1.9.

c Multicast Addresses

Multicast addresses are used to deliver packets to

multiple interfaces, typically within the same network
or a designated multicast group.
Multicast:

These addresses start with the prefix ff00::/8.

They are not limited to a single device but rather to
a group of devices.
Example: ff02::1 (all nodes on the local network segment)
 1.9.d Modified EUI-64

The Modified EUI-64 format is used to automatically

configure an IPv6 address from a device's MAC address.
Modified EUI-64:

This method splits the 48-bit MAC address into two 24-bit parts
and inserts fffe in between, creating a 64-bit interface
identifier.
The Universal/Local (U/L) bit is flipped to indicate that the
address is a globally unique address.
Example conversion: For a MAC address 00:1A:2B:3C:4D:5E, the
EUI-64 address would be 001A:2BFF:FE3C:4D5E.
 Summary
Unicast Addresses: Identify a single interface.
Global Unicast: Routable on the global internet.
Unique Local: Local communications within an organization.
Link-Local: Communication within a single link.
Anycast Addresses: Identifies multiple interfaces, with
data routed to the nearest one.
Multicast Addresses: Used for delivering packets to multiple
interfaces.
Modified EUI-64: Method for creating an IPv6 address from a
MAC address.
Understanding these IPv6 address types is crucial for
designing and managing IPv6 networks effectively.
1.10 Verify IP parameters for Client OS (Windows, Mac OS, Linux)

1.11 Describe wireless principles

1.11.a Nonoverlapping Wi-Fi channels
Day 06
1.11.b SSID
1.11.c RF
1.11.d Encryption
1.12 Explain virtualization fundamentals (server virtualization,
containers, and VRFs)
1.13 Describe switching concepts
1.13.a MAC learning and aging
1.13.b Frame switching
1.13.c Frame flooding
1.13.d MAC address table
1.10 Verify IP parameters for Client OS (Windows, Mac OS, Linux)
 Verifying IP Parameters for Client OS (Windows, Mac OS, Linux)

Verifying IP parameters involves checking the network settings such as IP

address, subnet mask, default gateway, and DNS servers. Here are the steps
to do this on Windows, Mac OS, and Linux:

Windows
Using Command Prompt:
Press Win + R, type cmd, and press Enter to open the Command Prompt.
Type ipconfig and press Enter.
The command will display the IP configuration for all network adapters.

ipconfig
Look for the following details:
IPv4 Address
Subnet Mask
Default Gateway
DNS Servers
 Using GUI:

Go to Control Panel > Network and Sharing Center.

Click on Change adapter settings.
Right-click on the network adapter you are using (e.g.,
Ethernet, Wi-Fi) and select Status.
Click on Details to view the network information.
Mac OS
Using Terminal:

Open Terminal (found in Applications > Utilities).

Type ifconfig and press Enter.
ifconfig
Alternatively, for a more concise output:
ipconfig getifaddr en0
Replace en0 with the appropriate interface (e.g., en1 for Wi-Fi).

Using GUI:

Go to System Preferences > Network.

Select the network interface you are using (e.g., Wi-Fi, Ethernet)
from the list on the left.

Click on the Advanced button.

Go to the TCP/IP tab to view the IP configuration details.
 Linux

Using Terminal: Open a terminal window.

Type ifconfig (or ip a for a more modern command) and press Enter.
Look for the following details under the
appropriate network interface (e.g., eth0, wlan0): ifconfig
inet (IPv4 address) or
netmask (Subnet Mask) ip a
gateway (Default Gateway)
Using Network Manager (GUI):
Open Settings and navigate to Network.
Select the network interface you are using (e.g., Wired, Wireless).
Click on the gear icon next to the connected network.
The details will be displayed in the Details tab.
 Summary of Commands
Windows: ipconfig
Mac OS: ifconfig, ipconfig getifaddr en0
Linux: ifconfig, ip a
These commands and methods will help you verify the IP
parameters on various client operating systems, ensuring
your network settings are correctly configured.
1.11 Describe wireless principles
1.11.a Nonoverlapping Wi-Fi channels
1.11.b SSID
1.11.c RF
1.11.d Encryption
Wireless Principles
Wireless Principles
1.11.a Nonoverlapping Wi-Fi Channels

Wi-Fi channels refer to the specific frequencies within the Wi-Fi

spectrum that are used to transmit data. In the 2.4 GHz band, there
are 14 channels, but only 3 of them are non-overlapping: channels 1,
6, and 11. Non-overlapping channels are important because they help
reduce interference and improve Wi-Fi performance.

