Monday, May 31, 2010

IPSEC VPN Tunnel Config

Been playing with this the last hour and thought I would share it.

I setup a VPN tunnel between R4 and R5

R4 fa0/0 is the inside of its network
s0/1/0 is the outside PPP link to R5

R5 fa0/0 is the inside of its network
s0/1/0 is the outside PPP link to R4

Here are the configs.

R4:

crypto isakmp policy 1
encr aes
authentication pre-share
group 5
crypto isakmp key CISCO address 10.1.1.2
!
crypto ipsec transform-set esp-aes-sha esp-aes esp-sha-hmac
!
crypto map vpn 10 ipsec-isakmp
set peer 10.1.1.2
set transform-set esp-aes-sha
match address 101
!
interface FastEthernet0/0
ip address 192.168.1.254 255.255.255.0
duplex auto
speed auto
no keepalive
!
interface Serial0/1/0
ip address 10.1.1.1 255.255.255.0
clock rate 64000
crypto map vpn
!
access-list 101 permit ip 192.168.1.0 0.0.0.255 192.168.2.0 0.0.0.255


R5:

crypto isakmp policy 1
encr aes
authentication pre-share
group 5
crypto isakmp key CISCO address 10.1.1.1
!
crypto ipsec transform-set esp-aes-sha esp-aes esp-sha-hmac
!
crypto map vpn 10 ipsec-isakmp
set peer 10.1.1.1
set transform-set esp-aes-sha
match address 101
!
interface FastEthernet0/0
ip address 192.168.2.254 255.255.255.0
duplex auto
speed auto
!
interface Serial0/1/0
ip address 10.1.1.2 255.255.255.0
crypto map vpn
!
access-list 101 permit ip 192.168.2.0 0.0.0.255 192.168.1.0 0.0.0.255
!

Thursday, May 27, 2010

Important notes about OSPF Network Types

- OSPF defines six network types:
> Broadcast networks
>> Default network on ethernet and FDDI.
>> Will elect a DR and a BDR.
>> Uses the multicast MAC 224.0.0.5 (0100.5E00.0005) for AllSPFRouters and 224.0.0.6 (0100.5E00.0006) for AllDRouters.
>> There is NO next-hop modification. The next-hop IP remains that of the originating router.
>> Layer3 to layer2 resolution is required.
>> Broadcast networks can’t have unicast neighbors configured.
>> 10 hello / 40 dead-interval.
> Non-Broadcast networks
>> Can connect more than two routers but have no native broadcast capability.
>> Non-Broadcast is the default network type on multipoint frame-relay interface, eg a main interface.
>> OSPF routers on NBMA networks elect a DR and BDR, but all OSPF packets are unicast between each manually
specified neighbor with the "neighbor" command.
>> The next-hop IP is not changed and remains the IP address of the originating router.
>> The default priority is 1, and should be disabled (=0) on ALL SPOKES, to prevent a spoke from becoming a blackhole DR/BDR.
>> 30 hello / 120 dead-interval.
> Point-to-point networks
>> Default on T1, DS-3, or SONET links, point-to-point sub-interface on frame-relay and ATM networks.
>> Uses the multicast destination to AllSPFRouters (224.0.0.5), except for retransmitted LSAs which are unicast.
>> NO DR/BDR election, OSPF configured as per normal.
>> The next-hop IP is that of the advertising router.
>> OSPF ignores subnet mask mismatch on point-to-point links.
>> 10 hello / 40 dead-interval.
> Point-to-multipoint networks
>> Cisco proprietary, and not a default option, but best choice for NBMA networks.
>> Are special configurations of NBMA networks in which the networks are treated as a collection of point-to-point links.
>> Does not elect a DR and BDR, and the OSPF packets are multicast (224.0.0.5) to each known neighbor.
>> The next-hop IP is that of the advertising neighbor.
>> Layer3 to layer2 resolution is ONLY needed for the directly connected neighbors.
>> Non-direct neighbors use recursive layer3 IP routing to reach each other.
>> In addition the endpoints of point-to-multipoint networks are advertised as host routes instead
of the actual networks. ie /32 in the routing table.
>> 30 hello / 120 dead-interval.
> Point-to-multipoint non-broadcast networks
>> Cisco proprietary, the same as point-to-multipoint, but configured with the additional 'non-broadcast' keyword.
>> No DR/BDR election, uses unicast appose to multicast, to each manually specified neighbor.
>> As a result the directly connected neighbor must be manually defined with the 'neighbor' command.
This command is only required on the one side.
>> The next-hop IP is that of the advertising neighbor.
>> IP routing will be used to establish reachability between devices that are non-adjacent at layer2.
>> Was created to allow for the assignment of

