-R 5GHz 3.5dBi Dipole Antenna (one per AP 1020, or else
two per AP LAP1242AG)
12 or 16 Attenuators Suggested Option
(12 attenuators if AP1020 which has two 2.4 GHz + one 5
GHz antennas, else 16 if AP LAP1242AG which has two
2.4 + two 5 GHz atennas)
Approximately 10 to 40 dBi attenuators to reduce RF
power on external antennas. Needed when APs are in very
close proximity (same rack). The exact amount of
attenuation will depend on AP surrounding environment
and APs proximity to each other.
Country power regulation will vary the specific type of
attenuators.
Example vendor: www.terrawaveonline.com
1 RF Cage/Rack Optional
Cage or rack for RF containment and isolation from other
production environment APs
Example vendor: www.equiptoelec.com
4 Clients Fixed client to associate to AP (Linksys USB print server
WPS54G has been tested and recommended)

4 AIR-PWR-1000 Cisco PoE power supply for AP (not necessary if using
PoE Cat 3560 switch)
4 AIR-WLC2006-K9 Cisco 2000 Series WLAN Controller
6 AIR-CB21AG-A-K9 Wireless client with a/b/g radio for laptop with cardbus slot
Building Distribution Submodule Equipment
2 WS-C3750G-24T-S Cisco Catalyst 3750 with the following options:
Twenty-four 10/100/1000 Ethernet ports and four SFP
ports
Number
of Units
IOS enhanced image, required to support EIGRP
routing
Campus Backbone Submodule Equipment
2 WS-C4503-S2+48 Catalyst 4503 with the following option:
routing
Additional Equipment
Software List
Cisco IOS Software Versions
Platform Cisco IOS Image Name Comment
Access Switches
WS-C2950G-12-EI c2950-i6q4l2-mz.121-22.EA1.bin Cisco Catalyst 2950
Distribution Switches
WS-C3750G-24T-S c3750-advipservicesk9-tar.122-25.SED.tar Cisco Catalyst 3750
Backbone Switches
WS-C4503-S2+48 cat4000-i9k91s-mz.122-25.EWA5.bin Cisco Catalyst 4503
PC Router
CISCO1721 c1700-sy-mz.121-17 If available for reuse
Term server Router
CISCO3640 c3640-ik8s-mz.122-11 If available for reuse
CISCO2811 c2800nm-ipbase-mz.124-4.T.bin Replaces 3640 for new labs
Lab Equipment Configuration
This equipment configuration information is necessary for initial setup of the lab configuration.
BCMSN v3.0 Updated Equipment List
This table lists the recommended equipment to support the laboratory activities.
Laboratory Equipment List
Number
of Units
Building Access Submodule Equipment
8 WS-C2950G-12-EI Cisco Catalyst 2950 with the following options:
Twelve 10/100 Fast Ethernet ports with two
Gigabit Interface Converter (GBIC) slots
IOS Enhanced Image
8 CAB-AC 110 V power cord (for Cisco Catalyst 2950)
Building Distribution Submodule Equipment: Order Through May 2, 2006
4 WS-C3550-12T Cisco Catalyst 3550 with the following options:
Twelve 10/100/1000 Ethernet ports and two
GBIC ports
IOS enhanced image, required to support
Enhanced Interior Gateway Routing Protocol
(EIGRP) routing
OR
as 3550 Will be End of Sale After May 2
,
2006
4 WS-C3560G-24TS-E Cisco Catalyst 3560 with the following options:
Twenty-four 10/100/1000 Ethernet ports and four
SFP ports
routing
Campus Backbone Submodule Equipment
2 WS-C3560G-24TS-E Cisco Catalyst 3560 with the following options:
Twenty-four 10/100/1000 Ethernet ports and four
SFP ports
routing
Wireless Lab Equipment
1 WS-C3560-24PS-E Cisco Catalyst 3560 with the following options:
Twenty-four 10/100 Ethernet ports with Power
over Ethernet (PoE) and four SFP ports
routing
4 AIR-WLC2006-K9 Wireless LAN Controller
4 CAB-AC 110 V power cord (for WLC2006)
4 AIR-LAP1242AG-x-K9 Lightweight access point with external antennas
Number
of Units
(recommended)
The console port of this access point can be
connected to the terminal server (optional)
Power over Ethernet required for lab
Replace x with country code (e.g., A for US, E for
Europe)
4 AIR-AP1020-x-K9 Alternative lightweight access point with internal
antennas (used by default) and external antennas
Replace x with country code (e.g., A for US, E for
Europe)
8 AIR-ANT4941 Two 2.4 GHz dipole antennas per access point
4 (8) AIR-ANT5135D-R One or two 5 GHz dipole antennas per access point
(one per AP 1020, else two per AP LAP1242AG)
4 Wireless Client The selected device depends on the implementation
of the lab. Optional, but strongly suggested to provide
a client to verify configuration via ping
The following devices have been tested as wireless
clients:
Cisco AIR-CB21AG-x-K9 client adapter
Linksys WUSB11 or WUSB54G USB client
adapter
Linksys WPS54G USB print server
(recommend as the simplified fixed client
solution)
12 or 16 Attenuators Suggested option
(12 attenuators if AP1020, which has two 2.4 GHz
plus one 5 GHz antennas, or else 16 if AP
LAP1242AG, which has two 2.4 plus two 5 GHz
antennas)
Approximately 10 to 40 dBi attenuators to reduce RF
power on external antennas. Needed when APs are in
very close proximity (same rack). The exact amount of
attenuation will depend on AP surrounding
environment and APs proximity to each other.
Country power regulation will vary the specific type of
attenuators.
Example vendor: www.terrawaveonline.com
1 RF Cage/Rack Optional
Cage or rack for RF containment and isolation from
other production environment APs
Example vendor: www.equiptoelec.com
Additional Equipment
1 CISCO2811
(or equivalent system)
Cisco router security bundle 2811 with AC power,
2FE, 4HWICs, 2PVDMs, 1NME, 2AIMS, IP BASE, 64
Flash/256DRAM (Could use another
model/combination as long as it supports NM-32A for
Number
of Units
console connectivity to equipment in the lab.)
1 c2800nm-ipbase-
mz.123-8.T9.bin
IOS 12.3 IP Base software shipped with ISR routers
by default will support Network Module NM-32A
multiple (required to provide multiple virtual terminal
lines)
1 NM-32A 32-port, high-density asynchronous module to support
console access the lab equipment via remote Telnet
4 CAB-OCTAL-ASYNC Octal Async Cables (to plug in to RJ-45 console ports
on routers and switches)
1 AC power cord rated for North America
8 CISCOSOHO91-K9-64
(or equivalent device)
PC router with one 10-megabit Ethernet port
The selected router must be capable of generating
extended pings and supporting a console connection.
8 CAB-AC2 AC power cord
10 Straight-through Category 5 Ethernet cables
9 Console cables
1 PC instructor workstation running a Microsoft
Windows operating system (any version) and
Microsoft PowerPoint 2000 or later
33 Crossover Category 5 Ethernet cables
32 Crossover Gigabit Ethernet cables