2.4 GHz Band: Channels 1, 6, and 11 are commonly used because they
do not overlap, reducing the likelihood of interference from
adjacent channels.

5 GHz Band: There are many more channels available in the 5 GHz band,
with several non-overlapping channels, allowing for better performance
and less interference.
1.11.b SSID (Service Set Identifier)
The SSID is the name assigned to a Wi-Fi network. It is used to identify
and differentiate one wireless network from another. Devices use the SSID
to connect to the desired network.
Broadcast SSID: The SSID can be broadcast by the access point so that it
appears in the list of available networks on client devices.
Hidden SSID: The SSID can also be hidden, meaning it won't appear in the list
of available networks. Clients need to know the SSID in advance to connect.

1.11.c RF (Radio Frequency)

RF refers to the electromagnetic wave frequencies used for wireless
communication. Wi-Fi operates in the 2.4 GHz and 5 GHz frequency bands.
2.4 GHz Band: This band provides greater range but is more susceptible to
interference from other devices like microwaves and cordless phones. It
has fewer non-overlapping channels.
5 GHz Band: This band offers higher data rates and more non-overlapping
channels, but the range is shorter compared to the 2.4 GHz band.
1.11.d Encryption
Encryption is used to secure wireless communication by encoding data
transmitted over the airwaves, ensuring that only authorized devices
can decode and access the information.

WEP (Wired Equivalent Privacy): An older encryption method that is

considered insecure and should not be used.

WPA (Wi-Fi Protected Access): An improvement over WEP, offering

better security.
WPA2: Currently the standard for Wi-Fi security, using AES (Advanced
Encryption Standard) for strong encryption.

WPA3: The latest security protocol, offering even stronger protection

than WPA2, with improved encryption and security features.
 Summary

Nonoverlapping Wi-Fi Channels: Channels that do not

overlap reduce interference. In the 2.4 GHz band,
channels 1, 6, and 11 are non-overlapping.
SSID: The name of a Wi-Fi network. It can be broadcast or
hidden.
RF: Wi-Fi operates on RF in the 2.4 GHz and 5 GHz bands.
The 2.4 GHz band has better range but more interference,
while the 5 GHz band offers higher data rates and more non-
overlapping channels.
Encryption: Secures wireless communication. WPA2 is the
current standard, with WPA3 offering enhanced security
features.
1.12 Explain virtualization fundamentals (server
virtualization, containers, and VRFs)
 Virtualization Fundamentals

1. Server Virtualization
Concept: Server virtualization involves dividing a physical
server into multiple virtual servers, each running its own
operating system and applications. This maximizes the
utilization of physical resources and reduces costs.
Example Technologies: VMware ESXi, Microsoft Hyper-V, KVM

2. Containers
Concept: Containers are a lightweight form of virtualization
that package an application and its dependencies together.
Containers share the host OS kernel but run isolated from each
other.
Example Technologies: Docker, Kubernetes
3. Virtual Routing and Forwarding (VRFs)

Concept: VRFs allow multiple instances of a routing table to

coexist on the same router at the same time. This is used to
keep traffic separated, such as for different customers on a
shared infrastructure.

