CCNP BCMSN Slides

Building Cisco Multilayer Switched
Networks (BCMSN) v3.0
E-TRAIN www.ciscotrain.com league.ciscotrain.com 010 82536886 010 82536887 .

Learner Skills and Knowledge
Cisco CCNA® certification

NOTE: Practical experience with deploying and operating networks
based on Cisco network devices and Cisco IOS software is strongly
recommended.

Course Goal
In this course, learners will find out how to create an
efficient and expandable enterprise network by
installing, configuring, monitoring, and
troubleshooting network infrastructure equipment
according to the Campus Infrastructure module in the
Enterprise Composite Network Model.
Building Cisco Multilayer Switched Networks

Course Flow
Day 1 Day 2 Day 3 Day 4 Day 5

Course
Introduction Implementing Implementing WLANs Configuring
Spanning Inter-VLAN Campus
A Tree Routing Switches to
M Network Support Voice
Requirements Implementing
High Minimizing
Availability Service Loss
Lunch
Defining Implementing Implementing WLANs Minimizing
VLANs Spanning High Service Loss
P Tree Availability and Data
Theft in a
M Campus
Implementing
Inter-VLAN Network
Routing

Cisco Icons and Symbols
Router Network
Cloud IP Phone
Voice-
Enabled Multilayer Switch Access Point
Router End Users
Workgroup Lightweight
Wireless
Switch Single-Radio
Router Ethernet
Access Point
PC Workgroup Autonomous
Switch: Dual-Band Wireless Link
Voice-Enabled Access Point
100BASE-T Lightweight
Laptop
Hub Dual-Band
Access Point
File Wireless LAN

Server Bridge
Controller

Cisco Career Certifications

Cisco Career Certifications
Expand Your Professional Options

and Advance Your Career
Cisco Certified Network Professional (CCNP)
Required Recommended Training Through

Expert Exam Cisco Learning Partners
CCIE 642-901 Building Scalable Cisco
BSCI Internetworks
Professional 642-812 Building Cisco Multilayer
BCMSN Switched Networks
CCNP 642-825 Implementing Secure
ISCW Converged Wide Area Networks
Associate
642-845 Optimizing Converged
ONT Cisco Networks
CCNA
http://www.cisco.com/go/certifications
Learner Introductions
• Your name
• Your
company
• Skills and
knowledge
• Brief history
• Objective

Visual Objective

Visual Objective

Visual Objective

Visual Objective

Visual Objective

WLAN Lab

Visual Objective

BCMSN 3.0 Lab Guide

Network Diagram

Quiz 1-1: Describing
the Campus
Infrastructure Module

Enterprise Composite Model
Functional Areas

Modules in the Enterprise Campus

Campus Infrastructure Module

Enterprise Composite Model
Functional Areas



Lab 1-2: Getting
Started with Cisco
Catalyst Equipment

Visual Objective

Network Diagram

Lab 2-1: Configuring
VLANs and VTP

Visual Objective

Network Diagram

Primary and Backup
Root Bridges

Visual Objective

Network Diagram

VLAN1

Primary VLAN

Alternate VLAN

Lab 3-2: Implementing
PVRST

Visual Objective

Network Diagram

Lab 3-3: Implementing MST

Visual Objective

Network Diagram

EtherChannel

Visual Objective

Network Diagram

Lab 3-5:
Troubleshooting
Spanning Tree

Visual Objective

Network Diagram

Quiz 4-1: Describing
Routing Between
VLANs

Quiz: Describing Routing Between VLANs

Lab 4-2: Routing
Between VLANs

Visual Objective

Network Diagram

Lab 5-1: Enabling and
Optimizing HSRP

Visual Objective

Network Diagram

Switches for WLANs

WLAN Lab

Lab 6-2: Setting
Up the WLAN
Controller

WLAN Lab

Cisco Bootloader (Version 3.2.78.0)
.o88b. d888888b .d8888. .o88b. .d88b.

d8P Y8 `88' 88' YP d8P Y8 .8P Y8.
8P 88 `8bo. 8P 88 88
8b 88 `Y8b. 8b 88 88
Y8b d8 .88. db 8D Y8b d8 `8b d8'
`Y88P' Y888888P `8888Y' `Y88P' `Y88P'
Model WLC2006
Booting Primary Image...
Press <ESC> now for additional boot options...
Boot Options
Please choose an option from below:
1. Run primary image (Version 3.2.78.0) (active)

2. Run backup image (Version 3.1.105.0)
3. Manually upgrade primary image
4. Change active boot image
5. Clear Configuration
Please enter your choice:_

the Controller via the
Web Browser

WLAN Lab

Security Alert Dialog Box

Enter Network Password

Monitor Summary

a Wireless Client
(Optional)

Profile Management

Profile Management: Security

Profile Management: Advanced

Profile Management Tab

Current Status Tab

Advanced Status

Diagnostics Tab

Troubleshooting Report

IP Telephony Support

Visual Objective

Network Diagram

Visual Objective

Case Study 8-2: Using
Security Tools to
Secure Devices in the
Campus

Nettown Library

Lab 8-3: Applying
Security Tools

Visual Objective

Network Diagram

Network Requirements
Introducing Campus Networks

Intelligent Information Network
• Intelligent Information Network (IIN) integrates networked

resources and information assets.
• IIN extends intelligence across multiple products and
infrastructure layers.
• IIN actively participates in the delivery of services and
applications.
• Three phases in building an IIN are:
– Integrated transport
– Integrated services
– Integrated applications

Cisco SONA Framework
• The Cisco Service-Oriented Network Architecture (SONA) is

an architectural framework.
• SONA brings several advantages to enterprises:
– Outlines how enterprises can evolve toward the IIN
– Illustrates how to build integrated systems across a fully
converged intelligent network
– Improves flexibility and increases efficiency

Cisco SONA Framework Layers

Cisco Enterprise Architecture

Nonhierarchical Network Devices
• Large collision domain

• Large broadcast domain
• High latency
• Difficult to troubleshoot

Layer 2 Switching
• Hardware-based bridging
• Wire-speed performance
• Collision domain per port
• Traffic containment based on
MAC address
Issues
• No traffic between VLANs
• Unbounded broadcast domain
• Servers not centrally located

Layer 3 Routing
• Single broadcast domain per

interface
• ACLs can be applied between
segments
Issues
• High per-port cost
• Layer 3 processing required
• High latency over Layer 2 switching

Multilayer Switching
• Combined functionality
– Layer 2 switching
• Low latency
• High-speed
scalability

Issues with Multilayer Switches
in a Nonhierarchical Network
• Single point of failure

for Layer 2 and Layer 3
• Underutilization of
hardware
• Spanning tree
complexity
• Servers
not centrally
located

Hierarchical Campus Model

ECNM Functional Areas

Enterprise Composite Network Model



Switch Configuration Interfaces
• Two interfaces are used to configure Cisco Catalyst

switches:
– Cisco Catalyst software
– Cisco IOS
• Cisco Catalyst software was traditionally used to configure
Layer 2 parameters on the modular switches:
– Cisco Catalyst 4000, 5500, 6500 Series
– These switches now support Cisco IOS (native IOS)
• Cisco IOS software is standard for most other switches and
for Layer 3 configuration on the modular switches.

Cisco Catalyst Software
• Cisco Catalyst software is used to

configure Layer 2 parameters.
• Cisco Catalyst software
configuration commands are
prefaced with the keyword set.
– Console(enable) set port
enable 3/5
• Layer 3 configuration is
implemented on MSFC with the
Cisco IOS interface. Cisco Catalyst 4000, 5500,
and 6500 switches
• Some platforms can now use the
Cisco IOS interface to configure
both Layer 2 and Layer 3
(native IOS).

Cisco IOS Interface
On most Catalyst switches, Cisco IOS interface is

standard for
• Layer 2 configuration
• Layer 3 configuration
on multilayer switch

Summary
• The SONA framework guides the evolution of the enterprise

network toward IIN.
• Cisco enterprise architecture with a hierarchical network
model facilitates the deployment of converged networks.
• Nonhierarchical network designs do not scale and do not
provide the required security necessary in a modern
topology.
• Layer 2 networks do not provide adequate security or
hierarchical networking.
• Router-based networks provide greater security and
hierarchical networking; however, they can introduce latency
issues.

Summary (Cont.)
• Multilayer switches combine both Layer 2 and Layer 3

functionality to support the modern campus network
topology.
• Multilayer switches can be used in nonhierarchical networks;
however, they will not perform at the optimal level.
• The enterprise composite model identifies the key
components and logical design for a modern topology.
• Implementation of an ECNM provides a secure, robust
network with high availability.
• The Campus infrastructure, as part of an ECNM, provides
additional security and high availability at all levels of the
campus.
• The two Cisco Catalyst switch interfaces have different
features and different font.

Defining VLANs
Implementing Best Practices for VLAN

Topologies

Issues in a Poorly Designed Network
• Unbounded failure
domains
• Large broadcast domains
• Large amount of
unknown MAC unicast
traffic
• Unbounded multicast
traffic
• Management and
support challenges
• Possible security
vulnerabilities

Scalable Network Addressing
IT, Human Resources Sales, Marketing Finance, Accounting
• Allocate IP address spaces in contiguous blocks.

• Allocate one IP subnet per VLAN.

Interconnection Technologies
Technology Use
Fast Ethernet Connects end-user
devices to the access
layer switch
Gigabit Access to distribution
Ethernet switch, high-use servers
10-Gigabit High-speed switch to

Ethernet switch links, backbones
EtherChannel High-speed switch to

switch links, backbones
with redundancy

Determining Equipment and Cabling Needs
Each link provides

adequate bandwidth for
traffic aggregating over
that link.

