Implementing Cisco Switched Networks Chapter 5 Review

This is my review and notes of Chapter 5 of “Implementing Cisco Switched Networks Foundation Learning Guide”.


Chapter 5: Implementing High Availability and Redundancy in a Campus Network

I think this chapter was probably quite good. Although I did find it pretty long, and there were various points I wish it would have just finished.

It followed a structure of theory behind High Availability trying to get the reader to think about why they’re implementing it, along with how they should implement it.

It then covered a bit on Cisco’s chassis or stack based HA options (failover methods of bad HW etc), and then moved into different monitoring methods (SNMP, IP SLA, Syslog etc).

Following that was a look at First Hop redundancy with HSRP, VRRP, and GLBP. Lastly was Cisco IOS Server Load Balancing (which I highly doubt is in the exam).

I find it hard to fault much in this chapter, there was just a lot there.

What’s probably going to be in the exam:
– Possibly a question on the 5 components of HA (Redundancy, Technology, People, Processes and Tools).
Definitely on Network Monitoring (SNMP, Syslog, IP SLA)
– Very likely something on HSRP, VRRP, and GLBP.

What the chapter covers:
– The above summarises it quite well.

High Availability
High availability is technology that enables network wide resilience to increase IP network availability.

5 Components of High Availability

Attempts to eliminate single points of failure, where one failed device or design element brings down service.

Technology (HW/SW features)
Several Cisco routing continuity options such as Cisco Nonstop Forwarding (NSF) and Stateful Switchover (SSO) exist, and graceful restart capabilities improve availability. These technologies allow processor failover without a link flap, continued fowarding of packets, and maintenance of BGP adjacencies.

Redundant equipment and links and advanced technology are just the beginning of high availability. In PPDIOO, the people component is vitally important too. Staff work habits and skills can impact high availability.

Sound, repeatable processes can lead to high availability. Continual process improvement as part of PPDIOO plays a role in achieving high availability.

Use tools that provide performance thresholds and reporting to get a good understanding of how the network behaves in a good state. Also use tools for monitoring network uptime, with triggers that activate in the event of a service or device failure.

Cisco NSF (NonStop Forwarding) with SSO (Stateful SwitchOver)
All you probably need to know is that it’s a supervisor redundancy mechanism in IOS that allows a standby RP (Route Processor) to take over the device after a hardware or software fault on the Active RP. Works at layers 2-4.

Implementing Network Monitoring

This can be through:
– Syslog

If you’ve ever used a cisco device, you should know what syslog is. Important things to note for it are that you can modify the event/reporting level, where messages are reported to (local buffer, console, tty or remote syslog server).

Learn the Syslog severity levels for the exam
It’s the type of thing a question will probably be on. Level 0 = highest severity. Level 7 = Lowest.

Level 0 – Emergency
Level 1 – Alert
Level 2 – Critical
Level 3 – Error
Level 4 – Warning
Level 5 – Notice
Level 6 – Informational
Level 7 – Debug

Emerald Alley Cats Enjoy Whiskas Naturally Insightful Dinners

To time stamp log messages: conf t, service time-stamps [debug|log|datetime uptime|localtime|msec|show-timezone|year]

Configuring Syslog
To configure a syslog server: logging x.x.x.x
To configure which severity gets logged: logging trap ____
To configure local logs: logging buffered


– Only disadvantage the book says is that there is a delay between the time that an event occurs and the time that it is noticed by the NMS. There is a trade-off between polling frequency and badwidth usage.
– SNMP uses UDP

SNMP Versions

– Version 1 and 2 both lack security
– Version 3 has security

SNMP Message types

1. Get Request – Retrieves value of specific MIB variable
2. Get Next Request – Retrieves next issuance of MIB variable
3. Set Request – Modifies the value of a MIB variable.
4. Get Response – Contains values of requested variable.
5. Trap – Transmits an unsolicited alarm condition