Example Technologies: Cisco IOS VRF, Juniper VRF

 Topology
Server Virtualization Topology
Physical Servers: Two physical servers (Server1 and Server2)
Hypervisors: VMware ESXi installed on each server
Virtual Machines: Multiple VMs (VM1, VM2, VM3) running different
OSes and applications on each hypervisor
 Container Topology

Host: Single physical host (Server3)

Docker: Docker Engine running on the host
Containers: Multiple containers (Container1, Container2) running
isolated applications
 VRF Topology

Router: Single physical router (Router1)

VRF Instances: Two VRF instances (VRF-A and VRF-B) on the router
Separate Routing Tables: VRF-A and VRF-B maintain separate
routing tables and forwarding paths
Explanation
Server Virtualization
Benefit: Increases hardware utilization, allows running multiple
OSes on a single physical server, provides isolation between VMs.

Usage: Consolidating servers, reducing hardware costs,

providing isolated environments for testing and development.

Containers

Benefit: Lightweight, fast to start, easy to deploy and manage,

ensures consistent environment across different stages of deployment.

Usage: Microservices architectures, application development and

deployment, CI/CD pipelines.
VRFs

Benefit: Logical separation of networks on a single physical

infrastructure, maintains multiple routing tables, enhances security
and simplifies management for multi-tenant environments.

Usage: Multi-tenant data centers, managed service providers, large

enterprise networks needing logical separation of routing domains.
Part 1: Core Features
Part 2: Management and Use Cases
1.13 Describe switching concepts

1.13.a MAC learning and aging

1.13.b Frame switching
1.13.c Frame flooding
1.13.d MAC address table
 MAC Learning and Aging

MAC Learning: Switches learn MAC addresses by examining

the source MAC address of incoming frames.
When a frame enters a switch port, the switch records the
source MAC address and the port it came from in its MAC
address table.
MAC Aging: Over time, if a switch doesn't see traffic
from a particular MAC address, it removes that address
from its table to free up space for new entries.
This process is known as MAC aging.
 Frame Switching
Frame Switching: Once a switch has learned MAC addresses, it
uses this information to make forwarding decisions.

When a frame arrives at a switch, it looks up the destination

MAC address in its MAC address table and forwards the frame
out of the appropriate port based on this lookup.

Frame Flooding

Frame Flooding: If a switch receives a frame with a destination

MAC address that is not in its MAC address table, it floods the
frame out of all ports except the port it was received on.
This ensures that the frame reaches its destination, even
if the switch doesn't know the exact port to send it to.
 MAC Address Table

MAC Address Table: This table is a database that associates MAC

addresses with the physical ports on the switch where those
addresses were last seen.

It is used by the switch to make forwarding decisions,

ensuring that frames are sent only to the port where the
destination device is connected.

These concepts are fundamental to how switches operate in

Ethernet networks, ensuring that frames are delivered to their
intended destinations efficiently and accurately.
2.0 Network Access 20%

Day 07

Content Creation by:-

Ratnesh K
CCIE x3
2.1 Configure and verify VLANs (normal range) spanning multiple
switches
2.1.a Access ports (data and voice)
2.1.b Default VLAN
2.1.c InterVLAN connectivity
2.2 Configure and verify interswitch connectivity
2.2.a Trunk ports
2.2.b 802.1Q
2.2.c Native VLAN
2.3 Configure and verify Layer 2 discovery protocols (Cisco
Discovery Protocol and LLDP)
2.4 Configure and verify (Layer 2/Layer 3) EtherChannel (LACP)
2.5 Interpret basic operations of Rapid PVST+ Spanning Tree
Protocol
2.5.a Root port, root bridge (primary/secondary), and other port names
2.5.b Port states (forwarding/blocking)
2.5.c PortFast
2.5.d Root guard, loop guard, BPDU filter, and BPDU guard
2.6 Describe Cisco Wireless Architectures and AP modes

2.7 Describe physical infrastructure connections of WLAN components

(AP, WLC, access/trunk ports, and LAG)
2.8 Describe network device management access (Telnet, SSH, HTTP,
HTTPS, console, TACACS+/RADIUS, and cloud managed)

2.9 Interpret the wireless LAN GUI configuration for client

connectivity, such as WLAN creation, security settings, QoS profiles,
and advanced settings
 Day 07