This equipment list reflects changes and pending changes to the products available at the time
of the release of the version 3.0 of the Building Cisco Multilayer Switched Networks course.
Existing labs built with the equipment specified to support version 2.2 of this course need only
upgrade to the Cisco IOS releases as indicated in the table that follows.
Cisco IOS Software Versions
Platform IOS Image Name Comment
Access Switches
WS-C2950G-12-EI c2950-i6q4l2-mz.121-22.EA1.bin Cisco Catalyst 2950
Distribution Switches
WS-C3550-12T-E c3550-i5q3l2-mz.121-22.EA2.bin Cisco Catalyst 3550
WS-C3560G-24TS-E c3560-ipservices-tar.122.SEB.tar For Cisco Catalyst 3550 starting on
May 3, 2006
Backbone Switches
WS-X4014 cat4000-i5s-mz.122-25.EW.bin Cisco Catalyst 4000 with Supervisor
III
WS-C3560G-24TS-E c3560-ipservices-tar.122.SEB.tar For Cisco Catalyst 4000 starting on
July 26, 2004
PC Router
CISCO1721 c1700-sy-mz.121-17
CISCOSOHO91-K9-
64
soho91-k9oy6-mz.124-1.bin Replaces 1721 for new labs
Term server Router
CISCO3640 c3640-ik8s-mz.122-11
CISCO2811 Cisco IOS 12.3 IP Plus software Replaces 3640 for new labs
Wireless Lab
WS-3560-24PS-E c3560-advipservicesk9-tar.122-
25.SEE.tar

