Cisco^® CCNA-ICND2^™ Exam Notes

F. Switching 

1. The command “no switchport” enables a switch port for layer 3 operation. On the other hand, the command “switchport” enables a switch port for layer 2 operation.
2. The command syntax for assigning a management domain for a switch is: 
Switch#vtp domain <domain-name> 
For example, if the domain name is newyork, the command is: 
Switch#vtp domain newyork 
3. You need to create a domain while configuring the first switch in a switch network. For subsequent switches, you only need to join the existing domain. The password is required if the domain need to be secured by a password. The command allows you to create a new domain ( in case the first switch is being configured) or to join an existing domain (one or more switches have already been assigned a domain).
4. Port security enables securing switch ports as required. Typical configuration commands for enabling port security are given below: 
Switch#config t 
Switch(config)# int fa0/1 
Switch(config-if)# switchport port-security 
By default, the port is locked to the first MAC address that it learns via the port. You can also manually associate a specific MAC address to a given port by issuing the command: switchport port-security mac-address {MAC address} in the interface configuration mode.
5. The enable a switch port for layer 2 functionality use the following commands: 

1. switch(config)# interface <type> <mod>/<num> 
2. switch(config-if)# switchport
The first command enters interface configuration mode for the switch interface <mod>/<num>, and the second command enables layer 2 functionality on the port. Use the “no” form of the switchport command to enable layer3 functionality.

i. VLANs

1. A VLAN is a group of devices on one or more logically segmented LANs. All devices working on a VLAN will have same broadcast domain. Like routers, switches (Layer 2) have the ability to provide domain broadcast segmentation called a VLAN. Using VLAN technology, you can group switch ports and their connected users into logically defined communities of interest. A VLAN operating on a Catalyst switch limits transmission of unicast, multicast, and broadcast traffic to only the other ports belonging to that VLAN, thereby controlling broadcasts
2. By implementing VLANs,
· The effective broadcast traffic decreases, since VLANs do not forward the broadcast traffic from one VLAN to another.
· The security can be improved by implementing a router (A layer 3 device) to route the packets among VLANs.
3. The benefits of VLANS include:

1. Easy Administration resulting in reduced administration costs,
2. Increased Security due to broadcast control, if you are using simple hub, you can observe traffic corresponding to any node by simply inserting a Network analyzer.
3. Grouping based on functional requirements irrespective of physical location of nodes,
4. Simplify moves, adds, changes,
5. Distribution of traffic thereby using the network bandwidth more efficiently.

4. VLAN port assignments can be configured either of two ways:
Static VLANs: The administrator statically configures VLAN port assignment. VLAN memberships on the switch ports are assigned on a port-by-port basis.
Dynamic VLANs: A VMPS (VLAN Management Policy Server) can dynamically assign VLAN ports. The MAC address of the node is used to determine the VLAN assignment. A separate server or a Catalyst 5000 can function as a VMPS server. When a frame arrives on a dynamic port at the switch, it queries the VMPS for the VLAN assignment based on the source MAC address of the arriving frame
5. Inter-Switch Link (ISL) is one of the VLAN trunking protocols used for switched VLAN networks. It uses frame tagging to identify the VLAN. ISL encapsulates the original Ethernet frame, and a VLAN-ID is inserted into the ISL header
Inter-Switch Link and 802.1Q are two VLAN Trunking Protocols used with Fast Ethernet, that Cisco supports. LANE is associated with ATM and 802.10 is associated with FDDI. Also, it is important to note that ISL, 802.1Q, and 802.10 use Frame Tagging to identify the VLANs.
6. You use show vlan or show vlan vlan# command to see the configuration details of VLANs. The command "sh vlan" will display the configuration information for all VLANs, where as the command "sh vlan vlan#" shows only the configuration information pertaining to that vlan. For example, if you want to see the configuration information for vlan2, you give the command "sh vlan 2".
7. Inter-Switch Link and 802.1Q are two VLAN Trunking Protocols used with Fast Ethernet that Cisco supports. LANE is associated with ATM and 802.10 is associated with FDDI. Also, it is important to note that ISL, 802.1Q, and 802.10 use Frame Tagging to identify the VLANs.
8. Inter-Switch Link (ISL) is one of the VLAN trunking protocols used for switched VLAN networks. It uses frame tagging to identify the VLAN. ISL encapsulates the original Ethernet frame, and a VLAN-ID is inserted into the ISL header.

