CCNA Router & Switching

Day 2 lecture notes

Internetworking Operating System (IOS)

Layer 2 Switching
VLAN and Inter-VLAN
Module Objects
• Switching Basics
• Switch configuration
• Port security
• Vlan & inter-vlan routing
• Vlan Trunking
• Router on a stick
• IP routing
• RIP

CCNA R & S 2
Switches
• Switches has separate collision domains
• Switches are faster than the hubs
• Single link is considered its own collision domain

CCNA R & S 3
Switching Logic
• Switching are Layer 2 device
• LAN switch forwards Ethernet Frames
• Broadcast frames has destination MAC address of
FFFF.FFFF.FFFF
• Switches Actions
• Deciding when to Forward or Filter a frame, based on
the destination MAC address
• Learning MAC addresses from source MAC address of
frame
• Creating Layer 2 loop-free environment with other
switches using Spanning Tree Protocol (STP)

CCNA R & S 4
Forward and Filter Decision

CCNA R & S 5
Forwarding Decision with Two
Switches

Dest 0200.3333.3333

CCNA R & S 6
Build MAC Address Table

CCNA R & S 7
 Flooding Frames
• If Destination MAC Address is not yet in the MAC
Address Table, the frame is forwarded out to all
interfaces using process called Flooding

• Switch never forwards a frame out the same

interface on which it arrived

CCNA R & S 8
 Spanning Tree Protocol
• STP protocol used to avoid loops in the LAN
network
• Flooded frames causes Broadcast storms

CCNA R & S 9
Collision Domain
• Referred to an Ethernet concept of all ports whose
transmitted frames could cause a collision

CCNA R & S 10
Broadcast Domain
• Ethernet broadcast domain is the set of devices to
which that broadcast is delivered
• Only Routers separate the LAN into multiple
broadcasts domain

CCNA R & S 11
Campus Design
CISCO Switch Roles in Campus
Design
• Core Switch
• Distribution Switch
• Access Switches

CCNA R & S 13
Auto-Negotiation Enable

CCNA R & S 14
Auto-Negotiation with Hubs
• Always results in 10 Mbps speed and Half-duplex

CCNA R & S 15
Installing and Operating Cisco
LAN Switches
Cisco Catalyst Switches
• Switches have 24 or 48 RJ-45 UTP 10/100/1000 ports
• Ports can auto-negotiate the use of 10BASE-T or
100BASE-T, 1000BASE-T
• Switches can also have 2 or 4 10/100/1000 interfaces on
right
• Physical connectors are also referred as interfaces or ports
• Interfaces are number (x/y)
• x = module, y = interface no.
• For example
• Interface FastEthernet 0/1
• Interface GigabitEthenet 1/1

CCNA R & S 17
Switches Status from LEDs
Name Description

1 SYST (System) Overall System Status

Suggest the status of the extra (redundant) power
2 RPS
supply
3 STAT (Status) If ON, Implies that each port LED shows the status
If ON, Implies that port’s duplex (ON = Full | Off =
4 Duplex
Half)
If ON, each port LED implies the speed of that port, (
5 Speed
ON = 100Mbps, Off = 10Mbps, Flashing = 1Gbps)
A button that cycles the meaning of the LEDs through
6 Mode
states

CCNA R & S 18
Accessing the Cisco
IOS CLI
Methods to Access CLI
• Console
• Physical port built specifically to allow access to the CLI
• Telnet & Secure Shell (SSH)
• Uses IP network
• SSH is secure and Telnet is not
• Telnet and SSH has client and server
• Telnet server listens on Well-known port number 23
• SSH server listens on Well-known port number 22
• Users can use emulator software as a Telnet and
SSH clients
• SSH encrypts the contents in the message
CCNA R & S 20
Console Connection
• RJ-45 to DB-9 cable
• Also known as Rolled Over cable
• New Cisco routers and switches comes with USB
ports

CCNA R & S 21
User and Enable (Privileged)
Modes
• CLI has different area modes
• User Exec mode
• Hostname>
• Enable Mode (Privileged or privileged Exec Mode)
• Hostname#
• The command that can be used in user (exec) mode
or enable (exec) mode are called Exec Commands

