Cisco Switching Basic: Netlabinc

CISCO SWITCHING BASIC
NetlabInc
Switch Basic Configuration
1. Hostname
Switch>
Switch>ena
Switch#conf t
Enter configuration commands, one per line. End with CNTL/Z.
Switch(config)#hostname SW1
SW1(config)#
2. Securing the Console port
Switch#conf t
Switch(config)#line con 0
Switch(config-line)#password cisco
Switch(config-line)#login
Switch(config-line)#exec-timeout 0
Switch(config-line)#
3. Securing the Virtual Connection or VTY
Switch#conf t
Switch(config)#line vty 0 4
Switch(config-line)#password cisco
Switch(config-line)#login
Switch(config-line)#exec-timeout 0
Switch(config-line)#
4. Secure the Privilege Mode Enable password
Switch#conf t
Switch(config)#enable password cisco
Switch(config)#exit
Switch#
5. Secure the Privilege Mode Enable secret
Switch#conf t
Switch(config)#enable secret cisco1
Switch(config)#
6. Service password encryption
Switch#conf t
Switch(config)#service password-encryption
Switch(config)#
7. Interface Vlan 1 configuration
Switch#conf t
Switch(config)#int vlan 1
Switch(config-if)#ip address 192.168.20.1 255.255.255.0
Switch(config-if)#no shutdown
Switch(config-if)#
%LINK-5-CHANGED: Interface Vlan1, changed state to up
%LINEPROTO-5-UPDOWN: Line protocol on Interface Vlan1, changed state to up
8. IP Default-gateway
Switch#conf t
Switch(config)#ip default-gateway 192.168.20.10
Switch(config)#
Verify the Configuration
interface GigabitEthernet0/2
Switch#sh run
!
Building configuration...
interface Vlan1
Current configuration : 1351 bytes
ip address 192.168.20.1 255.255.255.0
!
!
version 12.2(37)SE1
ip default-gateway 192.168.20.10
no service timestamps log datetime msec
ip classless
no service timestamps debug datetime msec
!
service password-encryption
ip flow-export version 9
!
!
hostname Switch
line con 0
!
exec-timeout 0 0
!
password 7 0822455D0A16
enable secret 5 $1$mERr$q.MA2tj.WFptzvbifq/1i.
login
enable password 7 0822455D0A16
!
spanning-tree mode pvst
line aux 0
!
line vty 0 4
exec-timeout 0 0
password 7 0822455D0A16
login
end
Switch#
Switch Port Modes
Has something to do with the type of links between
the cisco switch.
2 Types of Links
Depends on the type of device that is connected on the interface
between the links.
1. Trunk Links
If Switch is connected to a switch or a router.
2. Access Links
If Switch is connected to an end device PC, Server or Printer.

DTP Dynamic Trunking Protocol
Dynamically establish a Trunk Link a cisco Proprietary Protocol
Categories of Switchport Modes
1. Administrative Mode
Mode that is default or Manually Configured mode
1. Dynamic default mode on all cisco switch / auto configured modes
A. Dynamic Desirable
Actively send DTP Packet to inform the interface on
the other end that it would make the link as trunk.
B. Dynamic Auto
Don’t send DTP packet a passive interface just wait for the
DTP packets to become trunk.
2. Trunk Mode
Manually Configured Administrative switch port modes
Unconditionally sets the interface as trunk and send out DTP packets
3. Access Mode
Manually Configured Administrative switch port modes
Unconditionally sets the interface as Access and don’t send

out DTP packets
Note: Best Practice all interface that is facing to end devices must be configured as
access ports and disable negotiation. Also on the trunk link can disable the DTP
so no negotiation will took place especially on the cisco switches that are attached
to a none cisco devices.
Combinations of Port Modes and Its Operational Modes
Dynamic Dynamic
Trunk
Modes Auto Desirable Access
Dynamic Auto Access Trunk Trunk Access

