- ICND 1 v.2
- exam 100/101 requirements
- Operation of IP Data Networks
- Recognize the purpose and functions of various network devices
such as Routers, Switches, Bridges and Hubs
- Select the components required to meet a given network specification
- Identify common applications and their impact on the network
- Describe the purpose and basic operation of the protocols in
the OSI and TCP/IP models
- Predict the data flow between two hosts across a network
- Identify the appropiate media, cables, ports, and connectors
to connect cisco network devices to other network devices and
hosts in a LAN
- LAN Switching Technologies
- Determine the technology and media access control method for
Ethernet networks
- Identify basic concepts and the operation of Cisco Switches
- Collision Domains
- Broadcast Domains
- Types of switching
- CAM Table
- Cisco IOS commands to perform basic switch setup
- Verify network status and switch operation using basic utilities
such as ping, telnet and ssh.
- Configure and verify VLANs
- Configure and verify trunking on Cisco switches
- Auto negotiation
- IP addressing (IPv4 / IPv6)
- IP Routing Technologies
- Describe basic routing concepts
- Configure and verify utilizing the CLI to set basic Router configuration
- Cicso IOS commands to perform basic router setup
- Configure and verify operation status of an ethernet interface
- Configure and verify routing configuration for a static or
default route given specific routing requirements
- Differentiate methods of routing and routing protocols
- Static vs Dynamic
- Link state vs Distance Vector
- ip routing table
- Passive interfaces
- Configure and verify OSPF (single area)
- Configure and verify interVLAN routing (Router on a stick)
- sub interfaces
- upstream routing
- encapsulation
- Configure SVI interfaces
- IP Services
- Configure and verify DHCP (IOS Router)
- Configuring router interfaces to use DHCP
- DHCP options
- excluded addresses
- lease time
- Describe the types, features, and applications of ACLs
- Configure and verify ACLs in a network environment
- Named
- Numbered
- Log option
- Identify the basic operation of NAT
- Purpose
- Pool
- Static
- 1 to 1
- Overloading
- Source addressing
- One way NAT
- Configure and verify NAT for given network requirements
- Configure and verify NTP as a client
- Network Device Security
- Configure and verify network device security features such
- Device password security
- Enable secret vs enable
- Transport
- Disable telnet
- VTYs
- Physical security
- Service password
- Describe external authentication methods
- Configure and verify Switch Port Security features such as
- Sticky MAC
- MAC address limitation
- Static / Dynamic
- Shutdown unused ports
- Err disable recovery
- Assign unused ports to an unused VLAN
- Setting native VLAN to other than VLAN1
- Configure and verify ACLs to filter network trafic
- Configure and verify an ACLs to limit telnet and SSH access to
the router
- Troubleshooting
- Troubleshoot and correct common problems associate with IP
addressing and host configurations.
- Troubleshoot and Resolve VLAN problems
- identify that VLANs are configured
- port membership correct
- IP address configured
- Troubleshoot and Resolve trunking problems on Cisco switches
- Troubleshoot and Resolve ACL issues
- Statistics
- Permited networks
- Troubleshoot and Resolve Layer 1 problems
- Oficial ICND1 v2 Cert Guide
- 1. Networking Fundamentals
- 01. The TCP/IP and OSI Networking Models
- defines a large collection of protocols
- Protocol
- a set of logical rules that devices must follow to communicate
- uses documents called RFC - Requests for Comments
- Networking model also called networking architecture or networking
- Layers
- Application
- Transport
- Network
- Protocols
- IPv4, IPv6
- Addressing
- Routing
- Encapsulation
- uses packets (IP packets)
- Data Link
- Protocols
- Ethernet, Point to Point Protocol (PPP), T1
- Encapsulation
- uses frames
- LH - Link Header
- LT - Link Trailer
- Addressing
- Physical
- Protocols
- Bit Transmission
- Encapsulation
- refers to the process of putting headers(and sometimes trailers)
around some data
- The process of sending data over network - 5 Steps
- step.1 Create and encapsulate the application data with any
required application layer headers
- step. 2 Encapsulate the data supplied by the application layer
inside a transport layer header.
- step. 3 Encapsulate the data supplied by the transport layer
inside a network layer (IP) header
- step. 4 Encapsulate the data supplied by the network layer inside
a data link layer header and trailer
- step 5 Transmit the bits
- a standardized architecture defining network communication
- Protocols and specifications
- Layers.