New SNMP Message types in version 2
– Get Bulk Request – Reduces repetitive requests/replies and improves performance when retrieving large amounts of data (e.g. tables)
– Inform Request – Alert SNMP manager of specific conditions (differs from SNMP traps as traps are udp and Inform request actually gets an ACK from the NMS)

SNMPv3 adds
NoAuthNoPriv – no authentication required
authNoPriv – Authentication with either HMAC-MD5 or HMAC-SHA
authPriv – CVC-DES encryption

Configuring SNMP

1. Configure SNMP access lists (So only authorised hosts have access)
2. Configure SNMP community strings
3. Configure SNMP trap receiver
4. Configure SNMPv3 user

S1(config)#access-list 100 permit ip any
S1(config)#snmp-server community RO-PASSWORD RO 100
S1(config)#snmp-server community RW-PASSWORD RW 100
S1(config)#snmp-server trap

IP Service Level Agreement

An SLA is a contract between the network provider and its customers, or between a network department and internal corporate customers. It provides a form of guarantee to customers about the level of user experience.

Typically, the technical components of an SLA contain a guarantee level for network availability, network performance, in terms of route-trip time, and network response in terms of latency, jitter, and packet loss.

Common types of monitoring used by IP SLAs
– Edge to edge network availability monitoring
– Network performance monitoring and network performance visibility
– VoIP, video, and VPN monitoring
– IP service network health readiness or assessment
– MPLS network monitoring
– Troubleshooting of network operation

IP SLA Operations

– Network admin configures a target device, protocol, and UDP or TCP port numbers on the IP SLA source for each operation
– Operation can be encrypted with MD5
-Target could be DNS or HTTP, with the device being any suitable computer.

While the target can be “anything” as such, measurement accuracy is improved with an IP SLA Responder. An IP SLA responder is a device that runs IOS and is configured as an IP SLA reasurement responder with the command “ip sla monitor responder”

Operation with Responder

1. At the start of the control phase, the IP SLA source sends a control message with the configured IP SLA operation information to IP SLA control port UDP 1967 on the target router. The control message carries information such as protocol, port number, duration, and if configured, MD5 authentication.
2. If the responder processes the control message, it sends an OK message to the source router and listens on the port specified in the control message for a specified duration.
3. If the return code of control message is OK, the IP SLA operation moves ot the proving phase, where it sends one or more test packets to the responder for response time computations. Use “Show ip sla statistics” to view.
4. The responder accepts the test packets and responds. Based on the type of operation, the responder might add an “in” timestamp and an “out” timestamp in the response payload to account for CPU time spent in measuring 1-way packet loss, latency, and jitter. These timestamps help the IP SLA source to make accurate assessments on one-way delay, and the processing time in the target routers.

So basically, it’s two stages, initially setting up with the control phase (asks target to open port, target responses) and Probing Phase (Sends test IP SLA packet, responder accepts and responds).

IP SLA Timestamps
IP SLA source uses four time stamps for the round-trip time (RTT) calculation. The IP SLA source sends a test packet at time T1. The IP SLA responder includes both the receipt time (T2) and the transmitted time (T3). Because of other high-priority processes, routers can take tens of milliseconds to process incoming packets. The delay affects the response times because the reply to the test packets might be sitting in a queue while waiting to be processed.

The delta value is then subtracted from the overall RTT.

Configuring IP SLA

1. Configure IP SLA probe.
2. Activate probe.
3. Configure tracking object.
4. Configure action on tracking object.

S1(config)#ip sla monitor 11
S1(config-sla)#type echo prot ipIcmpEcho source-int fa0/1
S1(config-sla)#frequency 10
S1(config-sla)#ip sla monitor schedule 11 life forever start-time now
S1(config-sla)#track 1 ip sla 11 reachability

S2(config)#ip sla responder

Verify: show ip sla statistics, show ip sla configuration

Implementing Redundant Supervisor Engines in Catalyst Switches
The next 8ish pages is on this. I’m pretty confident the exam won’t have anything on this, so hardly any notes.

– Found in Calalyst 4500 and 6500.

