CMIT452 University of Maryland Ch 9 Switch Port Security and VLAN Questions Please see attachments for the assignment requiremwnts. Part 1 Question 1: Swit

CMIT452 University of Maryland Ch 9 Switch Port Security and VLAN Questions Please see attachments for the assignment requiremwnts. Part 1
Question 1: Switch
Port Security
One of the most important aspects of networking is security. Cisco switches provide a feature
known as port security where you can ensure that the intended host(s), and only the intended
host(s), is connected to the switch port in question. Cisco port security allows the network
administrator to mandate a number of parameters to include what action to take when there is a
violation. In this post you should describe the pros and cons of enabling port security and
provide an in-depth description of the different options that are available to the network
administrator.
Question 2: VLAN Access Control Lists (VACLs)
Cisco provides the network administrator with a host of security tools. Among those tools are
Access Control Lists, or more simply just ACLs. There are many different types of ACLs. For
example, there are Router Based ACLs (RACLs), there are Port Based ACLs (PACLs), and
there are VLAN ACLs (VACLs). Each type of ACL performs a different type of function with
respect to securing your network.
For this post you should provide a description of the similarities and differences between
VACLs, RACLs, and PACLs as well as providing a sample use case for when you would use
VACLs in a network. You can watch the video tutorial below as well to gain a better
understanding of the different use cases for each approach. Here is the video:

Question 3: StackWise vs. VSS
In Chapter #9 you learned about Cisco’s StackWise technology as well as Cisco’ Virtual
Switching System (VSS) technology. Both approaches can provide your network with high
availability (HA) in the event of a failure. For this post your task is to compare and contrast
StackWise and VSS with a focus on the different use cases that each technology best serves.
Answer questions as to whether StackWise and VSS basically do the same thing? If not, how
are they different? When would you recommend one technology over the other? What are the
benefits? What are the drawbacks?
Note: Choose any two above, provide an initial response consist of a minimum of 250 words
and a maximum of 500 words; two (2) follow-up responses between 60 and 100 words; a
minimum of two sources (references).
Part 2
Question 1: How
can we Improve CMIT-452???
Learner feedback is a critical component used to evaluate whether or not a course is meeting
the goal of providing you with a valuable learning experience. For this discussion post you
should complete at least one (1) of the following statements (and you are free to complete more
if you so choose):
1.
2.
3.
4.
5.
6.
If I was teaching this class I would have included topics like…
This class would have been more valuable to me if…
I wish we would have covered topics like…
If I could change one thing about this class it would be…
My favorite activities from this course were…
If a friend asked me whether or not they should take this class I would say…
Question 2: CMIT-452 Course Level Set
Now that you have taken this class, what do you think? Did you get what you wanted out of
this class? Did we meet your learning objectives for the course? Do you have any comments or
suggestions regarding the course? Please let us know if we were “on point” or not.
Note: An initial response for each above and One (1) follow-up response each as well. There is
no length requirement for this discussion topic and no sources need to be cited. This part is
based on all the research assignments.
High Availability
CCNP SWITCH: Implementing Cisco IP Switched Networks
SWITCH v7 Chapter 9
© 2007 – 2016, Cisco Systems, Inc. All rights reserved.
Cisco Public
1
Chapter 9 Objectives
This chapter covers the following Cisco Catalyst switch
features:
▪ The need and basic idea behind switch stacking and VSS
▪ StackWise
▪ The benefits of StackWise
▪ Verifying StackWise
▪ VSS
▪ VSS benefits
▪ Verifying VSS
▪ Supervisor redundancy
▪ Supervisor redundancy modes
Chapter 9
© 2007 – 2016, Cisco Systems, Inc. All rights reserved.
Cisco Public
2
The Need for
Logical Switching
Architectures
Chapter 9
© 2007 – 2016, Cisco Systems, Inc. All rights reserved.
Cisco Public
3
The Need for Logical Switching Architectures
▪ Access switchs needs its own uplink to each of the distribution switches
to satisfy the redundancy requirements, but one of the uplinks has to be
blocked by the Spanning Tree Protocol (STP) to prevent a loop, thus
cutting the bandwidth in half.
▪ To overcome some of these limitations, Cisco proposes the following
virtualization solutions.
• StackWise: Focused on the access layer module
• VSS: Focused on the aggregation layer module
Chapter 9
© 2007 – 2016, Cisco Systems, Inc. All rights reserved.
Cisco Public
4
What Is
StackWise?
Chapter 9
© 2007 – 2016, Cisco Systems, Inc. All rights reserved.
Cisco Public
5
What Is StackWise?