- 07. Application
- 06. Presentation
- description
- the main purpose is to define and negotiate data formats suh
as ASCII text, EBCDIC text, binary, BCD, JPEG and etc.
- answers a simple question "How should this data be presented?"
- Encryption is defined by OSI as a presentation layer service
- Protocols and specifications
- Telnet
- Primary tasks
- Compatibility with the operating system
- Proper encapsulation of data for network transmission
- Data formating (ascii, binary)
- Data encryption, compression and translation
- Devices
- Hosts
- Firewall
- 05. Session
- 04. Transport
- 03. Network
- description
- main features
- logical addressing
- defines how each device can have an address that can be used by
the routing process.
- routing (fowarding)
- defines how devices (typically routers) forward packets to
their final destination.
- path determination
- refers to the work done by routing protocols to learn all possible
routes and choose the best route.
- Protocols and specifications
- IP
- Devices
- Router
- Encapsulation
- Datagram
- packet
- Network layer header
- Source IP address
- Destination IP address
- Other info
- Routing
- the routing layer
- two question process
- What valid paths exist from the local router to a given destination
- What is the best path (the "optimal path") to take
to get there ?
- 02. Data Llink
- description
- defines the rules that determine when a device can send data
over a particular medium
- also define the format of a header and trailer that allows devices
attached to the medium to successfully send and receive data
- Protocols and specifications
- Ethernet (IEEE 802.3)
- HDLC (High-Level Data Link Control)
- SDLC (Synchronous Data Link Control)
- PPP (Point to Point Protocol)
- PPPoE (Point to Point over Ethernet)
- CDP (Cisco Discovery Protocol)
- Frame Relay
- Devices
- LAN switch
- wireless access point
- cable modem
- DSL modem
- Encapsulation
- Datagram
- frame
- Data link layer header
- Destination MAC address
- Source MAC address
- Other info
- Switches
- two sub-layers
- LLC (Logical Link Control)
- MAC (Media Access Control)
- performs error detection
- FCS (Frame Check Sequence)
- 01. Physical
- Encapsulation terminology
- refers to the process of putting headers(and sometimes trailers)
around some data
- PDU (Protocol Data Unit)
- represents the bits that include the header and trailer fo that
layer, as well as the encapsulated data.
- Deencapsulation
- the process in wich the device interprets the lower-layer headers
and, when finished with each header, removes the header, revealing
the next higher layer PDU
- Benefits of layerd protocol specifications
- Less complex
- compared to not using a layered model, network models break
the concepts into smaller parts
- Standard interfaces
- allow multiple vendors to create products that fill a particular
role, with all the benefits of open competition
- Easier to learn
- it much easier to discuss and learn about the many details of
a protocol specification
- Easier to develop
- reduced complexity allows easier program changes and faster
product development
- Multivendor interoperability
- creating products to meet the same networking standards means
that computers and networking gear from multiple vendors can work
in the same network
- Modular engineering
- one vendor can write software that implements higher layers
and another vendor can write software that implements the lower
- 02. Fundamentals of Ethernet LANs
- Ethernet
- Wireless
- devices
- AP (Access point)
- acts like an ethernnet switch
- 03. Fundamentals of WANs
- Ethernet as a WAN Technology
- Ethernet emulation
- Ethernet over MPLS - EoMPLS (Ethernet over MultiProtocol Label
- Point-to-Point connection between two customer services
- Behavior as if a fiber Ethernet link existed between the two
- Internet Access links
- steps data takes
- 1. to send the IP packet to router R1 next, PC1 encapsulates the
IP packet in an Ethernet frame that has the destination MAC address
of R1
- 2. Router R1 deencapsulates (removes) the IP packet from the
Ethernet frame and encapsulates the packet into a new Ethernet frame,
with a new Ethernet header and trailer. The destination MAC address
is R2's G0/0 MAC address, and the source MAC address is R1's
G0/1 MAC address. R1 forwards this frame over the EoMPLS service
to R2 next.
- 3. Router R2 deencapsulates (removes) the IP packet from HDLC
frame, encapsulates the packet into an Ethernet frame that has the
destination MAC address of PC2, and forwards the Ethernet frame to PC2
- telco
- common abbreviation for telephone company
- installs a large network of cables and specialized switching
devices to create its own computer network
- creates a service that acts like a crossover cable between two
points, but the physical reality is hidden from the customer
- 04. Fundamentals of IPv4 Addressing and Routing
- IP routing
- the process of hosts and routers forwarding IP packets (Layer
3 PDUs), while relying on the underlying LANs and WANs to forward
the bits
- general process
- IP routing table lists IP address groupings
- IP networks
- IP subnets
- When a router receives a packet, it compares the packet's
destination IP address to the entries in the routing table and makes a match.