> Virtual links
>> Are used to link an area to the backbone through a non-backbone area. (Also known as a transit area)
>> Can also be used to connect two parts of a partitioned backbone through a non-backbone area.
>> Must be configured between two ABRs of which one must be connected to area 0.
>> The transit area cannot be a stub area, and must have full routing information.
>> The virtual link will transition to the fully functional point-to-point interface state when a route to
the neighbouring ABR is found in the route table.
>> OSPF ignores subnet mask mismatch on point-to-point links.
>> A virtual link is seen as an interface in area 0.
>> All area 0 attributes are inherited by routers attached to the virtual link, including summarization and authentication.
>> To see the cost of using the transit area use "sh ip ospf virtual-link" and refer to 'cost of using'.
>> The cost of the virtual link is the cost of the route to the neighbors interface via the transit area.
> OSPF over GRE
>> OSPF virtual links cannot transit stub areas.
>> If a virtual link over a stub area is required, the only solution is to use a GRE tunnel.
>> The tunnel interface must have a IP address with a network statement in area0.
> Stub/loopback networks
>> Default for loopback interfaces.
>> Assumes only a single attached router. OSPF advertises stub networks as host routes(/32).
>> Don’t confuse this with stub areas!

Friday, May 14, 2010

Frame Relay

History of Frame Relay


Frame Relay is a high-performance WAN protocol that operates at the physical and data link layers of the OSI reference model. Frame Relay originally was designed for use across Integrated Services Digital Network (ISDN) interfaces. Today, it is used over a variety of other network interfaces as well

Initial proposals for the standardization of Frame Relay were presented to the Consultative Committee on International Telephone and Telegraph (CCITT) in 1984. Because of a lack of interoperability and standardization frame relay did not experience large scale implementation until the 90’s.
A major development in Frame Relay's history occurred in 1990 when Cisco, Digital Equipment Corporation (DEC), Northern Telecom, and StrataCom formed a consortium to focus on Frame Relay technology development. This consortium developed a specification that conformed to the basic Frame Relay protocol that was being discussed in CCITT, but it extended the protocol with features that provide additional capabilities for complex internetworking environments. These Frame Relay extensions are referred to collectively as the Local Management Interface (LMI).
Internationally, Frame Relay was standardized by the International Telecommunication Union—Telecommunications Standards Section (ITU-T). In the United States, Frame Relay is an American National Standards Institute (ANSI) standard.









