Cisco Network Training

Cisco Network Training
Mr. Supakorn Visutthicho

Assistant Vice President - Technical Support
CCIE # 43646
Advanced Borderless Network Architecture Specialization

Advanced Collaboration Architecture Specialization
Advanced Data Center Architecture Specialization
The Practical Solution Co.,Ltd. All rights reserved.

Advanced Routing and Switching
Advanced Security Specialization
Advanced Unified Communications Specialization
Advanced Wireless LAN Specialization

• Command prompt: hostname>
Switch>

Privileged EXEC mode allows detailed examination of a switch or a router
• Enables configuration and debugging
• Prerequisite for other configuration mode
• Change from user EXEC mode to Privileged EXEC mode using the
enable command
• Command prompt: hostname>
Switch>enable
Switch#

Switch#cl?
clear clock
Switch#clock ?
set Set the time and rate
Switch#clock set ?
hh:mm:ss Current time
Switch#clock set 15:55:00 ?
<1-31> Day of the month
MONTH Month of the year
Switch#clock set 15:55:00 12 August ?
<1993-2035> Year
Switch#clock set 15:55:00 12 August 2014 ?
<cr>
Switch#clock set 15:55:00 12 August 2014
Switch#

Switch#c
% Ambiguous command:‘c’
• Not enough characters were entered.
Switch#clock set
% Incomplete command
Switch#clock set 15:55:00
% Incomplete command
• Required arguments or keywords were left off the end of the command
Switch#clock set 15:55:00 25 6

^
% Invalid input detected at “^” marker
• The caret (^) indicates where the command interpreter cannot decipher
the command
• Global configuration mode
Switch#configure terminal
Switch(config)#
• Interface configuration mode
Switch(config)#interface FastEthernet0/1
Switch(config-if)#
• Set hostname
Switch(config)#hostname TPS-Switch
TPS-Switch(config)#

• Assign the IP address and subnet mask for switch
TPS-Switch#configure terminal
TPS-Switch(config)#interface Vlan 1
TPS-Switch(config-if)#ip address 192.168.1.254 255.255.255.0
TPS-Switch(config-if)#no shutdown
• Assign the IP address and subnet mask for router

TPS-Router#configure terminal
TPS-Router(config)#interface FastEthernet 0/0
TPS-Router(config-if)#ip address 192.168.2.254 255.255.255.0
TPS-Router(config-if)#no shutdown

• Configure enable password
TPS-Switch(config)#enable password Cisco123
• Configure enable secret password
TPS-Switch(config)#enable secret Cisco789
• Verification of configured passwords

TPS-Switch#show running-config | include enable
enable secret 5 $1$RFEH$uW4uC0/VA1abu6L1WQ1
Enable password Cisco123

• Encrypting plaintext password
TPS-Switch(config)#service password-encryption
• Verification of configured passwords

TPS-Switch#show running-config | include enable
enable secret 5 $1$RFEH$uW4uC0/VA1abu6L1WQ1
Enable password 7 76GF90CD1N9D3A16BA

• Configure console password
TPS-Switch(config)#line console 0
TPS-Switch(config-line)#password Cisco123
TPS-Switch(config-line)#login
• Configure console password

TPS-Switch(config)#line vty 0 4
TPS-Switch(config-line)#password Cisco123
TPS-Switch(config-line)#login
• EXEC timeout
TPS-Switch(config-line)#exec-timeout 5

• Configure local username and password
TPS-Switch(config)#username admin secret cisco
TPS-Switch(config)#line vty 0 4
TPS-Switch(config-line)#login local
TPS-Switch(config)#line console 0
TPS-Switch(config-line)#login local

• Configure IP default gateway on a switch
TPS-Switch(config)#ip default-gateway 10.1.1.1
10.1.1.1
TPS-Switch

Implementing VLAN


▪ A VLAN is a virtual LAN
▪ VLAN = Broadcast Domain
▪ VLAN = Subnet
▪ VLANs address these needs:
• Segmentation
• Security
• Network flexibility

VLAN Range Use
0, 4095 Reserved for system use only

1 Cisco default
2–1001 For Ethernet VLANs
1002–1005 Cisco defaults for FDDI and Token Ring
Ethernet VLANs only, unusable on specific

1006–4094
legacy platforms

▪ Create VLAN 10 and names “Sales”
TPS-Switch(config)#vlan 10
TPS-Switch(config-vlan)#name Sales
▪ Verify VLAN
Switch#show vlan brief
VLAN Name Status Ports

---- -------------------------------- --------- -------------------------------
1 default active Fa0/1, Fa0/2, Fa0/3, Fa0/4
Fa0/5, Fa0/6, Fa0/7, Fa0/8
Fa0/9, Fa0/10, Fa0/11, Fa0/12
Fa0/13, Fa0/14, Fa0/15, Fa0/16
Fa0/17, Fa0/18, Fa0/19, Fa0/20
Fa0/21, Fa0/22, Fa0/23, Fa0/24
Gig0/1, Gig0/2
10 Sales active
1002 fddi-default active
1003 token-ring-default active
1004 fddinet-default active
1005 trnet-default active

TPS-Switch(config)#interface FastEthernet0/3
TPS-Switch(config-if)#switchport mode access
TPS-Switch(config-if)#switchport access vlan 2

▪ Verify that port was assigned to VLAN
Switch#show vlan brief
VLAN Name Status Ports

---- -------------------------------- --------- -------------------------------
1 default active Fa0/1, Fa0/2,
2 VLAN002 active Fa0/3
3 VLAN003 active Fa0/4
1002 fddi-default active
1003 token-ring-default active
1004 fddinet-default active
1005 trnet-default active

▪ Combining many VLANs on the same port is called “Trunking”
▪ A trunk allows the transportation of frames from different VLANs
▪ Each frame has a tag that specifies the VLAN that it belongs to.