This matching entry also lists directions that tell the router where
to forward the packet next.
- uses ARP to dynamically learn the data link address of an IP host
connected to a LAN
- two main concepts
- The process of routing forwards Layer 3 packets, also called
Layer 3 PDU (Protocol Data Units), based on the destination Layer
3 address in the packet
- The routing process uses the data link layer to encapsulate
the Layer 3 packets into Layer 2 frames for transmission across
each successive data link
- IPv4 Routing
- two-step logic
- 1. If the destination IP address is in the same IP subnet as I am,
send the packet directly to that destination host.
- 2. Otherwise, send the packet to may default gateway, also known
as a default router. (This router has an interface on the same subnet
as the host)
- Router fowarding logic
- 1. Use the data link Frame Check Sequence (FCS) field to ensure
that the frame had no errors; if errors occurred, discard the frame.
- 2. Assuming that the frame was not discarded at Step 1, discard
the old data link header and trailer, leaving the IP packet.
- 3. Compare the IP packet's destination IP address to the
routing table, and find the route that best matches the destination
address. This route identifies the outgoing interface of the router,
and possibly the next-hop router IP address.
- 4. Encapsulate the IP packet inside a new data link layer header
and trailer, appropriate for the outgoing interface, and forward
the frame.
- IP addressing
- Addresses used to identify a packet's source and destination
host computer. Addressing rules also organize addresses into groups,
which greatly assists the routing process
- IP network
- means a very specific concept
- Internetwork
- refers more generally to a network made up of routers, switches,
cables and other equipment.
- IP address
- consists in a 32 bit number, usually written in DDN (Dotted Decimal
- each byte / octet (8 bits) is shown as its decimal equivalent
separated by dots
- the range of decimal number for each octet is from 0 to 255
- each NIC has its own unique IP address
- Classes
- A - Unicast
- 1 - 126
- Private addresses
- host id size
- 24 bits
- -
- reserved
- 127
- si reserved for loopback testing and interprocess communication
on the local computer.
- B - Unicast
- 128 - 191
- Private addresses
- host id size
- 20 bits
- -
- C - Unicast
- 192 - 223
- Private addresses
- host id size
- 16 bits
- -
- D - Multicast
- 224 - 239
- E - Experimental
- 240 - 255
- Classful IP network
- refers to any class A, B, C, because it is defined by class A, B,
C, rules
- Network ID = network number = network address
- IP Grouping
- IP networks
- IP subnets
- All IP addresses in the same group must not be separated from
each other by a router
- IP addresses separated by a routed must be in different groups
- Subnetting
- Def.
- defines methods of further subdividing IPv4 addresses intro
groups that are smaller then a single IP network
- defines a flexible way for anyone to take a single class A, B and
C and further subdivide it more into even smaller groups of consecutive
IP addresses.
- IP routing protocols
- A protocol that aids routers by dynamically learning about
the IP address groups so that a router knows where to route IP packets
so that they go to the right destination host.
- IPv4 Routing Protocols
- Goals
- To dynamically learn and fill the routing table with a route
to each subnet in the internetwork
- If more than one route is available, to place the best route in
the routing table
- To notice when routes in the table are no longer valid, and to
remove them from the routing table.
- If a route is removed from the routing table and another route
through another neighboring router is available, to add the route to
the routing table.
- To work quickly when adding new routes or replacing lost routes.
(The time between losing the route and finding a working replacement
route is called convergence time.)
- To prevent routing loops.
- General steps for learning routes
- 1. Each router, independent of the routing protocol, adds a
route to its routing table for each subnet directly connected to the
- 2. Each router's routing protocol tells its neighbors
about the routes in its routing table, including the directly connected
routes, and routes learned from other routers.
- 3. After learning a new route from a neighbor, the router's
routing protocol adds a route to its IP routing table with the next-hop
router of of that route typically being the neighbor from which the
route was learned.
- Other utilities
- DNS (Domain Name System)
- ARP (Address Resolution Protocol)
- ARP dynamically learns the data link address of an IP host connected
to a LAN
- def.
- the method by which any host or router on a LAN can dynamically
learn the MAC address of another IP host or router on the same LAN.
