CCNA 3 Summary

Port Security

(config-if)#switchport mode access     //cannot be configured on trunk
(config-if)#switchport port-security     //by default dinamic with 1 mac per port
(config-if)#switchport port-security maximum <1-132>

//static
(config-if)#switchport port-security mac-address MAC
//sticky
(config-if)#switchport port-security mac-address sticky

//set security violation
(config-if)#switchport port-security violation protect | restrict | shutdown

//clear static, dinamic, sticky mac address
#clear port-security configured address MAC
#clear port-security dynamic address MAC
#clear port-security sticky address MAC

//clear all static, dinamic, sticky mac addresses on an interface
#clear port-security configured interface fa0/1
#clear port-security dynamic interface fa0/1
#clear port-security sticky interface fa0/1

VLANs

//create vlan
(config)#vlan 10
(config-vlan)#name Management

//view default settings of a port
#show interface fa0/1 switchport

//configure access port
(config)#interface fa0/1
(config-if)#switchport mode access
(config-if)#switchport access vlan 10

//configure trunk port
(config)# interface fa0/1
(config-if)# switchport trunk encapsulation dot1q
(config-if)# switchport mode dynamic auto | dynamic desirable | trunk
(config-if)# switchport trunk native vlan 20
(config-if)# switchport trunk allowed vlan add | except | all | remove 30
The native VLAN must be the same on both ends of a link.

//verify port mode
#show running-config fa0/1
#show interfaces fa0/1 switchport
#show interfaces fa0/1 trunk

Inter-Vlan Routing

I. InterVLAN Router

II. Router-on-a-stick

Switch:
(config)#vlan 10,20
(config)#interface f0/1
(config-if)#description Link to InterVLAN_Router
(config-if)#switchport trunk encapsulation dot1q
(config-if)#switchport mode trunk        ///trunk can be configured only on switch

Router:
(config)#interface f0/0
(config-if)#no ip address
(config-if)#no shutdown
(config-if)#interface f0/0.10
(config-subif)#encapsulation dot1q 10
(config-subif)#ip address 192.168.10.1 255.255.255.0
(config-subif)#interface f0/0.20
(config-subif)#encapsulation dot1q 20
(config-subif)#ip address 192.168.20.1 255.255.255.0

III. MultiLayerSwitching (L3 Switch)

(config)#ip routing      ///must activate routing
(config)#interface vlan 10
(config-if)#ip address 10.10.10.1 255.255.255.0
(config-if)#no shutdown
(config)#interface vlan 20
(config-if)#ip address 20.20.20.1 255.255.255.0
(config-if)#no shutdown
If you want to set an IP address on a L3 Switch you must first run the command no switchport on the interface.

VTP

(config)#vtp mode {server | client | transparent}
(config)#vtp domain NAME          //only on server
(config)#vtp password PASS

(config)#show vtp status
(config)#show vtp password

STP

Steps for STP convergence:

1. Pick RootBridge (BID min; BID = priority + MAC)
2.Decide which ports are active/blocked:
Root Port – the closest port to the Root Bridge, used for communicating with the Root Bridge.
Designated Port – port used to receive and forward BPDUs
Non-Designated Port – blocked port to prevent loops
3.Port states
Blocking – receives BPDU, does not send BPDU, does not learn MAC Addresses, does not forward data
Listening – receives BPDU, sends BPDU, does not learn MAC Addresses, does not forward data
Learning – receives BPDU, sends BPDU, learns MAC Addresses, does not forward data
Forwarding – permits all traffic (Root or Designated Port)

STP recalculates the topology every time the Root Bridge changes. An STP topology change means a port changed its state from forwarding to blocking or from blocking to forwarding.

Configure STP:

//enable STP(enabled by default)
(config)#spanning-tree vlan NR
//set Root Bridge(this changes the priotity to 24567, by default is 32768)
(config)#spanning-tree vlan NR root primary
//set Secondary Root Bridge(this changes the priority to 28672)
(config)#spanning-tree vlan NR root secondary
//manually set the priority
(config)#spanning-tree vlan NR priority <0-65535>

Configure Portfast:

Portfast should only be implemented when the port on the switch is directly connected to only one server/workstation and never to another hub/switch.

//enable portfast on all access ports
(config)#spanning-tree portfast default
//enable portfast on a port
(config-if)#spanning-tree portfast

Configure RSTP:

//enable RSTP
(config)#spanning-tree mode rapid-pvst
(config)#spanning-tree vlan NR root primary

//view STP configuration
#show spanning-tree detail
#show spanning-tree summary

Advertisements

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s