– RPR (Route Processor Redundancy) and RPR+

No longer preferred option. NSF with SSO = best.

– SSO (Stateful Switch Over)
– NSF (Non-stop Forwarding) with SSO.

NSF Offers:
– Improved network availability: NSF continues forwarding network traffic and application state information so that user traffic is not interrupted after a Supervisor switchover.
– Overall network stability: Improved by maintaining routing protocol neighbor relationships during Supervisor failover.

Understanding First Hop Redundancy Protocols

Refers to Default Gateway redundancy.


Proxy ARP
Before default gateway was supported on most IP clients, networks were relying on the proxy ARP feature to reach IP devices outside the IP client subnet.

From wikipedia: Proxy ARP (Address Resolution Protocol) is a technique by which a device on a given network answers the ARP queries for a network address that is not on that network. The ARP Proxy is aware of the location of the traffic’s destination, and offers its own MAC address in reply, effectively saying, “send it to me, and I’ll get it to where it needs to go.” Serving as an ARP Proxy for another host effectively directs LAN traffic to the Proxy.

Static Default Gateway
Now that a default gateway is configured on most devices, the Proxy ARP feature is not used anymore. Nevertheless, each client receives only one default gateway; there is not means by which to configure a secondary gateway, even if a second route exists to carry packets off the local segment.

Hot Standby Router Protocol (HSRP)
– Cisco Proprietary

With HSRP configured between a set of routers, they work in concert to present the appearance of a single virtual router to the hosts on the LAN.

The IP address of the virtual router will be configured as the default gateway for the workstations on a specific IP segment. When frames are to be sent from the host to the default GW, the host uses ARP to resolve the MAC address associated with the IP address of the default gateway. The ARP resolution returns the MAC address of the virtual router.

HSRP active and standby routers send hello messages to multicast address UDP.

All HSRP routers need to be L2 adjacent to that hello packets can be exchanged.

HSRP Roles:
Virtual Router – IP and MAC address pair that end devices have configured as their default GW.

Active Router – Within an HSRP group, one router is elected to be the active router. The active router physically forwards packets sent to the MAC address of the virtual router. There is one active router in an HSRP group.

Standby Router – Listens for periodic hello messages. If it fails to receive a hello, the standby router then assumes the role of the active router. There is one standby router in an HSRP group.

Other Routers – There can be more than two routers in an HSRP group, but only one active and one standby router. All routers in the group contend for the active and standby roles.

HSRP States

Beginning state. Indicates that HSRP does not run. This state is entered via a config change, or when the associated interface first comes up.
The router knows the virtual IP address, but the router is neither the active router nor the standby router. It listens for hello messages from those routers.
Router sends periodic hello messages and actively participates in the election of the active or standby router.
The router is a candidate to become the next active router and sends periodic hello messages.
The router is currently forwarding packets that are sent to the group virtual MAC address. Router sends periodic hello messages.

When two routers participate in an election process, a priority can be configured to determine which router should be active. Without specific priority configuration, each router has a default priority of 100, and the router with the highest IP address is elected as the active router.

When STP is configured in the network, ensure that the active HSRP router is also the STP Root bridge, otherwise sub-optimal routing may occur.

Configuring HSRP
S1(config-if)#standby X ip x.x.x.x ← Group is optional. If none specific, 0 is used.

HSRP Priority and Preempt
S1(config-if)#standby x priority x ← Priority can be 0-255. Default = 100. Highest = best.

If the routers do not have preempt configured, a router that boots up significantly faster than the others in the standby group becomes the active router, regardless of the configured priority. The former active router can be configured to resume the forwarding router role by preempting a router with a lower priority.

S1(config-if)#standby x preempt {delay} [minimum delay]

HSRP Authentication
S1(config-if)#standby x authentication xxxxxxxx

HSRP Timers
By default, HSRP hellotime is 3 seconds, and hold time is 10 seconds, which means that failover time could be as much as 10 seconds for clients to start communicating with the new default GW.

