SWITCHING ESSENTIALS

switching
essentials

AZIZAH MD.AZIZ
SYAHRUL IYZANI SALEHIN
AMINAH HIDAYAH MOHAMAD ARIFF

SWITCHING
ESSENTIALS

AZIZAH MD.AZIZ | SYAHRUL IYZANI SALEHIN | AMINAH HIDAYAH MOHAMAD ARIFF

Politeknik Sultan Idris Shah,
Sungai Lang,
45100 Sungai Ayer Tawar,
Selangor Darul Ehsan.

Copyright@2021

All rights reserved. No part of this book may be reproduced or used in any
manner without the prior written permission of the copyright owner, except
for use of brief quotations in a book review.

Perpustakaan Negara Malaysia Cataloguing-in-Publication Data

Azizah Md. Aziz, 1985-

SWITCHING ESSENTIALS / AZIZAH MD. AZIZ, SYAHRUL IYZANI SALEHIN,

AMINAH HIDAYAH MOHAMAD ARIFF.

Mode of access: Internet

eISBN 978-967-2860-08-2

1. Computer networks.

2. Computer network protocols.

3. Computer networks--Security measures.

4. Government publications--Malaysia.

5. Electronic books.

I. Syahrul Iyzani Salehin, 1983-. II. Aminah Hidayah Mohamad Ariff, 1986-.

III. Title.

004.6

ABSTRACT

SWITCHING ESSENTIALS is introduces students to the equipment,
applications, and protocols in a switched networks. The chapter in
this book are written based on the syllabus of Switching Essentials
for student in Networking System Track, Diploma in Digital
Technology. The book provides knowledge on Inter-VLAN routing,
Variable Length Subnet Mask (VLSM), Virtual Local Area Networks
(VLANs), Switch Security, Spanning Tree Protocol and Link
Aggregation concepts through the introduction of EtherChannel. It
also focuses on switching technologies that support small-to-
medium business networks and includes security concepts.
Example are given to increase their skills in configuration,
troubleshooting a network in switched networks and mitigate LAN
security threats. Student also can test their understanding by
answering the exercise at the end of each chapter.

preface

First and foremost, we would like to thank to Almighty ALLAH for
giving us strength and ability to understand and complete this
ebook. We would like to express our deepest gratitude to our Head
of Department and Head of Program for the ideas and immense
knowledge. The completion of this ebook could have been possible
without the expertise of them. Last but not the least, we would like
to give special thanks to our family and friends as a whole for their
continuous support and understanding when completing our ebook.

“An investment in knowledge pays the best interest.“
- Benjamin Franklin -

CONTENTS

CHAPTER 1

IP ADDRESSING

RCEHPAOPRTTEERR 2

SWITCHING CONCEPTS & VLAN NETWORKS

CHAPTER 3

INTER VLAN ROUTING

CHAPTER 4

SPANNING TREE PROTOCOL & LINK AGGREGATION

CHAPTER 5

SWITCH SECURITY

TABLE OF CONTENTS 01 CHAPTER 1 : IP ADDRESSING
Variable Length Subnet Mask
IPV4 Issues
IPv6 Address Representation
IPv6 Address Types
GUA and LLA Static Configuration
Dynamic Addressing for IPv6 GUAs
Dynamic Addressing for IPv6 LLAs
IPv6 Multicast Addresses
Subnet an IPv6 Network

22 CHAPTER 2: SWITCHING CONCEPTS
AND VLANS NETWORKS
Switched Networks
VLAN Configuration
VLAN Trunks
Dynamic Trunking Protocol

38 CHAPTER 3: INTER VLAN ROUTING
Inter VLAN Routing Operation
Router on Stick Inter VLAN Routing
Inter VLAN Routing using Layer 3 Switches
Troubleshoot Inter VLAN Routing

TABLE OF CONTENTS 50 CHAPTER 4 : SPANNING TREE
PROTOCOL AND LINK AGGREGATION
Purpose of STP
STP Operations
Evolution of STP
EtherChannel Operation
Configure EtherChannel

69 CHAPTER 5: SWITCH SECURITY
Endpoint Security
Access Control
Layer 2 Security Threats
MAC Address Table Attack
LAN Attacks
Implement Port Security
Mitigate VLAN Attacks
Mitigate DHCP Attacks
Mitigate ARP Attacks
Mitigate STP Attacks

CHAPTER 1

IP ADDRESSING

Variable Length Subnet Mask

Variable Length Subnet Mask is the process of subnetting subnet and using multiple subnet
masks in the same network, which means that more than one subnet mask is used for
different networks. In the VLSM subnet division, the network administrator can divide the IP
address space into subnets of different sizes, and allocate them according to individual needs
on the network.
IPv4 Address Conservation
Using traditional subnetting, the same number of addresses is allocated for each subnet.
Although this traditional subnetting meets the needs of the largest LAN and divides the
address space into an adequate number of subnets, it results in significant waste of unused
addresses.
For example, the point-to-point WAN links only require two addresses in each subnet for the
three WAN links. Because each subnet has 30 usable addresses, there are 28 unused
addresses in each of these subnets.

