Switch Operations

Duplex
o Simplex
 Only one device transmit data and other is only receiver
o Half Duplex
 Two way communication, but only one device can send and receive data at a
time
o Full Duplex 
 2 way communication in which both device can send or receive at same time
 On Switchport,
o Auto
 This is enabled by default
o Half Duplex
o Full Duplex
o Switch(config-if)#duplex auto/half/full
o
Speed
o Auto 
 This is negotiate with other device
 10 mbps ( ethernet)
 100 mbps (fast ethernet)
 1000 mbps ( giga)
 They are sending electrical signal with maximum speed
 If device are using same speed link then they support maximum speed only but
if devices are belong to different speed they will negotiate according to the
lowest speed on that link.

o Switch(Config-if)#speed 10/100/1000/auto

How to configure multiple interface with single command

o Int range fa1/0/1 -20 ( including those interface 1,2,3,4,5,6,7,8,9,10)

o Int range fa1/0/1 , fa1/0/4 , fa1/0/7 , fa1/0/9-10

If you want to remove configuration from interface

o Default interface range fa1/0/1 -10

 Define interface-range MGMT fa1/0/1 , fa1/0/5 , fa1/0/10 , fa1/0/15

  Interface range macro MGMT
o Switchport access vlan 20
o Switchport host

Switch

 It is a layer 2 device.
 It is full duplex device.
 Forward data on the basis of MAC address information
 Maintain a MAC table
 It can perform unicast and broadcast
 It working is depend on ASIC Chips (Application specific Integrated circuit)
 Per port collision and One broadcast domain
 It is a transparent Device
o End Users are not aware about the presence of switch.
o Switch never makes any changes in the data.
 Switch first time do broadcast and after that always perform unicasting.
 It is also known as Plug and play device (P to P).

Switching
 It is process in which data will be transmit from source to destination is called switching.

Types of Switch

 Ethernet switch(Mac address)

 Frame relay switch
 ATM Switch

Ethernet switch
 L2 switch
 L3 switch
 Multilayer switch
Types of layer 2 switching

 Data will be switch from source to destination on the basis of layer 2 switching.
 2950 and 2960 catalyst

Layer 3 switch

 Data will be switch from source to destination on the basis of layer2 and layer 3 addresses.
 3550 , 3560 , 3750 , 3850

Multilayer Switch

 Data will be switch from source to destination on the basis of layer 3 and layer 4 addresses.
 They can also check TCP and UDP header for data forwarding.
 4500 , 6500 , 9000

MAC ADDRESS

 48 bits physical device/NIC address

 Is denoted by hexadecimal from
 1 digit = 4bit
 1 MAC ADD= 12 digit
 12 digit = 12x4 = 48 bits
 Window 
o hyphen  aa-aa-aa-bb-bb-bb
 Cisco
o dots  aaaa.aabb.bbbb
 Linux
o colonsaa:aa:aa:bb:bb:bb
 First 24 bits = OUI (Organisational Unique Identifier)
 To which organisation this first 24 bits is assigned
 Assigned by IEEE
 Last 24 bits = Vendor specified (NIC card)
 7th bit (2nd digit)
 In mac add = U (Universal)/ L(Local)
 7th bit 0 = vendor assigned (unspoofed)
 7th bit 1=locally administered (Spoofed)
 8th bit = I (Individual)/ G(Group)
 8th bit 0= mac is individual (unicast)
 8th bit 1 = mac in group (broadcast / multicast)
  This is a 6-Byte field which contains the MAC address of source machine. As
Source Address is always an individual address (Unicast), the least significant
bit of first byte is always 0.

Base mac address

 Each switch has unique base mac address
 It cannot be changed
 The switch will assign mac addresses to interface using base mac address.

Operations of a switch L2 / L3

 Learn source mac address from frame on receiving interface.

 Forward data using destination mac after looking in mac address table
 Prevent loop in layer 2 network using STP.
 Provide security-port security , Port ACL , Vlan Acl

Process of layer 2 switching /Switch function

 Address learning
 Forwarding
 Filtering
 Loop avoidance
How switch learn Mac address

1) Dynamic Entries
a. Switch can learn mac address automatically of devices in its cam table.

2) Static Entries
a. We can manually enter the mac address of devices in cam table we can
generate cam table manually to stop unknown unicast broadcasting.
 Switch#show mac-address-table dynamic
 Switch#show mac-address-table interface fa1/ 0/1
 Switch#show mac-address-table address 0018.18ba.3b60
 Switch#show mac-address-table static
 Switch#show mac-address-table
 Switch# Clear mac-address-table dynamic

How to Generate Mac address table statically

 Sw(config)#mac-address-table static 0009.7CEA.7B28 vlan 1 interface fa0/1

 Sw(config)#mac-address-table static 0009.7CEA.7B28 Drop
 Mac Address Aging time by default (300 sec )
o only work for dynamic entries
 Static entries 
o aging time = 0 sec (permanent)
 Aging time
o Global  For all entries in all vlan
o Vlan  for particular vlan
 You can disable mac aging-time by configuring it to 0 ( it is never recommended to
disable mac aging time)
 Two machines can have identical mac address if they are connected in different
broadcast domain.

 (Config)#mac address-table aging-time <time in sec > (global aging time)

 (Config)#mac address-table aging-time <time in sec > Vlan <Vlan id> (vlan aging time)
 What is the need of creating static entries?
o TO reduce scope of unknown unicast flooding

 Highest limit of mac-address entries?

 o Switch#show mac address-table count
 Can we increase space for mac address table?
o Yes , we can change it (SDM) Switch Database Manager
o Used to optimize the use of physical resource on a switch
o Sw1#show sdm prefer
o Desktop default >> layer 2 & layer 3 forwarding is supported
o Sw1 (config) #sdm prefer vlan  you cannot configure routing on MLS in this
template.
o SW1(config)#sdm prefer routing Mac address space will be
decrease ...layer 2 & layer 3 both
o Switch(config)#sdm prefer dual-ipv4-and-ipv6 default

Addressing Learning

 Whenever a switch receives any frame, it learns the mac add from source mac
address field in ethernet header.
 Mac address will be learned and stores in a table called Mac-address table.

Switch memories

 CAM (Content addressable Memory) MAC Address in the form of MAC table
 TCAM(Ternary Content addressable Memory)
o Security ACL
o QOS ACL’s

Forwarding:-

 A switch forwards a frame on the basis of destination mac in ethernet header.

 Source mac address – Will always be unicast
 Destination mac address 
o Unicast
o Multicast
o Broadcast
  Unicast If destination address is unicast, and switch has the entry for that mac, then
switch will forward the frame only to that particular Port.

 Unknown Unicast Flooding If destination mac address is unicast and switch does
not have the entry for the mac, then switch will copy and forward frame according to number
of active ports excepts the port on which frame was received.

 How to prevent unknown unicast flooding?

o Increase mac address aging timer
o Static mac address entry

 What happen if mac aging timer is infinity?

o If timer is infinity then mac address table will be full after a timer,
then switch is not able to learn new mac address so switch forward
those frame without learn mac address then again unknown unicast
flooding start in network .
 What is problem with static mac address entry?
o If mac is binded with wrong interface then host is not able to
communicate with anyone in network.
 Multicast
o Routing / protocols
o Switch always floods out multicast traffic.
o Any device that sends multicast traffic is attaching multicast mac in destination
mac address field which switch never get to learn.
 Can be enable multicasting on a switch?
o Yes ( you have to configure IGMP snooping)

 Broadcast  when destination mac is broadcast then switch will copy the frame
according to the number of active ports and then frame will be forwarded to those ports
 Switch will never forward the frames on those port on which it was received.

Any end devices keep the Arp entry in its table for 4 hr.

Ques: - Difference between broadcasting and flooding?