▪ Cisco StackWise technology provides a method for
collectively utilizing the capabilities of a stack of switches.
▪ Configuration and routing information is shared by every
switch in the stack, creating a single switching unit.
▪ Switches can be added to and deleted from a working stack
without affecting performance.
▪ The stack is managed as a single unit by a master switch,
which is elected from one of the stack member switches.
Chapter 9
© 2007 – 2016, Cisco Systems, Inc. All rights reserved.
Cisco Public
6
StackWise Details
▪ Each stack of switches has a single IP address and is
managed as a single object.
▪ This allows each switch in the stack to share the same
network topology, MAC address, and routing information.
▪ Catalyst 3750-E, 3750-X, and 3850 series switches support
StackWise and StackWise Plus.
▪ StackWise Plus is an evolution of StackWise. StackWise
Plus supports local switching, so locally destined packets
need not traverse the stack ring.
▪ Catalyst 3850 series supports StackWise-480 with
improved 480-Gbps stacking. Catalyst 2960-S series
supports FlexStack, aStackWise-based feature tailored for
Layer 2 switches. FlexStack is limited to four stacked
switches.
Chapter 9
© 2007 – 2016, Cisco Systems, Inc. All rights reserved.
Cisco Public
7
StackWise Benefits
Chapter 9
© 2007 – 2016, Cisco Systems, Inc. All rights reserved.
Cisco Public
8
Verifying StackWise
Chapter 9
© 2007 – 2016, Cisco Systems, Inc. All rights reserved.
Cisco Public
9
What Is VSS?
Chapter 9
© 2007 – 2016, Cisco Systems, Inc. All rights reserved.
Cisco Public
10
What Is VSS?
▪ Virtual Switching System (VSS) is a network system
virtualization technology that combines a pair of Catalyst
4500 or 6500 series switches into one virtual switch,
increasing the operational efficiency, boosting nonstop
communications, and scaling the system bandwidth
capacity.
▪ The VSS simplifies network configuration and operation by
reducing the number of Layer 3 routing neighbors and by
providing a loop-free Layer 2 topology.
Chapter 9
© 2007 – 2016, Cisco Systems, Inc. All rights reserved.
Cisco Public
11
What Is VSS?
▪ The VSL is made of up to eight 10 Gigabit Ethernet connections
bundled into an EtherChannel.
▪ VSL carries the control plane communication between the two VSS
members, in addition to regular data traffic.
▪ Once the VSS is formed, only the control plane of one of the members
is active. The data plane and switch fabric of both members are active.
▪ Both chassis are kept in sync with the interchassis SSO mechanism,
along with NSF to provide nonstop communication even in the event of
failure of one of the member supervisor engines or chassis.
Chapter 9
© 2007 – 2016, Cisco Systems, Inc. All rights reserved.
Cisco Public
12
VSS Benefits
▪ VSS increases operational efficiency by reducing switch
management overhead and simplifying the network.
▪ It provides a single point of management, IP address, and routing
instance.
▪ Neighbors see the VSS as a single Layer 2 switching or Layer 3
routing node, thus reducing the control protocol traffic.
▪ VSS provides a single VLAN gateway IP address, removing the
need for the first-hop redundancy protocol (HSRP, VRRP,
GLBP),
▪ Multichannel EtherChannel (MEC) allows you to bundle links to
two physical switches in VSS, creating a loop-free redundant
topology without the need for STP.
▪ Interchassis stateful failover results in no disruption to
applications that rely on network state information.
▪ VSS eliminates Layer 2 / Layer 3 protocol reconvergence if a
virtual switch member fails, resulting in deterministic subsecond
virtual switch recovery.
Chapter 9
© 2007 – 2016, Cisco Systems, Inc. All rights reserved.
Cisco Public
13
VSS Benefits
Chapter 9
© 2007 – 2016, Cisco Systems, Inc. All rights reserved.
Cisco Public
14
Verifying VSS
To verify the status of VSS configuration, use the following
commands:
▪
▪
▪
▪
show
show
show
show
switch
switch
switch
switch
virtual
virtual link
virtual role
virtual link port-channel
Chapter 9
© 2007 – 2016, Cisco Systems, Inc. All rights reserved.
Cisco Public
15
Verifying VSL
Chapter 9
© 2007 – 2016, Cisco Systems, Inc. All rights reserved.
Cisco Public
16
Redundant
Switch
Supervisors
Chapter 9
© 2007 – 2016, Cisco Systems, Inc. All rights reserved.
Cisco Public
17
Redundant Switch Supervisors
▪ The Cisco supervisor engine module is the heart of the Cisco modular
switch platforms.