Applying a traditional subnetting scheme to this scenario is not very efficient and is
wasteful. To overcome this issue, Variable Length Subnet Mask (VLSM) were introduced to
use the IP addressing space in a more efficient way.
Calculating VLSM Subnets
A network has the following network requirements:

 JTMK: 27 hosts
 JPH: 19 hosts
 JPA: 12 hosts
 JMSK: 2 hosts
Original Network: 192.168.1.0/24

Page | 1

To calculate VLSM subnets and the respective hosts allocate the largest requirements first
from the address range. Requirements levels should be listed from the largest to the smallest.

Step 1 - Find number of hosts

In this example JTMK requires 27 hosts. Use 5 bits since 2^5 – 2 = 30 usable host
addresses. Thus 5 bits will be required to represent the hosts and 3 bits will be used
to represent the extended-network prefix of /27.

Step 2 - Find Network Address

Network Address: 192.168.1.0/27

Step 3 - Find New Subnet Mask

Subnet Mask: 255 . 255 . 255 . 0

11111111. 11111111. 11111111. 00000000

New Subnet Mask: 255 . 255 . 255 . 224

11111111. 11111111. 11111111. 11100000

Step 4 – Find value to get the Broadcast Address

(Full Subnet Mask – New Subnet Mask)

255 . 255 . 255 . 255

- 255 . 255 . 255 . 224

0 . 0 . 0 . 31

Step 5 - Find Broadcast Address

192 . 168 . 1 . 0

+ 0 . 0 . 0 . 31

192 . 168 . 1 . 31

Page | 2

JTMK: 27 hosts

Number of Hosts 30
Network Address of this Subnet 192.168.1.0/27
IPv4 Address of First Host on this Subnet 192.168.1.1/27
IPv4 Address of Last Host on this Subnet 192.168.1.30/27
IPv4 Broadcast Address on this Subnet 192.168.1.31/27

JPH: 19 hosts

Number of Hosts 30
Network Address of this Subnet 192.168.1.32/27
IPv4 Address of First Host on this Subnet 192.168.1.33/27
IPv4 Address of Last Host on this Subnet 192.168.1.62/27
IPv4 Broadcast Address on this Subnet 192.168.1.63/27

JPA: 12 hosts

Number of Hosts 14
Network Address of this Subnet 192.168.1.64/28
IPv4 Address of First Host on this Subnet 192.168.1.65/28
IPv4 Address of Last Host on this Subnet 192.168.1.78/28
IPv4 Broadcast Address on this Subnet 192.168.1.79/28

JMSK: 2 hosts

Number of Hosts 2
Network Address of this Subnet 192.168.1.80/30
IPv4 Address of First Host on this Subnet 192.168.1.81/30
IPv4 Address of Last Host on this Subnet 192.168.1.82/30
IPv4 Broadcast Address on this Subnet 192.168.1.83/30

Page | 3

IPv4 Issues

Need for IPv6

IPv6 is designed to be the successor to IPv4. IPv6 is a new version of IP protocol designed to
solve problems that the previous version (IPv4) encountered by using an address length of
128 bits rather than 32. The development of IPv6 also included fixes for IPv4 limitations and
other enhancements.

IPv4 and IPv6 Coexistence

Protocols and tools to help network administrators migrate their networks to IPv6.

Dual Stack Tunneling Translation

• The devices run both • A method of • Network Address
IPv4 and IPv6 protocol transporting an IPv6 Translation 64 (NAT64)
stacks simultaneously packet over an IPv4 allows IPv6-enabled
network. The IPv6 devices to
packet is encapsulated communicate with
inside an IPv4 packet. IPv4-enabled devices
using a translation
technique.

IPv6 Address Representation

IPv6 Addressing Formats
IPv6 addresses are 128 bits in length and written in hexadecimal. IPv6 addresses are
not case-sensitive and can be written in either lowercase or uppercase.
The format for writing an IPv6 address is x:x:x:x:x:x:x:x, with each “x” consisting of four
hexadecimal values. In IPv6, a hextet is term used to refer to a segment of 16 bits, or
four hexadecimal values.
Examples of IPv6 addresses in the preferred format:
2001:0bb9:aaaa:1111:0000:0000:0000:0200

Page | 4

Rule 1 – Omit Leading Zero

The first rule to help reduce the notation of IPv6 addresses is to omit any leading 0s (zeros).
This rule only applies to leading 0s, NOT to trailing 0s.

Examples:

Type Format

Preferred 2001:0bb8:0000:1234:0000:0000:0000:0300

No leading zeroes 2001: bb8: 0 :1234: 0 : 0 : 0 : 300

Preferred 2001:0bb8:0000:0000:ab01:0abf:00ab:2000

No leading zeroes 2001: bb8: 0 : 0 :ab01: abf: ab :2000

Preferred 2001:0bb8:0000:0000:c012:90ff:fe90:0001

No leading zeroes 2001: bb8: 0 : 0 :c012:90ff:fe90: 1

Rule 2 – Double Colon

A double colon (: :) can replace any single, contiguous string of one or more 16-bit hextets
consisting of all zeros. The double colon (: :) can only be used once within an address.