- ARP Request
- is a message that asks the simple request "if this is your
IP address, please reply with your MAC address"
- ARP Reply
- is a message which indeed lists both the original IP address
and the matching MAC address.
- hosts remember the ARP results, keeping the information in
their ARP cache or ARP table
- Ping (Packet Internet Groper)
- Uses ICMP (Internet Control Message Protocol) sending a message
called an ICMP echo request to another IP address.
- The computer with that IP address should reply with an ICMP echo
- Path selection
- sometimes used to refer to the routing process
- other times it refers to routing protocols, specifically how
routing protocols
- Default router
- on a router, the route that is considered to match all packets
that are not otherwise matched by some more specific route
- also referred as the "default gateway"
- 05. Fundamentals of TCP/IP Transport and Applications
- Layer 4 protocols
- TCP (Transmision Control Protocol)
- provides a variety of services to applications, whereas UDP
does not.
- provides error recovery
- to do so it consumes more bandwidth and uses more processing
- TCP header fields
- Source port (16 bits)
- identifies the sending port
- Destination port (16 bits)
- identifies the receiving port
- Sequence number (32 bits)
- dual role
- if the SYN flag is set (1), then this is the initial sequence number.
The sequence number of the actual first data byte and the acknowledged
number in corresponding ACK are then this number plus 1.
- if the SYN flag is clear (0), then this is the accumulated sequence
number of the first data byte of this segment for the current session.
- the sequence number field is used to set a number on each TCP packet
so that the TCP stream can be properly sequenced. The sequence
number is then returned in the ACK field to acknowledge that the packet
was properly received
- Acknowledgment number (32 bits)
- if the ACK flag is set then the value of this field is the next sequence
number that the receiver is expecting. This acknowledges receipt
of all prior bytes (if any). The firs ACK sent by each end acknowledges
the other end's initial sequence number itself, but no data.
- Data Offset (4 bits)
- specifies the size of the TCP header in 32-bit words.
- Reserved (3bits)
- for future use and should be set to zero
- Frag bits aka Control bits (9 bits)
- Window size (16 bits)
- the size of the receive window, which specifies the number of
window size units that the sender of this segment is currently willing
to receive.
- Checksum (16 bits)
- the 16 bit checksum field is used for error checking of the header
and data
- Urgent pointer (16 bits)
- if the URG flag is set then this 16 bit field is an offset from the
sequence number indicating the las urgent data byte.
- TCP connection establishment
- occurs before any of the other TCP features can begin their work.
- refers to the process of initializing sequence and acknowledgment
fields and agreeing on the port numbers used.
- three-way connection establishment flow (three-way handshake)
must complete before data transfer can begin.
- SYN (synchronize the sequence numbers)
- The fist host initiates a connection by sending a packet with
the initial sequence number "X" and the syncronize
/start "SYN" bit set to indicate a connection request
- The second host (host B) receives the SYN, records the sequence
number X, and replies by acknowledging ACK the SYN (with an ACK=X+1).
Host B includes its own initial sequence number (SEQ=Y). an ACK=20
means that the host has received 0 through 19 and expects byte 20 next.
This technique is called forward acknowledgment.
- Host A acknowledges all bytes that host B has sent with a forward
acknowledgment indicating the next byte Host A expects to receive (ACK=Y+1).
Data transfer can then begin.
- uses an additional flag for sequence termination
- Connection-oriented protocol
- A protocol that requires an exchange of messages before data
transfer begins, or that has a required preestablished correlation
between two endpoints.
- UDP (User Datagram Protocol)
- by providing fewer services, UDP needs fewer bytes in its header
compared to TCP, resulting in fewer bytes of overhead in the network.
- UDP software does not slow down data transfer in cases where
TCP can purposefully slow down.
- UDP data transfer differs from TCP data transfer in that no reordering
or recovery is accomplished
- UDP header fields
- Source port (16 bits)
- Destination port (16 bits)
- Length (16 bits)
- Checksum (16 bits)
- the UDP header has only 8 Bytes in comparison to the 20 byte TCP
- Connectionless protocol
- A protocol that does not require an exchange of messages and
that does not require a preestablished correlation between two
- Layer 4 Functions
- Multiplexing using ports
- Function that allows receiving hosts to chose the correct application
for which the data is destined, based on the port number.
- relies on a concept called a socket
- An IP address
- A transport protocol
- A port number
- Error recovery (reliability)
- Process of numbering and acknowledging data with Sequence
and Acknowledgment header fields.
