VLAN Concepts

The characteristics of a typical VLAN are as follows :

• Each logical VLAN is like a seperate physical bridge.


• VLAN's can span multiple switches


• Trunk link carry traffic for multiple VLANs

VLAN membership modes
VLANs are layer 2 implementation in your network topology. Because they are implemented at the data link layer, they are protocol independent. To put a given port(segment) into a VLAN, you must create a VLAN on the switch and then assign that port membership on the switch. In cisco IOS software, a layer 2 port is known as a switchport. A switchport can either be a member of a single VLAN (access port) or be configured as a trunk link (trunk port) to carry traffic for multiple VLANs.Access ports are configured with a VLAN membership mode that determines to which VLAN they can belong. The membership modes are as follows :

• Static  -  When an admin assigns a single VLAN to a port by hardcoding, it is called static assignment.


• Dynamic  -  The IOS catalyst switch supports the dynamic assignment of a single VLAN to a port by using a VLAN Membership Policy Server (VMPS). The VMPS must be a catalyst 5500 or 6500, running the set based operating system. The VMPS contains a database that maps MAC addresses to VLAN assignment.A dynamic port can belong to only one VLAN at a time.

Trunk Protocols
Trunks make use of one of the two protocols. They are 801.2Q and ISL (Inter Switch Link).801.2Q is the IEEE open standard which inserts a 4 byte section into the frames which identifies to which VLAN the frame is destined for. Whereas ISL encapsulates the whole frame in a 26 byte ISL header and a 4 byte CRC trailer (total 30 bytes).ISL is cisco propritery.

VLAN Trunking Protocol  -  VTP
You can provide VLAN connectivity through out the switched network in two ways.
One : By manually creating all the needed VLANs on each of the switches individually or
Two : Using Cisco's VLAN Trunking Protocol as an easier method for maintaining consistent VLAN ckonfiguration throughout the switched network.
VTP is a layer 2 messaging protocol.It minimizes misconfigurations and configuration inconsistencies that can cause problems, such as duplicate VLAN names or incorrect VLAN type specifications.

There are three VTP modes. They are :

• Server Mode*  -  Sends /forwards VTP advertisements, Synchronises VLAN configuration information with other switches,Can create, modify and delete VLANs and other configuration parameters for the entire VTP domain. Configurations are saved in NVRAM.


• Client Mode  -  Sends /forwards VTP advertisements, Synchronises VLAN configuration information with other switches, Cannot create, modify and delete VLANs and configurations are not saved in NVRAM.


• Transparent Mode  -  Only Forwards VTP advertisements, does not Synchronises VLAN configuration information with other switches,Can create, modify and delete VLANs and other configuration parameters but the changes are not propagated throughout the entire VTP domain - They affect only the local switch. Configurations are saved in NVRAM.

VTP advertisements are flooded throughout the management domain every 5 minutes or when ever a change occurs in the VLAN configuration. VTP advertisements are send on VLAN1 using multicast frames. Included in the VTP advertisement is a configuration revision number. A higher configuration revision number indicates that the VLAN information being advertised is more current than the stored information. To reset the configuration revision number, you should eaither change the switch mode to transparent, then back to server or client with the command :
(config)# vtp mode {server|client|transparent}

OR
Change the VTP domain name and set it back using the command :
(config)# vtp domain name
The command :
# show vtp status
may be executed before and after the change to see the configuration number being reset.The configuration revision number in the VTP transparent mode is always 0.

Important CISCO Switch commands

Configuring ip address, subnet mask and default gateway on a layer 2 switch

(config)# interface vlan 1 (vlan 1 is the default administrative lan of a switch).
(config-if)# ip   address   10.1.1.1   255.0.0.0
(config-if)# no shutdown
(config-if)# exit
(config)# ip default-gateway 10.1.1.2

To verify ip-address and default gateway

# show interfaces vlan 1
# show ip default

Configure speed and duplex setting on a catalyst switch

(config)# interface fa0/1
(config-if)# speed {10|100|auto*}  -  * is the default value
(config-if)#duplex {full|half|auto*}

To verify speed and duplex settings

# show interfaces fa0/1
or
# show interface status

spanning tree portfast is used for moving a switch port directly into forwarding state.

(config-if)# spanning-tree portfast

Displaying a mac address table for a switch

# show mac-address-table

Entering static mac addresses

(config)# mac-address-table   static   0000.0c12.2345   vlan   1   interface   FastEthernet0/1

Configuring port security

(config-if)#switchport port-security [maximum (number)]
Where maximum denotes the maximum number of mac addresses stored in the mac address table of the switch.

Show port security in an interface

# show port-security

If there is a violation in the port security, the switch does one of the following : protect, restrict or shutdown. This can be set using the following command :

(config)# switchport port-security violation {protect|restrict|shutdown*}
You can reset the switch to its default value (shutdown) by using the command :
(config)# no switchport port-security violation

Executing adds, moves and changes to port security

As your network topology changes by adding new devices or interfaces or moving and changing existing ones, you might need to modify the switch configuration if you enabled port security. To add a new MAC address for the port security, complete the following tasks :

1. Configure port security
   
2. Configure the MAC address to the port allocated for the new interface using the command switchport port-security mac-address mac address , so that only this mac address will be permitted to use the port.
   

To delete a MAC address on a secured port, remove the port restrictions by issuing the command (config)# no switchport port-security.


To move a MAC address from one secured port into another, you must delete the MAC address restriction from one port and assign it to a new port.

Notes on Catalyst Switches - I

Three primary switch operating modes are   -   Store and Forward,Cut Through   -   which has lowest latency (delay) and Fragment Free   -   which reads 64 bytes before starting to forward the frame.

