CCNA Study Guide

This Blog highlights CCNA study materials for those pursuing the CCNA EXAM 640-801.It is a must read for those going for the exam and need last minute total recall.

Click Here for CCNA exams qns!

Wednesday, May 24, 2006

Request Information

Powered by

Saturday, May 20, 2006

Best CCNA exam resources: -Best resource so far(email me at for more details)

Tuesday, April 04, 2006

Configuring VLANs

Before you begin creating VLANs, you should determine whether the switch will participate in a VTP domain that will synchronize VLAN configuration with the rest of the network. You must also enable a trunk connection if you want to use VLANs across multiple switches.

The steps to configure a VLAN are:
  1. Enable VTP (optional)
  2. Enable Trunking (optional)
  3. Create VLANs
  4. Assign VLANs to ports
Verifying VLANs
  • Verifying the VLAN Configuration
  • Verifying VLAN Membership
  • Prevent VLANs from Crossing a Trunk Link
  • Prevent Individual VLANs from Crossing a Trunk Link
  • Verifying Trunk Links
  • Verifying VTP Information
  • Enabling VTP Pruning
Enable VTP

When adding a new switch to an existing domain, it is a good idea to add it in VTP client mode. This will prevent the switch from propagating any incorrect VLAN information to other switches. In this example we will setup a new VTP domain and place the switch into server mode. The password puts VTP into secure mode. Every switch in the management domain must have a password assigned to it for the management domain to function properly in secure mode.

   Switch1#configure terminal
Enter configuration commands, one per line. End with CNTL/Z
Switch1(config)#vtp server
Switch1(config)#vtp domain ciscotest
Switch1(config)#vtp password ccna
Enable Trunking

The next step is to create a trunk connection with the other switches that will be sharing VLAN information. To enable trunking on a port, enter interface configuration mode for the desired port, and then use the trunk command with the appropriate option:

   Switch1#configure terminal
Switch1(config)#interface f 0/26
Switch1(config-if)#trunk on
trunk Command Options
Option Function
on Puts the port into permanent trunking mode and negotiates to convert the link into a trunk link. The port becomes a trunk port even if the neighboring port does not agree to the change.
off Puts the port into permanent nontrunking mode and negotiates to convert the link into a nontrunk link. The port becomes a nontrunk port even if the neighboring port does not agree to the change.
desirable Makes the port actively attempt to convert the link to a trunk link. The port becomes a trunk port if the neighboring port is set to on, desirable, or auto mode.
auto Makes the port willing to convert the link to a trunk link. The port becomes a trunk port if the neighboring port is set to on or desirable mode. This is the default mode.
negotiate Puts the port into permanent trunking mode but prevents the port from generating DTP frames. You must configure the neighboring port manually as a trunk port to establish a trunk link.

Create VLANs

To create a VLAN, enter global configuration mode and use the vlan command with the VLAN identifier (1-1005) and its name.

   Switch1#configure terminal
Switch1(config)#vlan 5 name accounting
Switch1(config)#vlan 6 name management
Assign VLANs to Ports

Now that the VLAN has been created, you can statically assign which ports will be members of the VLAN. A port can only belong to one VLAN at a time and by default, all ports are members of VLAN 1. To assign a VLAN to a port, enter interface configuration mode for the port and use the vlan-membership command.

   Switch1#configure terminal
Switch1(config)#interface e0/4
Switch1(config-if)#vlan-membership static 5
Switch1(config)#interface e0/5
Switch1(config-if)#vlan-membership static 5
Switch1(config)#interface e0/6
Switch1(config-if)#vlan-membership static 6
Verifying the VLAN Configuration

To view the VLANs configured on the switch, use the show vlan command.

Switch1#show vlan

VLAN Name Status Ports
1 default Enabled 1-3, 7-24, AUI, A, B
5 accounting Enabled 4, 5
6 management Enabled 6

Optionally you can view an individual VLAN to see how it's configured by using the show vlan [#] command.

Switch1#show vlan 5

VLAN Name Status Ports
5 accounting Enabled 2

VLAN Type SAID MTU Parent RingNo BridgeNo Stp Trans1 Trans2
5 Ethernet 100005 1500 0 1 1 Unkn 0 0
Verifying VLAN Membership

To view which ports are assigned to a VLAN, use the following command:

   Switch1#show vlan-membership
Port VLAN Membership
1 1 Static
2 1 Static
3 1 Static
4 5 Static
5 5 Static
6 6 Static
7 1 Static
8 1 Static
[Output Cut]
Prevent VLANs from Crossing a Trunk

All VLANs are configured on a trunked link unless you clear it manually. Use the following command if you don't want a trunk to carry VLAN information:

   Switch1(config)#int f0/26
Switch1(config-if)#clear trunk
Prevent Individual VLANs from Crossing a Trunk Link

You can clear individual VLANs from crossing a trunk link by using the following command:

   Switch1(config)#int f0/26
Switch1(config-if)#no trunk-vlan 5
Verifying Trunk Link

To verify a trunk port use the show trunk [a|b] command. The a is for port f0/26 while b represents f0/27.

   Switch1#show trunk a
DISL state: Auto, Trunking: On, Encapsulation type:ISL

Switch1#show trunk allowed-vlans
1-4, 6-1004
Verifying VTP Information

After VTP has been enabled and configured, you can view the configuration with the following command:

   Switch1#show vtp
VTP Version : 2
Configuration Revision : 2
Maximum VLANs supported locally : 1005
Number of existing VLANs : 2
VTP Operating Mode : Server
VTP Password : ccna
VTP Domain Name : ciscotest
VTP Pruning Mode : Disabled
VTP V2 Mode : Disabled
VTP Traps Generation : Enabled
MD5 digest : 0xB9 0xC7 0x8D 0xB3 0xD4 0xBA 0x94 0x03
Configuration last modified by at 7-25-01 01:22:24
Enabling VTP Pruning

If you enable VTP pruning on a VTP server, you will enable it for the entire domain. Enable VTP pruning with the following command:

   Switch1(config)#vtp pruning enable
Disable VTP pruning with:
   Switch1(config)#vtp pruning disable