- Flow control using windowing
- Process that uses window sizes to protect buffer space and routing
devices from being overloaded with traffic.
- Connection establishment and termination
- Process used to initialize port number and Sequence and Acknowledgment
- Ordered data transfer and data segmentation
- Continuous stream of bytes from an upper-layer process that
is "segmented" for transmission and delivered to
upper-layer processes at the receiving device, with the bytes in the same
- TCP/IP Applications
- QoS (Quality of Service)
- in general defines the quality of the data transfer between
two applications and in the network as a whole
- characteristics
- Bandwidth
- The volume of bits pers second needed for the application to
work well; it can be biased with more volume in one direction, or balanced.
- Delay
- The amount of time it takes one IP packet to flow from sender to
- Jitter
- The variation in delay
- Loss
- The percentage of packets discarded by the network before they
reach the destination, which when using TCP, requires a retransmission.
- general categories
- Interactive
- usually have a user at one end of the flow and the IP packets must
flow in both directions for meaningful work to happen
- Batch
- focus more on the bandwidth between two software processes.
- often do not even have a human user in the picture
- Real-Time
- audio and video calls over LAN
- WWW (Worl Wide Web)
- consists of all the internet-connected web servers in the world,
plus all internet-connected hosts with web browsers.
- web servers
- web browsers
- URL (Uniform Resource Locator) - web address
- Review.
- Weak
- Strong
- 2. Ethernet LANs and Switches
- 3. IP version 4 Addressing and Subnetting
- 11. Perspectives on IPv4 Subnetting
- 12. Analyzing Classful IPv4 Networks
- 13. Analyzing Subnet Masks
- 14. Analyzing Existing Subnets
- Review.
- 4. Implementing IP version 4
- 15. Operating Cisco Routers
- 16. Configuring IPv4 Addresses and Routes
- 17. Learning IPv4 Routes with OSPFv2
- 18. Configuring and Verifying Host Connectivity
- Review.
- 5. Advanced IPv4 Addressing Concepts
- 19. Subnet Design
- 20. Variable-Length Subnet Masks
- 21. Route Summarization
- Review.
- 6. IPv4 Services
- 22. Basic IPv4 Access Control Lists
- 23. Advanced IPv4 ACLs and Device Security
- 24. Network Address Translation
- Review.
- 7. IP Version 6
- 25. Fundamentals of IP Version 6
- 26. IPv6 Addressing and Subnetting
- 27. Implementing IPv6 Addressing on Routers
- 28. Implementing IPv6 Addressing on Hosts
- 29. Implementing IPv6 Routing
- Review
- 8. Final Review
- 30. Final Review.
- ICND 2 v.2
- Cisco exam 200/201 requirements
- LAN Switching Technologies
- IP Routing Technologies
- IP Services
- Troubleshooting
- WAN Technologies
- Oficial ICND2 v2 Cert Guide
- 1. LAN Switching
- 01. Spanning Tree Protocol Concepts
- all steps a LAN switch takes to forward a frame
- 1. Determine the VLAN in which the frame should be forwarded:
- 1.1. If the frame arrives on an access interface, use the interface's
access VLAN.
- 1.2. If the frame arrives on a trunk interface, use the VLAN listed
in the frame's trunking header.
- 2. Add the source MAC address to the MAC address table, with incoming
interface and VLAN ID.
- 3. Look fo the destination MAC address of the frame in the MAC
address table, but only for entries in the VLAN identified at step 1.
Follow one of the next steps depending on whether the destination MAC
is found:
- 3.1. Found
- forward the frame out the only interface listed in the matched
address table entry
- 3.2. Not Found
- Flood the frame out all other access ports in that same VLAN and
out all trunk ports that list this VLAN as fully supported (active,
in the allowed list, not pruned, STP forwarding)
- Problems caused by not using STP in redundant LANs
- Broadcast storms
- the forwarding of a frame repeatedly on the same links, consuming
significant parts of the links capacities
- MAC table instability
- the continual updating of a switch's MAC address table
with incorrect entries, in reaction to looping frames, resulting
in frames being sent to the wrong locations
- Multiple frame transmission
- a side effect of looping frames in which multiple copies of one
frame are delivered to the intended host, confusing the host.
- STP limits where a switch chooses to forward frames, for the
purpose of preventing problems with loops
- STP strikes a balance, allowing frames to be delivered to each
device, without causing the problems that occur when frames loop through
the network over and over again
- STP prevents looping frames by adding an additional check on
each interface before a switch uses it to send or receive user traffic
- if the port is in STP forwarding state, use it as normal
- if the port is in STP blocking state, however, block all user
traffic and do not send or receive user traffic on that interface
- STP prevents loops by placing each switch port in either a forwarding
state or a blocking state.
