Ccna 3

ACN-1 Chapter 6

AACS5324 AACS5324 Advanced Computer NetworksAdvanced Computer Networks

Chapter 6

LAN Design

ACN-2 Chapter 6

ObjectivesObjectives

ACN-3 Chapter 6

LAN DesignLAN Design

Switched LAN ArchitectureSwitched LAN Architecture

ACN-4 Chapter 6


• When building a LAN that satisfies the needs of a small or medium-sized business, your plan is more likely to be successful if a hierarchical design model is used.

• Divided into discrete layers.• Each layer has a specific purpose.• Becomes modular – maintenance, performance.

ACN-5 Chapter 6


ACN-6 Chapter 6

Access LayerAccess Layer

• Interfaces with end devices.• Routers, switches, bridges, wireless access points.• Provides a means of connecting and controlling which

devices are allowed to communicate on the network.

ACN-7 Chapter 6

Distribution LayerDistribution Layer

• Aggregates (funnels) data receives from the access Layer switches before it is transmitted to the core layer for routing to its final destination.

• Controls the flow of network traffic using policies • performing routing functions between virtual LANs (VLANs) defined at the

access layer. • Distribution layer switches are typically high-performance devices that

have high availability and redundancy to ensure reliability

ACN-8 Chapter 6

Core LayerCore Layer

• High speed backbone of the network.• Connects to the Internet resources.• Must be highly available and redundant as it is critical for interconnectivity

between distribution layer devices• Must be capable of quickly forwarding large amounts of data as it

aggregates the traffic from all the distribution layer devices.

ACN-9 Chapter 6

Medium Sized BusinessMedium Sized Business

Logical Logical LayoutLayout

PhysicalPhysicalLayoutLayout

ACN-10 Chapter 6

Benefits of a Hierarchical NetworkBenefits of a Hierarchical Network

• Benefits:• Scalability• Redundancy• Performance• Security• Manageability• Maintainability

ACN-11 Chapter 6


ScalabilityScalability

Hierarchical Networks can be expanded easily.Hierarchical Networks can be expanded easily.

ACN-12 Chapter 6


RedundancyRedundancy

Redundancy at the core and distribution layers Redundancy at the core and distribution layers ensure availability.ensure availability.

ACN-13 Chapter 6


PerformancePerformance

Link aggregation and Link aggregation and high performancehigh performance distribution and core distribution and core layer switches provide near-wire speed at all layers.layer switches provide near-wire speed at all layers.

ACN-14 Chapter 6


SecuritySecurity

Port security at the access layer and policies at the distribution Port security at the access layer and policies at the distribution layer make the network more secure.layer make the network more secure.

ACN-15 Chapter 6


ManageabilityManageability

Consistency among switches at each layer makes Consistency among switches at each layer makes management more simple.management more simple.

ConfigurationsConfigurations

FunctionalityFunctionalityAdditional SwitchAdditional Switch

Rapid RecoveryRapid Recovery

Easier TroubleshootingEasier Troubleshooting

ACN-16 Chapter 6


MaintainabilityMaintainability

The modular design allows a network to scale easily without The modular design allows a network to scale easily without becoming over-complicated or burdensome.becoming over-complicated or burdensome.

ACN-17 Chapter 6

Principles of Hierarchical Network DesignPrinciples of Hierarchical Network Design

• Just because a network is hierarchical, it doesn’t mean it’s well designed.

• Network Diameter:• The number of devices that a packet has to cross before

it reaches its destination. Keeping the network diameter low ensures low and predictable latency between devices

• Bandwidth Aggregation:• After the bandwidth requirements of the network are

known, links between specific switches can be aggregated or combined to provide higher bandwidth.

• Redundancy:• The practice of providing multiple paths to a destination

or multiple instances of a device.

ACN-18 Chapter 6


• Network Diameter:• For PC1 to

communicatewith PC3, thedata musttraverse 6intermediateswitches.

• In this case, the network diameter is 6.• Each switch introduces some latency.• In a hierarchical network, network diameter is always

going to be a predictable number of hops between the source and destination devices.

ACN-19 Chapter 6


• BandwidthAggregation:

• Linkaggregationallows multipleswitch portlinks to becombined soas to achieve higher throughput between switches.

• The determining factor is using link aggregation is the requirements of the user applications.

ACN-20 Chapter 6


• Redundancy:• Redundancy is

one part ofcreating ahighly availablenetwork.

• Multiple linksbetweenswitches or multiple devices.

• It can get expensive and most likely will not be done on the access layer because of the cost and variety of devices.

• It is feasible at the distribution and core layers.

ACN-21 Chapter 6

What is a Converged Network?What is a Converged Network?

• A Converged Network is one where voice and video communications have been combined on a single data network.

• Legacy Equipment:• Until now, mainly feasible on large enterprise

networks.

ACN-22 Chapter 6


• Advanced Technology:• More popular to medium and small sized businesses.• Can be a difficult decision considering current

investments in technology.• Benefit:

• Only one network to manage.

ACN-23 Chapter 6


• New Options:• You can now tie voice and video communications directly

into an employee's personal computer system.• Software integrated on a PC eliminates an expensive

handset.• Add a webcam and video conference.

ACN-24 Chapter 6

LAN DesignLAN Design

Matching Switches to Specific LAN Functions

Traffic Flow AnalysisTraffic Flow Analysis

User Community AnalysisUser Community Analysis

Data Stores and Data Servers AnalysisData Stores and Data Servers Analysis

Topology Topology DiagramsDiagramsSwitch FeaturesSwitch Features

ACN-25 Chapter 6

Considerations for Network SwitchesConsiderations for Network Switches

• Traffic Flow Analysis:• The process of

measuring thebandwidth usageon a network andanalyzing the data.

• Performance tuning.• Capacity planning.• Hardware improvement decisions.

ACN-26 Chapter 6


• User Community Analysis:• The process of identifying various groupings of users and

their impact on network performance.

ACN-27 Chapter 6


• Data Stores and Data Servers Analysis:• When analyzing traffic on a network, consider the location

of the data stores and data servers.• Consider both client-server and server-server traffic.

ACN-28 Chapter 6


• Topology Diagram:• A graphical representation of a network infrastructure.

• Switch connections with port numbers.• Aggregated ports and redundant paths.• Identify configuration by switch name.• Could contain user information.

ACN-29 Chapter 6

Switch FeaturesSwitch Features

• Switch Form Factors:• When selecting a switch, you need to decide between

• Fixed configuration or modular configuration.• Stackable or non-stackable.

• The switch form factor (physical size) is important depending upon where the switch will be installed.• Wiring closet with limited space.• Computer room with free standing racks.• Shelf in a central area.

ACN-30 Chapter 6


• Fixed Configuration Switches:• Fixed in their configuration.• You cannot add features or options to the switch beyond

those that originally came with the switch.

ACN-31 Chapter 6


• Modular Switches:• Offer more flexibility.• Typically come with different sized chassis that allow for

the installation of different numbers of modular line cards.• The line cards actually contain the ports.

ACN-32 Chapter 6


• Stackable Switches:• Interconnected using a special backplane cable that

provides high-bandwidth throughput between the switches (Cisco StackWise).

• The stacked switches effectively operate as a single, larger switch.

• Desirable when fault tolerance and bandwidth availability are critical and a modular switch is too costly to implement.

ACN-33 Chapter 6

Switch PerformanceSwitch Performance

• When selecting a switch for the access, distribution, or core layer, consider the ability of the switch to support:

• Port Density.• Forwarding Rate.• Bandwidth Aggregation Requirements.

ACN-34 Chapter 6


• Port Density:• Port density is the number of ports available on a single

switch.

24 Port24 Port

48 Port48 Port

Very high density.Very high density.Catalyst 6500 - 1,000 PortsCatalyst 6500 - 1,000 Ports

ACN-35 Chapter 6


• Forwarding Rate:• Defines the processing capabilities of a switch by rating

how much data the switch can process per second.• If the switch forwarding rate is too low, it cannot

accommodate full wire-speed communication across all of its switch ports.

• A 48 port Gigabit switch is capable of switching 48 Gigabits of traffic.

ACN-36 Chapter 6


• Forwarding Rate:• Access layer switches typically do not need to operate at

full wire speed because they are physically limited by their uplinks to the distribution layer.

• Allows the use of:• Less expensive, lower performing switches at the

access layer.• More expensive, higher performing switches at the

distribution and core layers, where the forwarding rate makes a bigger difference.

ACN-37 Chapter 6


• Link Aggregation:• As part of bandwidth aggregation, you should determine if

there are enough ports on a switch to aggregate to support the required bandwidth.

ACN-38 Chapter 6


• Power over Ethernet (PoE):• Allows the switch to deliver power to a device over the

existing Ethernet cabling.

Adds considerable cost to the switch.Adds considerable cost to the switch.

ACN-39 Chapter 6


• Layer 3 Functionality:• Switches typically operate at Layer 2 of the OSI Model.

ACN-40 Chapter 6

Switch Features – Hierarchical NetworkSwitch Features – Hierarchical Network

• Access Layer Switch Features:

Port SecurityPort Security

VLANsVLANsFastEthernet/GigabitFastEthernet/Gigabit

PoEPoE

Link AggregationLink Aggregation

Quality of Service (QoS)Quality of Service (QoS)

ACN-41 Chapter 6


• Distribution Layer Switch Features:

Layer 3 SupportLayer 3 Support

High Forwarding RateHigh Forwarding Rate

Gigabit/10 GigabitGigabit/10 GigabitRedundant ComponentsRedundant Components


Quality of Service (QoS)Quality of Service (QoS)Security PoliciesSecurity Policies

ACN-42 Chapter 6


• Core Layer Switch Features:

Layer 3 SupportLayer 3 Support

Very High Forwarding RateVery High Forwarding Rate

Gigabit/10 GigabitGigabit/10 Gigabit

Redundant ComponentsRedundant Components


Quality of Service (QoS)Quality of Service (QoS)

ACN-43 Chapter 6

Switches – Switches – Small and Medium Business (SMB)Small and Medium Business (SMB)

• Cisco has seven switch product lines. Each product line offers different characteristics and features, allowing you to find the right switch to meet the functional requirements of your network.

• The Cisco switch product lines are:• Catalyst Express 500• Catalyst 2960• Catalyst 3560• Catalyst 3750• Catalyst 4500• Catalyst 4900• Catalyst 6500

ACN-44 Chapter 6

Switches – Switches – Small and Medium Business (SMB)Small and Medium Business (SMB)

AccessAccess DistributionDistribution CoreCore

Bandwidth (Link) Aggregation

FastEthernet/Gigabit Ethernet

Gigabit Ethernet/10 Gigabit Ethernet

High Forwarding Rate

Layer 3 Support

Port Security

Power Over Ethernet (PoE)

Quality of Service (QoS)

Redundant Components

Security Policies/Access Control Lists

Very High Forwarding Rate

VLANs

u u u

u

u u

u

u u

u

u

u u u

u u

u

u

u

ACN-45 Chapter 6


Chapter 7

Switch Concepts and Configuration

ACN-46 Chapter 6


Upon completion of this chapter, student should be able to understanding the followings:

• Operations of Ethernet• Ethernet Network Design Considerations• Switch Forwarding & Buffering Methods• Common Security Attacks on Switches• Switch Configurations & Basic Management

ACN-47 Chapter 6

Switch Concepts and ConfigurationSwitch Concepts and Configuration

Key Elements of Ethernet/802.3 LANs

ACN-48 Chapter 6

CSMA/CDCSMA/CD

ACN-49 Chapter 6

Ethernet CommunicationsEthernet Communications

ACN-50 Chapter 6


• Ethernet Frame: Minimum 64 bytes, Maximum 1518 bytes

• Preamble/SOFD: Synchronize to medium.• Destination Address: MAC Address of destination device.• Source Address: MAC address of source device.• Length/Type: Length of frame or protocol type code.• Data: Encapsulated data from OSI Layers 7 to 3.• FCS: Frame Check Sequence.

ACN-51 Chapter 6


• MAC Address:

• Broadcast: Indicates a broadcast or multicast frame.• Local: indicates whether the address can be modified locally.• OUI Number: Manufacturer of the NIC.• Vendor Number: Unique, vendor assigned number.• MAC address= Layer 2 add/ Physical add/ Hardware add/

Burn-in-address (BIA)• 6-byte OR 48-bit OR 12-hexadecimal digit• Format: 00-05-9A-3C-78-00, 00:05:9A:3C:78:00, or

0005.9A3C.7800

ACN-52 Chapter 6


ACN-53 Chapter 6


• Switch Port Settings:• AUTO: (more)

• Auto-negotiation of duplex mode. The two ports communicate to determine the best mode.• Default for FastEthernet and 10/100/1000 ports.

• FULL:• Full-duplex mode.

• Default for 100BASE-FX ports.• HALF:

• Half-duplex mode.

ACN-54 Chapter 6


• Switch Port Settings:• AUTO:

• Auto-negotiation of duplex mode. The two ports communicate to determine the best mode.

• Auto-negotiation can produce unpredictable results.• If auto-negotiation fails because the attached device

does not support it, the Catalyst switch defaults the switch port to half-duplex mode.

• Half-duplex on one end and full-duplex on the other causes late collision errors at the half-duplex end.

• To avoid this, manually set the duplex parameters of the switch to match the attached device.

ACN-55 Chapter 6

Late CollisionsA late collision is a collision packet usually larger than 64 bytes with a corrupted CRC field value.

• a collision occurs with less than the normal 64 bytes of transmission means a normal collision

• A collision occurs with greater than 64 bytes of data is considered "late" because it did not occur before the 64-byte transmission ratio.

• Late collisions can cause a high number of bytes to be transmitted on the network than with a normal collision under 64 bytes.

• More often this indicates that the station's NIC transmitting the collision cannot hear properly to stop its transmission and will continue to broadcast high collision rates on the network.

ACN-56 Chapter 6


• Switch Port Settings:• Auto-MDIX feature:

• In the past, either a cross-over or a straight-through cable was required depending on the type of device that was being connected to the switch.

• Instead, the mdix auto interface configuration command enables the automatic medium-dependent interface crossover (auto-MDIX) feature.

• With this feature enabled, the switch detects the interface required for copper media and configures the interface accordingly.

ACN-57 Chapter 6

Switch MAC Address TableSwitch MAC Address Table

• Switches use MAC addresses to direct network traffic to the appropriate port.

• A switch builds a MAC address table by learning the source MAC addresses of each device connected to each of its ports.

• Once the MAC address has been added to the table, the switch uses the table entry to forward traffic to that node.

• If a destination address is not in the table, the switch forwards the frame out all ports except the receiving port.

• When the destination responds, the MAC address is added to the table.

• If the port is connected to another switch or a hub, multiple MAC addresses will be recorded in the table.

ACN-58 Chapter 6


• Example Step 1:• The switch receives a broadcast frame from PC 1

on Port 1.

ACN-59 Chapter 6


• Example Step 2:• The switch enters the source MAC address and the

switch port that received the frame into the address table.

ACN-60 Chapter 6

• Example Step 3:• Because the destination address is a broadcast, the

switch floods the frame to all ports, except the port on which it received the frame.


ACN-61 Chapter 6

• Example Step 4:• The destination device replies to the broadcast with a

unicast frame addressed to PC 1.


ACN-62 Chapter 6

• Example Step 5:• The switch enters the source MAC address of PC 2 and

the port number of the switch port that received the frame into the address table.


ACN-63 Chapter 6

• Example Step 6:• The switch can now forward frames between source and

destination devices because it has entries in the address table that identify the associated ports.


ACN-64 Chapter 6

Design Considerations – Ethernet/802.3Design Considerations – Ethernet/802.3

• Bandwidth and Throughput:• A major disadvantage of Ethernet is collisions.