Dynamic Desirable Trunk Trunk Trunk Access
Trunk Trunk Trunk Trunk Limited Connectivity
Access Access Access Limited Connectivity Access
Configuration of Switch Port Modes
Switch1#sh int fastEthernet 0/1 switchport Switch2#sh int fastEthernet 0/1 switchport
Name: Fa0/1 Name: Fa0/1
Switchport: Enabled Switchport: Enabled
Administrative Mode: dynamic auto Administrative Mode: dynamic auto
Operational Mode: static access Operational Mode: static access
Administrative Trunking Encapsulation: negotiated Administrative Trunking Encapsulation: negotiated
Operational Trunking Encapsulation: native Operational Trunking Encapsulation: native
Negotiation of Trunking: On Negotiation of Trunking: On
Access Mode VLAN: 1 (default) Access Mode VLAN: 1 (default)
Trunking Native Mode VLAN: 1 (default) Trunking Native Mode VLAN: 1 (default)
Note: Output of switch Verification on its interface
Configuration of Switch Administrative Modes
Switch#conf t
Switch(config)#int fa
Switch(config)#int fastEthernet 0/1
Switch(config-if)#switchport mode trunk
Command rejected: An interface whose trunk encapsulation is "Auto" can not be configured to "trunk" mode.
Switch(config-if)#switchport trunk encapsulation dot1q
Switch# sh int fastEthernet 0/1 switchport

Name: Fa0/1
Output after Switchport: Enabled
verification on the Administrative Mode: trunk
Switch Operational Mode: trunk
Administrative Trunking Encapsulation: dot1q
interface Operational Trunking Encapsulation: dot1q
Negotiation of Trunking: On
Access Mode VLAN: 1 (default)
Trunking Native Mode VLAN: 1 (default)
Voice VLAN: none
Switch Basic Operation
Switch#sh mac a Switch#sh mac add
Switch#sh mac address-table Switch#sh mac address-table
Mac Address Table Mac Address Table
------------------------------------------- ------------------------------------------------ ---------- -------
Vlan Mac Address Type Ports
---- ----------- -------- ------------- -------- --------- -----------
Vlan Mac Address Type Ports
---- ----------- -------- ----- 1 000b.bed1.b179 DYNAMIC Fa0/1
1 0010.11dc.8c61 DYNAMIC Fa0/1
1 0050.0fee.38cb DYNAMIC Fa0/1
Switch# 1 0060.47b5.1a01 DYNAMIC Fa0/1
1 00d0.bc58.2c9d DYNAMIC Fa0/24
1 00d0.d388.abdb DYNAMIC Fa0/23
1 0001.9624.a163 STATIC Fa0/5
Switch#
Note: During Checking the Mac Address Table of a switch
Switch Basic Operation How Switch Learns Mac Address
S: BB MAC ADDRESS TABLE
D: FF Vlan Mac Address Type Ports

1 BB Dynamic Fa0/24
1 CC Dynamic Fa0/22
S: CC 1 DD Dynamic Fa0/23
D: AA
S: DD
D: BB
Note: Frame received is broadcast then it is send to all ports except the port where it was received
Unknown unicast frame is flooded or forwarded on all switch interface except where it was received
Known unicast frame is forwarded on the interface found on its Mac Address table
Switch Port Security How it works
Limiting as to number of allowed Mac Address on the Switch Port
Switch>ena Enable the port-security

Switch#conf t
on the interface
Switch(config)#int fastEthernet 0/24 Switch(config-if)#switchport port-security
Switch(config-if)#switchport mode access
Switch(config-if)#switchport port-security
Switch(config-if)#switchport port-security maximum 1 Configuration in limiting
Switch(config-if)# the number of allowed
Mac address on the port of
the switch.
Note: To Remember always make sure the that port is in access mode Switch(config-if)#switchport port-security maximum 1
to effect the switchport port-security on the interface of the switch
Static and Dynamic Mac Address Filtering on the Switch Port
Switch>ena
Switch#conf t
Switch(config)#int fas
Switch(config-if)#switchport mode access Static Allocation Of Mac Address on the Port
Switch(config-if)#switchport port-security Switch(config-if)#switchport port-security mac-address AAAA.BBBB.CCCC
Switch(config-if)#switchport port-security maximum 1
Switch(config-if)#switchport port-security mac-address
AAAA.BBBB.CCCC
Switch>ena
Switch#conf t
Switch(config)#int fas
Switch(config)#int fastEthernet 0/24 Static Allocation Of Mac Address on the Port
Switch(config-if)#switchport port-security mac-address sticky
Switch(config-if)#switchport port-security mac-address sticky
Configuring the security violation on the switch interface