Switch learns the address of a device using entries in its mac address table.Source address of incoming frames are stored in the mac address table. If the table is empty, as when the switch is just turned on, then the frames are forwarded through all the ports other than the one through which it recieved the frame. This process is known as flooding. Once the mac address table is filled, the switch resorts to frame filtering.

Broadcast address in ethernet is FFFF.FFFF.FFFF. A multicast address usually starts with 01.

Three main functions of a switch are as follows :

• Address learning function


• Forwarding / Filtering


• Loop avoidance   -   Accomplished by using Spanning Tree Protocol

Purpose and functions of Spanning Tree Protocol (STP)

• Eliminate Broadcast Storms


• Eliminate duplicate non-broadcast frame transmissions


• Eliminate mac address table database instability


• Eliminate multiple loops in switched networks.

Spanning Tree Protocols supported by catalyst switches are 802.1d and 802.1w (Rapid STP).

Spanning tree port states for 802.1d are listening, learning, forwarding and blocking.

Forward delay   -   Time it takes for the switch port to transition from listening state to learning state or learning state to forwarding state.

Key concepts used by STP are Bridge ID and Path costs. Bridge ID is a 8 byte hex number whose first 2 bytes is the priority number (32,768 or 0x8000) and the rest 6 bytes is the mac address of the switch. The Bridge ID of a neighboring switch is learned from the BPDU (Bridge Protocol Data Units) exchanged between switches (every 2 secs).

Spanning Tree Protocol   -  

• Elects a root bridge   -   a switch with lowest bridge ID.


• For each non root bridge, there is one root port.


• On each segment, there is one designated port.

Using STP you can determine the following for a switched network   -   Root bridge, Root Port, Designated Port, Blocking, Forwarding.

Default settings for Catalyst Switches   -  

• ip address   -   0.0.0.0


• CDP   -   enabled


• 10/100 port   -   Autonegotiate duplex mode


• STP   -   enabled


• Console password   -   none

Ten CCNA Questions and their answers

Which of the following would work at all layers of OSI model?   -   SNMP station, TCP, Transceiver ,Bridge ,Host, Switch , Web Server, Gateway

An SNMP station, Webserver, Host and a Gateway can read all layers of the OSI.

Which command would you type at the CLI prompt to see the configuration register settings ?

# show version

What is the benefit of segmenting your network with bridges ?

A benefit of segmenting your network with bridges is that some upper-layer protocols do not implement a network layer protocol such as NETBIOS or DLC. Bridges can create a network using these protocols.

You want to verify that your ISDN router has connected to the telephone ISDN switch. What command should you use?

# show isdn status   -   This command layer 1,2 and 3 status on an ISDN BRI interface.

Which of the following are causes of LAN traffic congesion ?

If you have too many hosts in a broadcast domain, or have broadcast storms or large amounts of multicasting, you will have LAN congestion.

How long is the flush timer in IGRP?

The flush timer in IGRP is 7 times the update timer = 7 x 90 = 630 sec

If you want to see whether an interface has an access list set, which command would you use?

#show ip interface   -   This command will show you whether an access list has been set and in what direction it is filtering.

What are the two ways that you can enter setup mode on a router ?

You could erase the contents of NVRAM by executing the command "erase startup-config" and then rebooting the router.

You can also type "setup" at the privileged mode at any time.

Which are the commands used to configure information into a RAM of a router ?

#configure terminal , #configure memory --> same as newer command #copy startup-config running-config and #configure network

If during the transfer stage of a TCP session, the window size changes from 1500 to 2000, what will the sending host do?

Transmit 2000 bytes before waiting for an acknowledgement.

Cisco Discovery Protocol

Cisco Discovery Protocol in short CDP is a propritery protocol used to findout what all devices are connected to a particular router or switch. Some of the main commands that could be used on routers are as follows:

# show cdp neighbor  This command displays all the devices connected to the said router. The devices are recognised as follows :

T - Trans Bridge   S - Switch   R - Router   
r - Repeater    B - Source Route Bridge    I - IGRP    H - Host

Two other commands which give the same result but in a more detailed fashion are :

# show cdp neighbors detail    is the same as    # show cdp entry *

Gathering Interface Traffic Information

# show cdp traffic

Gathering Port and Interface Information

# show cdp interface

Disabling CDP on a router

# no cdp run

Disable CDP on a per interface basis

(config-if)# no cdp enable
It is    cdp enable    by default.

How do you set the IP address for the ethernet port of a router?

Following are the steps needed for setting the port address for the ethernet port of a router.

• First go into global configuration mode
  
  # conf t
  (config)#


• Now go into interface configuration mode for the port whose address you want to set as follows ...
  
  (config)# interface ethernet 0
  (config-if)#


• Here give the command to allocate an address 192.168.0.1 and a subnet mask 255.255.255.0 as follows ...
  
  (config-if)# ip address 192.168.0.1 255.255.255.0
  (config-if)#no shutdown
  (config-if)#^Z

Now if you give the command show running-config from the previledged mode, you can see that the ethernet 0 interface has been allocated the said ip address. And the no shutdown command says that the ethernet 0 interface has to be turned up.

What is this Blog about?

Hello and welcome to my CCNA Help blog. I am at present actively preparing for taking the CCNA exam. If you are wondering what CCNA stands for, then CCNA is one of the most popular certification exams conducted by Cisco (the manufacturers of world class Routers, Switches, bridges etc). Cisco is the market leader in the networking business. By getting a CCNA, I hope to enhance my career because many industries are stressing on a networking professional with Cisco certification. By the way CCNA is Cisco Certified Network Associate. So I will be writing all that I am learning as well as my experiences in handling routers and switches. And I hope it will be useful for you also in taking the CCNA exam successfully.