Frame Relay Overview

Devices attached to a Frame Relay WAN fall into the following two general categories:
• Data terminal equipment (DTE)
• Data circuit-terminating equipment (DCE)
DTEs generally are considered to be terminating equipment for a specific network and typically are located on the premises of a customer.
DCEs are carrier-owned internetworking devices. The purpose of DCE equipment is to provide clocking and switching services in a network, which are the devices that actually transmit data through the WAN.
Frame Relay Virtual Circuits
Frame Relay provides connection-oriented data link layer communication. This means that a defined communication exists between each pair of devices and that these connections are associated with a connection identifier. This service is implemented by using a Frame Relay virtual circuit, which is a logical connection created between two data terminal equipment (DTE) devices across a Frame Relay packet-switched network (PSN).
Virtual circuits provide a bidirectional communication path from one DTE device to another and are uniquely identified by a data-link connection identifier (DLCI). A number of virtual circuits can be multiplexed into a single physical circuit for transmission across the network. This capability often can reduce the equipment and network complexity required to connect multiple DTE devices.
A virtual circuit can pass through any number of intermediate DCE devices (switches) located within the Frame Relay PSN.
Frame Relay virtual circuits fall into two categories: switched virtual circuits (SVCs) and permanent virtual circuits (PVCs).
• Switched virtual circuits (SVCs), which are temporary connections that are created for each data transfer and then are terminated when the data transfer is complete (not a widely used connection)
• Permanent virtual circuits (PVCs), which are permanent connections
The DLCI is a value assigned to each virtual circuit and DTE device connection point in the Frame Relay WAN. Two different connections can be assigned the same value within the same Frame Relay WAN—one on each side of the virtual connection.

Review of the extensions
In 1990, Cisco Systems, StrataCom, Northern Telecom, and Digital Equipment Corporation developed a set of Frame Relay enhancements called the Local Management Interface (LMI). The LMI enhancements offer a number of features (referred to as extensions) for managing complex internetworks, including the following:
• Global addressing
• Virtual circuit status messages
• Multicasting

Inverse Arp
Frame-Relay (a Layer 2 protocol) uses Inverse-Arp to map a know Layer 2 Address (DLCI) to a unknown Layer 3 Address (for example, IP).

View example slide 4

Ethernet ARP Request knows the Layer 3 Address, and requests the Layer 2 Address (MAC), on the other hand Frame Relay Inverse ARP knows the Layer 2 Address (DLCI) and request the Layer 3 Address (Next-Hop IP Address).
Once the interface is enabled, the router will send Inverse-Arp requests out all DLCIs learned via LMI for all protocols configured on the interface.
You can rely on Inverse-Arp to map the DLCI to the IP Address of your Routers, or if you want (or the situation asks for), you can create static maps.
Frame-Relay Inverse ARP is not required on point-to-point interface, and, if needed it can be disabled with the “no frame-relay inverse arp” command under the interface you need to do it:

However, Inverse ARP Reply can NOT be disabled, that means, even if you disable your Inverse ARP in an interface, if this interface receives any Inverse ARP Request it´ll respond to the request!
We can check which type of mapping was configured with the command "show frame-relay map":
- dynamic means the mapping was done using Inverse-Arp;
- static means the mapping was done manually (by command-line-interface).


Go over configuration scenarios and then implement them!

Saturday, May 8, 2010

CCIE Topics up for grabs!!!

FRAME-RELAY

* NBMA Overview
o Times
o Keepalives

* Interface Types
o Physical
o Multipoint Subinterface
o Point-to-Point Subinterface
o Back-to-Back
o FRF.16.1 (Multilink Frame Relay)

* Address Resolution (iARP)
o Static
+ Self Mapping
o Dynamic (iARP)
+ Disabling Requests
+ Disabling Per DLCI

* DCHP to new router

* Broadcast Replication

* LMI
o Adjusting the timers

* Full Mesh

* Partial Mesh (Hub-and-Spoke)

* End-to-End Keepalives

* Bridging over Frame Relay

.
PPP

* PPP advantages over HDLC

* PPP Features
o Auto neighbor IP
o LCP & IPCP

* Authentication
o PAP
o CHAP
+ CHAP Hostname
+ CHAP Password
+ Same hostname
o Putting a “?” in Password

* Peer Neighbor Route

* Reliable Link (RFC 1663)

* Link Quality Monitoring

* Multilink PPP (MLP)
o MLP Interleaving and Queuing
o Multiclass MLP
o MRRU Negotiation

* PPP over Frame Relay (PPPoFR)