The hold time value should be at least 3 times the value of the helllo time. To tune the timers:

S1(config-if)#standby x timers [msec] hellotime holdtime

As mentioned earlier, preempt is an important feature of HSRP that enables the primary router to resume the active role when it comes back online after failure or maintenance event.

If modifying the preempt timer, the rec for it should be the value of 50% greater than the device boot time.

S1(config-if)#standby 10 preempt delay minimum x

HSRP Versions

2 versions exist. Not backwards compatible.

HSRP Interface Tracking
Interface tracking enables the priority of a standby group router to be automatically adjusted, based on the availability of the router interfaces. When a tracked interface becomes unavailable, the HSRP priority of the router is decreased. When properly configured, the HSRP tracking feature ensures that a router with an unavailable key interface will relinquish the active router role.

In other words, if the active HSRP router loses it’s own router uplink, tracking ensures that the standby HSRP router’s priority is increased and takes over the active role.

To configure:

1. Configure the standby group.
2. Configure priority (default 100).
3. Configure preempt on all devices within the HSRP group.
4. Configure the tracked interfaces and decrement (default decrement 10).

S1(config-if)standby X track interface [interface-priority]

HSRP Object Tracking

HSRP also offers tracking by an object, such as:
– An interface – Like above
– IP route
– A list of different objects

Multiple HSRP Groups
Multigroup HSRP enables routers to simultaneously provide redundant backup and perform load sharing across different IP subnets. In other words, if at the access layer you have two VLANs, configure each distribution layer switch to be in different HSRP Groups, so each of your distribution switches is a HSRP active device for each vlan.

HSRP Monitoring

– Show standby brief
– Show standby
– Show standby neighbor vlanX

Virtual Router Redundancy Protocol (VRRP)
IEEE version of HSRP

Comparison with HSRP
– A HSRP group has one active router, one standby router, and potentially many listeners
– A VRRP group has one master router, and one or more backup routers.
– HSRP has max 16 Groups. VRRP is 255.
– In HSRP, the Virtual IP is different from Active and Standby routers real IP addresses. In VRRP, the Virtual IP can be the same as one of the group members real IP addresses.
– HSRP uses for hello packets. VRRP uses
– VRRP timers are a lot shorter by default.
– HSRP can track interfaces or objects. VRRP can only track objects.

VRRP features

– VRRP provides redundancy for the real IP address of a router or for a virtual IP address shared among the VRRP group members.
– If a real IP address is used, the router with that address becomes the master. If a virtual IP address is used, the master is the router with the highest priority.
– A VRRP group has one master router and one or more backup routers. The master router uses VRRP messages to inform group members that it is the master.

– If the Virtual IP is set to that of a physical interface, the router with that config is set to the VRRP Master with a priority of 255. Default backup priority is 100.

– The priority value 0 can not be configured, and indicates that the current master has stopped participating in VRRP. This setting is used to trigger backup routers to quickly transition to the master without having to wait for the current master to time out.

– With VRRP, only the master sends out hellos.

VRRP Transition Process
– 3 timers: Advertisement interval (1 second), Master Down interval(3x Advertisement = 3 seconds), and skew time (256 – priority / 256. Ensures that the backup router with highest priority wins).

In the case of an orderly shutdown of the VRRP Master, it sends an advertisement with a priority of 0. This priority setting then triggers the backup router to take over quicker by waiting only the skew time instead of the master down interval.

VRRP Configuration

S1(config-if)#vrrp group ip virtual-gw-ip
S1(config-if)#vrrp X priority x
S1(config-if)#vrrp x timers advertise X
S1(config-if)#vrrp x timers learn ←Learns the timers from the VRRP Master

Show vrrp interface vlan x

The main different between VRRP and HSRP, is the backup router does not send advertisements. Therefore, the VRRP Master is not aware of the current backup router.

Gateway Load Balancing Protocol

Cisco Proprietary solution created to enable automatic selection and simultaneous use of multiple available gateways in addition to automatic failover between those gateways.

