Cisco Discovery 4 Module 7 Picture Descriptions 1.0 Chapter Introduction 1.0.1 Introduction Slideshow Slide 1 text: Performing proof-of-concept testing of a new design before deployment reduces risk and shortens implementation time. Slide 2 text: Simulations and prototypes can be used to test complex network functionality without disrupting the existing network users. Slide 3 text: Building a prototype network to perform proof-of-concept tests requires careful planning and organization. Slide 4 text: Creating detailed test plans ensures that the testing is performed in an organized and efficient manner . 7.1.0 - Building a Prototype to Validate a Design 7.1.1 - Purpose of a Prototype 3 Diagrams Diagram 1, Table Considerations When Choosing Either a Prototype or a Pilot Test Prototype: * + Independent of the "Live" network * + Multiple or unlikely conditions that could cause failure can be tested * + Changes can be made at any time because users do not depend on the functionality * + Highly controlled simulated environment * + No risk * - Not the actual environment * - Not as much variability Pilot * + Real-world network traffic * + In cases where the physical environment or actual traffic conditions are needed to determine operation * + The network response can be tested in unplanned and unpredictable situations * - Not as easily controlled * - Required coordination with user groups * - Not as flexible * - High visibility and risk Diagram 2, Image Diagram shows that the pilot may eiter be on the existing network or isolated pilot network. Diagram 3,Activity Decide if the test items are best suited for a prototype or pilot. A: Test the implementation of a new link between a WAN site and the stadium. B: Test the VLAN routing strategy at the Distribution Layer. C: Compare how redundant switched links react to a failure with how redundant routed links react to the same failure. D: Test the route summarization when using auto-summary instead of manual summary. E: Test wireless Access Point placement. 7.1.2 - Creating a Test Plan Single diagram, Table * Section 1. This section is an introduction describing the purpose of the tests and types of tests to be run. * Equipment: Section 2. This section contains a list of equipment to use in the test. This includes cables, optional components, and software. * Design and Topology Diagram: Section 3. This section contains a topology diagram for how the equipment is to be connected. This is the network as it is to be built. If the topology duplicates a section of the actual network, the section has a reference. Device configurations are in the Appendix. * Test Description: Section 4. This section includes information about the test itself: o The goal of the test o The information testers are seeking o The time estimate for test completion * Test Procedures: Section 5. This section included the step-by-step test procedures. * Anticipated Results and Success Criteria: Section 6. This section includes the anticipated results and success criteria. This can include specific criteria such as ping times not exceeding 100 ms * Actual Results and Conclusions: Section 7. This section contains the results of the test and the conclusions from the results. * Appendix: Section 8. The appendix contains configurations or other relevant information. The other relevant information could include modifications, log files, or command outputs. More info contains a link to a sample test plan, Example_Test_Plan.doc 7.1.3 - Verifying the Design Meets Goals and Requirements 2 Diagrams Diagram 1, Image Diagram depicts a reasonably complex network and the out put of the show cdp neighbors and show ip arp commands. This is covered in the labs. Diagram 2, Table Network Function: Isolate traffic using VLANs to support IP cameras. Method to Test: Create VLAN, install camera (or PC emulating camera). Verify VLAN configuration on switch. Use Wireshark to examine packets. Network Function: Trunk VLAN to Distribution Layer. Method to Test: Create trunk links to Distribution Layer device. Verify trunk operation. Network Function: Address and access the camera devices using IP addresses. Method to Test: Assign IP addresses to all devices, per the network design. Verify configuration by using ping. Network Function: Route traffic appropriately using EIGRP. Method to Test: Configure EIGRP routing to route VLANs. Verify routing using show commands, ping, and trace route. Network Function: Place access lists to permit authorized viewing stations. Method to Test: Configure and place access lists to permit only selected viewing stations to have access to the cameras. Test using ping and access-list logging. Network Function: Test end-to-end application performance. Method to Test: Display video on PC located across the network. Collect information on bandwidth usage, quality of video stream. Add traffic on the network using a traffic simulation program and observe quality of video. 