partial mesh topology,
12
,
236
passive mode,
220
passwords,
166
ports,
42
,
113
redundancy,
11
reprovisioning,
45
rolled cable,
17
root bridges,
242
running-config,
218
SDN,
197
serial numbers,
218
speed and duplex,
21
Spine/Leaf architecture model,
198
SSH encryption,
156
star topology,
10
–11
STP,
71
time synchronization,
229
trunking,
59
two-tier design model,
11
user connections,
11
verifying,
113
virtual,
35
VLANs,
46
VTP modes,
55
YANG data model,
204
switching
core layer,
10
fragment-free mode,
36
Switching Database Manager (SDM),
112
switching loops
PortFast mode,
75
STP,
35
switching offices,
215
switching path delays in NAT,
248
switchport access vlan command,
47
–48,
60
switchport mode access command,
50
,
60
–61,
184
switchport mode dynamic auto command,
61
switchport mode dynamic desirable command,
60
–61
switchport mode trunk command,
58
switchport nonegotiate command,
58
,
60
–61
switchport nonnegotiate command,
184
switchport port-security command,
183
–184
switchport port-security mac-address command,
186
switchport port-security mac-address sticky command,
186
switchport port-security maximum command,
184
switchport port-security violation protect command,
185
switchport port-security violation restrict command,
184
switchport port-security violation shutdown command,
185
switchport trunk allowed vlan command,
240
switchport trunk allowed vlan add command,
56
switchport trunk allowed vlan all command,
55
–56
switchport trunk allowed vlan remove command,
55
switchport trunk encapsulation 802.1q command,
61
switchport trunk encapsulation dot1q command,
56
,
59
switchport trunk native vlan command,
63
switchport voice vlan command,
48
symmetrical keys in PSK,
190
SYN flag in three-way-handshake process,
237
synchronization
importance,
229
NTP,
145
routers and switches,
229
,
249
time sources,
144
VLAN databases,
240
VMs,
17
WAPs,
10
syslog
facility logging,
152
management planes,
199
message destination,
152
protocols and ports,
150
severity level of events,
150
warnings,
150
syslog servers
event logs,
249
verifying,
230
system state information, Chef tool for,
207
T
TACACS+. See Terminal Access Controller Access Control System+
(TACACS+)
tag frames in 802.1Q,
59
,
62
tail drops, preventing,
156
tailgating,
165
TCP. See Transmission Control Protocol (TCP)
TCP/IP packet routing,
106
Telnet
ACLs,
252
authentication,
158
,
168
–169
passwords,
166
,
168
remote router connections,
81
vs. SSH,
167
SSH replacement,
157
TACACS+,
188
terminal emulation,
81
Temporal Key Integrity Protocol (TKIP)
throughput rates,
191
WPA 2,
190
10GBase-CX, cost and simplicity,
17
Terminal Access Controller Access Control System+ (TACACS+)
AAA servers,
242
benefits,
222
description,
252
router configuration,
188
TCP ports,
81
Telnet,
188
terminal emulation in Telnet,
81
testing routes,
99
TFTP servers
IOS upgrades,
158
router boots,
158
three-tier model for campuses,
12
three-way handshakes
flags,
237
requirements,
23
sliding windows,
23
throughput rates in TKIP,
191
time clocks in routers and switches,
144
time details for servers,
145
time drift, NTP observation of,
145
time sources for synchronization,
144
time stamps, logging with,
150
time synchronization. See synchronization
time to live (TTL)
DNS,
147
ICMP,
99
IP headers,
246
packets,
97
ping command,
117
time zones for routers,
145
timed out commands, status code for,
206
timers
adjacencies,
127
HSRP,
133
HSRPv2,
137
RIPv2,
244
TKIP (Temporal Key Integrity Protocol)
throughput rates,
191
WPA 2,
190
tokens
applying,
204
authentication,
164
–165
Topology Change Notification BPDUs,
71
traceroute command