VLANs and the Logical Network

Network Traffic Types
Traffic types to consider:

• Network management
• IP telephony
• Multicast
• Normal data
• Scavenger class

Traffic Path for IP Telephony
Consider complete traffic path when placing equipment and

configuring VLANs.
Traffic Path for IP Multicast
Consider complete traffic path when placing equipment and

configuring VLANs.
Summary
• Poorly designed networks can lead to large broadcast

domains.
• A hierarchical IP addressing scheme scales well in the Campus
Infrastructure module.
• The interconnection technology used depends on the amount
of traffic the link must carry.
• Select the best equipment, cabling, and interconnection
technologies to connect devices.
• VLANs should map to the IP hierarchy for the Campus
Infrastructure module.
• Separate voice and data VLANs are recommended.

Defining VLANs
Implementing VLANs

What Is an End-to-End VLAN?
• Users are grouped into VLANs independent of physical

location.
• If users are moved within the campus, their VLAN
membership remains the same.
What Is a Local VLAN?
Local VLANs are generally confined to a wiring closet.

Benefits of Local VLANs in the ECNM
• Deterministic traffic flow

• Active redundant paths
• High availability
• Finite failure domain
• Scalable design

VLAN Configuration Modes
Global Mode
Switch# configure terminal

Switch(config)# vlan 3
Switch(config-vlan)# name Vlan3
Switch(config-vlan)# exit
Switch(config)# end

VLAN Configuration Modes
Database Mode
Switch# vlan database

Switch(vlan)# vlan 3
VLAN 3 added:
Name: VLAN0003
Switch(vlan)# exit
APPLY completed.
Exiting....

VLAN Access Ports
The access switch port associated with a single data VLAN

VLAN Implementation Commands
Configuring VLANs
• vlan 101
• switchport mode access
• switchport access vlan 101
Verifying VLANs
• show interfaces
• show vlan

How to Implement a VLAN
• Create or configure a VLAN.

• Verify VLAN configuration.
• Associate switch ports with
the VLAN.
• Verify switch port
configuration.
• Test VLAN connectivity.
• Implement VLAN and switch
security.

Configuring an Access VLAN
Switch(config)# vlan vlan_id
Create a VLAN.
Switch(config-vlan)# name vlan_name
Provide a VLAN name.
Switch(config-if)# switchport mode access
Place the switch port into access mode.
Switch(config-if)# switchport access vlan vlan_id
Associate the access switch port with a VLAN.

Verifying the Access VLAN Configuration
Switch#show vlan
VLAN Name Status Ports

---- -------------------------------- --------- ---------------------------
1 default active Fa0/1, Fa0/2, Fa0/3, Fa0/4
Fa0/5, Fa0/7, Fa0/9
11 asw11_data active
12 asw12_data active
95 VLAN0095 active Fa0/8
99 Trunk_Native active
100 Internal_Access active
111 voice-for-group-11 active
112 voice-for-group-12 active
1002 fddi-default act/unsup
1003 token-ring-default act/unsup
1004 fddinet-default act/unsup
1005 trnet-default act/unsup
VLAN Type SAID MTU Parent RingNo BridgeNo Stp BrdgMode Trans1
----- ---------- ----- ------ ------ -------- ---- -------- ------
1 enet 100001 1500 - - - - - 0
11 enet 100011 1500 - - - - - 0
. . . . .
. . . .
. . .

Summary
• An end-to-end VLAN is geographically dispersed throughout

the network.
• Local VLANs should be created with physical boundaries in
mind.
• VLANs solve issues that arise in a Layer 2 switched network.
• VLANs can be configured globally or in VLAN
database mode.
• An access switch port is associated with one VLAN.
• Cisco provides a series of commands to configure a VLAN
and verify configuration on an access switch.
• A series of ordered steps should be followed to implement
a VLAN.

Defining VLANs
Implementing Trunks

Maintaining Specific VLAN Identification
• Specifically developed for multi-VLAN interswitch

communications
• Places a unique identifier in each frame
• Functions at Layer 2

VLAN Trunking

Comparing ISL and 802.1Q
ISL 802.1Q
Proprietary Nonproprietary
Encapsulated Tagged
Protocol independent Protocol dependent

Encapsulates the old Adds a field to
frame in a new frame the frame header

Trunking with ISL
• Is a Cisco proprietary
protocol
• Supports PVST
• Uses an encapsulation
process
• Does not modify the
original frame

ISL Encapsulation

Trunking with 802.1Q
• An IEEE standard
• Adds a 4-byte tag to
the original frame
• Additional tag
includes a priority
field
• Does not tag frames
that belong to the
native VLAN
• Supports Cisco IP
telephony

The 802.1Q Tagging Process

802.1Q Native VLAN
Native VLAN frames are carried over the trunk link untagged.
VLAN Ranges
VLAN Range Use
0, 4095 Reserved for system use only

1 Cisco default
2–1001 For Ethernet VLANs
1002–1005 Cisco defaults for FDDI and Token Ring
Ethernet VLANs only, unusable on specific

1006–4094
legacy platforms

Trunking Configuration Commands
• Trunks can be configured statically or via DTP.

• DTP provides the ability to negotiate the trunking method.
Configuring a Trunk
• switchport trunk
• switchport mode
• switchport nonegotiate

Switchport Mode Interactions
Dynamic Dynamic
Trunk Access
Auto Desirable
Dynamic
Access Trunk Trunk Access
Auto
Dynamic
Trunk Trunk Trunk Access
Desirable
Not
Trunk Trunk Trunk Trunk
recommended
Not
Access Access Access Access
recommended
Note: Table assumes DTP is enabled at both ends.

• show dtp interface – to determine current setting

How to Configure Trunking
1. Enter interface configuration mode.

2. Shut down interface.
3. Select the encapsulation (802.1Q or ISL).
4. Configure the interface as a Layer 2 trunk.
5. Specify the trunking native VLAN (for 802.1Q).
6. Configure the allowable VLANs for this trunk.
7. Use the no shutdown command on the interface to
activate the trunking process.
8. Verify the trunk configuration.

802.1Q Trunk Configuration
Switch(config)#interface fastethernet 5/8

Switch(config-if)#shutdown
Switch(config-if)#switchport trunk encapsulation dot1q
Switch(config-if)#switchport trunk allowed vlan 1,5,11,1002-1005
Switch(config-if)#switchport mode trunk
Switch(config-if)#switchport trunk native vlan 99
Switch(config-if)#switchport nonegotiate
Switch(config-if)#no shutdown

Verifying the 802.1Q Configuration
Switch#show running-config interface {fastethernet |

gigabitethernet} slot/port
Switch#show interfaces [fastethernet | gigabitethernet] slot/port

[ switchport | trunk ]
Switch#show interfaces fastEthernet 5/8 switchport

Name: fa5/8
Switchport: Enabled
Administrative Mode: trunk
Operational Mode: trunk
Administrative Trunking Encapsulation: dot1q
Operational Trunking Encapsulation: dot1q
Negotiation of Trunking: Off
Access Mode VLAN: 1 (default)
Trunking Native Mode VLAN: 99 (trunk_only)
Trunking VLANs Enabled: 1,5,11,1002-1005
Pruning VLANs Enabled: 2-1001
. . .

Verifying a 802.1Q Dynamic Trunk Link
Switch#show running-config interface fastethernet 5/8

Building configuration...
Current configuration:
!
interface FastEthernet5/8
switchport mode dynamic desirable
switchport trunk encapsulation dot1q
Switch#show interfaces fastethernet 5/8 trunk
Port Mode Encapsulation Status Native vlan

Fa5/8 desirable 802.1q trunking 99
Port Vlans allowed on trunk

Fa5/8 1,5,11,1002-1005
Port Vlans allowed and active in management domain

Fa5/8 1,5,1002-1005
Port Vlans in spanning tree forwarding state and not pruned

Fa5/8 1,5,1002-1005

ISL Trunk Configuration
Switch(config)#interface fastethernet 2/1

Switch(config-if)#shutdown
Switch(config-if)#switchport trunk encapsulation isl
Switch(config-if)#switchport trunk allowed vlan 1-5,1002-1005
Switch(config-if)#switchport mode trunk
Switch(config-if)#switchport nonegotiate
Switch(config-if)#no shutdown

Verifying ISL Trunking
Switch#show running-config interface {fastethernet |
gigabitethernet} slot/port
Switch#show interfaces [fastethernet | gigabitethernet] slot/port

[ switchport | trunk ]
Switch#show interfaces fastethernet 2/1 trunk
Port Mode Encapsulation Status Native VLAN

Fa2/1 trunk isl trunking 99
Port VLANs allowed on trunk

Fa2/1 1-5,1002-1005
Port VLANs allowed and active in management domain

Fa2/1 1-2,1002-1005
Port VLANs in spanning tree forwarding state and not pruned

Fa2/1 1-2,1002-1005

Summary
• Trunk links carry traffic from multiple VLANs.

• ISL is Cisco proprietary and encapsulates the Layer 2 frames.
• 802.1Q is an IEEE standard for trunking, which implements a
4-byte tag.
• The 802.1Q native VLANs forward frames without the tag.
• VLAN numbers have specific ranges and purposes.
• Various commands are used to configure and verify ISL and
802.1Q trunk links.
• Allow only required VLANs over the trunk.