• When two hosts transmit frames simultaneously, the collision results in the transmitted frames being corrupted or destroyed.

• The sending hosts stop sending based on the Ethernet 802.3 rules of CSMA/CD.

• It is important to understand that when stating the bandwidth of the Ethernet network is 10 Mb/s, full bandwidth for transmission is available only after any collisions have been resolved.

ACN-65 Chapter 6


• Bandwidth and Throughput:• A major disadvantage of Ethernet is collisions.

• A hub offers no mechanisms to either eliminate or reduce collisions and the available bandwidth that any one node has to transmit is correspondingly reduced.

• As a result, the number of nodes sharing the Ethernet network will have effect on the throughput.

ACN-66 Chapter 6


• Collision Domains:• To reduce the number of nodes on a given network

segment, you can create separate physical network segments called collision domains.• The network area where frames originate and collide

is called the collision domain. • All shared media environments, such as those

created by using hubs are collision domains. • When a host is connected to a switch port, the

switch creates a dedicated connection. This connection is an individual collision domain.

ACN-67 Chapter 6


• Microsegment:• When two connected hosts want to

communicate with each other, the switchuses the switching table to establish a

virtual connection/circuit between the

ports.

• The virtual circuit is maintained until the session is terminated.

• Multiple virtual circuits are active at the same time.

• The microsegment behaves as if the network has only two hosts, providing maximum available bandwidth to both hosts.

• Switches reduce collisions and improve bandwidth use on network segments because they provide dedicated bandwidth to each network segment.

ACN-68 Chapter 6


• Broadcast Domains:• Although switches filter most frames based on MAC

addresses, they do not filter broadcast frames. • Why?

• Because a switch runs at Layer 2 and cannot learn the MAC address FF-FF-FF-FF-FF-FF.

• A collection of interconnected switches forms a broadcast domain.

• Only Layer 3 devices or a VLAN form separate broadcast domains.

ACN-69 Chapter 6


Interconnecting Interconnecting switches extends the switches extends the broadcast domain.broadcast domain.

Interconnecting Interconnecting switches extends the switches extends the broadcast domain.broadcast domain.

ACN-70 Chapter 6


• Network Latency:• Latency is the time a frame or a packet takes to travel

from the source to the final destination.

ACN-71 Chapter 6


• Network Congestion:• The primary reason for segmenting a LAN into smaller

parts is to isolate traffic and to achieve better use of bandwidth per user.

• Without segmentation, a LAN quickly becomes clogged with traffic and collisions.

• Most common causes:• Increasingly powerful computer and network

technologies.• Increasing volume of network traffic.• High-bandwidth applications.

ACN-72 Chapter 6


• LAN Segmentation:• LANs are segmented into a number of smaller collision

and broadcast domains using routers and switches.

HubHubHubHub

ACN-73 Chapter 6




HubHubHubHub

JAMJAM JAMJAM JAMJAM JAMJAM

JAMJAM JAMJAM JAMJAM JAMJAM

JAMJAMJAMJAMJAMJAMJAMJAM

JAMJAMJAMJAMJAMJAMJAMJAM

ACN-74 Chapter 6

Broadcast DomainBroadcast Domain




SwitchSwitchSwitchSwitch

Collision Collision DomainsDomains

ACN-75 Chapter 6

Broadcast Broadcast DomainsDomains




RouterRouterRouterRouter

Collision Collision DomainsDomains

ACN-76 Chapter 6




ACN-77 Chapter 6

• There are two primary considerations when designing a LAN:• Controlling network latency • Removing bottlenecks

LAN Design ConsiderationsLAN Design Considerations

ACN-78 Chapter 6

• Controlling Network Latency:• Consider the latency caused by each device on the

network.

• Switches at Layer 2 can introduce latency on a network when oversubscribed on a busy network.• If a core level switch has to support 48 ports, each

one capable of running at 1000 Mb/s full duplex, the switch should support around 96 Gb/s internal throughput if it is to maintain full wire speed across all ports simultaneously.


ACN-79 Chapter 6

• Controlling Network Latency:• Consider the latency caused by each device on the

network.

• The use of higher layer devices can also increase latency on a network.• When a Layer 3 device, such as a router, needs to

examine the Layer 3 addressing information contained within the frame, it must read further into the frame than a Layer 2 device, which creates a longer processing time.


ACN-80 Chapter 6

• Removing Network Bottlenecks:• Each workstation and the server are connected at

1000Mbps.


If all workstations If all workstations access the server at access the server at

the same time.the same time.

If all workstations If all workstations access the server at access the server at

the same time.the same time.

Add 4 additional Add 4 additional 1000Mbps NICs to 1000Mbps NICs to

the server.the server.

Add 4 additional Add 4 additional 1000Mbps NICs to 1000Mbps NICs to

the server.the server.

ACN-81 Chapter 6


Forwarding Frames Using a SwitchForwarding Frames Using a Switch

Store-and-forwardStore-and-forwardStore-and-forwardStore-and-forward

Cut-throughCut-throughCut-throughCut-through

Fast-forwardFast-forwardFast-forwardFast-forward

Fragment-freeFragment-freeFragment-freeFragment-free

SymmetricSymmetricSymmetricSymmetric

AsymmetricAsymmetricAsymmetricAsymmetric

Memory BufferingMemory BufferingMemory BufferingMemory Buffering

Layer 2 and Layer 3 SwitchingLayer 2 and Layer 3 SwitchingLayer 2 and Layer 3 SwitchingLayer 2 and Layer 3 Switching

ACN-82 Chapter 6

• Methods switches use to forward Ethernet frames.• Store-and-forward.• Cut-through:

• Fast-forward switching.• Fragment-free switching.

Switch Forwarding MethodsSwitch Forwarding Methods

ACN-83 Chapter 6

• Store-and forward:• Receives the entire frame.• Computes the CRC and checks the frame length.• If valid, checks the switch table for the destination

address and forwards the frame.• If invalid, the frame is dropped.


Destination Source Data FCS

123896745=

123896745

CRCCRCFrame

isGood

Destinationfound in

SwitchingTable

ACN-84 Chapter 6

• Store-and forward:• Receives the entire frame.• Computes the CRC and checks the frame length.• If valid, checks the switch table for the destination

address and forwards the frame.• If invalid, the frame is dropped.

• Store-and forward is the only method used on current Cisco Catalyst switches.• Needed for QoS on converged networks.


ACN-85 Chapter 6


ACN-86 Chapter 6

• Cut-through – Fast-forward:• Typical method of cut-through.• Forwards a frame immediately after it reads and finds the

destination address.• Cut-through – Fragment-free:

• Stores the first 64 bytes of the frame before forwarding.• The first 64 bytes of the frame is where most network

errors and collisions occur.• Checks for a collision before forwarding the frame.

• Some switches are configured to use cut-through on each port until a user defined error threshold is reached. At that time, they change to store-and forward.


ACN-87 Chapter 6

• Symmetric:• All ports are of the same bandwidth.• Optimized for a reasonably distributed traffic load.• For example, a peer-to-peer network.

Symmetric and Asymmetric SwitchingSymmetric and Asymmetric Switching

ACN-88 Chapter 6

• Asymmetric:• Provides switched connections between ports

of unlike bandwidth.• For example, more bandwidth can be assigned to a

server to prevent bottlenecks.

Symmetric and Asymmetric SwitchingSymmetric and Asymmetric Switching

ACN-89 Chapter 6

• A switch analyzes some or all of a packet before it forwards it to the destination host based on the forwarding method.

• It stores the packet for the brief time in a memory buffer.• Built into the hardware

• Two types:• Port based.• Shared.

Memory BufferingMemory Buffering

ACN-90 Chapter 6

• Port Based:• Frames are stored in queues that are linked to specific

incoming and outgoing ports.• A frame is transmitted to the outgoing port only when all

the frames ahead of it in the queue have been successfully transmitted.

• It is possible for a single frame to delay the transmission of all the frames in memory because of a busy destination port.


ACN-91 Chapter 6

• Shared:• Deposits all frames into a common memory buffer that all

the ports on the switch share.• The amount of buffer memory required by a port is

dynamically allocated.• The frames in the buffer are linked dynamically to the

destination port.• Allows the packet to be received on one port and then

transmitted on another port, without moving it to a different queue.


ACN-92 Chapter 6

• Layer 2 Switching:• Performs switching and filtering based only on the OSI

Data Link layer (Layer 2) MAC address.• Completely transparent to network protocols and user

applications.• Can learn which MAC addresses are associated with

which ports.

Layer 2 and Layer 3 SwitchingLayer 2 and Layer 3 Switching

Cisco CatalystCisco Catalyst2960 Series2960 Series

Cisco CatalystCisco Catalyst2960 Series2960 Series

ACN-93 Chapter 6

• Layer 3 Switching:• Functions similarly to a Layer 2 switch but instead of

using only the Layer 2 MAC address for forwarding decision, a Layer 3 switch can also use IP address information.

• can also learn which IP addresses are associated with its interfaces.

• This allows the Layer 3 switch to direct traffic throughout the network based on IP address information.

• capable of performing Layer 3 routing functions, reducing the need for dedicated routers on a LAN. Because Layer 3 switches have specialized switching hardware, they can typically route data as quickly as they can switch.


ACN-94 Chapter 6

• Layer 3 Switching:• However, Layer 3 switches do not completely replace the

need for routers on a network.• Routers perform additional Layer 3 services that Layer

3 switches are not capable of performing.


ACN-95 Chapter 6


Switch Management ConfigurationSwitch Management Configuration

ACN-96 Chapter 6

• CLI itself is basically the same as a router:• Access modes with a password.• Help Facility and Command History• Configure console and telnet access.• Commands to configure options for each interface.• Commands to verify the status of the switch.

• The difference is the functions to be configured:• Commands to create and control VLANs (Chapter 3)• Configure a default gateway.• Manage the MAC Address table.• Switch security.

Navigating Command-Line Interface ModesNavigating Command-Line Interface Modes

ACN-97 Chapter 6

• Access Levels:• User EXEC.• Privileged EXEC.


ACN-98 Chapter 6

• Configuration Modes:• Global Configuration Mode.• Interface Configuration Mode (and more….)


ACN-99 Chapter 6

• GUI-Based Alternatives to the CLI:• Cisco Network Assistant.

• Configure and manage groups of switches or standalone switches.

• Free from www.cisco.com with a Cisco ID and Password.


ACN-100 Chapter 6


ACN-101 Chapter 6

• GUI-Based Alternatives to the CLI:• Cisco View.

• Displays a physical view of the switch that you can use to set configuration parameters.

• View switch status and performance information.• Purchased separately.• Can be a standalone application or part of a Simple

Network Management Protocol (SNMP) platform.


ACN-102 Chapter 6


ACN-103 Chapter 6

• GUI-Based Alternatives to the CLI:• Cisco Device Manager.

• Web-based software that is stored in the switch memory.

• Configure and manage switches.• Access from anywhere in your network through a web

browser.


ACN-104 Chapter 6


ACN-105 Chapter 6

• GUI-Based Alternatives to the CLI:• SNMP Network Management.

• You can manage switches from a SNMP-compatible management station, such as HP OpenView.

• The switch is able to provide comprehensive management information.

• SNMP network management is more common in large enterprise networks.


ACN-106 Chapter 6


ACN-107 Chapter 6

• Word / Command line syntax Help:

Using the Help FacilityUsing the Help Facility

ACN-108 Chapter 6

• Console Error Messages:

Using the Help FacilityUsing the Help Facility

ACN-109 Chapter 6

• Switch loads the Boot Loader program.• Small program stored in NVRAM.

• CPU Initialization.• POST.• Initializes flash memory.• Loads a default OS image into memory and boots the

switch.

• The OS then initializes the interfaces using the Cisco IOS commands found in the operating system configuration file config.text, stored in the switch flash memory.

Switch Boot SequenceSwitch Boot Sequence

ACN-110 Chapter 6

• A PC connected to the console port.• A terminal emulator application (e.g.. HyperTerminal) is

running and configured correctly.• Attach the power cord to the switch.

• Some Catalyst switches, including the 2950 and 2960 series switches do not have a power button.

Prepare to Configure the SwitchPrepare to Configure the Switch

ACN-111 Chapter 6

• Observe the Boot Sequence.• When the switch is powered on, the POST begins.• During POST, the LEDs blink while a series of tests

determine that the switch is functioning properly.• Successful: the SYST LED rapidly blinks green.• Fails: the SYST LED turns amber.


ACN-112 Chapter 6

• Observe the Boot Sequence.• The Port Status LEDs turn amber for about 30 seconds

as the switch discovers the network topology and searches for loops.

• If the Port Status LEDs turn green, the switch has established a link between the port and a target, such as a computer.


ACN-113 Chapter 6


ACN-114 Chapter 6

• Key Configuration Sequences:• Switch Management Interface:

• To manage a switch remotely using TCP/IP, you need to assign the switch an IP address.

• An access layer switch is much like a PC in that you need to configure an IP address, a subnet mask, and a default gateway.

• Duplex and Speed of active interfaces:• Usually the default but can be modified.

• Support for HTTP access.• We will restrict ourselves to the CLI.

• MAC address table management.

Basic Switch ConfigurationBasic Switch Configuration

ACN-115 Chapter 6

• Switch Management Interface:


ACN-116 Chapter 6

• Switch Management Interface:• Note that a Layer 2 switch, such as the Cisco Catalyst

2960, only permits a single VLAN interface to be active at a time.

• This means that the Layer 3 interface (interface VLAN 99) is active, but the Layer 3 interface (interface VLAN 1) is not active.


ACN-117 Chapter 6

• Configure Default Gateway:• You need to configure the switch so that it can forward IP

packets to distant networks.• Remember, the switch is treated like a host in this setup.• This is only used to forward switch management traffic.• It has nothing to do with any of the regular user data

traffic. • Why does it have to be forwarded?

• You can make a Telnet or SSH connection to a switch from another subnet to perform maintenance or troubleshoot.


ACN-118 Chapter 6


ACN-119 Chapter 6

• Verify Configuration:


ACN-120 Chapter 6

• Configure Duplex and Speed:• You can use the duplex interface configuration command

to specify the duplex mode of operation for switch ports. • You can manually set the duplex mode and speed of

switch ports to avoid inter-vendor issues with autonegotiation.


ACN-121 Chapter 6


• Configure Duplex and Speed

ACN-122 Chapter 6

• Configure HTTP Access:• Modern Cisco switches have a number of web-based

configuration tools that require that the switch is configured as an HTTP server.

• These applications include:• Cisco web browser user interface.• Cisco Router and Security Device Manager (SDM).• IP Phone and Cisco IOS Telephony Service

applications.• Be aware that these services are not necessarily

activated in a configuration. The availability of this option does not mean that you do not need to know how to use the CLI commands.


ACN-123 Chapter 6

• Configure HTTP Access:


ACN-124 Chapter 6

• MAC Address Table Management:• Switches use MAC address tables to determine how to

forward traffic between ports.• These MAC tables include dynamic and static addresses.


ACN-125 Chapter 6


ACN-126 Chapter 6

• Dynamic MAC Addresses:• The switch provides dynamic addressing by learning the

source MAC address of each frame that it receives on each port.

• It then adds the source MAC address and its associated port number to the MAC address table.

• As devices are added or removed from the network, the switch updates the MAC address table.• It adds new entries and ages out those that are

currently not in use.


ACN-127 Chapter 6

• Static MAC Addresses:• A network administrator can specifically assign static

MAC addresses to certain ports.• Static addresses are not aged out.• The switch always knows which port to send out traffic

destined for that specific MAC address.• To create a static mapping in the MAC address table, use

the command:mac-address-table static <MAC address>

vlan {1-4096, ALL} interface interface-id

• To remove it, use the ‘no’ form of the command.