* PPP Half-Bridging

.
IP ROUTING

* Routing Decisions
o Longest Match
o Distance
o Inner Protocol
o Metric

* Default Routing

* Switching Paths
o Process switching
o Fast Switching
o Netflow switching
o CEF switching

* Layer 2 Resolution

* OER (Cisco Optimized Edge Routing)
o PFR (Performance Routing)

* ODR (On Demand Routing)

* Secondary Ip addresses

* Floating Static Routes

* Backup Interface

* GRE Tunneling (L3 VPN)

* PBR (Policy Routing)
o Policy route local traffic through Loopback

* /31 Mask

* IP-Unnumbered

.
RIP

* RIP Operation
o no validate-update source

* Metric & Timers

* RIP Vesion 1 & 2

* Updates Types
o Broadcast
o Multicast
o Unicast

* Network Statement

* Passive Int

* Split-Horizon, RIP Triggered

* Summarization
o Auto Summary
o Int Summary

* Filtering
o Distribute-List
o Offset List
o Distance

* Default Routing

* Authentication
o MD5
o Text

.
EIGRP

* EIGRP Operation

* Metric, Timers and K-values

* Variance & Load-sharing

* Convergence Timers

* Routing Updates

* Packet Types (Theory)

* DUAL Finite State Machine (Theory)

* Passive Interface

* Split-Horizon

* Default Network

* Authentication
o MD5
o Key Rotation

* Summarization
o Auto-Summary
o Interface
o Default Route (summary command with 0.0.0.0)
o Floating Summary

* Filtering
o Distribute-List
o Offset List
o Distance

* Stub Routing

* Bandwidth Percent

.
OSPF

* OSPF Overview

* Hello Protocol

* Network Types
o Broadcast
o Non-Broadcast
o Point-to-Multipoint
o Point-to-Multipoint Non-Broadcast
o Point-to-Point
o Mismatch

* DR and BDR

* OSPF Finite State Machine

* Router Types

* LSA (Link State Advertisement)

* Stub Areas
o Stub
o Stub No-Summary
o NSSA No-Summary
o NSSA No-Redistrib
o NSSA No-Advertise
o GRE over Stub

* Filtering
o Distribute-List
o LSA 3 Filter
o LSA Overload Protection
o LSA Throttling
o Forwarding Address Suppression in Translated Type-5 LSAs

* Summarization
o Inter-area
o External

* Stub Router Advertisement

* Passive-Interface

* Originating routes

* Path Selection
o Auto-Cost
o Cost
o Bandwidth
o Neighbor Cost
o Incremental SPF

* Authentication
o Area
o Interface
o MD5
o Clear Text
o Null
o Virtual-Link

* Default Routing
o Always
o Conditional

* OSPF Demand Circuit

.
REDISTRIBUTION

* Redistribution Overview
o Connected interfaces
o Single Router
o Mutual Routers

* Connected / Static

* RIP
o Metric

* EIGRP
o Metric
o External EIGRP routes

* OSPF
o Route-Types
o Match command

* BGP
o Bgp Redistribute internal

.
BGP

* The BGP Process

* Establishing Peerings
o TCP Transport
o Update Source
+ BGP States
+ BGP Open Message

* Authentication

* EBGP sessions
o Multihop
o BGP Backdoor
o Distance
o Maximum-Paths
o Dmzlink-bw

* Next-Hop Processing
o Next-Hop Self
o Route-Map

* iBGP sessions
o Route Reflection
o Confederation

* iBGP Synchronization
o Redistribution into IGP
o BGP over GRE

* Bestpath Selection Process
o Weight
o Local Preference
o AS-Path Prepending
o MED

* Communities
o No-Export
o No-Advertise
o Local-AS
o Numbered
o New Format
o Community-list

* Default Originate

* Originating Prefixes
o Network Statement
o Redistribution
o Aggregation
+ Summary-Only
+ Suppress-Map
+ Neighbor Unsuppress-Map