Example:

Type Format
Preferred 2001:0bb8:0000:1234:0000:0000:0000:0300
Compressed/space
Compressed 2001: bb8: 0 :1234: 0 : 0 : 0 : 300

2001:bb8:0:1234::300

Preferred 2001:0bb8:0000:0000:ab01:0abf:00ab:2000

Compressed/space 2001: bb8: 0 : 0 :ab01: abf: ab :2000

Compressed 2001:bb8::ab01:abf:ab:2000

Preferred 2001:0bb8:0000:0000:c012:90ff:fe90:0001

Compressed/space 2001: bb8: 0 : 0 :c012:90ff:fe90: 1

Compressed 2001:bb8::c012:90ff:fe90:1

Page | 5

IPv6 Address Types

Unicast Multicast Anycast

• Represents a single • Multicast is used to • This is any IPv6 unicast
interface. Packets send a single IPv6 address that can be
addressed to a unicast packet to multiple assigned to multiple
address are delivered destinations. devices. A packet sent
to a single host. to an anycast address
is delivered to the
closest device having
that address.

IPv6 Prefix Length
Prefix length is represented in slash notation and is used to indicate the network portion of
an IPv6 address. The IPv6 prefix length can range from 0 to 128. The recommended IPv6 prefix
length for LANs and most other types of networks is /64.

Types of IPv6 Unicast Addresses
Global Unicast Address (GUA)
• This is similar to a public IPv4 address. These are globally unique, internet-routable
addresses.
Link-local Address (LLA)
• Required for every IPv6-enabled device and used to communicate with other
devices on the same local link. LLAs are not routable and are confined to a single
link.

Page | 6

Embedded Global Link-local
IPV4 Unicast

IPV6 Unicast
Addressess

Unique Local Loopback

Unspecified
Address

Unique Local Address
The IPv6 unique local addresses (range fc00::/7 to fdff::/7) have some similarity to RFC 1918
private addresses for IPv4, but there are significant differences:

1. Unique local addresses are used for local addressing within a site or between a limited
number of sites.

2. Unique local addresses can be used for devices that will never need to access another
network.

3. Unique local addresses are not globally routed or translated to a global IPv6 address.

IPv6 Global Unicast Address
IPv6 global unicast addresses (GUAs) are globally unique and routable on the IPv6 internet.

Currently, only GUAs with the first three bits of 001 or 2000: :/3 are being assigned.

Currently available GUAs begins with a decimal 2 or a 3 (This is only 1/8th of the total
available IPv6 address space).

Page | 7

IPv6 GUA Structure Subnet ID Interface ID

Global Routing Prefix • The Subnet ID field is • The IPv6 interface ID is
the area between the equivalent to the host
• The global routing Global Routing Prefix portion of an IPv4
prefix is the prefix, or and the Interface ID. address.
network, portion of The Subnet ID is used
the address that is by an organization to
assigned by the identify subnets
provider. within its site.

IPv6 Link Local Address (LLA)
An IPv6 link-local address (LLA) enables a device to communicate with other IPv6-enabled
devices on the same link and only on that link (subnet). Every IPv6-enabled network interface
must have an LLA. If an LLA is not configured manually on an interface, the device will
automatically create one. IPv6 LLAs are in the fe80: :/10 range.

Page | 8

GUA and LLA Static Configuration

Static GUA Configuration on a Router
The command to configure an IPv6 GUA on an interface is:

ipv6 address ipv6-address/prefix-length

Global Unicast Address configuration on R1:

R1 (config) # interface gigabitethernet 0/0/0
R1 (config-if) # ipv6 address 2001: bb8:acff:1::1/64
R1 (config-if) # no shutdown
R1 (config-if) # exit
R1 (config) # interface gigabitethernet 0/0/1
R1 (config-if) # ipv6 address 2001: bb8:acff:2::1/64
R1 (config-if) # no shutdown
R1 (config-if) # exit
R1 (config) # interface serial 0/1/0
R1 (config-if) # ipv6 address 2001:bb8:acff:3::1/64
R1 (config-if) # no shutdown
Static GUA Configuration on a Windows Host
The GUA or LLA of the router interface can be used as the default gateway. Best practice is
to use the LLA.

Page | 9

Static GUA Configuration of a Link-Local Unicast Address
LLAs can be configured manually using:

ipv6 address ipv6-link-local-address link-local

Link Local Address Configuration on R1:

R1 (config) # interface gigabitethernet 0/0/0
R1 (config-if) # ipv6 address fe80::1:1 link-local
R1 (config-if) # exit
R1 (config) # interface gigabitethernet 0/0/1
R1 (config-if) # ipv6 address fe80::2:1 link-local
R1 (config-if) # exit
R1 (config) # interface serial 0/1/0
R1 (config-if) # ipv6 address fe80::3:1 link-local
R1 (config-if) # exit

Page | 10

GUA and LLA Static Configuration

Configure and activate 1Pv6 on the Gigabit Ethernet 0/0/0 interface:
R1 (config) # interface gigabitethernet 0/0/0
R1 (config-if) # ipv6 address fe80::1:1 link-local
R1 (config-if) # ipv6 address 2001:bb8:acff:1::1/64
R1 (config-if) # no shutdown
R1 (config-if) # exit

Dynamic Addressing for IPv6 GUAs

RS and RA Messages

Devices obtain GUA addresses dynamically through Internet Control Message Protocol
version 6 (ICMPv6) messages:

1. Router Solicitation (RS) messages are sent by host devices to discover IPv6 routers.
2. Router Advertisement (RA) messages are sent by routers to inform hosts on how to

obtain an IPv6 GUA and provide useful network information such as:
Network prefix and prefix length
Default gateway address
DNS addresses and domain name

The RA can provide three methods for configuring an IPv6 GUA:

IPv6 GUA Configuration Methods

SLAAC SLAAC and Stateless Stateful DHCP
DHCP

Page | 11

Method 1: SLAAC
SLAAC is a method that allows a device to create its own GUA without the services of DHCPv6.
Using SLAAC, devices obtain the necessary information to configure a GUA from the ICMPv6
RA messages only. The prefix is provided by the RA and the device uses either the EUI-64 or
random generation method to create an interface ID.

