CCNP Routing and Switching Portable Command Guide

Cisco Press
Scott Empson / Patrick Gargano / Hans Roth  
Total pages
December 2014
Related Titles

Product detail

Product Price CHF Available  
CCNP Routing and Switching Portable Command Guide
45.10 not defined


This Portable Command Guide assists network administrators in the proper use of the Cisco IOS and of the commands needed to pass the latest individual CCNP certification exams, in a thin, easy-to-carry format. The guide summarizes all certification related commands, keywords, command arguments, and associated prompts. Configuration examples are provided throughout the book to give a better understanding of how these commands are used in simple network designs.


  • Maps to the latest version of the CCNP Routing and Switching Exam - great for review before exams without needing a computer connected to a Cisco device
  • All commands in a small, compact resource — makes it easy to carry as a reference in the workplace
  • Examples of how to use commands are given at the same time as the command is presented

New to this Edition

Maps to the latest versions of each Exam

Table of Contents

Introduction xix


Chapter 1 Basic Network and Routing Concepts 1

Cisco Hierarchical Network Model 1

Cisco Enterprise Composite Network Model 2

Typically Used Routing Protocols 2

IGP Versus EGP Routing Protocols 3

Routing Protocol Comparison 3

Administrative Distance 3

Static Routes: permanent Keyword 4

Floating Static Routes 5

Static Routes and Recursive Lookups 5

Default Routes 6

Verifying Static Routes 6

Assigning IPv6 Addresses to Interfaces 7

Implementing RIP Next Generation (RIPng) 7

Verifying and Troubleshooting RIPng 8

Configuration Example: RIPng 9

IPv6 Ping 11

IPv6 Traceroute 12

Chapter 2 EIGRP Implementation 13

Configuring EIGRP 14

EIGRP Router ID 15

EIGRP Autosummarization 15

Passive EIGRP Interfaces 16

“Pseudo” Passive EIGRP Interfaces 17

EIGRP Timers 17

Injecting a Default Route into EIGRP: Redistribution of a Static Route 18

Injecting a Default Route into EIGRP: IP Default Network 18

Injecting a Default Route into EIGRP: Summarize to 19

Accepting Exterior Routing Information: default-information 20

Load Balancing: Maximum Paths 20

Load Balancing: Variance 20

Bandwidth Use 21

Stub Networks 21

EIGRP Unicast Neighbors 22

EIGRP over Frame Relay: Dynamic Mappings 23

EIGRP over Frame Relay: Static Mappings 24

EIGRP over Frame Relay: EIGRP over Multipoint Subinterfaces 25

EIGRP over Frame Relay: EIGRP over Point-to-Point Subinterfaces 26

EIGRP over MPLS: Layer 2 VPN 28

EIGRP over MPLS: Layer 3 VPN 30

EIGRPv6 31

Enabling EIGRPv6 on an Interface 31

Configuring the Percentage of Link Bandwidth Used by EIGRPv6 32

EIGRPv6 Summary Addresses 32

EIGRPv6 Timers 32

EIGRPv6 Stub Routing 32

Logging EIGRPv6 Neighbor Adjacency Changes 33

Adjusting the EIGRPv6 Metric Weights 33

EIGRP Address Families 33

Named EIGRP Configuration Modes 34

Verifying EIGRP and EIGRPv6 35

Troubleshooting EIGRP 37

Configuration Example: EIGRPv4 and EIGRPv6 using Named Address Configuration 37

Chapter 3 Implementing a Scalable Multiarea Network OSPF-Based Solution 41

OSPF Message Types 42

OSPF LSA Types 43

Configuring OSPF 44

Using Wildcard Masks with OSPF Areas 44

Configuring Multiarea OSPF 45

Loopback Interfaces 45

Router ID 46

DR/BDR Elections 46

Passive Interfaces 46

Modifying Cost Metrics 47

OSPF auto-cost reference-bandwidth 47

OSPF LSDB Overload Protection 48

Timers 48


Propagating a Default Route 49

OSPF Special Area Types 49

Stub Areas 50

Totally Stubby Areas 50

Not-So-Stubby Areas 51

Totally NSSA 51

