Routing & Switching

The video demonstrate an alternative to IPv6 address assignment with Stateful Autoconfiguration on Cisco router. The concept of DHCP in IPv6 has changed slightly where DHCP server no longer provides subnet mask and default gateway, but instead end-hosts obtain these information through Router Advertisement. We will look at how we can use Other and Managed Config flags to control what type of information end-hosts would obtain from a DHCP server. A router and Windows 7 computer will be used as our test clients in this lab.

The video looks further into mechanism that IPv6 uses to provide default router information to local hosts on Cisco router. This includes ability to influence end hosts to choose a preferred default gateway. We will specifically look at Default Router Preference flag in the RA packet on Wireshark, as well as performing router failover and observe exactly host the end hosts change their default gateway. 

The video walks you through basic IPv6 interface configuration on Cisco router, and introduces you to a concept of Link-Local, Site-Local and Global addresses. We will look at how an IPv6 host can obtain an IP address through stateless autoconfiguration using a Cisco router and Windows 7 computer as our test devices. We will review the IPv6 fundamental messages used in neighbour discovery from debug outputs and Wireshark packet captures.

The video looks into Virtual Extension LAN (VXLAN) support on Cisco Nexus 1000V. VXLAN allows VLAN ID to be extended to 24 bits, or in other words, essentially increases number of available VLAN from 4096 to more than 16 million VLAN. We will configure VXLAN on port-profile. In this lab, we intentionally have VEM control interfaces separated by layer 3 to demonstrate MAC-in-IP encapsulation provided by VXLAN to extend an isolated layer 2 domain across a routable and multicast-enabled network.

The video looks into Cisco TrustSec feature on Cisco Nexus 1000V. We will configure port-profiles to assign SGT to hosts, and have SGT-to-IP mapping sent to an ASA firewall over a SXP connection for policy enforcement. We will see how we can construct an ACL on the ASA to permit or deny traffic based on SGT value using a object-group-security. 

The video looks at how we can achieve network separation at layer 2 with private vlan on Cisco Nexus 1000V. We will go through the concept of Primary, Secondary, Isolated and Community VLANs, and experiment with server communication by placing the servers on different vlan. At the end of the video, we will also go through a scenario where we have two sets of private vlan. Private VLAN allows hosts to remain segregated on the same IP subnet. 

The video presents three main QoS building blocks on Cisco Nexus 1000V: Marking, Policing, and Queuing. We will be applying QoS to Port-Profile to mark RDP traffic, and enforcing policing based on matching DSCP value. Any traffic exceeding allowable rate will be either drop or marked down. We will attempt to provide guaranteed bandwidth to both Nexus and VMware control traffic. DSCP values will be analyzed using Wireshark packet capture.

The video looks into three advanced security features on Cisco Nexus 1000V: DHCP Snooping, Dynamic ARP Inspection, and IP Source Guard. We will be testing each of the features with security audit tools, and we will be able to see how these features protect us from DHCP, ARP and source IP spoofing attacks.

The video walks you through two basic security features on Cisco Nexus 1000V: Access Control List (ACL) and Port-Security. We will configure ACL on a host-facing port-profile and have any denied traffic being logged and sent to a Syslog server. We will enable Port-Security to limit the number of MAC address and test our configuration by performing MAC flooding attack.

• Access Control List (ACL)
• Port-Security
• Errdisable Recovery
• MAC Flooding (Macof Tool)

The video demonstrates how to enable Netflow on Cisco Nexus 1000V to collect network traffic information. We will configure Netflow at vEthernet interfaces, run FTP and RDP as our test applications, and review information displayed on Netflow collector. We will also perform packet capture and analyze Netflow version 9 packets.

• Netflow v9
• Netflow Collector
• Netflow Packet Analysis