 Broadcasting  when the frame is intensely sent as broadcast
 Flooding when the frame is unintensely sent as broadcast but unicast.
  Keepalive  After every 10 sec Router send Keepalive toward Router to inform that
router is live. It is layer 2 protocols /Msg.
 Show Interface fastethernet 0/0
 R1 (Config) #Interface fastethernet 0/0
 R1 (Config-if) #no keepalive

How to give Description to any Port

o Switch(Config-if)description ‘this port is connected to R1’

o Show interface fa0/1

How to recover any port from error disable

o Sw1(config-if)#error disable recovery cause all

o Sw1(config-if)#error disable recovery interval 60

Rack Access
 Topology
o Router
 4 Router (1800 , 2600)
o Switch (MLS)
 4 Switch (3550 , 3750)
CDP (Cisco Discovery Protocols)
o It is a layer 2 device
o Will encapsulate in Ethernet Header.
o Cisco Proprietary Protocols
 Can only run on cisco devices.
o By default
o To identify Physical topology
o To convert physical topology into logical topology
o Cdp Packet à these packets are advertised through each and every link
between the devices.
o SMACàint Mac add
o DMAC à Multicast add à0100.0ccc.cccc
o Cisco ID à 0100.0C à 24 bits
o CDP , DTP ,VTP,UDLD,PAGP àCC.CCCC – LAST 24 bits
 Timers à
o hello à 60 sec
o Hold à 180 sec
 show cdp entry *

LLDP (Link Layer discovery Protocols)

 Open Standard
 Only cisco catalyst 3750 switch supports it.
 Encapsulates in ethernet header.
 S Mac int mac
 D Mac  0180.C200.000e
 Timer
o Hello 30 sec
o Hold 120 sec
 Capability
o Bridge (like Switch)
o Routing
 LLDP Packets are Periodic as well as Triggered.
 SW1(config-if)#no lldp transmit
 SW1(config-if)#no lldp receive
Why we are using VLANS

 To reduce scope of broadcast domain

 Security

VLAN (Virtual Local Area Network)

 It is used to break one broadcast at layer 2.
  Logically divide one broadcast domain into multiple broadcast domains.
 It means one vlan define one broadcast domain.
 Vlans are used for switch virtualization. By configuring Vlans, you can create multiple
virtual switches out of a physical switch.
 Represent in decimal form
 Vlan id = 12 bits = 2^12= 4096 (0-4095)
 0 and 4095 reserved

Normal Vlans / Standard Vlans

 Use in Enterprise Network

 Range (1-1005)
 Usable Vlans = in which user can be assigned.
o 1-1001
 Unused Vlans = Parents Vlans
o 1002FDDI
o 1003Token Ring
o 1004FDDI-Net
o 1005Token Ring-Net
o For backward Compatibity
 Default Vlan = Vlan 1
o By default, all ports are members of vlan 1
o This vlan cannot be deleted , modified(rename)
 One vlan = One broadcast Domain.
 All Vlans database are stored in flash memory in the name of “Vlan.dat” in flash
memory.
 Vlanmtu by default =1500 bytes

Vlan states

 Active (Default)
o Data forwarding can be done for that vlan.
 Shutdown
o Will stop data forwarding for a vlan on a local switch.
  Suspend
o Will stop forwarding for a vlan in entire VTP domain.
o Switch(config-vlan)#state suspend
 Inactive
o Any ports assigned into a vlan but that vlan is not available in vlan database.
o Switch#show interfaces fa1/0/1 switchport ( to check inactive )

How to create Vlan

 Switch(Config)#Vlan 10
 Switch(Config-vlan)#name sales
 Switch# Show vlan brief
 Switch(Config)#no Vlan 10( delete vlan )

How to assign port to any vlan

 Static vlan assignment:

 Switch(Config-if)Switchport access vlan 10
 Switch #Show vlan brief
 Switch #Show vlan id 10
 Switch#show interface fastethernet 1/0/1 switchport

Vlan design Implementation

1) Local Vlans
a. Ports of a vlan which are available on one switch only.
2) End to End Vlans
a. Ports of a vlan which are available on two or more switches.

Extended Vlans
o Use In ISP Networks
o Range ( 1006-4094)
  No Switchport
o To make Layer 2 port into Layer 3 port on switch

Vlan allocation Policy

o In order to make any Port on Layer 3, the switch automatically assigns that port
into one extended range of vlan
o If any extended vlan is available in local vlan database then next available
extended vlan will be assigned to the port to separate it from other broadcast
domain.
o Ascending (Default)  Start from 1006
o Descending start from 4094

Switchport
 Ports which transmit data on the basis of layer 2 address are called
Switchport.
 By default all interfaces of a switch are operating in layer 2 mode known
as Switchports
 There are 2 types of Switchport.
o Access Port
 Access Port is a member of one vlan.
 It is transmit only one vlan traffic.
o Trunk Port
 Trunk Ports are members of all Vlans.
 It can transmit multiple vlan traffic at the same time.
 Tag can be transmitted only a single collision domain and that too
over trunk link only.
 Retagging
o In order to perform retagging on transitory switches (switch which receives
tag on one port and needs to forward on another trunk port), that switch
must have that vlan in vlan table.
 All transitory switches should have Vlans available for retagging no matter that
switch has any access port for that vlan or not.
Tag / Frame encapsulation

ISL (Inter Switch Link) Dot1q (802.1q)

1) Cisco Proprietary Open Standard(IEEE)
2) External Tagging Internal Tagging
3) ISL tag Dot tag 4 byte
 Header 26 bytes
 Trailer 4 bytes
Total 30 byte data
4) By default on every cisco Always support on open vendor
switches(L3) ISL is devices as well as cisco
supported
5) Max frame size= 1522 Max packet size =1500 bytes
Packet size = 1500 bytes + 18 bytes (ethernet
+18 bytes Header)
+30 bytes + 4 bytes Dot1q
=1548 bytes (Giants) 1522 bytes
Dot1q header 4 bytes
Max frame size = 1522  2 bytesTPID (tag Protocols
- 30 bytes ID)
- 18 bytes o Always dot1q (0x8100)
- 1474 bytes  2 bytesTCI(Tag Control
(Mtu) Information)16 bits
 12 bits(vlan id)
6)It does not Support o 4 bits
native vlan  3bits(Priority)COS
o For native Vlan tag  Class of service
will be attached  To provide QOS at
layer 2
 1 bit (CFI)( Canonical
Format Indicator )
 It support native vlan
Native Vlan

 It is used to send frames over the trunk link on untagged.

 To send untagged traffic for that vlan this has max number of users.
 To reduce CPU/BW utilization.
 One trunk port can have only one native vlan configured.
 One trunk link should same native vlan.
o CDP is used to carry NV Vlan information; if NV is mismatched then it will only
give you a log but will not block the traffic.
o STP (BPDU) also carries NV information; if NV is mismatched then it will block the
traffic completely.
 Vlan which you configured should be present in vlan table.
 If CDP is disabled, native vlan mismatch cannot be detected.
 Physical Interface of router does not support tag.
 How to create native vlan on trunk
 Switch(config-if)switchport trunk native vlan 2

Inter-vlan routing
 Routers or layer 3 switches are used for intercommunication between the different
VLANs. The process of intercommunication of the different Vlans is known as Inter
Vlan Routing (IVR).
 There are two types of IVR
o Traditional Router
o Router on Stick
o Switch Virtual Interfaces (SVI)

Router on stick
 o When the Inter vlan routing is done through Router then it is known
as Router on Stick
o The Router’s Interface is divided into sub-interface , which acts as a
default gateway to their respective Vlans
o Here encapsulation type dot 1 q is used for frame tagging between
the different Vlans, which the switch forward packet of one vlan into
another vlan, it inserts a vlan into ethernet header.

(Switch Virtual Interface)SVI

 SVI is a logical Interface on a multilayer switch that provides layer 3 processing for packets to all
switchport associated with that vlan.
 A single SVI can be created for a vlan
 SVI on layer 3 switches provides both management and routing services while SVI on layer 2
switch provides only management services like Vlan or telnet/ssh services

DTP (Dynamic Trunking Protocols)

 Negotiation Protocols
 Between the switches DTP will help to form trunk automatically
 DTP is cisco Proprietary Protocols
 It is layer 2 Protocols
 Negotiation of encapsulation type
o Dot1q
o ISL
 DTP sends packet periodically every 30 sec
o To form trunk and maintain it
o #show DTP
 Hold timer= 300 sec
 Multicast MAC Address 0100.0CCC.CCCC
 It is used to create trunk Port and Access Port Dynamically
 By default DTP is enabled on all cisco switches.
 In order to run DTP, ports should be configured as dynamic access.
 If ports are configured as static access then DTP will be turned off automatically.
 Modes of DTP
o Dynamic Auto(DA)
  2960,3750 , 3850 and aboveby default
 This mode waits for initiator, who from trunk with it otherwise it will
become access.
o Dynamic Desirable(DD)
 2950 , 3550by default
 This mode from trunk unconditionally , it will negotiate to form trunk
 Administrative Mode
o Mode which you have configured through command
 Static Access
 Static Trunk
 Dynamic Auto
 Dynamic Desirable
 Down
 Operational Mode
o Mode which is running
 Trunk
 Access
 Down