Virtual Local Area Networks

A virtual LAN (VLAN) is a group of hosts or network devices, such as routers (running transparent bridging) and bridges, that forms a single bridging domain. There can be several VLANs defined on a single switch. A VLAN can also span multiple switches. Using layer 2 protocols such as IEEE 802.1q and ISL (Inter-Switch Link) allow a VLAN to span across multiple switches. VLANs are formed to group related users together regardless of the physical connections of their hosts to the network. The users can be spread across a campus network or even across geographically isolated locations. Users can be organized into separate VLANs according to their department, location, function, application, address (logical or physical), or protocol used. The goal with VLANs is to group users into separate VLANs so their traffic will stay within the VLAN. When you configure VLANs, the network can take advantage of the following benefits:

Benefits of using VLANs
  • Broadcast Control - Just as switches physically isolate collision domains for attached hosts and only forward traffic out a particular port, VLANs refine this concept further and provide complete isolation between VLANs. A VLAN is a bridging domain, and all broadcast and multicast traffic is contained within it.
  • Security - VLANs provide security in two ways:
    • High-security users can be grouped into a VLAN, possibly on the same physical segment, and no users outside of that VLAN can communicate with them.
    • Because VLANs are logical groups that behave like physically separate entities, inter-VLAN communication can only be achieved through a router. When inter-VLAN communication occurs through a router, all the security and filtering functionality that routers traditionally provide can be used. In the case of nonroutable protocols, there can be no inter-VLAN communication. All communication must occur within the same VLAN.
  • Performance - You can isolate users that require high performance networks for bandwidth intensive projects, VLANs can isolate them and the rest of the network from each other.
  • Network Management - Software on the switch allows you to assign users to VLANs and, later, reassign them to another VLAN. Recabling to change connectivity is no longer necessary in the switched LAN environment because network management tools allow you to reconfigure the LAN logically in seconds.

Routers by default only send broadcasts within the originating network, but switches forward them to all segments. This is known as a flat network because it's one big broadcast domain. Switches and VLANs are used to replace the flat network. All members of a VLAN are in the same broadcast domain and receive all broadcasts. By default the broadcasts are filtered from all ports on a switch that aren't in the same VLAN. Routers, layer 3 switches, or Route Switch Modules (RSM) must be used in conjunction with switches to provide connections between networks (VLANs), which can stop broadcasts from propagating throughout the entire internetwork.

VLAN Organizations

A traditional collapsed backbone consists of a router with separate networks attached to its interfaces. Each node attached to the physical network need to have the same network number in order to communicate on the internetwork. On switches you can group users into communities of interest called VLAN Organizations. In a VLAN, network nodes of each VLAN can communicate with other nodes in the same VLAN, the nodes in one VLAN need to go through a router or other layer 3 device in order to communicate with other VLANs.

VLAN Memberships

VLANs are usually created by administrators who assign switch ports to VLANs. These are called static VLANs. Dynamic VLANs are configured by assigning all the host devices' hardware addresses into a database.

Static VLAN

Static VLANs are the typical method of creating VLANs and are the most secure. The switch port you assign a VLAN association to always maintains that association until an administrator changes the port assignment.

Dynamic VLAN

Dynamic VLANs determine a node's VLAN assignment automatically. Using intelligent management software, you can enable MAC addresses, protocols, or even applications to create dynamic VLANs. For example, if the MAC address is in a centralized database, and if it connects to a switch port, the VLAN management database can lookup the address and configure the port for the correct VLAN. If the user moves, the switch will automatically assign them to their correct VLAN.

Links in a Switched Environment

VLANs can span multiple connected switches by using frame tagging and trunk connections. Switches in the switch fabric must keep track of frames and which VLAN the frame belongs to. Frame tagging performs this function. Switches can then direct frames to the appropriate port.

Frame Tagging

Switches use frame tagging to keep track of users and frames as they travel the switch fabric and VLANs. Switch fabric is a group of connected switches. Frame tagging assigns a unique user-defined ID to each frame, also called VLAN ID or color. Frame tagging is to be used when an Ethernet frame traverses a trunked link. Each switch the frame traverses must identify the VLAN ID and then determine what to do with the frame based on its filter table. Once the frame reaches the exit to the access link, the VLAN ID is removed and the end device receives the frame without having to understand the VLAN ID. A VLAN interface can have only one VLAN ID, and VLAN trunk interfaces support multiple VLANs across them.

There are two types of links:
Access Links

Links that are only part of one VLAN are referred to as the native VLAN of the port. Any device attached to an access link is unaware of a VLAN membership. This device just assumes that it is part of a broadcast domain, without any understanding of the physical network. Switches remove any VLAN information before it is sent to an access link device. Access link devices can't communicate with any devices outside their VLAN without a router or layer 3 device.

Trunk Links

Trunks can carry multiple VLANs and are used to connect switches to other switches, to routers, or servers. Trunk links are only supported on Fast or Gigabit Ethernet (100 or 1000Mbps). Cisco switches support two ways to identify which VLAN a frame belongs to: ISL and 802.1q. If no trunk encapsulation type is specified when configuring an Ethernet trunk, ISL is used as the default. Trunk links have a native or default VLAN that is used if the trunk link fails. Trunked links carry the traffic of multiple VLANs from 1 to 1005 at a time. Trunking allows you to make a single port a part of multiple VLANs, so you can be in more than one broadcast domain at a time. When connecting switches together, trunk links can carry some or all VLAN information across the link. If you don't trunk the links then the switch will only carry VLAN 1 information across the link. Cisco switches use the Dynamic Trunking Protocol (DTP) to manage trunks. DTP is a PPP that was created to send trunk information across 802.1q trunks.

Trunking Methods
  • Inter-Switch Link - ISL is a Cisco proprietary protocol for interconnecting multiple switches and maintaining VLAN information as traffic goes between switches. ISL is similar to 802.10 as they both multiplex bridge groups over a high-speed backbone (ISL runs only on Fast Ethernet). With ISL, an Ethernet frame is encapsulated with a header that maintains VLAN IDs between switches. A 26-byte header that contains a 10-bit VLAN ID is prepended to the Ethernet frame. A VLAN ID is added to the frame only when the frame is destined for a non-local network. Since the frame is encapsulated, only devices running ISL can read it. If you need a protocol for other than Cisco Switches use 802.1q. ISL frames can be up to 1522 bytes long. On multi-VLAN ports, each frame is tagged as it enters the switch. ISL NICs allow servers to send and receive frames tagged with multiple VLANs so the frames can traverse multiple VLANs without going through a router. The ISL protocol can allow a file server to exist in multiple VLANs at the same time. Note that ISL encapsulation is only added to frames that are forwarded on a trunk link, and when they arrive at the access link the encapsulation is removed and the frame is delivered.
  • IEEE 802.1q - Created by the IEEE as a standard method of frame tagging. It actually inserts a field into the frame to identify the VLAN. If you are trunking between a Cisco switch and a non-Cisco switch, you will need to use 802.1q for the trunk to work.
  • IEEE 802.10 - Defines a method for securing bridging of data across a shared MAN (Metropolitan Area Network) backbone. The coloring (VLAN ID) of traffic across the FDDI backbone is achieved by inserting a 16-byte header between the source MAC and the Link Service Access Point (LSAP) of frames leaving a switch. This header contains the 4-byte VLAN ID or "color". The receiving switch removes the header and forwards the frame to interfaces that match the VLAN color.