ACN-128 Chapter 6

• Using the show commands:

Verifying Switch ConfigurationVerifying Switch Configuration

ACN-129 Chapter 6

• Backing up and Restoring Switch Configuration Files:• Backup to the flash drive.

Basic Switch ManagementBasic Switch Management

ACN-130 Chapter 6

• Backing up and Restoring Switch Configuration Files:• Restore from the flash drive.


ACN-131 Chapter 6

• Backing up and Restoring Switch Configuration Files:• Backup to a TFTP server.

• Make sure that the TFTP server is running.• Login to the switch.• Upload the configuration to the TFTP server.

S1#copy system:running-config tftp://172.16.2.155/S1Rconfig.txt


or….or….S1#copy run tftpS1#copy run tftpor….or….S1#copy run tftpS1#copy run tftp

ACN-132 Chapter 6

• Backing up and Restoring Switch Configuration Files:• Restore from a TFTP server.

• Make sure that the TFTP server is running.• Login to the switch.• download the configuration to the TFTP server.

S1#copy tftp://172.16.2.155/S1Rconfig.txt system:running-config

S1#copy running-config startup-config

S1#reload


or….or….S1#copy tftp runS1#copy tftp run S1#copy run S1#copy run startstart S1#reloadS1#reload

or….or….S1#copy tftp runS1#copy tftp run S1#copy run S1#copy run startstart S1#reloadS1#reload

ACN-133 Chapter 6

• Backing up and Restoring Switch Configuration Files:• Clearing configuration files.

• Deleting files from the flash drive.• delete flash:filename


ACN-134 Chapter 6


Configuring Switch SecurityConfiguring Switch Security

PasswordsPasswordsPasswordsPasswords

EncryptionEncryptionEncryptionEncryption

ConsoleConsoleConsoleConsole

Telnet / SSHTelnet / SSHTelnet / SSHTelnet / SSHPassword RecoveryPassword RecoveryPassword RecoveryPassword Recovery

MAC Address FloodingMAC Address FloodingMAC Address FloodingMAC Address Flooding

Spoofing AttacksSpoofing AttacksSpoofing AttacksSpoofing Attacks

CDP AttacksCDP AttacksCDP AttacksCDP Attacks

Telnet AttacksTelnet AttacksTelnet AttacksTelnet AttacksSecurity ToolsSecurity ToolsSecurity ToolsSecurity Tools

Port SecurityPort SecurityPort SecurityPort Security

ACN-135 Chapter 6

• Securing Console Access:

Configuring Password OptionsConfiguring Password Options

ACN-136 Chapter 6

• Securing Virtual Terminal Access:• There are 16 available default Telnet sessions as

opposed to the 5 sessions set up for a router.


ACN-137 Chapter 6

• Securing Privileged EXEC Access:• Always use enable secret for password encryption.


ACN-138 Chapter 6

• Encrypting Switch Passwords:• You can encrypt all passwords assigned to a switch using

the service password-encryption command.


ACN-139 Chapter 6

• Password Recovery:• To recover a switch password:

• Power up the switch with the Mode button pressed.• Initialize flash.• Load helper files• Rename the current configuration file.• Reboot the system.• Reinstate the name of the configuration file and copy

it into RAM.• Change the password.• Copy to start up configuration• Reload the switch.


ACN-140 Chapter 6

• Login Banner:

• Message-Of-The-Day (MOTD) Banner:

Login BannersLogin Banners

ACN-141 Chapter 6

• Telnet:• Most common method.• Virtual Terminal application.• Send in clear text.• Not secure.

• Secure Shell (SSH):• Virtual Terminal application.• Sends an encrypted data stream.• Is secure.

Configure Telnet and SSHConfigure Telnet and SSH

ACN-142 Chapter 6

• Configuring Telnet:• Telnet is the default transport for the vty lines.• No need to specify it after the initial configuration of the

switch has been performed.• If you have switched the transport protocol on the vty

lines to permit only SSH, you need to enable the Telnet protocol to permit Telnet access.


ACN-143 Chapter 6

• Configuring Secure Shell (SSH):• SSH is a cryptographic security feature that is subject to

export restrictions. To use this feature, a cryptographic image must be installed on your switch.

• Perform the following to configure SSH ONLY Access:


ACN-144 Chapter 6

• MAC Address Flooding:• Recall that the MAC address table in a switch:

• Contains the MAC addresses available on a given physical port of a switch.

• Contains the associated VLAN parameters for each.• Is searched for the destination address of a frame.

• If it IS in the table, it is forwarded out the proper port.

• If it IS NOT in the table, the frame is forwarded out all ports of the switch except the port that received the frame.

Common Security AttacksCommon Security Attacks

ACN-145 Chapter 6

• MAC Address Flooding:• The MAC address table is limited in size.• An intruder will use a network attack tool that continually

sends bogus MAC addresses to the switch.• (e.g. 155,000 MAC addresses per minute)

• The switch learns each bogus address and in a short span of time, the table becomes full.

• When a switch MAC table becomes full and stays full, it has no choice but to forward each frame it receives out of every port – just like a hub.

• The intruder can now see all the traffic on the switch.


ACN-146 Chapter 6

• Spoofing Attacks:• Man-In-The-Middle:

• Intercepting network traffic.• DHCP or DNS spoofing.• The attacking device responds to DHCP or DNS

requests with IP configuration or address information that points the user to the intruder’s destination.

• DHCP Starvation:• The attacking device continually requests IP

addresses from a real DHCP server with continually changing MAC addresses.

• Eventually the pool of addresses is used up and actual users cannot access the network.


ACN-147 Chapter 6

• CDP Attacks:• Cisco Discovery Protocol (CDP) is a proprietary protocol

that exchanges information among Cisco devices.• IP address• Software version• Platform• Capabilities• Native VLAN (Trunk Links – Chapter 3).

• With a free network sniffer (Wireshark) an intruder could obtain this information.

• It can be used to find ways to perform Denial Of Service (DoS) attacks and others.


Usually on by default.Usually on by default.If you don’t need it, turn it off.If you don’t need it, turn it off.

Usually on by default.Usually on by default.If you don’t need it, turn it off.If you don’t need it, turn it off.

ACN-148 Chapter 6

• Telnet Attacks:• Recall that Telnet transmits in plain text and is not

secure. While you may have set passwords, the following types of attacks are possible.• Brute force (password guessing)• DoS (Denial of Service)• With a free network sniffer (Wireshark) an intruder

could obtain this information.

• Use strong passwords and change them frequently.• Use SSH.


ACN-149 Chapter 6

• Help you test your network for various weaknesses. They are tools that allow you to play the roles of a hacker and a network security analyst.

• Network Security Audits:• Reveals what sort of information an attacker can

gather simply by monitoring network traffic.• Determine MAC address table limits and age-out

period.• Network Penetration Testing:

• Identify security weaknesses.• Plan to avoid performance impacts.

Network Security ToolsNetwork Security Tools

ACN-150 Chapter 6

• Common Features:• Service Identification:

• IANA port numbers, discover FTP and HTTP servers, test all of the services running on a host.

• Support of SSL Service:• Testing services that use SSL Level security.• HTTPS, SMTPS, IMAPS and security certificates.

• Non-destructive and Destructive Testing:• Security audits that can degrade performance.

• Database of Vulnerabilities:• Compile a database that can be updated over time.


ACN-151 Chapter 6

• You can use them to:• Capture chat messages.• Capture files from NFS traffic.• Capture HTTP requests.• Capture mail messages.• Capture passwords.• Display captured URLs in a browser in real-time.• Flood a switched LAN with random MAC addresses.• Forge replies to DNS addresses.• Intercept packets.


ACN-152 Chapter 6

• Implement Port Security to:• Port security is disabled by default.• Limit the number of valid MAC addresses allowed on a

port.• When you assign secure MAC addresses to a secure

port, the port does not forward packets with source addresses outside the group of defined addresses.• Specify a group of valid MAC addresses allowed on a

port.• Or Allow only one MAC address access to the port.

• Specify that the port automatically shuts down if an invalid MAC address is detected.

Configuring Port SecurityConfiguring Port Security

ACN-153 Chapter 6

• Secure MAC Address types:• Static:

• Manually specify that a specific MAC address is the ONLY address allowed to connect to that port.

• They are added to the MAC address table and stored in the running configuration.

• Dynamic:• MAC addresses are learned dynamically when a

device connects to the switch.• They are stored in the address table and are lost

when the switch reloads.


ACN-154 Chapter 6

• Secure MAC Address types:• Sticky:

• Specifies that MAC addresses are:• Dynamically learned.• Added to the MAC address table.• Stored in the running configuration.

• You may also manually add a MAC address.• MAC addresses that are “sticky learned” (you will hear

that phrase) will be lost if you fail to save your configuration.


ACN-155 Chapter 6

• Security Violation Modes:• Violations occur when:

• A station whose MAC address is not in the address table attempts to access the interface and the address table is full.

• An address is being used on two secure interfaces in the same VLAN.

• Modes:• Protect: drop frames – no notify• Restrict: drop frames - notify• Shutdown: disable port - notify


ACN-156 Chapter 6

• Default Security Configuration:


ACN-157 Chapter 6

• Configure Static Port Security:• ONLY address allowed.• Add to MAC table and running configuration.


ACN-158 Chapter 6

• Configure Dynamic Port Security:• Dynamically learned when the device connects.• Added to MAC table only.


ACN-159 Chapter 6

• Configure Sticky Port Security:• Dynamically learn MAC addresses.• Add to MAC table and running configuration.


ACN-160 Chapter 6

• Verify Port Security Settings:

Verify Port SecurityVerify Port Security

ACN-161 Chapter 6

• Verify Secure MAC Addresses:

Verify Port SecurityVerify Port Security

ACN-162 Chapter 6

• Disable unused ports:

Securing Unused PortsSecuring Unused Ports

You can specify a range of interfaces.You can specify a range of interfaces.For example, to specify the first 10 interfaces:For example, to specify the first 10 interfaces:

interface range fastethernet 0/1 - 10interface range fastethernet 0/1 - 10

You can specify a range of interfaces.You can specify a range of interfaces.For example, to specify the first 10 interfaces:For example, to specify the first 10 interfaces:

interface range fastethernet 0/1 - 10interface range fastethernet 0/1 - 10

ACN-163 Chapter 6


Chapter 8

Virtual Local Area Networks (VLANs)

ACN-164 Chapter 6


Upon completion of this chapter, students should be able to understand the followings:

• Overview of VLAN• Benefits of VLANs• Types of VLANs• Network Traffic Types• Controlling Broadcast Domains with VLANs• VLAN Trunking & 802.1Q Tagging• VLAN Configurations

ACN-165 Chapter 6

Defining VLANsDefining VLANs

• In traditional switched LANs, the physical topology is closely related to the logical topology.

• Generally, workstations must be grouped by their physical proximity to a switch.

• To communicate among LANs, each segment must have a separate port on the backbone device or a connection to a common backbone.

Separate Broadcast Separate Broadcast DomainsDomains


ACN-166 Chapter 6


• VLANs provide segmentation based on broadcast domains.

• VLANs logically segment switched networks based on the functions, project teams, or applications of the organization regardless of the physical location or connections to the network.

• Communication among VLANs still require a router. BUT, only one physical connection will handle all routing.



ACN-167 Chapter 6


• VLANs are created to provide segmentation services traditionally provided by physical routers in LAN configurations.

• They address:• Scalability• Security• Network Management• Broadcast Filtering• Traffic Flow Management

• Switches may not forward any traffic between VLANs, as this would violate the integrity of the VLAN broadcast domain.

• Traffic must be routed between VLANs.

ACN-168 Chapter 6

What Does This Mean?What Does This Mean?

Requirements:Requirements: - Different department on- Different department on

each floor.each floor. - Three different LANs per floor.- Three different LANs per floor. - Separate networks- Separate networks

Requirements:Requirements: - Different department on- Different department on

each floor.each floor. - Three different LANs per floor.- Three different LANs per floor. - Separate networks- Separate networks

ACN-169 Chapter 6


With routers:With routers:

ExpenExpen$$ive!ive!

- 4 Ports each4 Ports each- 3 hubs / floor3 hubs / floor- 10 Broadcast domains10 Broadcast domains- Inefficient traffic flow- Inefficient traffic flow

With routers:With routers:

ExpenExpen$$ive!ive!

- 4 Ports each4 Ports each- 3 hubs / floor3 hubs / floor- 10 Broadcast domains10 Broadcast domains- Inefficient traffic flow- Inefficient traffic flow

ACN-170 Chapter 6


With switches:With switches:

- More scalableMore scalable- Easier to manageEasier to manage- 1 Router1 Router- 4 Broadcast Domains4 Broadcast Domains- Efficient traffic flow- Efficient traffic flow

With switches:With switches:

- More scalableMore scalable- Easier to manageEasier to manage- 1 Router1 Router- 4 Broadcast Domains4 Broadcast Domains- Efficient traffic flow- Efficient traffic flow

ACN-171 Chapter 6


• A VLAN, then, is a broadcast domain (IP Subnet) created by one or more switches.

ACN-172 Chapter 6


• The above design shows 3 separate broadcast domains created using one router with 3 ports and 3 switches.

• The router filters the broadcasts for each LAN.

ACN-173 Chapter 6


• A better design still creates the 3 separate broadcast domains but only requires 1 switch.

• The router provides broadcast filtering over a single link.

One Physical One Physical LinkLink

One Physical One Physical LinkLink

ACN-174 Chapter 6


ACN-175 Chapter 6

Benefits of VLANsBenefits of VLANs

• Security:• Groups with specific security needs (sensitive data) are

isolated from the rest of the network. decreasing the chances of confidential information breaches.

• Cost Reduction:• Need for expensive hardware upgrades is reduced.• Better use of existing bandwidth and links.

• Higher Performance:• Dividing large, flat Layer 2 networks into separate

broadcast domains reduces unnecessary traffic on each new subnet.

ACN-176 Chapter 6

Benefits of VLANsBenefits of VLANs

• Broadcast Storm Mitigation:• Dividing a network into VLANs prevents a broadcast

storm from propagating to the whole network. • Improved IT Staff Efficiency:

• Easier to manage the network because users with similar network requirements share the same VLAN.

• Simpler Project or Application Management:• Having separate functions makes working with a

specialized application easier. For example, ane-learning development platform for faculty.

ACN-177 Chapter 6

VLAN ID RangesVLAN ID Ranges

• When configured, the number that is assigned to the VLAN becomes the VLAN ID.

• The numbers to be assigned are divided into two different ranges:

• Normal Range: 1 – 1005• Extended Range: 1006 - 4096

• Each range has its own characteristics.

ACN-178 Chapter 6


• Normal Range: 1 – 1005• Used in small- and medium-sized business and

enterprise networks.• IDs 1002 – 1005: Token Ring and FDDI VLANs.• IDs 1 and 1002 to 1005 are automatically created and

cannot be removed.• Configurations are stored within a VLAN database file,

called vlan.dat, located in the flash memory of the switch. • The VLAN Trunking Protocol (VTP), which helps manage

VLAN configurations between switches, can only learn normal range VLANs and stores them in the VLAN database file.

ACN-179 Chapter 6


• Extended Range: 1006 – 4096• Enable service providers to extend their infrastructure to

a greater number of customers.• Some global enterprises could be large enough to need

extended range VLAN IDs.• Support fewer VLAN features than normal range VLANs.• Are saved in the running configuration file – not the

vlan.dat file. • VTP does not learn extended range VLANs.

ACN-180 Chapter 6

Types of VLANsTypes of VLANs

• Traditionally, two methods of implementing VLANs:• Static or Port-Based:

• Ports on a switch are assigned to a specific VLAN.• Dynamic:

• VLANs created by accessing a Network Management server. The MAC address/VLAN ID mapping is set up by the Network Administrator and the server assigns a VLAN ID when the device contacts it.

