Sebati faint tosses 192 | 24 | 240 | 248 | 252 | 254 | 255 _|100.008 100.00 10.255.255.255 1a 0.25a_[oi25a 1472.16.00 172.160.0-172.31.255255 oc veene Foxe A LS LS A SS SS Se eS .0-+192.168.255.255 254 252 248 240 224 192 128 o -224.0.0.0 239.255.255.255 Multicast #ofhosts| 512 1,024 2,048 4,096 8,192 16,384 | 32,768 | 65,536 | Wildcard bit subtract 255 IPV6 Multicast Scope |EUI-64 IPv6 vs IPv4 Multicast IPV6 NDP,DAD Interface Local —> FFO1::/16 Link Local --FFO2::/16(not route) Site Local — FFOS::/16 Organizational Local -- FFO8::/16 Global — FFOE::16 48bits MAC — 64-bit interfacelD 41. Divide MAC add. halt 1234 5678 90AB.-.123456 | 78 90AB 2. Insert FFFE in the middle 1234 S6FF FETS 90AB. 3. Invert 7th bit All hosts - FF02i:1=5224,0.0.4 All routers - FFO2::2224,0.0.2 All RIP routers - FF02::9-32240.0.9 Al EIGRP routers - FFO2: All OSPF routers - FFO235-=224,0.0'5 {All OSPF DRS/BDRs - FFO2::6-4224.0.0.6 | RS — all routers to ID-FFO2::2 1224.0. No Broadcast in IPv6 NDP replaces ARP NS (ICMPv6 Type 135) RA all nodes via FFO2::1 .040_DAD--Duplicate Add. Detection STP ID.» {Bridge Priority (32,768) + MAC) (slowest) BLOCKING(DISCARDING) Speed(Mbps) —- Cost EtherChannel PAGP (Cisco) —» LACP(IEEE) ‘channels / interface —- 16 (8 standby) ACL ‘Standard 1-99, 1300-1999 -» Destination Extended 100-199, 2000-2699 -- Source LISTENING ——— 10-100 ‘Auto + Auto (No negotiation)-- Passive + Passive | ne ACL per direction por protocol nt) LEARNING 100-18 Auto + BABIES Successfu)- Passive +KalWS po poo aap FORWARDING 1644 ‘Auto + On (No negotiation) — Passive + On }CDP vs LLDP (802.1AB) Hello 2 seconds 106-2 Desirable + Desirable (Successful) -ACtVEFACtIVE | asteq by default» Disabled by default Max ageldead timer (2°10) 20 seconds FHRP ae IEEE cise ‘mossages 60 secs ~ 30 secs 120 secs sr? eon ib -PvsTe HSRP(ActiverStandy) 0000.0c07.26XX Group # | holtime 180 secs . HeRP v2 000.09 PAXK no edp run — dp run STP 602.4w--Rapid PVST+ VRRP (tastorBackup) 0000-5000 980 (EEE) ee ‘GLBP (AVG/AVF) O00" b400.Xx¥¥! ‘no edp enable — lldptransmitreceive OSPF Cost100 default. bandwidth /intertace bandwidth NTP (UDP Port 123) HELLO 10seconds, DEAD 40seconds (by default) DBD - summary of LSDB LSR - request specific LSAs from neighbor LSU - send specific LSAs to neighbor DHCP (DORA) Discover - client-server (broadcast) Offer - server--client(broadcastunicast) Request - client-server(broadeast) Ack - server--elient(unicast) Ip helper-address 192.168.10.10 (server) Rtéshow ip dhep binding 1/2 lease time, client renews IP lease Syslog Emergency Alert Critical Error Warning Notice 5 Informational Debugging 7 (default) ° 1 2 3 4 ‘Agent Device (Router, Sitch et.) Inside local--nside global-.Outside global-.Outside local Ri(config)#ip nat inside source list 1 interfaceg0/0 overload, Pe ‘Shutdown (err disable, systog/SNMP, violation counter +1) Restrict (not disable, discard traffic, violation counter +1) Protect (not di Router-ID 4. manually configured 2. highest loopback int. IPs 3. highest physical int. Ps SNMP Architecture ‘SNMP Manager str Rtiéshow clock Rtiéshow clock detail Riécalendar set Rifclock update-calendar (clock read-c) fatum 0 (ref./atomic/GPS clock) 15max server.client, symmetric active mode ‘SNMP 'SNMPV1 - original version rit no syslogiSNMP, discard traffic, no count) ‘Write- NMS — Devic Notification - Devic Response - (Response) SNMPV2c - Community string as passwords, 'SNMPV3 - Encryption & Authentication Read-NMS —Devices (Get,GetNext,GetBulk) (Set) 35 — NMS (Trap, Inform) Redundancy ‘Single Homed -» 1 SP, 1 Connection Dual Homed — 1 SP, 2 Connections MultiHomed — 2SPs, 1 Connection Dual Multl-Homed-25Ps, 2 ConnectionsQos > One way delay - 150ms or less Jitter -30ms or less. Loss -1% or less > Bandwidth oe nile 2.4GHz non overlap —> 1,6,11 (5GHz he > CSMAICD - wired avoidance half duplex > CSMAICA - wireless