Communicating between VLANs

To communicate between VLANs you need to have a router with an interface for each VLAN or a router that supports ISL routing. The lowest Cisco router that supports ISL routing is the 2600 series. If you're using a router with one interface and ISL, the interface should be at least 100Mbps (Fast Ethernet).

VLAN Trunking Protocol (VTP)

VTP is a protocol used between switches to simplify the management of VLANs. With VTP, you can make configuration changes centrally on a single Catalyst series switch and have those changes automatically communicated to all the other switches in the network.

VTP is a Layer 2 messaging protocol that maintains VLAN configuration consistency by managing the addition, deletion, and renaming of VLANs on a network-wide basis. VTP minimizes misconfigurations and configuration inconsistencies that can result in a number of problems, such as duplicate VLAN names, incorrect VLAN-type specifications, and security violations.

Developed by Cisco, it is the industry's first protocol implementation specifically designed for large VLAN deployments. VTP enhances VLAN deployment by providing the following:

  • Integration of ISL, 802.10, and ATM LAN-based VLANs.
  • Auto-intelligence within the switches for configuring VLANs.
  • Configuration consistency across the network.
  • An auto-mapping scheme for going across mixed-media backbones.
  • Accurate tracking and monitoring of VLANs.
  • Dynamic reporting of added VLANs across the network.
  • Plug-and-Play setup and configuration when adding new VLANs.

To allow VTP to manage your VLANs across the network, you must first create a VTP server. All servers that need to share VLAN information must use the same domain name, and a switch can only be in one domain at a time. If all your switches are in the same VLAN then you don't need to use VTP. VTP information is sent via a trunk port. Switches advertise VTP management domain information, as well as configuration revision number and all known VLANs with any specific parameters. Switches detect the additional VLANs within a VTP advertisement and then prepare to receive information on their trunk ports. The information would be VLAN ID, 802.10 SAID fields, or LANE information. Updates are sent out as revision numbers that are notification +1. Anytime a switch sees a higher revision number, it knows the information is newer and overwrites the database with the newer one.

Three modes of operation within a VTP
  • Server - Default mode for all catalyst switches. You need at least one to propagate VLAN data throughout the domain. The switch must be in server mode to create, add, or delete VLANs in a VTP domain. Any changes made while in server mode will be advertised to the entire VTP domain. Advertisements are sent every 5 minutes or whenever there is a change.
  • Client - Receives information from VTP servers and sends and receives updates, but can't make any changes. To add a switch to a VLAN, first make it a client to update the database, then change it to a server to make the changes and have them advertised or alternatively delete the VTP database with the delete vtp privileged EXEC mode command.
  • Transparent - Doesn't participate in the VTP domain, but will still forward VTP advertisements through the configured trunk links. Can add and create VLANs as it doesn't share its database with any other switch and changes made to its database are only considered locally significant.
VTP Advertisements

Each switch in the VTP domain sends periodic advertisements out each trunk port to a reserved multicast address. VTP advertisements are received by neighboring switches, which update their VTP and VLAN configurations as necessary.

The following global configuration information is distributed in VTP advertisements:

  • VLAN IDs (ISL and 802.1Q)
  • Emulated LAN names (for ATM LANE)
  • 802.10 SAID values (FDDI)
  • VTP domain name
  • VTP configuration revision number
  • VLAN configuration, including maximum transmission unit (MTU) size for each VLAN
  • Frame format
VTP Pruning

VTP pruning enhances network bandwidth use by reducing unnecessary flooded traffic, such as broadcast, multicast, unknown, and flooded unicast packets. VTP pruning increases available bandwidth by restricting flooded traffic to those trunk links that the traffic must use to access the appropriate network devices. By default, VTP pruning is disabled. VTP pruning only sends broadcasts to trunk links that must have the information. Enabling VTP pruning on a VTP server enables pruning for the entire management domain. VTP pruning takes effect several seconds after you enable it. By default, VLANs 2 through 1000 are pruning-eligible. VTP pruning does not prune traffic from VLANs that are pruning-ineligible. VLAN 1 is always pruning-ineligible; traffic from VLAN 1 cannot be pruned. VLAN 1 can never prune because it is an administrative VLAN.

Configuring a Catalyst 1900 Switch

This page covers configuring a Cisco Catalyst 1900 Switch from the command line interface. This is the method that is tested on the CCNA 2.0 test, but you should know that you can also configure the switch from a Menu (runs on the command line) or you can use the Web interface (set the IP address on the Switch and enter the IP address in a web browser on a client to access the Switch's configuration web pages).

Setting Hostname, IP Address, and DFGW

You set these items the same way as for a router. The exception is that the IP address is for the entire device as opposed to a router, which has addresses for each interface. You should also know that you can telnet to a switch but you can't telnet from it.

   > enable
# conf t
Enter configuration commands, one per line. End with CNTL/Z.
(config)# hostname Switch1
Swicth1(config)# ip address
Switch1(config)# ip default-gateway
Switch1(config)# ip domain-name

Viewing the IP Information

Use the show ip user Exec command to display global Internet Protocol (IP) configuration information.
   Switch1# show ip

IP Address:
Subnet Mask:
Default Gateway:
Management VLAN: 1
Domain name:
Name server 1:
Name server 2:
HTTP server :Enabled
HTTP port : 80
RIP :Enabled

Setting Passwords

Use the enable password <1-15> <password> global configuration command to set unencrypted user Exec or privileged Exec passwords. Level 1-14 is for user Exec privileges while Level 15 is for privileged Exec privileges. The Password is a noncase-sensitive string of between 4 and 8 characters, spaces, and punctuation (except double quotes). Password strings with blank spaces must be enclosed in double quotes.