Trunk encapsulation Protocol mode

o Administrative encapsulation mode

 Encapsulation which you have configured through command
 Dot 1 q
 ISL
 Negotiate (BY default)
o Operational encapsulation Mode
 Encapsulation which is running
 Dot 1 q
 ISL
 Native
o Old switches ISL
o New switches DOT 1 q
 Case 1
o Dynamic Auto --------Dynamic Auto
o No trunk
o Switches are not able to negotiate the type of encapsulation they should run.
o Administrative Mode: dynamic auto
 o Operational Mode: static access
o Administrative Trunking Encapsulation: negotiate
o Operational Trunking Encapsulation: native
 Case 2
o Dynamic Auto -------Dynamic Desirable
o Trunk
o When encapsulation is set as default on Dynamic desirable switch.
o SW1
 Administrative Mode: dynamic auto
 Operational Mode: trunk
 Administrative Trunking Encapsulation: negotiate
 Operational Trunking Encapsulation: isl
 SW2
o Administrative Mode: dynamic desirable
o Operational Mode: trunk
o Administrative Trunking Encapsulation: negotiate
o Operational Trunking Encapsulation: isl
 Case 3
o Dynamic Auto-----Dynamic Desirable (with encapsulation)
o When encapsulation is manually set as Dot1q/ISL
o Trunk
 Case 4
o Static ------Dynamic Desirable / Dynamic Auto
o It is compulsory to assign manual encapsulation on static Trunk Port
o Negotiation of Trunking
 Manual Trunk ON(default)

 Case 5
o Non cisco (Static)--------DA/DD
o No trunk
 Case 6
o Static Trunk -----Static Trunk
o Trunk will be form
o We can turn off the negotiation.
 Case 7
o Router --------Trunk(Cisco)
 o DA/DD both expects DTP message in return which they will never get from
router.
o No trunk
o It is recommend to configuration manual trunk always towards router
o We should turn off the negotiation.
 How to create manual access port or trunk Port
o Switch(Config-if)#switchport mode access
o Switch(Config-if)#switchport mode trunk
o Sw1#show interface fastethernet 1/0/1 switchport
o #show interface trunk
o Switch#show interface fastethernet fa0/1 trunk
 How to create dynamic access port or trunk Port
o Sw1(config-if)#switchport mode dynamic desirable
o Switch(Config-if)#switchport mode dynamic auto
 How to disable DTP
o Switch(config-if)#switchport mode access
o Switch(config-if)#switchport mode dynamic auto
 Note If we create manual access port , DTP will get disable
 How to change encapsulation type
o Switch(config-if)#switchport trunk encapsulation dot1q/ISL

VTP (VLAN TRUNKING PROTOCOLS)

o It is cisco Proprietary Protocols.
o To ease the administration of Vlans.
o We can create vlan on one switch and it will propagate among other switches.
o It works in layer 2 protocols.
o Centralized vlan management.
o By default VTP is enabled on all cisco switches.
o It uses multicast MAC address 0100.0CCC.CCCC

VTP Requirements

1. Trunk between switches.

i. Vtp domain name is include in DTP message
 ii. DTP Trunking cannot be done between two switches with different
vtp domain name.
2. VTP mode
3. VTP version 1 &2
4. VTP password(Optional)
5. VTP domain name must match
a. Domain name must be configured , by default domain name is Null (Nothing)
i. Domain – Group of device in Single administration.
6. VLANS

VLANS + VTP database

a. Vlan.dat file = Flash memory

b. For server and client
 Centralized vlan database management
 By default all switches are allowed to change vlan configuration.

VTP Modes

1. Server Mode
2. Client Mode
3. Transparent Mode

Server Mode

1. We can Create, delete, Modify (rename) Vlans.

2. It is default mode of vtp on most of series of switches.
3. In this mode vtp can generate vtp update.
4. It works as a relay agent
5. It support on normal range/ Standard VLAN of vlan in version 1 and version 2
( 1 to 1000)
6. VTP server advertise their vlan configuration to other switches in the same
vtp domain and synchronize
7. We can create extended vlan of Vlans ( 1006 to 4094) in version 3
8. It store its vlan database into flash memory in vlan.dat file
9. Switch1(config)#VTP mode Server
Client Mode

1. We cannot create, delete, Modify Vlans.

2. It also stores vlan information in its vlan.dat file.
3. It supports only normal range of vlan.
4. It also works as relay agent.
5. It can receive vlan information from server mode switch.
6. Switch1(config)#VTP mode Client

Transparent Mode

1. We can create, delete, and modify its own Vlans.

2. It is also default mode in some platform of switches.
3. We can create normal range of vlan as well as extended range of Vlans.
4. It is also called stand alone switch.
5. CR number always set 0 in transparent mode switch.
6. It cannot generate VTP updates.
7. It can receive Vlan update and relay that update to the next switch without
updating itself.
8. It doesn’t update its own vlan database based on received VTP updates from
its neighbour switch.
9. It doesn’t forward its own vlan information to any other switch
10. It doesn’t need password
11. It store vlan information in its vlan.dat file and also in running-config.
12. Transparent mode will use on company to secure server.
 VTP by default enabled on all cisco switches
1. If you want to turn off VTP
2. 4th mode  VTP Mode OFF

CR (Configuration Revision Number)

 It is 32 bits
 This number is always represented in decimal.
 By default C.R number is 0.
 It is used to notify whether the summary adv/Update is a latest one or an old
one.
  Every switch update its self from a higher CR number, if any switch receive
update with lower CR number it will discard.
 Whenever you create, delete or modify any vlan CR will increment by 1
 In transparent Mode CR is always is 0.

How to reset CR

1) Change mode into transparent.

2) Change client domain name.

Type of VTP message/Update

o In order to advertise Vlans from one switch to another these are

three message
 Summary advertisement  Periodic  5 min
 Subset Advertisement Trigged Only
 Advertisement Request.
 Join
1. Summary Advertisement
 VTP server generate summary advertisement msg in every 300 sec.
 If there is change in vtp it will sent triggered (immediately)
 It check only C.R Number
 It carries Management domain Name, CR number, MD5 digest hash
code, version, followers and updater Id.
 It is periodic as well as triggered. It does not carry the vlan
information.
 Version field tells which version is in use.
 Type field indicates which message of VTP is it, summary
advertisement or subset advertisement.
 Followers tell how many subset advertisements to be followed by
this summary advertisement.
 Management domain name is the name assigned to the vtp domain.
 CR Number tells whether the update is latest or not.
 Updater-id tells the Id of the server that has recently updated the CR.
  Updater-time-stamp tells the time at which time the server updated
the vlan database.
 MD5 digest hash code checks mismatch based on CR number,
domain name and domain password.

2. Subset Advertisement
 It contain actual information of vlan
 It will generate when vlan changes will occur in the response of
subset req.
 Triggered when any change will occur.
 It carries version, type, subset sequence number, management domain
name, CR number and vlan information.
 The size of the subset header is 40 bytes. 20 bytes are hidden which is
for accommodating vlan information.
 Subset header size = 20 + 40 = 60 bytes.
 MTU = 1500 bytes
 1500 – 60 = 1440 (vlan info)
 1 vlan info = 20 bytes
 1 subset consists of = 1440/20 = 72 vlan information.
 Followers: how many subsets can be advertised within a single summary
advertisement?
  Number of subsets
 1005 /72 = 14 subsets.

3. Advertisement Request
a. This is used to get update from server switch if client or server
missed any update in vtp.
b. It is used when a new switch is added into the vtp domain. Only the
client can generate an advertisement request.
 c. In reply to the advertisement request the switch either client or
server forwards the summary and subset advertisement.
d. Switch# debug Sw-vlan vtp ( for Debug VTP )

MD5 digest
A. It is use to secure a vtp domain.
B. It is shared in summary advertisement.
C. This digest value is used to authenticate vtp information btw switch
1. VTP domain name
2. CR number
3. Vtp password (optional)
D. If domain name is null, then switch never start sending vtp msg.
E. If you change domain name (null to ccna) then it will not increase CR
value.
F. Switch will only calculate MD5 digest value
 When you manually configure domain name.
 When there is change in CR number.
 If there is password
 Not automatically
 Vtp version
G. After 5 min there is 2nd summary advertisement packet
H. Show vtp status | in MD5|ox
I. SHOW VTP Counters
J. Clear vtp Counters
K. VTP password cisco@123
1. Press ctrl + v
2. Release keys
3. Shift + question mark?

 If multiple vtp server are exist in vtp domain, how to get know which server
update vtp database.
  Updater Identifier :- Its a 32 bits length value in dotted decimal (it’s an ip address of
switch SVI Interface)
 Updater id is always elected lowest SVI interface number
 Int vlan 10
 Ip address 10.10.10.10
 SW1(config)#vtp interface Vlan10

VTP Synchronization

 When a higher CR number client update the VTP domain with its database.
 This happens when the new added switch (client) as a higher CR Number
than the server; so it will start updating the client and the client will
further update the server too.

VTP Pruning

 We can allow or not allow Vlans on trunk port.