Route Summarization 52

Interarea Route Summarization 52

External Route Summarization 52

Configuration Example: Virtual Links 52

OSPF and NBMA Networks 53

OSPF over NBMA Topology Summary 57

IPv6 and OSPFv3 57

Enabling OSPF for IPv6 on an Interface 58

OSPFv3 and Stub/NSSA Areas 58

Interarea OSPFv3 Route Summarization 59

Enabling an IPv4 Router ID for OSPFv3 59

Forcing an SPF Calculation 59

IPv6 on NBMA Networks 60

OSPFv3 Address Families 60

Verifying OSPF Configuration 61

Troubleshooting OSPF 63

Configuration Example: Single-Area OSPF 64

Configuration Example: Multiarea OSPF 65

Configuration Example: OSPF and NBMA Networks 69

Configuration Example: OSPF and Broadcast Networks 72

Configuration Example: OSPF and Point-to-Multipoint Networks 76

Configuration Example: OSPF and Point-to-Point Networks Using Subinterfaces 80

Configuration Example: IPv6 and OSPFv3 83

Configuration Example: OSPFv3 with Address Families 86

Chapter 4 Configuration of Redistribution 91

Defining Seed and Default Metrics 91

Redistributing Connected Networks 93

Redistributing Static Routes 93

Redistributing Subnets into OSPF 93

Assigning E1 or E2 Routes in OSPF 94

Redistributing OSPF Internal and External Routes 95

Configuration Example: Route Redistribution for IPv4 95

Configuration Example: Route Redistribution for IPv6 97

Verifying Route Redistribution 98

Route Filtering Using the distribute-list Command 98

Configuration Example: Inbound and Outbound Distribute List Route Filters 99

Configuration Example: Controlling Redistribution with Outbound Distribute Lists 100

Verifying Route Filters 100

Route Filtering Using Prefix Lists 101

Configuration Example: Using a Distribute List That References a Prefix List to Control Redistribution 103

Verifying Prefix Lists 104

Using Route Maps with Route Redistribution 104

Configuration Example: Route Maps 105

Manipulating Redistribution Using Route Tagging 106

Changing Administrative Distance for Internal and External Routes 108

Passive Interfaces 108

Chapter 5 Path Control Implementation 111

Verifying Cisco Express Forwarding 111

Configuring Cisco Express Forwarding 111

Path Control with Policy-Based Routing 112

Verifying Policy-Based Routing 113

Configuration Example: PBR with Route Maps 114

Cisco IOS IP Service Level Agreements 115

Step 1: Define One (or More) Probe(s) 116

Step 2: Define One (or More) Tracking Object(s) 117

Step 3a: Define the Action on the Tracking Object(s) 117

Step 3b: Define Policy Routing Using the Tracking Object(s) 117

Step 4: Verify IP SLA Operations 118

Chapter 6 Enterprise Internet Connectivity 119

Configuring a Provider Assigned Static or DHCP IPv4 Address 120

Configuring Static NAT 121

Configuring Dynamic NAT 121

Configuring NAT Overload (PAT) 122

Verifying NAT 124

NAT Virtual Interface 124

Configuration Example: NAT Virtual Interfaces and Static NAT 124

Configure Basic IPv6 Internet Connectivity 125

Configuring IPv6 ACLs 126

Verifying IPv6 ACLs 127

Configuring Redistribution of Default Routes with Different Metrics in a Dual-Homed Internet Connectivity Scenario 127

Configuring BGP 128

BGP and Loopback Addresses 129

iBGP Next-Hop Behavior 129

eBGP Multihop 130

Verifying BGP Connections 132

Troubleshooting BGP Connections 132

Default Routes 133

Attributes 134

Route Selection Decision Process 134

Weight Attribute 134

Using AS_PATH Access Lists to Manipulate the Weight Attribute 136

Using Prefix Lists and Route Maps to Manipulate the Weight Attribute 136

Local Preference Attribute 137

Using AS_PATH Access Lists with Route Maps to Manipulate the Local Preference Attribute 138