ii. VTP

1. The default VTP configuration parameters for the Catalyst switch are as follows: 

1. VTP domain name: None 
2. VTP mode: Server 
3. VTP password: None 
4. VTP pruning: Disabled 
5. VTP trap: Disabled

2. The VTP domain name can be specified manually or learned across a configured trunk line from a server with a domain name configured. By default, the domain name is not set. If you configure a VTP password, VTP does not function properly unless you assign the same password to each switch in the domain. VTP trap is disabled by default. If you enable this feature, it causes an SNMP message to be generated every time a new VTP message is sent.
3. To verify any configuration change, "show vtp" privileged executive command can be used. This command displays, among other things, VTP domain name, VTP password if any, VTP pruning mode (enabled or disabled) and the IP address of the device that last modified the configuration.
4. A VTP advertisement necessarily consists of "Configuration revision number". Every time a VTP server updates its VLAN information, it increments the configuration revision number by one count. VTP clients, use the revision number to enforce the VLAN configuration Update.

iii. STP

1. STP is enabled on every port on Cisco switches, by default. It is preferred to leave it enabled, so that bridging loops don't occur. STP can be disabled selectively on any specific port by issuing the command: Switch (enable) set spantree disable <mod-number>/<port-number>. Ex: Switch (enable) set spantree disable 2/4.The above command disables STP on port 4 of module 2.
2. Internally, STP assigns to each bridge (or switch) port a specific role. The port role defines the behavior of the port from the STP point of view. Based on the port role, the port either sends or receives STP BPDUs and forwards or blocks the data traffic. The different port roles are given below: 

1. Designated: One designated port is elected per link (segment). The designated port is the port closest to the root bridge. This port sends BPDUs on the link (segment) and forwards traffic towards the root bridge. In an STP converged network, each designated port is in the STP forwarding state. The switch with the lowest cost to reach the root, among all switches connected to a segment, becomes a DP (Designated Port) on that switch. If the cost is tied (that is two or more switches have the same cost), the switch with the lowest bridge ID will have the DP (the switch on which DP is elected is called Designated Switch or Designated Bridge). Bridge ID: Priority + MAC address 
2. Root: A bridge can have only one root port. The root port is the port that leads to the root bridge. In an STP converged network, the root port is in the STP forwarding state. All bridges except the root bridge will have a root port. 
3. Alternate: Alternate ports lead to the root bridge, but are not root ports. The alternate ports maintain the STP blocking state. 4. Backup: This is a special case when two or more ports of the same bridge (switch) are connected together, directly or through shared media. In this case, one port is designated, and the remaining ports block. The role for this port is backup.

3. During the process of Spanning-Tree Algorithm execution, redundant ports need to be blocked. This is required to avoid bridging loops. To choose which port to use for forwarding frames, and which port to block, the following three components are used by the Spanning-Tree Protocol: 

1. Path Cost: The port with lowest path cost is placed in the forwarding mode. Other ports are placed in blocking mode. 
2. Bridge ID: If the path costs are equal, then the bridge ID is used to determine which port should forward. The port with the lowest Bridge ID is elected to forward, and all other ports are blocked. 
3. Port ID: If the path cost and bridge ID are equal, the Port ID is used to elect the forwarding port. The lowest port ID is chosen to forward. This type of situation may arise when there are parallel links, used for redundancy.

4. During the process of Spanning-Tree Protocol execution, Root switch (say, switch A) is elected first. Next, the switch closest to the root switch is selected. This switch is known as Designated switch or Parent switch (say switch B). The frames are forwarded to the root switch(A) through the designated switch(B). Now the lowest cost port on a switch (say switch C) is selected. This is known as the Root port. A Root Port is the port on a switch that has the lowest cost path to the Root Bridge. All Non-Root Switches will have one Root Port. Here, switch B is the designated switch for switch C and switch A is known as the root switch for switch C. Note that switch C is connected to the root switch (A) through its designated switch (B).
5. The command "show spantree" includes information about the following: 

1. VLAN number 
2. Root bridge priority, MAC address 
3. Bridge timers (Max Age, Hello Time, Forward Delay)

Previous  Up  Next