 Pruning (filtering)
 Static /manually
 Dynamicsupport in VTP
 What is problem if all Vlans are allowed in trunk port?
 Multicast, broadcast, unknown unicast flooding data is received by switch.
 To limit unwanted broadcast to be transmitted over trunk link
 Unwanted traffic
 CPU utilization
 Link utilization

How to allow vlan list on trunk

 Switch(config-if)#switchport trunk allowed vlan all/none/add/remove

Prune filter

 Vlans allowed on trunk

  How many Vlans which are allowed to forward the traffic.
 No matter whether those Vlans available in database or not.
 By default  all Vlans 1-4094 allowed.
 Vlans allowed and active in management domain.
 Vlans which are allowed, active state and available in vlan database.
 Vlans in spanning tree forwarding state and not pruned.
 Vlans which are available in database and for which traffic can be forwarded.
 Dynamic Pruning
 USING VTP pruning we can allow Vlans on trunk Port
 By default VTP pruning is disabled ,
 For VTP pruning , join msg is used
 Join msg is periodic msg send by every switch after every 6 sec.
 It is sent for only those Vlans that have users connected to them.
 Join msg have VLAN list those have host in it

VTP VERSION

 IN version 1 and 2
i. Server and client
1. Those switches only support standard Vlans
2. Those have vlan information in vlan.dat file
ii. Transparent
1. Those switches can support standard and extended
Vlans
2. Those have vlan information in vlan.dat file also in
running-config
iii. Password is in plain text
iv. VTP version 2
1. Support Token Ring

v. Version 2 (server + client) is compatible with transparent

switch Version 1. (vice versa )
Problem with Version 1 and 2

1) Synchronization Issue
2) Only standard Vlans supported
3) Password in plain text
4) VTP version 2 cannot distribute MSTP instances configuration.

VTP version 3
 No synchronization ( only master server switch can change
database)
 Password Protected/ hidden
 Use both types of vlan ( standard and extended )

VTP mode

 Server
o Primary server: -
 Only this server can change in vtp database.
 Only one server can become primary server.
 This server is configured manually
o Secondary server
 All servers are by default secondary server.
 If you want to configure primary server first it would be secondary.
 This server cannot change in vtp database.
o Client
 This is still same as version 1 and 2
o Transparent
 Still same as previous
o OFF mode
 To disable vtp on switch

VTP have features

 1. Feature Vlan
a. Which have vlan information
2. Feature MST
a. This vtp version can forward MST instance information like vlan.
b. This feature is not enabled by default
3. Unknown feature
a. This feature will use in future.

Note: - Vtp version 3 is enabled on every switch manually.

LAN Architecture
1) 2 tier
a. Access Layer
i. Access Layer Switches are only connected with distribution layer switches.
ii. High port density switches are required at access layer
iii. They should have high speed redundant uplinks to connect with distribution
layer switches.
iv. Layer 2 configuration like Vlans, trunk, Port-security, portfast, bpdu guard,
bpdu filter.
b. Distribution Layer
i. The switch who provides connectivity to access layer 2 switches.
ii. Access Layer switches traffic merged on distribution layer switches
iii. High port density switches required.
iv. High speed links are needed because amount of traffic is more than the
access layer switches.
v. Routing is configured at layer.
vi. QOS , FHRP , ACL , SVI etc
2) 3 tier
a. Access Layer
b. Distribution Layer
c. Core Layer

STP (Spanning Tree Protocols)

a) Loop Avoidance
b) It is an Open standard Protocol.
c) It is layer 2 protocols.
d) By default, STP is enabled.
e) It is always multicast BPDU 0180.c200.0000
f) It keeps track of redundant Links.
g) If active Link goes down, STP will enable Backup link automatically.
h) When switches forward a frame endlessly in a network is known as a bridging loop
i) ARP, DHCP (Discover) etc.

o How loop is created between switches?

1) When there is more than one link between switches.
 Redundancy Purpose (backup)
o Problems
1) Mac address Flapping
 A single mac address is getting learned on a single switch on multiple ports
very frequently (Less than a second)
 Suboptimal Behavior
2) Broadcast Strom
 Since there is no TTL in ethernet Header, this Broadcast will keep on
revolving around between the switches forever.
 Copies of broadcast are getting multiplicated on every switch.
 CPU utilization will be very high.
 Performance will be low.
 Hardware failure
o Rule:
1) A single port of a switch can learn multiple mac addresses.
2) A single mac address cannot be learned on multiple Ports of a same switch.
3) Only recent entries of mac address will be learned on a port of a switch.

 There are two method to prevent this loop

o Manually
 Disable all redundant links manually.
 If active link goes down, than enable redundant Links.
o STP
 Dynamic Protocols

 STP Types
1) Common Spanning-Tree (CST)
2) Per vlan Spanning-tree Protocols (PVST)
3) PVST+
 4) Rapid PVST+
5) Rapid STP (Open standard)
6) Multiple Spanning Tree Protocol (MSTP)

 STP Terminology
o Root Bridge
o BPDU
o Root Port/ designated Port
o Cost
o AlterNet Port/Blocking Port
o Flag

1) Root Bridge
a. The main switch in STP that is providing loop free path and topology.
b. Only one switch can become RB.
c. A switch which has best bridge id (lowest/Superior) will become Root Bridge.
d. In a single switched topology, there cannot be more than one RB.
e. By default , before election of RB , every switch in the topology consider themselves On
RB
f. BPDU’s will be sent through each and every Port of the RB.

Election Criteria:

o Lowest Bridge Id (8 bytes)

 Each Switch has a unique Bridge-id
 Lowest Priority (by default )
 32768
 16 bit (0-65535)
 Lowest base Mac add it is unique (cannot be changed)
 All Switches will participate in STP Election by sending conf. BPDU. By default, a switch will
announce itself as the root bridge.
 After the RB election, only the RB will generate configuration BPDU.

 Bridge Priority (2bytes) + Mac address (6 bytes)

 BP(4 bits) + extended system id(vlan Info) (12bits) + Mac address (6 bytes)
  Show Version
 Show Version | in Base

 Notes:-
1) Priority can be changed on switches.
2) Priority can only be changed in the increment of 4096.
3) Every Port of switch has a buffer memory.
4) All BPDU of RB is shared in that buffer memory.
5) One buffer can only keep one BPDU at a time.

BPDU (Bridge Protocols Data Unit)

 BPDU will share Best Bridge ID between Switches to elect the root bridge.
 STP generate hello msg after every 2 sec that is called BPDU msg.
 A BPDU which has best Bridge-id (Lowest) will always superior BPDU.

Types of BPDU msg

 Configuration BDPU
o Is used for election
o This BPDU msg will be generated periodically in every 2 second.
o First time all switches will send this BPDU.
o After election only RB will generate it and relay it on all interface toward all
connected switches.
o Periodic & Triggered
o Triggered BPDU
 When a switch send a configuration bpdu to participate in STP election
o Periodic BPDU
 After Root bridge election, only the RB will generate conf. BPDU in every 2
seconds.

 TCN (Topology change Notification)

 o It is used to notify any topology change between the switches so that re-election
can take place.
o It is send by Non-RB

Content of Configuration BPDU Message ( 35 bytes)

Protocols ID (Always 0) (2 bytes) STP (802.1d) It is always set a 0 (Zero)

It is use to identify that which protocol is
encapsulated in ethernet header. So for stp
identification is 0.
Version(1 bytes) It is use to identify that which version of STP is
using as like CST (0) , PVST/PVST+ (1) ,
RSTP/RPVST+(2),MST (3)
Message Type (Configuration or TCN BPDU) (1 bytes) It is use to identify that the bpdu are which type as
if we use Conf (0X00) , TCN (0X80)
Flags(1 bytes) Flag bits are identification that in C-BPDU is there
any other encapsulation of information as like
TC bit = 1 ( this bit is for the information of
received TCNBPDU)
TC ACK bit = 1 (This bit is for the information of
acknowledgement of received TCN-BPDU)
Root Bridge ID(8 bytes) Root Identifier (2 bytes) Priority + (6 bytes) Base Mac address
Root Path Cost(4 bytes) Path costs are defined as 4 bytes value. Cost is
predefined link by link according IEEE.
Max 32 bit short (16 bit) long (32 bit)
Sender Bridge ID (8 bytes)Bridge Identifier (2 bytes) Priority + (6 bytes) Base Mac address
Sender Port ID(16 bit) 8 bit Port Priority + 8 bit Port number
Message leave age (2 bytes) 7 sec
Maximum age (2 bytes) 20 sec
Hello Timer(2 bytes) 2 sec
Forward Delay Timer(2 bytes) 15 sec

Port Role

o Root Port
o Designated Port
o Blocked Port
 Alternate
 Backup
 2) Root Port
a. Every Non Root Bridge will elect their root path, which can only be one per non root
bridge.
b. Root port 
i. Shortest port/Link connected towards Root Bridge.
c. RB cannot have root port.
d. A port which receives superior BPDU will become Root Port.
e. There can be only single Port on Non-root Bridge.