   Switch1(config)# enable password level 1 "CcNa 2.0"
Switch1(config)# enable password level 15 CiScO123
Enable Secret Password

Use the enable secret global configuration command to set encrypted user Exec or privileged Exec passwords. The enable secret password is used in place of the enable password if it is set since the enable secret password is encrypted and therefore more secure.

   Switch1(config)# enable secret PaSs&oRd


Use the interface type slot/port global configuration command to choose an interface type and to enter interface configuration mode.

   Switch1(config)# interface ethernet 0/5
Setting the Interface Description

While in interface configuration mode you can use the description string command to set a description for an interface. The description can be from 1 to 80 alphanumeric characters. Use double quotes to enclose strings with spaces.

   Switch1(config-if)# description "Marketing VLAN"
Set the Port's Duplex

Use the duplex {auto | full | full-flow-control | half} interface configuration command to enable duplex mode for an interface.

Syntax Description:
auto Auto-negotiation of duplex mode.
full Full-duplex mode.
full-flow-control Force full-duplex mode with flow control.
half Half-duplex mode.

   Switch1(config-if)# duplex full

Show Version

This example shows how to display the switch hardware and firmware versions accessible from privileged Exec mode for the Catalyst 1900 switch.

   Switch1# show version

Cisco Catalyst 1900/2820 Enterprise Edition Software
Version V9.00.00(12)
Copyright (c) Cisco Systems, Inc. 1993-1999
Switch1 uptime is 2day(s) 22hour(s) 50minute(s) 21second(s)
cisco Catalyst 1900 (486sxl) processor with 2048K/1024K bytes of memory
Hardware board revision is 1
Upgrade Status: No upgrade currently in progress.
Config File Status: No configuration upload/download is in progress
27 Fixed Ethernet/IEEE 802.3 interface(s)
Base Ethernet Address: 00-E0-1E-7E-BE-80

MAC Address Tables

Since layer 2 switches use MAC addresses to filter network traffic, it stands to reason that you can control MAC related functions. A Catalyst 1900 switch can store up to 1024 MAC addresses in its filter table. When the filter table is full, the switch will flood the network with all new incoming frames until one of the existing addresses in the table expires and is removed. To view the table of MAC addresses, use the following command:

   Switch1#show mac-address-table

Number of permanent addresses :0
Number of restricted static addresses :0
Number of dynamic addresses :9

Address Dest Interface Type Source Interface List
00D0.5868.F583 FastEthernet 2 Dynamic All
00E0.1E74.6ADA FastEthernet 1 Dynamic All
00E0.1E74.6AC0 FastEthernet 1 Dynamic All
0060.47D5.2770 FastEthernet 2 Dynamic All
00D0.5868.F580 FastEthernet 2 Dynamic All
00D0.5868.C8C0 FastEthernet 2 Dynamic All
00D0.5868.EF00 FastEthernet 2 Dynamic All
00E0.1E74.6080 FastEthernet 2 Dynamic All
00D0.C0F5.5B80 FastEthernet 2 Dynamic All
Clearing the MAC Address Table

If clear mac-address-table is invoked with no options, all dynamic addresses are removed. If you specify an address but do not specify an interface, the address is deleted from all interfaces. If you specify an interface but do not specify an address, all addresses on the specified interface are removed.

   Switch1#clear mac-address-table
Setting Static MAC Addresses

Use the mac-address-table restricted static global configuration command to associate a restricted static address with a particular switched port interface (specified as type module/port). Use the no mac-address-table restricted static command to delete a restricted static address.

The following example shows how to configure a packet with MAC address of 0040.C80A.2F07 to come in on either Ethernet interface 1 or Ethernet interface 2 and be forwarded to the Fast Ethernet interface 27.

   Switch1(config)#mac-address-table restricted static 0040.C80A.2F07 f0/27 e0/1 e0/2
Setting Permanent MAC Addresses

Use the mac-address-table permanent global configuration command to associate a permanent unicast or multicast MAC address with a particular switched port interface (specified by type and module/port). Use the no mac-address-table permanent command to delete a permanent MAC address. This example shows how to specify that packets with the multicast destination address 0140.C80A.2F07 should be forwarded on the Fast Ethernet interface 27.

   Switch1(config)# mac-address-table permanent 0140.C80A.2F07 fastethernet 0/27
Using Port Security

Use the port secure interface configuration command to enable addressing security. Use the no port secure command to disable addressing security or to set the maximum number of addresses allowed on the interface to the default value. The default is 132, but can be from 1 to 132. The following example shows how to set the maximum MAC address count to 100 on the ethernet slot 0 port four interface.

   Switch# conf t
Switch1(config)# interface ethernet 0/4
Switch1(config-if)# port secure max-mac-count 100

Upgrading/ Restoring the IOS for a Catalyst 1900

You can upgrade or restore the IOS, but you can't back it up on Catalyst 1900 switches. To copy an IOS from a TFTP host use the following command.

   copy tftp://tftp_host's_address/IOS_filename opcode
   Switch1#copy tftp:// opcode

Backing Up and Restoring the Catalyst 1900's Configuration

The configuration file is called nvram on a 1900 switch. To copy the file to a TFTP host, use the following command:

   copy nvram tftp://tftp_host's_address/config_name
   Switch1#copy nvram tftp://
To restore the file from a TFTP host to the switch, use the following command:

   copy tftp://tftp_host's_address/config_name nvram
   Switch1#copy tftp:// nvram

Deleting the Startup-Configuration

To delete the startup-config (nvram), use the following command:

   Switch1#delete nvram

Change the LAN Switch Type

You can view the switch type with the privileged EXEC command show port system. To change the switch's switch type, use the following command:

   Switch1(config)#switching-type ?
fragment-free Fragment Free mode
store-and-forward Store-and-Forward mode

Switch1(config)#switching-type store-and-forward

Layer 2 Switching

  • Layer 2 switching is hardware based, it uses the host's Media Access Control (MAC) address.
  • Switches use Application Specific Integrated Circuits (ASIC) to build and maintain filter tables.
  • Switches tend to be faster than Routers, because they don't look at the logical address (Network layer headers), they instead use the hardware address defined at the Data Link (MAC) layer to decide whether to forward or discard the frame.
  • Layer 2 switching is so efficient because it doesn't modify the data packet only the frame encapsulating the packet; this also causes it to be less error prone.
  • Uses Layer 2 switching for network connectivity and network segmentation (each port is a separate collision domain).
  • Be careful how you segment your network, ensure that the users spend 80% of their time on their local segment, and all the segments of a switch are still in the same broadcast domain. Use routers to split up broadcast domains.