Switch>ena
Switch#conf t
Switch(config-if)#switchport port-security mac-address AAAA.BBBB.CCCC
Switch(config-if)#switchport port-security violation shutdown
Switch(config-if)#
Switchport Violation
PROTECT
Ethernet frames from MAC addresses that are not allowed will
be dropped but you won't receive any logging information.
RESTRICT
Ethernet frames from MAC addresses that are not allowed will be dropped
but you will see logging information and a SNMP trap is sent.
SHUTDOWN
Ethernet frames from MAC addresses that are not allowed will cause the interface to go to err-disable state.
You will see logging information and a SNMP trap is sent.
For recovery you have two options:
1. Manual: The default aging time is 0 mins, so you'll have to enable the interface yourself.
2. Automatic: Configure the aging time to another value.
Verification
Switch#sh port-security interface fastEthernet 0/22
Switch#sh port-security interface fastEthernet 0/22 Switch#sh port-security interface fastEthernet 0/23
Port Security : Enabled Port Security : Enabled
Port Status : Secure-up Port Status : Secure-up
Violation Mode : Shutdown Violation Mode : Shutdown
Aging Time : 0 mins Aging Time : 0 mins
Aging Type : Absolute Aging Type : Absolute
SecureStatic Address Aging : Disabled SecureStatic Address Aging : Disabled
Maximum MAC Addresses : 1 Maximum MAC Addresses : 2
Total MAC Addresses : 0 Total MAC Addresses : 1
Configured MAC Addresses : 0 Configured MAC Addresses : 1
Sticky MAC Addresses : 0 Sticky MAC Addresses : 0
Last Source Address:Vlan : 0000.0000.0000:0 Last Source Address:Vlan : 00D0.D388.ABDB:1
Security Violation Count : 0 Security Violation Count : 0
Enable the Shutdown port due to Violation

When Violation Occur the port is in err-disable state
Switch#conf t
Switch(config-if)#shutdown
%LINK-5-CHANGED: Interface FastEthernet0/22, changed state to administratively down
Switch(config-if)#no shutdown
Switch(config)#errdisable recovery cause psecure-violation

Switch(config)#interface fa0/1
Switch(config-if)#switchport port-security aging time 10
Note: The port will recover after 10 mins when it goes down due to violation on port security
Vlan (Virtual Lans) How it works
= It’s a logical subdivision of the switch

= Logically segmenting switch broadcast domain
Advantages
Broadcast Control
eliminates unnecessary broadcast traffic,
improving network performance and scalability.
Security
logically separates users and departments,
allowing administrators to implement access-lists to control
traffic between VLANs.
Flexibility
removes the physical boundaries of a network, allowing
a user or device to exist anywhere.
Creation / configuration of Vlans
Switch>ena Switch#sh vlan bri

Switch#sh vlan brief
Switch#conf t
Enter configuration commands, one per line. End
with CNTL/Z. VLAN Name Status Ports
---- -------------------------------- --------- ------------------------------------------------------------
Switch(config)#vlan 20 1 default active Fa0/1, Fa0/2, Fa0/3, Fa0/4
Switch(config-vlan)#name IT Fa0/5, Fa0/6, Fa0/7, Fa0/8
Switch(config-vlan)#exit Fa0/9, Fa0/10, Fa0/11, Fa0/12
Fa0/13, Fa0/14, Fa0/15, Fa0/16
Switch(config)#vlan 30 Fa0/17, Fa0/18, Fa0/19, Fa0/20
Switch(config-vlan)#name MGR Fa0/21, Fa0/22, Fa0/23, Fa0/24
Switch(config-vlan)#exit Gig0/1, Gig0/2
20 IT active
Switch(config)# 30 MGR active
1002 fddi-default active
Note: Configuration 1003 token-ring-default active
1004 fddinet-default active
1005 trnet-default active
Switch#
Note: Verification
Assigning Port to a Vlan
Switch#sh vlan bri

