La formation CCNP ENCOR 5/8 est pour objectif de la préparation à la certification 350-401 ENCOR. Ce cours permet d’apprendre, d’appliquer et de mettre en pratique les connaissances et les compétences de CCNP Enterprise grâce aux concepts théoriques à une série d'expériences pratiques approfondies qui renforce l’apprentissage. Avec cette formation et la formation CCNP ENCOR, vous possédera les outils pour envisager une inscription à l’examen de certification 350-401.
4. Une formation
Plan de la formation
Introduction
1. Architecture de réseau d'entreprise (architecture de
Spine, Leaf, VSS, Model Stackwise)
2. Technologies SD-Access (Control Plane / Data Plane /
Politique Plane, SD-Access Fabric, SD-WAN)
3. Assurance réseau (SNMP, Service Syslog, NetFlow et
NetFlow flexible, SPAN, IP SLA)
Conclusion
10. Une formation
Présentation des outils
Packet Tracer
Créer un compte Cisco NetAcad
Télécharger Packet Tracer
Utiliser Packet Tracer
EVE-NG
Télécharger EVE-NG
Intégrer les IOS sur EVE-NG
Utiliser EVE-NG
GNS 3
Télécharger GNS3
Intégrer les IOS sur GNS3
Utiliser GNS3
26. Couche d'accès de couche 3 (Les avantages)
Aucun protocole de redondance de premier saut requis
Aucun STP requis
Utilisation accrue de la liaison montante
Dépannage plus facile
Convergence plus rapide
36. Vérification
SW1-VSS#show module
Mod Ports Card Type Model Serial No.
--- ----- -------------------------------------- ------------------ -----------
1 5 Supervisor Engine 2T 10GE w/ CTS (Acti VS-SUP2T-10G SAL11111111
2 4 CEF720 4 port 10-Gigabit Ethernet WS-X6704-10GE SAL11111111
3 48 CEF720 48 port 10/100/1000mb Ethernet WS-X6748-GE-TX SAL11111111
Mod MAC addresses Hw Fw Sw Status
--- ---------------------------------- ------ ------------ ------------ -------
1 588d.09e6.d0b9 to 588d.09e6.d0c0 1.3 12.2(50r)SYS 15.0(1)SY2 Ok
2 001a.a10e.833c to 001a.a10e.833f 2.5 12.2(14r)S5 15.0(1)SY2 Ok
3 0002.fcc1.1bd0 to 0002.fcc1.1bff 1.2 12.2(14r)S5 15.0(1)SY2 Ok
Mod Sub-Module Model Serial Hw Status
---- --------------------------- ------------------ ----------- ------- -------
1 Policy Feature Card 4 VS-F6K-PFC4 SAL11111111 1.2 Ok
1 CPU Daughterboard VS-F6K-MSFC5 SAL11111111 1.4 Ok
2 Centralized Forwarding Card WS-F6700-CFC SAD11111111 3.1 Ok
3 Centralized Forwarding Card WS-F6700-CFC SAD11111111 1.1 Ok
Mod Online Diag Status
---- -------------------
1 Pass
2 Pass
37. Vérification
SW2-VSS#show module
*Aug 13 18:37:25.727: %SYS-5-CONFIG_I: Configured from console by console
Mod Ports Card Type Model Serial No.