• Today, there is essentially one method of implementing VLANs: Port-Based.

ACN-181 Chapter 6

Types of Port-Based VLANsTypes of Port-Based VLANs

• Defined by the type of traffic they support or by the functions they perform.

• Data VLAN.• Default VLAN.• Native VLAN.• Management VLAN.• Voice VLAN.

ACN-182 Chapter 6


• Data VLAN:• Configured to carry only user-generated traffic.• A switch could carry voice-based traffic or traffic used to

manage the switch, but this traffic would not be part of a data VLAN.

• A Data VLAN is sometimes referred to as a User VLAN.

ACN-183 Chapter 6


• Default VLAN:• The default VLAN for Cisco switches is VLAN 1.• VLAN 1 has all the features of any VLAN, except that you

cannot rename it and you can not delete it.• By default, Layer 2 control traffic (CDP and STP) is

associated with VLAN 1.• It is a security best practice to change the default VLAN

to a VLAN other than VLAN 1 (e.g. VLAN 99).• VLAN Trunk:

• Carries data or control information (VLAN 1 data) for all VLANs from switch-to-switch or switch-to-router.

ACN-184 Chapter 6


• Default VLAN:

ACN-185 Chapter 6


• Native VLAN:• An 802.1Q trunk port supports traffic coming from VLANs

(tagged traffic) as well as traffic that does not come from a VLAN (untagged traffic).

• The 802.1Q trunk port places untagged traffic on the native VLAN. • Native VLANs are set out in the IEEE 802.1Q

specification to maintain backward compatibility with untagged traffic common to legacy LAN scenarios.

• It is a best practice to use a VLAN other than VLAN 1 as the native VLAN.

ACN-186 Chapter 6


• Native VLAN:

ACN-187 Chapter 6


• Management VLAN:• A management VLAN is any VLAN you configure to

access the management capabilities of a switch. • You assign the management VLAN an IP address and

subnet mask.• A new switch has all ports assigned to VLAN 1.• Using VLAN 1 as the management VLAN means that

anyone connecting to the switch will be in the management VLAN.• That assumes that all ports have not been assigned to

another VLAN.

ACN-188 Chapter 6


• Management VLAN:

ACN-189 Chapter 6


• Voice VLANs:• Voice-over-IP (VoIP) traffic requires:

• Assured bandwidth to ensure voice quality. • Transmission priority over other types of network

traffic.• Ability to be routed around congested areas on the

network.• Delay of less than 150 milliseconds (ms) across the

network.• The details of how to configure a network to support VoIP

are beyond the scope of the course, but it is useful to summarize how a voice VLAN works between a switch, a Cisco IP phone, and a computer.

ACN-190 Chapter 6


• Voice VLANs: VLAN 150 is designed VLAN 150 is designed to carry voice traffic.to carry voice traffic.

VLAN 150 is designed VLAN 150 is designed to carry voice traffic.to carry voice traffic.

ConnectionsConnectionsConnectionsConnections

ACN-191 Chapter 6


• Voice VLANs: A Cisco IP Phone is a switch.

Port 1Port 1 connects to the connects to the switch or VoIP device. switch or VoIP device. Port 1Port 1 connects to the connects to the switch or VoIP device. switch or VoIP device.

Port 3Port 3 connects to a connects to a PC or other device.PC or other device.Port 3Port 3 connects to a connects to a PC or other device.PC or other device.

ACN-192 Chapter 6



Switch S3 is configured Switch S3 is configured to carry to carry voicevoice traffic on traffic on

VLAN 150VLAN 150 and and datadata traffic on traffic on VLAN 20VLAN 20..

Switch S3 is configured Switch S3 is configured to carry to carry voicevoice traffic on traffic on

VLAN 150VLAN 150 and and datadata traffic on traffic on VLAN 20VLAN 20..

Receiving:Receiving:Phone Phone acts on voice traffic acts on voice traffic

andand removes the tag for data traffic removes the tag for data traffic destined for the PC.destined for the PC.

Receiving:Receiving:Phone Phone acts on voice traffic acts on voice traffic

andand removes the tag for data traffic removes the tag for data traffic destined for the PC.destined for the PC.

MORE on the tagging process later…MORE on the tagging process later…MORE on the tagging process later…MORE on the tagging process later…

ACN-193 Chapter 6



Link to the switch Link to the switch acts as a acts as a trunk link trunk link to carry both to carry both voice and data traffic.voice and data traffic.

Link to the switch Link to the switch acts as a acts as a trunk link trunk link to carry both to carry both voice and data traffic.voice and data traffic.

CDP is used to CDP is used to communicate communicate

between the switch between the switch and the phone. and the phone.

CDP is used to CDP is used to communicate communicate

between the switch between the switch and the phone. and the phone.

CDP

ACN-194 Chapter 6


• Voice VLANs:

Should make more sense now…..Should make more sense now…..Should make more sense now…..Should make more sense now…..

ACN-195 Chapter 6

Network Traffic TypesNetwork Traffic Types

Management TrafficManagement TrafficManagement TrafficManagement Traffic

CDPCDPSNMPSNMPRmonRmon

CDPCDPSNMPSNMPRmonRmon

ACN-196 Chapter 6


IP Telephony TrafficIP Telephony TrafficIP Telephony TrafficIP Telephony Traffic

SignalingSignalingData PacketsData Packets

SignalingSignalingData PacketsData Packets

ACN-197 Chapter 6


IP Multicast TrafficIP Multicast TrafficIP Multicast TrafficIP Multicast Traffic

Sent from a particular source address to a Sent from a particular source address to a multicast group that is multicast group that is identified by a single identified by a single IP and MAC destination-group address pairIP and MAC destination-group address pair..

Sent from a particular source address to a Sent from a particular source address to a multicast group that is multicast group that is identified by a single identified by a single IP and MAC destination-group address pairIP and MAC destination-group address pair..

IP/TV BroadcastsIP/TV BroadcastsIP/TV BroadcastsIP/TV BroadcastsVLAN ConfigurationVLAN ConfigurationRouter ConfigurationRouter ConfigurationVLAN ConfigurationVLAN ConfigurationRouter ConfigurationRouter Configuration

ACN-198 Chapter 6


Normal Data TrafficNormal Data TrafficNormal Data TrafficNormal Data Traffic

File SharingFile SharingPrintingPrinting

Database AccessDatabase AccessEmailEmail

Shared ApplicationsShared Applications

File SharingFile SharingPrintingPrinting

Database AccessDatabase AccessEmailEmail

Shared ApplicationsShared Applications

ACN-199 Chapter 6


Scavenger Class TrafficScavenger Class TrafficScavenger Class TrafficScavenger Class Traffic

Less than best-effort services.Less than best-effort services.Typically entertainment oriented.Typically entertainment oriented.

Peer-to-Peer Media SharingPeer-to-Peer Media Sharing(KaZaa, Napster),(KaZaa, Napster),

Gaming.Gaming.

Less than best-effort services.Less than best-effort services.Typically entertainment oriented.Typically entertainment oriented.

Peer-to-Peer Media SharingPeer-to-Peer Media Sharing(KaZaa, Napster),(KaZaa, Napster),

Gaming.Gaming.

ACN-200 Chapter 6

Switch Port Membership ModesSwitch Port Membership Modes

• Switch Ports:• Layer 2-only interfaces associated with a physical port.• Used for managing the physical interface and associated

Layer 2 protocols.• Do not handle routing or bridging.• Can belong to one or more VLANs.

• Configuring VLANs:• Must assign a VLAN number.• Can configure a port specifying:

• The type of traffic.• The VLANs to which it belongs.

ACN-201 Chapter 6


• Static VLAN:• Ports on a switch are manually assigned to a VLAN. • Static VLANs are configured using the Cisco CLI or a GUI

Management application (e.g. Cisco Network Assistant).

ACN-202 Chapter 6


• Dynamic VLAN:• Configured using a special server called a VLAN

Membership Policy Server (VMPS).• Assign switch ports to VLANs based on the source MAC

address of the device connected to the port.• Benefit is that moving

a user to a differentport on a switch or toa new switch, theuser is assigned tothe proper VLANdynamically.

• Not widely used.

ACN-203 Chapter 6


• Voice VLAN:• A port is configured to be in voice mode so that it can

support an IP phone.• Before you configure a voice VLAN on the port, you first

configure a VLAN for voice and a VLAN for data.

ACN-204 Chapter 6


• Voice VLAN:

Ensures that voice traffic is Ensures that voice traffic is identified as priority traffic.identified as priority traffic.Ensures that voice traffic is Ensures that voice traffic is identified as priority traffic.identified as priority traffic.

Voice VLANVoice VLANVoice VLANVoice VLAN

Data VLANData VLANData VLANData VLAN

Remember that the Remember that the entire networkentire network must be set up to must be set up to prioritize prioritize voice trafficvoice traffic. You cannot just configure the switch port.. You cannot just configure the switch port.

Remember that the Remember that the entire networkentire network must be set up to must be set up to prioritize prioritize voice trafficvoice traffic. You cannot just configure the switch port.. You cannot just configure the switch port.

ACN-205 Chapter 6

Controlling Broadcast Domains with VLANsControlling Broadcast Domains with VLANs

• Network without VLANs:

Sends a BroadcastSends a BroadcastSends a BroadcastSends a Broadcast

ACN-206 Chapter 6


• Network with VLANs:



ACN-207 Chapter 6


• Intra-VLAN Communications:

ACN-208 Chapter 6


• Intra-VLAN Communications:

ACN-209 Chapter 6


ACN-210 Chapter 6


ACN-211 Chapter 6

Layer 3 Switch ForwardingLayer 3 Switch Forwarding

• Layer 3 Switch: (more in Inter-VLAN routing)• A Layer 3 switch has the ability to route transmissions

between VLANs.• The procedure is the same as described for the inter-

VLAN communication using a separate router.• Switch Virtual interface (SVI):

• A logical interface (SVI) is configured for each VLAN configured on the switch.

ACN-212 Chapter 6

Layer 3 Switch ForwardingLayer 3 Switch Forwarding

• Layer 3 Switch:

Contains the Contains the SVI 20 SVI 20 informationinformation…NOT SVI 10…NOT SVI 10

Contains the Contains the SVI 20 SVI 20 informationinformation…NOT SVI 10…NOT SVI 10SVI 10 knows about SVI 10 knows about

SVI 20 (the location SVI 20 (the location of VLAN 20).of VLAN 20).

SVI 10 knows about SVI 10 knows about SVI 20 (the location SVI 20 (the location

of VLAN 20).of VLAN 20).

ACN-213 Chapter 6

Virtual Local Area NetworksVirtual Local Area Networks

VLAN TrunkingVLAN Trunking

ACN-214 Chapter 6


• The concept of trunking began with the telephone industry.• Multiple calls were moved between customers and central

offices or between the offices themselves over a single physical connection.

ACN-215 Chapter 6


• The same principle was applied to data communications to make better use of the communication line.

• Additional advantages and cost savings were gained by using the same line for voice communications.

24 Channel T1 Line with Data and Voice

ACN-216 Chapter 6


• The same principle of trunking is applied to network switching technologies.

• A trunk is a point-to-point physical and logical connection between two switches across which network traffic travels.

• The trunk by default carries all VLAN data, unless otherwise configured for specific VLANs.

No trunkNo trunkNo trunkNo trunk

TrunkTrunkTrunkTrunk

ACN-217 Chapter 6


• It is also important torealize that a trunk linkdoes not belong to aspecific VLAN.

• The responsibility of atrunk link is to act as aconduit for VLANs.• Between switches and

routers.• Between switches

and switches.

ACN-218 Chapter 6

VLAN TrunksVLAN Trunks

• What problem does it solve?

Network 172.17.10.0/24Network 172.17.10.0/24Network 172.17.10.0/24Network 172.17.10.0/24

Network 172.17.20.0/24Network 172.17.20.0/24Network 172.17.20.0/24Network 172.17.20.0/24

Network 172.17.99.0/24Network 172.17.99.0/24Network 172.17.99.0/24Network 172.17.99.0/24Network 172.17.30.0/24Network 172.17.30.0/24Network 172.17.30.0/24Network 172.17.30.0/24

ACN-219 Chapter 6

IEEE 802.1Q Frame TaggingIEEE 802.1Q Frame Tagging

• Remember that switches are Layer 2 devices.• Only use the Ethernet frame header information.• Frame header does not contain information about VLAN

membership.• VLAN membership (i.e. VLAN ID or VLAN Number) must be

identified for each frame that is transferred over the trunk.• The process is called 802.1Q VLAN Tagging.

ACN-220 Chapter 6


6 6 2 1500 4

Destination Address

Source Address

Type /Length

DataMax of 1500 Bytes

FCS

6 6 2 2 2 1500 4

Destination Address

Source Address

802.1Q TagType/Length


NewFCS8100 Tag

Length 1518 BytesLength 1518 BytesLength 1518 BytesLength 1518 Bytes


ACN-221 Chapter 6

6 6 2 2 2 1500 4

Destination Address

Source Address

802.1Q TagType/Length


NewFCS8100 Tag



3 Bits3 Bits 1 Bit1 Bit 12 Bits12 Bits

UserUserPriorityPriority CFICFI VLAN IDVLAN ID

With the EtherType field set to the TPID value, the switch receiving the frame knows to look for information in the tag control information field.

ACN-222 Chapter 6

Native VLANsNative VLANs

• Tagged Frames on the native VLAN.• Some devices that support trunking tag native VLAN

traffic as a default behavior.• Control traffic sent on the native VLAN should be

untagged.• If an 802.1Q trunk port receives a tagged frame on the

NATIVE VLAN ONLY, it drops the frame.• When configuring a switch port on a Cisco switch, you

need to identify these devices and configure them so that they do not send tagged frames on the native VLAN.

• Devices from other vendors that support tagged frames on the native VLAN include IP phones, servers, routers, and switches.

ACN-223 Chapter 6


• Un-Tagged Frames on the native VLAN.• When a Cisco switch trunk port receives untagged frames

it forwards those frames to the native VLAN.• Default native VLAN is VLAN 1.

• When you configure an 802.1Q trunk port, adefault Port VLAN ID (PVID) is assigned the value of the native VLAN.

• All untagged traffic coming in or out of the 802.1Q port is forwarded based on the PVID value.

ACN-224 Chapter 6


• Configure the trunk to default to native VLAN 1.

• Configure the trunk for native VLAN 99.

ACN-225 Chapter 6


• Verify the configuration.• VLAN 50 is a voice VLAN.

ACN-226 Chapter 6

Trunking OperationTrunking Operation

PC1 and PC3PC1 and PC3send a broadcast.send a broadcast.

PC1 and PC3PC1 and PC3send a broadcast.send a broadcast.

10101010

20202020

30303030

10101010

20202020

30303030

S2 receives the frames and S2 receives the frames and ‘tags’ them with the VLAN ID.‘tags’ them with the VLAN ID.S2 receives the frames and S2 receives the frames and

‘tags’ them with the VLAN ID.‘tags’ them with the VLAN ID.

The tagged frames are sent The tagged frames are sent across the trunk links between across the trunk links between

S2 and S1 and S1 and S3.S2 and S1 and S1 and S3.

The tagged frames are sent The tagged frames are sent across the trunk links between across the trunk links between

S2 and S1 and S1 and S3.S2 and S1 and S1 and S3.

S3 strips the tags and S3 strips the tags and forwards to the destination.forwards to the destination.

S3 strips the tags and S3 strips the tags and forwards to the destination.forwards to the destination.