Defining VLANs
Propagating VLAN Configurations with VTP

The VTP Domain
• Group of switches that exchange VLAN information

• VLANs administered centrally at a chosen switch

The VTP Protocol
• Advertises VLAN configuration information

• Maintains VLAN configuration consistency throughout a
common administrative domain
• Sends advertisements on trunk ports only

VTP Modes
Server (default mode)

• Creates, modifies, and deletes VLANs
• Sends and forwards advertisements
• Synchronizes VLAN configurations
• Saves configuration in NVRAM
Client
• Cannot create, change, Transparent
or delete VLANs
• Creates, modifies, and deletes local VLANs
• Forwards advertisements
• Forwards advertisements
• Synchronizes VLAN
• Does not synchronize VLAN configurations
configurations
• Saves configuration in NVRAM
• Does not save in
NVRAM

VTP Pruning
• Uses bandwidth more efficiently by reducing unnecessary

flooded traffic
• Example: Station A sends broadcast; broadcast flooded only
toward any switch with ports assigned to the red VLAN
Pruning Disabled Pruning Enabled

VTP Operation
• VTP advertisements are sent as multicast frames.
• VTP servers and clients are synchronized to the latest revision number.
• VTP advertisements are sent every 5 minutes or when there is a change.

VTP Configuration Commands
Configuring VTP
• vtp domain
• vtp mode
• vtp password
Verifying VTP
• show vtp status
• show vtp counters

Configuring a VTP Management Domain
Configure each switch in the following order to avoid

dynamic learning of the domain name:
• VTP password
• VTP domain name (case sensitive)
• VTP mode (server mode is the default)

Configuring and Verifying VTP
Switch#show vlan brief
• Displays a list of current VLANs
Switch(config)#vtp password password_string

• Sets the VTP password
Switch(config)#vtp domain domain_name
• Sets the VTP domain name
Switch(config)#vtp mode
• Sets the VTP mode to server, client, or transparent
Switch# show vtp status

• Displays the current settings for VTP
Verifying the VTP Configuration
Switch#show vtp status
Switch#show vtp status
VTP Version : 2
Configuration Revision : 28
Maximum VLANs supported locally : 1005
Number of existing VLANs : 17
VTP Operating Mode : Client
VTP Domain Name : BCMSN
VTP Pruning Mode : Enabled
VTP V2 Mode : Disabled
VTP Traps Generation : Disabled
MD5 digest : 0x45 0x52 0xB6 0xFD 0x63 0xC8 0x49 0x80
Configuration last modified by 10.1.1.1 at 8-12-05 15:04:49
Switch#

Verifying the VTP Configuration (Cont.)
Switch#show vtp counters
Switch#show vtp counters
VTP statistics:
Summary advertisements received : 7
Subset advertisements received : 5
Request advertisements received : 0
Summary advertisements transmitted : 997
Subset advertisements transmitted : 13
Request advertisements transmitted : 3
Number of config revision errors : 0
Number of config digest errors : 0
Number of V1 summary errors : 0
VTP pruning statistics:

Trunk Join Transmitted Join Received Summary advts received from
non-pruning-capable device
---------------- ---------------- ---------------- ---------------------------
Fa5/8 43071 42766 5

Adding a Switch to an Existing VTP Domain
Ensure a new switch has VTP revision 0 before adding it

to a network.
Summary
• Switches in a VTP domain share VLAN information.

• VTP advertises VLAN information.
• VTP operates in one of three modes: server, client, or
transparent.
• VTP Pruning uses available bandwidth more efficiently.
• VTP uses a specific process to distribute and synchronize
VLAN information between switches.
• Various commands are used to configure and verify VTP
operation on a switch.
• VTP commands should be applied in a particular order.
• Specific steps should be followed when adding a new switch
to an existing VTP domain.

Defining VLANs
Correcting Common VLAN Configuration

Errors

Issues with 802.1Q Native VLAN
• Native VLAN frames are carried over the trunk link untagged.
• A native VLAN mismatch will merge traffic between VLANs.

802.1Q Native VLAN Considerations
• Native VLAN must match at ends of trunk; otherwise, frames will

“leak” from one VLAN to another.
• By default, the native VLAN will be VLAN1.
– Avoid using VLAN1 for management purposes.
• Eliminate native VLANs from 802.1Q trunks by making the native
VLAN an “unused” VLAN.

Explaining Trunk Link Problems
• Trunks can be configured statically or autonegotiated with DTP.

• For trunking to be autonegotiated, the switches must be in the same
VTP domain.
• Some trunk configuration combinations will successfully configure
a trunk, some will not.
• Will any of the above combinations result in an operational trunk?

Resolving Trunk Link Problems
• When using DTP, ensure that both ends of the link are in the
same VTP domain.
• Ensure that the trunk encapsulation type configured on both
ends of the link is valid.
• On links where trunking is not required, DTP should be
turned off.
• Best practice is to configure trunk and nonegotiate where
trunks are required.

Common Problems with VTP Configuration
• Updates not received as expected

– VTP domain and password
must match.
• Missing VLANs
– Configuration has been
overwritten by another VTP
device.
• Too many VLANs

– Consider making VTP domain
smaller.

Example of New Switch Overwriting
an Existing VTP Domain
New switch not connected
VTP Version :2
Configuration Revision :2
Number of existing VLANs :7
VTP Domain Name : building1
VTP Version :2
VTP Operating Mode : Server

Example of New Switch Overwriting an
Existing VTP Domain (Cont.)
New switch connected
VTP Version :2
VTP Version :2
VTP Operating Mode : Server

Implementing VTP in the ECNM
• Plan VTP domain boundaries.

• Have only one or two VTP servers.
• Configure a VTP password.
• Manually configure the VTP domain name on all devices.
• When setting up a new domain:
– Configure VTP client switches first so that they participate
passively.
• When cleaning up an existing VTP domain:
– Configure passwords on servers first because clients may
need to maintain current VLAN information until the server
is verified as complete.

Summary
• 802.1Q native VLAN can cause security issues.

• Configure the native VLAN to be an “unused” VLAN.
• Some trunk link configuration combinations can result in
problems on the link.
• Best practice is to configure trunks statically rather than
with DTP.
• Misconfiguration of VTP can give unexpected results.
• Make only one or two VTP servers; keep the remainder as
clients.

Module Summary
• A poorly designed network leads to large broadcast domains.

• Global configuration mode is the preferred way of creating
and managing VLANs.
• Multiple VLANs can be carried on a single access to
distribution link by configuring VLAN trunking.
• VLAN configuration information can be sent between
switches using VTP.
• VLAN configuration issues can lead to unexpected
communication problems.

Implementing Spanning Tree
Describing the STP

Transparent Bridging
A switch has the same characteristics as a transparent bridge.

What Is a Bridge Loop?
Bridge loops can occur any time there is a redundant path or loop
in the bridge network.
Preventing Bridge Loops
Bridge loops can be prevented by disabling the redundant path.

802.1D STP
• Configured root switch

• Redundant switch links
• Optimal path selection

Bridge Protocol Data Unit
BPDUs provide for the exchange of information between switches.

The STP Root Bridge
• Reference point
• One root per VLAN
• Maintains topology
• Propagates timers

Root Bridge Selection Criteria

Extended System ID in Bridge ID Field
Bridge ID
Without the
Extended
System ID
Bridge ID with
the Extended
System ID

802.1D 16-bit Bridge Priority Field Using the
Extended System ID
• Only four high-order

bits of the 16-bit Bridge 215 4 bits 12 bits 20
Priority field carry
actual priority. Priority VLAN Number
• Therefore, priority can

be incremented only in
Priority Values (Hex) Priority Values (Dec)
steps of 4096, onto 0 0
which will be added the 1 4096
VLAN number. 2 8192
. .
• Example: . .
For VLAN 11: If the 8 (default) 32768
priority is left at default, . .
the 16-bit Priority field . .
will hold 32768 + 11 = F 61440
32779.

Configuring the Root Bridge
Switch(config)#spanning-tree vlan 1 root primary
• This command forces this switch to be the root.

Switch(config)#spanning-tree vlan 1 root secondary
• This command configures this switch to be the secondary root.
Or
Switch(config)#spanning-tree vlan 1 priority priority
• This command statically configures the priority (in increments

of 4096).

Root Bridge Selection
Which switch has the lowest bridge ID?

Spanning Tree Operation
• One root bridge

per network
• One root port per
nonroot bridge
• One designated
port per segment
• Nondesignated
ports are blocking

Spanning Tree Port States
Spanning tree transitions each port through several
different states.

Local Switch Root Port Election

Spanning Tree Path Cost
Link Speed Cost (Revised IEEE Spec) Cost (Previous IEEE Spec)
10 Gbps 2 1
1 Gbps 4 1
100 Mbps 19 10
10 Mbps 100 100

Spanning Tree Protocol
Root Port Selection
• SW X is the root bridge.

• SW Y needs to elect a root port.
• Which port is the root port on SW Y?
• Fast Ethernet total cost = 0 + 19.
• Ethernet total cost = 0 + 100.

STP Designated Port Selection
• Switch X is the root bridge.

• All ports on the root bridge are designated ports because they
have a path cost of 0.
• Because the Ethernet segment has a path cost of 100, switch Y
will block on that port.
• Do all segments have a designated port?