HSRP is typically used in CIsco networks as usually there are only two gateways for any subnet. GLBP can be used if more than two gateways exist for subnets to load share across the gateways.

GLBP Functions

– GLBP active virtual gateway (AVG) – Members of a GLBP group elect one gateway to be the AVG for that group.

– GLBP active virtual forwarder (AVF) – Each gateway assumes responsibility for forwarding packets that are sent to the virtual MAC address assigned to that gateway by the AVG. These gateways are known as AVFs for their virtual MAC address

– GLBP communication: GLVP members send hello messages to eachover via multicast every 3 seconds.

GLBP Features

– Load sharing
Multiple routers can share traffic from LAN clients

– Multiple virtual routers
Supports up to 1024 virtual routers (groups) on each physical interface and up to four virtual forwarders per group.

– Preemption
Enables you to preempt an AVG with a higher priority backup virtual gateway that has become available.

– Efficient resource utilization
Makes it possible for any router in a group to server as a backup, which eliminates the need for a dedicated backup router.

GLBP Operations

– Each member of the GLBP group elect one gateway to be the AVG for that group. Other members of the group provide backup for the AVG if it becomes unavailable.
– The AVG assigns a virtual MAC address to each member of the GLBP group. All routers become AVFs for frames addressed to that virtual MAC address.
– As clients send ARP requests for the address of the default gateway, the AFG sends these virtual MAC address in the ARP replies.
– A GLBP group can have up to 4 group members.

Load Balancing Methods

– Weighted load-balancing algorithm
– Host-dependent load-balancing algorithm
– Round-robin load-balancing algorithm
– default

GLBP, like HSRP, is also capable of being configured using interface tracking.

GLBP Weighting Mechanism

– Differs from HSRP/VRRP.
– With GLBP, two thresholds are defined.
– 1 lower threshold that applies when the router loses weight.
– 1 upper threshold when the router regains weight.
– This double threshold mechanism enables more flexibility than the single threshold system.

Do a google if you want to know more on this. I’m taking a bet it won’t be in the exam.

GLBP Configuration

S1(config-if)#glbp X ip X
S1(config-if)#glbp x priority x ← highest wins. default 100
S1(config-if)# x timers x x

Cisco IOS Server Load Balancing

– layer 4 – 7 switching feature
– Again, I doubt this is in the exam so haven’t made any notes on it.

Implementing Cisco Switched Networks Chapter 4 Review

This is my review and notes of Chapter 4 of “Implementing Cisco Switched Networks Foundation Learning Guide”.


Chapter 4 – Implementing Inter-VLAN Routing

Sorry if this chapter is a bit short on notes. I don’t find inter-vlan routing a hard topic to grasp, so don’t need many notes.

Probably said above a bit too soon. Found this chapter pretty boring when it got to how the CAM and TCAM work. I think it was just too detailed. Some may like it, and it will probably help them with their understanding, but for me it wasn’t presented in a way that I found easy to keep concentrated. Thing is, I think this is a pretty important concept to grasp. If you understand how a switch does its’ thing at each layer, it definitely helps with your troubleshooting of a device.

Whohoo! Chapter got a bit better at the end from page 230. Chapter finally had some examples and how to apply troubleshooting switching issues around CEF. I’m still not convinced this chapter did a fantastic explanation of CEF, but then again I’m a visual learner and would have probably benefited from a more graphical explanation.

In terms of the CCNP exam, probably need to know:
– Inter-VLAN routing using SVI.
– How to configure Routed Ports.
– Understand how a DHCP server works, and how to use DHCP Relay.
– Basic understanding of Cisco CEF and how to troubleshoot it.

– All of the above plus:
– Router on a stick
– Layer 3 EtherChannels
– Each different type of switching method (fast switching, process switching, CEF)

A switch is typically a layer 2 device. At layer 2, the switch is probably capable of creating VLANs and configuring each port to be in a different VLAN. Each created VLAN will typically have layer 3 devices configured in it such as hosts, and each vlan should only have 1 subnet in use within it.

