Switching Concepts

Master LAN switching, VLANs, STP, and switch configuration for CCNA

Switching Fundamentals

How Switches Work
  • Operate at Layer 2 (Data Link layer)
  • Use MAC addresses to forward frames
  • Build MAC address tables through learning
  • Three forwarding methods:
    • Store-and-forward
    • Cut-through
    • Fragment-free
Switch vs Router
Feature Switch Router
Layer Layer 2 Layer 3
Forwarding MAC addresses IP addresses
Protocols STP, VLAN OSPF, EIGRP

MAC Address Table

Switch# show mac address-table
Mac Address Table ------------------------------------------- Vlan Mac Address Type Ports ---- ----------- ---- ----- 1 0011.2203.3344 DYNAMIC Gi0/1 1 0050.5689.1245 DYNAMIC Gi0/2 10 00a1.b234.cd56 DYNAMIC Gi0/3

VLANs and Trunking

VLAN Basics
  • Logical segmentation of broadcast domains
  • VLAN range:
    • Normal: 1-1005
    • Extended: 1006-4094
  • Default VLAN: VLAN 1
  • Benefits:
    • Security
    • Broadcast control
    • Flexibility
VLAN Types
  • Data VLAN: Carries user traffic
  • Default VLAN: VLAN 1 (management)
  • Native VLAN: Carries untagged traffic
  • Voice VLAN: Prioritizes VoIP traffic
  • Management VLAN: For switch management

VLAN Configuration

Switch(config)# vlan 10
Switch(config-vlan)# name Engineering
Switch(config-vlan)# exit
Switch(config)# interface gigabitethernet0/1
Switch(config-if)# switchport mode access
Switch(config-if)# switchport access vlan 10

802.1Q Trunking

| DA | SA | 802.1Q Tag | Type | Data | FCS |
Tag Details: - TPID: 0x8100 (identifies as 802.1Q) - Priority: 3 bits (QoS) - CFI: 1 bit (Ethernet=0) - VLAN ID: 12 bits (1-4094)
Switch(config)# interface gigabitethernet0/24
Switch(config-if)# switchport mode trunk
Switch(config-if)# switchport trunk native vlan 99
Switch(config-if)# switchport trunk allowed vlan 10,20,30

VLAN Verification

Switch# show vlan brief
Switch# show interfaces trunk
Switch# show interfaces gigabitethernet0/1 switchport

Spanning Tree Protocol

STP Basics
  • Prevents Layer 2 loops
  • Creates loop-free topology
  • Key components:
    • Bridge ID (Priority + MAC)
    • Path Cost
    • Port Roles
  • Variants:
    • STP (802.1D)
    • RSTP (802.1w)
    • MSTP (802.1s)
STP Port Roles
  • Root Port: Best path to root bridge
  • Designated Port: Forwarding port per segment
  • Alternate Port: Backup path (RSTP)
  • Disabled Port: Administratively down

STP States Timeline

Blocking (20s)

No forwarding, listens for BPDUs

Listening (15s)

Processes BPDUs, no MAC learning

Learning (15s)

Builds MAC table, no forwarding

Forwarding

Normal operation, forwards frames

STP Configuration

Switch(config)# spanning-tree vlan 1 priority 4096
Switch(config)# spanning-tree mode rapid-pvst
Switch(config)# interface gigabitethernet0/1
Switch(config-if)# spanning-tree portfast

STP Protection Features

Disables port if BPDU received on PortFast-enabled port

Switch(config)# spanning-tree portfast bpduguard default
Switch(config-if)# spanning-tree bpduguard enable

Prevents port from becoming root port if superior BPDUs received

Switch(config-if)# spanning-tree guard root

Prevents alternate ports from becoming designated if BPDUs stop

Switch(config)# spanning-tree loopguard default

EtherChannel

EtherChannel Basics
  • Bundles multiple physical links
  • Appears as single logical link
  • Benefits:
    • Increased bandwidth
    • Redundancy
    • Load balancing
  • Maximum 8 active links
EtherChannel Protocols
  • PAgP (Cisco):
    • Auto: Waits for PAgP
    • Desirable: Actively negotiates
  • LACP (IEEE):
    • Passive: Waits for LACP
    • Active: Actively negotiates

EtherChannel Configuration

Switch(config)# interface port-channel 1
Switch(config-if)# switchport mode trunk
Switch(config-if)# exit
Switch(config)# interface range gigabitethernet0/1-4
Switch(config-if-range)# channel-group 1 mode active
Switch(config-if-range)# exit
Switch(config)# port-channel load-balance src-dst-ip

Verification Commands

Switch# show etherchannel summary
Switch# show etherchannel port-channel
Switch# show interfaces port-channel 1

Switch Security

Port Security
  • Limits MAC addresses per port
  • Violation actions:
    • Protect: Drop unauthorized
    • Restrict: Drop + increment counter
    • Shutdown: Err-disable port
  • Aging options available
Switch(config-if)# switchport port-security
Switch(config-if)# switchport port-security maximum 2
Switch(config-if)# switchport port-security violation restrict
DHCP Snooping
  • Prevents rogue DHCP servers
  • Creates binding table
  • Trusts only authorized ports
Switch(config)# ip dhcp snooping
Switch(config)# ip dhcp snooping vlan 10
Switch(config-if)# ip dhcp snooping trust
Dynamic ARP Inspection
  • Prevents ARP spoofing
  • Uses DHCP snooping binding table
  • Drops invalid ARP packets
Switch(config)# ip arp inspection vlan 10
Switch(config-if)# ip arp inspection trust
Storm Control
  • Limits broadcast/multicast/unicast storms
  • Can shutdown port or send SNMP trap
  • Threshold as percentage or pps
Switch(config-if)# storm-control broadcast level 75.5
Switch(config-if)# storm-control action shutdown
Quick Navigation
Key Commands
VLAN Verification
show vlan brief
show interfaces trunk
STP Verification
show spanning-tree
show spanning-tree vlan 10
EtherChannel
show etherchannel summary
show interfaces port-channel 1
CCNA Exam Tips
  • Know STP port states and timers
  • Understand VLAN trunking protocols
  • Memorize EtherChannel configuration
  • Practice switch security commands
  • Know show commands for verification
🔍
Need More Practice?

Test your switching knowledge with our interactive quizzes

Take Switching Quiz