2.1 Configure and verify VLANs (normal range) spanning multiple

switches
2.1.a Access ports (data and voice)
2.1.b Default VLAN
2.1.c InterVLAN connectivity
2.2 Configure and verify interswitch connectivity
2.2.a Trunk ports
2.2.b 802.1Q
2.2.c Native VLAN
2.3 Configure and verify Layer 2 discovery protocols (Cisco
Discovery Protocol and LLDP)
2.1 Configure and verify VLANs (normal range) spanning multiple switches

Topology
sw110

1 e1
0- /2
e 1/ -3

3 e1
2- /2
/ -3
e1
e2/0-1 e2/0-1

sw101 sw102
 Objective

Configure VLANs 2000 and 2001 on all three switches and ensure
proper communication across the switches using Ethernet interfaces.
Step-by-Step Configuration
1. Configure VLANs on SW110
2. Configure VLANs on SW101
3. Configure VLANs on SW102
Verification
Verify VLAN Configuration
On SW110
SW110# show vlan brief
On SW101
SW101# show vlan brief
On SW102
SW102# show vlan brief
Verify Trunk Ports
On SW110
SW110# show interfaces trunk
On SW101
SW101# show interfaces trunk
On SW102
SW102# show interfaces trunk
Verify VLANs on Access Ports
On SW110
SW110# show interfaces status
On SW101
SW101# show interfaces status
On SW102
SW102# show interfaces status
Explanation
VLAN Configuration:
VLANs 2000 and 2001 are created and named on each switch.
Trunk ports are configured on the uplink interfaces to allow
VLAN traffic between switches.
Access ports are assigned to VLANs 2000 and 2001 for end devices.
Verification:
The show vlan brief command verifies that VLANs are created and
active.
The show interfaces trunk command verifies that trunk links are
correctly configured.
The show interfaces status command checks the status and VLAN
assignment of access ports.
2.1 Configure and verify VLANs (normal range) spanning multiple
switches
2.1.a Access ports (data and voice)
2.1.b Default VLAN
2.1.c InterVLAN connectivity
Topology
sw110

1 e1
/0- /2
e 1 -3

e1
2-3 /2
/ -3
e1
e2/0-1 e2/0-1

sw101 sw102
2.1 Configure and verify VLANs (normal range) spanning multiple switches
2.1.a Access ports (data and voice)
2.1.b Default VLAN
2.1.c InterVLAN connectivity
Updated Network Topology
VLANs
VLAN 2000 (Sales)
VLAN 2001 (Engineering)
VLAN 100 (Voice)
2.1 Configure and verify VLANs (normal range) spanning multiple switches
Step-by-Step Configuration
1. Configure VLANs on SW110
2. Configure VLANs on SW101
3. Configure VLANs on SW102
2.1.a Access Ports (Data and Voice)
Configure Access Ports for Data and Voice on SW110
Configure Access Ports for Data and Voice on SW101
Configure Access Ports for Data and Voice on SW102
 2.1.b Default VLAN
Verify and Configure Default VLAN on SW110, SW101, and SW102
By default, all ports are in VLAN 1, which is the default VLAN. If needed,
we can verify and configure it.
 2.1.c InterVLAN Connectivity
Configure InterVLAN Routing on SW110 (Assuming it is a Layer 3 Switch or Router
on a Stick)
For InterVLAN routing, you typically need a Layer 3 device. If SW110 is a Layer 3
switch or we use a router, we can configure InterVLAN routing.
Verification
Verify VLAN Configuration
SW110# show vlan brief
SW101# show vlan brief
SW102# show vlan brief
Verify Trunk Ports
SW110# show interfaces trunk
SW101# show interfaces trunk
SW102# show interfaces trunk
Verify Access Ports
SW110# show interfaces status
SW101# show interfaces status
SW102# show interfaces status
Verify InterVLAN Routing
SW110# show ip interface brief
SW110# show ip route
Ping Test for InterVLAN Connectivity
# From a device in VLAN 2000
ping 192.168.201.1
# From a device in VLAN 2001
ping 192.168.200.1
# From a device in VLAN 100
ping 192.168.200.1
ping 192.168.201.1
 Summary