- STP convergence
- refers to the process by which the switches collectively realize
that something has changed in the LAN topology and so the switches
might need to change which ports block and which ports forward.
- STA (Spanning-Tree Algorithm)
- the process used by STP to chose the interfaces that should be
placed into a forwarding state.
- for any interfaces not chosen to be in a forwarding state, STP
places the interfaces in blocking state.
- the STP algorithm creates a spanning tree of interfaces that
forward frames
- STP uses three criteria to choose whether to put an interface
in forwarding state:
- 1. STP elects a root switch. STP puts all working interfaces
on the root switch in forwarding state
- 2. Each nonroot switch considers one of its ports to have the
least administrative cost between itself and the root switch. The
cost is called that switch's root cost. STP places its port
that is part of the least root cost path, called that swith's
root port (RP), in forwarding state.
- 3. Many switches can attach to the same Ethernet segment, but
in modern networks, normally two switches connect to each link.
The switch with the lowest root cost, as compared with the other
switches attached to the same link, is placed in forwarding state. That
switch is the designated switch (also called designated bridge),
and that switch's interface, attached to that segment, is
called the designated port (DP)
- STP: Reasons for forwarding or blocking
- Forwarding
- all the root switch's ports
- the root switch is always the designated switch on all connected
- each nonroot switch's root port
- the port through which the switch has the least cost to reach
the root switch (lowest root cost)
- each LANS's designated port
- the switch forwarding the hello on to the segment, with the lowest
root cost, is the designated switch for that segment.
- Blocking
- all other working ports
- the port is not used for forwarding user frames, nor are any frames
received on these interfaces considered for forwarding.
- STP goals for blocking ports
- All devices in a VLAN can send frames to all other devices. In
other words, STP does not block too many ports, cutting off some parts
of the LAN from other parts.
- Frames have a short life and do not loop around the network indefinitely
- STP messages identifier
- STP bridge ID (BID) is an 8 byte value unique to each switch
- consists of a 2 byte priority field and a 6 byte system ID
- BPDU (Bridge Protocol Data Units)
- switches use to exchange information with each other.
- hello BPDU
- details in BPDU
- Root bridge ID
- the bridge ID of the switch the sender of this hello currently
believes to be the root switch
- Sender's bridge ID
- the bridge ID of the switch sending this hello BPDU
- Sender's root cost
- the STP cost between this switch and the current root
- Timer values on the root switch
- includes the hello timer, MaxAge timer, and forward delay timer.
- types
- superior hello
- the listed root's BID is better (numerically lower)
- inferior hello
- the listed root's BID is worse (numerically higher)
- STP process main steps
- 1. Electing the root switch
- switches elect a root switch based on the BIDs in the BPDUs
- the lowest bridge ID
- if that ties, the lowest switch MAC address
- the root switch is the switch with the lowest numeric value for
the BID
- 2. Choosing each switch's root port
- picks the port on which the frames have the least cost path to
the root switch
- add their local interface STP cost to the root cost listed in
each received hello BPDU
- 3. Choosing the designated port on each LAN segment
- Default port costs defined by IEEE
- 100
- 10 Mbps
- 19
- 100 Mbps
- 4
- 1 Gbps
- 2
- 10 Gbps
- Reacting to state changes that affect the STP topology
- nothing is changing in the STP topology
- 1. The root creates and sends a hello BPDU, with a root cost of
0, out all its working interfaces (those in a forwarding state)
- 2. The nonroot switches receive the hello on their root ports.
After changing the hello to list their own BID as the sender's
BID, and listing that switch's root cost, the switch forwards
the hello out all designated ports.
- 3. Step 1 and step 2 repeat until something changes.
- something is changing in the STP topology
- the convergence process requires the use of three timers
- timers
- hello
- default value
- 2 seconds
- The time period between hellos created by the root
- MaxAge
- default value
- 10 times hello
- How long any switch should wait, after ceasing to hear hellos,
before trying to change the STP topology
- Forward delay
- default value
- 10 seconds
- Delay that affects the process that occurs when an interface
changes from blocking state to forwarding state. A port stays in an interim
listening state, and then an interim learning state, for the number of
seconds defined by the forward delay timer.