Example: Layer 2 Topology Negotiation

Enhancements to STP
• PortFast
• Per VLAN Spanning Tree+ (PVST+)
• Rapid Spanning Tree Protocol (RSTP)
• Multiple Spanning Tree Protocol (MSTP)
– MSTP is also known as Multi-Instance Spanning Tree
Protocol (MISTP) on Cisco Catalyst 6500 switches and
above
• Per VLAN Rapid Spanning Tree (PVRST)

Describing PortFast

Configuring PortFast
Configuring
• spanning-tree portfast (interface command)
or
• spanning-tree portfast default (global command)
– enables PortFast on all nontrunking ports
Verifying
• show running-config interface fastethernet 1/1

IEEE Documents
• IEEE 802.1D - Media Access Control (MAC) bridges

• IEEE 802.1Q - Virtual Bridged Local Area Networks
• IEEE 802.1w - Rapid Reconfiguration (Supp. to 802.1D)
• IEEE 802.1s - Multiple Spanning Tree (Supp. to 802.1Q)
• IEEE 802.1t - Local and Metropolitan Area Network:
Common Specifications

Summary
• Transparent bridges require no client configuration.

• A bridge loop may occur when there are redundant paths
between switches.
• A loop free network eliminates redundant paths between
switches.
• The 802.1D protocol establishes a loop-free network.
• The root bridge is a reference point for STP.
• Each STP port will host a specific port role.
• Enhancements now enable STP to converge more quickly
and run more efficiently.

Implementing RSTP

Rapid Spanning Tree Protocol

RSTP Port States

RSTP Port Roles

What Are Edge Ports?
• Will never have a switch connected to it

• Immediately transitions to forwarding
• Functions similarly to PortFast
• Configured by issuing the spanning-tree portfast command

RSTP Link Types

RSTP BPDU Flag Byte Use

RSTP Proposal and Agreement Process

Downstream RSTP Proposal and
Agreement
• Root and switch A synchronize.

• Ports on A come out of sync.
• Proposal or agreement takes
place between A and B.

RSTP Topology Change Mechanism

PVRST Implementation Commands
Configuring
• spanning-tree mode rapid-pvst
Verifying
• show spanning-tree vlan 101
Debugging
• debug spanning-tree

How to Implement Rapid PVRST

Verifying PVRST
Switch# show spanning-tree vlan 30
VLAN0030
Spanning tree enabled protocol rstp
Root ID Priority 24606
Address 00d0.047b.2800
This bridge is the root
Hello Time 2 sec Max Age 20 sec Forward Delay 15
sec
Bridge ID Priority 24606 (priority 24576 sys-id-ext
30)
Address 00d0.047b.2800
Hello Time 2 sec Max Age 20 sec Forward Delay 15
sec
Aging Time 300
Interface Role Sts Cost Prio.Nbr Type
-------- ----- --- --- -------- ----
Gi1/1 Desg FWD 4 128.1 P2p
Gi1/2 Desg FWD 4 128.2 P2p
Gi5/1 Desg FWD 4 128.257 P2p
Display spanning tree mode is set to PVRST.

Summary
• RSTP provides faster convergence than 802.1D STP when topology

changes occur.
• RSTP defines three port states: discarding, listening, and
forwarding.
• RSTP defines five port roles: root, designated, alternate, backup,
and disabled.
• Edge ports forward while topology changes occur.
• RSTP makes use of two link types–P2P and shared.
• 802.1w uses the BPDU differently from 802.1D.
• Convergence results from the proposal and agreement process
conducted switch by switch.
• The RSTP topology change notification process differs from 802.1D.
• Various commands are used to configure and verify PVRST.
• PVRST enables RSTP while still maintaining PVST.

Implementing MSTP

Multiple Spanning Tree Protocol
Instance 1 maps to VLANs 1–500

Instance 2 maps to VLANs 501–1000

MST Regions
MST configuration on each switch:

• Name
• Revision number
• VLAN association table

Extended System ID in Bridge ID Field

Interacting Between MST Regions
and 802.1D

Configuring MSTP
Switch(config)#spanning-tree mst configuration
• Enters MST configuration submode

Switch(config-mst)#name name
• Sets the MST region name

Switch(config-mst)#revision rev_num
• Sets the MST configuration revision number

Switch(config-mst)#instance inst vlan range
• Maps the VLANs to an MST instance

Switch(config-mst)#spanning-tree mst instance_number root
primary|secondary
• Establishes primary and secondary roots for MST instance

Verifying MSTP
Switch#show spanning-tree mst configuration
• Displays MSTP configuration information
Switch#show spanning-tree mst configuration

Name [cisco]
Revision 1
Instance Vlans mapped
-------- ---------------------------------------------------------------------
0 11-4094
1 1-10
-------------------------------------------------------------------------------

Verifying MSTP (Cont.)
Switch#show spanning-tree mst instance_number
• Displays configuration information for a specific MSTP instance
Switch#show spanning-tree mst 1
###### MST01 vlans mapped: 1-10

Bridge address 00d0.00b8.1400 priority 32769 (32768 sysid 1)
Root this switch for MST01
Interface Role Sts Cost Prio.Nbr Status

---------------- ---- --- --------- -------- --------------------------------
Fa4/4 Back BLK 1000 240.196 P2p
Fa4/5 Desg FWD 200000 128.197 P2p
Fa4/48 Boun FWD 200000 128.240 P2p Bound(STP)
Switch#clear spanning-tree detected-protocols [interface interface-id]
• Forces renegotiation with neighboring switches during migration process

Summary
• MSTP reduces the encumbrance of PVST by allowing a

single instance of spanning tree to run for multiple VLANs.
• An MST region is a group of MSTP switches that appears as
a single virtual bridge to adjacent CST and MSTP regions.
• Extended system ID ensures that VLAN ID or MSTP instance
can be carried in the Bridge ID field of a BPDU.
• An MSTP region requires an IST and an arbitrary number of
MSTP instances as it connects to an 802.1Q network at the
MST region border.
• MSTP is configured with a unique set of commands.
• MSTP implementation requires configuration and verification
using specific configuration and show commands.

Configuring Link Aggregation with EtherChannel

EtherChannel
• Logical aggregation of
similar links
• Load balances
• Viewed as one logical port
• Redundancy

Dynamic Trunk Negotiation Protocols
PAgP
• Cisco proprietary
LACP
• IEEE 802.3ad standard

About EtherChannel Configuration
Commands
Configure PAgP
• interface port-channel {channel-group-number}
• channel-protocol pagp
• channel-group 1 mode {mode}
Verify
• show interfaces fastethernet 0/1 etherchannel
• show etherchannel 1 port-channel
• show etherchannel 1 summary

Configuring Layer 2 EtherChannel
Switch(config)#interface range interface slot/port - port
• Specifies the interfaces to configure in the bundle

Switch(config-if-range)#channel-protocol {pagp | lacp}
• Specifies the channel protocol—either PAgP or LACP
Switch(config-if-range)#channel-group number mode {active

| on | auto | desirable | passive}
• Creates the port-channel interface and places the interfaces as

members

Configuring Layer 3 EtherChannel
Switch(config)#interface port-channel port-channel-number
• Creates a port-channel interface

Switch(config-if)#no switchport
Switch(config-if)#ip address address mask
• Specifies L3 and assigns an IP address and subnet mask to the

EtherChannel
Switch(config)#interface interface slot/port
• Specifies an interface to configure

Switch(config-if)#channel-group number mode {auto |
desirable | on}
• Configures the interface as L3 and specifies the port channel

and the PAgP mode

Verifying EtherChannel
Switch#show running-config interface port-channel num
• Displays port-channel information

Switch#show running-config interface interface x/y
• Displays interface information
Switch#show run interface port-channel 1 Switch#show run interface gig 0/9

Building configuration... Building configuration...
Current configuration : 66 bytes Current configuration : 127 bytes

! !
interface Port-channel1 interface GigabitEthernet 0/9
switchport mode dynamic desirable switchport mode dynamic desirable
end channel-group 2 mode desirable
channel-protocol pagp
end

Verifying EtherChannel (Cont.)
Switch#show interfaces gigabitethernet 0/9 etherchannel
Port state = Up Mstr In-Bndl
Channel group = 1 Mode = Desirable-Sl Gcchange = 0
Port-channel = Po2 GC = 0x00020001 Pseudo port-channel = Po1
Port index = 0 Load = 0x00
Flags: S - Device is sending Slow hello. C - Device is in Consistent state.

A - Device is in Auto mode. P - Device learns on physical port.
d - PAgP is down.
Timers: H - Hello timer is running. Q - Quit timer is running.
S - Switching timer is running. I - Interface timer is running.
Local information:
Hello Partner PAgP Learning Group
Port Flags State Timers Interval Count Priority Method Ifindex
Gi0/9 SC U6/S7 H 30s 1 128 Any 15
Partner's information:
Partner Partner Partner Partner Group

Port Name Device ID Port Age Flags Cap.
Gi0/9 DSW122 0005.313e.4780 Gi0/9 18s SC 20001
Age of the port in the current state: 00d:20h:00m:49s

Guidelines for Configuring EtherChannel

Guidelines for Configuring EtherChannel
(Cont.)

EtherChannel Guidelines
Switch#show run
description DSW121 0/9-10 - DSW122 0/9-10
switchport trunk allowed vlan 1,21-28
switchport mode trunk
switchport nonegotiate
duplex full
speed 100
channel-group 2 mode desirable
!
description DSW121 0/9-10 - DSW122 0/9-10
switchport trunk allowed vlan 1,21-28
switchport mode trunk
switchport nonegotiate
duplex full
speed 100
channel-group 2 mode desirable

EtherChannel Load Balancing
Switch(config)# port-channel load-balance src-mac

Configuring EtherChannel Load Balancing
Switch(config)#port-channel load-balance type

• Configures EtherChannel load balancing
Switch#show etherchannel load-balance

Source XOR Destination IP address

Summary
• EtherChannel increases bandwidth and provides redundancy

by aggregating individual links between switches.
• EtherChannel can be dynamically configured between
switches using either PAgP or LACP.
• Etherchannel is configured and verified using a variety of
show commands.
• Best practices should be followed for EtherChannel
configuration.
• EtherChannel load balances traffic over all the links in the
bundle.