Switch#conf t Switch#sh vlan brief
with CNTL/Z.
VLAN Name Status Ports
Switch(config)#int range fastEthernet 0/1 - 10 ---- -------------------------------- --------- -------------------------------
Switch(config-if-range)#switchport mode acc 1 default active Fa0/11, Fa0/12, Fa0/13, Fa0/14
Switch(config-if-range)#switchport mode access Fa0/15, Fa0/16, Fa0/17, Fa0/18
Fa0/19, Fa0/20, Fa0/21, Fa0/22
Switch(config-if-range)#switchport access vlan 20 Fa0/23, Fa0/24, Gig0/1, Gig0/2
Switch(config-if-range)# 20 IT active Fa0/1, Fa0/2, Fa0/3, Fa0/4
Fa0/5, Fa0/6, Fa0/7, Fa0/8
Fa0/9, Fa0/10
Note: Port Assignment on VLans 30 MGR active
Note: Verification
VTP (Vlan Trunking Protocol) How it works
It is a simply means vlan replication protocol
VTP modes
Server
responsible for creating, deleting or modifying entries in the vlan database
Clients
cannot modify the database and rely on the advertisements from the other
switches to update vlan information.
Transparent
maintains its own local VLAN database and does not directly participate in the VTP domain.
A transparent switch will never accept VLAN database information from another switch,
even a server.
Also, a transparent switch will never advertise its local VLAN
database to another switch.
Transparent switches will pass through advertisements from other switches in the VTP domain.
Switch#sh vtp status
VTP Version :2
Configuration Revision :0
Maximum VLANs supported locally : 255
Number of existing VLANs :5
VTP Operating Mode : Server
VTP Domain Name :
VTP Pruning Mode : Disabled
VTP V2 Mode : Disabled
VTP Traps Generation : Disabled
MD5 digest : 0x7D 0x5A 0xA6 0x0E 0x9A 0x72 0xA0 0x3A
Configuration last modified by 0.0.0.0 at 0-0-00 00:00:00
Local updater ID is 0.0.0.0 (no valid interface found)
Switch#
Configuring Switch VTP Modes
Switch>ena Switch#conf t
Switch#conf t Enter configuration commands, one per
Enter configuration commands, one line. End with CNTL/Z.
per line. End with CNTL/Z. Switch(config)#vtp mode tra
Switch(config)#vtp mode client Switch(config)#vtp mode transparent
Setting device to VTP CLIENT mode. Setting device to VTP TRANSPARENT
Switch(config)# mode.
Switch(config)#
Switch#conf t Switch#conf t
Enter configuration commands, one per line. End with
Enter configuration commands, one CNTL/Z.
per line. End with CNTL/Z. Switch(config)#vtp domain PLMAR
Switch(config)#vtp version 2 Changing VTP domain name from NULL to PLMAR
Setting device VLAN database password to d
Switch(config)#
Note: In VTP switch with no domain name will always adopt the domain available but will not effect the change if password
were not the same.
Trunking Encapsulation How it works
2 Trunking Encapsulation
1. ISL (Inter Switch Link)

Adds header and trailer on the frames
Cisco proprietary
30 bytes additional
2 Trunking Encapsulation
2. 802.1Q
Open standard in encapsulation that tagged frames of
It’s vlan ID
Inserts 4 bytes Vlan Id on the Frames

Configure Trunk Encapsulation
Switch>ena
Switch#conf t
Switch(config-if)#
Switch#sh int trunk

Port Mode Encapsulation Status Native vlan
Fa0/1 on 802.1q trunking 1
Port Vlans allowed on trunk

Fa0/1 1-1005
Port Vlans allowed and active in management domain
Fa0/1 1
Port Vlans in spanning tree forwarding state and not pruned
Fa0/1 1
Switch#
Native Vlan How it works
• 802.1q adds vlan headers to all frames sent out except from frames
originating from its native vlan.
• Frames from native vlan by default are sent out on 802.1q trunks untagged.
• It is a must that both end switch must have the same native vlan configure.
• Native vlan by default is vlan 1.
Hence all frames from vlan 1 will be sent out untag on 802.1q trunks
Switch#conf t Switch#sh int trunk

Enter configuration commands, one per Port Mode Encapsulation Status Native vlan
line. End with CNTL/Z. Fa0/1 on 802.1q trunking 1
Switch(config)#int fastEthernet 0/14 Fa0/14 on 802.1q trunking 5
Switch(config-if)#switchport trunk
encapsulation dot1q
Switch(config-if)#switchport trunk
native vlan 5
Switch(config-if)#
Inter Vlan Routing How it works
Communication in Between Vlans
Router on the Stick Solution
The router act as a default gateway