hops,
172
–173
ICMP packets,
248
ICMP queries,
246
paths,
32
,
228
traffic classification in QoS,
154
traffic flow
data planes,
199
–200
Spine/Leaf architecture model,
198
traffic forwarding
VLANs,
58
VTP modes,
56
traffic markings,
156
traffic policing in QoS,
156
traffic shaping in QoS,
155
training for phishing attacks,
164
Transmission Control Protocol (TCP)
firewall conversations,
8
lost segments,
22
sequence and acknowledgment numbers,
22
sliding windows,
23
TACACS+ ports,
81
three-way handshakes,
23
,
237
transparent mode in VTP,
56
,
60
Transport Layer, flow control in,
21
transport ssh telnet command,
157
,
167
trap messages
NMS,
150
port security,
185
SNMP,
148
–149
trunk mode for ROAS,
111
trunk ports
VLANs,
54
WAPs,
80
WLCs,
79
trunks
802.1Q,
62
allowing,
58
configuring,
56
,
61
creating,
60
–61
ISL switches,
59
lists,
55
–56
mode desirable auto,
59
native VLAN mismatches,
63
troubleshooting,
58
–59,
63
verifying,
54
WLCs,
80
trust boundaries in QoS,
82
,
230
trusted networks, firewalls as,
162
TTL. See time to live (TTL)
tunnels
GRE,
171
,
251
VPNs,
175
VXLAN,
201
2.4 GHz standard,
34
two-tier design model, layer switches in,
11
type field for Ethernet frames,
238
–239
U
UDP. See User Datagram Protocol (UDP)
unauthorized access detection,
8
unauthorized POST function,
234
underlay, SDN,
200
unicast addresses
global,
30
single hosts,
29
Uniform Resource Identifiers (URIs)
firewalls,
214
question marks in,
205
unique local addresses,
30
unnamed VLANs,
53
untrusted ports, Offer and Acknowledgment messages with,
232
updates, OSPF,
120
upgrades
flash memory,
159
IOS,
158
,
234
URIs (Uniform Resource Identifiers)
firewalls,
214
question marks in,
205
user connections, access layer switches for,
11
User Datagram Protocol (UDP)
AAA servers,
251
acknowledgments,
22
connectionless protocol,
215
DHCP,
148
DNS,
22
,
249
GLBP,
133
HSRP,
133
lost segments,
22
NMS polling,
229
NTP,
145
RADIUS,
187
,
251
SNMP,
149
syslog,
150
username scpadmin privilege-level command,
250
username user1 password command,
157
,
168
usernames in PPP suite,
18
V
verifying
DNS name resolution,
33
GRE,
172
hello packets,
123
IP addresses,
107
,
230
IPv6 addresses,
29
negotiation protocols,
68
paths,
32
remote routers,
123
RIDs,
122
–123
routes,
91
SVI,
112
switches,
113
trunks,
54
VLANs,
50
–51
version 2 command,
103
Version field in IPv6 addresses,
28
Virtual Extensible LAN (VXLAN) protocol
SDN,
253
tunneling,
201
virtual firewalls,
35
virtual machines (VMs)
cloud services catalog,
16
compute resources distribution,
34
description,
34
hosts,
35
NTP VNFs,
215
synchronization,
17
virtual firewalls,
35
virtual switches,
35
virtual network functions (VNFs),
215
virtual private networks (VPNs)
data integrity,
175
site-to-site,
175
tunnel creation,
175
Virtual Router Redundancy Protocol (VRRP)
configuring,
136
FHRP,
132
virtual routers
default gateways,
229
HSRP,
133
virtual switches,
35
virtualization in private clouds,
15
vlan.dat file,
239
VLAN hopping in DTP,
230
VLAN Trunking Protocol (VTP)
modes
switches,
55
traffic forwarding,
56
transparent,
60
purpose,
56
VLAN database synchronization,
240
VLAN pruning,
57
VLANs
adding,
56
benefits,
46
–47
changing,
50
,
63
configuring,
47
,
60
creating,
50
,
52
–53
database synchronization,
240
databases,
53
default vs. native,
62
deleting,
46
,
49
,
55
disabled,
52
displaying,
62
dynamic,
47
enabling,
51
extended range,
45
frames,
46
global configuration mode,
239
hopping attacks,
250
IDs
access ports,
48
default,
49
extended,
45
removing from frames,
48
jumbo frames,
47
layer 3 routers,
47
native. See native VLANs
nodes,