2.1 Configure and verify VLANs (normal range) spanning multiple

switches: VLANs 2000 (Sales), 2001 (Engineering), and 100 (Voice)
were configured and verified on SW110, SW101, and SW102.
2.1.a Access ports (data and voice): Access ports were configured
for data VLANs (2000 and 2001) and voice VLAN (100).
2.1.b Default VLAN: Verified the default VLAN configuration.
2.1.c InterVLAN connectivity: Configured InterVLAN routing on SW110
to allow communication between VLANs 2000, 2001, and 100.
This comprehensive setup ensures VLANs span multiple switches,
proper configuration of access ports, verification of default VLANs,
and InterVLAN connectivity.
2.2 Configure and verify interswitch connectivity
2.2.a Trunk ports
2.2.b 802.1Q
2.2.c Native VLAN
 Objective
Configure trunk ports using 802.1Q encapsulation and set the native
VLAN to 100 on all switches.
Step-by-Step Configuration
2.2.a Trunk Ports
Configure Trunk Ports on SW110
Configure Trunk Ports on SW101

SW101# configure terminal

SW101(config)# interface range Ethernet0/1 - 2
SW101(config-if-range)# switchport mode trunk
SW101(config-if-range)# switchport trunk encapsulation dot1q
SW101(config-if-range)# switchport trunk native vlan 100
SW101(config-if-range)# switchport trunk allowed vlan 100,2000,2001
SW101(config-if-range)# exit

Configure Trunk Ports on SW102

SW102# configure terminal
SW102(config)# interface range Ethernet0/1 - 2
SW102(config-if-range)# switchport mode trunk
SW102(config-if-range)# switchport trunk encapsulation dot1q
SW102(config-if-range)# switchport trunk native vlan 100
SW102(config-if-range)# switchport trunk allowed vlan 100,2000,2001
SW102(config-if-range)# exit
 2.2.b 802.1Q
We have already configured 802.1Q encapsulation in the trunk port
configuration above using the command switchport trunk encapsulation dot1q.

2.2.c Native VLAN

We set the native VLAN to 100 in the trunk port configuration above using
the command switchport trunk native vlan 100.
Verification
Verify Trunk Ports
On SW110
SW110# show interfaces trunk
Expected Output:

Port Mode Encapsulation Status Native vlan

Et0/1 trunk 802.1q trunking 100
Et0/2 trunk 802.1q trunking 100
 On SW101
SW101# show interfaces trunk
Expected Output:
Port Mode Encapsulation Status Native vlan
Et0/1 trunk 802.1q trunking 100
Et0/2 trunk 802.1q trunking 100
On SW102
SW102# show interfaces trunk
Expected Output:
Port Mode Encapsulation Status Native vlan
Et0/1 trunk 802.1q trunking 100
Et0/2 trunk 802.1q trunking 100
 Verify VLAN Configuration
On SW110
SW110# show vlan brief
Expected Output:
VLAN Name Status Ports
---- -------------------------------- --------- -------------------------------

1 default active Et0/0

100 Voice active
2000 Sales active Et0/0
2001 Engineering active Et0/1
On SW101
SW101# show vlan brief
Expected Output:
---- -------------------------------- --------- -------------------------------

1 default active Et0/0

100 Voice active
2000 Sales active Et0/3
2001 Engineering active Et0/4
 On SW102
SW102# show vlan brief
Expected Output:
VLAN Name Status Ports
---- -------------------------------- --------- -------------------------------