Module Summary
• STP protects the network from Layer 2 frames that might

loop.
• Through the use of specific port states, port roles, and link
types, RSTP quickly adapts to network topology transitions.
• MSTP reduces the burden of excessive STP traffic and
CPU processing.
• EtherChannel adds redundancy and creates high-bandwidth
connections between switches.

Implementing Inter-VLAN Routing
Describing Routing Between VLANs

Inter-VLAN Routing with External Router
• Single trunk link carries traffic for multiple VLANs to and

from router.

Inter-VLAN Routing
External Router Configuration Commands
Configure on subinterface
• encapsulation dot1Q (or isl) 10
• ip address 10.10.1.1 255.255.255.0
Verify
• show vlan 10
• show ip route

Inter-VLAN Routing on External Router:
802.1Q Trunk Link

Inter-VLAN Routing on External Router:
ISL Trunk Link

Verifying Inter-VLAN Routing
The ping command tests connectivity to remote hosts.

Verifying the Inter-VLAN Routing
Configuration
Router#show vlan
• Displays the current IP configuration per VLAN
Router#show ip route
• Displays IP route table information
Router#show ip interface brief
• Displays IP address on interfaces and current state of interface

Explaining Multilayer Switching

Layer 2 Switch Forwarding Process

Logical Packet Flow for a
Multilayer Switch

IP Unicast Frame and Packet Rewrite
Incoming IP Unicast Packet
Rewritten IP Unicast Packet

CAM Table
• Requires an exact
match on all bits
• Matching is a binary
operation: 0 or 1
• Provides very high-
speed lookups

TCAM Table
• Matches only significant

values
• Matches based on three
values: 0, 1, or X (either)
• Masks used to wildcard some
content fields

Summary
• A router on a stick can be used to route between VLANs

using either ISL or 802.1Q as the trunking protocol.
• A router on a stick requires subinterfaces, one for
each VLAN.
• Verify inter-VLAN routing by generating IP packets between
two subnets.
• Multilayer switches can forward traffic at both Layer 2 and
Layer 3.
• Multilayer switches rewrite the Layer 2 and Layer 3 header
using tables held in hardware.

Enabling Routing Between VLANs on a

Multilayer Switch

Layer 3 SVI

SVI on a Multilayer Switch
Configure
• ip routing
• interface vlan 10
– ip address 10.1.1.1 255.255.255.0
• router eigrp 50
– network 10.0.0.0
Verify
• show ip route

Configuring Inter-VLAN Routing
Through an SVI
Step 1 : Configure IP routing.
Switch(config)#ip routing
Step 2 : Create an SVI interface.

Switch(config)#interface vlan vlan-id
Step 3 : Assign an IP address to the SVI.

Switch(config-if)#ip address ip-address mask
Step 4 : Configure the IP routing protocol if needed.
Switch(config)#router ip_routing_protocol <options>

Routed Ports on a Multilayer Switch (Cont.)

Routed Ports on a Multilayer Switch
• Physical switch port with Layer 3 capability

• Not associated with a VLAN
• Requires removal of Layer 2 port functionality
Configure
• ip routing
• interface fa0/1
– no switchport
– ip address 10.3.3.1 255.255.255.0
• router eigrp 50
– network 10.0.0.0

Configuring a Routed Port
Step 1 : Configure IP routing.
Switch(config)#ip routing
Step 2 : Create a routed port.

Step 3 : Assign an IP address to the routed port.

Switch(config-if)#ip address ip-address mask
Step 4 : Configure the IP routing protocol if needed.
Switch(config)#router ip_routing_protocol <options>

Summary
• SVI is a VLAN of switch ports represented by one interface to

the routing system.
• Specific commands are used to configure and verify routing
on multilayer switch interfaces.
• The interface vlan command creates the SVI.
• A routed port has Layer 3 attributes.
• A routed port requires the removal of Layer 2 port
functionality with the no switchport command.
• To receive dynamic updates, a routing protocol is required.

Deploying CEF-Based Multilayer Switching

Layer 3 Switch Processing
In Layer 3 switches, the

control path and data path
are relatively independent.
• The control path code,
such as routing
protocols, runs on the
route processor.
• Data packets are
forwarded by the
switching fabric.

Layer 3 Switch Processing (Cont.)
Layer 3 switching can occur at two different locations

on the switch.
• Centralized switching: Switching decisions are made on the
route processor by a central forwarding table.
• Distributed switching: Switching decisions can be made on a
port or line-card level.
Layer 3 switching takes place using one of these two
methods:
• Route caching: A Layer 3 route cache is built in hardware as
the switch sees traffic flow into the switch.
• Topology-based switching: Information from the routing
table is used to populate the route cache, regardless
of traffic.

CEF-Based Multilayer Switches
• CEF caches routing information in the FIB table

and Layer 2 next-hop addresses in the adjacency
table.

Multilayer Switch Packet Forwarding Process
• Some IP packets cannot be

processed in hardware.
• If an IP packet cannot be
processed in hardware, it is
processed by the Layer 3
engine.

CEF-Based MLS Lookups
1. Layer 3 packets initiate TCAM lookup.

2. The longest match returns adjacency with rewrite information.
3. The packet is rewritten per adjacency information and forwarded.

ARP Throttling

CEF-Based MLS Operation

Configuring and Verifying CEF
Configuring CEF
• ip cef (enabled by default)
• ip route-cache cef (only on VLAN interface)
Verifying CEF
• show ip cef fa 0/1 detail
• show adjacency fa 0/1 detail

Enabling CEF
The commands required to enable CEF are platform

dependent:
• On the Cisco Catalyst 4000 switch
Switch(config-if)#ip cef
• On the Cisco Catalyst 3550 switch

Switch(config-if)#ip route-cache cef

Verifying CEF
Switch#show ip cef [type mod/port | vlan_interface] [detail]
Switch# show ip cef vlan 11 detail
IP CEF with switching (Table Version 11), flags=0x0

10 routes, 0 reresolve, 0 unresolved (0 old, 0 new), peak 0
13 leaves, 12 nodes, 14248 bytes, 14 inserts, 1 invalidations
0 load sharing elements, 0 bytes, 0 references
universal per-destination load sharing algorithm, id 4B936A24
2(0) CEF resets, 0 revisions of existing leaves
Resolution Timer: Exponential (currently 1s, peak 1s)
0 in-place/0 aborted modifications
refcounts: 1061 leaf, 1052 node
Table epoch: 0 (13 entries at this epoch)
172.16.11.0/24, version 6, epoch 0, attached, connected

0 packets, 0 bytes
via Vlan11, 0 dependencies
valid glean adjacency

Common CEF Problems
• Is ideal switching method (CEF, DCEF) in use?

• Are CEF tables complete and accurate?

Verify Layer 3 Switching
Switch#show interface {{type mod/port} | {port-channel

number}} | begin L3
Switch#show interface fastethernet 3/3 | begin L3

L3 in Switched: ucast: 0 pkt, 0 bytes - mcast: 12 pkt, 778 bytes mcast
L3 out Switched: ucast: 0 pkt, 0 bytes - mcast: 0 pkt, 0 bytes
4046399 packets input, 349370039 bytes, 0 no buffer
Received 3795255 broadcasts, 2 runts, 0 giants, 0 throttles
.....
Switch#

Displaying Hardware Layer 3 Switching
Statistics
Switch#show interfaces {{type mod/port} | {port-channel

number}} include switched
Switch#show interfaces gigabitethernet 9/5 | include switched

L2 Switched: ucast: 8199 pkt, 1362060 bytes - mcast: 6980 pkt, 371952 bytes
L3 in Switched: ucast: 3045 pkt, 742761 bytes - mcast: 0 pkt, 0 bytes mcast
L3 out Switched: ucast: 2975 pkt, 693411 bytes - mcast: 0 pkt, 0 bytes

Adjacency Information
Switch#show adjacency [{{type mod/port} |

{port-channel number}} | detail | internal | summary]
Switch#show adjacency gigabitethernet 9/5 detail

Protocol Interface Address
IP GigabitEthernet9/5 172.20.53.206(11)
504 packets, 6110 bytes
00605C865B82
000164F83FA50800
ARP 03:49:31

Debugging CEF Operations
Switch#debug ip cef {drops | access-list | receive |

events | prefix-ipc | table}
• Displays debug information for CEF
Switch#debug ip cef {ipc | interface-ipc}
• Displays debug information related to IPC in CEF
Switch#ping ip
• Performs an extended ping

How to Troubleshoot CEF

Summary
• Layer 3 switching is high-performance packet switching

in hardware.
• MLS functionality can be implemented through CEF.
• CEF uses tables in hardware to forward packets.
• Specific commands are used to enable and verify
CEF operations.
• Commands to enable CEF are platform dependent.
• CEF problems can be matched to specific solutions.
• Specific commands are used to troubleshoot and solve
CEF problems.
• Ordered steps assist in troubleshooting CEF-based
problems.

Module Summary
• An external router can be configured to route packets

between the VLANs on a Layer 2 switch.
• Multilayer switches allow routing and the configuration of
interfaces to pass packets between VLANs.
• CEF-based multilayer switching facilitates packet switching
in hardware.

Implementing High Availability in a Campus Environment
Configuring Layer 3 Redundancy with HSRP

Routing Issues: Using Default Gateways

Routing Issues: Using Proxy ARP

Router Redundancy

Router Redundancy (Cont.)