Benefits of LAN Switches (Layer 2 Services)

An individual Layer 2 switch might offer some or all of the following benefits:

  • Bandwidth---LAN switches provide excellent performance for individual users by allocating dedicated bandwidth to each switch port (for example, each network segment). This technique is known as microsegmenting.
  • VLANs---LAN switches can group individual ports into logical switched workgroups called VLANs, thereby restricting the broadcast domain to designated VLAN member ports. VLANs are also known as switched domains and autonomous switching domains. Communication between VLANs requires a router.
  • Automated packet recognition and translation---Cisco's unique Automatic Packet Recognition and Translation (APaRT) technology recognizes and converts a variety of Ethernet protocol formats into industry-standard CDDI/FDDI formats. With no changes needed in either client or server end stations the Catalyst solution can provide an easy migration to 100-Mbps server access while preserving the user's investment in existing shared 10Base-T LANs.

Three functions of layer 2 switching

  1. Address learning - Layer 2 switches retain, in their filter tables, the source hardware address and port interface it was received on.
  2. Forward/Filter decisions - When a frame is received, the switch looks at the destination hardware address and finds the interface it is on in the filter table. If the address is unknown, the frame is broadcast on all interfaces except the one it was received on.
  3. Loop Avoidance - If multiple connections between switches exist for redundancy, network loops can occur. Spanning Tree Protocol is used to stop loops while still allowing redundancy.

Spanning Tree Protocol

STP is a Layer 2 link management protocol that provides path redundancy while preventing undesirable loops in the network. For an Ethernet network to function properly, only one active path must exist at Layer 2 between two stations. STP operation is transparent to end stations, which do not detect whether they are connected to a single LAN segment or a switched LAN of multiple segments.

The Catalyst series switches use STP (IEEE 802.1D bridge protocol) on all Ethernet virtual LANS (VLANs). When you create fault-tolerant internetworks, you must have a loop-free path between all nodes in a network. In STP, an algorithm calculates the best loop-free path throughout a Catalyst-switched network. The switches send and receive spanning-tree packets at regular intervals (2 seconds). The switches do not forward the packets, but use the packets to identify a loop-free path. The default configuration has STP enabled for all VLANs.

Multiple active paths between stations cause loops in the network. If a loop exists in the network, you might receive duplicate messages. When loops occur, some switches see stations on both sides of the switch. This condition confuses the forwarding algorithm and allows duplicate frames to be forwarded.

To provide path redundancy, STP defines a tree that spans all switches in an extended network. STP forces certain redundant data paths into a standby (blocked) state. If one network segment in the STP becomes unreachable, or if STP costs change, the spanning-tree algorithm reconfigures the spanning-tree topology and reestablishes the link by activating the standby path.

  • Defined as IEEE 802.1d
  • It first elects a root bridge (only 1 per network), root bridge ports are called designated ports which operate as forwarding-state ports. Forwarding-state ports can send and receive traffic. Other switches in your network are nonroot bridges.
  • The nonroot bridge's port with the fastest link to the root bridge is called the root port, and it sends and receives traffic.
  • Ports that have the lowest cost to the root bridge are called designated ports. The other ports on the bridge are considered non designated and will not send or receive traffic, (blocking mode).
  • Switches or bridges running STP, exchange information with what are called Bridge Protocol Data Units (BPDU). BPDUs send configuration information using multicast frames, BPDUs are also used to send the bridge ID of each device to other devices. The bridge ID is used to determine the root bridge in the network and to determine the root port. The Bridge ID is 8 bytes long, includes priority and MAC address. The default priority of devices using IEEE STP is 32,768 (215).
  • To determine the root bridge the priority and the MAC addresses are combined, if priority is the same, the MAC address is used to determine the who has the lowest ID, which determines who will be the root bridge.
  • Path Cost is used to determine which ports will be used to communicate with the root bridge (designated ports). STP cost is the total accumulated path cost based on the bandwidth of the links. The slower the link the higher the cost.

Spanning Tree Protocol Port States

  • Blocking - doesn't forward any frames, but still listens to BPDUs. Ports default to blocking when the switch powers on. Used to prevent network loops. If a blocked port is to become the designated port, it will first enter listening state to ensure that it won't create a loop once it goes into forwarding state.
  • Listening - listens to BPDUs to ensure no loops occur on the network before passing data frames.
  • Learning - learns MAC addresses and builds filter table, doesn't forward frames.
  • Forwarding - sends and receives all data on the bridge ports. A forwarding port has been determined to have the lowest cost to the root bridge.

LAN Switching Modes

  • Store and Forward - the entire frame is copied into its buffer and computes the Cyclic Redundancy Check (CRC). Since it copies the entire frame, latency varies with frame length. If the frame has a CRC error, is too short (<64>1518 bytes) it is discarded. If no error, the destination address (MAC) is looked up in the filter table and is sent to the appropriate interface. Is the default state for 5000 series switches.
  • Cut Through - fastest switching mode as only the destination address is copied. It will then look up the address in its filter table and send the frame to the appropriate interface.
  • Fragment Free - modified form of Cut Through switching. The switch waits for the first 64 bytes to pass before forwarding the frame. If the packet has an error, it usually occurs in the first 64 bytes of the frame. Default mode for 1900 switches.


Lan Switches

So, what are LAN switches? Switches are essentiallY mult-port bridges. Switches operate on the same basic principle as bridges. The difference is that essentially each host is often connected directly to a port on the switch, effectively resulting in each host having its own dedicated segment (microsegmentation). By examining MAC addresses the switch learns where hosts are located and forwards frames only to the necessary port. Because the decision to forward packets is based on layer 2 addresses, these types of switches are often called frame switches. Note: Some vendors also sell LAN switches that incorporate functions that operate on layer 3 information. Such switches are often referred to as multi-layer switches.

