< All Cisco CCNA Notes

Benkő Richard | Cisco CCNA | Module 3 - Layer 2 Data Link

By: b3Nk0 | Related Course: Cisco CCNA | Published: June 13, 2016 | Modified: June 16, 2016
Join Cybrary

Notepadconfigure vlan

creating a vlan (id:150, name: ccna), and adding a port in which is connected an end device.

 

config terminal

*enter global config mode

vlan 150

*create vlan 150

name ccna

*name vlan 

exit

do show vlan brief

* show vlan db, vlan 150 has been created and is active wit name ccna

exit

show interfaces fastethernet 0/24

*check port 24

(0 = slot number, 24 = port number, first number is always the slot number, second is port number)

(by default the ports on switch are up. On routers by default htey are down)

(MTU = max. transmission unit, BW =  bandwidth)

( by default fastethernet are full duplex)

conf t

interfaces fastethernet 0/24 short =  int f 0/24

*enter the port

switchport mode access

*change the port mode to access

switchport access vlan 150

*add the port to vlan150

 


Notepadios 1

IOS = cisco os

3 types of memories in cisco routers and switches:

  1. RAM – holds the running confoguration
  2. NVRAM – non volatile ram – holds the startup configuration. Saved config persist (like hdd)
  3. Flash memory – holds the OS(Internetworking OS = IOS) 

Nonconfigured device will start with config wizard – will avoid cancel with ctrl+c, take us to promp(user mode)

In prompt:

*help feature, shoes all available commands

rule: the least amount of letter that you have to type to make a command unice will work in cisco. Not need to type whole commands(ie. sh = show, etc.).

enable

*privilege mode- takes to privilege 50 = superuser. There are lower levels ie. enable 12, or 14 which set only certain privs. Specific user can be allowed to use only ie. 12 or 13 or 15 …. which gives them only some privileges.

disable

*go back to user mode from priv.

 


NotepadIOS modes

conf t

*global configration mode

– any change made from this mode, will affect the device as a whole

exit or end or ctrl+ z

*exit from conf mode. end and ctrl+z will take us to the priv mode no matter where we are.

in conf t:

hostname

*give name to the device

– if misspell a command, router start domain name search, and it last 60 second. thin can be disabled:

conf t

no ip domain-lookup

set password protection for device:

enable password <password>

*set passwd for priv mode

enable secret <password>

*set password as well, but in show running config this password will be encrypted. If we use enable password, the password will be shown in cleartext in config!!!!!!!!!!!!!!!!!

-advice to immediatelly test every change, not make ie. 10 changes and then test.

reload

*restarts the device.

-If the configuration was not saved to nvram, all configuration will be lost after restart.

show running-config

*show the changes that has been made, but not saved

 

 

 


NotepadPer Vlan STP

– ciso switches are not runing only ”STP”, they are running Per VLAN spanning tree protocol PVSTP

– it is a separate STP for each VLAN

– bridge ID field is modified: 4bit+vlan+12bit+48bit+mac


Notepadportfast

– on ports where there is no way for loop(ie. a router is connected) it is not needed to wait all 50 sec for setting up STP. On that port we can turn it off – turn the port to portfast:

conf t

int f<port no>

spanning-tree protfast


NotepadSpanning treee protocol (STP) 1

– prevents network from loops – layer 2 loops = broadcast storms

– STP is enabled on switches by default and it is not recomended to disable it

– when switches turned on, by default they start sending each other STP frames called BPDU(bridge protocol data unit) every 2 seconds

STP works in 3 steps:

  1. Elect 1 root bridge layer2
  2. Elect 1 root port per non root swich
  3. Elect 1 designated port per segment

STP decision process:

  1. Lowest beidge ID
  2. Lowest root path cost
  3. Lowest sender bridge ID
  4. Lowest sen der port ID


NotepadSTP 2

Root bridge

– Bridge ID = priority + MAC

– Priority range is 0 – 65535

– By default all switch have 32768 priority, so the switch with lowest mac becomes Root bridge.

– in the begining all switches are sending theyr own BPDU(wchich contains the bridge Id), and when recieves a lower than its own, stop sendng its own. This is how root bridge get elected.

Root port on non root switch

– happens according to root path cost- faster link = lower cost

– Root bridge sends BPDU, the port which recieves the frame in shortest time is elected as root port. 

Path costs:

10Mbps = 100

100Mbps = 19

1000Mbps = 4

Lowest Sender bridge ID

– switch which has no root port (all ports recieving in same cost) will choose the lowest sender according to their bridge ID(in this case the root bridge is the farthest, so it is not a sender for this switch)

Lowest sender port ID

if the non root port switch is connected with the lowest sender bridge on more links(ports) the lowest port will be the chosen

 


NotepadSTP 3

STP port states:

Blocking – last for 20 second ater poweron switches, when BPDU sending starts

Listening – sending and recieving BPDU – last 15 seconds

Learning – 15 secs – no data trafic, switch populating mac address table as much as possible

Forwarding – switch up and running

Ports not designated during STP process, are called alternate ports, they are shut down, until they are not needed. They are blocked because they could cause loops.