3) Designated Port:
 A port which transmits superior BPDU will become DP.
 To send or relay BPDU’s
 Send  RB
 Relay  NRB
 Are not meant to receive BPDU but meant to send/relay BPDU’s
 All port of RB are DP
 Every collision domain have one DP only
 On a single segment both end can’t be either DP or non-DP
 DP and RP will always remain in Forwarding State.
 TCN will be send after learning state.

4) Blocked Port
a. Alternate Blocking  Redundant to RP (Non-Root Bridge)
b. Backup Blocking Redundant to DP (RB or NRB)
 It is a Backup port of Non RB which is receiving C-BPDU and this configuration BPDU is Inferior.
 Ports which are not elected as RP/DP will be elected as blocked Port
 Blocked Port can receive BPDU but cannot send / relay BPDU
 To Prevent loop in layer 2 network

Election for Port Roles

 Lowest Root bridge ID

 Lowest root path cost
 Lowest sender bridge id
 Lowest sender port id
 Lowest receiver Port id
 1) Lowest Root bridge ID
 RP port

2) Lowest Root path cost

 Link Cost predefined in STP
 Total Cost to reach Root Bridge.
 It is always carried in BPDU
 The root Bridge will generate a BPDU with root path cost 0 & the non
root bridge will add this link cost before forwarding that BPDU to next
switches.
 Short Cost 16 bit
 Long Cost  32 bit

Links Short Long

Ethernet 100 20,00,000
Fast ethernet 19 2,00,000
Gig eth 4 20,000
10 gig 2 2000
100 gig -- 200
1000 gig -- 20
10000 gig -- 2

 Link cost
o Cost associated with an interface.
o It is not carried in BPDU
 Root path cost
o Total cost to reach the root bridge.
 Whenever the cost is sent, cost will be added on the receiving and not sending int.
  RB always sends the cost on zero.

3) Lowest sender Bridge ID

 A non-root switch will forward BPDU after changing the sender Bridge-
Id
 It is used in STP Election
 Lowest Bridge Priority
 Lowest Base Mac add

4) Lowest Sender port id (2 bytes)

 It contain information of port number & Port-priority
 The switch who send BPDU will add this information
 It is the combination of Port Priority and Port number (128.1)
 4 bits = Priority
 12 bits = port number
 Port Priority is by (default =128 ) 8 bit = 2^8 =256 (0-255)
 Port number is the number of interface
b. Fa0/1 = 1
c. Fa0/2=2
 Flags
o TC (Topology Change )
o Proposal
o Port Role
o Forwarding
o Learning
o Agreement
o TCA (TC Acknowledgement)

 STP States
a) Disable When Port is Down
b) Blocking To Prevent Loop
o BPDU received only not send
o Never Learn User MAC Address
o No User Data Forwarding
o L2 control plane traffic is allowed to send and receive (CDP , DTP, etc)
c) Listening
o BPDU send And Received Both
 o Election is Done in this State
o 15 sec (by default) equal forward delay timer
o NO User Data Forwarding
o Never Learn User MAC Address
d) Learning
o BPDU send and Received Both
o Learn user mac address
o No user data forwarding
o 15 sec (by default )
e) Forwarding 
o BPDU received and Send Both
o Learn user mac address
o User data forwarding

 STP Timers
o Show Spanning-tree root
o Hello 2 sec
 BPDU are sent or received every 2 sec.
 It help to keep track of STP topology
 A switch will detect a failure when BPDU will be missing.
 Spanning-tree vlan 1-4094 hello-time 1
o Max Age 20 sec 
 How long a BPDU will be kept in buffer?
 Spanning-tree vlan 1-4094 max-age 10
o Forward Delay 
 Time taken by a port to get into forwarding state
 This timer will run twice each for listening (15 sec) + learning state (15 sec) = 30
sec.
 Spanning-tree vlan 1-4094 forward-time 7
o Message Age
 Retransmission time of BPDU
o Diameter
 Min =2
 Max = 7
 Time synchronization Problem
o Diameter= max Age on 7th switch / BPDU timer.
 o SW1(config)#spanning-tree vlan 1 root primary diameter
o Show spanning-tree interface fastethernet 1/0/19 detail | in BPDU

Types of STP

1. CST (Common Spanning tree)

 Open standard
 Layer 2 protocols ---802.1d
 BPDU are untagged
 There is a single loop free topology for all.
1) You can have only one RB per topology
2) BPDU encapsulate in Ethernet header 802.3 header
3) SMInt mac address
4) DM0180.c200.0000
5) If active link never goes down, this link will be considered as wastage of
resource.
6) In CST, which ever the switch is RB for vlan 1 will be RB for all the Vlans.
7) There will be only single instance for all the vlan.
8) There will be only one BPDU for all the Vlans.
9) One interface in CST will store only one BPDU and that too far only one vlan.
10) No capability for load balancing.
11) Slow convergence

2. PVST (Per Vlan Spanning Tree)

 Cisco Proprietary
 by default , it is enabled on cisco switches.
 BPDU’s are tagged
1) Encapsulate in SNAP Header
2) SMInt Mac address
3) DM0100.0CCC.CCCD
 It operates a separate instance of STP for each individual vlan.
 It can also offer load –balancing means you can utilize all available links and switches
in the topology.
  Only support ISL
 PVST will gen. BPDU for each vlan
 We can have multiple loop free topology
1) Multiple Root Bridges in a single topology
2) Can be done on the basis of per vlan RB
 PVST is not compatible with CST
 PVST is not more use in CISCO
 ADV
1) Load balancing
 No wastage of resources
 BPDU’s are being distributed B/w the switches.
 Disadvantage
1) CPU utilization is high.
2) Single instance for each vlan.

PVST+
 It stand for Per Vlan Spanning tree plus
 It operates a separate instance of STP for each individual vlan
 Capability for load balancing
 It support ISL and Dot 1Q both tagging methods on trunk port.
 Works same as PVST
 It is default on every cisco switches.

 System id ext
o will be added into the priority
o Because of this we have increment of 4096 in Bridge Priority.
 0-65535 = eg. 47692
 47692/4096 = 11.64(ignore .64)
 4096*11= 45056
 Step1 – step 2= 47692-45056 = 2636 vlan id

 STP interoperability
 CST
1) Open standard
2) Untagged
3) 802.1q
 PVST
 1) Cisco
2) Tagged
3) ISL
 Because of these three reasons, interoperability cannot be done b/w CST and PSVT.

 Rule of 4096 increment in Priority

 To make different bridge id for every vlan.
 Separate vlan instance with the help of sys-id-ext-1
 System id extended is by default enabled.
 It is support by pvst in cisco switches.

 Problem
 Vlan 1 Priority 10 Priority 11
 Vlan 3 Priority 8 Priority 11

 Solution
 Vlan 1 priority 0 Priority 1
 Vlan 2 priority 0 Priority 2
 Vlan 3 priority 0 Priority 3
 Vlan 4 priority 4096 priority 5000
 Vlan 5 Priority 4096 Priority 5001

32768 16834 8192 4096

0 0 0 0 0
0 0 0 1 4096
0 0 1 0 8192
0 0 1 1 12288
0 1 0 0 16384
0 1 0 1 20480
0 1 1 0 24576
0 1 1 1 28672
1 0 0 0 32768
1 0 0 1 36864
1 0 1 0 40960
1 0 1 1 45056
1 1 0 0 49152
1 1 0 1 53248
1 1 1 0 57344
1 1 1 1 61440

Bits
1 System extended ID
 2
4
8
16
32
64
128
256
512
1024
2048
4096
8192
16384
32768

Value will always be in multiple of 4096

 0*4096
 1*4096
 2*4096
 15*4096= 61440
 61440 + 4095 (vlan) = 65535
 Switch (config)#Spanning-tree vlan 1-10 Priority 4096

Root path manipulation

o RB change  Bridge Priority
 (0-61440)
o Manually change priority
 For all Vlans (1-4094)
 For range of Vlans ( 10 , 20 , 30 )
 For single vlan 10

How to create Root Bridge to any switch for all vlan

 2) Sw(config#)spanning-tree vlan 1-4096 priority 0 (increment of 4096)
3) Sw# show spanning tree vlan 1
4) Sw# show spanning tree vlan
5) Sw# show spanning tree summary

How to create Root Bridge to any switch for specific vlan

1) Sw(config)#Spanning-tree vlan 2 priority 0

Primary and secondary root bridge

1) It is used for load balancing and fault tolerance

2) Primary  priority (32768-8192)= 24576
3) Secondary  Priority (32768-4096)= 28672
4) Sw1(config)#spanning-tree vlan 1 root primary
5) Sw1(config)#Spanning-tree vlan 2 root secondary

Manipulation of Port role

 Cost  Received(Non-DP)
 Port Id  Sender(DP)

How change cost in Interface.