--- ----- -------------------------------------- ------------------ -----------
1 5 Supervisor Engine 2T 10GE w/ CTS (Acti VS-SUP2T-10G SAL22222222
2 4 CEF720 4 port 10-Gigabit Ethernet WS-X6704-10GE SAL22222222
3 48 CEF720 48 port 10/100/1000mb Ethernet WS-X6748-GE-TX SAD22222222
Mod MAC addresses Hw Fw Sw Status
--- ---------------------------------- ------ ------------ ------------ -------
1 588d.09e6.cc7d to 588d.09e6.cc84 1.3 12.2(50r)SYS 15.0(1)SY1 Ok
2 001a.6c68.73e0 to 001a.6c68.73e3 2.5 12.2(14r)S5 15.0(1)SY1 Ok
3 000d.6551.041a to 000d.6551.0449 1.2 12.2(14r)S5 15.0(1)SY1 Ok
Mod Sub-Module Model Serial Hw Status
---- --------------------------- ------------------ ----------- ------- -------
1 Policy Feature Card 4 VS-F6K-PFC4 SAL22222222 1.2 Ok
1 CPU Daughterboard VS-F6K-MSFC5 SAL22222222 1.4 Ok
2 Centralized Forwarding Card WS-F6700-CFC SAL22222222 3.1 Ok
3 Centralized Forwarding Card WS-F6700-CFC SAD22222222 1.1 Ok
Mod Online Diag Status
---- -------------------
1 Pass
38. Vérification
SW1-VSS#show version
Cisco IOS Software, s2t54 Software (s2t54-ADVENTERPRISEK9-M), Version 15.0(1)SY2,
RELEASE SOFTWARE (fc4)
Technical Support: http://www.cisco.com/techsupport
SW2-VSS#show version
Cisco IOS Software, s2t54 Software (s2t54-ADVENTERPRISEK9-M), Version 15.0(1)SY2,
RELEASE SOFTWARE (fc4)
Technical Support: http://www.cisco.com/techsupport
39. Vérification
SW1-VSS#show version
Cisco IOS Software, s2t54 Software (s2t54-ADVENTERPRISEK9-M), Version 15.0(1)SY2,
RELEASE SOFTWARE (fc4)
Technical Support: http://www.cisco.com/techsupport
SW2-VSS#show version
Cisco IOS Software, s2t54 Software (s2t54-ADVENTERPRISEK9-M), Version 15.0(1)SY2,
RELEASE SOFTWARE (fc4)
Technical Support: http://www.cisco.com/techsupport
40. Configurer le domaine du commutateur virtuel
SW1-VSS(config)#switch virtual domain 1
Domain ID 1 config will take effect only
after the exec command 'switch convert mode virtual' is issued
SW1-VSS(config-vs-domain)#switch 1
SW2-VSS(config)#switch virtual domain 1
Domain ID 1 config will take effect only
after the exec command 'switch convert mode virtual' is issued
SW2-VSS(config-vs-domain)#switch 2
SW1-VSS(config-vs-domain)#switch 1 priority 110
SW1-VSS(config-vs-domain)#switch 2 priority 100
SW2-VSS(config-vs-domain)#switch 1 priority 110
SW2-VSS(config-vs-domain)#switch 2 priority 100
41. SW1-VSS(config)#interface port-channel 1
SW1-VSS(config-if)#no shutdown
SW1-VSS(config-if)#switch virtual link 1
SW1-VSS(config-if)#exit
SW1-VSS(config)#int range ten 1/4 - 5
SW1-VSS(config-if-range)#channel-group 1 mode on
SW1-VSS(config-if-range)#no shut
SW2-VSS(config)#interface port-channel 2
SW2-VSS(config-if)#no shutdown
SW2-VSS(config-if)#switch virtual link 2
SW2-VSS(config-if)#exit
SW2-VSS(config)#int range ten 1/4 - 5
SW2-VSS(config-if-range)#channel-group 2 mode on
SW2-VSS(config-if-range)#no shutdown
Configurer le domaine du commutateur virtuel
43. Execute Conversion
SW1-VSS#switch convert mode virtual
This command will convert all interface names
to naming convention "interface-type switch-number/slot/port",
save the running config to startup-config and
reload the switch.
NOTE: Make sure to configure one or more dual-active detection methods
once the conversion is complete and the switches have come up in VSS mode.
Do you want to proceed? [yes/no]: yes
Converting interface names
Building configuration...
SW2-VSS#switch convert mode virtual
This command will convert all interface names
to naming convention "interface-type switch-number/slot/port",
save the running config to startup-config and
reload the switch.
NOTE: Make sure to configure one or more dual-active detection methods
once the conversion is complete and the switches have come up in VSS mode.
Do you want to proceed? [yes/no]: yes
Converting interface names
Building configuration...
SW1-VSS#
System detected Virtual Switch configuration...