- Changing interface states with STP
- Temporary states that help prevent temporary loops
- Listening
- Like the blocking state, the interface does not forward frames.
The switch removes old states (unused) MAC table entries for which
no frames are received from each MAC address during this period.
These MAC table entries could be the cause of the temporary loops.
- Learning
- interfaces in this state still do not forward frames, but the
switch begins to learn the MAC addresses of frames received on the interface.
- STP moves an interface from blocking to listening, then to learning,
and then to forwarding state.
- Optional STP features
- EtherChannel
- combines multiple parallel segments of equal speed (up to eight)
between the same pair of switches, bundled into an EtherChannel
- PortFast
- allows a switch to immediately transition from blocking to
forwarding, bypassing listening and learning states.
- the only ports on which you can safely enable PortFast are ports
on which you know that no bridges, switches, or other STP-speaking
devices are connected, otherwise using PortFast risks crating loops.
- BPDU Guard
- helps to prevent several different types of possible security
- an attacker could connect a switch to one of these ports, one
with low STP priority value, and become the root switch. The new STP
topology could have worse performance than the desired topology.
- the attacker could plug into multiple ports, into multiple
switches, become root, and actually forward much of the traffic in the
LAN. Without the networking staff realizing it, the attacker could
use a LAN analyzer to copy large numbers of data frames sent through
the LAN.
- users could innocently harm the LAN when they connect an inexpensive
consumer LAN switch (one that does not use STP). Such a switch, without
any STP function, would not choose to block any ports and would likely
cause a loop
- RSTP (Rapid STP)
- improves network convergence when topology changes occur,
usually converging within a few seconds, or in poor conditions, in about
10 seconds
- 02. Spanning Tree Protocol Implementation
- STP modes
- PVST+/PVSTP (Per-VLAN Spanning Tree Plus/ Per-VLAN Spanning
Tree Protocol)
- creates a different STP topology per VLAN
- introduced PortFast
- STP configuration
- BID priority
- Default
- Base:32,768
- Command to change default
- spanning-tree vlan "vlan-id" root {primary | secondary}
- spanning-tree vlan "vlan-id" priority "pritority"
- Cisco switches use a default base priority of 32,768, this command
chooses the base priority as follows:
- If the current root has a base priority higher than 24,576, the
local switch uses a base priority of 24,576.
- If the current root’s base priority if 24,576 or lower, the local
switch sets its base priority to the highest multiple of 4096 that still
results in the local switch becoming root.
- Interface cost
- Default
- 100 for 10 Mbps
- 19 for 100 Mbps
- 4 for 1 Gbps
- 2 fro 10 Gbps
- Command to change default
- spanning-tree vlan "vlan-id" cost "cost"
- spanning-tree "vlan x" "cost x"
- PortFast
- Default
- not enabled
- Command to change default
- spanning-tree portfast
- BPDU Guard
- Default
- not enabled
- Command to change default
- spanning-tree bpduguard enable
- EtherChannel
- two neighboring switches can treat multiple parallel links
between each other as a single logical link called an EtherChannel.
- configuration steps
- 1. Add the channel-group number mode on interface subcommand
under each physical interface that should be in the channerl
- 2. Use the same number for all commands on the same switch, but
the channel-group number on the neighboring switch cand differ.
- Dynamic EtherChannels
- protocols
- PAgP (Port Aggregation Protocol)
- channel-group 1 desirable
- channel-group 1 auto
- IEEE standard LACP (Link Aggregation Control Protocol
- channel-group 1 active
- channel-group 1 passive
- STP Troubleshooting
- Determining the root switch
- BID lowest value
- first priority
- if there is a tie than the switch MAC
- STP does not have nor need a tiebreaker for electing the root
- Strategy to choose the right answer
- 1. Begin with a list or diagram of switches, and consider all
as possible root switches.
- 2. Rule out any switches that have an RP because root switches
do not have an RP (Root Port)
- show spanning-tree
- show spanning-tree root
- 3. Always try the show spanning-tree, because it identifies
the local switch as root directly: "This switch is the root"
on the fifth line of output.
- 4. Always try the show spanning-tree root, because it identifies
the local switch as root indirectly: The RP column is empty if the
local switch is the root.
- 5. When using a sim, rather than try switches randomly, chase
the RPs. For example, if starting with SW1, and SW!'s G0/1
is an RP, next try the switch on the other end of SW1's G0/1
- 6. When using a Sim, using show spanning-tree vlan x on a few switches,
and recording the root switch, RP, and DP ports can quickly show
you most STP fact. Use this strategy is available.