This is all fine until you have devices that need communication between say two VLANs. This is what we call Inter-VLAN routing, and there are two methods capable of achieving this.

1. ROAST (Router on a Stick)
2. SVI (Switched Virtual Interface)

Router on a stick is where you configure a trunk port on your layer 2 switch with the VLANs you want routing to be achieved between. Connected to that port is a router capable of trunking, in which you configure sub-interfaces on the router port, with an IP address in each VLAN. Hosts on the switch then configure their default gateway to be the associated IP address to that VLAN on the router.

ROAST is the old way of doing it and I won’t go any further into it.

An SVI is simply a VLAN on a switch that has an IP address configured on it. Your switch needs to be layer 3 for routing to function on it.

An SVI is created when a user types ‘int vlan X’ in global config mode.

Different types of Layer 3 interfaces on a MLS (MultiLayer Switch)

– Routed Port: This is a purely layer 3 interface similar to a router port on an actual router.
– SVI: – As above
– Bridge Virtual interface (BVI): An L3 virtual bridging interface

Routed Port
– A routed port is a physical port that acts similarly to a port on a traditional router with a Layer 3 address configured.
– Unlike an access port, a routed port is not associated with a particular VLAN.
– Has all layer 2 switching functionality removed (Except EtherChannel which can function at L3).
– Used for Point to Point Links.
– To configure, under the interface issue the command “no switchport”.

When configuring SVIs:
Make sure to “no shut” the interface, and enable IP routing if you want to be able to communicate the VLANs subnets to other routers, otherwise this is not essential.

SVI Autostate
– Basically refers to the need of having at least port up in a vlan before the Layer 3 SVI is also up. In other words, if all ports in a VLAN are shutdown or unplugged, the SVI will also go down.
– You can ensure the SVI stays up, by manually configuring on the port “switchport autostate exclude”. If the port goes down, the SVI will still stay up. The concern of this is things like blackhole routing, and should not be enabled without some valid consideration.

Configuring a Layer 3 EtherChannel
So this is something that was actually new to me. To configure a Layer 3 EtherChannel, you make it like a routed port by removing the switchport functionality.
To configure:
S1(config)#interface port-channel 1
S1(config-if)#no switchport
S1(config-if)#ip add xxxxx xxxxx
S1(config)#interface range xx-xx
S1(config-if-range)#no switchport
S1(config-if-range)#channel-group 1 mode __

Implementing DHCP in a Multilayer Switched Environment
– Know how DHCP works (DORA: Discover Offer Response Acknowledge)

ip dhcp excluded-address ip dhcp pool XYZ
option 150 lease 0 8 0 int vlan10
ip add

Important point is Cisco switches can only offer a DHCP range that it actually has an IP address in.

Configure DHCP Relay

Host——-—-Switch———DHCP Server

DHCP Relay is a feature needed when your DHCP server does not reside in the same subnet as your hosts. In the example above, the host currently does not have an IP address, but resides in the VLAN that has the subnet. When the host boots up, it will broadcast a DHCP Discover frame. With DHCP Relay configured on the switch, the switch will see this broadcast frame, and unicast forward the request on to the DHCP server. The DHCP server will reply with an Offer frame and both will complete the rest of DORA.
To configure, on the VLAN interface, configure the command “ip helper-address address of dhcp server
Verify DHCP operation: ‘show ip dhcp binding’, and ‘debug ip dhcp server packet’.

CEF-Based Multilayer Switching
I might be a bit brief on this area, but it’s an importance concept to understand. This area looks at the process a switch goes through in terms of the layers between hardware, and the high level application protocols running on the switch.

Explaining Layer 3 Switch Processing
A layer 3 switch performs 3 main functions:
– Packet switching
– Route processing
– Intelligent network services

CAM and TCAM Tables
Multilayer switches build routing, bridging, QoS, and ACL tables for centralized or distribution switching in hardware using high-speed memory tables. Switches perform lookups in these tables for result information, such as to determine whether a packet with a specific destination IP address is supposed to be dropped according to an ACL. These tables support high-performance lookups and search algorithms such that multilayer switches maintain line-rate performance.