* Filtering
o Filtering Specifics
o Filtering Aggregate

* Conditional Advertisement

* Conditional Route Injection

* Clearing BGP Sessions

* ORF (Outbound Route Filtering)

* Local AS

* Remove Private AS

* Route-maps

* Dampening

* Peer Groups

* Peering Templates

* Regular Expressions

* Fast External Fallover

* Fast Peering session deactivation

* Support for Next-Hop Address Tracking

* Max Prefix

* BGP Policy Accounting

.
MPLS (Multi-Protocol Label Switching)

* MPLS Overview

* Router Types
o CE (Customer Edge)
o PE (Provider Edge)
o P (Provider)

* LDP (Label Distribution Protocol)

* MPBGP
o Address Families
o Originating Prefixes
+ Network Statement
+ Redistribution

* Layer 3 VPNs
o RD (Route-Target)
o RT (Route Disinguisher)
o VRF (virtual routing and forwarding)
o Import and Export Maps

* VRF-Lite (Multi-VRF Customer Edge)

.
IPv6

* Addressing
o Global Unicast
o Link Local
o Site Local
o Unicast Local
o EUI-64

* DHCP for IPv6

* IPv6 on 3560

* IPv6 over Ethernet
o ICMP ND
o Static to Next-Hop
o Static to Interface

* IPv6 over Frame Relay
o Layer 3 Resolution
o Static to Next-Hop
o Static to Interface

* IPv6 Routing Overview

* RIPng
o Enabling
o Default Routing
o Summarization
o Offset List
o Distribute-List
o Redistribution

* EIGRP v6
o Enabling
o Default Routing
o Summarization
o Distribute-List
o Redistribution

* OSPFv3
o Enabling
o Network Types
o OSPFv3 over NBMA
o Summarization
+ Internal
+ External
o Authentication
+ Per interface
+ Per area
o Default Routing
o Redistribution

* MPBGP
o Address Families
o Originating Prefixes
+ Network Statement
+ Aggregation

* Tunneling
o IPv6IP
o GRE
o Automatic 6to4
o ISATAP

* IPv6 Multicast

* IPv6 on 3560

* Access-List Filtering

* Static IPv6 DNS Entries

.
MULTICAST

* Multicast Operation

* Addressing
o Reserved Addresses
o Well-Known addresses
o multicast MAC’s
o SSM addresses

* IGMP
o Join
o Static
o Access-Group
o 3560 Profile
o IGMP Snooping
o Helper
o Timers
o Max Groups

* PIM
o Modes
+ Sparse
+ Dense
o Sparse-Dense
o Shortest Path switchover (SPT/RPT)
+ IP PIM SPT-Threshold

* Reverse Path Forwarding
o Static M-route

* RP Assignments
o Static
+ Override
o Auto-RP
+ Sparse-Dense
+ Auto-RP Listener
+ Default Static RP
o BSR
+ Specific Groups
+ Priority
+ BSR Border
o Anycast RP with MSDP

* Bi-directional PIM

* NBMA Mode

* Multicast over GRE

* Multicast BGP

* Stub Multicast IP Routing

* Filtering
o Static RP
+ Filtering Specific Groups
o Auto-RP filtering
+ RP group filtering
+ MA filtering RP’s
o BSR
+ Specific Groups
o PIM-Neighbor filtering
o Client filtering
o Multicast Bopundary
o Multicast Route-Limit

* Scoping
o TTL Scoping
o Administrative Scoping

* Additional Multicast features
o Multicast Rate Limiting
o Multicast Helper
o SDR Listener support
o Load splitting multicast traffic
o Multicast Heartbeat

* SSM (Source specific multicast)

* MSDP (Multicast Source Distribution Protocol)
o Interdomain Multicast Routing

* PGM (Pragmatic General multicast)

* MRM (Multicast Routing Monitor)

