Monthly Archives: July 2015

SWITCH 300-115: 1.1 Configure and verify switch administration

1.1.a SDM templates

http://www.cisco.com/c/en/us/td/docs/switches/lan/catalyst3750x_3560x/software/release/12-2_55_se/configuration/guide/3750xscg/swsdm.html

sdm_prefer

Understanding the SDM Templates

You can use SDM templates to configure system resources in the switch to optimize support for specific features, depending on how the switch is used in the network. You can select a template to provide maximum system usage for some functions; for example, use the default template to balance resources, and use access template to obtain maximum ACL usage. To allocate hardware resources for different usages, the switch SDM templates prioritize system resources to optimize support for certain features.

You can select SDM templates for IP Version 4 (IPv4) to optimize these features on switches running the IP base or IP services feature set:

Note Do not select a routing template (sdm prefer routing) when the switch is running the LAN base feature set. Although visible in the command-line help, the LAN base feature set does not support routing. On switches running the LAN base feature set, routing values shown in the templates are not valid.

  • Routing—The routing template maximizes system resources for unicast routing, typically required for a router or aggregator in the center of a network.
  • VLANs—The VLAN template disables routing and supports the maximum number of unicast MAC addresses. It would typically be selected for a Layer 2 switch.
  • Default—The default template gives balance to all functions.
  • Access—The access template maximizes system resources for access control lists (ACLs) to accommodate a large number of ACLs.

Note On switches running the LAN base feature set, routing values shown in the templates are not valid.

SWITCH 300-115: Blueprint

1.0 Layer 2 Technologies

1.1 Configure and verify switch administration

  • 1.1.a SDM templates
  • 1.1.b Managing MAC address table
  • 1.1.c Troubleshoot Err-disable recovery

1.2 Configure and verify Layer 2 protocols

  • 1.2.a CDP, LLDP
  • 1.2.b UDLD

1.3 Configure and verify VLANs

  • 1.3.a Access ports
  • 1.3.b VLAN database
  • 1.3.c Normal, extended VLAN, voice VLAN

1.4 Configure and verify trunking

  • 1.4.a VTPv1, VTPv2, VTPv3, VTP pruning
  • 1.4.b dot1Q
  • 1.4.c Native VLAN
  • 1.4.d Manual pruning

1.5 Configure and verify EtherChannels

  • 1.5.a LACP, PAgP, manual
  • 1.5.b Layer 2, Layer 3
  • 1.5.c Load balancing
  • 1.5.d EtherChannel misconfiguration guard

1.6 Configure and verify spanning tree

  • 1.6.a PVST+, RPVST+, MST
  • 1.6.b Switch priority, port priority, path cost, STP timers
  • 1.6.c PortFast, BPDUguard, BPDUfilter
  • 1.6.d Loopguard and Rootguard

1.7 Configure and verify other LAN switching technologies

  • 1.7.a SPAN, RSPAN

1.8 Describe chassis virtualization and aggregation technologies

  • 1.8.a Stackwise

2.0 Infrastructure Security

2.1 Configure and verify switch security features

  • 2.1.a DHCP snooping
  • 2.1.b IP Source Guard
  • 2.1.c Dynamic ARP inspection
  • 2.1.d Port security
  • 2.1.e Private VLAN
  • 2.1.f Storm control

2.2 Describe device security using Cisco IOS AAA with TACACS+ and RADIUS

  • 2.2.a AAA with TACACS+ and RADIUS
  • 2.2.b Local privilege authorization fallback

3.0 Infrastructure Services

3.1 Configure and verify first-hop redundancy protocols

  • 3.1.a HSRP
  • 3.1.b VRRP
  • 3.1.c GLBP

2.1.a Implement and troubleshoot switch administration

i/g u/l

i/g means individual/group, u/l means universal/local. examine the mac diagram below:

ig_ul_odom_dia

msb is to the far left (1st byte), while lsb is far right (6th byte). the first three bytes comprise the organizationally unique identifier and the last three bytes comprise the vendor assigned unique value to round out the complete address. this is mandated by the ieee.

we know the mac is 48 bits or 6 bytes.

the 1st bit of the 1st byte (left to right) is considered the most significant bit. the last bit of the 1st byte likewise is the least significant bit. when the frame is transmitted the expected order is 1st byte 1st and so on, however the bits of the individual byte are transmitted in reverse order. this is often referred to as canonical (authorized; recognized; accepted as standard).

if the i/g bit is set to 0 it is a unicast address; if it is set to 1 it is either a multicast or broadcast.

if the u/l bit is zero the mac has been assigned by the vendor; if it is 1 it has been locally assigned (administered), which overrides the original assignment by the vendor.

now consider this address: (from pearson it certification test, ccie v5)

0300.0012.3456

An Ethernet MAC address is always written out in the big endian order, most significant byte first, and is also transmitted on the wire in this order of bytes. However, individual bits of each byte are transmitted in the reverse order, starting with the least significant bit (as stated above). The first byte of the MAC address to be put on wire is 0x03, or 00000011 in binary. In this byte, the least significant bit, or the rightmost bit, is the Individual/Group (I/G) bit, currently set to 1, thereby indicating this is a group MAC address (multicast). The second least significant bit is the Universal/Local (U/L) bit, also set to 1, indicating that this MAC address is locally administered and has not been allocated by IEEE. The bits of the first byte will be transmitted as 1-1-0-0-0-0-0-0 (note reversal). In this sequence, the first transmitted bit is clearly set to 1. (it would be unicast if zero)