▪ The supervisor provides centralized forwarding information and processing.
▪ All software processes of a modular switch are run on a supervisor.
▪ Redundant supervisors are highly recommended for the aggregation and
core layer so that they might help provide faster convergence in case of the
primary supervisor failure. Platforms such as the Catalyst 4500, 6500, and
6800 series can accept two supervisor modules that are installed in a single
chassis, thus removing a single point of failure.
▪ The first supervisor module to successfully boot becomes the active
supervisor for the chassis.
▪ The other supervisor remains in a standby role, waiting for the active
supervisor to fail.
▪ The active supervisor provides all switching functions. The standby
supervisor, however, is allowed to boot and initialize only to a certain level.
▪ When the active module fails, the standby module can proceed to initialize
any remaining functions and take over the active role.
Chapter 9
© 2007 – 2016, Cisco Systems, Inc. All rights reserved.
Cisco Public
18
Supervisor Redundancy Modes
▪ Redundant supervisor modules can be configured in
several modes.
▪ Redundancy mode limits the standby supervisor’s state of
readiness.
▪ SSO allows for NSF.
Chapter 9
© 2007 – 2016, Cisco Systems, Inc. All rights reserved.
Cisco Public
19
Supervisor Redundancy Modes
▪ Route processor redundancy (RPR)
• The redundant supervisor is only partially booted and initialized. When
the active module fails, the standby module must reload every other
module in the switch and then initialize all the supervisor functions.
▪ Route processor redundancy plus (RPR+)
• The redundant supervisor is booted, allowing the supervisor and route
engine to initialize. No Layer 2 or Layer 3 functions are started. When the
active module fails, the standby module finishes initializing without
reloading other switch modules. This allows switch ports to retain their
state.
▪ Stateful switchover (SSO)
• The redundant supervisor is fully booted and initialized. Both the startup
and running configuration contents are synchronized between the
supervisor modules. Layer 2 information is maintained on both
supervisors so that hardware switching can continue during a failover.
The state of the switch interfaces is also maintained on both supervisors
so that links do not flap during a failover.
Chapter 9
© 2007 – 2016, Cisco Systems, Inc. All rights reserved.
Cisco Public
20
Stateful Switchover
▪ The redundant supervisor engine starts up in a fully
initialized state and synchronizes with the startup
configuration and the running configuration of the active
supervisor engine.
▪ The standby supervisor in SSO mode also keeps in sync
with the active supervisor engine for all changes in
hardware and software states for features that are
supported via SSO.
▪ Any supported feature interrupted by failure of the active
supervisor engine is continued seamlessly on the redundant
supervisor engine.
Chapter 9
© 2007 – 2016, Cisco Systems, Inc. All rights reserved.
Cisco Public
21
Nonstop Forwarding
▪ NSF is an interactive method that focuses on quickly
rebuilding the Routing Information Base (RIB) table after a
supervisor switchover.
▪ The RIB is used to generate the Forwarding Information
Base (FIB) table for CEF, which is downloaded to any
switch modules that can perform CEF.
▪ NSF with SSO redundancy includes the standard SSO for
Layer 2 switching; however, it also minimizes the amount of
time that a Layer 3 network is unavailable following a
supervisor engine switchover by continuing to forward IP
packets using CEF entries built from the old active
supervisor.
Chapter 9
© 2007 – 2016, Cisco Systems, Inc. All rights reserved.
Cisco Public
22
Chapter 9 Summary
▪
▪
▪
▪
▪
▪
▪
▪
▪
The need and basic idea behind switch stacking and VSS
StackWise
The benefits of StackWise
Verifying StackWise
VSS
VSS benefits
Verifying VSS
Supervisor redundancy
Supervisor redundancy modes
Chapter 9
© 2007 – 2016, Cisco Systems, Inc. All rights reserved.
Cisco Public
23
Chapter 9 Labs
▪ None
Chapter 9
© 2007 – 2016, Cisco Systems, Inc. All rights reserved.
Cisco Public
24
Chapter 9
© 2007 – 2016, Cisco Systems, Inc. All rights reserved.
Cisco Public
25
Acknowledgment
• Some of the images and texts are from Implementing Cisco IP Switched
Networks (SWITCH) Foundation Learning Guide: (CCNP SWITCH 300-115) by
Richard Froom and Erum Frahim (1587206641)
• Copyright © 2015 – 2016 Cisco Systems, Inc.
• Special Thanks to Bruno Silva
Chapter 9
© 2007 – 2016, Cisco Systems, Inc. All rights reserved.
Cisco Public
26

Purchase answer to see full
attachment