AIR-WLC2006-K9 AIR-WLC2006-K9-3-2-116-21.aes

General Lab Setup
This information details the procedure to set up and configure the lab equipment. Follow these
steps carefully:
Step 1 Install Cisco IOS software on the access switches if necessary.
Step 2 Install Cisco IOS software on the distribution switches if necessary.
Step 3 Install Cisco IOS software on the backbone switches if necessary.
Step 4 Install Cisco IOS software on the Cisco PC routers if necessary.
Step 5 Install Cisco IOS software on the Cisco terminal server router if necessary.
Step 6 Copy the appropriate base configuration file into NVRAM on each of the switches
and PC routers. The files are as follows:
asw-wiped-config.txt for the Building Access switches
dsw-wiped-config.txt for the Building Distribution switches
bbsw-wiped-config.txt for the Campus Backbone switches
PCxy-base.txt for the PC routers, where x is the building number and y is the
floor number
Step 7 Copy the configuration files needed for the laboratory activities of Module 5 into
NVRAM on the Campus Backbone switches:
bbsw1-lab5a-paste.txt and bbsw1-lab5b-paste.txt onto Campus Backbone
switch 1
bbsw2-lab5a-paste.txt and bbsw2-lab5b-paste.txt onto Campus Backbone
switch 2
Step 8 Configure the Cisco Router Terminal Server. The file BCMSN-3-0-Terminal-
Server-Configuration.txt contains a terminal server configuration that you can use as
the basis for your configuration. The first laboratory activity instructs the learners to
access the terminal server menu, so be certain that your menu configuration matches
the activity or that appropriate instructions are provided to the learners. The
provided terminal server configuration requires the following wiring connections:
Aysnc 01 ==> ASW21
Aysnc 02 ==> ASW22
Aysnc 03 ==> ASW23
Aysnc 04 ==> ASW24
Aysnc 05 ==> DSW121
Aysnc 06 ==> DSW122
Aysnc 07 ==> BBSW2
Aysnc 08 ==> ASW11
Aysnc 09 ==> ASW12
Aysnc 10 ==> ASW13
Aysnc 11 ==> ASW14
Aysnc 12 ==> DSW111
Aysnc 13 ==> DSW112
Aysnc 14 ==> BBSW1
Aysnc 15 ==> Power1 (optional)
Aysnc 16 ==> Power2 (optional)
Aysnc 25 ==> PC-Router11
Step 9 Configure a TACACS-TFTP-FTP server running on either Windows NT server or
Windows 2000 server. Follow these steps:
Start installing Cisco Secure 2.4 on the server, following the instructions
provided with the software.
When prompted for the authentication database, click the Check the
CiscoSecure ACS database only radio button.
When prompted for access server details, specify authentication with
TACACS+, and then provide the name and IP address of the first access switch.
Use cisco as the key.
Do not select any advanced options, and make sure that login monitoring is
enabled.
Follow the instructions to complete the installation.
Start Cisco Secure Access Control Server to begin configuration.
Use Group Setup to rename Group 1 to myway.
Use User Setup to add the user tacacstest to the group myway with the
password letmein.
Use Network Configuration and the Add Entry button to configure each of the access switches
for TACACS authentication, entering the name, IP address, and TACACS key for each.
WLANs Lab
Step 1 Install Cisco IOS software on the WLAN lab switch if necessary.
Step 2 Copy the appropriate base configuration file into NVRAM on each of the switches
and PC routers. The files are as follows:
WSW1-initial-config.txt for the WLAN lab switch
Step 3 Configure the Cisco Router Terminal Server. The file BCMSN-3-0-Terminal-
Server-Configuration.txt contains a terminal server configuration that you can use as
the basis for your configuration. The first lab activity instructs the learners to access
the terminal server menu, so be certain that your menu configuration matches the
activity or that appropriate instructions are provided to the learners. The provided
terminal server configuration requires the following wiring connections:
Aysnc 01 ==> WSW1
Aysnc 02 ==> 1WLC1
Aysnc 03 ==> 1WLC2
Aysnc 04 ==> 2WLC1
Aysnc 05 ==> 2WLC2
Aysnc 06 ==> 3WLC1
Aysnc 07 ==> 3WLC2
Aysnc 08 ==> 4WLC1
Aysnc 09 ==> 4WLC2

Lab 1-2: Getting Started with Cisco Catalyst
Equipment
This topic details the lab activity for Lab 1-2.
Objectives
You will complete these tasks in this lab:
Run Telnet to connect to the remote lab
Access and use the class menu to verify connectivity to the remote lab terminal server
Establish a connection to the access and distribution switches and verify connectivity
Verify the initial switch configuration and connectivity between the switches
Visual Objective
The figure displays the lab topology that you will use to complete this lab.
Visual Objective

Setup
The table describes how to set up lab configurations with equipment for this lab.

