Resources
F. Switching
1. The command “no switchport” enables a switch port for layer 3 operation.
On the other hand, the command “switchport” enables a switch port for layer
2 operation.
2. The command syntax for assigning a management domain
for a switch is:
Switch#vtp domain <domain-name>
For
example, if the domain name is newyork, the command is:
Switch#vtp
domain newyork
3. You need to create a domain while configuring
the first switch in a switch network. For subsequent switches, you only
need to join the existing domain. The password is required if the domain
need to be secured by a password. The command allows you to create a new
domain ( in case the first switch is being configured) or to join an existing
domain (one or more switches have already been assigned a domain).
4.
Port security enables securing switch ports as required. Typical configuration
commands for enabling port security are given below:
Switch#config
t
Switch(config)# int fa0/1
Switch(config-if)# switchport
port-security
By default, the port is locked to the first MAC address
that it learns via the port. You can also manually associate a specific
MAC address to a given port by issuing the command: switchport port-security
mac-address {MAC address} in the interface configuration mode.
5. The
enable a switch port for layer 2 functionality use the following commands:
1. switch(config)# interface <type> <mod>/<num>
2.
switch(config-if)# switchport
The first command enters interface configuration
mode for the switch interface <mod>/<num>, and the second command
enables layer 2 functionality on the port. Use the “no” form of the switchport
command to enable layer3 functionality.
i. VLANs
1. A VLAN is a group of devices on one or more logically segmented LANs.
All devices working on a VLAN will have same broadcast domain. Like routers,
switches (Layer 2) have the ability to provide domain broadcast segmentation
called a VLAN. Using VLAN technology, you can group switch ports and their
connected users into logically defined communities of interest. A VLAN operating
on a Catalyst switch limits transmission of unicast, multicast, and broadcast
traffic to only the other ports belonging to that VLAN, thereby controlling
broadcasts
2. By implementing VLANs,
· The effective broadcast traffic
decreases, since VLANs do not forward the broadcast traffic from one VLAN
to another.
· The security can be improved by implementing a router (A
layer 3 device) to route the packets among VLANs.
3. The benefits of
VLANS include:
1. Easy Administration resulting in reduced administration costs,
2. Increased Security due to broadcast control, if you are using simple
hub, you can observe traffic corresponding to any node by simply inserting
a Network analyzer.
3. Grouping based on functional requirements irrespective
of physical location of nodes,
4. Simplify moves, adds, changes,
5.
Distribution of traffic thereby using the network bandwidth more efficiently.
4. VLAN port assignments can be configured either of two ways:
Static
VLANs: The administrator statically configures VLAN port assignment. VLAN
memberships on the switch ports are assigned on a port-by-port basis.
Dynamic VLANs: A VMPS (VLAN Management Policy Server) can dynamically assign
VLAN ports. The MAC address of the node is used to determine the VLAN assignment.
A separate server or a Catalyst 5000 can function as a VMPS server. When
a frame arrives on a dynamic port at the switch, it queries the VMPS for
the VLAN assignment based on the source MAC address of the arriving frame
5. Inter-Switch Link (ISL) is one of the VLAN trunking protocols used for
switched VLAN networks. It uses frame tagging to identify the VLAN. ISL
encapsulates the original Ethernet frame, and a VLAN-ID is inserted into
the ISL header
Inter-Switch Link and 802.1Q are two VLAN Trunking Protocols
used with Fast Ethernet, that Cisco supports. LANE is associated with ATM
and 802.10 is associated with FDDI. Also, it is important to note that ISL,
802.1Q, and 802.10 use Frame Tagging to identify the VLANs.
6. You use
show vlan or show vlan vlan# command to see the configuration details of
VLANs. The command "sh vlan" will display the configuration information
for all VLANs, where as the command "sh vlan vlan#" shows only the configuration
information pertaining to that vlan. For example, if you want to see the
configuration information for vlan2, you give the command "sh vlan 2".
7. Inter-Switch Link and 802.1Q are two VLAN Trunking Protocols used with
Fast Ethernet that Cisco supports. LANE is associated with ATM and 802.10
is associated with FDDI. Also, it is important to note that ISL, 802.1Q,
and 802.10 use Frame Tagging to identify the VLANs.
8. Inter-Switch Link
(ISL) is one of the VLAN trunking protocols used for switched VLAN networks.