SwitchX(config)#interface FastEthernet0/11
SwitchX(config-if)#switchport mode trunk
SwitchX(config-if)#switchport trunk allow vlan 10,20
SwitchX(config-if)#switchport trunk native vlan 99

▪ Verifies the port is trunking
SwitchX#show interface trunk

Port Mode Encapsulation Status Native vlan
Fa0/11 on 802.1q trunking 1
Port Vlans allowed on trunk

Fa0/11 1-1005
Port Vlans allowed and active in management domain

Fa0/11 1,10,20
Port Vlans in spanning tree forwarding state and not pruned

Fa0/11 1,10,20

▪ Switch Layer 3 ▪ Limited Capabilities:
• Switch with routing functionalities • Cisco Catalyst 2960X
• Switches frame for same VLAN ▪ Can be upgraded to L3 switches
• Route packets for different VLAN • Cisco Catalyst 3650/3850 Series
• Cisco 9300/9400/9500 Series

Switch(config)#ip routing (default configure)
Switch(config)#interface vlan 10
Switch(config-if)#ip address 10.1.10.1 255.255.255.0
Switch(config)#interface vlan 20
Switch(config-if)#ip address 10.1.20.1 255.255.255.0

DSW1(config)# interface ethernet 0/2
DSW1(config-if)# no switchport
DSW1(config-if)# ip address 10.0.99.1 255.255.255.0

Spanning Tree Protocol

• This command forces this switch to be the root for VLAN 1.
Switch(config)#spanning-tree vlan 1 root primary
• This command configures this switch to be the secondary root for VLAN 1.
Switch(config)#spanning-tree vlan 1 root secondary
Or
Switch(config)#spanning-tree vlan 1 priority priority
• Verify Spanning-Tree

• Display an overview of STP status and topology

Root Backup Root
10G x 2
1G 1G
1G 1G

10G x 2
1G 1G
1G 1G
Root

▪ Configures PortFast and BPDUGuard on interface FastEthernet 0/1
Switch(config)#interface FastEthernet 0/1

Switch(config-if)#spanning-tree portfast
Switch(config-if)#spanning-tree bpduguard enable
▪ Enables PortFast all non-trunking interfaces and enables BPDUGuard globally for all
PortFast-enable ports
Switch(config)#spanning-tree portfast bpduguard default

Switch(config)#spanning-tree portfast default

%SPANTREE-2-ROOTGUARDBLOCK: Port 1/1 tried to become non-designated in
VLAN 77. Moved to root-inconsistent state.

Switch(config)# interface FastEthernet 5/8
Switch(config-if)# spanning-tree guard root
Switch# show running-config interface FastEthernet 5/8

!
interface FastEthernet5/8
switchport mode access
spanning-tree guard root
end
Switch# show spanning-tree inconsistentports

Name Interface Inconsistency
-------------------- ---------------------- ------------------
VLAN0001 FastEthernet3/1 Port Type Inconsistent
Number of inconsistent ports (segments) in the system :4

Etherchannel

• Create EtherChannel and configures trunk on SW1
SW1(config)#interface range FastEthernet 0/1 - 2
SW1(config-if)#channel-group 1 mode active
SW1(config)#interface port-channel 1
SW1(config-if)#switchport mode trunk
SW1(config-if)#switchport trunk allowed vlan 1,2,20
• Create EtherChannel and configures trunk on SW2

SW2(config)#interface range FastEthernet 0/4 - 5
SW2(config-if)#channel-group 1 mode active
SW2(config)#interface port-channel 1
SW2(config-if)#switchport mode trunk
SW2(config-if)#switchport trunk allowed vlan 1,2,20

• Display summary channel group

Switch Virtualization

• STP Block
• Separate Management
• No direct communication between access switch

▪ StackWise provide a method to join multiple physical switches into a
single logical switching unit.
▪ Switches are united by special interconnect cable.
▪ The master switch is elected.
▪ The stack is managed as a single object and has a single management
IP address

▪ Multiple access switches in the same rack
▪ Reduced management overhead
▪ Stack interconnect
▪ Multiple switches can create an EtherChannel connection

▪ VSS combines a pair of physical switches into a virtual switch
▪ A VSL is formed between the members over EtherChannel
▪ The control plane of one member is active, and the data plane and the switch
fabric of both members are active.