ACN-227 Chapter 6

Trunking ModesTrunking Modes

• A Cisco switch can be configured to support two types of trunk ports:• IEEE 802.1Q• ISL (Inter-Switch Link)

• Today only 802.1Q is used.• Legacy networks may still use ISL.

ACN-228 Chapter 6


• IEEE 802.1Q:• Assigned a default PVID.• Supports simultaneous tagged and untagged traffic.• Untagged traffic:

• Associated with the port default PVID.• Null VLAN ID traffic belongs to the default PVID.

• Tagged traffic:• VLAN ID equal to the outgoing port default PVID is

sent untagged.• Null VLAN ID traffic belongs to the default PVID.• All other traffic is sent with a VLAN tag.

ACN-229 Chapter 6


• ISL (Inter-Switch Link):• All received packets are expected to be encapsulated

with an ISL header.• All transmitted packets are sent with an ISL header.• Untagged frames received from an ISL trunk port are

dropped.• No longer recommended or supported.

• 30 bytes of overhead for each frame…..

ACN-230 Chapter 6


• Dynamic Trunking Protocol (DTP):• Cisco proprietary protocol. Switches from other vendors

do not support DTP.• Automatically enabled on a switch port when certain

trunking modes are configured on the switch port.• DTP manages trunk negotiation only if the port on the

other switch is configured in a trunk mode that supports DTP.

• DTP supports both ISL and 802.1Q trunks. • Some Cisco switches and routers (older versions) do not

support DTP.

ACN-231 Chapter 6


• Dynamic Trunking Protocol (DTP):• On (default): (switchport mode trunk)

• Periodically sends DTP advertisements, to the remote port that it is dynamically changing to a trunking state.

• Dynamic Auto: (switchport mode dynamic auto)

• The switch port periodically sends DTP frames to the remote port. It advertises to the remote switch port that it is able to trunk but does not request to go to the trunking state.

• Dynamic Desirable: (switchport mode dynamic desirable)

• DTP frames are sent periodically to the remote port. It advertises to the remote switch port that it is able to trunk and asks the remote switch port to go to the trunking state.

ACN-232 Chapter 6


• Dynamic Trunking Protocol (DTP):• Turn off DTP: (switchport nonegogiate)

• The local port does not send out DTP frames to the remote port.

• The local port is then considered to be in an unconditional trunking state.

• Use this feature when you need to configure a trunk with a switch from another switch vendor.

ACN-233 Chapter 6

Virtual Local Area NetworksVirtual Local Area Networks

Configure VLANs and TrunksConfigure VLANs and Trunks

ACN-234 Chapter 6

Configure VLANs and TrunksConfigure VLANs and Trunks

• Overview:

1. Create the VLANs.

2. Assign switch ports to VLANs statically.

3. Verify VLAN configuration.

4. Enable trunking on the inter-switch connections.

5. Verify trunk configuration.

ACN-235 Chapter 6

Configure a VLANConfigure a VLAN

• Command Syntax:

S1#configure terminal

S1(config)#vlan vlan id

S1(config-vlan)#name vlan name

S1(config-vlan)#end

ACN-236 Chapter 6


Configure a VLANConfigure a VLANConfigure a VLANConfigure a VLAN

ACN-237 Chapter 6


Assign switch ports to a VLANAssign switch ports to a VLANAssign switch ports to a VLANAssign switch ports to a VLAN

ACN-238 Chapter 6


Verify VLAN configurationVerify VLAN configurationVerify VLAN configurationVerify VLAN configuration

ACN-239 Chapter 6

Managing VLANsManaging VLANs

OtherOther show vlanshow vlan command options command optionsOtherOther show vlanshow vlan command options command options

ACN-240 Chapter 6


show interfacesshow interfaces command commandshow interfacesshow interfaces command command

ACN-241 Chapter 6


Manage VLAN MembershipsManage VLAN MembershipsManage VLAN MembershipsManage VLAN Memberships

Remove port VLAN membership.Remove port VLAN membership.Remove port VLAN membership.Remove port VLAN membership.

ACN-242 Chapter 6

• If you remove the VLAN before removing the port membership assignments, the ports become unusable until you issue the no switchport access vlan command.


Manage VLAN MembershipsManage VLAN MembershipsManage VLAN MembershipsManage VLAN Memberships

Remove a VLANRemove a VLANRemove a VLANRemove a VLAN

Remove port VLAN membership.Remove port VLAN membership.Remove port VLAN membership.Remove port VLAN membership.

ACN-243 Chapter 6


• Restoring to Factory Defaults:• To remove all VLAN configuration: VLAN VLAN

configuration configuration stored here.stored here.

VLAN VLAN configuration configuration stored here.stored here.

ACN-244 Chapter 6

Configure a TrunkConfigure a Trunk

• Command Syntax:

S1#configure terminal

S1(config)#interface interface-id

S1(config-if)#switchport mode trunkS1(config-if)#switchport trunk native vlan

vlan-id S1(config-if)#switchport trunk allowed vlan

add vlan-list

S1(config-vlan)#end

ACN-245 Chapter 6


ACN-246 Chapter 6


The native VLAN must The native VLAN must match on match on bothboth switches. switches.The native VLAN must The native VLAN must

match on match on bothboth switches. switches.

ACN-247 Chapter 6

Verify Trunk ConfigurationVerify Trunk Configuration

ACN-248 Chapter 6

Managing a Trunk ConfigurationManaging a Trunk Configuration

ACN-249 Chapter 6

Managing a Trunk ConfigurationManaging a Trunk Configuration

• Pruning:• The process of specifying the traffic that will be allowed to

traverse the trunk link.• Use the command:

switchport trunk allowed vlan add vlan-list

• The vlan-list is a list of the VLAN IDs, separated by commas, that will be allowed to use the trunk link.

• The lists must match on both switches.

ACN-250 Chapter 6

Common Problems with TrunksCommon Problems with Trunks

• Native VLAN mismatches:• Trunk ports are configured with different native VLANs.

• Trunk Mode mismatches:• One trunk port is configured with trunk mode off and the

other with trunk mode on.• VLANs and IP Subnets:

• End user devices configured with incorrect IP addresses will not have network connectivity. Each VLAN is a logically separate IP subnetwork. Devices within the VLAN must be configured with the correct IP settings.

• Allowed VLANs on trunks:• The list of allowed VLANs on a trunk does not match on

both ends of the trunk.

ACN-251 Chapter 6


Chapter 9

VLAN Trunking Protocol (VTP)

ACN-252 Chapter 6



• VTP Concepts• VTP Operations • VTP Configurations

ACN-253 Chapter 6

What is VTP?What is VTP?

• The VLAN Trunking Protocol (VTP) allows you to simplify the management of the VLAN database across multiple switches.

• As the number of switches increases on a small- or medium-sized business network, the overall administration required to manage VLANs and trunks in a network becomes a challenge.

ACN-254 Chapter 6


• Simple Network.

Create VLAN 30Create VLAN 30Choose interface(s).Choose interface(s).Add interface(s) to VLAN 30.Add interface(s) to VLAN 30.

Create VLAN 30Create VLAN 30Choose interface(s).Choose interface(s).Add interface(s) to VLAN 30.Add interface(s) to VLAN 30.

ACN-255 Chapter 6


• How about now?

ACN-256 Chapter 6


• How does it work?

VTP ServerVTP ServerVTP ServerVTP Server

VLAN 30VLAN 30VLAN 30VLAN 30VLAN 30VLAN 30VLAN 30VLAN 30

ACN-257 Chapter 6

Benefits of VTPBenefits of VTP

• The VLAN Trunking Protocol (VTP) allows you to simplify the management of the VLAN database across multiple switches.

• Benefits:• VLAN configuration consistency across the entire

network. (created, deleted, or renamed)• Accurate tracking and monitoring of VLANs.• Dynamic reporting of added VLANs across a network.• Dynamic trunk configuration when VLANs are added to

the network

ACN-258 Chapter 6

VTP ComponentsVTP Components

• VTP Domain:• Consists of one or more interconnected switches. • All switches in a domain share VLAN configuration details

using VTP advertisements. • Router or Layer 3 switch defines the boundary of domain.

ACN-259 Chapter 6


• VTP Advertisement:• VTP uses a hierarchy of advertisements to distribute and

synchronize VLAN configurations across the network.

newnew

ACN-260 Chapter 6


• VTP Modes:• Three different modes: (more)

• Server, Client, Transparent

ACN-261 Chapter 6


• VTP Server:• VTP servers advertise the VTP VLAN information to other

switches in the same VTP domain. • The server is where VLANs can be created, deleted, or

renamed for the domain.

ACN-262 Chapter 6


• VTP Client:• VTP clients Forward advertisements to other clients.• You cannot create, change, or delete VLANs.• You must configure VTP Client mode.

ACN-263 Chapter 6


• VTP Transparent:• forward VTP advertisements to VTP clients and VTP

servers. • do not participate in VTP. VLANs that are created,

renamed, or deleted on transparent switches are local to that switch only.

newnew

ACN-264 Chapter 6


• VTP Pruning:• VTP pruning increases network available bandwidth by

restricting flooded traffic to thosetrunk links used to reach thedestination devices.

• Without VTP pruning, broadcasts,multicasts and unknown unicastsare flooded across all trunk linkswithin a VTP domain.

• What it means is that thedestination switch does not havethe same VLAN as the switchthat initiates the broadcast.

ACN-265 Chapter 6

VLAN Trunking ProtocolVLAN Trunking Protocol

VTP OperationVTP Operation

ACN-266 Chapter 6

Default VTP ConfigurationDefault VTP Configuration

The version the switch is The version the switch is capablecapable of running. of running. Default is Version 1.Default is Version 1.

The version the switch is The version the switch is capablecapable of running. of running. Default is Version 1.Default is Version 1.

Server ModeServer ModeServer ModeServer Mode

NONODomain NameDomain Name

NONODomain NameDomain Name

Version 2 Version 2 DisabledDisabledVersion 2 Version 2 DisabledDisabled

ACN-267 Chapter 6

Default VTP ConfigurationDefault VTP Configuration

• VTP automatically distributes and synchronizes domain name and VLAN configurations across the network. (benefit)

• However, this benefit comes with a cost, you can only add switches that are in their default VTP configuration.

• If you add a VTP-enabled switch that is configured with settings, the existing network VTP configurations will be superseded with these setting and are automatically propagated throughout the network.

(demo S45)

newnew

ACN-268 Chapter 6

VTP DomainsVTP Domains

• VTP allows you to separate your network into smaller management domains to help reduce VLAN management.

• VTP domains limits the extent to which configuration changes are propagated in the network if an error occurs

• A switch can be a member of

only one VTP domain at a time.• Until the VTP domain name is

specified, you cannot create or

modify VLANs on a VTP server,and VLAN information is not

propagated over the network.

ACN-269 Chapter 6


Two domains Two domains configured.configured.

Two domains Two domains configured.configured.

ACN-270 Chapter 6


• For a VTP server or client switch to participate in a VTP-enabled network, it must be a part of the same domain.

• Domain name propagation uses three VTP components: servers, clients, and advertisements.

ACN-271 Chapter 6

VTP AdvertisingVTP Advertising

• VTP Frame Structure:• VTP advertisements (or messages) distribute VTP

domain name and VLAN configuration changes to VTP-enabled switches.

• The VTP frame is encapsulated in the same manner as any other tagged frame.

ACN-272 Chapter 6

VTP AdvertisingVTP Advertising

• VTP Frame Details:

ACN-273 Chapter 6

VTP Revision NumberVTP Revision Number

• VTP Revision Number (Default Zero):• The configuration revision number is a 32-bit number that

indicates the level of revision for a VTP frame.• Each time a VLAN is added or removed, the

configuration revision number is incremented.• Each VTP device tracks the VTP configuration revision

number.• A VTP domain name change resets the revision number

to zero.• The revision number plays an important role in enabling VTP

to distribute and synchronize VTP domain and VLAN configuration information. (More to come)

ACN-274 Chapter 6

VTP Advertisement TypesVTP Advertisement Types

• Summary Advertisement:• Contains the VTP domain name, the current revision

number, and other VTP configuration details.• Summary advertisements are sent:

• Every 5 minutes by a VTP server or client to inform neighboring VTP-enabled switches of the current VTP configuration revision number for its VTP domain.

• Immediately after a configuration change.

ACN-275 Chapter 6


• Subset Advertisement:• A subset advertisement contains VLAN information.• Changes that trigger the subset advertisement include:

• Creating or deleting a VLAN. • Suspending or activating a VLAN. • Changing the name of a VLAN. • Changing the MTU of a VLAN.

ACN-276 Chapter 6


• Request Advertisement:• A request advertisement is sent to a VTP server.• The VTP server responds to the client by sending a

summary advertisement followed by a subset advertisement.

• Request advertisements are sent if:• The VTP domain name has been changed.• The switch receives a summary advertisement with a

higher configuration revision number than its own.• A subset advertisement message is missed for some

reason.• The switch has been reset.

ACN-277 Chapter 6


• Details of the formats can be found in the text or in the online curriculum.

• Summary Advertisement• Subset advertisement• Request Advertisement

ACN-278 Chapter 6

VTP ModesVTP Modes

• A Cisco switch can be configured in either:• Server mode• Client mode• Transparent mode

• These modes differ in how they are used to manage and advertise VTP domains and VLANs.

ACN-279 Chapter 6

VTP ModesVTP Modes

• VTP Server Mode:

ACN-280 Chapter 6

VTP ModesVTP Modes

• VTP Client Mode:

ACN-281 Chapter 6

VTP ModesVTP Modes

• VTP Transparent Mode:

ACN-282 Chapter 6

VTP – Server to ClientVTP – Server to Client

ACN-283 Chapter 6

VTP – Server to Transparent to ClientVTP – Server to Transparent to Client

S1 Periodic S1 Periodic UpdatesUpdates

S1 Periodic S1 Periodic UpdatesUpdates

S4S4RequestsRequests

S4S4RequestsRequests

S1 ResponseS1 ResponseS1 ResponseS1 Response

ACN-284 Chapter 6

VTP PruningVTP Pruning

• VTP Pruning:• Prevents unnecessary flooding of broadcast information

from one VLAN across all trunks in a VTP domain.• Permits switches to negotiate which VLANs are assigned

to ports at the other end of a trunk and prune the VLANs that are not assigned to ports on the remote switch.

• Disabled by default.• Enabled using the vtp pruning global configuration

command.

ACN-285 Chapter 6

VTP PruningVTP Pruning

VLAN 20VLAN 20VLAN 20VLAN 20VLAN 10, 20VLAN 10, 20VLAN 10, 20VLAN 10, 20

No pruningNo pruningNo pruningNo pruning

Pruning enabled on S1Pruning enabled on S1Pruning enabled on S1Pruning enabled on S1

ACN-286 Chapter 6

VLAN Trunking ProtocolVLAN Trunking Protocol

Configure VTPConfigure VTP

ACN-287 Chapter 6

Configuring VTPConfiguring VTP

• Configuration Guidelines:

ACN-288 Chapter 6


• VTP Server Configuration:

Adding a name to a VLAN is Adding a name to a VLAN is considered a revision.considered a revision.

3 VLANs + 3 Names = 63 VLANs + 3 Names = 6

Adding a name to a VLAN is Adding a name to a VLAN is considered a revision.considered a revision.

3 VLANs + 3 Names = 63 VLANs + 3 Names = 6

ACN-289 Chapter 6


• VTP Client Configuration:

ACN-290 Chapter 6


• Connect the Devices and Verify VTP:

ACN-291 Chapter 6


• Add the workstations to the appropriate VLAN.• Use the show vlan brief command to verify.