Prefix - This is advertised in the RA message.
Interface ID - This uses the EUI-64 process or by generating a random 64-bit number.
Method 2: SLAAC and Stateless DHCP
An RA can instruct a device to use both SLAAC and stateless DHCPv6. The RA message suggests
devices use the following:

SLAAC to create its own IPv6 GUA
The router LLA, which is the RA source IPv6 address, as the default gateway address
A stateless DHCPv6 server to obtain other information such as a DNS server address
and a domain name

Page | 12

Method 3: Stateful DHCPv6
An RA can instruct a device to use stateful DHCPv6 only. A device can automatically receive a
GUA, prefix length, and the addresses of DNS servers from a stateful DHCPv6 server. The RA
message suggests devices use the following:

The router LLA, which is the RA source IPv6 address, for the default gateway address.
A stateful DHCPv6 server to obtain a GUA, DNS server address, domain name and
other necessary information.

EUI-64 Process vs. Randomly Generated
When the RA message is either SLAAC or SLAAC with stateless DHCPv6, the client must
generate its own interface ID. The interface ID can be created using the EUI-64 process or a
randomly generated 64-bit number.

Page | 13

EUI-64 Process

The IEEE defined the Extended Unique Identifier (EUI) or modified EUI-64 process which
performs the following:

A 16-bit value of fffe (in hexadecimal) is inserted into the middle of the 48-bit Ethernet
MAC address.

The 7th bit of the client MAC address is reversed from binary 0 to 1.

Example:

48-bit MAC fc:88:37:74:ce:f1
EUI-64 Interface ID fe:88:37:ff:fe:74:ce:f1

Randomly Generated Interface IDs

Depending on the operating system, a device may use a randomly generated interface ID
instead of using the MAC address and the EUI-64 process.Beginning with Windows Vista,
Windows uses a randomly generated interface ID instead of one created with EUI-64.

C:\> ipconfig
Windows IP Configuration
Ethernet adapter Local Area Connection:
Connection-specifix DNS Suffix . :
IPv6 Address. . . . . . . . : 2001:bb8:acff:1:50a5:8a35:a5bb:66f1
Link-local IPv6 Address . . .: fe80::50a5:8a35:a5bb:66f1
Default gateway . . . . . . .: fe80::1

Dynamic Addressing for IPv6 LLAs

Dynamic LLAs
All IPv6 interfaces must have an IPv6 LLA.
The figure shows the LLA is dynamically created using the fe80: :/10 prefix and the interface
ID using the EUI-64 process, or a randomly generated 64-bit number.

Page | 14

Dynamic LLAs on Windows

Operating systems, such as Windows typically use the same method for both a SLAAC-created
GUA and a dynamically assigned LLA.

EUI-64 Generated Interface ID:

C:\> ipconfig
Windows IP Configuration
Ethernet adapter Local Area Connection:
Connection-specifix DNS Suffix. :
IPv6 Address. . . . . . . . . . : 2001:bb8:acff:1:fc99:47ff:fe75:cee0
Link-local IPv6 Address . . . . : fe80::fc99:47ff:fe75:cee0
Default gateway . . . . . . . . : fe80::1

Random 64-bit Generated Interface ID:

C:\> ipconfig
Windows IP Configuration
Ethernet adapter Local Area Connection:
Connection-specifix DNS Suffix . :
IPv6 Address. . . . . . . . . . : 2001:bb8:acff:1:50a5:8a35:a5bb:66e1
Link-local IPv6 Address . . . . : fe80: : 50a5:8a35:a5bb:66e1
Default gateway. . . . . . . . : fe80: : 1

IPv6 Multicast Addresses

IPv6 Multicast Address

Well-Known Multicast Addresses Solicited Node Multicast Addresses

Page | 15

Well-Known IPv6 Multicast Addresses
Well-known IPv6 multicast addresses are assigned and are reserved for predefined groups of
devices. There are two common IPv6 Assigned multicast groups:

1. ff02::1 All-nodes multicast group - This is a multicast group that all IPv6-enabled
devices join. A packet sent to this group is received and processed by all IPv6 interfaces
on the link or network.

2. ff02::2 All-routers multicast group - This is a multicast group that all IPv6 routers join.
A router becomes a member of this group when it is enabled as an IPv6 router with
the ipv6 unicast-routing global configuration command.

Page | 16

Solicited-Node IPv6 Multicast
A solicited-node multicast address is similar to the all-nodes multicast address. A solicited-
node multicast address is mapped to a special Ethernet multicast address. This allows the
Ethernet NIC can filter the frame by examining the destination MAC address without sending
it to the IPv6 process to see if the device is the intended target of the IPv6 packet.

Subnet an IPv6 Network

Subnet Using the Subnet ID
IPv6 was designed with subnetting in mind.

A separate subnet ID field in the IPv6 GUA is used to create subnets.
The subnet ID field is the area between the Global Routing Prefix and the interface ID.