 Sw1(Config-if)#Spanning-tree cost 18
 Sw1(config-if)#Spanning-tree vlan 6-10 cost 18
 Sw2#Show spanning-tree vlan 1 interface fastethernet 0/21 details
o It will show path cost 19

How to change Port-Priority in interface

 Sw1(config-if)#Spanning-tree Port-priority 112

 Sw1(config-if)#Spanning-tree vlan 6-10 Port-Priority 112

Note: Cost will always calculate on non- DP

 Topology Change in STP
 Whenever a port will move from blocking to forwarding state.
 Whenever a switchport will move from forwarding to blocking or down state.
 TCN BPDU (Topology Change Notification )
1) Protocol = STP
2) Version = 1
3) Type = TCN
 What is Topology change?
1) If any link goes down on a switch then, it send a TCN BPDU to the RB to converge
the topology.
2) TCN BPDU send by non-root bridge Only from RP port
 Direct Topology Change.
 Indirect Topology Change.
 Insignificant Topology change

Direct Topology Change

1) When RP goes down and BP (ALT) exist.

2) Converge time = 30-32 sec
a. Problem  till 30-32 sec, user traffic will be blocked.
3) When switch have minimum one alternet port available then direct topology change will
occur if any port goes down or come up.
4) If link goes down between switch 1 & 2, both switch detects a link down, immediately
both switch will delete there mac entry of those ports.
5) Switch 2 will remove the previous best bpdu that is received from the root bridge over
port 0/2 is now down so that bpdu is no longer valid.
6) Switch 2 will change blocking state in to listening state and send TCN BPDU to switch 3
7) Then Switch 3 will on TCA in Conf BPDU and forward it to sw2
8) Switch 3 will forward that TCN bpdu toward switch 1
9) Switch 1 will send config bpdu with TC (1) and TCA (1) from Root Bridge through switch
3.
10) All switches will change their aging time 300 to 15 sec.
11) Switch 2 ports will become RP in listening state for 15 sec.
 12) After 15 sec all switches mac table will flush. And port 0/1 of switch 2 will change state
from listening to learning for 15 sec.
13) Between these 15 sec (learning state) if pc1 sw2 send data frame to pc1 sw3 , switch 3
will flood this frame(unknown unicast flooding)
14) After completing 15 sec, port 0/1 of switch 2 change its state from learning to
forwarding , again generate TCN from RP port .Now switch 2 can send data frame from
its port 0/1 after that switch 3 and switch 1 receive frame and build mac table.
15) But when sw3 will send TC (0) AND TC Ack (0) then again switch will change aging in 300 sec.

UPLINK FAST

a. This feature is enabling on a switch which have alternate port.

b. Shortest link Connected towards RB
c. Uplink fast will keep the track of all blocked Ports.
d. Uplink fast is request only on switches having blocked Ports.
e. If RP goes down, Uplink fast will immediately put the blocking port into forward without
listening and learning.
f. It reduces 30 secs.
g. Uplink fast will already keep a record of next eligible blocked port to become RP
h. By default Uplink fast is disabled but if enabled then the priority of the switch will
increase by 49152 and port cost will increase by 3000
i. Uplink fast will only work when priority of switch is default.
j. If the priority is not default, then uplink will not work and will not increase the priority
or cost.
k. Will reduce the convergence time of 30 sec.

Dummy Multicast Frame (Uplink Fast)

 To avoid unknown unicast flooding.

1) (Config)#spanning-tree uplink fast max-update-rate<value>
2) By default 150 packet per send

Indirect Topology Change

1) RP goes down and DP exists but no BP on that switch.

2) Only RP and BP receive BPDU.
3) Since Sw3 is not sending any BPDU toward a Sw2.
4) Sw2 will consider that connectivity with RB is down.
5) Sw2 will start to consider itself on RB.
 6) Sw1 which is having BPDU for Original Sw3 (RB) will start to receive inferior BPDU from
Sw2 but will not store into buffer.
7) All BPDU received till 20 sec will be dropped from sw2.
 BufferOnly one BPDU per vlan can be stored.
 In a switched topology one switch can be RB per vlan.

 When Buffer on SW1 gets empty it will store the BPDU of Sw2
 SW1 will consider BPDU of Sw2 as inferior
 Sw1 will make its port as DP to send superior BPDU sw3 toward SW2
 When sw2 gets the Superior BPDU of Original RB
 It will make its DP as RP
 Earlier DP port was in forwarding state so RP will also be in forwarding state (no
listening + learning)
 On SW1, after 30 sec DP will come into forwarding state.
 After getting any blocking port into forwarding state
 Sw1 will generate TCN and will send through RP toward RB.
 SW2 also generate TCN toward Sw1
 Total convergence time = 20 max age + 30 sec Fwd(Block to DP)= 50 sec to 52 sec

Backbone fast

1) This feature is enabled on all switches

2) By default , disabled
3) Solution for indirectly topology change.
4) To reduce convergence time of 50 sec to 30 sec by reducing 20 sec of max age.
5) Backbone fast should be enabled on switches where inferior BPDU can be received
6) It will not let port to run 20 sec of max age.
7) Sw2 will immediately accept the inferior BPDU received from Sw3
8) And at the same will generate RLQ (Root link Query) through RP port only to check whether
original RB is alive or not.
9) RB should also be enabled with backbone fast so that RLQ-Response can be sent.
10) If RLQ-Response is not received then Sw2 will not be able to send superior BPDU
11) After backbone fast  total converge time will be 30 -32 sec.

Insignificant Topology Change

1) When any port does not receive any BPDU in return ever, that port will always be
elected as DP.
 2) If port is elected as DP  Must be sending BPDU
3) This port is a port of STP algorithm
4) Problem Unknown unicast Flooding
5) When access port goes down and comes up then switches generate TCN BPDU and
these kinds of changes known as insignificant topology change.
6) If any link status goes down or come up, the switch must see that as a topology change
and inform to the root bridge.
7) If the pc on switch B is turned off , the switch detects the link status going down
8) Switch B sending tcn bpdu towards the root bridge over its port 0/1.
9) The root bridge sends a RP port tcn ack back to switch B and then sends a configuration
bpdu with tcn flag bit set to all downstream switches. This is done to inform every
switch of a topology changes somewhere in the network.
10) The tcn flag is received from the root, so both switch set there mac aging time 300 sec
to 15 sec. The aging time stays short for the duration of the forward delay time.

Portfast

a. Solution  insignificant topology change

b. Portfast can only work on access ports
c. Port fast access port will become edge port “ connected toward end devices”
d. Port fast enabled access ports will not let switch to generate TCN BPDU
e. Port fast enabled access port will move directly to forwarding state once
protocols comes up
i. No listing and learning state
f. But port role will remain DP
g. If DTP is enabled received (DTP MSG) on portfast  port will become trunk
portfast property will also removed
h. Switch port mode access
i. Configuration  per port and global
i. spanning-tree portfast default Ios v12 & above
ii. spanning-tree portfast edge default IOS v15 & above
iii. -if)#spanning-tree portfast
Problem with PVST + and CST

 STP timer convergence

 Normal port – 30 secs
 Direct topology changes  30 secs
 Indirect Topology changes  50 secs

RSTP (Rapid spanning tree Protocols)

 It is rapid-pvst+
 It is a layer 2 protocol.
 IEEE standard 802.1w
 It has fast convergence.
 RB, RP, DP election criteria is same as STP.
 Portfast is required on access ports.
 Only configuration BPDU is generated by every switch
 Don’t have TCN BPDU

RSTP 802.1w (Rapid Spanning Tree Protocols) CST algorithm –

802.1D (open standard)
RPVST+ (Rapid PVST+)PVST+ algorithm (cisco pro.)
 Timer
o Hello  2 sec
o Max Age  6 sec
o RSTP have not receive 3 BPDU continue it will expire BPDU
 Port State
o Discarding (disabled + Blocking + listening)
o Learning
o Forwarding
 Port Roles
 o RP
o DP
o Blocking
 Alternate
 This port is alternate for RP.
 Backup
 This port is backup for of DP.