ACN-292 Chapter 6

Troubleshooting VTP ConfigurationsTroubleshooting VTP Configurations

ACN-293 Chapter 6


Incorrect VTP Domain NameIncorrect VTP Domain NameIncorrect VTP Domain NameIncorrect VTP Domain Name

UpdateUpdateUpdateUpdate

Not Not updatedupdated

Not Not updatedupdated

ACN-294 Chapter 6


All switches set to Client mode.All switches set to Client mode.All switches set to Client mode.All switches set to Client mode.

On a On a rebootreboot, all VLAN c, all VLAN configurations onfigurations are lostare lost. VTP clients . VTP clients do notdo not store the store the

configuration in NVRAM.configuration in NVRAM.

On a On a rebootreboot, all VLAN c, all VLAN configurations onfigurations are lostare lost. VTP clients . VTP clients do notdo not store the store the

configuration in NVRAM.configuration in NVRAM.

ACN-295 Chapter 6


Incorrect Revision NumberIncorrect Revision NumberIncorrect Revision NumberIncorrect Revision Number

ACN-296 Chapter 6

Managing VLANs on a VTP ServerManaging VLANs on a VTP Server

ACN-297 Chapter 6


Chapter 10

Spanning Tree Protocol (STP)

ACN-298 Chapter 6



• Redundant Layer 2 Topologies• Issues with Redundancy• The Spanning Tree Protocol (STP)• STP Convergence• PVST+, RSTP, Rapid-PVST+

ACN-299 Chapter 6

Redundant Layer 2 TopologiesRedundant Layer 2 Topologies

• As businesses become increasingly dependent on the network, the availability of the network infrastructure becomes a critical business concern.

• Redundancy is the solution for achieving the necessary availability.

• Layer 2 redundancy improves the availability of the network by implementing alternate network paths by adding equipment and cabling.

• Having multiple paths for data to traverse the network allows for a single path to be disrupted without impacting the connectivity of devices on the network.

ACN-300 Chapter 6


ACN-301 Chapter 6


Redundant paths create Redundant paths create loops loops in the network.in the network.

Redundant paths create Redundant paths create loops loops in the network.in the network.

How are they controlled?How are they controlled?Spanning Tree ProtocolSpanning Tree Protocol

How are they controlled?How are they controlled?Spanning Tree ProtocolSpanning Tree Protocol

ACN-302 Chapter 6


• The Spanning Tree Protocol (STP) is enabled on all switches.• STP has placed some switch ports in forwarding state and

other switch ports in blocking state.

ForwardForwardForwardForward

BlockedBlockedBlockedBlocked

ACN-303 Chapter 6

Issues with RedundancyIssues with Redundancy

• Redundancy is an important part of the hierarchical design.• When multiple paths exist between two devices on the

network and STP has been disabled on those switches, a Layer 2 loop can occur.

• If STP is enabled on these switches, which is the default, a Layer 2 loop would not occur.

ACN-304 Chapter 6


• Ethernet frames do not have a Time-To-Live (TTL) parameter like IP packets.

• As a result, if they are not terminated properly on a switched network, they continue to bounce from switch to switch endlessly.

ACN-305 Chapter 6


• Remember that switches use the Source MAC address to learn where the devices are and enters this information into their MAC address tables.

• Switches will flood the frames for unknown destinations until they learn the MAC addresses of the devices.

ACN-306 Chapter 6


• Additionally, multicasts and broadcasts are also flooded out all ports except the receiving port. (Multicasts will not be flooded if the switch has been specifically configured to handle multicasts.)

ACN-307 Chapter 6


PC1 sends a PC1 sends a broadcast.broadcast.


S2 receives the S2 receives the frame and updates frame and updates

the MAC table.the MAC table.

S2 receives the S2 receives the frame and updates frame and updates

the MAC table.the MAC table.

S2 floods the S2 floods the broadcast out all broadcast out all ports except the ports except the receiving port.receiving port.

S2 floods the S2 floods the broadcast out all broadcast out all ports except the ports except the receiving port.receiving port.

S3 and S1 update S3 and S1 update their MAC tablestheir MAC tables

S3 and S1 update S3 and S1 update their MAC tablestheir MAC tables

S3 and S1 now S3 and S1 now flood the broadcast.flood the broadcast.

S3 and S1 now S3 and S1 now flood the broadcast.flood the broadcast.

S3 and S1 update S3 and S1 update their MAC tables their MAC tables with the wrong with the wrong

informationinformation

S3 and S1 update S3 and S1 update their MAC tables their MAC tables with the wrong with the wrong

informationinformation

S3 and S1 forward S3 and S1 forward the broadcast back the broadcast back

to S2.to S2.

S3 and S1 forward S3 and S1 forward the broadcast back the broadcast back

to S2.to S2.

S2 updates its S2 updates its MAC table with the MAC table with the wrong informationwrong information

S2 updates its S2 updates its MAC table with the MAC table with the wrong informationwrong information

S2 S2 floodsfloods the the broadcast againbroadcast again

S2 S2 floodsfloods the the broadcast againbroadcast againS3 and S1 update their S3 and S1 update their MAC tables again with MAC tables again with the the wrong informationwrong information

S3 and S1 update their S3 and S1 update their MAC tables again with MAC tables again with the the wrong informationwrong information

ACN-308 Chapter 6


• Broadcast Storms:

PC1 sends a PC1 sends a broadcastbroadcast


No STPNo STP so a so aloop is createdloop is createdNo STPNo STP so a so a

loop is createdloop is createdPC4 sends a PC4 sends a

broadcastbroadcastPC4 sends a PC4 sends a

broadcastbroadcastAnother loopAnother loopAnother loopAnother loopPC3 sends a broadcast and PC3 sends a broadcast and creates yet another loopcreates yet another loop

PC3 sends a broadcast and PC3 sends a broadcast and creates yet another loopcreates yet another loop



Because of the high Because of the high level of traffic, it level of traffic, it

cannot be processed.cannot be processed.

Because of the high Because of the high level of traffic, it level of traffic, it

cannot be processed.cannot be processed.

In fact, the entire network can In fact, the entire network can no longer process new traffic no longer process new traffic

and comes to a screeching halt.and comes to a screeching halt.

In fact, the entire network can In fact, the entire network can no longer process new traffic no longer process new traffic

and comes to a screeching halt.and comes to a screeching halt.

ACN-309 Chapter 6


• Duplicate Unicast Frames:

PC1 sends a PC1 sends a unicastunicast frame frame

to PC4to PC4

PC1 sends a PC1 sends a unicastunicast frame frame

to PC4to PC4

S2 has no entry for S2 has no entry for PC4 so the frame PC4 so the frame is flooded out the is flooded out the remaining portsremaining ports

S2 has no entry for S2 has no entry for PC4 so the frame PC4 so the frame is flooded out the is flooded out the remaining portsremaining ports

Both S3 and S1 have Both S3 and S1 have entries for PC4 so the entries for PC4 so the

frame is forwardedframe is forwarded

Both S3 and S1 have Both S3 and S1 have entries for PC4 so the entries for PC4 so the

frame is forwardedframe is forwarded

S1 also forwards S1 also forwards the frame it the frame it

received from S3received from S3

S1 also forwards S1 also forwards the frame it the frame it

received from S3received from S3

End result….End result….PC4 receives two copies of the same PC4 receives two copies of the same frame. One from S1 and one from S3.frame. One from S1 and one from S3.

End result….End result….PC4 receives two copies of the same PC4 receives two copies of the same frame. One from S1 and one from S3.frame. One from S1 and one from S3.

ACN-310 Chapter 6

Real-World Redundancy IssuesReal-World Redundancy Issues

• Loops in the Wiring Closet:• Usually caused by an error in cabling.

ACN-311 Chapter 6

Real-World Redundancy IssuesReal-World Redundancy Issues

• Loops in Cubicles:• Some users have a personal switch or hub.

Affects all of the Affects all of the traffic on S1traffic on S1

Affects all of the Affects all of the traffic on S1traffic on S1

ACN-312 Chapter 6

Introduction to STPIntroduction to STP

• Redundancy:• Increases the availability of the network topology by

protecting the network from a single point of failure.• In a Layer 2 design, loops and duplicate frames can

occur, having severe consequences.• The Spanning Tree Protocol (STP) was developed to address

these issues.• STP ensures that there is only one logical path between

all destinations on the network by intentionally blocking redundant paths that could cause a loop.

• The switches running STP are able to compensate for failures by dynamically unblocking the previously blocked ports and permitting traffic to traverse the alternate paths.

ACN-313 Chapter 6

Spanning-Tree Algorithm (STA)Spanning-Tree Algorithm (STA)

• STP Topology – Avoiding a loop:

STP is in use and S3 STP is in use and S3 has placed port F0/2 has placed port F0/2 in in blocking stateblocking state to to

avoid a loop.avoid a loop.

STP is in use and S3 STP is in use and S3 has placed port F0/2 has placed port F0/2 in in blocking stateblocking state to to

avoid a loop.avoid a loop.



S2 forwards the S2 forwards the broadcast – broadcast – but but

not to S3not to S3..

S2 forwards the S2 forwards the broadcast – broadcast – but but

not to S3not to S3..

S1 forwards the S1 forwards the broadcast.broadcast.


Because F0/2 is in Because F0/2 is in blocking stateblocking state, the , the broadcast is not broadcast is not

forwardedforwarded back to back to S2. – NO LOOP!S2. – NO LOOP!

Because F0/2 is in Because F0/2 is in blocking stateblocking state, the , the broadcast is not broadcast is not

forwardedforwarded back to back to S2. – NO LOOP!S2. – NO LOOP!

ACN-314 Chapter 6


• STP Topology – Network Failure:

Trunk 1 Trunk 1 FailureFailureTrunk 1 Trunk 1 FailureFailure

S3 port S3 port activatedactivatedS3 port S3 port

activatedactivated

PC1 Sends a PC1 Sends a broadcast.broadcast.

PC1 Sends a PC1 Sends a broadcast.broadcast.



S3 and S1 forward S3 and S1 forward the broadcast.the broadcast.

S3 and S1 forward S3 and S1 forward the broadcast.the broadcast.

Trunk 1 comes Trunk 1 comes back up.back up.

Trunk 1 comes Trunk 1 comes back up.back up.

S3 port back to S3 port back to blocking modeblocking mode..S3 port back to S3 port back to blocking modeblocking mode..

ACN-315 Chapter 6


ACN-316 Chapter 6


• STP uses the Spanning Tree Algorithm (STA) to determine which switch ports on a network need to be configured for blocking to prevent loops.

• Through an election process, the algorithm designates a single switch as the root bridge and uses it as the reference point for all calculations.

• The election process is controlled by the Bridge-ID (BID).

BridgePriority

MACMACAddressAddress

2222 6666

ACN-317 Chapter 6

Root BridgeRoot Bridge

• Election Process:• All switches in the broadcast domain participate.• After a switch boots, it sends out Bridge Protocol Data

Units (BPDU) frames containing the switch BID and the root ID every 2 seconds.• The root ID identifies the root bridge on the network.

• By default, the root ID matches the local BID for all switches on the network. • In other words, each switch considers itself as the root

bridge when it boots.

ACN-318 Chapter 6

Root BridgeRoot Bridge

• Election Process:• As the switches forward their BPDU frames, switches in

the broadcast domain read the root ID information from the BPDU frame.

• If the root ID from the BPDU received is lower than the root ID on the receiving switch, the receiving switch updates its root ID identifying the adjacent switch as the root bridge.

• The switch then forwards new BPDU frames with the lower root ID to the other adjacent switches.

• Eventually, the switch with the lowest BID ends up being identified as the root bridge for the spanning-tree instance.

ACN-319 Chapter 6

Best PathBest Path

• Now that the root bridge has been elected, the STA starts the process of determining the best (lowest cost) paths to the root bridge from all destinations in the broadcast domain.

• The path information is determined by summing up the individual port costs along the path from the destination to the root bridge.

• The default port costs are specified by the IEEE and defined by the speed at which the port operates.

Link SpeedLink Speed CostCost

10Gbps 2

1Gbps 4

100Mbps 19

10Mbps 100

ACN-320 Chapter 6

Best PathBest Path

• You are not restricted to the defaults.• The cost of a path can be manually configured to specify

that a specific path is the preferred path instead of allowing the STA to choose the best path.

• Realize, however, that changing the cost of a particular path will affect the results of the STA.

• The ‘no’ form of the following command will return the cost to its default value.

switch(config)#interface fa0/1

switch(config-if)#spanning-tree cost [value]

switch(config-if)#end

ACN-321 Chapter 6

Best PathBest Path

• Verifying the port and path cost.

Port CostPort CostPort CostPort Cost

Path CostPath CostPath CostPath Cost

ACN-322 Chapter 6

STP Bridge Protocol Data UnitSTP Bridge Protocol Data Unit

• STP determines a root bridge for the spanning-tree instance by exchanging Bridge Protocol Data Units (BPDU).

Identifies the root Identifies the root bridge and the bridge and the

cost of the path to cost of the path to the root bridge.the root bridge.

Identifies the root Identifies the root bridge and the bridge and the

cost of the path to cost of the path to the root bridge.the root bridge.

ACN-323 Chapter 6

STP Bridge Protocol Data UnitSTP Bridge Protocol Data Unit

• STP determines a root bridge for the spanning-tree instance by exchanging Bridge Protocol Data Units (BPDU).

ACN-324 Chapter 6

BPDU ProcessBPDU Process

• Root Bridge Election Process:

S3 believes S2 is the root bridge.S3 believes S2 is the root bridge.S1 still thinks it is the root bridge.S1 still thinks it is the root bridge.S3 believes S2 is the root bridge.S3 believes S2 is the root bridge.S1 still thinks it is the root bridge.S1 still thinks it is the root bridge.

ACN-325 Chapter 6



S2 and S1 both think that theyS2 and S1 both think that theyare the root bridge.are the root bridge.

S2 and S1 both think that theyS2 and S1 both think that theyare the root bridge.are the root bridge.

ACN-326 Chapter 6



S3 recognizes S1 as the root.S3 recognizes S1 as the root.S2 recognizes S1 as the root.S2 recognizes S1 as the root.S3 recognizes S1 as the root.S3 recognizes S1 as the root.S2 recognizes S1 as the root.S2 recognizes S1 as the root.

ACN-327 Chapter 6



If the root bridge fails, the election If the root bridge fails, the election process begins again.process begins again.

If the root bridge fails, the election If the root bridge fails, the election process begins again.process begins again.

ACN-328 Chapter 6

Bridge IDBridge ID

Early STP implementation – no VLANs.Early STP implementation – no VLANs.Early STP implementation – no VLANs.Early STP implementation – no VLANs.

Changed to include VLAN ID.Changed to include VLAN ID.Changed to include VLAN ID.Changed to include VLAN ID.

That means that there is That means that there is a separate a separate instance of STPinstance of STP for each VLAN. for each VLAN.

That means that there is That means that there is a separate a separate instance of STPinstance of STP for each VLAN. for each VLAN.

ACN-329 Chapter 6

Bridge IDBridge ID

ACN-330 Chapter 6

Bridge IDBridge ID

• Bridge Priority:• A customizable value that you can use to influence which

switch becomes the root bridge. (Another rigged election!)

• The switch with the lowest priority, which means lowest BID, becomes the root bridge.• The lower the priority value, the higher the priority.

ACN-331 Chapter 6

Bridge IDBridge ID

• Bridge Priority:• Notice that the addition of the VLAN ID leaves fewer bits

available for the bridge priority (4 instead of 16).• As a result, the bridge priority is assigned in multiples of

4096.• The priority is added to the extended system value (VLAN

ID) to uniquely identify the priority and VLAN of the BPDU frame.