1 default active Et0/0

100 Voice active
2000 Sales active Et0/3
2001 Engineering active Et0/4
Verify Native VLAN
On SW110
SW110# show interfaces Ethernet0/1 switchport
Expected Output:
Name: Et0/1
Switchport: Enabled
Administrative Mode: trunk
Operational Mode: trunk
Encapsulation: dot1q
Native VLAN: 100
 On SW101
SW101# show interfaces Ethernet0/1 switchport
Expected Output:
Name: Et0/1
Switchport: Enabled
Administrative Mode: trunk
Operational Mode: trunk
Encapsulation: dot1q
Native VLAN: 100
On SW102
SW102# show interfaces Ethernet0/1 switchport
Expected Output:
Name: Et0/1
Switchport: Enabled
Administrative Mode: trunk
Operational Mode: trunk
Encapsulation: dot1q
Native VLAN: 100
 Summary

2.2.a Trunk Ports:

Configured Ethernet0/1 and Ethernet0/2 as trunk ports on SW110,

SW101, and SW102.

2.2.b 802.1Q:

Configured 802.1Q encapsulation on all trunk ports using the command

switchport trunk encapsulation dot1q.

2.2.c Native VLAN:

Set the native VLAN to 100 on all trunk ports using the command
switchport trunk native vlan 100.
2.3 Configure and verify Layer 2 discovery protocols (Cisco
Discovery Protocol and LLDP)
 Layer 2 Protocols

Layer 2 protocols play a crucial role in the functioning and management of switches
within a network. Here, we will cover the following protocols:
CDP and LLDP
Cisco Discovery Protocol (CDP) and Link Layer Discovery Protocol (LLDP) are network
discovery protocols used to share information about directly connected devices.
CDP (Cisco Discovery Protocol)
CDP is a Cisco proprietary protocol used to discover and share information about
other Cisco devices connected to the same network.

Enabling CDP:
conf t
cdp run

Disabling CDP:

conf t
no cdp run
 Enabling CDP on an Interface:

conf t
interface <interface-id>
cdp enable

Disabling CDP on an Interface:

conf t
interface <interface-id>
no cdp enable

Viewing CDP Information:

show cdp neighbors

This command shows information about directly connected Cisco devices.

 Detailed CDP Information:
show cdp neighbors detail

This command provides detailed information about each neighbor, including

device ID, IP address, platform, and capabilities.

LLDP (Link Layer Discovery Protocol)

LLDP is a vendor-neutral protocol used for network discovery, similar to CDP
but supported by a wide range of network equipment vendors.

Enabling LLDP:
conf t
lldp run

Disabling LLDP:

conf t
no lldp run
 Enabling LLDP on an Interface:
conf t
interface <interface-id>
lldp transmit
lldp receive
Disabling LLDP on an Interface:
conf t
interface <interface-id>
no lldp transmit
no lldp receive

Viewing LLDP Information:

show lldp neighbors

This command shows information about directly connected devices.

 Detailed LLDP Information:
show lldp neighbors detail
This command provides detailed information about each neighbor,
similar to the show cdp neighbors detail command.
 Day 08
2.4 Configure and verify (Layer 2/Layer 3) EtherChannel (LACP)

2.5 Interpret basic operations of Rapid PVST+ Spanning Tree Protocol

2.5.a Root port, root bridge (primary/secondary), and
other port names
2.5.b Port states (forwarding/blocking)
2.5.c PortFast
2.5.d Root guard, loop guard, BPDU filter, and BPDU guard
2.4 Configure and verify (Layer 2/Layer 3) EtherChannel (LACP)
 EtherChannel

EtherChannel is a port link aggregation technology used to combine

multiple physical links into a single logical link to increase
bandwidth and provide redundancy.
LACP and Static
LACP (Link Aggregation Control Protocol):

LACP is a dynamic protocol defined by IEEE 802.3ad that

automatically negotiates the formation of an EtherChannel.
Configuring EtherChannel with LACP:

conf t
interface range <interface-id-range>
channel-group <group-number> mode active
 Example:
conf t
interface range GigabitEthernet0/1 - 2
channel-group 1 mode active

This command configures interfaces GigabitEthernet0/1 and

GigabitEthernet0/2 to form an EtherChannel group 1 in active mode.