▪ Single management point
▪ Neighbors see VSS as single switch
▪ Multi-Chassis EtherChannel (MEC)
▪ Interchassis stateful failover

▪ Verifies the VSS member
▪ Verifies the VSL

OSPF Dynamic Routing

▪ The backbone area is area 0
▪ All non-backbone areas must be connected to backbone area

▪ Commonly a serial interface running either PPP or HDLC
▪ May also be a point-to-point subinterface running Frame Relay or ATM
▪ Does not require DR or BDR election
▪ Sends OSPF packets using multicast 224.0.0.5

▪ OSPF routers progress through seven states:
• Down : No active neighbor detected
• INIT : Hello packet received
• 2-WAY : Own router ID inreceived hello
• Exstart : Master and Slave roles determined
• Exchange : Database description packets sent
• Loading : Exchange of LSRs and LSUs
• Full : Neighbor fully adjacent

R1(config)# router ospf 1
R1(config-config)# router-id 1.1.1.1
R1(config-config)# network 10.64.0.1 0.0.0.0 area 0



R1#show ip ospf neighbor
Neighbor ID Pri State Dead Time Address Interface
2.2.2.2 1 FULL/DR 00:00:31 10.64.0.2 Gi0/0

1.1.1.1 1 FULL/BDR 00:00:31 10.64.0.1 Gi0/0
3.3.3.3 1 FULL/DR 00:00:38 10.2.1.1 Gi0/1

2.2.2.2 1 FULL/BDR 00:00:36 10.2.1.2 Gi0/1

R1# show ip route
Gateway of last resort is not set
2.0.0.0/32 is subnetted, 1 subnets

O 2.2.2.2/32 [110/2] via 10.64.0.2, 00:00:00, GigabitEthernet0/0
10.0.0.0/8 is variably subnetted, 3 subnets, 2 masks
O IA 10.2.1.0/24 [110/2] via 10.64.0.2, 00:05:21, GigabitEthernet0/0
C 10.64.0.0/24 is directly connected, GigabitEthernet0/0
L 10.64.0.1/32 is directly connected, GigabitEthernet0/0

R1(config)# interface gi0/0
R1(config-if)# ip ospf network point-to-point



2.2.2.2 1 FULL/- 00:00:31 10.64.0.2 Gi0/0

1.1.1.1 1 FULL/- 00:00:31 10.64.0.1 Gi0/0
3.3.3.3 1 FULL/- 00:00:38 10.2.1.1 Gi0/1

2.2.2.2 1 FULL/- 00:00:36 10.2.1.2 Gi0/1

▪ Suppress inbound and outbound OSPF packets on the interface.
▪ Harden routing protocol and reduce bandwidth/CPU usage.

Entrance(config)# ip route 0.0.0.0 0.0.0.0 serial 0
Entrance(config)# router ospf 1

Entrance(config-router)# default-information originate

Cisco Switch
Campus Design


▪ No Core
▪ Fully-meshed distribution layers
▪ Physical cabling requirement
▪ Routing complexity

▪ Dedicated Core Switches
▪ Easier to add a module
▪ Fewer links in the core
▪ Easier bandwidth upgrade
▪ Routing protocol peering reduced
▪ Equal cost Layer 3 links for best convergence

▪ Layer 2 and 3 - Why Use Routed Interfaces
▪ Configuring L3 routed interfaces provides for faster convergence than
▪ an L2 switch port with an associated L3 SVI

▪ Layer 2 Access with Layer 3 Distribution

▪ Deploy Layer 3 Routing in distribution
to core, and core-to-core
interconnections
▪ Deploy Layer 2 802.1q Trunk on

interconnection between access and
distribution layers

Troubleshooting
Methodology

Problem Diagnosis Solution
The Practical Solution Co.,Ltd. All rights reserved. NetPrime

▪ The top-down method
• แก้ปัญหาโดยเริม่ จาก application layer ลงมา
▪ The bottom-up method
• แก้ปัญหาโดยเริม่ จาก physical layer ขึน้ ไป
▪ The divide-and-conquer method
• แก้ปัญหาโดยเริม่ จาก ตรงกึง่ กลาง โดยส่วนมากจะเริม่ ทื่ network layer
▪ Following the traffic path
• แก้ปัญหาจากเส้นทางทีผ่ า่ นจากต้นทางจนถึงปลายทาง
▪ Comparing configurations (Spot the Differences)
• แก้ปัญหาจากการเปรียบเทียบ config หรือ การทางาน ของอุปกรณ์
▪ Component Swapping
• แก้ปัญหาด้วยวิธกี ารสลับ เช่น อุปกรณ์ หรือ สลับพอร์ต
▪ การแก้ปัญหาโดยใช้วธิ ี Top-Down จะเริม่ วิเคราะห์ปัญหาจาก application layer ลงมา
ตัวอย่างเช่น
• User แจ้งมาว่าไม่สามารถใช้งาน website ผ่าน browser ได้
• เราจึงลองเปลีย
่ น browser ดู ถ้าเปลีย่ น browser แล้วยังใช้งานไม่ได้ จึงไล่
แก้ปัญหาใน layer ถัดลงมา