++++

ACN-332 Chapter 6

Bridge IDBridge ID

++++

ACN-333 Chapter 6

Bridge IDBridge ID

• Bridge Priority:

Default Priority:Default Priority:Election based on Election based on

MAC AddressMAC Address

Default Priority:Default Priority:Election based on Election based on

MAC AddressMAC Address

ACN-334 Chapter 6

Bridge IDBridge ID

• Bridge Priority:

Modified Priority:Modified Priority:Election based on Election based on

priority.priority.

Modified Priority:Modified Priority:Election based on Election based on

priority.priority.

ACN-335 Chapter 6

Configure and Verify the Bridge IDConfigure and Verify the Bridge ID

• Two Methods to configure the Bridge ID:• Method 1: Ensures that the switch has the Ensures that the switch has the

lowest priority valuelowest priority value after determining after determining the lowest value on the network.the lowest value on the network.

Ensures that the switch has the Ensures that the switch has the lowest priority valuelowest priority value after determining after determining

the lowest value on the network.the lowest value on the network.

Ensures that the switch will become the root bridge Ensures that the switch will become the root bridge if the primary fails. if the primary fails. This one assumes that all other This one assumes that all other

switches have the default valueswitches have the default value..

Ensures that the switch will become the root bridge Ensures that the switch will become the root bridge if the primary fails. if the primary fails. This one assumes that all other This one assumes that all other

switches have the default valueswitches have the default value..

ACN-336 Chapter 6


• Two Methods to configure the Bridge ID:• Method 2:

VLAN ID NumberVLAN ID NumberVLAN ID NumberVLAN ID Number Priority valuePriority valuePriority valuePriority value

ACN-337 Chapter 6


ACN-338 Chapter 6

Port RolesPort Roles

• The root bridge is elected for the spanning-tree instance.• The location of the root bridge in the network topology

determines how port roles are calculated.• Root Port:

• The switch port with the best path to forward traffic to the root bridge.

• Designated Port:• The switch port that receives and forwards frames

toward the root bridge as needed. Only one designated port is allowed per segment.

• Non-designated Port:• A switch port that is blocked, so it is not forwarding

data frames.

ACN-339 Chapter 6

Port RolesPort Roles

ACN-340 Chapter 6

• For Example: Default Port Priority = 128Default Port Priority = 128Default Port Priority = 128Default Port Priority = 128

F0/1 Priority = 128,1F0/1 Priority = 128,1F0/1 Priority = 128,1F0/1 Priority = 128,1

ACN-341 Chapter 6

Port Roles – Root PortPort Roles – Root Port

• You can specify the root port:• Configure Port Priority:

• Priority values 0 - 240, in increments of 16. • Default port priority value is 128.• The lower the port priority value, the higher the

priority.

ACN-342 Chapter 6

Port Roles – Root PortPort Roles – Root Port

• Verifying the Port Priority:

ACN-343 Chapter 6

STP Port States and BPDU TimersSTP Port States and BPDU Timers

• Port States:• The spanning tree is determined by the exchange of the

BPDU frames between the interconnected switches.• Each switch port:

• Five possible port states.• Three BPDU timers.

• WHY?• The spanning tree is determined immediately after the

switch has finished booting.• Going directly from a blocking state to a forwarding

state could create a temporary loop.• The five states and the timers address this issue.

ACN-344 Chapter 6


• Port States:• Blocking:

• The port is a non-designated port and does not participate in frame forwarding.

• Listening:• STP has determined that the port can participate in

frame forwarding according to the BPDU frames that the switch has received thus far.

• Learning:• The port prepares to participate in frame forwarding

and begins to populate the MAC address table.

ACN-345 Chapter 6


• Port States:• Forwarding:

• The port is considered part of the active topology and forwards frames and also sends and receives BPDU frames.

• Disabled:• The Layer 2 port does not participate in STP and does

not forward frames. (administratively shutdown)

ACN-346 Chapter 6


• BPDU Timers:• The amount of time that a port stays in the various port

states depends on the BPDU timers.• Only the switch in the role of root bridge may send

information through the tree to adjust the timers.

ACN-347 Chapter 6


• BPDU Timers:• At power up:

• Every switch port goes through the blocking, listening and learning states.• The ports then stabilize to the forwarding or

blocking state.• During a topology change:

• A port temporarily implements the listening and learning states for a specified period. Power up DelayPower up Delay

Maximum ofMaximum of15 + 15 = 30 Seconds15 + 15 = 30 Seconds

Power up DelayPower up DelayMaximum ofMaximum of

15 + 15 = 30 Seconds15 + 15 = 30 Seconds

ACN-348 Chapter 6


• BPDU Timers:• There is a race

between operatingsystems and CPUmanufacturers.

• CPU manufacturers keepmaking the chips faster, while, at the same time, operating systems keep slowing down.

• As a result the BPDU timer delays can affect DHCP.• A network device is often booted and ready to use the

network before the switch port becomes active.• This can prevent the device from immediately obtaining a

useable IP configuration from DHCP.

ACN-349 Chapter 6

Cisco PortFastCisco PortFast

• Cisco has addressed this issue with their PortFast technology.

• The port is configured as an access port.• The port transitions from blocking to forwarding state

immediately, bypassing the listening and learning states.

• PortFast is disabled by default.• It should be used only on access ports.• If you enable PortFast on a port connecting to another

switch, you risk creating a spanning-tree loop.

ACN-350 Chapter 6

Cisco PortFastCisco PortFast

ACN-351 Chapter 6

Putting It All TogetherPutting It All Together

• STP Convergence:• Convergence is the time it takes for the network to:

• Determine which switch is going to assume the role of the root bridge.

• Set switch ports to their final spanning-tree port roles where all potential loops are eliminated.

• Three Steps:

1. Elect a root bridge.

2. Elect the root ports.

3. Elect the Designated and Non-designated ports.

ACN-352 Chapter 6

Putting It All Together - Step 1Putting It All Together - Step 1

• Elect a Root Bridge:

RootRootRootRoot

RootRootRootRoot

RootRootRootRootRoot ID Root ID 32769.00A22232769.00A222Bridge ID Bridge ID 3279.00A2223279.00A222Root ID Root ID 32769.00A22232769.00A222Bridge ID Bridge ID 3279.00A2223279.00A222

Root ID Root ID 32769.00A11132769.00A111Bridge ID Bridge ID 3279.00A1113279.00A111Root ID Root ID 32769.00A11132769.00A111Bridge ID Bridge ID 3279.00A1113279.00A111





ACN-353 Chapter 6

Putting It All Together – Step 1Putting It All Together – Step 1


RootRootRootRoot






ACN-354 Chapter 6



RootRootRootRoot








ACN-355 Chapter 6



• Root Ports:

RootRootRootRoot




Throughout the root bridge election, the Throughout the root bridge election, the path costpath cost has also been updated. has also been updated.All links are 100Mbps. All links are 100Mbps. Cost = 19Cost = 19

Throughout the root bridge election, the Throughout the root bridge election, the path costpath cost has also been updated. has also been updated.All links are 100Mbps. All links are 100Mbps. Cost = 19Cost = 19

38383838

19191919

38383838

RR

RR

ACN-356 Chapter 6



• Designated and Non-designated Ports:

RootRootRootRoot



RR

RR

DD

DD

S1 is the S1 is the root bridgeroot bridge so so both ports become both ports become designateddesignated ports. ports.

S1 is the S1 is the root bridgeroot bridge so so both ports become both ports become designateddesignated ports. ports.


DD



ACN-357 Chapter 6



• Designated and Non-designated Ports:

RootRootRootRoot



RR

RR

DD

DD


DD

NDNDXX



ACN-358 Chapter 6


• Verifying STP Configuration:

RR

RR

DD

DD

DD

NDNDXX

RootRootRootRoot

ACN-359 Chapter 6



RR

RR

DD

DD

DD

NDNDXX

RootRootRootRoot

ACN-360 Chapter 6



RR

RR

DD

DD

DD

NDNDXX

RootRootRootRoot

ACN-361 Chapter 6

Spanning Tree Protocol (STP)Spanning Tree Protocol (STP)

PVST+, RTSP and Rapid PVST+

Per-VLAN Spanning TreePer-VLAN Spanning Tree (PVST) (PVST)Per-VLAN Spanning TreePer-VLAN Spanning Tree (PVST) (PVST)

Multiple Spanning Tree ProtocolMultiple Spanning Tree Protocol (MSTP) (MSTP)Multiple Spanning Tree ProtocolMultiple Spanning Tree Protocol (MSTP) (MSTP)

Rapid Per-VLAN Spanning Tree PlusRapid Per-VLAN Spanning Tree Plus (Rapid PVST+) (Rapid PVST+)Rapid Per-VLAN Spanning Tree PlusRapid Per-VLAN Spanning Tree Plus (Rapid PVST+) (Rapid PVST+)

Rapid Spanning TreeRapid Spanning Tree (RSTP) (RSTP)Rapid Spanning TreeRapid Spanning Tree (RSTP) (RSTP)

Per-VLAN Spanning Tree PlusPer-VLAN Spanning Tree Plus (PVST+) (PVST+)Per-VLAN Spanning Tree PlusPer-VLAN Spanning Tree Plus (PVST+) (PVST+)

ACN-362 Chapter 6

Cisco and IEEE STP VariantsCisco and IEEE STP Variants

ACN-363 Chapter 6

• Cisco PVST+:• A network can run an STP instance for each VLAN in the

network.• Cisco proprietary.• More than one trunk can block for a VLAN.• Load sharing can be implemented.• Means that all switches in the network are engaged in

converging the network.• Switch ports have to accommodate the additional

bandwidth used for BPDUs.• Default for Cisco 2960 switches.

PVST+ (Cisco)PVST+ (Cisco)

ACN-364 Chapter 6


ACN-365 Chapter 6


Extended System-IDExtended System-IDExtended System-IDExtended System-ID

ACN-366 Chapter 6


Extended System-IDExtended System-IDExtended System-IDExtended System-ID

ACN-367 Chapter 6

Configure PVST+Configure PVST+

ACN-368 Chapter 6

• IEEE 802.1w RSTP:• What is it?

• Is an evolution of the 802.1D standard.• Terminology remains primarily the same.• Most parameters have been left unchanged.• Speeds the recalculation of the spanning tree on a

topology change.• Much faster convergence.• Redefines the type of ports and their state.• Alternate or backup ports can immediately change to

a forwarding state without waiting for the network to converge.

Rapid Spanning-Tree Protocol (RSTP)Rapid Spanning-Tree Protocol (RSTP)

ACN-369 Chapter 6

• IEEE 802.1w RSTP:• Characteristics:

• Preferred protocolfor preventingLayer 2 loops.

• Cisco-proprietaryenhancements, such as UplinkFast and BackboneFast, are not compatible with RSTP.

• Retains backward compatibility to 802.1D. • Keeps the same BPDU format as IEEE 802.1D with

the version field is set to 2 to indicate RSTP. • Port can safely transition to the forwarding state

without having to rely on any timer configuration.


ACN-370 Chapter 6


802.1w (RSTP)802.1w (RSTP)Switch sends an Switch sends an

information BPDU every information BPDU every hello time (2 seconds)hello time (2 seconds) even if no BPDU has even if no BPDU has been received on the been received on the

root port.root port.

802.1w (RSTP)802.1w (RSTP)Switch sends an Switch sends an

information BPDU every information BPDU every hello time (2 seconds)hello time (2 seconds) even if no BPDU has even if no BPDU has been received on the been received on the


802.1D (STP)802.1D (STP)Switch Switch onlyonly sends an sends an

information BPDU when information BPDU when it receives one on the it receives one on the


802.1D (STP)802.1D (STP)Switch Switch onlyonly sends an sends an

information BPDU when information BPDU when it receives one on the it receives one on the


ACN-371 Chapter 6

• Rapid Transition to Forwarding State:• Rapid transition is the most important feature introduced

by 802.1w. • The legacy STA passively waited for the network to

converge before it turned a port into the forwarding state.

• The new rapid STP is able to actively confirm that a port can safely transition to the forwarding state without having to rely on any timer configuration.

• In order to achieve fast convergence on a port, the protocol relies upon two new variables:• Edge Ports• Link Type.


ACN-372 Chapter 6

• Edge Ports:• An edge port is a switch port that is never intended to be connected to another switch device.• It immediately transitions to the forwarding state when enabled.

• Does this sound like anything we’ve already discussed?• PortFast

• Non-Edge Ports:• A non-edge port is a switch port that is always intended to be connected to another switch

device.


ACN-373 Chapter 6


Cisco - PortfastCisco - PortfastCisco - PortfastCisco - Portfast

Non-Edge PortsNon-Edge PortsNon-Edge PortsNon-Edge Ports

Edge PortsEdge PortsEdge PortsEdge Ports

ACN-374 Chapter 6

• Link Types:• The link type provides a categorization for each port

participating in RSTP. • Non-edge ports are categorized into two link types:

• Point-to-point:• Connects to a single network device.

• Shared:• Connects to a shared media where more switches

may exist.• The link type is automatically derived from the duplex

mode of a port but this can be overridden.


ACN-375 Chapter 6


ACN-376 Chapter 6

• Link Types:• However, before the link type parameter is considered,

RSTP must determine the port role.• Root Ports:

• Do not use the link type parameter. • Alternate and Backup Ports:

• Do not use the link type parameter in most cases. • Designated Ports:

• Make the most use of the link type parameter only if it is a point-to-point link.


ACN-377 Chapter 6

• Port States:• An RSTP topology change causes a transition to the

forwarding state through either explicit handshakes or a proposal and agreement process and synchronization.• With RSTP, the role of a port is separated from the

state of a port. • For example, a designated port could be in the

discarding state temporarily, even though its final state is to be forwarding.


ACN-378 Chapter 6

• Port States:• Discarding:

• Prevents the forwarding of data frames.• Learning:

• Accepts data frames to populate the MAC table.• Forwarding:

• Forwards data frames and determines the topology.


ACN-379 Chapter 6


STPSTPSTPSTP

RSTPRSTPRSTPRSTP

ACN-380 Chapter 6

• Port Roles:• The port role defines the ultimate purpose of a switch port

and how it handles data frames. Port roles and port states are able to transition independently of each other. • Root Port• Designated Port• Alternate Port• Backup Port

• Creating the additional port roles allows RSTP to define a standby switch port before a failure or topology change.


ACN-381 Chapter 6

• Port Roles:


ACN-382 Chapter 6

• Port Roles:


ACN-383 Chapter 6

• Port Roles:


ACN-384 Chapter 6

• Port Roles:


ACN-385 Chapter 6

• In IEEE 802.1D STP:• A designated port must wait two times the forward delay

before transitioning the port to the forwarding state.• RSTP:

• Significantly speeds up the recalculation process after a topology change.

• It converges on a link-by-link basis and does not rely on timers expiring before ports can transition.

• Only on edge ports and point-to-point links.

RSTP Proposal and Agreement ProcessRSTP Proposal and Agreement Process

ACN-386 Chapter 6

RSTP Proposal and Agreement ProcessRSTP Proposal and Agreement Process

ACN-387 Chapter 6

• Rapid PVST+ is a Cisco implementation of RSTP. • Supports spanning tree for each VLAN. • Rapid STP variant to use in Cisco-based networks.

Configuring Rapid-PVST+Configuring Rapid-PVST+

ACN-388 Chapter 6

• Know where the root is:

Design STP for Trouble AvoidanceDesign STP for Trouble Avoidance

Either – Either – not both!not both!Either – Either – not both!not both!

ACN-389 Chapter 6

• Know where the root is:


Either – Either – not both!not both!Either – Either – not both!not both!

ACN-390 Chapter 6

• Minimize the Number of Blocked Ports:• The only critical action that STP takes is the blocking of

ports. • A good way to limit the risk inherent in the use of STP is

to reduce the number of blocked ports as much as possible.

• In non-hierarchical networks you might need to tune the STP cost parameter to decide which ports to block.