CCNA R & S 22
Navigation In and Out of Switch Configuration Modes

CCNA R & S 23
 Storing Switch
Configuration File
Type of Memory in Cisco Switch
• RAM – Running (active) configuration file is stored
• ROM – Stores a bootstrap program
• Flash Memory – Stores fully functional Cisco IOS
• NVRAM – Startup configuration file

CCNA R & S 25
Copying and Erasing Configuration Files
#copy running-config startup-config
#Erase startup-config

#show running-config
#show startup-config

#Switch(config)#hostname SW1
Please Do NOT run This command

CCNA R & S 26
Initial Setup Mode

CCNA R & S 27
Show Version Command
• Hostname# show version
• This command lists
• The IOS version
• Time since last load of the IOS
• Number of Fast Ethernet Interfaces
• Number of Gigabit Ethernet Interfaces
• Switch Model Number

#no ip domain lookup

CCNA R & S 28
Configuring Ethernet
Switching
Securing the Switch
Protecting the Access to Switch
• The first thing to protect is the Access to the switch
• Assign Console and VTY passwords
• We will see
• Simple password to user mode (console and telnet)
• Password Encryption
• Enable Mode passwords

CCNA R & S 30
Basic Passwords
• Hostname> enable
• Hostname# configure terminal
• Setup Console Passwords
• Hostname(config)# line console 0
• Hostname(config-line)# password cisco
• Hostname(config-line)# login
• Hostname(config-line)# exit
• Setup Telnet Passwords
• Hostname(config)# line vty 0 15
• Hostname(config-line)# password cisco
• Hostname(config-line)# login
• Hostname(config-line)# exit
• Setup the Enable (Privileged Mode) Password
• Hostname(config)# enable password cisco
• Hostname(config)# end
CCNA R & S 31
Usernames and Passwords -
Configuration
• Create usernames/password
• Hostname> enable
• Hostname# configure terminal
• Hostname(config)# username name password
password
• Assign these password to lines
• Hostname(config)# line vty 0 4
• Hostname(config-line)# login local

CCNA R & S 32
Securing Passwords
Securing Passwords
• Command: service password-encryption encrypts the
passwords
• All current and new passwords
• Run in Global configuration mode
• Hide the Enable Password
• Command: enable secret password
• Create an encrypted password for Enable mode
• This password will get precedence if you have other basic
enable password
• Hide the Passwords for Local Usernames
• Command
• username user secret password
• Global mode command
CCNA R & S 34
Banners
Types of Banners
• Message of the Day (motd)
• Shown before the login prompt
• Temporary messages, that can change time to time
• Start with banner motd # & close with #
• Login
• Shown before the login prompt but after the MOTD banner
• Permanent message usage, for example “Unauthorized
Access Prohibited”
• Start with banner login # & close with #
• Exec
• Shown after the login prompt
• Used to supply info that should be hidden from unauthorized
users
• Start with banner exec z & close with z
CCNA R & S 36
 LAN Switch
Configuration and
Operation
IP for remote access
 Enabling IP for Remote Access
• Switch uses Switched Virtual Interface (SVI)
• Also known as VLAN interface
• This acts like NIC for connecting switch into a LAN to
send IP packets
• You assign IP address to VLAN1 interface

CCNA R & S 38
Interface configuration
Configuring the Interfaces
• Interface refers to the physical ports used to forward
data to and from other devices
• To configure interfaces, move to interface mode
• Hostname> enable
• Hostname# configure terminal
• Hostname(config)# interface fastethernet 0/1
• Hostname(config-if)#
• OR Hostname(config)# interface range fastethernet 0/1 - 5
• Use interface subcommands to configure the interface
• Hostname(config-if)# speed 100
• Hostname(config-if)# duplex full
• Hostname(config-if)# description Server1 connects here

CCNA R & S 40
Interface Configuration Example

CCNA R & S 41
Verifying the Interface
Configuration
• Show interface command

• Show interface vlan 1

• Show interface fastethernet 0/1 OR fa 0/1
• Show interface gigabitethernet 1/1 OR gi 1/1
• Show interfaces status

CCNA R & S 42
Port Security
Port Security
• Used to restrict the interface so that only the
expected devices can use it
• Reduces exposure to attacks
• Protect interface to connect Hubs and Switches
• MAC address in Ethernet Frames helps to identify
the devices for Port Security