Interface TenGigabitEthernet 1/1/4 is member of PortChannel 1
Interface TenGigabitEthernet 1/1/5 is member of PortChannel 1
SW2-VSS#
System detected Virtual Switch configuration...
Interface TenGigabitEthernet 2/1/4 is member of PortChannel 2
Interface TenGigabitEthernet 2/1/5 is member of PortChannel 2
SW1-VSS#
%PFREDUN-6-ACTIVE: Initializing as ACTIVE processor for this switch
%VSL_BRINGUP-6-MODULE_UP: VSL module in slot 1 switch 1 brought up
%VSLP-5-RRP_ROLE_RESOLVED: Role resolved as ACTIVE by VSLP
%VSL-5-VSL_CNTRL_LINK: New VSL Control Link 1/1/4
SW2-VSS#
%PFREDUN-6-ACTIVE: Initializing as ACTIVE processor for this switch
%VSL_BRINGUP-6-MODULE_UP: VSL module in slot 1 switch 2 brought up
%VSLP-5-RRP_ROLE_RESOLVED: Role resolved as STANDBY by VSLP
%VSL-5-VSL_CNTRL_LINK: New VSL Control Link 2/1/4
SW1-VSS(config)#hostname SW-VSS
44. Vérification
SW-VSS#show run switch 1
Building configuration...
Current configuration : 4283 bytes
!
[output omitted]
SW-VSS#show run switch 2
Building configuration...
Current configuration : 4223 bytes
!
[output omitted]
SW-VSS#show switch virtual
Switch mode : Virtual Switch
Virtual switch domain number : 1
Local switch number : 1
Local switch operational role: Virtual Switch Active
Peer switch number : 2
Peer switch operational role : Virtual Switch Standby
SW-VSS#show switch virtual link
VSL Status : UP
VSL Uptime : 28 minutes
VSL SCP Ping : Pass
VSL ICC Ping : Pass
VSL Control Link : Te1/1/4
VSL Encryption : Configured Mode - Off, Operational Mode - Off
SW-VSS#show interfaces vsl
VSL Port-channel: Po1
Port: Te1/1/4
Port: Te1/1/5
SW-VSS#show switch virtual role
RRP information for Instance 1
--------------------------------------------------------------------
Valid Flags Peer Preferred Reserved
Count Peer Peer
--------------------------------------------------------------------
TRUE V 1 1 1
Switch Switch Status Priority Role Local Remote
Number Oper(Conf) SID SID
--------------------------------------------------------------------
LOCAL 1 UP 110(110) ACTIVE 0 0
REMOTE 2 UP 100(100) STANDBY 2921 12
Peer 0 represents the local switch
Flags : V - Valid
In dual-active recovery mode: No
46. Conception de campus simplifiée (les avantages )
Conception simplifiée
Aucun protocole de redondance du premier saut requis
Dépendance STP
Utilisation accrue des liaisons montantes réduite
Dépannage
Convergence plus rapide plus facile
VLAN distribués
51. Configuration
SM: Detected stack cables at PORT1 PORT2
Waiting for Stack Master Election...
SM: Waiting for other switches in stack to boot...
##################################################
SM: All possible switches in stack are booted up
Election Complete
Switch 1 booting as Master
Waiting for Port download...Complete
%STACKMGR-4-SWITCH_ADDED: Switch 1 has been ADDED to the stack
%STACKMGR-5-SWITCH_READY: Switch 1 is READY
%STACKMGR-4-STACK_LINK_CHANGE: Stack Port 1 Switch 1 has changed to state DOWN
%STACKMGR-4-STACK_LINK_CHANGE: Stack Port 2 Switch 1 has changed to state DOWN
%STACKMGR-5-MASTER_READY: Master Switch 1 is READY
SW1(config)#switch 1 priority 15
Changing the Switch Priority of Switch Number 1 to 15
Do you want to continue?[confirm]
New Priority has been set successfully
SW1#copy running-config startup-config
SW1#reload
SW2#
SM: Detected stack cables at PORT1 PORT2
Waiting for Stack Master Election...
Election Complete
Switch 2 booting as Member, Switch 1 elected Master
HCOMP: Compatibility check PASSED
Waiting for feature sync....