The benefits of switches are enormous. With Full-Duplex ethernet support, collisions can be virtually eliminated. Each host on the switch essentially has access to the full amount of available bandwidth.

There are two primary of Lan Switching modes, Store & Forward and Cut Through.

Store & Forward

This is the mode used by Catalyst 5000 series switches. In this mode an entire frame is read into a memory buffer on the switch. The frame is then analyzed for errors (CRC computation). If the frame is good, the switch consults its table of known MAC addresses and forwards the frame to the appropriate port. This method has the benefit of having each frame checked for errors and discarded if mal-formed. However, because it must read the entire frame into memory and peform the CRC, there is a higher degree of latency when compared to other methods.

Cut Through

This is an option in some EtherSwitch models. In Cut-Through switching, only the destination MAC address is read into memory. This is done simply to determine to which port to forward the frame. Once the destination port is known the switch immediatly begins forward the frame to that port. It does not do any error checking. The benefit of this method of switching is reduced latency but at the cost of potentially sending unwanted, mal-formed frames to host computers. Some cut-through switches attempt to reduce problems by filtering out collision fragments. Collision fragments are less than 64 bytes, so the switch reads 64bytes before beginning to forward the frame. Cisco refers to the standard cut-through switch as Fast Forward and those that filter collision fragments as Fragment Free.

Virtual LANs

Another great benefit of modern switches is a capability to created virtual LANs (VLANs). After a VLAN is established on a switch, frames (broadcast, multicast, or unicast) will only be forwarded to that particular VLAN. VLANs become particularly beneficial in their capability to span switches. No longer is the physical location of a host the determining factor in which LAN it belongs. This is accomplished by inserting a VLAN ID into the frame that identifies to which VLAN the frame belongs. This is used only in the switch framework and is removed before the final switch in a network forwards the frame to the destination port.


  • Cisco has TFTP server software that can be run on a computer.
  • Three places a router can look for a valid Cisco IOS - Flash, TFTP Server or ROM.
  • To copy the current config to a TFTP server type “copy running-config tftp”. To load a copy type “copy tftp run”.

  • Show memory is used to see how the system allocates memory for different purposes.
  • Show stacks monitors the stack use and if the reboot was the result of a system crash, and displays the last system reboot.
  • Show Buffers reveals the size of the buffers (S, M, Big, VeryBig, L, and Huge)
  • Show Flash describes the flash memory and the size of files and how much memory is free.
  • Cisco Discovery Protocol (CDP) – allows you access to configuration information on other routers with a single command. Running Subnetwork Access Protocol (SNAP) at the Data Link layer, two devices running different Network Layer protocols can still communicate. CDP runs by default on 10.3 versions and earlier. Once a router is found, it can display information about the upper-layer protocols. Find by typing “sh cdp int” will show interfaces configured to run CDP.

Telnet is a virtual terminal protocol.

  • “sh hosts” will show all the names of routers that your router knows about, assuming DNS is running on router or on a server. Router as a DNS server, use “ip domain-lookup, and “ip name-server ip_address”

You just received an output that states the CDP hold time, hardware, port ID, and local interface. What was the command you typed in?

“Show cdp neighbor” will show the hardware platform (Cisco 2500) the local interface the routers are connected through, the hold time, the port id of the remote router and the device id and its capability.

What’s the default CDP hold time in seconds?

180 - 3 times the default broadcast frequency, which is 60 seconds

What's the default CDP update broadcast rate for routers in seconds?

60 seconds. Changed with the cdp timer command.

What type of frame does CDP use to gather information about its directly connected neighbors?

CDP uses SNAP by default.

Which command do you type to view the hostnames configured in your router (choose two)?

Show hosts or sh host will show the ip host table configured on the router.

How can you view the CDP information received from all routers?

Show cdp entry or sh cdp entry * will show you entries of CDP information received from the neighbor routers.

If you want to type in the hostname Bob instead of the IP address to access the remote router named Bob, what should you do?

“config t, ip host bob”.

If you type “copy tftp flash”, which event did you cause?

Copied a file from TFTP server to router flash. The router will look to a TFTP host for a valid Cisco IOS to copy into EEPROM, or Flash.

If you want to load a new Cisco IOS into your router's memory, which command should you use?

“copy tftp flash” tells the router to look to a TFTP server.

What does it mean if you’re running a trace and receive a “P” as a response?

Protocol unreachable

If you want to configure the router configuration stored in NVRAM, which command should you use?

“config mem” copies the startup-config into running-config.

Which command will load the Cisco router configuration into RAM (choose three)?

To reload the router, type “Reload” or “copy startup-config running-config”, or ”copy tftp running-config”.

What command will copy your router configuration to a TFTP server?

“copy star tftp” or “copy runn tftp”

What command should you use to have your router load the valid Cisco IOS from a TFTP server?

“boot system tftp

Which command will you use if you want to disable DNS lookup?

“no ip domain-lookup” will disable DNS.

Which command do you use to configure your router to do a domain-lookup?

IP name-server

After telneting into multiple routers simultaneously, what command can you type to see these connections?

“sh sessions” will show all that are open.

kNOW the password recovery processes for both 25xx and 26xx router

Thursday, March 30, 2006


Identify the true statements.

A. Ethernet is a broadcast media.

B. Ethernet is a non-broadcast media.

C. Ethernet does not allow a device to be given priority to transmit.

D. Ethernet allows a host to be given priority to transmit over other hosts on the same segment.



What term is given to the point in an ISDN network where responsibility for the equipment goes from the customer to the telco?





E. R

F. S

G. T



The term "cost" refers to the metric of what routing protocol?

A. RIPv1

B. RIPv2




F. Static Routing


Tuesday, March 28, 2006



Integrated Services Digital Network

Terminal equipment types:

TE1: understands ISDN

TE2: predates ISDN and needs a TA (terminal adapter) to work

ISDN reference points:

R: between non-isdn device and TA

S: between terminal and NT2 device

T: point between NT1 and NT2

U: point between NT1 and carrier line termination device

ISDN protocol codes:

E: existing telephone network

I: concepts, terms, and services

Q: switching and signaling

ISDN service levels:

Connect to lines with SPIDs (service Profile Identfiers) (phone numbers..)

BRI: Basic Rate Interface: 2B + 1D

B = 64kbs, D=16Kbps = 128kbs plus control

PRI: Primary Rate Interface: 23B + 1D

Total of 1.544Mbps

Configuring ISDN BRI

#isdn switch-type ?

tons of proprietary switch types


typicaly bri0, or something like that.

