Switching Flashcards
Features of access layer switches
Port security VLANs Fast/gigabit Ethernet PoE Link aggregation QoS
Features of distribution layer and core switches
Layer 3 support High forwarding rate Gigabit/10 gigabit Ethernet Redundant components Security policies/ACLs Link aggregation QoS
5 basic LAN switch functions
Learning Aging Flooding Selective forwarding Filtering
Data VLAN
Configured to carry only user-generated traffic, ensuring that voice and management traffic is separated from data traffic
Default VLAN
All the ports on a switch are members of the default VLAN when the switch is reset to defaults. The default VLAN for Cisco is VLAN 1.
It is best practice to restrict VLAN 1 to serve as a conduit only for layer 2 control traffic (CDP, VTP, etc.) and no other traffic
Black hole VLAN
Security best practice is to define a black hole VLAN to be a dummy VLAN distinct from all other VLANs defined in the LAN. All unused switch ports are assigned to the black hole VLAN
management VLAN
a VLAN defined by the network admin as a means to access the management capabilities of the switch
voice VLAN
separates voice traffic from data traffic
how are VLANs identified?
IEEE 802.1q frame tagging
VTP
cisco’s VLAN trunking protol
-layer 2 messaging protocol that maintains VLAN config consistency by managing the additions, deletions, and name changes of VLANs across networks
-VTP domain boundaries are by created by routers or layer 3 switches
3 VTP device modes
Server-where VLANs are created, deleted, or renamed and changes advertised
client-receives config from server, can’t create its own
transparent-doesn’t participate, simply forwards VTP messages
STP
Spanning Tree Protocol
IEEE 802.1D
creates a tree that ensures there is only one one to each network segment at any one time.
If any segment experiences a disruption in connectivity, STP rebuilds a new tree by activating the previously inactive, but redundant, path.
BPDU
bridge protocol data unit
-message format used by STP
BID
bridge ID
unique to each switch and contains a priority
root bridge
bridge with lowest priority number
troubleshooting STP
1) determine root switch
2) for each non root switch, determine its root port and cost to reach the root switch thru that port
3) for each segment, determine the designated port and the cost advertised by the DB of that segment
configure VLAN in global config mode
VLAN vlan-id name vlan-name
apply to interface
common VLAN errors
- native VLAN mismatches
- trunk mode mismatches
- VLANs and IP Subnets
- allowed VLANs on trunks
VTP troubleshooting step 1
- confirm switch names, topology, and VTP modes
- identify sets of 2 neighbor switches that should be either VTP clients or servers or VLAN databases differ
- on those switches verify trunk between them, same VTP domain, same VTP password
- fix configuration issues
reasons for VLANs
- grouping users by department instead of physical location
- segmenting devices into smaller LANs to reduce processing overhead for all devices on the LAN
- reducing the workload of STP by limiting a VLAN to a single switch
- enforcing better security by isolating sensitive data to separate VLANs
- separating IP voice form IP data
data VLAN
configure to carry only user-generated traffic, ensuring that voice and management traffic separated from data traffic
default VLAN
all the ports on a switch are members of the default VLAN when the switch is reset to defaults
the default VLAN for cisco is VLAN 1.
It is best practice to restrict VLAN 1 to serve as a conduit only for layer 2 control traffic (CDP, VTP, etc.) and no other traffic
black hole VLAN
security best practice is to define a black hole VLAN to be a dummy VLAN distinct from all other VLANs established in the LAN.
all unused switch ports are assigned to the black VLAN
How often are VTP advertisements sent?
5 mins
When viewing the show interface output on a catalyst switch, you notice a large number of runts, what could this indicate?
There is a possible problem with the duplex settings of the port
A catalyst switch is running the default STP type. What type of STP is this?
PVST+
All possible switch port modes for DTP
Trunk, access, dynamic desirable, dynamic-auto, no-negotiate
Which protocol allows switches running RSTP to configure a group of VLANs into a single instance of STP?
MSTP
multiple spanning tree protocol
Where do you want the root bridge to ideally be located?
At the center of the network in order to reduce STP convergence times
Changing the default priority of the switch is the best way to accomplish this
Designing switched network for fast STP convergence
Use hierarchal design, make core switch the root bridge
Portfast
Used to make a switch port move directly to forwarding mode. Usually used for ports with servers that can’t experience downtime during convergence
BPDU gaurd
Puts a switch port into an error disabled state if it receives a BPDU with port fast enabled. This prevents you from plugging a switch or hub into a port fast port and creating a loop
BPDUfilter
Immediately takes a port out of port fast mode if a BPDU is received, leaves the port up unlike BPDUGuard
Command to see how many VLANs a switch will support
Show VTP status
How to configure voice VLAN
Use mls qos command to set quality of service
Set qos trust settings for port
Switch port voice VLAN dot1p
switchport dynamic desirable mode
Triggers the port to negotiate the link from nontrunk to trunk mode. The port negotiates to a trunk port if the connected device is in trunk state, desirable state, or auto state. Otherwise, the port becomes a nontrunk port.
switchport dynamic auto mode
Enables a port to become a trunk only if the connected device has the state set to trunk or desirable. Otherwise, the port becomes a nontrunk port.
command to determine current dtp mode
show dtp interface
which command is used to verify trunk establishment?
show interfaces trunk
PVST+
a Cisco enhancement of STP that provides a separate 802.1D spanning-tree instance for each VLAN that is configured in the network.
RSTP
802.1w
an evolution of STP that provides faster STP convergence. This version addresses many convergence issues but, because it still provides a single instance of STP, it does not address the suboptimal traffic flow issues
Rapid PVST+
a Cisco enhancement of RSTP that uses PVST+. It provides a separate instance of 802.1w per VLAN.
MSTP
MSTP is an IEEE standard inspired by the earlier Cisco proprietary MISTP implementation. To reduce the number of required STP instances, MSTP maps multiple VLANs that have the same traffic flow requirements into the same spanning-tree instance
What is the default spanning tree mode on Catalyst switches?
PVST+
command to configure switch as root for a specific vlan
spanning-tree vlan# root primary
command to configure switch as secondary root for specific vlan
spanning-tree vlan# root secondary
command to set the spanning-tree type or mode on a switch
spanning-tree mode *modetype
stages a switchport goes through before forwarding (spanning-tree)
blocking
listening
learning
forwarding
commands to configure portfast as default on all on trunk ports and enable BPDU gaurd on all ports
SwitchX(config)# spanning-tree portfast bpduguard default
SwitchX(config)# spanning-tree portfast default
PAgP
Port Aggregation Protocol. A Cisco proprietary protocol that enables ports with similar characteristics to form an EtherChannel through dynamic negotiation with adjoining switches
LACP
Link Aggregation Control Protocol. An IEEE standard (802.3ad) that enables ports with similar characteristics to form an EtherChannel through dynamic negotiation with adjoining switches
command to form an etherchannel
channel-group channel-group-number mode { active | on | auto | desirable | passive }
PAgP modes
auto
desirable
LACP modes
Active
Passive
how to modify port settings for an ether channel
use etherchannel config mode, not individual interface config mode
ie interface port-channel 1
command to display detailed info about port channel
show etherchannel port-channel
STP cost of 10 Mb/s link
100
STP cost of 100 Mb/s link
19
STP cost of 1000 Mb/s link
4
STP cost of 10,000 Mb/s link
2