▪ การแก้ปัญหาโดยใช้วธิ ี Bottom-Up จะเริม่ วิเคราะห์ปัญหาจาก physical layer ขึน้ ไป
ตัวอย่างเช่น
• เราจึงลองตรวจสอบ port status ทีเ่ ครื่องนัน้ ต่ออยูว่ า่ port ยัง up ปกติไหม ถ้า
physical layer ปกติ จึงไล่แก้ปัญหาใน layer ถัดขึน ้ ไป

▪ การแก้ปัญหาโดยใช้วธิ ี divide-and-conquer จะเริม่ วิเคราะห์ปัญหาจากช่วงตรง
กลางของ OSI 7 Layers ซึง่ โดยทัวไปจะเริ
่ ม่ ที่ network layer ตัวอย่างเช่น
• เราจึงลองตรวจสอบ server ว่าสามารถติดต่อได้หรือไม่โดยการ Ping ซึง่ ถ้า

Ping ได้ แสดงว่า Layer 1 – 3 สามารถใช้งานได้ จึงไปตรวจสอบปั ญหาตัง้ แต่
Layer 4 ขึน
้ ไป

▪ การแก้ปัญหาโดยใช้วธิ ี Following the Traffic Path นัน่ คือการตรวจสอบปั ญหาจาก
เส้นทางทีผ่ า่ นจากต้นทางจนถึงปลายทาง ตัวอย่างเช่น
• เราจึงลองตรวจสอบ server ว่าสามารถติดต่อได้หรือไม่โดยการ Ping ซึง่ ถ้า Ping
ไม่ได้ เราจึงลองตรวจสอบเส้นทางที่ traffic วิง่ ผ่าน ว่าไปติดตรงจุดไหน

▪ การแก้ปัญหาโดยใช้วธิ ี Comparing Configurations นันคื
่ อการแก้ปัญหาจากการ
เปรียบเทียบ config หรือ การทางาน ของอุปกรณ์ ตัวอย่างเช่น
• Branch1 ใช้งานได้ปกติ แต่ Branch2 ใช้งานไม่ได้ จึงทาการเปรียบเทียบ
Routing ของ Router ทัง้ 2 ตัว
▪ เราสามารถเปรียบเทียบการตัง้ ค่าอื่นๆ ได้ตามปั ญหาทีเ่ จอ รวมถึง software

Branch1# ด้
ว
show
version ยเช่
ip นroute
กัน
<... output omitted ...>
O*IA 0.0.0.0/0 [110/12] via 10.8.1.2, 4d01h, GigabitEthernet0/1
Branch2# show ip route

<... output omitted ...>

▪ การแก้ปัญหาโดยใช้วธิ ี Comparing Configurations นันคื่ อการแก้ปัญหาจาก
แก้ปัญหาด้วยวิธกี ารสลับ เช่น อุปกรณ์ หรือ สลับพอร์ต

Basic Troubleshooting

• If all IP addresses mismatch have been solved but device still can’t
connect, check if the VLAN exists in the switch.

• If all IP addresses mismatch have been solved but device still can’t
connect, check if the VLAN exists in the switch.

• Trunking issues are usually associated with incorrect configurations.
• The most common type of trunk configuration errors are:
1. Native VLAN mismatches
2. Trunk mode mismatches
3. Allowed VLANs on trunks
• If a trunk problem is detected, the best practice guidelines
recommend to troubleshoot in the order shown above.

To troubleshoot Layer 3 switching issues, check the following items for
accuracy:
VLANs
• VLANs must be defined across all the switches
• VLANs must be enabled on the trunk ports
• Ports must be in the right VLANs
SVIs
• SVI must have the correct IP address or subnet mask
• SVI must be up
• SVI must match with the VLAN number

To troubleshoot Layer 3 switching issues, check the following items for
accuracy (cont):
Routing
• Routing must be enabled
• Each interface or network should be added to the routing protocol
Hosts
• Hosts must have the correct IP address or subnet mask
• Hosts must have a default gateway associated with an SVI or
routed port

▪ Problem: A user on PC1 indicates that he is not able to access a
document on Server.

▪ Problem: A user on PC2 indicates that she is not able to access a
document on Server.

▪ Problem: A junior network administrator has approached you indicating that the
EtherChannel bundle she is trying to form between SW1 and SW2 is not
forming. You need to solve this issue for her.

▪ Problem: PC1 is not able to access resources on PC2.