AS_PATH Attribute Prepending 139

AS_PATH: Removing Private Autonomous Systems 141

MED Attribute 142

Route Aggregation 144

Route Reflectors 145

Regular Expressions 146

Regular Expressions: Examples 146

BGP Route Filtering Using Access Lists and Distribute Lists 147

Configuration Example: Using Prefix Lists and AS_PATH Access Lists 149

BGP Peer Groups 150

MP-BGP 151

Configure MP-BGP Using Address Families to Exchange IPv4 and IPv6 Routes 151

Verifying MP-BGP 153

Chapter 7 Routers and Routing Protocol Hardening 155

Securing Cisco Routers According to Recommended Practices 156

Securing Cisco IOS Routers Checklist 156

Components of a Router Security Policy 157

Configuring Passwords 157

Password Encryption 158

Configuring SSH 159

Restricting Virtual Terminal Access 160

Securing Access to the Infrastructure Using Router ACLs 161

Configuring Secure SNMP 162

Configuration Backups 165

Implementing Logging 166

Disabling Unneeded Services 169

Configuring Network Time Protocol 169

NTP Configuration 170

NTP Design 171

Securing NTP 172

Verifying NTP 173

SNTP 174

Setting the Clock on a Router 174

Using Time Stamps 178

Configuration Example: NTP 178

Authentication of Routing Protocols 182

Authentication Options for Different Routing Protocols 182

Authentication for EIGRP 183

Authentication for OSPF 185

Authentication for BGP and BGP for IPv6 189


Chapter 8 Basic Concepts and Network Design 191

Hierarchical Model (Cisco Enterprise Campus Architecture) 191

Verifying Switch Content-Addressable Memory 192

Switching Database Manager Templates 192

Configuring SDM Templates 192

Verifying SDM Templates 193

LLDP (802.1AB) 194

Configuring LLDP 194

Verifying LLDP 195

Power over Ethernet 196

Configuring PoE 196

Verifying PoE 196

Chapter 9 Campus Network Architecture 197

Virtual LANs 198

Creating Static VLANs 198

Normal-Range static VLAN Configuration 198

Extended-Range static VLAN Configuration 199

Assigning Ports to Data and Voice VLANs 199

Using the range Command 200

Dynamic Trunking Protocol 200

Setting the Trunk Encapsulation and Allowed VLANs 201

Verifying VLAN Information 202

Saving VLAN Configurations 202

Erasing VLAN Configurations 203

Verifying VLAN Trunking 203

VLAN Trunking Protocol 204

Using Global Configuration Mode 204

Verifying VTP 206

Configuration Example: VLANs 206

Layer 2 Link Aggregation 209

Link Aggregation Interface Modes 210

Guidelines for Configuring Link Aggregation 210

Configuring L2 EtherChannel 211

Configuring L3 EtherChannel 211

Verifying EtherChannel 212

Configuring EtherChannel Load Balancing 212

Configuration Example: PAgP EtherChannel 213

DHCP for IPv4 216

Configuring Basic DHCP Server for IPv4 216

Configuring DHCP Manual IP Assignment for IPv4 217

Implementing DHCP Relay IPv4 217

Verifying DHCP for IPv4 218

Implementing DHCP for IPv6 218

Configuring DHCPv6 Server 219

Configuring DHCPv6 Client 219

Configuring DHCPv6 Relay Agent 220

Verifying DHCPv6 220

Chapter 10 Implementing Spanning Tree 221

Spanning-Tree Standards 222

Enabling Spanning Tree Protocol 222

Configuring the Root Switch 223

Configuring a Secondary Root Switch 224

Configuring Port Priority 224

Configuring the Path Cost 224

Configuring the Switch Priority of a VLAN 225

Configuring STP Timers 225

Verifying STP 226

Cisco STP Toolkit 226

Port Error Conditions 231

FlexLinks 231

Changing the Spanning-Tree Mode 231

Extended System ID 232

Enabling Rapid Spanning Tree 232

Enabling Multiple Spanning Tree 233

Verifying MST 235

Troubleshooting Spanning Tree 235

Configuration Example: PVST+ 235

Spanning-Tree Migration Example: PVST+ to Rapid-PVST+ 239

Chapter 11 Implementing Inter-VLAN Routing 241

Inter-VLAN Communication Using an External Router: Router-on-a-Stick 241

Inter-VLAN Routing Tips 242

Removing L2 Switch Port Capability of a Switch Port 242

Configuring SVI Autostate 243

Inter-VLAN Communication on a Multilayer Switch Through a Switch Virtual Interface 243