HSRP
Standby group: The set of routers participating in HSRP that jointly

emulate a virtual router

The Active Router
The active router responds to ARP requests with the MAC address
of the virtual router.

The Virtual Router MAC Address

The Standby Router
The standby router listens for periodic hello messages on 224.0.0.2.

Active and Standby Router Interaction

HSRP States
An HSRP router can be in one of six different states:

• Initial
• Learn
• Listen
• Speak
• Standby
• Active

HSRP State Transition
HSRP Standby Group 1
Router A Router B
Priority Priority
100 50
Initial Initial
Listen Listen
Router A does not
hear any higher
priority than itself, Speak Speak
so promotes itself Router B hears that
to standby. router A has a
Standby Listen higher priority, so
router B returns to
Router A does not
the listen state.
hear an active Active Speak
router, so
promotes itself to
active. Standby

HSRP Standby State
A router in the standby state:

• Is a candidate for active router
• Sends hello messages
• Knows the virtual router IP address
HSRP Active State
A router in the active state:

• Assumes the active forwarding of packets for the virtual router
• Sends hello messages
• Knows the virtual router IP address
HSRP Configuration Commands
Configure
• standby 1 ip 10.1.1.1
Verify
• show running-config
• show standby

Configuring an HSRP Standby Interface
Enabling HSRP on a Cisco router interface automatically

disables ICMP redirects.

Displaying the Standby Brief Status
Switch#show standby brief

P indicates configured to preempt.
|
Interface Grp Prio P State Active addr Standby addr Group addr
Vl11 11 110 Active local 172.16.11.114 172.16.11.115

Summary
• Router redundancy allows two or more routers to work as a

group to maintain forwarding of IP packets.
• A single default gateway or proxy ARP does not provide the
redundancy required in a campus network.
• HSRP provides router redundancy to end devices.
• HSRP operates to provide nonstop path redundancy for IP.
• An HSRP-enabled router will exist in a specific state or
transition through a series of states.
• HSRP is configured using the standby command.
• HSRP is enabled per interface.

Optimizing HSRP

HSRP Optimization Options
These options can be configured to optimize HSRP:

• HSRP standby priority
• HSRP standby preempt
• Hello message timers
• HSRP interface tracking

Configuring HSRP Standby Priority
• The router with the highest priority in an HSRP group

becomes the active router.
• The default priority is 100.
• In the case of a tie, the router with the highest
configured IP address will become active.
Configuring HSRP Standby Preempt
Preempt enables a router to resume the forwarding router role.

Configuring the Hello Message Timers
The holdtime parameter value should be at least three

times the value of the hellotime parameter.
HSRP Interface Tracking

HSRP Interface Tracking (Cont.)

Configuring HSRP Tracking
Switch(config-if)#standby [group-number] track type number

[interface-priority]
• Configures HSRP tracking
Switch(config)#interface vlan 10
Switch(config-if)#standby 1 track GigabitEthernet 0/7 50
Switch(config-if)#standby 1 track GigabitEthernet 0/8 60
• Example of HSRP tracking
Note: Preempt must be configured on all participating devices

within the HSRP group.

Tuning HSRP
• Configure hellotime and holdtime to millisecond values.

• Configure preempt delay timer so that preempt occurs only
after the distribution switch has fully rebooted and
established full connectivity to the rest of the network.

Multiple HSRP Groups
To load balance routers, assign them to multiple groups on the same subnet.

Addressing HSRP Groups
Across Trunk Links
• To load balance routers and links:

– Per VLAN, configure the HSRP active router and the spanning
tree root to be the same multilayer switch.
About the HSRP Debug Command
• debug standby events

• debug standby terse

Debugging HSRP
DSW111#debug standby
*Mar 4 19:08:08.918: HSRP: Vl1 Grp 1 Hello out 172.16.1.111 Active pri 150 vIP 172.16.1.113
*Mar 4 19:08:09.287: HSRP: Vl1 Grp 2 Hello in 172.16.1.112 Active pri 50 vIP 172.16.1.113
*Mar 4 19:08:09.287: HSRP: Vl1 API active virtual address 172.16.1.113 found
*Mar 4 19:08:09.891: HSRP: Vl1 API Duplicate ARP entry detected for 172.16.1.113
• Example of HSRP debug showing standby group number mismatch

Summary
• Preempt, timers, and interface tracking are options that can

be configured to optimize HSRP.
• HSRP preempt can be tuned by adjusting timers that can
thereby reduce failover time.
• To facilitate load sharing, a single interface on a router can
be a member of multiple HSRP groups.
• Specific debug commands are used to view HSRP state
changes.
• Debug can be used to discover the virtual IP address and the
priority of the active and standby routers.

Configuring Layer 3 Redundancy with VRRP

and GLBP

VRRP

VRRP Operational Process

Configuring VRRP on an Interface
Enable VRRP on an interface and display the configuration.

Gateway Load Balancing Protocol
• Single virtual IP address and multiple virtual MAC addresses

• Traffic to single gateway distributed across routers
• Automatic rerouting in the event of any failure
• Full use of resources on all routers without the
administrative burden of creating multiple groups

GLBP Operations
• GLBP group members elect one AVG.
• AVG assigns a virtual MAC address to each member of the
group.
• AVG replies to the ARP requests from clients with different
virtual MAC addresses, thus achieving load balancing.
• Each router becomes an AVF for frames that are addressed
to that virtual MAC address.

GLBP Operation

GLBP Operation (Cont.)

GLBP Interface Tracking

GLBP Interface Tracking (Cont.)

Configuring GLBP on an Interface
Enable GLBP on an interface and display the configuration.

Summary
• VRRP provides router redundancy in a manner similar to

HSRP.
• VRRP supports a master and one or more backup routers.
• VRRP and GLBP are configured per interface.
• GLBP provides router redundancy and load balancing.
• GLBP balances traffic by allocating a virtual MAC address to
each AVF.

Module Summary
• HSRP is enabled so that redundant routers can provide

default gateway functionality.
• HSRP can be tuned to provide subsecond failover to a
standby router.
• VRRP or GLBP can provide Layer 3 router failover in addition
to load balancing at the distribution layer.

Wireless LANs
Introducing WLANs

Wireless Data Technologies

Wireless Data Technologies (Cont.)

Wireless Data Technologies (Cont.)
WAN
(Wide Area Network)
MAN
(Metropolitan Area Network)
LAN
(Local Area Network)
PAN
(Personal Area
Network)
PAN LAN MAN WAN

IEEE 802.11a, 802.16 GSM, GPRS,
Standards Bluetooth
802.11b, 802.11g MMDS, LMDS CDMA, 2.5–3G
Speed <1 Mbps 1–54+ Mbps 22+ Mbps 10–384 kbps
Range Short Medium Medium–long Long
PDAs, mobile
Peer to peer, Enterprise Fixed, last-
Applications device to device networks mile access
phones, cellular
access

Wireless LAN (WLAN)
• A WLAN is a shared
network.
• An access point is a
shared device and
functions like a shared
Ethernet hub.
• Data is transmitted
over radio waves.
• Two-way radio
communications
(half-duplex) are used.
• The same radio
frequency is used for
sending and receiving
(transceiver).

WLAN Evolution
• Warehousing
• Retail
• Health care
• Education
• Businesses
• Home

What Are WLANs?
They are: They are not:

• Local • WAN or MAN networks
• In building or campus for • Cellular phones networks
mobile users • Packet data transmission
• Radio or infrared via celluar phone networks
• Not required to have RF – Cellular digital packet
licenses in most countries data (CDPD)
• Using equipment owned by – General packet radio
customers service (GPRS)
– 2.5G to 3G services

Similarities Between WLAN and LAN
• A WLAN is an 802 LAN.

– Transmits data over the air vs. data over the wire
– Looks like a wired network to the user
– Defines physical and data link layer
– Uses MAC addresses
• The same protocols/applications run over both WLANs and
LANs.
– IP (network layer)
– IPSec VPNs (IP-based)
– Web, FTP, SNMP (applications)

Differences Between WLAN and LAN
• WLANs use radio waves as the physical layer.

– WLANs use CSMA/CA instead of CSMA/CD to access the
network.
• Radio waves have problems that are not found on wires.
– Connectivity issues.
• Coverage problems
• Multipath issues
• Interference, noise
– Privacy issues.
• WLANs use mobile clients.
– No physical connection.
– Battery-powered.
• WLANs must meet country-specific RF regulations.

Summary
• Different wireless data technologies with different

characteristics are available.
• WLANs were introduced to provide local connectivity
with higher data rates.
• WLANs use half-duplex transmission.
• WLANs have similarities and differences compared to
wired LANS.

Wireless LANs
Describing WLAN Topologies

WLAN Topologies
• Wireless client access

– Mobile user
connectivity
• Wireless bridging
– LAN-to-LAN
connectivity
• Wireless mesh
networking
– Combination of
bridging and user
connectivity

WLAN and LAN

Service Set Identifier (SSID)
• SSID is used to logically separate
WLANs.
• The SSID must match on client and
access point.
• Access point broadcasts one SSID
in beacon.
• Client can be configured without
SSID.
• Client association steps:
1. Client sends probe request.
2. A point sends probe
response.
3. Client initiates association.
4. A point accepts association.
5. A point adds client MAC
address to association table.

WLAN Access Topology

Wireless Repeater Topology

Workgroup Bridge Topology

Alternative Peer-to-Peer Topology

Service Sets and Modes
Ad hoc mode
• Independent Basic Service Set (IBSS)
– Mobile clients connect directly
without an intermediate access
point.
Infrastructure mode
• Basic Service Set
– Mobile clients use a single access
point for connecting to each other
or to wired network resources.
• Extended Services Set

– Two or more Basic Service Sets
are connected by a common
distribution system.