NotepadSTP conf

login to sw:

enable

show spanning-tree vlan <vlan id>

conf t

spanning-tree vlan <vlan id> priority <priority number>

*set the priority – can be only an increment of 4096!!

 

 


Notepadtrunk links(ports)

– can carry more than 1 vlan at a time

– allow 2 or more vlans (or switches) talk to each other over 1 port

– switch puts an id on frame(identifies the vlan where it comes from) = Frame Tagging

Frame tagging iis done using 1 of 2 protocols.

1. Interswitch link (ISL)

  • cisco propriatery
  • encapsulates the original frame with a new frame (26 byte header, 4 byte footer). The ”frame around the frame” has the id.

2. IEEE 802.Iq

  • open standard
  • insert a 4 byte field in original frame which identifies the vlan
  • MTU for ethernet is 1500 bytes in this case  + this 4 bytes are added !!!
  • has a feature: Native vlan = this vlan is not tagged.

IEEE802.Iq is better – less overhead = less + data

We can manually conf. trunks, but there is a dynamic trunking protocol(DTP):

3 modes:

1. Dynamic desirable:

  • switch port will send DTP frames and will respond to DTP frames
  • the 2 ports are negotiating
  • switch models end with 50 (ie. 3550) have this as default

2. Dynamic auto:

  • Recieves DTP, but does not send
  • the port will not initiate trunking, but will recieve
  • models ending 60(ie. 3560) have this as default
  • if connect 2 xx60 switches, they will not work in dynamic trunk. Need to be set manually

3. ON:

  • set local port to trunk unconditionally

 


Notepadtrunking configuration

in switch1:

configure terminal

interfaces fastethernet 0/1

do show int f 0/1

switchport

*can see that this port is by default in dynamic auto mode

do show interface trunk

*can see there is no trunking

switchport mode dynamic desirable

* switched port to dyn. des. 

do show interfaces trunk

*status: trunking for port 0/1

– by default all vlans are allowed over the trunk

in switch2:

config t

do show interfaces trunk

*same status as is on sw1

in sw1:

switchport trunk allowed vlan 1,150,200-300 (or whichever vlans)

*this allows only specifiied vlans on trunk: 1, 150  and all from 200 to 300

switchport trunk native vlan 150

*this will be the nativ vlan = goes untagged

– this will igve an error ”native vlan mismatch” because on the sw2 the native vlan is still 1, not 150

– have to go to sw2 and set vlan150 as native vlan

sw1:

do show int f 0/1 switchport

*all set ok

sw2:

do show int f 0/1 sw

*trunk mode dynamic auto – in this case it is ok, because sw1 is already set to dyn. desirable = will work together according to protocols 

– if set auto, need to set encapsulation manually

sw2:

switchport trunk encapsulation ?

*shows only one option: 802.1q, because isl because with isl frames is bigger than MTU

switchport trunk encapsulation dot1q

*set encapsulation

– need to set also on sw1 because now it is not negotiating after setting sw2 manually

switchport nonegotiate

*switch off negotation – need to be done on both sw

copy running-config startup-config

*save the configuration


Notepadvlan domains

vlan:

– vlan is a virtaul switch inside a switch

– is a layer 2 broadcast domain(BD)

Switch by default is 1 BD

2 types of ports exist in switch:

  1.  Access links
  •  is any port that is part of 1 vlan
  • if you put the port to a specific vlan, the device connected to that port become a part of that specific vlan

      2. Trunk links

  • can carry more than 1 vlan at a time
  • allow 2 or more vlans (or switches) talk to each other over 1 port


NotepadVLAN trunking protocol

– it is not trunking, it only works over trunk links

– server  – client mechanism: set 1 swicth as server, other switches as clients. If same settings needed, do it only on server swicth, client switches take the settings. Dont need to do the same on all swtches separately

modes:

  1. VTP Server mode – serves the settings
  2. VTP client mode – take settings from server
  3. VTP transparent mode – bypass the server settings = same network, but it will not listen to servers settings

 


< All Cisco CCNA Notes
Join Cybrary

Our Revolution

We believe Cyber Security training should accessible for everyone, everywhere. Everyone deserves the OPPORTUNITY to learn, begin and grow a career in this fascinating field. Therefore, Cybrary is the world's largest community where people, companies and training come together to give everyone the ability to collaborate in an open source way that is revolutionizing the cyber security educational experience.

We recommend always using caution when following any link

Are you sure you want to continue?

Continue
Cancel