For the 2 vlans using sub interface
On the router main interface
Configuration router on the Stick
1. Configure the PC with the correct IP Address and Default Gateway

2. On the switch configure vlan and assigned port on their vlan assignments
Switch>ena
Switch#conf t
Switch(config)#vlan 10
Switch(config)#int range fastEthernet 0/1 - 10
Switch(config-if-range)#switchport mode access
Switch(config-if-range)#switchport access vlan 10
Switch(config-if-range)#
Note: Repeat this process for the other PC

3. Make sure that the interface connecting to the router of the switch is configure
as trunk port.
Switch#conf t
Switch(config)#int gigabitEthernet 0/1
Switch(config-if)#
4. Configure the router interface with sub interface and assigned IP address
with encapsulation dot1q.
Router>ena
Router#conf t
Router(config)#int gigabitEthernet 0/0
Router(config-if)#no shut
Router(config-if)#
4. Configure the router interface with sub interface and assigned IP address
with encapsulation dot1q.
Router#conf t
Router(config)#int gigabitEthernet 0/0.10
Router(config-subif)#
%LINK-5-CHANGED: Interface GigabitEthernet0/0.10, changed state to up
%LINEPROTO-5-UPDOWN: Line protocol on Interface GigabitEthernet0/0.10, changed state to up
Router(config-subif)#encapsulation dot1Q 10
Router(config-subif)#ip address 192.168.10.1 255.255.255.0
Router(config-subif)#no shut
Router(config-subif)#
Note: Do the same for the other network for vlan 20.
5. Verify the configuration check if the router interface in configured with the
correct IP for the 2 vlan and if it has the route for the 2 vlan on the
routing table.
Router#sh ip int brief

Interface IP-Address OK? Method Status Protocol
GigabitEthernet0/0 unassigned YES unset up up
GigabitEthernet0/0.10 192.168.10.1 YES manual up up
GigabitEthernet0/0.20 192.168.20.1 YES manual up up
GigabitEthernet0/1 unassigned YES unset dministratively down down
Vlan1 unassigned YES unset administratively down down
Router#
5. Verify the configuration check if the router interface in configured with the
correct IP for the 2 vlan and if it has the route for the 2 vlan on the
routing table.
192.168.10.0/24 is variably subnetted, 2 subnets, 2 masks

C 192.168.10.0/24 is directly connected, GigabitEthernet0/0.10
L 192.168.10.1/32 is directly connected, GigabitEthernet0/0.10
192.168.20.0/24 is variably subnetted, 2 subnets, 2 masks
C 192.168.20.0/24 is directly connected, GigabitEthernet0/0.20
L 192.168.20.1/32 is directly connected, GigabitEthernet0/0.20
Router#
6. Test the Configuration

Using L3 Switch
Switch>ena
Switch#conf t
with CNTL/Z.
Switch(config-vlan)#exit
Switch(config-if-range)#exit
Switch(config-if-range)#exit
Switch(config)#int gig
Using L3 Switch
Enable trunk on the interface connecting to a L3 Switch

Switch(config-if)#
%LINEPROTO-5-UPDOWN: Line protocol on Interface GigabitEthernet0/1, changed state to down
%LINEPROTO-5-UPDOWN: Line protocol on Interface GigabitEthernet0/1, changed state to up
Switch(config-if)#
Using L3 Switch
On L3 Switch Enable trunk interface connecting to the L2 Switch
Switch>ena
Switch#conf t
Switch(config-if)#
Using L3 Switch
Create Vlan on L3 Switch
Switch#conf t
Switch(config-vlan)#
Using L3 Switch
Create SVI and Assinged DG ip address on it base on the Network address

on the vlan configured
Switch#conf t
Switch(config-if)#
Switch(config-if)#no shut
Switch(config-if)#
Note: SVI for Vlan 10

Using L3 Switch
Create SVI and Assinged DG ip address on it base on the Network address

on the vlan configured
Switch#conf t
Switch(config-if)#
Switch(config-if)#no shut
Note: SVI for Vlan 20

Using L3 Switch
Enable Routing on the L3 Switch
Switch#
Switch#conf t
Switch(config)#IP routing
Switch(config)#
Note: Routing is enable on the L3 Switch

Using L3 Switch
Test Time
Spanning Tree Protocol 802.1d How it works
Create a loop free topology in a switch network
NETWORK A NETWORK B
Who’s much better network?