 RSTP BPDU
o Protocol – STP
o Version – 2
o Type – configuration/TCN
o Flags – 8 bits

 CST/PVST +  Flag  TC/TCA

 RSTP/RPVST+
o Flag (8 bit)
 7TCN (no generate)
 6Proposal
 5port role
 4Port role
 3learning
 2forwarding
 1Agreement
 0TC ACK (no use)
 Port Role

2nd bit 3rd bit

0 0 Reserved
0 1 Alternate/Backup
1 0 Root Port
1 1 Designated Port

 Uplink fast | backbone fast exist in rstp/rpvst + but does not work
 Port fast in rstp / rpvst + only does not let switch to generate TCN.
 Port type
o Edge
 Connected to end devices
 Access Port
 STP Election is not required on edge port.
 Which are enable with portfast
o Non-Edge
 Connected to other switches.
 STP Election should be performed on non-edge port.
 Shared
Use different duplex both side
 P2P
 Two switches only in a single collision domain.
 RSTP/RPVST+ algorithm do not work in half duplex.
o In shared port type, rstp/rpvst+ algo will automatically get converted
into cst/pvst+ respectively.
o (config)#spanning-tree link type <shared | Point-to-point>
 Proposal 
o Proposing itself to other switch as a RB.
o Can only be sent through DP.
Agreement 
o Agreeing that other switch is RB
o Can only be sent through RP
 When switches considers themselves as RB , they make their ports as DP
and Start sending BPDU with Proposal flag set as 1.
 When Sw 1 which elect as RB will continues to send BPDU with Proposal
flag set as 1.
 Other switch which is not elect as RB , will send the BPDU with proposal
flash set as 0 but agreement flag set as 1 after making the port as RP.
 Until Agreement BPDU is received RB Will keep the port as DP but will
remain in learning but once the agreement bpdu is received, it is configured
that port will be DP and can be moved to forwarding state.
 Now sw2 will turn off the agreement flag to confirm the port on RP only
when it receives the next bpdu with proposal flag set as 0 and forwarding
flag set as 1
 After confirming the RP , it will put the port into forwarding state and sends
this last bpdu towards RB to allow it to begin data forwarding
 The Port which is elected as RP will send the agreement as usual but
agreement needs to be sent through other port which is elected as block
which cannot send agreement
 In order to do that , sw2 will sync the actual RP and will make blocking port
temporarily as RP to sent out the agreement to put the other switch DP is
fwd state
 Once the port number 2 (which is actual blocking but temporarily right
now in RP) , receives the next bpdu with Proposal flag set as 0 will put its
port back to blocking and unsync the actual RP and Data forwarding can
now begin.

 Topology change

o In RSTP/RPVST +, this will send by every port to the switches no need

to send the root bridge.
o After Receiving TCN switches flush mac address table immediately.
o TC while timer is 2*hello timer (4 secs)
 PVST and RPVST+ can only generate 128 configurations BPDU. It means a
switch cannot run more than 128 STP instances.
 CST  Single Instance Open standard Convergence slowRSTP
PVST  Per vlan Instance  Cisco RPVST +
o You can have per vlan Root Bridge but you cannot have different
switches as Root Bridge for different Vlans.
MSTP Multiple Instance for Multiple vlan

MSTP (Multi spanning-tree Protocols)

1. It is open standard Protocols
2. IEEE Standard is 802.1s
3. By default Instance 0 exists and all the vlan will mapped into that Instance.
4. Instance zero is called CIST (Common Internal spanning tree)
5. Network Admin can control number of STP instances.
6. We can create multiple Instances according to our requirement
7. Its convergence is same as RSTP
8. RB, RP, DP Port election criteria is same as STP.
9. On normal switches support max 16 instances are available (0-15).
10.On MLS (4500 , 6500) switches can support 65 instances (0-64)
11.The switch that will become Root Bridge for instance 0 will be generating
configuration bpdu with M-record. It is also known as CIST Root Bridge.

MST Attributes

o Name (32 character) by default NULL (optional)

o Revision Number (0-65535) by default 0 (Optional)
o Instance (1-4094) by default 0
 Cisco switches support 16 MST instances
 You cannot create / delete MST instances 0

There are two types of MSTP

o Intra domain Region

 If all attributes are same then it is known as Intra Region.
o Inter Domain Region
  If any attributes are not same then it is known as Inter region
o Inter Region is use to make communication Possible between to Intra
Region.

MST BPDU
 Protocol – STP
 Version – 3
 Type – configuration
 Flags = ALL Flags
 MST Extension (M-record)
o Name – cisco
o Revision number – 10
o Hash value – xcod
o CIST 0 instance
o IST 1
o IST 2
o IST 3
 In a single bpdu have information of all the instances?
 Switch is going to match hash value with another switch hash value , if hash
value is same that is belong to same region otherwise it belong to different
region .
 Hash value (name , revision number , vlan mapping )
 Master
o This port is kind DP but you can’t send bpdu from here
 IF any port is block for instance 0 so it will block for other instance also.

Configuration of MST

 Sw(Config)#Spanning-tree mode MST

  Show Spanning-tree Summary (to check)
 Show Spanning-tree MST configuration (to check MST configuration)
 Show Spanning-tree MST configuration digest (to check MST digest hash)
 Sw1(Config)# Spanning-tree MST 1,2 root Primary
 Sw2(Config)# Spanning-tree MST 1,2 root secondary
 Show current
 Show pending

Vtp version 2
 Disadvantage
o Synchronization
o Password  Plain text format
o Extended vlan are supported on a transparent switch only.
o A domain can have more than one server and every server switch is allowed to make
changes to vlan database.

VTP version 3
1) VTP version 3 is compatible with version 1 & version 2
 2) A vtp version 3 server switch can update database of vtp version 1 and
version 2 switches.
3) We can create extended vlan

VTP mode

 Server
o Primary server: -
 Only a single can be configured Primary server for feature VLAN
and MST
 Only this server can change in vtp database.
 Only one server can become primary server.
 This server is configured manually
o Secondary server
 All servers are by default secondary server.
 If you want to configure primary server first it would be
secondary.
 This server cannot change in vtp database.
o Client
 This is still same as version 1 and 2
o Transparent
 Still same as previous
o OFF mode
 To disable vtp on switch

VTP have features

4. Feature Vlan
a. Which have vlan information
5. Feature MST
a. This vtp version can forward MST instance information like vlan.
b. This feature is not enabled by default
6. Unknown feature
a. This feature will use in future.
Note: - Vtp version 3 is enabled on every switch manually.

 #vtp primary vlan ( a switch will participate in primary server election )

 The switch having lowest base mac address will be the winner of
primary server election.
 Whenever any changes will be made to the MST configuration, VTP
primary server will increase CR number automatically.
 You are only allowed to configure MST instances on the primary server
for MST.
 #VTP primary vlan force
 . #VTP mode server vlan
 #VTP mode client vlan
 Show vtp devices
 #VTP mode server MST
 #VTP mode client MST
 #VTP primary MST Force
 VTP password ccie hidden
 VTP password ccie secret
 SW2(config-if)#spanning-tree mst 1 port-priority
 SW2(config-if)#spanning-tree mst 1 cost
STP Protection
 In which we will protect the root bridge from other switches or attacker.
o BPDU Guard
o BPDU Filter
o Root Guard
o Loop Guard
o UDLD

BPDU Guard

 We can enable this feature on host ports on a switch to protect the root bridge which port
is in portfast configuration.
 Only for access port
 Portfast ports continue sends + receive BPDU’s
 If BPDU guard is enabled , then it will stop receiving any BPDU (either
inferior/Superior)
 If BPDU is still received then switch will put the port into error disabled mode.
 Error- disable mode shut down state
 Error-disable state cannot be recover automatically
 Recovery 
o shut / no shut(manually recovery)
o error disable recovery (dynamic)
o by default disable
o Switch(config-if)#spanning-tree bpduguard enable
o Switch(Config)#spanning-tree portfast default
o Switch(Config)#spanning-tree portfast bpduguard default

How to recover any port from error disable

o Sw1(config-if)#error disable recovery cause all/bpduguard

o Sw1(config-if)#error disable recovery interval 60
o Show interface status err-disabled
BPDU Filter

 BPDU guard only stops receiving the BPDU but BPDU can still be sent.
 BPDU filter allows us to stop sending the BPDU through the portfast ports.
 BPDU filter should be applied on Access ports.
a. Also will not put the port into err disable state.
 Sw (config-if) #spanning-tree bpdufilter enable.
 Sw (config-if) #spanning-tree bpdufilter disable.
 Sw(config)#spanning-tree portfast default
 Sw(config)#spanning-tree portfast bpdufilter default

Root Guard

 This feature can enable on non-edge ports (DP), those are receiving superior bpdu from non
root bridge.
o Will keep the track of all DP ports
o It will protect current RB from any superior BPDU.
o If received then the port will move root inconsistency state for 20 sec.
o Inconsistency Temporary blocking state Protocol Down.
o Once current RB starts to receive inferior bpdu on root guard enabled ports,
then port will automatically recover from blocking stateProtocols UP
o Root Guard can be enabled on per-int basis On RB’s all DP.
o Root Guard will block the ports on per vlan basis (v15.0&above).
o Recommended to be only used on primary & Secondary RB’s.
 How to configure Root Guard
o Sw1(config)interface fa0/19
o Sw1(config-if)#spanning –tree Guard root
o Sw1# Sh spanning-tree inconsistenetports
 Port will automatically remove from root inconsistent state immediately.
 If we will enable ROOTGUARD on RP port will stop to receive superior BPDU and when
superior BPDU will come on it then this port will go in ROOT INCONSISTANT state.
Loop Guard