ACN-391 Chapter 6

• Minimize the Number of Blocked Ports:• You do not need more than two redundant links between

two nodes in a switched network.


Know the location of redundant links Know the location of redundant links and which ports are blocked.and which ports are blocked.

Know the location of redundant links Know the location of redundant links and which ports are blocked.and which ports are blocked.

ACN-392 Chapter 6

• VTP or Manual Pruning:• Prune any VLAN that you do not need off your trunks.


ACN-393 Chapter 6

• Use Layer 3 Switching:• Layer 3 switching means routing approximately at the

speed of switching.


There is no speed penalty with theThere is no speed penalty with therouting hop and an additionalrouting hop and an additionalsegment between C1 and C2.segment between C1 and C2.

There is no speed penalty with theThere is no speed penalty with therouting hop and an additionalrouting hop and an additionalsegment between C1 and C2.segment between C1 and C2.

Core switch C1 and core switch C2Core switch C1 and core switch C2are Layer 3 switches so thereare Layer 3 switches so there

is no possibility for a loop.is no possibility for a loop.

Core switch C1 and core switch C2Core switch C1 and core switch C2are Layer 3 switches so thereare Layer 3 switches so there

is no possibility for a loop.is no possibility for a loop.

STP no longer blocks any single port.STP no longer blocks any single port.There is no potential for a bridging loop.There is no potential for a bridging loop.STP no longer blocks any single port.STP no longer blocks any single port.

There is no potential for a bridging loop.There is no potential for a bridging loop.

ACN-394 Chapter 6

• Final Points:


ACN-395 Chapter 6

• STP Failure:

Troubleshoot STP OperationTroubleshoot STP Operation

Fully converged.Fully converged.As long as S2 As long as S2

receives BPDUs receives BPDUs from S3, it will from S3, it will

block broadcasts.block broadcasts.

Fully converged.Fully converged.As long as S2 As long as S2

receives BPDUs receives BPDUs from S3, it will from S3, it will

block broadcasts.block broadcasts.For some reason, F0/3 on S2 fails to receive For some reason, F0/3 on S2 fails to receive BPDUs within the age time of 20 seconds.BPDUs within the age time of 20 seconds.

TRANSITIONS TO THE FORWARDING STATE.TRANSITIONS TO THE FORWARDING STATE.

For some reason, F0/3 on S2 fails to receive For some reason, F0/3 on S2 fails to receive BPDUs within the age time of 20 seconds.BPDUs within the age time of 20 seconds.

TRANSITIONS TO THE FORWARDING STATE.TRANSITIONS TO THE FORWARDING STATE.

BROADCAST STORM!BROADCAST STORM!BROADCAST STORM!BROADCAST STORM!

ACN-396 Chapter 6

• STP Failure:• Unfortunately, there is

no procedure to dealwith this type of failure.

• In-band access maynot be available duringa bridging loop…console access may be required.

• Before you can troubleshoot a bridging loop, you need to know how the network is set up when it works properly.• Topology of the bridge network.• Location of the root bridge.• Location of the blocked ports and the redundant links.


BROADCAST STORM!BROADCAST STORM!BROADCAST STORM!BROADCAST STORM!

ACN-397 Chapter 6

• PortFast Configuration Error:• Typically PortFast is enabled only for a port or interface

that connects to a host.• Do not use PortFast on switch ports or interfaces that

connect to other switches, hubs, or routers.• You may create a network loop.


ACN-398 Chapter 6


Do not use PortFast Do not use PortFast on switch ports or interfaces on switch ports or interfaces that connect to other switches, hubs, or routers.that connect to other switches, hubs, or routers.

You may create a network loopYou may create a network loop..

Do not use PortFast Do not use PortFast on switch ports or interfaces on switch ports or interfaces that connect to other switches, hubs, or routers.that connect to other switches, hubs, or routers.

You may create a network loopYou may create a network loop..

ACN-399 Chapter 6

• Network Diameter Issues:• The default values for the STP timers impose a maximum

network diameter of seven.• In other words, two distinct switches cannot be more than

seven hops away.• Part of this restriction comes from the age field that

BPDUs carry.• When a BPDU propagates from the root bridge toward

the leaves of the tree, the age field increments each time the BPDU goes though a switch.

• If the root is too far away from some switches of the network, BPDUs will be dropped.


ACN-400 Chapter 6


ACN-401 Chapter 6


Chapter 11

Inter-VLAN Routing

ACN-402 Chapter 6


Upon completion of this chapter, student should be able to understand the followings:

• What is Inter-VLAN Routing?• Types of Inter-VLAN Routing• Configuration of Inter-VLAN Routing

ACN-403 Chapter 6

• What is Inter-VLAN Routing?• Each VLAN is a unique broadcast domain.

• Computers on separate VLANs are, by default, not able to communicate.

• Each VLAN is a unique IP subnetwork.

• To allow VLANs to communicate, we need a router to communicate among separate broadcast domains and unique IP subnetworks.

• Inter-VLAN routing, then, is a process of forwarding traffic from one VLAN to another VLAN using a router.

Introducing Inter-VLAN RoutingIntroducing Inter-VLAN Routing

ACN-404 Chapter 6

• Methods:• Traditional Inter-VLAN Routing.• Router-on-a-stick Inter-VLAN Routing.• Switch Based Inter-VLAN Routing.


ACN-405 Chapter 6

• Traditional Inter-VLAN Routing:• One router interface per VLAN.


VLAN VLAN TaggedTaggedVLAN VLAN

TaggedTagged

Internally Routed to Internally Routed to the proper subnet.the proper subnet.Internally Routed to Internally Routed to the proper subnet.the proper subnet.

TagTagremovedremoved


ACN-406 Chapter 6

• Router-on-a-stick Inter-VLAN Routing:• One router interface for all VLANs.


VLAN VLAN TaggedTaggedVLAN VLAN

TaggedTagged

Internally Routed to Internally Routed to the proper subnet.the proper subnet.Internally Routed to Internally Routed to the proper subnet.the proper subnet.



ACN-407 Chapter 6

• Layer 3 Switch Inter-VLAN Routing:• Uses Switch Virtual Interfaces (SVI) to retag

the frame.


VLAN VLAN TaggedTagged

(10)(10)

VLAN VLAN TaggedTagged

(10)(10)



ACN-408 Chapter 6

• Traditional Inter-VLAN Routing:• Traditional routing requires routers to have multiple

physical interfaces to facilitate inter-VLAN routing. • Each interface is also configured with an IP address for

the subnet associated with the particular VLAN that it is connected to.

• In this configuration, network devices can use the router as a gateway to access the devices connected to the other VLANs.

Interfaces and SubinterfacesInterfaces and Subinterfaces

ACN-409 Chapter 6

Traditional Inter-VLAN RoutingTraditional Inter-VLAN RoutingTraditional Inter-VLAN RoutingTraditional Inter-VLAN Routing


TaggedTaggedVLAN 10VLAN 10TaggedTagged

VLAN 10VLAN 10TagTag

RemovedRemovedTagTag

RemovedRemoved

Router Router RespondsResponds

Router Router RespondsResponds

Routing table:Routing table:172.17.10.0 – F0/0172.17.10.0 – F0/0172.17.30.0 – F0/1172.17.30.0 – F0/1

Routing table:Routing table:172.17.10.0 – F0/0172.17.10.0 – F0/0172.17.30.0 – F0/1172.17.30.0 – F0/1

Router tagsRouter tagsthe framethe frame

for VLAN 30for VLAN 30And switches itAnd switches itto Port F0/1. to Port F0/1.

Router tagsRouter tagsthe framethe frame

for VLAN 30for VLAN 30And switches itAnd switches itto Port F0/1. to Port F0/1.

ACN-410 Chapter 6


Traditional Inter-VLAN RoutingTraditional Inter-VLAN RoutingTraditional Inter-VLAN RoutingTraditional Inter-VLAN Routing

ACN-411 Chapter 6

• Traditional Inter-VLAN Routing:• Traditional inter-VLAN

routing using physicalinterfaces does have alimitation.

• As the number of VLANsincreases on a network, thephysical approach of having one router interface per VLAN quickly becomes hindered by the physical hardware limitations of a router.

• Routers have a limited number of physical interfaces that they can use to connect to different VLANs.

• It is very expensive to add an Ethernet Interface.


ACN-412 Chapter 6


ACN-413 Chapter 6

• Router-on-a-stick Inter-VLAN Routing:• Subinterfaces:

• Overcomes the hardware limitation of a router. • Subinterfaces are software-based virtual interfaces

that are assigned to physical interfaces. • Each subinterface is configured with its own IP

address, subnet mask, and unique VLAN assignment.• Connected to a switch trunk link. • Functionally the same as using the traditional routing

model.


ACN-414 Chapter 6


Router-on-a-stick Inter-VLAN RoutingRouter-on-a-stick Inter-VLAN RoutingRouter-on-a-stick Inter-VLAN RoutingRouter-on-a-stick Inter-VLAN Routing




RemovedRemoved

Routing table:Routing table:172.17.10.0 – F0/0.10172.17.10.0 – F0/0.10172.17.30.0 – F0/0.30172.17.30.0 – F0/0.30

Routing table:Routing table:172.17.10.0 – F0/0.10172.17.10.0 – F0/0.10172.17.30.0 – F0/0.30172.17.30.0 – F0/0.30


VLAN 30VLAN 30

TagTagRemovedRemoved

TagTagRemovedRemovedTaggedTagged

VLAN 30VLAN 30TaggedTagged



RemovedRemoved

ACN-415 Chapter 6

• Router-on-a-stick Inter-VLAN Routing:• Configuring Subinterfaces:

• Similar to configuring physical interfaces.• Create the subinterface.• Assign it to a VLAN.• Assign an IP Address.• Enable the interface.


ACN-416 Chapter 6

• Router-on-a-stick Inter-VLAN Routing:• Create the subinterface:

• The syntax for the subinterface is always the physical interface, followed by a period and a subinterface number.

• The subinterface number is configurable, but it is typically associated to reflect the VLAN number.

R1(config)#interface [interface].nn

NOTE: The management VLAN must also be configured if you wish to use it on multiple switches that are not directly connected by trunk links.


ACN-417 Chapter 6

• Router-on-a-stick Inter-VLAN Routing:• Assign it to a VLAN:

• Before assigning an IP Address, the interface must to be configured to operate on a specific VLAN using the proper encapsulation.

R1(config-subif)#encapsulation dot1q vlan-id


ACN-418 Chapter 6

• Router-on-a-stick Inter-VLAN Routing:• Assign an IP Address:

• The IP Address assigned here will become the default gateway for that VLAN.

R1(config-subif)#ip address [address] [mask]


ACN-419 Chapter 6

• Router-on-a-stick Inter-VLAN Routing:• Enable the interface:

• Subinterfaces are not enabled individually.• When the physical interface is enabled, all associated

subinterfaces are enabled.

R1(config-if)#no shutdown


ACN-420 Chapter 6



VLAN 10VLAN 10VLAN 10VLAN 10VLAN 10VLAN 10VLAN 10VLAN 10

VLAN 30VLAN 30VLAN 30VLAN 30



Enable InterfacesEnable InterfacesEnable InterfacesEnable Interfaces

ACN-421 Chapter 6



Planning!Planning!Planning!Planning!

ACN-422 Chapter 6

• Router Interface and Subinterface Comparison:


ACN-423 Chapter 6

Inter-VLAN RoutingInter-VLAN Routing

Configuring Inter-VLAN RoutingConfiguring Inter-VLAN Routing(Putting It All Together)(Putting It All Together)

ACN-424 Chapter 6

• Traditional Inter-VLAN Routing:

Configuring Inter-VLAN RoutingConfiguring Inter-VLAN Routing

ACN-425 Chapter 6



ACN-426 Chapter 6



ACN-427 Chapter 6

• Router-on-a-stick Inter-VLAN Routing:


VLANsVLANsVLANsVLANs

TrunkTrunkTrunkTrunk

InterfacesInterfacesInterfacesInterfaces

VLANsVLANsVLANsVLANs

Trunk in Trunk in Native VLANNative VLAN

Trunk in Trunk in Native VLANNative VLAN

ACN-428 Chapter 6

• Router-on-a-stick Inter-VLAN Routing:




Enable All Enable All SubinterfacesSubinterfaces

Enable All Enable All SubinterfacesSubinterfaces

ACN-429 Chapter 6

Inter-VLAN RoutingInter-VLAN Routing

Troubleshooting Inter-VLAN RoutingTroubleshooting Inter-VLAN Routing

ACN-430 Chapter 6

• Switch Configuration Issues:VLAN 30 is working but VLAN 10 VLAN 30 is working but VLAN 10

cannot communicate with the cannot communicate with the router or VLAN 30.router or VLAN 30.

VLAN 30 is working but VLAN 10 VLAN 30 is working but VLAN 10 cannot communicate with the cannot communicate with the

router or VLAN 30.router or VLAN 30.


Interface F0/4 is still in Interface F0/4 is still in the default VLAN.the default VLAN.


switchport access vlan 10switchport access vlan 10switchport access vlan 10switchport access vlan 10

ACN-431 Chapter 6

• Switch Configuration Issues:


Each of the configured Each of the configured subinterfaces is unable to subinterfaces is unable to

send or receive VLAN traffic.send or receive VLAN traffic.

Each of the configured Each of the configured subinterfaces is unable to subinterfaces is unable to

send or receive VLAN traffic.send or receive VLAN traffic.



switchport mode trunkswitchport mode trunkswitchport mode trunkswitchport mode trunk

ACN-432 Chapter 6

• Router Configuration Issues:


PC1 cannot communicate with the PC1 cannot communicate with the router interface and the router router interface and the router

cannot route to VLAN 30.cannot route to VLAN 30.



Switch port F0/4 is Switch port F0/4 is for VLAN 10.for VLAN 10.

Switch port F0/4 is Switch port F0/4 is for VLAN 10.for VLAN 10.

Move the cable from F0/9 to F0/4.Move the cable from F0/9 to F0/4.Move the cable from F0/9 to F0/4.Move the cable from F0/9 to F0/4.

One of the most common One of the most common mistakes in Inter-VLAN routing.mistakes in Inter-VLAN routing.

One of the most common One of the most common mistakes in Inter-VLAN routing.mistakes in Inter-VLAN routing.

Move the cable from F0/9 to F0/4.Move the cable from F0/9 to F0/4.Move the cable from F0/9 to F0/4.Move the cable from F0/9 to F0/4.

ACN-433 Chapter 6

• Router Configuration Issues:

Configuring Inter-VLAN RoutingConfiguring Inter-VLAN RoutingPC1 cannot communicate with the PC1 cannot communicate with the

router interface and the router router interface and the router cannot route to VLAN 30.cannot route to VLAN 30.



ACN-434 Chapter 6

• IP Addressing Issues:


Incorrect IP address for Incorrect IP address for subnet 172.16.10.0/24.subnet 172.16.10.0/24.Incorrect IP address for Incorrect IP address for subnet 172.16.10.0/24.subnet 172.16.10.0/24.

Incorrect IP address for Incorrect IP address for subnet 172.16.10.0/24.subnet 172.16.10.0/24.Incorrect IP address for Incorrect IP address for subnet 172.16.10.0/24.subnet 172.16.10.0/24.Incorrect subnet mask for Incorrect subnet mask for subnet 172.16.10.0/24.subnet 172.16.10.0/24.

Incorrect subnet mask for Incorrect subnet mask for subnet 172.16.10.0/24.subnet 172.16.10.0/24.

PC1 cannot communicate.PC1 cannot communicate.PC1 cannot communicate.PC1 cannot communicate.

Ccna 3

Documents

s1configure

virtual terminal

trouble avoidance

design considerations

mac address

switched lan

controlling

data servers