Modes:

active: Actively tries to form an EtherChannel.

passive: Forms an EtherChannel if the other end is active.
 Static (Manual) EtherChannel:

Static EtherChannel is configured manually without using a protocol

like LACP.
Configuring Static EtherChannel:

conf t
interface range <interface-id-range>
channel-group <group-number> mode on

Example:
conf t
interface range GigabitEthernet0/1 - 2
channel-group 1 mode on

This command configures interfaces GigabitEthernet0/1 and

GigabitEthernet0/2 to form an EtherChannel group 1 statically.
 Layer 2 and Layer 3
Layer 2 EtherChannel:

Layer 2 EtherChannel is used to aggregate multiple switch ports to another switch,

creating a single logical connection.
Configuring Layer 2 EtherChannel:
conf t
Topology
interface Port-channel <number>
sw110
switchport e0/0 0
e0/
switchport mode trunk -1 e1
0 /2
1/
switchport trunk allowed vlan <vlan-list> e -3

Example: 10 20
3 e1
conf t e 1/
2- /2
- 3

interface Port-channel 1 e2/0-1 e2/0-1

switchport sw101 sw102

switchport mode trunk
switchport trunk allowed vlan 10,20,30
This command configures Port-channel 1 as a Layer 2 trunk carrying VLANs 10, 20, and 30.
 Layer 3 EtherChannel:
Layer 3 EtherChannel aggregates multiple routed ports, allowing for
routing between different subnets.
Configuring Layer 3 EtherChannel:
conf t
interface Port-channel <number>
no switchport
ip address <ip-address> <subnet-mask>
Example:
conf t
interface Port-channel 1
no switchport
ip address 192.168.1.1 255.255.255.0
This command configures Port-channel 1 as a Layer 3 interface with
the specified IP address.
2.5 Interpret basic operations of Rapid PVST+ Spanning Tree Protocol

2.5.a Root port, root bridge (primary/secondary), and other port

names

2.5.b Port states (forwarding/blocking)

2.5.c PortFast
2.5.d Root guard, loop guard, BPDU filter, and BPDU guard
 Spanning Tree Protocol

Spanning Tree Protocol (STP) is used to prevent loops in network

topologies by creating a loop-free logical topology. Below, we cover
different STP variants and related configurations.

PVST+, Rapid PVST+, MST

PVST+ (Per-VLAN Spanning Tree Plus):

PVST+ is a Cisco proprietary protocol that runs a separate instance

of STP for each VLAN. This allows for VLAN-specific optimizations
and load balancing.
Enabling PVST+:

conf t
spanning-tree mode pvst
 Rapid PVST+ (Rapid Per-VLAN Spanning Tree Plus):

Rapid PVST+ is an enhancement of PVST+ that uses RSTP (Rapid

Spanning Tree Protocol, IEEE 802.1w) for faster convergence.

Topology
sw110
e0/0 0
e0/
Enabling Rapid PVST+: -1 e1
1 /0 /2
e -3

conf t 10
1
20
2

spanning-tree mode rapid-pvst /2

-3
e1
/2
-3
e1
e2/0-1 10 e2/0-1
3
sw101 sw102
2.5.a Root Port, Root Bridge (Primary/Secondary), and Other Port Names

Root Bridge
The root bridge is the logical center of the Spanning Tree topology. It is the
bridge with the lowest bridge ID (priority + MAC address). All path
calculations are based on the root bridge.

Root Port
The root port is the port on a non-root switch that has the lowest cost
path to the root bridge. Each non-root switch has one root port.

Designated Port
The designated port is the port on each segment that has the lowest path
cost to the root bridge. This port is responsible for forwarding frames
towards the root bridge.
Alternate Port
The alternate port is a backup to the root port and provides an alternate
path to the root bridge in case the root port fails.
Example:
Assume SW110 is the root bridge. Here is how ports might be
designated:

SW110:
All ports are designated ports since it is the root bridge.

SW101:
The port connected to SW110 is the root port.
The port connected to SW102 is either designated or alternate
depending on path cost.