avoidance half duplex > Signals are affected by Absorption, Reflection, Diffraction, and Scattering, none) ‘Twortior (Collapsed Core) (Distribution, Access) ‘Spine-teaf(Spines--Leaves,Not to each other) Core Layer — speedifast transport —Dist. Layer ‘Access Layer —+ connects end hosts, QoS, port APs i IPP (3 bits)& DSCP (6 bits)_ - Lowest drop precedence —> High = High Priority AF44 AFA2 AFA3. (34) (36) (38) 1 ARS AFS2 ‘AF33 1 (18) (20) (22) t AF24 AF22 AF23. : 1 (18) (20) (22) Lowest PriorityAF11 ARIZ AFIS (10) (12) (14) se LAN ARCHITECTURE Wireless LAN ‘Three-tier (Core, Distribution, Access) Three types of Service Sets IBSS (ad hoc) independent > Infrastructure (BSS, ESS) passing ESS roaming > Mesh (MBSS) Dist. Layer —- aggregates/connects to WAN & @) _SSID (not unique human readable) SSID (unique MAC add. of AP) security, DAI, POE APs, IP phoné upstream wired network is DS Wi-Fi4 btw. AP wit Service Sets sESS (Extended Service Set) ‘own BSS connected by wired network sEach BSS-> same SSID ‘Each BSS has unique BSSID (MAC add. of APs) ‘Each BSS uses different channel to avoid int. *BSA should overiap 10-15% +Roaming seamlessly > Management: used to manage BSS “Beacon Probe requestiresponse Authentication Association requestirespon: > Control: used to control access to medium (radio F) RTS (Request to Send) CTS (Clear to Send) SACK Data: used to send actual data packets. WLC somes] Semele] Se $f teu [E37 tea E3] tows] = i EAST a) (a) (e)[@ al (a a Authenticator ‘Authentication Server 0) a 802.4X authentication architect ‘Credits GleremysiTLab @ciscoNetAcad WLC = lightweight APs use CAPWAP tunnels @Any original authors > Control tunnel UDP port 5246 > Data tunnel UDP port 6247 This cHeatsHoetis designed by (B) @Hencrito0Network Automation Logical Planes > Data plane —-forward dataltraffic (802.1qViantags, NAT, ‘ACLs, port security > Control plane — routing table, MAC tables, ARP, STP, etc > Management —- SSHiTelnet, Syslog, SNMP, NTP. ‘Northbound Interface (NBI) »NBI—uses SBI to communicate with all managed devices and gathers networked devices, topology, available interfaces, their configurations ‘ARest API is used on the controller as an interface for apps to interface with it. Data Is sent in a structured (serialized) format such as JSON or XML Southbound Interface (SBI) > SBI_scommunicates btw controller and all network devices APIs facilitate data exchanges between programs ‘Some examples of SBIs: —OpenFlow Cisco OpFlex “Cisco onePK (Open Network Environment Platform Kit) sNETCONF REST APIs > Uniform interface > Client-server > stateless > cacheable or non-cacheable > Layered system > Code-on-demand{optional) cer ll : = ‘structured data | Ge. 3S0N, xMU) JSON ¥ RESTAPI REST API often uses JSON > Whitespace is InSIGRINGAit > Four ‘primitive data types: String, Number, Boolean, Null > Two structured data types Object and Array >» SD-Access is SDN solution for automating [campus LANs YAML —Kollautomating Data Center ee SEE cutormating WANs Whitespace is SiShiniegiit > Cisco DNA Is the SGRIRGMBBat the center of Ansiblt |SD-Access. > written in Python (Red Hat) > Push Model, AGGHRIEEE, Uses: ‘SSH to connect to devices, make ‘configuration changes, extract info. > Playbooks (written in YAML) Inventory (written INI, YAML) > Templates (in Jinja2) > Variables (in YAML) > Underlay-»physical network of devices and [connections (IP connectivity S18) > Overlay-.virtual network built + physical underlay network —:SD-Access uses VXLAN to build tunnels > Fabric--combination of overlay and | {i npempceoeareje (3] 3} EE Puppet written in Ruby > Pull Model, AGSHEBSS=@ > Puppet masteriserver > Client uses TCP8140—Master » Proprietary language for files »Manifast, Templates Had Chef writen in Ruby Pull Model, AGSRESSE HTTPS (via RESTAPI)| » Not all Cisco devices support 10002 > ServerTCP10002, files DSL