CCNA R & S 44
Limit the Source MAC addresses
on Port
• Switches enable port security per port
• Maximum number of allowed MAC addresses
• Define the max number of source MAC addresses
• Switch watch all incoming frames, add the Source MAC
address to MAC address table and increase the counter
of number of different source MAC Addresses
• If counter gets greater than the maximum number,
violation occur

CCNA R & S 45
Predefining the MAC addresses
• You can predefine the MAC addresses allowed
• Two options
• Get the MAC addresses and type in the command
• Or use Sticky MAC address
• Sticky features learns the MAC addresses off each
port and stores in the Port Security configuration
(running-config file)
• Helps reduce the big effort of finding MAC addresses

CCNA R & S 46
Violations
• Protect
• Discards offending traffic
• Restrict
• Discards offending traffic
• Sends log and SNMP messages
• Shutdown
• Default violation action
• Discards all traffic, Sends log and disables the interface

CCNA R & S 47
Configuring Port Security
• Make switch interface static access or trunk interface
• Switchport mode {access | trunk}
• Enable port security
• Switchport port-security
• (Optional) set the max number of allowed MAC addresses
• Switchport port-security maximum number
• (Optional) set the security violation
• Switchport port-security violation {protect | restrict | shutdown}
• (Optional) predefine any allowed source MAC address(es)
• Switchport port-security mac-address mac-address
• (Optional) tell the switch to “sticky learn” MAC addresses
• Switchport port-security mac-address sticky

CCNA R & S 48
Verifying Port Security
• Command used in the Privileged Mode
• Hostname# show port-security interface fa 0/1

CCNA R & S 49
 Virtual LAN
Implementing Ethernet virtual LANs
Virtual LAN Concepts

CCNA R & S 51
Reasons for Choosing Smaller
Broadcast Domains
• To reduce received broadcast frames on each
device
• Reduce security risks, reducing the number of host
that receive copies of frames that switch flood
• Improve security for hosts with sensitive data
• Keeping those host on a separate VLAN
• Flexible designs that group users by department
instead of by physical location

CCNA R & S 52
Creating Multi-switch VLANs
• We use VLAN trunking when using VLANs in the
networks
• VLAN trunking causes the switches to use a process
call VLAN tagging
• Switch adds another header to frame before sending it
over the trunk
• This includes the VLAN identifier

CCNA R & S 53
Trunking

CCNA R & S 54
VLAN Trunking Protocols
• 802.1Q and ISL are two protocols support by
Cisco
• Inter-Switch Link (ISL) Cisco Proprietary
• 802.1Q and IEEE standard
• 802.1Q has become the popular trunking protocol
• 802.1Q inserts 4 bytes 802.1Q VLAN Header
into original frame’s Ethernet Header

CCNA R & S 55
802.1Q Header
• 12-bit VLAN ID
• 2^12 = 4096 VLANs where 0 and 4095 values are
reserved
• Valid range of VLAN IDs = 1 to 4094
• 802.1Q does not add header to Native VLAN

CCNA R & S 56
Forwarding Data Between VLANs
• Multilayer switch or Layer 3 switch are used
• Switches with added functionalities of router
• Or we can use a Router

CCNA R & S 57
Router on a Stick
• Router between two VLANs using a trunk

CCNA R & S 58
Layer 3 Switch (IVR)

CCNA R & S 59
 VLAN and VLAN Trunking
Configuration and Verification
Implementing Ethernet virtual LANs
VLAN Configuration

CCNA R & S 61
VLAN Verification
• Command: show vlan brief
• Command: Show vlan id vlan-id
• Example: show vlan id 2

CCNA R & S 62
VLAN Trunking Configuration
• One both switches, select the protocol for trunking
• Command: switchport trunk encapsulation {dot1q | isl | negotiate}
• Set the interface in the trunking mode (statically or
dynamically)
• Command: switchport mode {access | trunk | dynamic}
• Command: switchport mode dynamic {desirable | auto}

Command Option Description

Access Always act as an access (nontrunk) port
Trunk Always act as a trunk port
Dynamic Desirable This will form a trunk with other ports in the state on, auto
and desirable
Dynamic Auto This will form a trunk with other ports in the state on, and
desirable