#encap ppp

ppp is method used to setup isdn phone calls

#isdn spid1

#isdn spid2


Frame Relay

Shared Bandwidth

Can setup a CIR (Committed Information Rate)

Assumed error-checking is handled at another, higher, layer

PVCs are created at layer 2.

DLCIs: Data-link connection Identifiers : are used to identify virtual circuit connections.

DLCI address are assigned by the provider and then mapped to IP addresses by the router

LMI: Local management Interface

These are autodetected in current IOS versions….. however:

Keyword Meaning

Cisco: defined by industry group, and default

ANSI: Annex D defined by T1.617

Q933a: Defined by ITU-T Annex A Q.933A

LMI can be used to determine the global significance of the DLCI numbers.

Setup of Frame Relay on Cisco


#encapsulation frame-relay [ietf, or default is cisco]

use default to talk to other cisco routers, use ietf encapsulation to talk to non-cisco.

#frame-relay interface-dlci

to map dlci number to current interface, or subinterface

Then specify an IP address for that subinterface

Optionally you can hard-code the address on the other end.

#encap frame-relay [ietf]

#no inverse-arp

turns off auto addressing features

#ip address

#frame-relay map ip

[cisco] [broadcast]

this lets you mix encap types, and allow broadcast over interface

Monitoring Frame Relay

#show frame ?

ip ip statistics

lmi lmi stats

map map table

pvc pvc stats – this one displays the DLCI #

route route info

traffic protocol stats

Thursday, March 23, 2006


Interface commands

Enable ppp on the interface encapsulation ppp

Enable authentication (chap pap) ppp authentication chap / pap

Global Commands

create a username and password for logging in username password

Show Commands

See encapsulation , open LCP's and more show interface serial 0

Debug Commands

View the authentication process debug ppp authentication


Circuit switching establishes a dedicated physical connection for voice or data between a sender and receiver. Before communication can start, it is necessary to establish the connection by setting the switches. This is done by the telephone system, using the dialed number. ISDN is used on digital lines as well as on voice-grade lines. If the local loop is not directly connected to the telephone system, a digital subscriber line (DSL) may be available.

To avoid the delays associated with setting up a connection, telephone service providers also offer permanent circuits. These dedicated or leased lines offer higher bandwidth than is available with a switched circuit. Examples of circuit-switched connections include:

  • Plain Old Telephone System (POTS)
  • ISDN Basic Rate Interface (BRI)
  • ISDN Primary Rate Interface (PRI)

Many WAN users do not make efficient use of the fixed bandwidth that is available with dedicated, switched, or permanent circuits, because the data flow fluctuates. Communications providers have data networks available to more appropriately service these users. In these networks, the data is transmitted in labeled cells, frames, or packets through a packet-switched network. Because the internal links between the switches are shared between many users, the costs of packet switching are lower than those of circuit switching. Delays (latency) and variability of delay (jitter) are greater in packet-switched than in circuit-switched networks. This is because the links are shared and packets must be entirely received at one switch before moving to the next. Despite the latency and jitter inherent in shared networks, modern technology allows satisfactory transport of voice and even video communications on these networks.

Packet-switched networks may establish routes through the switches for particular end-to-end connections. Routes established when the switches are started are PVCs. Routes established on demand are SVCs. If the routing is not pre-established and is worked out by each switch for each packet, the network is called connectionless.

To connect to a packet-switched network, a subscriber needs a local loop to the nearest location where the provider makes the service available. This is called the point-of-presence (POP) of the service. Normally this will be a dedicated leased line. This line will be much shorter than a leased line directly connected to the subscriber locations, and often carries several VCs. Since it is likely that not all the VCs will require maximum demand simultaneously, the capacity of the leased line can be smaller than the sum of the individual VCs. Examples of packet or cell switched connections include:

  • Frame Relay
  • X.25
  • ATM


Packet-switched networks were developed to overcome the expense of public circuit-switched networks and to provide a more cost-effective WAN technology.

When a subscriber makes a telephone call, the dialed number is used to set switches in the exchanges along the route of the call so that there is a continuous circuit from the originating caller to that of the called party. Because of the switching operation used to establish the circuit, the telephone system is called a circuit-switched network. If the telephones are replaced with modems, then the switched circuit is able to carry computer data.

The internal path taken by the circuit between exchanges is shared by a number of conversations. Time division multiplexing (TDM) is used to give each conversation a share of the connection in turn. TDM assures that a fixed capacity connection is made available to the subscriber.

If the circuit carries computer data, the usage of this fixed capacity may not be efficient. For example, if the circuit is used to access the Internet, there will be a burst of activity on the circuit while a web page is transferred. This could be followed by no activity while the user reads the page and then another burst of activity while the next page is transferred. This variation in usage between none and maximum is typical of computer network traffic. Because the subscriber has sole use of the fixed capacity allocation, switched circuits are generally an expensive way of moving data.

An alternative is to allocate the capacity to the traffic only when it is needed, and share the available capacity between many users. With a circuit-switched connection, the data bits put on the circuit are automatically delivered to the far end because the circuit is already established. If the circuit is to be shared, there must be some mechanism to label the bits so that the system knows where to deliver them. It is difficult to label individual bits, therefore they are gathered into groups called cells, frames, or packets. The packet passes from exchange to exchange for delivery through the provider network. Networks that implement this system are called packet-switched networks.

The links that connect the switches in the provider network belong to an individual subscriber during data transfer, therefore many subscribers can share the link. Costs can be significantly lower than a dedicated circuit-switched connection. Data on packet-switched networks are subject to unpredictable delays when individual packets wait for other subscriber packets to be transmitted by a switch.

The switches in a packet-switched network determine, from addressing information in each packet, which link the packet must be sent on next. There are two approaches to this link determination, connectionless or connection-oriented. Connectionless systems, such as the Internet, carry full addressing information in each packet. Each switch must evaluate the address to determine where to send the packet. Connection-oriented systems predetermine the route for a packet, and each packet need only carry an identifier. In the case of Frame Relay, these are called Data Link Control Identifiers (DLCI). The switch determines the onward route by looking up the identifier in tables held in memory. The set of entries in the tables identifies a particular route or circuit through the system. If this circuit is only physically in existence while a packet is traveling through it, it is called a Virtual Circuit (VC).