Roaming Through Wireless Cells

Roaming Through Wireless Cells
Roaming

Client Roaming
• Maximum data
retry count
exceeded
• Too many
beacons missed
• Data rate shifted
• Periodic intervals
• Roaming without interruption requires the same SSID on

all access points.

Layer 2 vs. Layer 3 Roaming

Wireless VLAN Support
• Multiple SSIDs
• Multiple security types
• Support for multiple
VLANs from switches
• 802.1Q trunking
protocol

Wireless VLAN Support (Cont.)
• VLANs propagate
across access points.
• VLAN numbers are
unique.
• Access points handle up
to 16 VLANs.

Enterprise Voice Architecture

Wireless Mesh Networking
In a mesh network topology, devices are connected with

redundant connections between nodes.

Wireless Mesh Networking
• Mesh access points automatically

establish connection to controller.
– Rooftop access points (RAP)
connect via wired connection.
– Mesh access points (MAP)
connect via self-configuring
backhaul connection.
• Cisco uses mesh access points.
• Adaptive Wireless Path (AWP)
protocol establishes best path
to root.
• Access point authenticates to
controller and downloads
configuration and radio parameters.

Adaptive Wireless Path Protocol (AWP)
AWP protocol establishes

an optimal path to root.
Each access point carries
a feasible successor or
successors if topology or
link health changes.
AWP uses a “parent
sticky” value to mitigate
route flaps.

Key Market Segments for Outdoor Wireless
Enterprise outdoor
• Indoor and outdoor wireless solutions for education
customers.
• Rugged mesh solutions for enterprise customers.
Public sector
• Connecting peripheral devices across the mesh.
• Establishing hot zones for public safety or municipal
departments.
Service provider
• Hot spots become hot zones with Wi-Fi access.

Summary
• Types of WLAN topologies are client access, bridging, and

mesh networking.
• Wireless networks are built with multiple wireless cells.
• WLAN roaming occurs seamlessly between wireless cells.
• WLANs support VLANs and QoS.
• WLAN mesh networks extend the wireless network beyond
the boundaries of wired LANs.

Wireless LANs
Explaining WLAN Technology and

Standards

Unlicensed Frequency Bands
• ISM: Industry, scientific, and • No exclusive use

medical frequency band • Best effort
• No license required • Interference possible
Radio Frequency Transmission
• Radio frequencies are radiated into the air via an antenna,

creating radio waves.
• Radio waves are absorbed when they are propagated
through objects (e.g., walls).
• Radio waves are reflected by objects (e.g., metal surfaces).
• This absorption and reflection can cause areas of low signal
strength or low signal quality.

Radio Frequency Transmission
• Higher data rates have a shorter transmission range.

– The receiver needs more signal strength and better SNR
to retrieve information.
• Higher transmit power results in greater distance.
• Higher frequencies allow higher data rates.
• Higher frequencies have a shorter transmission range.

WLAN Regulation and Standardization
Regulatory agencies
• FCC (United States)
• ETSI (Europe)
Standardization
• IEEE 802.11
• http://standards.ieee.org/getieee802/
Certfication of equipment
• Wi-Fi Alliance certifies
interoperability between products.
• Certifications include 802.11a,
802.11b, 802.11g, dual-band
products, and security testing.
• Certified products can be found at
http://www.wi-fi.org.

802.11b
E-TRAIN www.ciscotrain.com league.ciscotrain.com

© 2005 Cisco Systems, Inc. All rights reserved. 010 82536886 010 82536887 .
802.11b Standard
• Standard was ratified in September 1999

• Operates in the 2.4-GHz band
• Specifies direct sequence spread spectrum (DSSS)
• Specifies four data rates up to 11 Mbps
– 1, 2, 5.5, 11 Mbps
• Provides specifications for vendor interoperability (over
the air)
• Defines basic security, encryption, and authentication for the
wireless link
• Is the most commonly deployed WLAN standard

2.4-GHz Channels
Channel Channel Regulatory Domain
Channel
Center Frequency Range Europe, Middle
Identifier Americas Japan
Frequency [MHz] East, and Asia
1 2412 MHz 2401 – 2423 X X X
2 2417 MHz 2406 – 2428 X X X
3 2422 MHz 2411 – 2433 X X X
4 2427 MHz 2416 – 2438 X X X
5 2432 MHz 2421 – 2443 X X X
6 2437 MHz 2426 – 2448 X X X
7 2442 MHz 2431 – 2453 X X X
8 2447 MHz 2436 – 2458 X X X
9 2452 MHz 2441 – 2463 X X X
10 2457 MHz 2446 – 2468 X X X
11 2462 MHz 2451 – 2473 X X X
12 2467 MHz 2466 – 2478 X X
13 2472 MHz 2471 – 2483 X X
14 2484 MHz 2473 – 2495 X

2.4-GHz Channel Use
• Each channel is 22 MHz wide.

• North America: 11 channels.
• Europe: 13 channels.
• There are three nonoverlapping channels: 1, 6, 11.
• Using any other channels will cause interference.
• Three access points can occupy the same area.

802.11b/g (2.4 GHz) Channel Reuse

802.11b Access Point Coverage

802.11a

802.11a Standard
• Standard was ratified September 1999

• Operates in the 5-GHz band
• Uses orthogonal frequency-division multiplexing (OFDM)
• Uses eight data rates of up to 54 Mbps
– 6, 9, 12, 18, 24, 36, 48, 54 Mbps
• Has from 12 to 23 nonoverlapping channels (FCC)
• Has up to 19 nonoverlapping channels (ETSI)
• Regulations different across countries
– Transmit (Tx) power control and dynamic frequency
selection required (802.11h)

5-GHz Channels with 802.11h
• 802.11h implements TPC and DFS.

• With 802.11h in February 2004, the FCC added 11 channels.
– 23 channels in the United States (FCC)
– 19 channels in Europe (ETSI)
– UNII-3 band currently not allowed in most of Europe
802.11a Channel Reuse
• 802.11h DFS not available

• Manual channel
assignment required
• 802.11h DFS implemented
• Channel assignment
done by Dynamic
Frequency Selection
(DFS)
• Only frequency bands
can be selected

802.11g

802.11g Standard
• Standard was ratified June 2003

• Operates in the 2.4-GHz band as
802.11b
– Same three nonoverlapping
channels: 1, 6, 11
• DSSS (CCK) and OFDM transmission
• 12 data rates of up to 54 Mbps
– 1, 2, 5.5, 11 Mbps (DSSS / 802.11b)
– 6, 9, 12, 18, 24, 36, 48, 54 Mbps
(OFDM)
• Full backward compatiblity to 802.11b
standard

802.11g Protection Mechanism
• Problem: 802.11b stations cannot

decode 802.11g radio signals.
• 802.11b/g access point communicates
with 802.11b clients with max. 11
Mbps.
• 802.11b/g access point communicates
with 802.11g clients with max. 54
Mbps.
• 802.11b/g access point activates
RTS/CTS to avoid collisions when
802.11b clients are present.
• 802.11b client learns from CTS frame
the duration of the 802.11g
transmission.
• Reduced throughput is caused by
additional overhead.

802.11 Standards
Comparison

802.11 RF Comparison
802.11b – 2.4 GHz 802.11g – 2.4 GHz 802.11a – 5 GHz

• Most commonly • Higher throughput • Highest throughput
deployed WLAN • OFDM technology • OFDM technology
standard reduces multipath reduces multipath
Pro
issues issues
• Provides up to 23
nonoverlapping
channels
• Interference and noise • Lower market
• Interference and noise from other services in penetration
from other services in the 2.4-GHz band
the 2.4-GHz band • Only three
Con
• Only 3 nonoverlapping nonoverlapping

channels channels
• Distance limited by • Throughput degraded
multipath issues in the presence of
802.11b clients
802.11 Standards Comparison
802.11b 802.11g 802.11a
Ratified 1999 2003 1999
Frequency band 2.4 GHz 2.4 GHz 5 GHz
No of channels 3 3 Up to 23
Transmission DSSS DSSS OFDM OFDM
1, 2, 5.5, 1, 2, 5.5, 6, 9, 12, 18, 24, 6, 9, 12, 18, 24,

Data rates [Mbps]
11 11 36, 48, 54 36, 48, 54
Throughput
Up to 6 Up to 22 Up to 28
[Mbps]

Range Comparisons

Ratified IEEE 802.11 Standards
802.11: WLAN 1 and 2 Mbps at 2.4 GHz

802.11a: WLAN 54-Mbps at 5 GHz
802.11b: WLAN 11-Mbps at 2.4 GHz
802.11d: Multiple regulatory domains
802.11e: Quality of service
802.11f: Inter-Access Point Protocol (IAPP)
802.11g: WLAN 54-Mbps at 2.4 GHz
802.11h: Dynamic Frequency Selection (DFS)
Transmit Power Control (TPC) at 5 GHz
802.11i: Security
802.11j: 5-GHz channels for Japan
http://standards.ieee.org/getieee802/

Worldwide Availability
http://www.cisco.com/go/aironet/compliance

General Office WLAN Design
• Eight 802.11g access

points deployed
54 Cubes—4 Conference Rooms
• 7 users per access point
Conference Conference
with no conference rooms Room Room
provides 3.8 Mbps
throughput per user
• 7 users + 1 conference
120
room (10 users) = 17 total Feet
users, provides 1.5 Mbps
throughput per user
Conference Reception Conference

Room Room
95 Feet

WLAN as a Shared Medium: Best Practices
2.4-GHz 802.11b bandwidth calculations

• 25 users per cell; general office maximum users limited by bandwidth
• Peak true throughput 6.8 Mbps
– 6.8 Mbps * 1024/25 = 278.5 kbps per user
2.4-GHz 802.11g bandwidth calculations
• 20 users per cell; general office maximum users limited by bandwidth
• Peak true throughput 32 Mbps
– 32 Mbps * 1024/20 = 1683 kbps per user
5-GHz 802.11a bandwidth calculations
• 15 users per cell; general office users limited by coverage, not
bandwidth
• Peak true throughput 32 Mbps
– 32 Mbps * 1024/15 = 2188 kbps per user

WLAN Security

Why WLAN Security?
• Wide availability and low cost

of IEEE 802.11 wireless
equipment
• 802.11 standard ease of use
and deployment
• Availability of sniffers
• Statistics on WLAN security
• Media hype about
hot spots, WLAN hacking,
war driving
• Nonoptimal implementation of
encryption in standard Wired
Equivalent Privacy (WEP)
encryption
• Authentication vulnerability

WLAN Security Threats

Mitigating the Threats
Privacy and Protection and

Control and Integrity
Confidentiality Availability
Intrusion Detection
Authentication Encryption
System (IDS)
Track and mitigate

Ensure that legitimate Protect data as it is
unauthorized
clients associate with transmitted and
access and
trusted access points. received.
network attacks.