7.1.4 - Validating LAN Technologies and Devices 4 Diagrams Diagram 1, Image Network Functions * Wireshark is a free software protocol analyzer, or "packet sniffer" application used for network troubleshooting, analysis, software and protocol development, and education. * Create Trunk Links: A trunk is a communications channel between two points. It usually refers to large-bandwidth channels between switching centers that handle many simultaneous voice and data signals. * Assign IP Addresses to all devices per the network design. Verify the configuration by using ping. Ping is a computer network tool used to test whether a particular host is reachable across an IP network. It works by sending ICMP "echo request" packets to the target host and listens for a response. * Enhanced Interior Gateway Routing Protocol (EIGRP) is a Cisco proprietary routing protocol. EIGRP is an advanced distance-vector routing protocol with optimization to minimize both the routing instability incurred after topology changes, as well as the use of bandwidth and processing power in the router. * An ACL is a list of permissions attached to an object. The list specifies who or what is allowed to access the object and what operations are allowed to be performed on the object. * Display Video on PC across the network. Collect information on bandwidth usage, quality of video stream. Add traffic on the network using a traffic simulation program and observe the quality of the video. * Packet Tracer is a stand-alone simulation environment created to design, configure, and troubleshoot CCNA-level networks. It is intended to teach beginning networking students how and why devices in a network work the way they do. A student is able to observe the behavior of data frames and packets as they traverse through routers, switches, and other devices. Diagram 2, Image Screen capture of Packet Tracer Diagram 3, Packet Tracer Exploration Diagram 4, Activity Identify how tools are used to validate the network design and components. Tools: A: protocol analyzer B: show IP route command C: show cdp neighbors command D: traceroute command E: traceroute command F: LED indicators G: ping command H: ping command I: show interfaces command J: show interfaces command 1. Identifies network traffic 2. Displays routing metric information 3. Displays Layer 3 path from source to destination 4. Verifies connectivity on local segment 5. Verifies reachability and end-to-end connectivity 6. Displays bandwidth information 7.1.5 - Test the Redundancy and Resiliency of the Network Single Diagram, Animation Animation depicts Active and redundant links being used. 7.1.6 - Identify Risks or Weaknesses in the Design 2 Diagrams Diagram 1, image Diagram depicts a large complex network. Weaknesses listed in the text body are illustrated. Diagram 2, Hands on Lab 7.2.0 - Prototyping the LAN 7.2.1 - Identify Goals and Requirements Met by LAN Design Single Diagram, Image Diagram depicts flat network and a hierarchical network topologies as described in previous sections. 7.2.2 - Creating the Test Plan 4 Diagrams Diagram 1, Table Business goal: Combine the existing data and video surveillance networks, and support the addition of IP telephony in the stadium. Overall success goal: Demonstrate the end-to-end IP connectivity and transfer simulated data, voice and video surveillance traffic over the network with acceptable quality. Technical requirements Scalability: Conversion from a flat network to a three-layer hierarchy. Availability: Use of Layer 3 links, rather than Layer 2 links. Implementation of redundant topology Security: Configuration of filters to ensure that only authorized personnel have access to the surveillance video. Configuration of switch port security functions Manageability: Creation of management VLAN and configuration of SSH Success criteria Technical requirements Scalability: Successful pings, Telnet and transfer of data. VLANs isolate traffic, shown by unsuccessful pings, IOS show command output Availability: Quick recovery when a link failure occurs. Failed link does not bring network down Security: Unauthorized stations cannot access video. Unknown MAC addresses fail to connect Manageability: Successful SSH connectivity to all devices Diagram 2, Image Prototype test topology. Diagram depicts a worker connected to a switch which, in turn, connects to the test topology. Distribution: Simulate fully routed topology and filtering. Core: No text Distribution: Demonstrate redundant links and recovery from failure. Access: Simulated Voice Traffic, Simulated Video Traffic & Simulated data traffic Diagram 3, Packet Tracer Exploration Diagram 4, hands on Lab 7.2.3 - Validating the Choice of Devices and Topologies 2 Diagrams Diagram 1, Image Screen capture of Packet Tracer Diagram 2, Packet Tracer Activity 7.2.4 - Validating the Choice of Routing Protocol 2 Diagrams Diagram 1, Image A hierarchical network topology is shown. Diagram 2, Packet Tracer Activity 7.2.5 - Validating the IP Addressing Scheme 3 Diagrams Diagram 1, Table This table shows the breakdown of IP addresses under the following headings. Stadium network Distribution blocks Wiring closet blocks Individual VLANS Point to point links Diagram 2, Packet Tracer Activity Diagram 3, Hands on Lab 7.2.6 - Identify Risks and Weaknesses 2 Diagrams Diagram 1, Image Explained in the text body. Diagram 2, Hands on Lab 7.3.0 - Prototyping the Server Farm 7.3.1 - Identifying Server Farm Goals and Requirements Single diagram, Image Diagram depicts the existing decentralised servers and the proposed server farm. In the server farm model all servers are grouped in the access layer. 