Wireless LAN Controller

1. สามารถรองรับการเติบโตของเครือข่ายไร ้สายในอนาคตได ้
2. ง่ายต่อการบริหารจัดการอุปกรณ์เครือข่ายไร ้สาย
ี เวลาในตัง้ ค่าและอัพเดทเวอร์ชน
3. ไม่ต ้องเสย ั ของอุปกรณ์
4. สามารถ Monitor อุปกรณ์เครือข่ายไร ้สายได ้
5. สามารถทา RRM ได ้

CAPWAP

CAPWAP

- CAPWAP – Control And Provisioning of Wireless Access Points : เป็ น
โปรโตคอลทีใ่ ชคุ้ ยกันระหว่าง AP กับ WLC
- CAPWAP จะมีการสง่ ข ้อมูล 2 ประเภท คือ

1. Data Plane จะเป็ นข ้อมูลทราฟฟิ คของ Client
2. Control Plane จะเป็ นข ้อมูลที่ AP คุยกับ WLC ด ้วยกันเอง

1. Hunting Phase :
AP จะทาการค ้นหา WLC ในเครือข่าย
2. Join Phase :
เมือ
่ AP พบ WLC AP จะทาการร ้องขอการ Join กับ WLC
3. Authorization Phase :
ิ ใจว่าจะยอมรับการร ้องขอการ Join
WLC จะทาการ Check Certificate และจะตัดสน
ของ AP หรือไม่
4. Configuration Phase :
WLC จะทาการ Upload Firmware และ Configurationให ้กับ AP ทีม
่ า Join

Phase 1 : Hunting Phase
AP จะทาการค ้นหา WLC ในเครือข่าย
CAPWAP Discovery Request

Phase 2 : Join Phase
เมือ
่ AP พบ WLC AP จะทาการร ้องขอการ Join กับ WLC
CAPWAP Message Request Join
CAPWAP Message Response Join

Phase 3 : Authorization Phase
ิ ใจว่าจะยอมรับการร ้องขอการ
WLC จะทาการ Check Certificate และจะตัดสน
Join ของ AP หรือไม่

Phase 4 : Configuration Phase
WLC จะทาการ Upload Firmware และ Configurationให ้กับ AP ทีม
่ า Join
Configuration Download
Firmware Download
CAPWAP

Wireless Signal and
WLC Overview

▪ Co-Channel Interference
▪ Adjacent-Channel Interference
▪ Non-Wifi Interferece

▪ From the controller GUI, navigate to Commands > Upload File on a WCM
• navigate to Configuration > Commands > Upload File
• Select Configuration from the file type drop-down menu. Select either
TFTP or FTP and enter the IP address, file path, and target filename

▪ From the controller GUI, navigate to Commands > Upload File on a WCM
• navigate to Configuration > Commands > Download File
• Select Configuration from the file type drop-down menu. Select either
TFTP or FTP and enter the IP address, file path, and target filename
หลังจากไฟล์ Restore เสร็จ WLC จะ Reboot

▪ From the controller GUI, navigate to Commands > Config Boot
• WLC จะเก็บ Image ไว้ 2 ตัว คือ Primary Image และ Secondary Image ซึง่ จะใช้
งาน Primary Image โดย Default
• ถ้าต้องการจะเปลีย่ นจาก Primary Image ไปใช้ Secondary Image. จะมีการ Reboot
The Practical Solution Co.,Ltd. All rights reserved. 149

▪ From the controller GUI, navigate to Commands >
Download File
• The controller can download from a TFTP or an FTP server. Select
Code as the file type, then enter the file server’s IP address, file path,
and code image filename
• For an FTP download, enter the credentials required by the FTP
server. Next, click the Download button to start the file transfer

▪ During the download, the WLC will periodically update the web page to display
the following sequence of status messages (this process can take several
minutes):
1. TFTP Code transfer starting.
2. TFTP receive complete...extracting components.
3. Executing backup script.
4. Writing new RTOS to flash disk.
5. Writing new FP to flash disk.
6. Writing new APIB to flash disk.
7. Executing install_apib script.
8. Executing fini script.
9. TFTP File transfer is successful.

▪ Cisco 5500 Series support a maximum of 512 WLANs
▪ Cisco 2504 Wireless Controller is limited to a maximum of 16 WLANs.
▪ Only 16 of them can be actively configured on an AP
▪ โดย default แล้ว WLC จะไม่สร้าง WLAN มาให้ เราจะต้องทาการสร้างด้วยตัวเอง

โดยจะมี parameter ทีจ่ ะต้องคานึงถึง ดังนี้
• SSID Name
• WLC Interface and VLAN number
• Type of wireless security needed

▪ To create a new dynamic interface on a centralized controller, navigate to
Controller > Interfaces.
• Click the New button to define a new interface. Enter a name for the
interface and the VLAN number it will be bound to.
• Click the Apply button.

▪ Enter the IP address, subnet mask, and gateway address for the interface.
▪ Define primary and secondary DHCP server addresses.
▪ Click the Apply

▪ Defined WLANs by selecting WLANs from the top menu bar
• create a new WLAN by selecting Create New from the drop-down
menu and then clicking the Go button

▪ Enter a descriptive name as the profile name and the SSID text string.
▪ the profile name and SSID are identical, just to keep things straightforward. The
ID number is used as an index into the list of WLANs that are defined on the
controller. The ID number becomes useful when you use templates in Prime
Infrastructure (PI) to configure WLANs on multiple controllers at the same time.
▪ Click the Apply button

Mobility Group

Radio Resource Management

▪ Transmit Power Control (TPC)
• WLC dynamically control AP tx power based on real-time wireless condition. In most cases TPC
seeks to lower the AP tx power to reduce interference.

▪ Dynamic Channel Assignment (DCA)
• Consider AP Rx Energy, Noise, 802.11 interference, Utilization & Load to handle DCA.