The table entries that constitute a VC can be established by sending a connection request through the network. In this case the resulting circuit is called a Switched Virtual Circuit (SVC). Data that is to travel on SVCs must wait until the table entries have been set up. Once established, the SVC may be in operation for hours, days or weeks. Where a circuit is required to be always available, a Permanent Virtual Circuit (PVC) will be established. Table entries are loaded by the switches at boot time so the PVC is always available.


Data from the network layer is passed to the data link layer for delivery on a physical link, which is normally point-to-point on a WAN connection. The data link layer builds a frame around the network layer data so the necessary checks and controls can be applied. Each WAN connection type uses a Layer 2 protocol to encapsulate traffic while it is crossing the WAN link. To ensure that the correct encapsulation protocol is used, the Layer 2 encapsulation type used for each router serial interface must be configured. The choice of encapsulation protocols depends on the WAN technology and the equipment. Most framing is based on the HDLC standard.

HDLC framing gives reliable delivery of data over unreliable lines and includes signal mechanisms for flow and error control. The frame always starts and ends with an 8-bit flag field, the bit pattern 01111110. Because there is a likelihood that this pattern will occur in the actual data, the sending HDLC system always inserts a 0 bit after every five 1s in the data field, so in practice the flag sequence can only occur at the frame ends. The receiving system strips out the inserted bits. When frames are transmitted consecutively the end flag of the first frame is used as the start flag of the next frame.

The address field is not needed for WAN links, which are almost always point-to-point. The address field is still present and may be one or two bytes long. The control field indicates the frame type, which may be information, supervisory, or unnumbered:

  • Unnumbered frames carry line setup messages.
  • Information frames carry network layer data.
  • Supervisory frames control the flow of information frames and request data retransmission in the event of an error.

The control field is normally one byte, but will be two bytes for extended sliding windows systems. Together the address and control fields are called the frame header. The encapsulated data follows the control field. Then a frame check sequence (FCS) uses the cyclic redundancy check (CRC) mechanism to establish a two or four byte field.

Several data link protocols are used, including sub-sets and proprietary versions of HDLC. Both PPP and the Cisco version of HDLC have an extra field in the header to identify the network layer protocol of the encapsulated data.


WANs use the OSI reference model, but focus mainly on Layer 1 and Layer 2. WAN standards typically describe both physical layer delivery methods and data link layer requirements, including physical addressing, flow control, and encapsulation. WAN standards are defined and managed by a number of recognized authorities.

The physical layer protocols describe how to provide electrical, mechanical, operational, and functional connections to the services provided by a communications service provider. Some of the common physical layer standards are listed in Figure , and their connectors illustrated in Figure .

The data link layer protocols define how data is encapsulated for transmission to remote sites, and the mechanisms for transferring the resulting frames. A variety of different technologies are used, such as ISDN, Frame Relay or Asynchronous Transfer Mode (ATM). These protocols use the same basic framing mechanism, high-level data link control (HDLC), an ISO standard, or one of its sub-sets or variants.


WANs are groups of LANs connected together with communications links from a service provider. Because the communications links cannot plug directly into the LAN, it is necessary to identify the various pieces of interfacing equipment.

LAN-based computers with data to transmit send data to a router that contains both LAN and WAN interfaces. The router will use the Layer 3 address information to deliver the data on the appropriate WAN interface. Routers are active and intelligent network devices and therefore can participate in network management. Routers manage networks by providing dynamic control over resources and supporting the tasks and goals for networks. Some of these goals are connectivity, reliable performance, management control, and flexibility.

The communications link needs signals in an appropriate format. For digital lines, a channel service unit (CSU) and a data service unit (DSU) are required. The two are often combined into a single piece of equipment, called the CSU/DSU. The CSU/DSU may also be built into the interface card in the router.

A modem is needed if the local loop is analog rather than digital. Modems transmit data over voice-grade telephone lines by modulating and demodulating the signal. The digital signals are superimposed on an analog voice signal that is modulated for transmission. The modulated signal can be heard as a series of whistles by turning on the internal modem speaker. At the receiving end the analog signals are returned to their digital form, or demodulated.

When ISDN is used as the communications link, all equipment attached to the ISDN bus must be ISDN-compatible. Compatibility is generally built into the computer interface for direct dial connections, or the router interface for LAN to WAN connections. Older equipment without an ISDN interface requires an ISDN terminal adapter (TA) for ISDN compatibility.

Communication servers concentrate dial-in user communication and remote access to a LAN. They may have a mixture of analog and digital (ISDN) interfaces and support hundreds of simultaneous users.


A WAN is a data communications network that operates beyond the geographic scope of a LAN. One primary difference between a WAN and a LAN is that a company or organization must subscribe to an outside WAN service provider in order to use WAN carrier network services. A WAN uses data links provided by carrier services to access the Internet and connect the locations of an organization to each other, to locations of other organizations, to external services, and to remote users. WANs generally carry a variety of traffic types, such as voice, data, and video. Telephone and data services are the most commonly used WAN services.

Devices on the subscriber premises are called customer premises equipment (CPE). The subscriber owns the CPE or leases the CPE from the service provider. A copper or fiber cable connects the CPE to the service provider’s nearest exchange or central office (CO). This cabling is often called the local loop, or "last-mile". A dialed call is connected locally to other local loops, or non-locally through a trunk to a primary center. It then goes to a sectional center and on to a regional or international carrier center as the call travels to its destination.

In order for the local loop to carry data, a device such as a modem is needed to prepare the data for transmission. Devices that put data on the local loop are called data circuit-terminating equipment, or data communications equipment (DCE). The customer devices that pass the data to the DCE are called data terminal equipment (DTE). The DCE primarily provides an interface for the DTE into the communication link on the WAN cloud. The DTE/DCE interface uses various physical layer protocols, such as High-Speed Serial Interface (HSSI) and V.35. These protocols establish the codes and electrical parameters the devices use to communicate with each other.

WAN links are provided at various speeds measured in bits per second (bps), kilobits per second (kbps or 1000 bps), megabits per second (Mbps or 1000 kbps) or gigabits per second (Gbps or 1000 Mbps). The bps values are generally full duplex. This means that an E1 line can carry 2 Mbps, or a T1 can carry 1.5 Mbps, in each direction simultaneously.