Cam Table (Content Addressable Memory)

– The primary table used to make Layer 2 forwarding decisions.
– Table Lookups are performed with efficient search algorithms.
– CAM tables provide only two results: 0 (true), or 1 (false).
– The table is built by recording the source MAC address and inbound port of all incoming frames.
– When a frame arrives at the switch with a destination MAC address of an entry in the CAM table, the frame is forwarded out through only the port that is associated with that specific MAC address.

A key is created to compare the frame to the table content:
– E.g. DST MAC and Vlan ID of a frame would constitute the key for layer 2 table lookup.
– The key is input into a hashing algorithm, which produces, as the output, a pointer into the table.
– The system uses the pointer to access a specific entry in the table, thus eliminating the need to search the entire system.

TCAM (Ternary Content Addressable Memory)
– Stores ACLs, QoS, and other information generally associated with Layer 3 and up layer processing.
– TCAM provides 3 results: 0 (true) 1 (false), and “don’t care”.
– Portion of memory designed for rapid, hardware-based table lookups of layer 3 and 4 info.
– Single lookup provides all layer 2 and layer 3 forwarding info for frames, including CAM and ACL info.
– Memory structure is broken into a series of patterns and associated masks.
TCAM Method of matching entries in tables

Exact-match region
Where the whole match needs to be exact e.g. IP next-hop info (MAC Address)

Longest-match region
Book explanation was terrible. Basically this is the entry in hardware with the longest prefix that matches the lookup. Did that make sense? So with IP prefix or IP Multicast prefix, you might be looking up where to find host You have two routes in hardware. One for and one for The longest match in this case is the latter.

First-match region
Look up is stopped after first match on entry, e.g. ACL entries

Cisco Switching Methods

Process Switching
– Router strips off the layer 2 header for each incoming frame, looks up the Layer 3 destination network address in the routing table for each packet, and then sends the frame with the rewritten Layer 2 header, including CRC, to outgoing interface.
– Done by software (CPU), not hardware (ASIC).
– Most CPU intensive method.
Fast Switching
– Does same as packet switching for first packet, then installs that info into fast switching cache.
– Frame is rewritten with corresponding link address and is sent over the outgoing interface.

CEF (Cisco Express Forwarding)
– Default switching method
– Less CPU intensive than other above methods
– Router builds Forwarding Information Base (FIB) and Adjacency table from other tables build by CPU such as routing and ARP tables.
– These tables are then used to make hardware based forwarding decisions.

At this point in the chapter I felt it had a lot of WAFFLE and could have explained it all a lot easier by using an example.

See the following image.

This shows the top down approach of what happens from the high layer routing protocol, in this case BGP, to the low level in hardware/ASIC.

Quick explanation from Cisco:

The Forwarding Information Base (FIB) table – CEF uses a FIB to make IP destination prefix-based switching decisions. The FIB is conceptually similar to a routing table or information base. It maintains a mirror image of the forwarding information contained in the IP routing table.
When routing or topology changes occur in the network, the IP routing table is updated, and these changes are reflected in the FIB. The FIB maintains next-hop address information based on the information in the IP routing table.
Because there is a one-to-one correlation between FIB entries and routing table entries, the FIB contains all known routes and eliminates the need for route cache maintenance that is associated with switching paths such as fast switching and optimum switching.

Adjacency table – Nodes in the network are said to be adjacent if they can reach each other with a single hop across a link layer. In addition to the FIB, CEF uses adjacency tables to prepend Layer 2 addressing information. The adjacency table maintains Layer 2 next-hop addresses for all FIB entries.

Not all packets can be processed in Hardware, e.g. Tunnel interface traffic, NAT.
– A glen adjacency is in the CEF adjacency table when multiple hosts are directly connected to the MLS through a single port or interface. Lol what? There’s more on glen adjacencies in the book, but I doubt there will be anything on this in the exam.