Create a loop free topology in a switch network
Created to prevent loops in the networks by

shutting down (blocking) the redundant links that
could create a loop, and this could be re enable
if the primary link fails.
STP PROCESS
To maintain a loop-free environment, STP performs the following function
A Root Bridge is elected
Root Ports are identified
Designated Ports are identified
If a loop exists, a port is placed in Blocking state.

If the loop is removed the blocked port is activated again.
STP PROCESS
To maintain a loop-free environment, STP performs the following function
A Root Bridge is elected
As soon as the switch is powered on

It immediately and start sending out frames
the switch claims itself as the root
Called BPDU’s (Bridge Protocol Data Units)
bridge the center of switch topology
Their Called a Bridge ID in the BPDU which is the combination of
MAC ADDRESS
PRIORITY
Note: The Lower the Bridge ID the Better and will become the Root Bridge
STP PROCESS
Default Priority: 32768
Mac Address : BBBB

Priority : 32768 During BPDU exchange each switch check
and compared their Bridge ID the Lower
the Better.
SW2 Having All the same Priority they check their Mac
Address. The lowest the better
SW1 will become the Root Bridge

Note: All port in the root bridge are designated port or
forwarding states.
SW1 SW3
Mac Address : AAAA Mac Address : CCCC
Priority : 32768 Priority : 32768
STP PROCESS
Identifying Root Ports
Default Priority: 32768
The second step in the STP process is identifying
Mac Address : BBBB
Root Ports, or the port on each switch that has the
Priority : 32768
lowest path cost to get to the Root Bridge.
Each switch has only one Root Port, and the
D D Root Bridge cannot have a Root Port.
SW2
Path Cost is a cumulative cost based on the
bandwidth of the links. The higher the bandwidth,
19 cost 19 cost the lower the Path Cost:
Bandwidth Cost
R R 4mbps
10mbps
250
100
SW3 16mbps 62
19 cost 100mbps 19
SW1 Mac Address : CCCC
Mac Address : AAAA 1Gbps 4
Priority : 32768 10Gbps 2
Priority : 32768
STP PROCESS
Identify the Designated and None Designated Port
Default Priority: 32768 On the None-Root Switch
Mac Address : BBBB The Criteria will be…
Priority : 32768
D D 1. Elect the Root Bridge

SW2 2. Find the lowest cost path to the Root
3. Use lowest Bridge ID on equal cost path
4. Use lower port to break the tie
19 cost 19 cost
R R
SW3
SW1
DP 19 cost NDP
Mac Address : CCCC
Mac Address : AAAA
Priority : 32768
Priority : 32768
STP PROCESS
Identify the Designated and None Designated Port
Default Priority: 32768 On the None-Root Switch
Mac Address : BBBB The Criteria will be…
Priority : 32768
D D 1. Elect the Root Bridge

SW2 2. Find the lowest cost path to the Root
3. Use lowest Bridge ID on equal cost path
4. Use lower port to break the tie
19 cost 19 cost
R R
SW3
SW1
DP 19 cost NDP
Mac Address : CCCC
Mac Address : AAAA
Priority : 32768
Priority : 32768
STP CONFIG
Switch#conf t
Switch(config)#spanning-tree vlan 1 root primary
Switch(config)#
Switch#conf t
Switch(config)#spanning-tree vlan 1 root secondary
Switch(config)#
Switch#conf t
Switch(config)#spanning-tree vlan 1 priority 4096 default value increment
Switch(config)#
STP Port States
Listening
15 seconds of listening for the BPDUs
Switch sends / receives BPDUs
Learning
15 seconds of learning Mac Address
Populates switch CAM Table
Forwarding
Port is forwarding the traffic
Blocking
Bonus switch will wait up to 20 seconds before moving
The blocked port into listening phase
Disabled
A network administrator has manually disabled the switch port.
EtherChannel (Link Aggregation)
How it works
It group several physical ethernet links into one logical links
Negotiation Protocols
PAGP Port aggregation Protocol

cisco proprietary
port modes: auto, désirable, on
How it works
It group several physical ethernet links into one logical links
Negotiation Protocols
Link aggregation Control Protocol (LACP)