AP Groups

▪ An AP group is logical grouping of APs within a geographic area such as a
building, floor or remote branch office that share common WLAN
▪ By default each AP is automatically assigned to a default AP group named
“default-group”
▪ When customized AP groups are defined on a WLC, the APs must be manually
assigned to the AP group.

▪ Create AP Group and WLANs to AP Group

▪ Add APs to AP Group

Troubleshooting Connectivity

▪ Got IP address ?
▪ Can Ping ?
▪ Time
▪ Cert Accept
▪ AP Policies
▪ Country Code
▪ AP Unsupported
▪ License Limit

Cisco Prime Infrastructure
Overview

▪ To set SNMP credentials(community strings) and username /password
on each device that you want to manage using Prime Infrastructure.
Use the following IOS commands to set community string on devices.
• Configure SNMP
switch(config)#snmp-server community piro ro
switch(config)#snmp-server community pirw rw
switch(config)#snmp-server location server-room
switch(config)#snmp-server contact tps@thepractical.co.th
• Configure Username/Password
switch(config)#enable secret cisco
switch(config)#username cisco privilege 15 secret cisco

▪ Adding Devices Using Discovery
• Prime Infrastructure uses SNMP polling to gather information about your
network devices within the range of IP addresses you specify. If you have
CDP enabled on your network devices, Prime Infrastructure uses the seed
device you specify to discover the devices in your network.
▪ Understanding the Discovery Process
Add a trap
Start the
Verify the Verify Telnet receiver in Add the
Using ICMP inventory
SNMP and SSH order for devices to the
ping collection
credentials credentials. Prime Inventory
process
Infrastructure

▪ Running Discovery
• Step 1 Choose Inventory > Device Management > Discovery.

▪ Running Discovery
▪ Step 2 Click Discovery Settings (in the top right corner), then click New.
▪ Step 3 Enter the Protocol Settings
▪ Click Save to save your discovery settings and schedule your discovery to run at a
specified time.
▪ Click Run Now to run the discovery now. 1

▪ Sample IPv4 IP Addresses for Ping Sweep

▪ Importing Devices from Another Source
▪ Step 1 Choose Inventory > Device Management > Network Devices, then
click Bulk Import.
1 3

▪ Step 2 From the Operation drop-down list, choose Device.
▪ Step 3 In the Select CSV File, enter or browse to the CSV file that contains the
devices that you want to import.
1
2
3
▪ Step 4 Click the link to download a sample file that contains all of the fields
and descriptions for the information that must be contained in your imported
file.

▪ Adding Devices Manually
▪ Step 1 Choose Inventory > Device Management > Network Devices.
▪ Step 2 Click Add Device.
3
1

▪ Adding Devices Manually
▪ Step 3 Complete the required fields.
▪ Step 4 For the License Level field, select, Full is selected by default.
Switch Port Trace Only to collect partial device information (host name, device name,
device type, and reachability status) and allow Prime Infrastructure to display how an
AP is connected to a WLC on wireless maps

▪ Validating That Devices Were Added Successfully
• choose Administration > Dashboards > Job Dashboard.
Device Reachability Status

▪ Green Prime Infrastructure is able to reach the device using SNMP.
▪ Yellow The device is reachable using Ping, but not via SNMP. Verify that you specified the
correct SNMP parameters for read access when the device was added to Prime
Infrastructure.
▪ Red Prime Infrastructure is unable to reach the device using Ping. Verify that the device is
operational and connected to the network.
▪ Editing Device Parameters
▪ Step 2 Select a single device or multiple devices and Click Edit.
▪ Step 3 Update the required parameters.
▪ Step 4 Click Update to update the parameters of all of the selected devices or
Update & Sync to update and synchronize the devices with the updated parameters.

▪ Exporting Devices In Prime Infrastructure, you can export device information as a CSV
file. Prime Infrastructure does not export credential profiles.
▪ Step 2 Select the devices that you want to export, then click Export Device.
▪ Step 3 Enter an encryption password that will be used to open the exported CSV file.
4
2
3
1
5

▪ Exporting Devices
▪ Step 5 Double-click the ExportDevice.zip file and enter the encryption
password to open the ExportDevice.csv file

Manage Group

Prime Infrastructure provides the following types of grouping:
▪ Device type groups—Device type groups are device type-based and
are not rule-based. The device type groups are not used for network
topology maps.
▪ User defined groups—Create your own device-based groups. Device
groups are mixed groups which can have dynamic rules and/or manually
added members.
▪ Location groups—Create location-based groups. For example, if you
have devices that reside in different time zones, you can create location
groups based on geographic regions so that the devices in one group
can have a different time zone setting from the devices in another group.
▪ Port groups—Create port groups to simplify monitoring and configuring
ports

▪ Network Device Groups
1 1
2

▪ Grouping Devices by Device Type
Device type groups are device type-based and are not rule-based. The device type groups
are not used for network topology maps.
▪ Grouping Devices by User Defined Group

▪ Group by User Defined
• Add Device Manually—You add devices to the group based on your needs.
• Add Device Dynamically—You specify the rules to which devices must comply before they are added to
this device group. You do not add devices to dynamic groups. Prime Infrastructure adds devices that
match the specified rules to the dynamic group.