Okay, I gave up all hope on this chapter too early. Page 230 has a sample of CEF operation…Could be worth looking at if CEF isn’t making that much sense. Sorry I haven’t got more on it. I’d suggest doing a google on CEF operation for more info.

CEF-Based MLS Verification

Show interface __
Provides stats for hardware switching Layer 3 packets

Show ip cef [___]
Verifies the FIB

Show adjacency [___]
Verify adjacency table

Show cef drops
Packets being dropped by hardware.

15 Days till CCNP Switch Exam


On the 20th January 2014 I am sitting the Cisco CCNP Switch Exam. For me this is the first of the 3 CCNP exams.

At the moment I’m pretty stressed out about this. I spent a large chuck of last year trying to study for this exam off and on, so I think I should be okay for it. For me, it’s a case of trying to remember all the stuff I’ve learnt at various points. If I don’t use something, I forget it, as do I imagine most people.

I work for Allied Telesis, which is probably considered a small to medium competitor to Cisco. The Allied Telesis switch operating system, AW+, is a very similar CLI to IOS (read industry standard CLI), which is a fantastic operating system, but I find it a double edge sword in terms of the Cisco exams. It’s great in terms of the fact that I was able to come from all the Cisco NetaCad courses and know how to use the Allied Telesis gear, but there are enough small differences that I’ll need to do a bit of labbing before my switch exam. Along with practicing all the Cisco proprietary features again (PVRST+, HSRP, VTP, DTP etc).

So what should you expect to see on my blog for the next couple of weeks?


I’m currently going through the “Implementing Cisco IP Switched Networks (SWITCH) Foundation Learning Guide” again as a refresher for the exam. Each day I’m hopefully going to post my notes from the book, along with a quick review of each chapter.


So what other material are you using for studying?

– CBT Nuggets CCNP Switch Video course

I’m lucky in the fact that work has a license for CBT Nuggets.

CCNP SWITCH 642-813 Quick Reference Guide

I’ve read this before when I sat my NetaCad Switch exam. I intend on reading this a day or two before the exam as a final refresher.

– CCNP Switch Student Lab Manual

I intend on spending a day going through all the labs. I’ve got 2x 3750 along with 2x 3550 to study with for the exam.

101 CCNP Labs – Labs

Looks like it could be a good refresher in terms of Labs for the exam.

How to master CCNP Switch

From what I’ve initially looked at, this book is great. It avoids the waffle Cisco Press books have, and explains things in the simplest form possible. I’m not sure how much of this book I’ll get the chance to read, but had I had more time before my exam, I would have quite liked to read this whole book.

– ?????????

Any other decent quick material I can get. I think at this point I need to find good labs I can practise.


So how do you intend on studying for this? How much study have you done so far?

2 years ago I did the Cisco CCNP Switch Netacad course and read the Foundation learning guide which I’m going to be blogging about. Last year I read the Official Cert Guide, purely because it was new material. I decided to reread the Foundation Learning Guide purely because it covers more topics that are in the exam. That and the fact that it is a Cisco Press book, so it should have what’s covered in the exam.

In terms of study so far? I actually only started studying 4 days ago. Other than that I hadn’t done any study for this exam for about 3 months. I could be crazy. I hope not. I really struggle to find time to study for this, as I’m generally doing routing at work, and find it hard to focus on two major topics at the same time. I’ve just had a week off work, and will have the week before the exam off work also. I’m hoping although this is a concentrated amount of time to study for an exam like this, that along with my previous knowledge, I’ll be able to cram enough for the exam.

What study have I done this week? I’ve read the first 3 chapters of the Foundation Learning Guide. My blog posts above will be my notes on the first 3 chapters. My goal is roughly 50 pages of the book a day, along with some CBT Nugget watching. I should finish all this a few days before the exam, in which I’ll do some labbing for a few days, and final review of material along with reading the Quick Reference Guide.

Wish me luck!