16-bit subnet ID – Creates up to 65,536 subnets
64-bit interface ID – Supports up to 18 quintillion host IPv6 addresses per subnet

Page | 17

IPv6 Subnetting Example
Given the 2001:db8:acad::/48 global routing prefix with a 16 bit subnet ID.

IPv6 Subnet Allocation
The example topology requires five subnets, one for each LAN as well as for the serial link
between R1 and R2. The five IPv6 subnets were allocated, with the subnet ID field 0001
through 0005. Each /64 subnet will provide more addresses than will ever be needed.

Page | 18

Router Configured with IPv6 Subnets
The example shows that each of the router interfaces on R1 has been configured to be on a
different IPv6 subnet.

R1 (config) # interface gigabitEthernet 0/0/0
R1 (config-if) # ipv6 address 2001:db8:acad:1::1/64
R1 (config-if) # no shutdown
R1 (config-if) # exit
R1 (config) # interface gigabitEthernet 0/0/1
R1 (config-if) # ipv6 address 2001:db8:acad:2::1/64
R1 (config-if) # no shutdown
R1 (config-if) # exit
R1 (config) # interface serial 0/1/0
R1 (config-if) # ipv6 address 2001:db8:acad:3::1/64
R1 (config-if) # no shutdown

Page | 19

Configuration Example: Configure IPv6 Addresses on Network Devices

Topology

Addressing Table

Device Interface IPv6 Address Prefix Length Default Gateway
R1 G0/0/0 2001:bb9:aacb:a::1 64 N/A
G0/0/1 2001:bb9:aacb:1::1 64 N/A
SW1 VLAN 1 2001:bb9:aacb:1::c 64 N/A
PC1 2001:bb9:aacb:1::5 64
PC2 NIC 2001:bb9:aacb:a::5 64 fe80::1
NIC fe80::1

Configuration on SW1:

Basic Configuration

Switch(config)#hostname SW1
SW1(config)#enable secret secPwd
SW1(config)#line console 0
SW1(config-line) #password consPwd
SW1(config-line) #login
SW1(config)#line vty 0 15
SW1(config-line) #password vtyPwd
SW1(config-line) #login
SW1(config)#banner motd #Authorized User Only! #
SW1(config)#no ip domain-lookup
SW1(config)#service password-encryption

IPv6 Addresses to the Management Interface (SVI)
SW1(config)# interface vlan 1
SW1(config-if)# ipv6 address 2001:bb9:aacb:1::c/64
SW1(config-if)# ipv6 address fe80::b link-local
SW1(config-if)# end

Page | 20

Configuration on R1:
Assign the IPv6 global unicast addresses
config)# interface g0/0/0
R1(config-if)# ipv6 address 2001:bb9:aacb:a::1/64
R1(config-if)# no shutdown
R1(config-if)# interface g0/0/1
R1(config-if)# ipv6 address 2001:bb9:aacb:1::1/64
R1(config-if)# no shutdown
R1(config-if)# end
Assign the link-local addresses
R1(config)# interface g0/0/0
R1(config-if)# ipv6 address fe80::1 link-local
R1(config-if)# interface g0/0/1
R1(config-if)# ipv6 address fe80::1 link-local
R1(config-if)# end
Assign IPv6 unicast-routing
R1 # configure terminal
R1(config)# ipv6 unicast-routing
R1(config)# exit

Page | 21

Choose which of the following is TRUE about VLSM
A. VLSM allows route summarization
B. VLSM makes less efficient use of IP addresses compared to fixed

subnet mask addressing
C. VLSM can be implemented on both link state and distance

vector routing protocols
D. VLSM is a Cisco proprietary technology





Identify how many hosts could be supported on a
22-bit network
A. 22
B. 1024
C. 1022
D. 512



Calculate the custom subnet mask should you use for 192.168.1.64/26
subnetwork with 62 hosts
A. 255.255.255.128
B. 255.255.255.192
C. 255.255.255.224
D. 255.255.255.240

Choose whi
ch of these addresses is the shortest
abbreviation for the IP address:
3FFE:1044:0000:0000:00AB:0000:0000:0057
A. 3FFE:1044::AB::57
B. 3FFE:1044::00AB::0057
C. 3FFE:1044:0:0:AB::57
D. 3FFE:1044:0:0:00AB::0057

Choose which is the compressed format of the IPv6 address
2001:0db8:0000:0000:0ab8:0001:0000:1000

A. 2001:db8::ab8:1:0:1000
B. 2001:db8::a0b0:8:1
C. 2001:db8:1::ab8:0:1
D. 2001:db8:0:1::8:1

Select the type of IPv6 address for FE80::1
A. loopback
B. link-local
C. multicast
D. global unicast




Identify which service provides dynamic global IPv6
addressing to end devices without using a server
that keeps a record of available IPv6 addresses
A. Stateful DHCPv6
B. SLAAC
C. Static IPv6 addressing
D. Stateless DHCPv6

Select what is used in the EUI-64 process to create
an IPV6
interface ID on an IPv6 enabled interface
A. The MAC address of the IPv6 enabled interface
B. A randomly generated 64-bit hexadecimal address
C. An IPv6 address that is provided by a DHCPv6 server
D. An IPv4 address that is configured on the interface




Given IPv6 address prefix 2001:db8::/48, identify the last
subnet that is created if the subnet prefix is changed to /52
A. 2001:db8:0:f00::/52
B. 2001:db8:0:8000::/52
C. 2001:db8:0:f::/52
D. 2001:db8:0:f000::/52

Identify which IPv6 prefix is res
erved for communication
between devices on the same link
A. FC00::/7
B. 2001::/32
C. FE80::/10
D. FDFF::/7

CHAPTER 2

switching concepts
and vlan networks

Switched Network

Switching in Networking

A LAN switch makes decisions based on two criteria:
Ingress – entering the interface
Egress – exiting the interface

A switch builds a MAC address table by recording the MAC address of each device connected
to each of its ports. It uses the information in the MAC address table to make forwarding
decisions.