Evolution of WLAN Security
Initial Interim Interim Present

(1997) (2001) (2003)
Encryption 802.1x EAP Wi-Fi Protected Wireless IDS

(WEP) Access (WPA)
• No strong • Dynamic keys • Standardized • Identification
authentication and protection
• Improved • Improved against
• Static, encryption encryption attacks, DoS
breakable keys
• User • Strong, user
• Not scalable authentication authentication IEEE 802.11i
(e.g., LEAP,
• 802.1x EAP PEAP, EAP- WPA2 (2004)
(LEAP, PEAP) FAST)
• RADIUS • AES strong
encryption
• Authentication
• Dynamic key
management
Wireless Client Association
• Access points send out beacons

announcing SSID, data rates, and other
information.
• Client scans all channels.
• Client listens for beacons and responses
from access points.
• Client associates to access point with
strongest signal.
• Client will repeat scan if signal becomes
low to reassociate to
another access point (roaming).
• During association SSID, MAC
address and security settings are
sent from the client to the access point
and checked by the access point.

WPA and WPA2 Authentication

WPA and WPA2 Encryption

WLAN Security Summary
802.1x EAP
Mutual Authentication
TKIP Encryption
WPA Passphrase WPA / WPA2
WEP Encryption 802.11i Security

Security Evaluation
• Evaluate effectiveness of encrypted

WLAN statistics.
• Focus on proper planning and
implementation.
• Estimate potential security threats
and the level of security needed.
• Evaluate amount of WLAN traffic
being sent when selecting security
methods.
• Evaluate tools and options applicable
to WLAN design.

Summary
• The 2.4-GHz and 5-GHz frequency bands are used by WLAN

802.11 standards.
• The throughput per user depends on the data rate and the
number of users per wireless cell.
• 802.11b has data rates of up to 11 Mbps at 2.4 GHz.
• 802.11a has data rates of up to 54 Mbps at 5 GHz.
• 802.11g has data rates of up to 54 Mbps at 2.4 GHz.
• 802.11a has a shorter range than 802.11g.
• For maximum efficiency, limit the number of users per cell.
• Different WLAN security types with authentication and
encryption satisfy the security requirements of enterprise
and home users.

WLAN Lab

CCNP BCMSN Slides

Uploaded by

Copyright:

Available Formats

CCNP BCMSN Slides

Uploaded by

Document Information

Original Title

Copyright

Available Formats

Share this document

Share or Embed Document

Sharing Options

Did you find this document useful?

Is this content inappropriate?

Copyright:

Available Formats

CCNP BCMSN Slides

Uploaded by

Copyright:

Available Formats

Building Cisco Multilayer Switched

Networks (BCMSN) v3.0

E-TRAIN www.ciscotrain.com league.ciscotrain.com 010 82536886 010 82536887 .

Cisco CCNA® certification

E-TRAIN www.ciscotrain.com league.ciscotrain.com 010 82536886 010 82536887 .

E-TRAIN www.ciscotrain.com league.ciscotrain.com 010 82536886 010 82536887 .

Day 1 Day 2 Day 3 Day 4 Day 5

E-TRAIN www.ciscotrain.com league.ciscotrain.com 010 82536886 010 82536887 .

File Wireless LAN

E-TRAIN www.ciscotrain.com league.ciscotrain.com 010 82536886 010 82536887 .

E-TRAIN www.ciscotrain.com league.ciscotrain.com 010 82536886 010 82536887 .

Expand Your Professional Options

Required Recommended Training Through

E-TRAIN www.ciscotrain.com league.ciscotrain.com 010 82536886 010 82536887 .

E-TRAIN www.ciscotrain.com league.ciscotrain.com 010 82536886 010 82536887 .

E-TRAIN www.ciscotrain.com league.ciscotrain.com 010 82536886 010 82536887 .

E-TRAIN www.ciscotrain.com league.ciscotrain.com 010 82536886 010 82536887 .

E-TRAIN www.ciscotrain.com league.ciscotrain.com 010 82536886 010 82536887 .

E-TRAIN www.ciscotrain.com league.ciscotrain.com 010 82536886 010 82536887 .

E-TRAIN www.ciscotrain.com league.ciscotrain.com 010 82536886 010 82536887 .

E-TRAIN www.ciscotrain.com league.ciscotrain.com 010 82536886 010 82536887 .

E-TRAIN www.ciscotrain.com league.ciscotrain.com 010 82536886 010 82536887 .

E-TRAIN www.ciscotrain.com league.ciscotrain.com 010 82536886 010 82536887 .

E-TRAIN www.ciscotrain.com league.ciscotrain.com 010 82536886 010 82536887 .

E-TRAIN www.ciscotrain.com league.ciscotrain.com 010 82536886 010 82536887 .

E-TRAIN www.ciscotrain.com league.ciscotrain.com 010 82536886 010 82536887 .

E-TRAIN www.ciscotrain.com league.ciscotrain.com 010 82536886 010 82536887 .

E-TRAIN www.ciscotrain.com league.ciscotrain.com 010 82536886 010 82536887 .

E-TRAIN www.ciscotrain.com league.ciscotrain.com 010 82536886 010 82536887 .

E-TRAIN www.ciscotrain.com league.ciscotrain.com 010 82536886 010 82536887 .

E-TRAIN www.ciscotrain.com league.ciscotrain.com 010 82536886 010 82536887 .

E-TRAIN www.ciscotrain.com league.ciscotrain.com 010 82536886 010 82536887 .

E-TRAIN www.ciscotrain.com league.ciscotrain.com 010 82536886 010 82536887 .

E-TRAIN www.ciscotrain.com league.ciscotrain.com 010 82536886 010 82536887 .

E-TRAIN www.ciscotrain.com league.ciscotrain.com 010 82536886 010 82536887 .

E-TRAIN www.ciscotrain.com league.ciscotrain.com 010 82536886 010 82536887 .

E-TRAIN www.ciscotrain.com league.ciscotrain.com 010 82536886 010 82536887 .

E-TRAIN www.ciscotrain.com league.ciscotrain.com 010 82536886 010 82536887 .

E-TRAIN www.ciscotrain.com league.ciscotrain.com 010 82536886 010 82536887 .

E-TRAIN www.ciscotrain.com league.ciscotrain.com 010 82536886 010 82536887 .

E-TRAIN www.ciscotrain.com league.ciscotrain.com 010 82536886 010 82536887 .

E-TRAIN www.ciscotrain.com league.ciscotrain.com 010 82536886 010 82536887 .

E-TRAIN www.ciscotrain.com league.ciscotrain.com 010 82536886 010 82536887 .

E-TRAIN www.ciscotrain.com league.ciscotrain.com 010 82536886 010 82536887 .

E-TRAIN www.ciscotrain.com league.ciscotrain.com 010 82536886 010 82536887 .

E-TRAIN www.ciscotrain.com league.ciscotrain.com 010 82536886 010 82536887 .

E-TRAIN www.ciscotrain.com league.ciscotrain.com 010 82536886 010 82536887 .

E-TRAIN www.ciscotrain.com league.ciscotrain.com 010 82536886 010 82536887 .

E-TRAIN www.ciscotrain.com league.ciscotrain.com 010 82536886 010 82536887 .

E-TRAIN www.ciscotrain.com league.ciscotrain.com 010 82536886 010 82536887 .

E-TRAIN www.ciscotrain.com league.ciscotrain.com 010 82536886 010 82536887 .

E-TRAIN www.ciscotrain.com league.ciscotrain.com 010 82536886 010 82536887 .

E-TRAIN www.ciscotrain.com league.ciscotrain.com 010 82536886 010 82536887 .

E-TRAIN www.ciscotrain.com league.ciscotrain.com 010 82536886 010 82536887 .

E-TRAIN www.ciscotrain.com league.ciscotrain.com 010 82536886 010 82536887 .

E-TRAIN www.ciscotrain.com league.ciscotrain.com 010 82536886 010 82536887 .

E-TRAIN www.ciscotrain.com league.ciscotrain.com 010 82536886 010 82536887 .

E-TRAIN www.ciscotrain.com league.ciscotrain.com 010 82536886 010 82536887 .

E-TRAIN www.ciscotrain.com league.ciscotrain.com 010 82536886 010 82536887 .