CCNP - Designing an Enterprise Network

2 min read

Designing an Enterprise Network

Access Layer

  • Building an Access Layer
    What are the current and future needs for end-users or node ports in the existing wiring closets of that building?

  • What type of hardware can the company or client can afford?

  • Is the existing cabling adequate? Copper/Fiber?

  • What level of high availability is needed at the access layer?

  • Whare are the reuirements to support VLAN,VTP, and STP

  • Whare are the Layer 2 traffic patterns for applicaions

  • What multicastnig needs and QoS services are necessary at Layer 2?

Access Layer Attributes

  • High Availability

  • Security

  • Authentication

  • Broadcast Control

  • QoS

  • Rate Limiting

  • STP (Spanning Tree)

  • PoE

  • Voice Vlan

Distribution Layer

  • Should Layer 2 or Layer 3 Switches be used?

  • How many total users are we going to support?

  • What are the high availability needs?

  • re distrivution layer switches modular and scalable?

  • Is the company prepared to manage and configure the distribution layer block

Distribution Layer Attributes

  • Gives access control to core devices

  • Redundancy to access devices

  • Routing Protocols

  • Redistribution

  • Filtering

  • Route Summarization

  • Policy Routing

  • Security

  • Separate multicast and broadcast domains

  • routing between VLANS

Core Layer

  • Does the organization have 3 or mote separate locations (buildings) in the campus that are connected through an enterprise campus infrastructure.

  • Based on the present infrastructure, will the solution to the campus backbone be a Layer 2, Layer2/3, or Layer 3 switching solution.

Core Layer Attributes

  • High Speed

  • Reliability and availability

  • Redundancy

  • Fault Tolerance

  • Load Balancing

  • Manageability and scalability

  • No filters, packet handling or other overhead

  • Can handle QoS

Example: you have an interface eth0/0. This interface have some characteristics, like current MTU, Bandwidth, packet count, error count etc. Each characteristic can be presented by a numeric value:

MTU 1500
Bandwidth 10000
Packets 2442334
Errors 1332
Each of these values can be queried or read using a specific OID. For example MTU could be linked to OID 2.3.1.5.1.5.1.2.2.3.2.2.2.3.2.1.Write your text here...

Network Performance Monitor (NPM)

Setting up SNMP View

snmp-server view ADMINView internet included
snmp-server view ADMINView mib-2 included
snmp-server view ADMINView cisco included
snmp-server view ADMINView ciscoEvMonSupplyStatusEntry.3 included
snmp-server trap-source VlanData
snmp-server source -interface informs VlanData
snmp-server enable traps snmp authentication
snmp-server enable traps rf
snmp-server enable traps memory
snmp server enable traps config
snmp-server trap timestamp
snmp-server host LOGGING SERVER IP version 3 priv ADMIN

Adding SNMP-Server Host to ACL (Poller Account)

!ip access-list standard ADMIN_Poller
! permit <LOGGING SERVER IP>
ip access-list standard ADMIN_Poller
permit <192.168.1.100>

Setting up SNMP-Server Host

!snmp-server host <LOGGING SERVER IP> version 3 priv <SNMP_USER>
snmp-server host <192.168.1.100> version 3 priv <ADMIN>

Setting up SNMP User

!snmp-server user <USERNAME> <GROUPNAME> v3 auth sha <PASSWORD> priv aes 256 <ACL-Poller>
snmp-server user ADMIN ADMINGroup v3 auth sha P@$$w0rd priv aes 128 P@$$w0rd access ADMIN_Poller

Setting up SNMP Group

!snmp-server group <GROUP-NAME> v3 priv access <SNMP-VIEW> access type <ACL-Poller>
snmp-server group ADMINGroup v3 priv read ADMINview write ADMINview access ADMIN_Poller

Troubleshooting SNMP Issues

Verify Switch is Using ACL

switch# sh snmp user

Verify Access List

switch# sh access-list

Verify ACL changes

switch# sh access-list