* MVR (Multicast VLAN Registration) on the 3550

* IGMP Profile filtering on 3550/3550

* DVMRP

.
QOS

* Qos Overview

* MQC

* Diffserv & Intserv Models

* Classification & Marking
o Access-Lists
o IP Precedence
o DSCP
o NBAR
o Packet Length
o FR-DE
o Interface
o NOT statement

* Congestion Management
o Custom Queue (CQ)
o Priority Queue (PQ)
o Weighted Fair Queue (WFQ)
o MQC Bandwidth (CBWFQ)
o MQC Priority (LLQ)

* Congestion Avoidance
o Legacy WRED
o MQC WRED
o IP Precedence
o DSCP

* Shaping
o Legacy GTS
o Legacy FRTS
o MQC Shape
o MQC FRTS
o Adaptive

* Policing
o Legacy CAR
o MQC Police
o COPP (Control Plane Policing)

* Unconditional Packet Discard

* RSVP

* Nested MQC Policies

* Switching Voice VLANs

* Cisco AutoQoS

* 3550 QoS
o Classification
+ Per-Port Per-VLAN
+ Mutation Maps
o Congestion Management
+ WRR
+ Expedite Queue
o Policing and Shaping

* 3560 QoS
o Classification
+ Per-Vlan Classification
o Congestion Management
+ Shaped Round Robin (SRR)
+ Weighted Tail Drop (WTD)
o Priority Queue
o Policing and Shaping
+ Aggregate policer

* Compression
o TCP Header
o Predictor
o RTP Header-compression
o Frame-Relay RTP compression

* Link Efficiency mechanisms
o FRF.12

.
SYSTEM MANAGEMENT

* SNMP
o Polling
o Trapping
o Communities
o Controlling Access

* RMON
o Delta
o Absolute

* Logging
o Syslog
o Timestamps
o 3560 Flash Logging
o Config Change Notification and Logging (Archive)

* Remote-access via Telnet
o Establishing Terminal Session Limits
o Displaying Line Connection Information
o Chunk-size
o Assign IP address to service provided on a TCP port
o Busy-message
o Vacant-message
o Telnet message on successful connection
o Refuse-message
o IP telnet quiet
o Saving Local Settings Between Sessions
o Defining Escape character and other key sequences
o Setting terminal screen length and width
o Enable session locking
o Login Enhancements
+ block-for
+ quite-mode
+ delay
o Hiding Telnet Addresses

* NTP

* Master

* Server

* Peer

* Authentication

* Timezones

* Banners & Menus
o Configuring Banners using tokens

* HTTP Server

* TFTP Server

* CDP

* Crash Dump

* Warm Reboot

* IOS Parser

* EEM (Embedded Resource Manager)

* System Resources
o Memory
o CPU

* Various other
o Autoinstall
o Aliases
o Service Nagle
o Interface Commands
+ Hold-Queue
+ Load-interval

.
IP SERVICES

* Scheduler allocate

* TCP
o Performance Parameters
+ TCP Selective Acknowledgment
+ TCP Time-stamp
+ TCP Window Scaling
+ TCP ECN
o TCP Synwait-time
o Window Scaling
o Explicit Congestion Notification
o Keepalive Packet Service

* MTU
o IP MTU
o TCP MSS
o PMTU Discovery

* NAT
o Inside Source
o Outside Source
o Overload
o Static Nat
+ Extendable
+ Port Redirection
o NAT Timeouts
o TCP Load Balancing
o On a Stick
o Stateful Nat

* Broadcast Services
o IP Helper
o Changing Broadcast address

* DHCP
o Server
+ Exclusions
+ Domain
+ Gateway
+ Multiple Gateways
+ Lease Time
o Client
o IPCP Client
o IP Helper, DHCP Relay and Option 82
+ Disabling on router
+ Disabling on switch
o IP Source Guard
o Multiple Default Gateway