Destination Address Port
EA
AB 1
AC 2
EF 3
BA 4
EA 5
6
Port Table

If a message enters switch port 1 with a destination address of AC, then the switch forwards
the traffic out port 5.

Switch Forwarding Methods

Switching Fowarding Methods

Store-and-forward Switching Cut-through Switching

Page | 22

Method 1: Store-and-forward Switching
This method makes a forwarding decision on a frame after it has received the entire frame
and checked the frame for errors using a cyclic redundancy check (CRC). Store-and-forward
has two primary characteristics:

Error Checking – Only error-free frames are forwarded
Automatic Buffering – Support any mix of Ethernet speeds.

Method 2: Cut-through Switching
This method begins the forwarding process after determining the destination MAC address
of an incoming frame and the egress port. This method may forward invalid frames because
no FCS check is performed.
Fragment free switching is a modified form of cut-through switching in which the switch only
starts forwarding the frame after it has read at least 64 bytes. Fragment free switching
provides better error checking than cut-through, with practically no increase in latency.

Page | 23

Collision Domains
Collision domain is the network segments that share the same bandwidth between devices.
When two or more devices within the same collision domain try to communicate at the same
time, a collision will occur. Ethernet switch ports operating in full duplex to eliminate
collisions. By default, Ethernet switch ports will auto negotiate full-duplex when the adjacent
device

Broadcast Domains
A broadcast domain consists of all devices on the LAN that receive the broadcast traffic. When
the layer 2 switch receives the broadcast, it will flood it out all interfaces except for the ingress
interface. Each device connected to the switch receives a copy of the broadcast frame and
processes it. Too many broadcasts may cause congestion which affects the bandwidth of the
users present in that network.

Alleviate Network Congestion

Features of the switch that alleviate congestion are as follows:

Protocol Function
Fast Port Speeds Depending on the model, switches may have up to 100Gbps port speeds.
Fast Internal Switching This uses fast internal bus or shared memory to improve performance.
Large Frame Buffers Temporary storage while processing large quantities of frames
High Port Density This provides many ports for devices to be connected to LAN with less cost.

Page | 24

Virtual Local Area Network (VLAN)

A VLANs can segment collections of LAN devices without regard the physical location
of the user or device.
VLANs are mutually isolated and packets can only pass between VLANs via a router.
VLANs is one of the technologies used to improve network performance by the
separation of large broadcast domains into smaller ones.

Benefits of a VLAN Design

Benefits Description

Smaller Broadcast Domains Dividing the LAN reduces the number of broadcast domains
Improved Security Only users in the same VLAN can communicate together
Improved IT Efficiency VLANs can group devices with similar requirements
Reduced Cost One switch can support multiple groups or VLANs
Better Performance Small broadcast domains reduce traffic, improving bandwidth
Simpler Management Similar groups will need similar applications and other network
resources

Types of VLANs

1. Default VLAN
• Also known as VLAN 1. All switch ports are members of VLAN 1 by default.

2. Data VLAN
• Used only for user-generated data. This VLAN carrying data only.

3. Native VLAN
• Identifies traffic coming from each end of a trunk link. This is VLAN carries all
untagged traffic.

4. Management VLAN
• A management VLAN is configured to access the management capabilities of a
switch. This is used for SSH/Telnet VTY traffic.

5. Voice VLAN
• Voice VLAN is configured to carry voice traffic. Voice VLANs are mostly given high
transmission priority over other types of network traffic to ensure voice quality.

Page | 25

VLAN Trunks
A trunk is a point-to-point link between two network devices that carries more than one
VLAN.VLAN trunks allow all VLAN traffic to propagate between switches, so that devices
which are in the same VLAN, but connected to different switches, can communicate without
the intervention of a router.

The links between switches are configured to transmit traffic coming from VLANs 10 and 20
across the network. This network could not function without trunk.
Network without VLANs
Without VLANs, all devices connected to the switches will receive all unicast, multicast, and
broadcast traffic because the network is one broadcast domain.

PC1 sends out a broadcast frame. The switches forward the broadcast frame out all available
ports except the originating port.

Page | 26

Network with VLANs
When VLANs are implemented on a switch, the transmission of unicast, multicast, and
broadcast traffic from a host in a particular VLAN are restricted to the devices that are in the
same VLAN.VLANs can be used to limit the reach of broadcast frames because each VLAN is a
broadcast domain.

PC1 on VLAN 10 sends a broadcast frame, trunk links between SW1 – SW2 and SW2 –
SW3 propagate the broadcast to other devices in VLAN 10. Only devices in the same VLAN will
receive the broadcast frame (PC3).
VLAN Identification with a Tag
Frame tagging is the process of adding a VLAN identification header to the frame using the
IEEE 802.1Q header. Switches add VLAN tags to the frames before placing them into trunk
links and remove the tags before forwarding frames through non trunk ports.