- Determining the root port on nonroot switches
- each nonroot switch has only one RP for a VLAN.
- the switch calculates the lowest root cost from the hello BPDU's
- Tiebreakers
- 1. Chose based on the lowest neighbor bridge ID
- 2. Chose based on the lowest neighbor port priority
- 3. Chose based on the lowest neighbor internal port number
- Strategy to choose the right answer
- 1. If available look at the show spanning-tree and show spanning-tree
root commands. These both list the root port, and the first of these
also lists the root cost
- 2. the show spanning-tree command list cost in two places:
- the root cost at the top, in the section about the root switch
- THIS IS THE INTERFACE COST, at the bottom, in the per-interface
- 3. For problems where you have to calculate a switch's
root cost
- 3.1. Memorize the default values
- 100
- 100 Mbps
- 19
- 10 Mbps
- 4
- 1 Gbps
- 2
- 10 Gbps
- 3.2. Look for any evidence of the spanning-tree cost configuration
command on an interface, because it overrides the default cost. Do not
assume default costs are used
- 3.3. When you know a default cost is used, if you can, check the
current actual speed as well. Cisco switches choose STP cost defaults
based on CURRENT SPEED, not maximum speed.
- Determining the DP (Designated Port) on each LAN segment
- steps
- 1. For switches connected to the same LAN segment, the switch
with the lowest cost to reach the root, as advertised in the hello
they send onto the link, becomes the DP on that link.
- 2. In the case of a tie, among the switches that tied on cost, the
switch with the lowest BID becomes the DP
- STP Convergence
- Rules
- For interfaces that stay in the same STP state, nothing needs
to change.
- For interfaces that need to move from a forwarding state to a
blocking state, the switch immediately changes the state to blocking.
- For interfaces that need to move from blocking state to a forwarding
state, the switch first moves the interface to listening state, then
learning state, each for the time specified by the forward delay timer
(default 15 seconds). Only then is the interface placed into forwarding
- EtherChannel
- Rules
- 1. On the local switch, all the channel-group commands for all
the physical interfaces must use the same channel-group number
- 2. The channel-group number can be different on the neighbouring
- 3. If using the on keyword, you must use it on the corresponding
interfaces on both switches.
- 4. If you use the desirable keyword on one switch, the switch
uses PAgP; the other switch must use either desirable or auto
- 5. If you use the active keyword on one switch, the switch uses
LACP; the other switch must use either active or passive.
- Incorrect options on the channel-group command
- Configuration checks before adding interfaces to etherchannels
- speed
- duplex
- operational access or trunking state (all must be access, or
all must be trunks)
- if an access port, the access VLAN
- if a trunk port, the allowed VLAN list (per the switchport trunk
allowed command)
- if a trunk port, the native VLAN
- STP interface settings
- settings on neighboring switches
- PAgP
- 03. Troubleshooting LAN Switching
- Generalized troubleshooting methodologies
- Analyzing / predicting normal operation
- answers to the question -
- What should happen in this network?
- results in a description and prediction of the details of what
should happen if the network is working correctly, based on documentation,
configuration, and show and debug command output
- terms
- data plane
- refers to actions devices take to forward data.
- analysis starts with Layer 3 then layer 2 and layer 1
- control plane
- refers to overhead processes that control the work done by the
network device, but does not directly impact the forwarding of individual
frames or packets.
- processes
- IP routing protocol
- analysis
- the control plane processes differ too much to allow generalized
- each control plane process must be examined separately
- summary
- 1. Examine the data plane:
- 1.1. Determine the major Layer 3 steps - including origin host
to default router, each router to the next router, and last router
to the destination host - in both directions
- 1.2. For each Layer 2 network between a host and router or between
two routers, analyze the forwarding logic for each device.
- 2. Examine the control plane:
- 1. Identify the control plane protocols that are used and vital
to the forwarding process.
- 2. Examine each vital control plane protocol for proper operation;
the details of this analysis differ for each protocol.
- 3. Defer any analysis of control plane protocols that do not
affect the data plane's correct operation until you clearly
see a need for the protocol to answer that question (for example
- Problem isolation
- answers to the question -
- What specifically is not working ?
- when some problem might be occurring, find the components that
do not work correctly as compared to the predicted behavior. Then
find out what might be causing that problem and so on, based on documentation,
configuration, and show and debug command output.
- refers to the process of starting with a general idea, and getting
more and more specific.
- states