* DNS
o Static Entries
o Record Types: MX, A PTR etc
o Proxy

* IP Accounting
o Output Packets
o Access-List Violations
o Precedence

* First Hop Redundancy
o HSRP
o VRRP
o GLBP
o Track

* IP SLA/RTR

* NetFlow

* RITE (Router IP Traffic-Export)

* EEM (Cisco IOS Embedded Event Manager)

* SCP (Switch-module Configuration Protocol)

* TCP/UDP Small Services

* Local Area Mobility

* Web Caching Content Protocol (WCCP)
o Inbound/Outbound
o Excluding Traffic from Redirection
o Only allowing certain Content Engines
o Setting a Password for a router and cache engine
o Enabling on 3550

* NHRP
o Configuring NHRP authentication

* IRDP

* Mobile IP
o Local Area Mobility

* DRP Server Agent

* IP Event Dampening

.
SECURITY

* Standard Access-Lists

* Extended Access-Lists
o Advanced Ext-ACL
+ as a prefix-list
o Scott Morris’s Binary Voodoo
o Options
o ACL Logging

* Rate-limit Access-lists

* Time Based Access-Lists

* Dynamic Access-Lists

* Reflexive Access-Lists

* CBAC

* Zone Based Firewall

* IPS (Intrusion Prevention System)

* Security Compliance RFC’s
o RFC 1918
o RFC 3330 (more for SP Track)
o RFC 2827

* TCP Intercept

* IP Source Tracking

* IP Traffic Export

* Disabling Services
o Source Routing
o Proxy ARP
o IP Options
o CDP
o IP Unreachable

* Local Authentication

* Local Authorization

* AAA (know basics)
o Modes
o Defaults
o RADIUS/TACACS
o Max-attempts
o Quiet Period
o Host mode
o Guest VLAN

* URPF

Saturday, May 1, 2010

V4 Blueprint

ETHERNET BRIDGING & SWITCHING
• Ethernet Technologies
• Speed and duplex
• Ethernet, Fast Ethernet, and Gigabit Ethernet
• PPPoE (PPP over Ethernet)
• Switchports
• Dynamic
o Desirable
o Auto
• Access
• Trunk
o Encapsulation
o Mode
• Allowed List
• Tunnel
o 802.1q Tunnel
• VTP
• Domains
• Modes
o Server
o Client
o Transparent
• Authentication
• Pruning
o Prune Eligible List
• Extended VLANs
• Layer 3 Routing
• Router-on-a-Stick
• Native Routed Ports
• SVIs
• EtherChannel
• Dynamic
o PAgP
o LACP
• Static
• Layer 3 & Layer 2
• Load Balancing
• Spanning-Tree Protocol
• Root Election
• Path Selection
o Port Cost
o Port Priority
• Advanced Spanning-Tree Features
o Portfast
o Uplinkfast
o Backbonefast
o BPDU Guard
o BPDU Filter
o Loopguard
o UDLD
• Disabling STP
• Multiple Spanning-Tree Protocol (MSTP)
• Root Election
• Path Selection
• Rapid Spanning-Tree Protocol (RSTP)
• Advanced Catalyst Features
• Flex Links
• Private VLANs
• SPAN
• RSPAN
• Optimizing System Resources (SDM)
• Link state Tracking
• Macros
• CAM Maintenance
o Static Entries
o Aging
o Logging
o MAC address notification traps
o Unicast MAC address filtering
• Bridging
• Transparent
• CRB
• IRB
• Fall-Back Bridging
o Aging Time
o Discarding Static or Dynamic MAC Address
o Adjusting STP Parameters
• 3560 Security
• Port Security
o Violation modes
o MAC Addresses
o Aging Time
o Aging Type
o Errdisable Recovery/Detect
• 802.1x Authentication
• Storm Control
• DHCP Snooping
o Option-82 Data-Inspection
• IP Source-Guard
• DAI (Dynamic ARP Inspection)
• VACLs
o IP Acl
o MAC Acls & Ethertypes
• Port Protection
o Switchport Protect
o Switchport Block