Page | 27

Native VLANs and 802.1Q Tagging
When a switch trunk port receives untagged it forwards those frames to the native VLAN. If
there are no devices associated with the native VLAN then the frame is dropped.

If a switch receives an untagged packet from a device connected to its port, switch assumes
that it belongs to native VLAN and will send it to native VLAN (VLAN 88).
Voice VLAN Tagging
The access port connected to the IP phone can be configured to use two separate VLANs:

i. A VLAN is for voice traffic
ii. A data VLAN to support the host traffic
The link between the switch and the IP phone simulates a trunk link to carry both voice VLAN
traffic and data VLAN traffic.

Page | 28

VLAN Configuration

VLAN Ranges in Catalyst Switch

Normal Range VLAN

• Used in all small- and medium-sized business and enterprise networks.
• The VLAN ID is between 1 to 1005
• IDs 1002 through 1005 are reserved for Token Ring and FDDI VLANs.
• IDs 1 and 1002 to 1005 are automatically created and cannot be removed.
• Configurations are stored in the vlan.dat (flash memory)
• The VTP can only learn and store normal range VLANs.

Extended Range VLAN

• Used by service providers.
• The VLAN ID is between 1006 and 4094.
• Configurations stored in the running configuration (NVRAM)
• Support fewer VLAN features than the normal range of VLANs.
• Requires VTP transparent mode configuration to support extended range VLANs

Creating a VLANs

Action Command

Enter global configuration mode SW1# configure terminal
Create a VLAN SW1(config)# vlan vlan-id
Specify a unique name for the VLAN SW1(config)# name vlan-name
Return to the privilege EXEC mode SW1(config)# end

SW1 # configure terminal
SW1(config) # vlan 10
SW1(config-vlan) # name Student
SW1(config-vlan) # vlan 20
SW1(config-vlan) # name Staff
SW1(config-vlan) # end

Page | 29

Assigning Ports to VLANs

Action Command

Enter global configuration mode SW1# configure terminal
Enter interface configuration mode. SW1(config)# interface interface-id
Set the port to access mode SW1(config)# switchport mode access
Assign the interface into a specific VLAN. SW1(config)# switchport access vlan vlan-id
Return to the privilege EXEC mode SW1(config)# end

VLAN Name Interface
10 Student F0/6
20 F0/5
Staff

SW1 # configure terminal
SW1(config) # interface f0/6
SW1(config-if) # switchport mode access
SW1(config-if) # switchport access vlan 10
SW1(config-if) # interface f0/5
SW1(config-if) # switchport mode access
SW1(config-if) # switchport access vlan 20

Page | 30

Data and Voice VLANs
An access port may only be assigned to one data VLAN. However, it may also be assigned to
one Voice VLAN for when a phone and an end device are off of the same switchport. The data
VLAN is configured using the switchport access vlan vlan-id command while the voice VLAN
is configured using the switchport voice vlan vlan-id interface configuration mode command.

Create a VLAN:
SW1 # configure terminal
SW1(config) # vlan 20
SW1(config-vlan) # name Staff
SW1(config-vlan) # vlan 100
SW1(config-vlan) # name VOICE

Assign port to specific VLAN:
SW1(config) # interface f0/11
SW1(config-if) # switchport mode access
SW1(config-if) # switchport access vlan 20
SW1(config-if) # mls qos trust cos
SW1(config-if) # switchport voice vlan 20
SW1(config-if) # end

Page | 31

Verify VLAN information
Use the show vlan command. The syntax is:

show vlan [brief | id vlan-id | name vlan-name | summary

Task Command Option

Display VLAN name, status, and its ports one VLAN per line. brief
Display information about the identified VLAN ID number. id vlan-id
Display information about the identified VLAN name. name vlan-name
Display VLAN summary information. summary

Change VLAN Port Membership

There are a number of ways to change VLAN membership:

1. Re-enter switchport access vlan vlan-id command with the correct VLAN ID.
2. Use the no switchport access vlan to return the port or range of ports to the default

VLAN(VLAN1).

SW1(config) #interface f0/5
SW1(config-if) # no switchport access vlan
SW1(config-if) # end

Delete VLANs

Delete VLANs with the no vlan vlan-id command

SW1# configure terminal
SW1(config-if) # no vlan 20
SW1(config-if) # end

To delete the entire vlan.dat file, use the delete flash:vlan.dat privileged EXEC mode
command.Reload the switch when deleting all VLANs.