SW102:

The port connected to SW110 is the root port.

The port connected to SW101 is either designated or alternate
depending on path cost.
 2.5.b Port States (Forwarding/Blocking)
Port States in RSTP:
Discarding: The port does not forward frames, learn MAC
addresses, or process BPDUs (equivalent to blocking and
listening states in traditional STP).

Learning: The port does not forward frames but can learn MAC
addresses and process BPDUs.
Forwarding: The port forwards frames, learns MAC addresses,
and processes BPDUs.

Forwarding: The port is actively forwarding traffic.

Blocking: The port is not forwarding traffic to prevent loops
 2.5.c PortFast

PortFast is a Cisco feature that allows ports to

immediately transition to the forwarding state, bypassing
the usual listening and learning states. It is typically
used on ports connected to end devices to speed up network
convergence.

SW110# configure terminal

SW110(config)# interface Ethernet0/0
SW110(config-if)# spanning-tree portfast
SW110(config-if)# end
Part 1: Root Bridge, Ports, and Port States
Root Guard
Root Guard prevents a port from becoming a root port if a superior BPDU
is received. It places the port in a root-inconsistent state, preventing
it from affecting the root bridge election process.
SW110# configure terminal
SW110(config)# interface Ethernet0/1
SW110(config-if)# spanning-tree guard root
SW110(config-if)# end

Loop Guard

Loop Guard prevents an alternate or root port from transitioning to

the forwarding state if BPDUs are not received. It helps prevent
temporary loops during network reconvergence.
SW110# configure terminal
SW110(config)# interface Ethernet0/2
SW110(config-if)# spanning-tree guard loop
SW110(config-if)# end
BPDU Filter
BPDU Filter prevents sending or receiving BPDUs on a port. It can be
useful on ports connected to end devices where STP should not run.
SW110# configure terminal
SW110(config)# interface Ethernet0/3
SW110(config-if)# spanning-tree bpdufilter enable
SW110(config-if)# end

BPDU Guard
BPDU Guard disables the port if a BPDU is received. It is typically
used on ports configured with PortFast to prevent topology loops.
SW110# configure terminal
SW110(config)# interface Ethernet0/4
SW110(config-if)# spanning-tree bpduguard enable
SW110(config-if)# end
Part 2: PortFast, Root Guard, Loop Guard, BPDU Filter, and BPDU Guard
 Explanation

Root Bridge, Root Port, Designated Port, Alternate Port: These are
roles and selections made by the Spanning Tree Protocol to prevent
loops and ensure a loop-free topology.

Port States (Forwarding/Blocking): RSTP port states ensure proper

transition and forwarding/blocking of traffic to maintain network
stability.

PortFast: Optimizes network convergence by allowing immediate

transition to the forwarding state, ideal for end devices.

Root Guard, Loop Guard, BPDU Filter, and BPDU Guard: These features
provide additional protection and stability to the network by
preventing unintended changes to the topology and ensuring
consistent BPDU handling.
 Day 09

2.6 Describe Cisco Wireless Architectures and AP modes

2.7 Describe physical infrastructure connections of WLAN
components (AP, WLC, access/trunk ports, and LAG)
2.8 Describe network device management access (Telnet, SSH,
HTTP, HTTPS, console, TACACS+/RADIUS, and cloud managed)
2.9 Interpret the wireless LAN GUI configuration for client
connectivity, such as WLAN creation, security settings, QoS
profiles, and advanced settings
2.6 Describe Cisco Wireless Architectures and AP modes
Wireless Architectures
Centralized:
APs connect to a central WLC.
Benefits include centralized management, security, and seamless roaming.
FlexConnect:
APs can switch traffic locally while maintaining communication with the WLC.
Useful for remote offices with intermittent WAN connections.
Distributed:
APs operate autonomously.
Cost-effective for smaller deployments and avoids single points of failure.
Cloud-based:
APs managed through a cloud controller.
Offers simplified deployment and remote management.
Converged Access:
Integrates wired and wireless networks.
Provides unified policy and management.