 BPDU not receiving on switch C port 0/2 due to traffic congestion or any other
problem like IOS bugs.
 Keep the track of all RP Ports to not make them as DP to avoid Loop
 Switch C will wait for bpdu for 20 sec on port 0/2 because BPDU max-age timer is 20
sec.
 Switch C will change its state of 0/1 port from blocking to R.P.
 Switch C change its state of port 0/2 from RP to DP (this port will not come in
blocking state because no BPDU are receiving on that port)
 Now loop is occur in this topology because both port are in forwarding state
between switch A and Switch C.
 # Spanning-tree bpdufilter enable.
 Sw(config-if)#spanning-tree guard loop
 Note : should be enable on Non-RB(trunk RP Port)
 Should be enabled on
o Global basis
o Per int basis
 After enabling loop guard on all RP port, in any root port not receive bpdu than it
will wait for 20 sec and after 20 sec this port will become loop-inconsistent state.
Now there is no chance loops. We can’t enable for per vlan bases.

UDLD (Unidirectional Link Detection)

 It is used to detect link is bidirectional and unidirectional link

 Mostly commonly used for fibre cables.
 It is layer 2 protocols.
 Cisco Proprietary
 It’s sending keepalive after 15 secs and other switch reply with the same keepalive,
which is sent by sw1.
 SMACint mac
 DMAC0100.0ccc.cccc (CDP,DTP,VTP,PAGP,UDLD)
 Timers
o Hello 15 sec
o Hold 45 sec
 UDLD Modes
 Normal 
o Switch will only generate a log but data forwarding will remain.
o UDLD msg 7 sec
 Aggressive 
o Switch will start sending echo frames every 1 sec till 8 sec.
o UDLD msg 15 sec.
o If still no echo frames is received then the port will move into err
disable state.
 Configuration of normal mode
o Sw1(config)# udld enable
o Sw1(config-if-range)# udld port
 Configuration of aggressive mode
o Sw1(config)#udld enable
o Sw1(Config-if-range)udld port aggressive
o Show udld fastethernet 0/19
o Show udld nei
  STP

1) Loop Free Topology

2) Redundancy
3) Cannot provide load balancing of physical links.

Ether channel
 It is a layer 2 technology which is used to bundle multiple physical
links into logical link
 It will not only provide redundancy but also load balancing of
physical links.
 Load balancing for a single vlan
 To increase bandwidth and load balancing

 Requirements:-
 1) Speed same ( 10 mbps , 100 mbps)
2) Duplex same (half duplex , Full Duplex)
3) Port type ( Access , trunk)
4) Access- same vlan
5) Trunk – encapsulation same , all allowed vlan
6) Native vlan same

 Port channel: - Bundle of multiple Physical links.

 Group number: - To identify or differentiate multiple channels on
same or different switches.
1) Adjacent channels can have same or different group number.
2) One switch cannot have two port channels with same group
number.
3) When multiple physical links are bundled together, STP
considers them as a single logical links.
 BPDU’s will be sent through the port having least port priority or
port number.
 Port priority + port number will be checked separately in respect
of port channel interface through which BPDU needs to be sent.
 Port channel can inherit any mac address randomly from the ports
bundled in that port channel.
 Only one bpdu can be sent port channel.
 Broadcast received on one interface of a port channel will not be
forwarded to other interface of same port-channel.
 Bandwidth
1) Total capacity of the link.
 Through put
1) capacity utilization
2) Time consumption is less, throughput will increase.
  Any command executed on the port channel interface will be
replicated on physical interface who are member of that port-
channel interface.
 To avoid Misconfiguration, you should always make configuration
on the port-channel interface.

Etherchannel Misconfiguration Guard

 By default enabled
 Timer 15 sec
 After 15 sec, sw1 will put its entire port channel into errdisable-
state.
 It is recommended to shut down all the interface and then do the
configuration
 After configuration, within 15 sec unshut the interface.
 SW2(config)#spanning-tree etherchannel guard misconfig

How to configure Ether channel

1) Static :- ON mode
a. #channel- group 2 mode on
 Etherchannel Misconfiguration guard is enable by default on
switch
 Port will move in err-disable.
 Spanning-tree etherchannel guard misconfig.
 Errdisable recovery cause channel-misconfig
2) Dynamic :- Protocols
a. PAGP(Port Aggregation Protocols)
i. Cisco Protocols
ii. DMAC – 0100.0CCC.CCCC
iii. Per ether channel = Max 8 links can be bundled
 iv. Mode
1. Desirable (negotiate)
a. It can initiate as well as negotiate for bundling
2. Auto ( wait)
a. It can only negotiate for bundling
 Auto --- Auto (no etherchannel)
 Auto ---Desirable (etherchannel)
 Desirable ---Desirable(etherchannel)

Pagp Directional Mode

 Silent
1) It will create port channel without checking
bidirectional connectivity for every port.
 Non-silent
1) It will check bidirectional connectivity for every port,
both side need desirable.
2) SW1(config-if-range)#channel-group 1 mode
desirable non-silent

How to configure Pagp

 #channel-group 1 mode auto

 #channel-group 1 mode Desirable

b. LACP(Link Aggregation control Protocols)

1) Open standard
2) Link bundling Protocol
3) Per etherchannel = max 16 links can be bundled
4) It can also support Cisco IOS
5) 16 links bundling
 8 link  Active
 8 link  Standby
 6) Modes
 Active (like desirable)
 Passive (Like auto)
 Passive --- Passive (no eth)
 Active ---Passive(Formed)
 Active---Active(Formed)
 Show Lacp 10 neighbor

LACP Port-id

 Active & Standby

 Lowest Port Priority(etherchannel)
1) Default = 32768 (0-65535)
 Lowest Port number
1) Priority + Interface number
 32768 + 1
 Active interface those have lowest lacp port-id
 #Sh lacp internal
 Sw1(config-if)#lacp port-priority 20

Active switch Election

 The switch which will decide, which of its ports will be active &
standby.
 LACP system-id
1) Lowest Priority + lowest base mac address ( 32768+ OA)
 0 -65535
2) Active switch in lacp which have lowest lacp system-id
3) #show lacp sys-id
4) #lacp system priority (0-65535)
 5) Sw1(config)#lacp system-priority 1
6) Fast timer
 Hello 1 Sec
 Hold 3*hello Sec
7) Slow timer =
 Hello = 30 sec
 Hold = 180 Sec
 If)#Lacp rate (fast/normal)

How to configure LACP

 #channel-protocol LACP
 #channel- group 2 mode Active
 #channel- group 2 mode passive

Etherchannel Load Balancing Algorithm

 Basic Rule
1) Link Bundling
 2^1 = 2 Links =1 Bit = 0-1
 2^2 =4 Links = 2 Bit = 0-3
 2^3 = 8 Links = 3 Bit = 0-7
 2 link = 1 least bit in address
1) 0000.0000.000A
2) A= 1010
 4 links = 2 least bit in address
1) 0000.0000.000A
2) A= 1010
 8 link = 3 least bit in address
1) 0000.0000.000A
 2) A= 1010

Hexadecimal Binary Interface

0 000 1
1 001 2
2 010 3
3 011 4
4 100 5
5 101 7
6 110 7
7 111 8

Load balancing in ether-channel

 9 algorithm
i. SRC MAC
ii. DST MAC
iii. SRC DST MAC
iv. SRC IP
v. DST IP
vi. SRC DST IP
vii. SRC PORT
viii. DST PORT
ix. SRC DST PORT
x. Only Support on 4500 series and above.
xi. Test etherchannel load-balance interface port-channel 10
mac 0000.0000.000a 0000.0000.000b
xii. XOR operation

Configuration:-
  Show etherchannel Summary
 Show etherchannel detail
 channel- group 2 mode on
 Show etherchannel
 show etherchannel load-balance
 Port-channel load-balance DST –mac

Layer 3 Ether-channel
 3 tier architecture
1) Core layer
 9300 , 9000
 Services , firewall , nat , vpn
2) Distribution layer
 4500 , 6500
 Connect layer 2 and layer 3 network
 Inter vlan routing , servers , etherchannel
3) Access layer
 2950 , 2960
 Host connectivity
 Spanning tree , etherchannel

Disadvantages
 Increase database
 Routing table
1) SH VLAN Internal USUAGE