46
normal range,
46
proprietary protocols,
54
pruning,
57
renaming,
47
,
49
routed layer 3 from flat layer 2,
45
router configuration,
62
routing,
53
running-config,
60
security issues,
49
segmenting,
50
switch ports,
45
switches,
46
traffic forwarding,
58
trunk switch ports,
54
unnamed,
53
verifying,
50
–51
VoIP phones,
48
VMs. See virtual machines (VMs)
VNFs (virtual network functions),
215
VoIP phones
port security,
184
provisioning,
51
QoS,
83
VLANs,
48
VoIP traffic, maximum delay in,
155
VPNs (virtual private networks)
data integrity,
175
site-to-site,
175
tunnel creation,
175
vrrp ip command,
136
VRRP (Virtual Router Redundancy Protocol)
configuring,
136
FHRP,
132
VTP. See VLAN Trunking Protocol (VTP)
vtp mode client command,
55
vtp mode pruning command,
57
VXLAN (Virtual Extensible LAN) protocol
SDN,
253
tunneling,
201
W
wait times in STP convergence,
74
WANs (wide area networks) connection security,
230
WAPs. See wireless access points (WAPs)
warnings, syslog,
150
web browser requests,
22
web interfaces, control plane in,
201
web servers
IP addresses,
27
scaling,
35
web sites, phishing attacks on,
165
WEP (Wired Equivalent Privacy)
authentication,
34
overlapping channels,
33
WPA fix,
232
white space in YAML,
195
Wi-Fi Protected Access (WPA)
encryption limitations,
189
frame-level encryption,
189
MIC,
189
WEP fix,
232
Wi-Fi Protected Access 2 (WPA 2)
AES,
190
AES-CCMP encryption,
189
encryption,
34
PSK,
190
TKIP,
190
Wi-Fi Protected Access 2 - Lightweight Extensible Authentication
Protocol (WPA2-LEAP),
253
Wi-Fi Protected Access 3 (WPA 3), SAE authentication in,
189
wide area networks (WANs) connection security,
230
wildcard masks
filters,
177
–178
OSPF,
122
–123
Wired Equivalent Privacy (WEP)
authentication,
34
overlapping channels,
33
WPA fix,
232
wireless access points (WAPs)
autonomous,
78
console,
82
debugging,
81
lightweight,
78
neighbors,
83
port security,
183
SSIDs,
8
,
163
synchronization,
10
WLCs,
80
wireless bridges, point-to-multipoint,
78
wireless connectivity, troubleshooting,
83
–84
wireless devices, root and non-root,
78
wireless LAN controllers (WLCs)
adding networks,
80
authentication,
9
failed links,
242
load balancing,
80
local mode,
242
SSIDs,
79
troubleshooting,
83
–84
trunk ports,
79
WAP ports,
80
WAP synchronization,
10
wireless roaming,
9
wireless LANs (WLANs)
default QoS,
243
QoS,
82
wireless metro area networks (WMANs),
80
wireless personal area networks (WPANs),
80
wireless repeaters,
78
wireless roaming,
9
wireless VoIP phones,
83
wirespeed of Gigabit Ethernet switches,
6
wiring cable,
18
WLANs (wireless LANs)
default QoS,
243
QoS,
82
WLCs. See wireless LAN controllers (WLCs)
WMANs (wireless metro area networks),
80
WorkGroup Bridge mode,
222
WPA. See Wi-Fi Protected Access (WPA)
WPA 2. See Wi-Fi Protected Access 2 (WPA 2)
WPA 3 (Wi-Fi Protected Access 3), SAE authentication in,
189
WPA2-Enterprise
certificate infrastructure,
189
RADIUS servers,
190
WPA2-LEAP (Wi-Fi Protected Access 2 - Lightweight Extensible
Authentication Protocol),
253
WPA2-Personal
enabled,
84
uses,
191
WPA2 Policy-AES,
253
WPA3-Enterprise,
189
WPANs (wireless personal area networks),
80
X
X-Auth-Token element
authentication tokens,
204
Base64 encoding,
204
XML (Extensible Markup Language),
195
Y
YAML Ain't Markup Language (YAML) markup language
Ansible tool,
234
identifying,
195
key-value pairs,
195
mapping,
195
white space structure,
195
Yet Another Next Generation (YANG) data model
configuration storage,
206
NETCONF protocol,
196
switch configuration,
204
Z
zones
Adaptive Security Appliances,
8
firewalls,
7
Do'stlaringiz bilan baham: |