▪ Add Device Manually—You add devices to the group based on your needs.

1
2


2
1
3

2
1
4

▪ Add Device Dynamically—You specify the rules to which devices must comply before they are
added to this device group. You do not add devices to dynamic groups. Prime Infrastructure adds
devices that match the specified rules to the dynamic group.


▪ Grouping Devices by Location Group - Create location-based groups. For
example, if you have devices that reside in different time zones, you can create
location groups based on geographic regions so that the devices in one group
can have a different time zone setting from the devices in another group

▪ Create Location Group

▪ Create Location Group

▪ Group by Location
• Add Device Manually—You add devices to the group based on your needs.
• Add Device Dynamically—You specify the rules to which devices must comply before they are added to
this device group. You do not add devices to dynamic groups. Prime Infrastructure adds devices that
match the specified rules to the dynamic group.


1
2


2
1
3

2


2
Image Upgrade and Analysis

Cisco Prime Infrastructure simplifies the version
management and routine deployment of software updates
to your devices by helping you plan, schedule, download,
and monitor software image updates. You can also view
2 software image details, view recommended software
images, and delete software images.
Prime Infrastructure stores all of the software images for

1 the devices in your network

1
4
3
4
2 สามารถSchedule ตัง้ ได้

Currently Prime Infrastructure Supports
*.bin,*.tar,*.aes,*.ros,*.pie,*.img,*.pkg,*.ova and *.gz image
extensions.

1

Set boot
เลือกเป็ น OFF เพื่อไม่ให้ reload

กรณีถา้ Flash ไม่พอ
สามารถSchedule ตัง้ ได้

เลือก Run ID เพื่อเข้ าไปดูสาเหตุได้

2

1
2

2
1

Configuration Archive

Prime Infrastructure attempts to collect and archive the
following device configuration files:
• Startup configuration
• Running configuration
• VLAN configuration, if configured

A configuration archive is created if there is a change between the last archived configuration
and the current running configuration only. You can specify how Prime Infrastructure archives
the configurations:
• On demand—You can have Prime Infrastructure collect the configurations of selected
devices by choosing Inventory > Configuration Archive and selecting the option to
schedule the archive immediately
• Scheduled—You can schedule when Prime Infrastructure collects the configurations
of selected devices and specify recurring collections by choosing Inventory > Device
Configuration Archive, then clicking Schedule Archive.
You can schedule to have Prime Infrastructure copy the running configuration to the
startup configuration by choosing Inventory > Device Configuration Archive, then
clicking Schedule Overwrite.
• During inventory—You can have Prime Infrastructure collect device configurations
during the inventory collection process.
• Based on Syslogs— If device is configured to send syslogs, when there is any device
configuration change, Prime Infrastructure collects and stores the configuration.

By default, Prime Infrastructure has the following configuration settings:
• Does not back up the running configuration before pushing configuration
changes to a device.
• Does not attempt to roll back to the previously saved configuration in the
archive if the configuration deployment fails
• When pushing CLI to a device, uses 5 thread pools.
4
2

1 2

▪ Schedule Rollback—Specify when to roll back the running configuration,
startup configuration, or both configurations.
▪ Schedule Overwrite—Specify when to copy the running configuration to the
startup configuration.
▪ Schedule Archive—Specify when to archive the configuration.
▪ Schedule Deploy—You can schedule when to deploy the configuration and
also specify to:
• Overwrite the startup configuration. This option is applicable for devices that
have a startup configuration only.
• Merge the configuration with the running configuration

2
เลือก archive configuration

หลาย device ได้
สามารถตังค่ ้ าให้ archive configuration
ตามวันที่กาหนด และ ให้ ทาทุก นาที
ชัว่ โมง วัน สัปดาห์ เดือน ปี ได้

ทา per device สามารถติ๊กถูกเลือก
device ที่ต้องการ แล้ วกด schedule
archive ด้ านบน ได้ เช่นกัน
สามารถตังค่ ้ าให้ archive configuration

ตามวันที่กาหนด และ ให้ ทาทุก นาที
ชัว่ โมง วัน สัปดาห์ เดือน ปี ได้

ดู raw config จากอุปกรณ์
ดู config แบ่งตาม หมวดหมู่
Export config ได้

Config ที่ running และ startup เหมือนกัน
เปรี ยบเทียบ config ได้ Config ที่ทาการ archive ออกมาจะเป็ น running-config

• Previous – เปรี ยบเทียบกับ config ก่อนหน้ านี ้ ซึง่ เหมือนกันกับ startup-config (หมายความว่า ไม่ได้ มี
• Other Version – เปรี ยบเทียบ config กับ รอบอื่นๆที่ archive มา การเปลี่ยนแปลง config ปั จจุบนั )
• Other Device – เปรี ยบเทียบกับอุปกรณ์ตวั อื่น