Industry standard 802.3Ad
Port Modes : Passive active on
How it works
Configuration
Switch>ena Switch>ena
Switch#conf t Switch#conf t
Enter configuration commands, one per line. End with CNTL/Z. Enter configuration commands, one per line. End with CNTL/Z.
Switch(config)#int range fastEthernet 0/1 - 2 Switch(config)#int range fastEthernet 0/1 - 2
Switch(config-if-range)#channel-protocol pagp Switch(config-if-range)#channel-protocol pagp
Switch(config-if-range)#channel-group 1 mode desirable Switch(config-if-range)#channel-group 1 mode desirable
Switch(config-if-range)#
Switch# sh etherchannel ?
load-balance Load-balance/frame-distribution scheme among ports in
port-channel
port-channel Port-channel information
summary One-line summary per channel-group
<cr>
Switch# sh etherchannel summa
Switch# sh etherchannel summary ?
<cr>
Switch# sh etherchannel summary
Flags: D - down P - in port-channel
I - stand-alone s - suspended
H - Hot-standby (LACP only)
R - Layer3 S - Layer2
U - in use f - failed to allocate aggregator
u - unsuitable for bundling
w - waiting to be aggregated
d - default port
Number of channel-groups in use: 1
Number of aggregators: 1
Group Port-channel Protocol Ports
------+-------------+-----------+----------------------------------------------
1 Po1(SU) PAgP Fa0/1(P) Fa0/2(P)

Switch#
THANKS…

Cisco Switching Basic: Netlabinc

Uploaded by

Document Information

Original Title

Copyright

Available Formats

Share this document

Share or Embed Document

Sharing Options

Did you find this document useful?

Is this content inappropriate?

Copyright:

Available Formats

Cisco Switching Basic: Netlabinc

Uploaded by

Copyright:

Available Formats

CISCO SWITCHING BASIC

2. Securing the Console port

5. Secure the Privilege Mode Enable secret

6. Service password encryption

If Switch is connected to an end device PC, Server or Printer.

Categories of Switchport Modes

Unconditionally sets the interface as Access and don’t send

Combinations of Port Modes and Its Operational Modes

Dynamic Auto Access Trunk Trunk Access

Switch# sh int fastEthernet 0/1 switchport

D: FF Vlan Mac Address Type Ports

Limiting as to number of allowed Mac Address on the Switch Port

Switch>ena Enable the port-security

Static and Dynamic Mac Address Filtering on the Switch Port

Configuring the security violation on the switch interface

Switch#sh port-security interface fastEthernet 0/22

Enable the Shutdown port due to Violation

Switch(config)#errdisable recovery cause psecure-violation

= It’s a logical subdivision of the switch

Creation / configuration of Vlans

Switch>ena Switch#sh vlan bri

Assigning Port to a Vlan

Switch#sh vlan bri

1. ISL (Inter Switch Link)

Inserts 4 bytes Vlan Id on the Frames

Switch#sh int trunk

Port Vlans allowed on trunk

Switch#conf t Switch#sh int trunk

Communication in Between Vlans

Router on the Stick Solution

The router act as a default gateway

Configuration router on the Stick

1. Configure the PC with the correct IP Address and Default Gateway

Note: Repeat this process for the other PC

Configuration router on the Stick

Configuration router on the Stick

Configuration router on the Stick

Configuration router on the Stick

Router#sh ip int brief

Configuration router on the Stick

192.168.10.0/24 is variably subnetted, 2 subnets, 2 masks

Configuration router on the Stick

6. Test the Configuration

Enable trunk on the interface connecting to a L3 Switch

Switch(config)#int gigabitEthernet 0/1

On L3 Switch Enable trunk interface connecting to the L2 Switch

Create Vlan on L3 Switch

Create SVI and Assinged DG ip address on it base on the Network address

Note: SVI for Vlan 10

Create SVI and Assinged DG ip address on it base on the Network address

Note: SVI for Vlan 20

Enable Routing on the L3 Switch

Note: Routing is enable on the L3 Switch

Who’s much better network?

Create a loop free topology in a switch network

Created to prevent loops in the networks by

To maintain a loop-free environment, STP performs the following function

A Root Bridge is elected

Root Ports are identified

Designated Ports are identified

If a loop exists, a port is placed in Blocking state.

To maintain a loop-free environment, STP performs the following function

A Root Bridge is elected