7.3.2 - Creating the Test Plan 4 Diagrams Diagram 1, Table Business Goal: Provide better customer service by improving the access to the web site for viewing of schedules, purchasing and printing of tickets, and purchasing of merchandise. Overall Success Goal: Demonstrate that web services are available, from both on and off-site locations, with little or no disruption in services caused by equipment or link failure. Technical requirements Scalability: Configuration of a flexible IP addressing structure. Creating a modular server farm design that can accommodate more servers without impacting the design Availability: Using redundant links from servers to the Access Layer switches. Creating redundant Layer 2 switch connections at the Access Layer and using RSTP to shorten the time for redundant switched links to become active after a failure. Configuration of a fast converging routing protocol (EIGRP) at the Distribution Layer and Core Layer. Security: Apply filters to permit traffic to only the required ports on the servers. Install firewalls and IDS capabilities at the Distribution Layer Manageability: Create management VLAN and provide access to the data center devices through SSH Overall Success Criteria Scalability: Adding additional subnets and server addresses does not cause routing or addressing reconfiguration. Adding an additional server does not require reconfiguration Availability: The failure of a single Access Layer switch does not affect server connectivity. RSTP converges quickly when a link or device fails. EIGRP converges quickly, with little or no loss of connectivity in the event of link failure. Security: Undesirable traffic is blocked before reaching the servers. Attack signatures and known threats are stopped from reaching the servers. Manageability: Management station is able to initiate an SSH session to devices inside the data center. Diagram 2, Image Picture of the proposed pilot network. Diagram 3, Packet Tracer Exploration Diagram 4, Hands on Lab 7.3.3 - Validating Device and Topology Selection 5 Diagrams Diagram 1, Text PVRST+ Implementation Commands Switchx(Config)#spanning-tree mode rapid-pvst This command configures PVRST+. Switchx# spanning-tree vlan vlan# [detail] This command verifies the spanning-tree configuration. Switchx# debug spanning-tree pvst+ This command displays per-VLAN spanning tree event debug. Diagram 2, Image Refer to text body. Diagram 3, Image Diagram depicts a large network with the note to implement RSTP at each distribution layer cluster of switches. Diagram 4, Activity Port States A: Match the port state to the correct port role. B: Different path to the root bridge than the path the root port takes C: Has no role in the operation of the spanning tree D: Forwarding port elected for the entire spanning tree topology E: Forwarding port elected for every individual switched LAN segment F: Less desirable duplicate connection to the same shared network segment Port Role 1. Root 2. Alternate 3. Disabled 4. Designated 5. Backup Diagram 5, Hands on Lab 7.3.4 - Validating the Security Plan 3 Diagrams Diagram 1, Image Diagram of proposed stadium network. Diagram 2, Image Contains information on the security test plan. Text unable to be retrieved. Diagram 3, Packet Tracer Exploration 7.3.5 - Verify Design Meets Business Goals Single diagram, Hands on Lab 7.3.6 - Identify Risks and Weaknesses 2 Diagrams Diagram 1, Image Diagram depicts a user connecting from the stadium management network through the core layer to the data centre and to a Server. User No.1 is attempting to access data on the target server through the distribution layer and is being denied. Server 2 is attempting to access the same data on the target server through the Layer 2 access switch and is not denied. Using multilayer switching at the Access Layer in the server farm can filter locally generated traffic. Now Server 2 can be prevented from accessing data on the target server. Diagram 2, Hands on Lab 7.4.0 - Chapter Summary 7.4.1 ? Summary Slideshow Slide 1 text * It is a recommended practice to test any new design before design approval and implementation. Testing provides a proof-of-concept for the design. * There are two common methods to do proof-of-concept testing: on a prototype network or installing a pilot on existing network. * The decision to create a prototype or a pilot depends on the following factors: o The type of testing required o The potential disruption from a pilot on the existing network * Before beginning a proof-of-concept test, a detailed test plan should be created to outline the test strategy and the expected results. Slide 2 text * A proof-of-concept test demonstrates new or improved functionality of the network, as well as verifying the design works as expected. * When it is not possible to duplicate the physical network environment in order to perform a proof-of-concept test, it may be necessary to use a simulation software program to test the design. * Prototypes and simulations can be used to identify risks and weaknesses inherent in the network design. * Some commonly identified risks and weaknesses include: o Single points of failure o Large failure domains o Possible bottlenecks o Limited scalability o Overly complex designs * When creating a test plan, the first things the network designer needs to consider are: o What types of tests to run o How much of the network must be built to perform the tests o How to determine the success or failure of the test Slide 3 text * RSTP provides rapid connectivity following the failure of a switch, a switch port, or a LAN. RSTP enables switch port configuration so that the ports can transition to forwarding directly when the switch reinitializes. * RSTP defines the following port roles: o Root - A forwarding port elected for the spanning tree topology o Designated - A forwarding port elected for every switched LAN segment o Alternate - An alternate path to the root bridge that is different from the path that the root port takes o Backup - A backup path that provides a redundant, but less desirable, connection to a segment to which another switch port already connects.(Backup ports can only exist where two ports are connected together in a loopback by a point-to-point link or bridge with two or more connections to a shared LAN segment.) o Disabled - A port that has no role within the operation of spanning tree