Device
Configuration
File to Install

Configuration Instructions
PC router Default Default blank configuration
Access switch Default Default blank configuration
Distribution switch Default Default blank configuration
Additional Setup Notes
Ensure that learners successfully prepare their lab equipment and successfully complete this lab
because it will enable successful completion of subsequent labs.
Common Issues
This subtopic presents common issues for this lab.
Unsuccessful Completion of Lab: Ensure that each learner successfully completes this lab
because it is required for the proper completion of the next lab.
Objectives
Create a VTP management domain
Configure trunking
Configure VLANs
Verify the VTP and VLAN status
Associate VLANs with ports on your switch
Visual Objective
The figure illustrates what you will accomplish in this activity.
Visual Objective

Setup

Device
Configuration
File to Install

PC router Lab 2-1 start PC Sets router to beginning of lab configuration
Access switch Lab 2-1 start ASW Sets switch to beginning of lab configuration
Distribution switch Lab 2-1 start DSW Sets switch to beginning of lab configuration
This lab is dependent on proper overall configuration of the course lab and the consequent
successful completion of the previous lab exercise.
Common Issues
Lab 3-1: Configuring Primary and Backup Root
Bridges
Objectives
Configure a new primary root bridge and a backup root bridge on each VLAN so that the
loop-free topology uses the root bridge as a reference point
Use the show running-config, show spanning-tree detail, show spanning-tree root,
show spanning-tree vlan vlan-id bridge, and show spanning-tree vlan vlan-id root
commands to confirm that the primary root bridge for the specific VLAN has moved to the
new primary root bridge
Verify that a backup root bridge exists
Visual Objective
The figure illustrates what you will accomplish in this activity.
Visual Objective

Setup

Device
Configuration
File to Install

Common Issues
Objectives
Configure PVRST in access and distribution switches
Ensure that PVRST is working through link failure testing
Visual Objective
Visual Objective

Setup

Device
Configuration
File to Install

Common Issues
Lab 3-3: Implementing MSTP
Objectives
You will complete this task in this lab:
Configure MST on the Building Access and Building Distribution switches and verify the
configuration
Visual Objective
Visual Objective

Setup

Device
Configuration
File to Install

Common Issues
Unsuccessful Completion of Lab: Ensure that each student successfully completes this lab

Objectives
You will complete this task in this lab:
Configure EtherChannel on the distribution switches so that the time for spanning tree to
converge after a network event is shortened, and available bandwidth is being better
utilized
Visual Objective
Visual Objective

Setup

Device
Configuration
File to Install

Common Issues

Objectives
Troubleshoot trunks and VLANs in a multi-VLAN environment
Troubleshoot spanning-tree domains
Troubleshoot STP forwarding
Visual Objective
Visual Objective

Setup

Device
Configuration
File to Install

Common Issues
Ensure that the learner detects and solves each problem configured on the switches
Wrong VTP domain name
VLANs deleted

Caution It is absolutely necessary that all of the previous multilayer switch steps have been
successfully configured and verified by the instructor before proceeding with this activity.
Objectives
Configure a Building Distribution multilayer switch for routing
Configure VLAN interfaces for IP addresses with Layer 3 routing
Reconfigure the IP addresses in your network to enable inter-VLAN routing
Verify the Campus Backbone switch configuration for routing
Verify inter-VLAN Layer 3 routing
Disable routing and verify loss of Layer 3 connectivity
Visual Objective
Visual Objective

Setup

Device
Configuration
File to Install

PC router Lab4-2 start PC Sets router to beginning of lab configuration
successful completion of the previous lab exercise. The instructor should ensure that errors
have been introduced to each learners lab.
Common Issues
Activity Objective
Configure HSRP on the router
Test HSRP on routers by simulating a failure
Test HSRP tuning enhancements using the preempt command
Troubleshoot HSRP on the routers
Visual Objective
The figure displays the topology that you will use to complete this lab.
Visual Objective

Setup

Device
Configuration
File to Install


Common Issues

Objectives
Configure VLANs on the switch
Configure DHCP on the switch
Prepare the switch for a WLAN controller and a lightweight access point
Visual Objective
WLAN Lab

Setup
The table describes how to establish the initial configuration for each piece of lab equipment.