Config ที่ running และ startup แตกต่างกัน
เปรี ยบเทียบ config ได้

• Previous – เปรี ยบเทียบกับ config ก่อนหน้ านี ้ Config ที่ทาการ archive ออกมาจะเป็ น running-config ซึง่
• Startup – เปรี ยบเทียบกับ startup-config แตกต่ างกันกับ startup-config (หมายความว่า อาจจะมีการ
• Other Version – เปรี ยบเทียบ config กับ รอบอื่นๆที่ archive มา เปลี่ยนแปลง config ปั จจุบนั แต่ยงั ไม่ได้ save)
• Other Device – เปรี ยบเทียบกับอุปกรณ์ตวั อื่น

Config Config ที่ save
ปั จจุบนั ไว้
เลือก startup เพือ
เปรียบเทียบ config
ระหว่าง config ปั จจุบนั
เลืออยู
กับ config ที่ save ก Difference
่
Only เพือ ่ ดูเฉพาะ
config ในส่วนที่
แตกต่างกัเลืนอก All เพือ่ ดู config
Config ทีแ
่ ตกต่าง
ทัง้ หมด กัน จะแสดงเป็ น
สีแดง 259
2

เลือกว่าจะให้ rollback
config ไปเก็บไว้ ที่ไหน

təşəkkür edirəm
obrigado 谢谢 शुक्रिया
dankie gratias agimus tibi ‫شكرا‬
감사합니다 ຂອບໃຈນລາຍ cảm ơn bạn
Thank you
dank u ‫آپ کا شکریہ‬ спасибо terima kasih
salamat ‫با تشکر از شما‬ gracias
terima kasih Merci
ขอบคุณครับ

Cisco Network Training - Sunprasit

Uploaded by

Document Information

Copyright

Available Formats

Share this document

Share or Embed Document

Sharing Options

Did you find this document useful?

Is this content inappropriate?

Copyright:

Available Formats

Cisco Network Training - Sunprasit

Uploaded by

Copyright:

Available Formats

Mr. Supakorn Visutthicho

Advanced Borderless Network Architecture Specialization

The Practical Solution Co.,Ltd. All rights reserved.

The Practical Solution Co.,Ltd. All rights reserved.

The Practical Solution Co.,Ltd. All rights reserved.

• Command prompt: hostname>

The Practical Solution Co.,Ltd. All rights reserved.

The Practical Solution Co.,Ltd. All rights reserved.

• Not enough characters were entered.

Switch#clock set 15:55:00 25 6

• Interface configuration mode

The Practical Solution Co.,Ltd. All rights reserved.

• Assign the IP address and subnet mask for router

The Practical Solution Co.,Ltd. All rights reserved.

• Configure enable secret password

TPS-Switch(config)#enable secret Cisco789

• Verification of configured passwords

The Practical Solution Co.,Ltd. All rights reserved.

• Verification of configured passwords

The Practical Solution Co.,Ltd. All rights reserved.

• Configure console password

The Practical Solution Co.,Ltd. All rights reserved.

The Practical Solution Co.,Ltd. All rights reserved.

The Practical Solution Co.,Ltd. All rights reserved.

Advanced Borderless Network Architecture Specialization

The Practical Solution Co.,Ltd. All rights reserved.

The Practical Solution Co.,Ltd. All rights reserved.

0, 4095 Reserved for system use only

Ethernet VLANs only, unusable on specific

The Practical Solution Co.,Ltd. All rights reserved.

VLAN Name Status Ports

The Practical Solution Co.,Ltd. All rights reserved.

The Practical Solution Co.,Ltd. All rights reserved.

Switch#show vlan brief

VLAN Name Status Ports

The Practical Solution Co.,Ltd. All rights reserved.

The Practical Solution Co.,Ltd. All rights reserved.

The Practical Solution Co.,Ltd. All rights reserved.

SwitchX#show interface trunk

Port Vlans allowed on trunk

Port Vlans allowed and active in management domain

Port Vlans in spanning tree forwarding state and not pruned

The Practical Solution Co.,Ltd. All rights reserved.

The Practical Solution Co.,Ltd. All rights reserved.

The Practical Solution Co.,Ltd. All rights reserved.

The Practical Solution Co.,Ltd. All rights reserved.

The Practical Solution Co.,Ltd. All rights reserved.

The Practical Solution Co.,Ltd. All rights reserved.

The Practical Solution Co.,Ltd. All rights reserved.

The Practical Solution Co.,Ltd. All rights reserved.

The Practical Solution Co.,Ltd. All rights reserved.

Switch(config)#interface FastEthernet 0/1

Switch(config)#spanning-tree portfast bpduguard default

The Practical Solution Co.,Ltd. All rights reserved.

The Practical Solution Co.,Ltd. All rights reserved.

Switch# show running-config interface FastEthernet 5/8

Switch# show spanning-tree inconsistentports

The Practical Solution Co.,Ltd. All rights reserved.

The Practical Solution Co.,Ltd. All rights reserved.

• Create EtherChannel and configures trunk on SW2

The Practical Solution Co.,Ltd. All rights reserved.

The Practical Solution Co.,Ltd. All rights reserved.

The Practical Solution Co.,Ltd. All rights reserved.