It uses frame tagging to identify the VLAN. ISL encapsulates the original
Ethernet frame, and a VLAN-ID is inserted into the ISL header.
ii. VTP
1. The default VTP configuration parameters for the Catalyst switch are as follows:
1. VTP domain name: None
2. VTP mode: Server
3. VTP
password: None
4. VTP pruning: Disabled
5. VTP trap: Disabled
2. The VTP domain name can be specified manually or learned across a
configured trunk line from a server with a domain name configured. By default,
the domain name is not set. If you configure a VTP password, VTP does not
function properly unless you assign the same password to each switch in
the domain. VTP trap is disabled by default. If you enable this feature,
it causes an SNMP message to be generated every time a new VTP message is
sent.
3. To verify any configuration change, "show vtp" privileged executive
command can be used. This command displays, among other things, VTP domain
name, VTP password if any, VTP pruning mode (enabled or disabled) and the
IP address of the device that last modified the configuration.
4. A VTP
advertisement necessarily consists of "Configuration revision number". Every
time a VTP server updates its VLAN information, it increments the configuration
revision number by one count. VTP clients, use the revision number to enforce
the VLAN configuration Update.
iii. STP
1. STP is enabled on every port on Cisco switches, by default. It is
preferred to leave it enabled, so that bridging loops don't occur. STP can
be disabled selectively on any specific port by issuing the command: Switch
(enable) set spantree disable <mod-number>/<port-number>. Ex: Switch
(enable) set spantree disable 2/4.The above command disables STP on port
4 of module 2.
2. Internally, STP assigns to each bridge (or switch)
port a specific role. The port role defines the behavior of the port from
the STP point of view. Based on the port role, the port either sends or
receives STP BPDUs and forwards or blocks the data traffic. The different
port roles are given below:
1. Designated: One designated port is elected per link (segment). The
designated port is the port closest to the root bridge. This port sends
BPDUs on the link (segment) and forwards traffic towards the root bridge.
In an STP converged network, each designated port is in the STP forwarding
state. The switch with the lowest cost to reach the root, among all switches
connected to a segment, becomes a DP (Designated Port) on that switch. If
the cost is tied (that is two or more switches have the same cost), the
switch with the lowest bridge ID will have the DP (the switch on which DP
is elected is called Designated Switch or Designated Bridge). Bridge ID:
Priority + MAC address
2. Root: A bridge can have only one root
port. The root port is the port that leads to the root bridge. In an STP
converged network, the root port is in the STP forwarding state. All bridges
except the root bridge will have a root port.
3. Alternate: Alternate
ports lead to the root bridge, but are not root ports. The alternate ports
maintain the STP blocking state. 4. Backup: This is a special case when
two or more ports of the same bridge (switch) are connected together, directly
or through shared media. In this case, one port is designated, and the remaining
ports block. The role for this port is backup.
3. During the process of Spanning-Tree Algorithm execution, redundant ports need to be blocked. This is required to avoid bridging loops. To choose which port to use for forwarding frames, and which port to block, the following three components are used by the Spanning-Tree Protocol:
1. Path Cost: The port with lowest path cost is placed in the forwarding
mode. Other ports are placed in blocking mode.
2. Bridge ID: If
the path costs are equal, then the bridge ID is used to determine which
port should forward. The port with the lowest Bridge ID is elected to forward,
and all other ports are blocked.
3. Port ID: If the path cost and
bridge ID are equal, the Port ID is used to elect the forwarding port. The
lowest port ID is chosen to forward. This type of situation may arise when
there are parallel links, used for redundancy.
4. During the process of Spanning-Tree Protocol execution, Root switch
(say, switch A) is elected first. Next, the switch closest to the root switch
is selected. This switch is known as Designated switch or Parent switch
(say switch B). The frames are forwarded to the root switch(A) through the
designated switch(B). Now the lowest cost port on a switch (say switch C)
is selected. This is known as the Root port. A Root Port is the port on
a switch that has the lowest cost path to the Root Bridge. All Non-Root
Switches will have one Root Port. Here, switch B is the designated switch
for switch C and switch A is known as the root switch for switch C. Note
that switch C is connected to the root switch (A) through its designated
switch (B).
5. The command "show spantree" includes information about
the following:
1. VLAN number
2. Root bridge priority, MAC address
3. Bridge timers (Max Age, Hello Time, Forward Delay)
Cert-Ex™ Exam Simulators, Cert-Ex™ Network Simulator, Cert-Ex™ Cheatsheets are written independently by CertExams.com and not affiliated or authorized by respective certification providers. Cert-Ex™ is a trade mark of CertExams.com or entity representing Certexams.com.