Device
Configuration
File to Install

Wireless lab switch WSW1 WSW1-initial-
config.txt
No username should be required; only a login
password of cisco and an enable password of
cisco should be required.
Make sure that connectivity exists between
the backbone switches BBS1 and BBS2 and
the wireless lab switch WSW1. The learners
will connect from the access switch xASW#
via Telnet to the wireless lab switch WSW1.
Make sure that connectivity exists from the
classroom workstations via Telnet and web
browser to the wireless lab switch WSW1.
Wireless lab switch WSW1 WSW1-final-
config.txt
This file documents the intended configuration of
the switch for the WLAN labs.
Ensure that learners successfully prepare their lab equipment and successfully complete this lab
because it will enable successful completion of subsequent labs.
Common Issues
This lab requires that connectivity exists between the access switches of each group via
distribution and backbone switches.
This lab configures the wireless lab switch for the next lab. Make sure that VLANs and
DHCP are configured correctly.
Ensure that each learner successfully completes this lab because it is required for the proper
completion of the next lab.
Objectives
View the boot options screen and select the correct option to continue the system boot
sequence
Answer questions presented by the startup wizard
Input basic configuration information when prompted by the startup wizard
Visual Objective
WLAN Lab

Setup

Device
Configuration
File to Install

Campus Backbone
switches
None None
Building Distribution
switches
None None
Building Access switches None None
Wireless lab switch None None
Common Issues
This lab initializes the WLAN controller for the next lab. Make sure that the IP addresses
are configured correctly.
Ensure that each learner successfully completes this lab because it is required for the proper
completion of the next lab.
Sometimes the access point does not associate to the WLAN controller. This association is
required for the next lab and client connectivity for WLAN. The solution is to reboot the
access point. Using Power over Ethernet, this can done by shutting down and then
re-enabling the switch port to which the access point is connected. The procedure is
outlined in the lab guide.
Lab 6-3: Configuring the Controller via the Web
Browser
Objectives
Open the web browser and connect to the controller by entering the IP address of the
controller
Establish a controller web session to your WLAN controller
Use the controller web to monitor the WLAN controller, log in and answer questions
Use the controller web to configure a WLAN
Use the controller web to configure connectivity to the WLAN controller
Use the controller web to save configuration changes
Use the capabilities of the controller web to modify the default auto RF values
Use the controller web to check network connectivity
Visual Objective
WLAN Lab

Setup

Device
Configuration
File to Install

Campus Backbone
switches
None None
switches
None None
successful completion of the previous lab exercise. The instructor should ensure that errors
have been introduced to each learners lab.
Common Issues
This subtopic presents a common issue for this lab.
This lab requires access via web browser to the WLAN controller.
Objectives
Install the CB21AG client card
Configure the CB21AG client card
Visual Objective
WLAN Lab

Setup

Device
Configuration
File to Install

Campus Backbone
switches
None None
switches
None None
This lab is dependent on a WLAN in the classroom or remote access to a PC with a WLAN
client adapter installed.
This lab is optional.
Common Issues
There are no known issues for this lab.
Objectives
Configure access ports to carry voice traffic in 802.1Q frames
Configure CoS override for data frames on access switches
Configure voice traffic frames into the distribution layer
Configure CoS override for data frames on distribution switches
Visual Objective
Visual Objective

Setup

Device
Configuration
File to Install

Common Issues
Objectives
Correctly identify security risks
Select the correct tools to minimize the identified risks
Configure devices to prevent attacks so that the potential risk for network service
interruption or data loss is reduced
Visual Objective
Visual Objective

Setup

Device
Configuration
File to Install

Common Issues
Configuration Files Summary
This topic details the course configuration files, which provide information about the starting
condition of each lab.
Configuration Filename Comments
Core-BBS1 Core configuration for BBS1 Core router
Core-BBS2 Core configuration for BBS2 Core router

Teardown and Restoration
This topic describes how to tear down and restore the equipment that is used in the course.
If laptops are used for remote access, pack up the laptops and ensure that proper shipping is
arranged for.

Preparation for Non-Lab Activities
This topic provides the information that you need to prepare for non-lab activities:
Quizzes
Case studies
Required Resources
These resources are required to complete the non-lab activities that are provided in the course:
Quizzes: Learners provide answers to questions based on the figures provided.
Case studies: Learners provide answers to questions based on the scenarios. Learners can
be asked to present their case studies to the class.

BCMSN30CAG

Hochgeladen von

Dokumentinformationen

Originalbeschreibung:

Copyright

Verfügbare Formate

Dieses Dokument teilen

Dokument teilen oder einbetten

Freigabeoptionen

Stufen Sie dieses Dokument als nützlich ein?

Sind diese Inhalte unangemessen?

Copyright:

Verfügbare Formate

BCMSN30CAG

Hochgeladen von

Copyright:

Verfügbare Formate

BCMSN

Das könnte Ihnen auch gefallen