Page | 32

VLAN Trunks

Trunk Configuration Commands

Action Command
SW1# configure terminal
Enter global configuration mode SW1(config)# interface interface_id
Enter interface configuration mode SW1(config-if) # switchport mode trunk
Set the port to trunking mode SW1(config-if) # switchport trunk native vlan vlan_id
Set a native VLAN for untagged
frame SW1(config-if) # switchport trunk allowed vlan
Specify the list of VLANs to be vlan_list
allowed on the trunk link SW1(config-if) # end
Return to the privileged EXEC
mode

F0/1 port on SW1 is configured as a trunk port

SW1 # configure terminal
SW1(config) #interface f0/1
SW1(config-if) # switchport mode trunk
SW1(config-if) # switchport trunk native vlan 88
SW1(config-if) # switchport trunk allowed vlan 10,20,30,88
SW1(config-if) # end

Reset the Trunk to the Default State

1. Reset the default trunk settings with the no command.

Action Command

Enter global configuration mode SW1# configure terminal
Enter interface configuration mode SW1(config)# interface interface_id
Set trunk to allow all VLANs SW1(config-if) # no switchport trunk allowed vlan
Reset native VLAN to default SW1(config-if) # no switchport trunk native vlan

Page | 33

SW1(config) #interface f0/1
SW1(config-if) # no switchport trunk allowed vlan
SW1(config-if) # no switchport trunk native vlan
SW1(config-if) # end

2. Reset the trunk to an access mode with the switchport mode access command
SW1(config) #interface f0/1
SW1(config-if) # switchport mode access
SW1(config-if) # end

Dynamic Trunking Protocol

DTP is a protocol that manages trunk negotiation with a neighboring device. DTP
configuration options:

Dynamic Auto Dynamic Auto Dynamic Trunk Access
Access Desirable
Dynamic Trunk Trunk Access
Desirable Trunk Trunk
Trunk Access Trunk Access
Trunk Limited
Access Trunk connectivity
Trunk Limited Access
connectivity
Access

Page | 34

Configuration Example: VLANs and Trunking on Switch

Topology

Addressing Table Interface IP Address Subnet Mask Default Gateway
VLAN 99 192.168.99.11 255.255.255.0 NA
Device VLAN 99 192.168.99.12 255.255.255.0 NA
SW1 192.168.10.5 255.255.255.0
SW2 NIC 192.168.20.6 255.255.255.0 192.168.10.1
PC1 NIC 192.168.20.1
PC2

VLAN Table Name
Engineering
VLAN Accounting
10 Native
20 Management
88
99

Page | 35

Configuration on SW1:

Basic Configuration
Switch(config)#hostname SW1
SW1(config)#enable secret secPwd
SW1(config)#line console 0
SW1(config-line) #password consPwd
SW1(config-line) #login
SW1(config)#line vty 0 15
SW1(config-line) #password vtyPwd
SW1(config-line) #login
SW1(config)#banner motd #Authorized User Only! #
SW1(config)#no ip domain-lookup
SW1(config)#service password-encryption
Create and name the VLANs
SW1(config) # vlan 10
SW1(config-vlan) # name Engineering
SW1(config) # vlan 20
SW1(config-vlan) # name Accounting
SW1(config) # vlan 88
SW1(config-vlan) # name Native
SW1(config) # vlan 99
SW1(config-vlan) # name Management
Create the management interface
SW1(config)# interface vlan 99
SW1(config-if) # ip address 192.168.99.11 255.255.255.0
Assign VLANs to the switch interfaces
SW1(config) # interface f0/7
SW1(config-if) # switchport mode access
SW1(config-if) # switchport access vlan 10
Configure trunking ports
SW1(config) #interface f0/1
SW1(config-if) # switchport mode trunk
SW1(config-if) # switchport trunk native vlan 88
SW1(config-if) # switchport trunk allowed vlan 10,20,88

Page | 36

Configuration on SW2:

Basic Configuration
Switch(config)#hostname SW2
SW2(config)#enable secret secPwd
SW2(config)#line console 0
SW2(config-line) #password consPwd
SW2(config-line) #login
SW2(config)#line vty 0 15
SW2(config-line) #password vtyPwd
SW2(config-line) #login
SW2(config)#banner motd #Authorized User Only! #
SW2(config)#no ip domain-lookup
SW2(config)#service password-encryption
Create and name the VLANs
SW2(config) # vlan 10
SW2(config-vlan) # name Engineering
SW2(config) # vlan 20
SW2(config-vlan) # name Accounting
SW2(config) # vlan 88
SW2(config-vlan) # name Native
SW2(config) # vlan 99
SW2(config-vlan) # name Management
Create the management interface
SW2(config)# interface vlan 99
SW2(config-if) # ip address 192.168.99.12 255.255.255.0
Assign VLANs to the switch interfaces
SW2(config) # interface f0/8
SW2(config-if) # switchport mode access
SW2(config-if) # switchport access vlan 20
Configure trunking ports
SW2(config) #interface f0/1
SW2(config-if) # switchport mode trunk
SW2(config-if) # switchport trunk native vlan 88
SW2(config-if) # switchport trunk allowed vlan 10,20,88

Page | 37

Identify the type of VLAN that supports untagged traffic
A. Voice VLAN
B. Native VLAN
C. Security VLAN
D. Management VLAN




Choose the protocol or technology that manages
trunk negotiations between switches
A. VTP
B. STP
C. VPN
D. DTP

Choose the advantage of using store-and-forward
switching
method rather than cut-through switching method
A. Collision detecting
B. Frame error checking
C. Faster frame forwarding
D. Frame forwarding using IPv4 Layer 3 and 4 information

Identify the
solution that would help a college
alleviate network congestion due to collisions.

A. A high port density switch
B. A router with two Ethernet ports
C. A router with three Ethernet ports
D. A firewall that connects to Internet providers

Select the characteristic of the extended range VLANs that are

created on a switch

A. They are numbered VLANs 1002 to 1005

B. They are not stored in the vlan.dat file

C. They cannot be used across multiple switches

D. They are reserved to support Token Ring VLANs