CCNA R & S 63
Controlling Which VLANs Can Be Support
on Trunk
• A feature which allows network administrators to
administratively disable a VLAN from a trunk
• By default all possible VLANs (1 to 4094) are
allowed VLAN list
• Command to limit them
• Switchport trunk allowed vlan {add | all | except |
remove} vlan-list
• Example: switchport trunk allowed vlan except 100-200
– interface mode command
• Allows list selected as: 1 to 99 and 201 to 4094

CCNA R & S 64
Verification Command
• Command: show interface trunk – Privileged mode

CCNA R & S 65
Securing Unused
Switch Interfaces
Best Practices
• Administratively disable the interface
• Shutdown – interface mode command
• Prevent VLAN trunking by making the port a
nontrunking interface
• Switchport mode access – interface mode command
• Assign the port to an unused VLAN
• Switchport access vlan number – interface mode
command
• Set the native VLAN to not be VLAN1
• Switchport trunk native vlan vlan-id

CCNA R & S 67
IP Routing

www.itroute.com.au 68
Module Objectives
• Routing Basics
• Static, default , dynamic routing introduction
• Ip address configuration
• Rip configuration

www.itroute.com.au 69
Interfaces
• Command Example
• interface ethernet 0/1
• interface fastethernet 0/1
• interface gigabitethernet 0/1
• interface serial 0/0

www.itroute.com.au 70
Configure IP Address
• Commands:
• R1(config)# interface fastethernet 0/1
• R1(config-if)# ip address 172.16.1.1
255.255.255.0
• R1(config-if)# no shutdown

www.itroute.com.au 71
Configuring Routes
• Connected routes
• Interface Command: ip address
• Static Routes
• Global Command: ip route
• Routing Protocols

• Configuration verification command

• Sh ip route
• Sh ip arp
• show ip interface brief
• Sh run | begin interface

www.itroute.com.au 72
Static Route Configuration
• Global Command: ip route network mask outgoing-
interface
• R1: ip route 192.168.2.0 255.255.255.0 Se0/0/0
• R2: ip route 192.168.1.0 255.255.255.0 Se0/0/0
OR → 2nd method
• Global Command: ip route network mask next-hop-
IP
• R1: ip route 192.168.2.0 255.255.255.0 1.1.1.2
• R2: ip route 192.168.1.0 255.255.255.0 2.2.2.2

www.itroute.com.au 73
Default Static Route
• Global Command: ip route 0.0.0.0 0.0.0.0 outgoing-
interface
• Example: ip route 0.0.0.0 0.0.0.0 Se0/0/1

www.itroute.com.au 74
Dynamic Routing
• Learn from other routers
• Advertise routing
• Find the best route using Metric
• React when topology changes
• Process is called Convergence

www.itroute.com.au 75
Interior & Exterior Routing
Protocols

www.itroute.com.au 76
IGP Routing Protocols
• Distance Vector
• RIP – Routing Information Protocol
• Advanced Distance Vector (Hybrid)
• EIGRP – Enhanced Interior Gateway Routing
Protocol
• Link State
• OSPF – Open Shortest Path First

www.itroute.com.au 77
Administrative Distance

www.itroute.com.au 78
ROUTING INFORMATION PROTOCOL
(RIP)

www.itroute.com.au 79
Features
• True distance-vector protocol
• Send full routing table out every 30s
• Maximum hop count is 15
• RIPv1 is classful routing protocol
• RIPv2 is classless routing protocol
• RIP use 224.0.0.9 for multicast communication

www.itroute.com.au 80
Configuration
R1(config)#router rip
R1(config-router)#network 192.168.1.0
R1(config-router)#network 1.1.1.0
R1(config-router)#version 2

R2(config)#router rip
R2(config-router)#network 192.168.2.0
R2(config-router)#network 1.1.1.0
R2(config-router)#version 2

*Configuration verification command:

• show ip route
• Show ip protocols

www.itroute.com.au 81
Holding down RIP
propagations
• Stop unwanted RIP updates from propagating
across LANs or WANs.
• Use passive-interface command

R1(config)#router rip
R1(config-router)#passive-interface
GigabitEthernet0/1

www.itroute.com.au 82
Advertising a default
route using RIP
• Add a default route for other routers in a network
using RIP

R1(config)#ip route 0.0.0.0 0.0.0.0 s0/0/0

R1(config)#router rip
R1(config-router)#default-information originate
R1(config-router)#do show ip route

www.itroute.com.au 83
Thank you

www.itroute.com.au 84