Configuration Example: Inter-VLAN Communication 244

Configuration Example: IPv6 Inter-VLAN Communication 251

Chapter 12 Implementing High-Availability Networks 259

Configuring IP Service Level Agreements (Catalyst 3750) 260

Configuring Authentication for IP SLA 262

Monitoring IP SLA Operations 262

Implementing Port Mirroring 262

Default SPAN and RSPAN Configuration 262

Configuring Local SPAN 263

Local SPAN Guidelines for Configuration 263

Configuring Local SPAN Example 264

Configuring Remote SPAN 267

Remote SPAN Guidelines for Configuration 267

Configuring Remote SPAN Example 268

Verifying and Troubleshooting Local and Remote SPAN 269

Switch Virtualization 269

StackWise 270

Virtual Switching System 271

Chapter 13 First-Hop Redundancy Implementation 277

First-Hop Redundancy 278

Hot Standby Router Protocol 278

Configuring Basic HSRP 278

Default HSRP Configuration Settings 279

Verifying HSRP 279

HSRP Optimization Options 279

Multiple HSRP Groups 281

HSRP IP SLA Tracking 283

HSRPv2 for IPv6 284

Debugging HSRP 285

Virtual Router Redundancy Protocol 285

Configuring VRRP 285

Interface Tracking 287

Verifying VRRP 287

Debugging VRRP 287

Gateway Load Balancing Protocol 287

Configuring GLBP 288

Interface Tracking 290

Verifying GLBP 290

Debugging GLBP 291

IPv4 Configuration Example: HSRP on L3 Switch 291

IPv4 Configuration Example: GLBP 296

IPv4 Configuration Example: VRRP on Router and L3 Switch 300

IPv6 Configuration Example: HSRP on Router and L3 Switch 304

Chapter 14 Campus Network Security 311

Switch Security Recommended Practices 312

Configuring Switch Port Security 313

Sticky MAC Addresses 313

Verifying Switch Port Security 314

Recovering Automatically from Error-Disabled Ports 315

Verifying Autorecovery of Error-Disabled Ports 315

Configuring Port Access Lists 315

Creating and Applying Named Port Access List 316

Configuring Storm Control 316

Implementing Authentication Methods 317

Local Database Authentication 317

RADIUS Authentication 318

TACACS+ Authentication 319

Configuring Authorization and Accounting 321

Configuring 802.1x Port-Based Authentication 322

Configuring DHCP Snooping 323

Verifying DHCP Snooping 324

IP Source Guard 324

Dynamic ARP Inspection 325

Verifying DAI 326

Mitigating VLAN Hopping: Best Practices 326

VLAN Access Lists 327

Verifying VACLs 329

Configuration Example: VACLs 329

Private VLANs 331

Verifying PVLANs 332

Configuration Example: PVLANs 333


Appendix A Private VLAN Catalyst Switch Support Matrix 337

Appendix B Create Your Own Journal Here 339

9781587144349 TOC 12/8/2014


Scott Empson is the chair of the Bachelor of Applied Information Systems Technology degree program at the Northern Alberta Institute of Technology in Edmonton, Alberta, Canada, where he teaches Cisco routing, switching, network design, and leadership courses in a variety of different programs (certificate, diploma, and applied degree) at the postsecondary level. Scott is also the program coordinator of the Cisco Networking Academy Program at NAIT, an area support center for the province of Alberta. He has a Masters of Education degree along with three undergraduate degrees: a Bachelor of Arts, with a major in English; a Bachelor of Education, again with a major in English/Language Arts; and a Bachelor of Applied Information Systems Technology, with a major in Network Management. He currently holds several industry certifications, including CCNP, CCDP, CCAI, C|EH, and Network+. Before instructing at NAIT, he was a junior/senior high school English/Language Arts/Computer Science teacher at different schools throughout Northern Alberta. Scott lives in Edmonton, Alberta, with his wife, Trina, and two children, Zach and Shae.

Patrick Gargano has been a Cisco Networking Academy Instructor since 2000. He currently heads the Networking Academy program and teaches CCNA/CCNP-level courses at Collège La Cité in Ottawa, Canada, where he has successfully introduced mastery-based learning and gamification into his teaching. In 2013 and 2014, Patrick led the Cisco Networking Academy student “Dream Team,” which deployed the wired and wireless networks for attendees of the Cisco Live conferences in the United States. In 2014, Collège La Cité awarded him the prize for innovation and excellence in teaching. Previously he was a Cisco Networking Academy instructor at Cégep de l’Outaouais (Gatineau, Canada) and Louis-Riel High School (Ottawa, Canada) and a Cisco instructor (CCSI) for Fast Lane UK (London). His certifications include CCNA (R&S), CCNA Wireless, CCNA Security, and CCNP (R&S). #CiscoChampion @PatrickGargano

Hans Roth is an instructor in the Electrical Engineering Technology department at Red River College in Winnipeg, Manitoba, Canada. Hans has been teaching at the college for 17 years and teaches in both the engineering technology and IT areas. He has been with the Cisco Networking Academy since 2000, teaching CCNP curricula. Before teaching, Hans spent 15 years on R&D/product development teams helping design microcontroller-based control systems for consumer products and for the automotive and agricultural industries.