Waiting for Port download...Complete
Stack Master is ready
52. Vérification
SW1#show switch
Switch/Stack Mac Address : 0011.214e.d180
H/W Current
Switch# Role Mac Address Priority Version State
----------------------------------------------------------
*1 Master 0011.214e.d180 15 0 Ready
2 Member 0016.c762.6c80 1 0 Ready
SW1#show switch stack-ports
Switch # Port 1 Port 2
-------- ------ ------
1 Ok Ok
2 Ok Ok
SW1#show switch stack-ring speed
Stack Ring Speed : 32G
Stack Ring Configuration: Full
Stack Ring Protocol : StackWise
SW1#show ip interface brief | include Fast
FastEthernet1/0/1 unassigned YES unset down down
FastEthernet1/0/2 unassigned YES unset down down
FastEthernet1/0/3 unassigned YES unset down down
FastEthernet1/0/4 unassigned YES unset down down
[output omitted]
FastEthernet2/0/1 unassigned YES unset down down
FastEthernet2/0/2 unassigned YES unset down down
FastEthernet2/0/3 unassigned YES unset down down
FastEthernet2/0/4 unassigned YES unset down down
[output omitted]
53. Vérification
SW3#show cdp neighbors
Capability Codes: R - Router, T - Trans Bridge, B - Source Route Bridge
S - Switch, H - Host, I - IGMP, r - Repeater, P - Phone
Device ID Local Intrfce Holdtme Capability Platform Port ID
SW1 Fas 0/21 129 S I WS-C3750- Fas 2/0/21
SW1 Fas 0/20 150 S I WS-C3750- Fas 1/0/20
55. Fonctionnalités d'accès SD
Automatisation du réseau
Assurance et analyse du réseau
Mobilité de l'hôte
Services d'identité
Application des politiques
Segmentation sécurisée
Virtualisation du réseau
65. SD-Access Fabric Plane
ID de stratégie de groupe
Bit d'extension de stratégie basée sur le groupe (bit G)
Don't Learn Bit (D Bit)
Policy Applied Bit (A Bit)
66. SD-Access Fabric Policy Plane
Prise en charge de la segmentation basée sur le réseau
Politiques de groupe indépendantes
Application dynamique des politiques
Constructions de politiques
Application étendue de la politique
111. Variantes SNMP
Version Niveau Authentification Chiffrement
SNMPv1 noAuthNoPriv Community string No
SNMPv2c noAuthNoPriv Community string No
SNMPv3 noAuthNoPriv Username No
SNMPv3 authNoPriv Message Digest 5 (MD5) or Secure
Hash Algorithm (SHA)
No
124. Types de trafic NetFlow collecté d'entrée/sortie
Adresse IP source / destination
Numéro de port source /destination
Type de protocole de couche 3
Type de service (ToS)
Interface logique d'entrée
127. Exemples de compromis de données NetFlow
Champ
Key or Non-
Key Field
Définition
IP ToS Key Valeur dans le type de service (ToS)
IP ToS Key Valeur dans le champ Protocole IP
IP source address Key Adresse IP source
Transport source port Key Adresse IP de destination
Transport destination port Key Valeur du champ du port source de la couche transport
Interface input Key Valeur du port de destination de la couche transport
Flow sampler ID Key Numéro d'identification de l'échantillonneur de flux (si
l'échantillonnage de flux est activé)
128. Exemples de compromis de données NetFlow (Suite)
Champ Key Définition
IP source AS Non-key Système autonome à la source
IP destination AS Non-key Numéro de système autonome de destination
IP next-hop address Non-key Adresse IP du prochain saut
IP source mask Non-key Masque pour l'adresse IP source
IP destination mask Non-key Masque pour l'adresse IP de destination
TCP flags Non-key Valeur dans l'indicateur TCP
Interface output Non-key Interface sur laquelle le trafic est transmis
Counter bytes Non-key Nombre d'octets vus dans le flux
Counter packets Non-key Nombre de paquets vus dans le flux
Time stamp system uptime first Non-key Disponibilité du système (temps, en millisecondes)
Time stamp system uptime last Non-key Disponibilité du système (temps, en millisecondes)