Category: CCNA Study Guide Chapter 03

Tutorials from Chapter 3 of Dan’s Free CCNA Study Guide

Configuring IP Address Settings on a Catalyst 1900 or 2820

By default, a Cisco 1900 switch will not have any IP address settings configured. When you do configure an IP address, subnet mask, and default gateway on a switch, you are not configuring a specific port, but rather a management address for the entire switch. This will ultimately allow you to access the switch via telnet, or one of the various web-based applications mentioned earlier. IP address settings are configured from global configuration mode using the ip address and ip default-gateway commands. I have also added the address of a DNS server, using the ip name-server command.

Cisco1912#config t
Enter configuration commands, one per line. End with CNTL/Z
Cisco1912(config)#ip address 192.168.1.100 255.255.255.0
Cisco1912(config)#ip default-gateway 192.168.1.1
Cisco1912(config)#ip name-server 192.168.1.31

To view the IP address configuration of the switch, use the show ip command from the privileged mode prompt. To get back to that prompt from global configuration mode, use either the exit command, or press Ctrl+Z. When entered on our Cisco 1900 switch, the Ctrl+Z command will not display ^Z.

Cisco1912(config)#exit
Cisco1912#show ip
IP Address: 192.168.1.100
Subnet Mask: 255.255.255.0
Default Gateway: 192.168.1.1
Management VLAN: 1
Domain name:
Name server 1: 192.168.1.31
Name server 2: 0.0.0.0
HTTP server : Enabled
HTTP port : 80
RIP : Enabled
Cisco1912#

From the configuration shown above, notice that the switch is running an HTTP server for the purpose of allowing configuration via a web browser. The port number on which the HTTP server responds can be changed using the ip http port command, while the no ip http server command will disable the HTTP server completely.

Cisco1912(config)#ip http ?
port port
server Enable HTTP server
Cisco1912(config)#ip http port ?
<0-65535> HTTP port
Cisco1912(config)#no ip http server

Configuring Switch Passwords on a Catalyst 1900 or 2820

The commands to configure user and privileged mode passwords on a Cisco 1900 switch are slightly different than those learned earlier. To configure a user-mode password on a Cisco 1900, use the enable password command, followed by a level number and password. Level numbers range from 1 to 15. User-mode passwords fall into the numeric range 1-14, while a privileged-mode password uses level 15. The commands to add both a user-mode and privileged-mode password to a Cisco 1900 switch are shown below. It should be noted that these passwords are not encrypted, nor case sensitive, but must be between 4 and 8 characters in length.

Cisco1912(config)#enable password level 1 cisco
Cisco1912(config)#enable password level 15 cisco99

Much like on a Cisco router, a Cisco 1900 switch also allows you to apply a more secure enable secret password that supercedes any other privileged mode password that may have been configured. This password is set using the enable secret command, followed by the password of your choice. Enable secret passwords are encrypted, case sensitive, and can be up to 25 characters in length.

Cisco1912(config)#enable secret CiScO9999

Cisco Catalyst 1900 and 2820 Initial Switch Configuration

Much like the initial configuration of a Cisco router, the initial configuration of a Cisco Catalyst 1900 switch is handled via a connection to the switch’s console port. Located on the back of the switch, the RJ-45 console port uses the same connection parameters as on the Cisco routers we looked at earlier – 9600 baud, 8 data bits, no parity, 1 stop bit and no flow control. Remember that connecting to a console port requires you to use a rollover cable.

In most cases, you will connect to the console port only long enough to configure passwords, an IP address, and perhaps a hostname. After this initial configuration is complete, it is much more common (and convenient) to access the switch via a telnet session.

Once connected to the console port, you’ll be presented with the initial system configuration menu, as shown below. The menu-driven system is presented by default, and is the only console-configuration option on switches running Standard Edition software. While the menu-driven configuration may be easier in that you won’t need to remember specific commands, it can also be somewhat confusing, in that you will need to remember (or search) for specific configurable elements within the many menu options. Using the command line is generally a much quicker option, as long as you know the specific commands to enter.

Catalyst 1900 Management Console
Copyright (c) Cisco Systems, Inc. 1993-1999
All rights reserved.
Enterprise Edition Software
Ethernet Address: 00-50-F0-5F-25-00

PCA Number: 73-3122-01
PCA Serial Number: FAB03103IYN
Model Number: WS-C1912-A
System Serial Number: FAB0312S041
Power Supply S/N: APQ0252023A
PCB Serial Number: FAB03103IYN,73-3122-01
————————————————-

1 user(s) now active on Management Console.

User Interface Menu

[M] Menus
[K] Command Line
[I] IP Configuration
[P] Console Password

Enter Selection:

From the main menu, press K to access the command line interface (CLI). This will bring you to the user mode command prompt, distinguished by a simple flex bracket, as shown below. Think of this prompt as being similar to the user mode prompt on a Cisco router – although it allows you to view basic switch information, to do anything useful you’ll need to access privileged mode. The command to access privileged mode is one that you are already familiar with – enable.

Enter Selection: K

CLI session with the switch is open.
To end the CLI session, enter [Exit].

>enable
#

Notice that the enable command brings you directly to the enable mode prompt, the pound sign. Like with our routers, to change the configuration of the switch we will need to enter global configuration mode, using the configure terminal command.

#config t
Enter configuration commands, one per line. End with CNTL/Z
(config)#

The help system also works from the command line on a Cisco 1900 switch. Use ? to access a list of available commands. To view all commands starting with the letter S, use s?. Remember to leave a space following a single command to find any follow-up commands, for example show ?. Partial commands can also be completed using the tab key.

It’s generally a good idea to give the switch a hostname to make it easier to identify. From global configuration mode, issue the hostname command, followed by the name you wish to use.

(config)#hostname Cisco1912
Cisco1912(config)#

If you ever want to get back to the menu-based configuration system from the command line, enter the menu command.

Cisco1912#menu

Catalyst 1900 – Main Menu

[C] Console Settings
[S] System
[N] Network Management
[P] Port Configuration
[A] Port Addressing
[D] Port Statistics Detail
[M] Monitoring
[V] Virtual LAN
[R] Multicast Registration
[F] Firmware
[I] RS-232 Interface
[U] Usage Summaries
[H] Help
[K] Command Line

[X] Exit Management Console

Enter Selection:

CCNA Study Guide Chapter 3 Summary

This chapter began with a review of Layer 2 switching. This included a look at how a switch segments a network into a number of smaller collision domains, as well as how a switch makes full duplex communication possible.

This was followed by a look at the different switching methods support by Cisco including Store-and-Forward, Cut-Through, and the default for the Cisco 1900 series, FragmentFree.

A look at redundancy and loop avoidance explained the benefits of having multiple paths on a bridged or switched network, but also the potential problems this introduces, namely broadcast storms. The process by which a broadcast storm happens was also discussed step by step.

Loop avoidance for bridged networks was covered in an overview of the Spanning Tree protocol. The process by which switches elect a Root Bridge, choose Root Ports and Designated Ports were also illustrated with examples. The four Spanning Tree port states – Listening, Learning, Blocking, and Forwarding – were also discussed.

A look at VLANs provided an overview of the benefits they provide in segmenting a network into multiple broadcast domains in a switched environment. The VLAN Trunking Protocol (VTP) was introduced as a way to easily configure VLANs on switches across a VTP management domain. VTP Pruning was also discussed.

Trunking techniques included a look at tagging protocols such as Inter Switch Linking (ISL), a Cisco proprietary protocol for VLAN identification.

VTP Pruning

In some cases, it may not make sense for all traffic to be trunked to all switches. For example, consider the network diagram shown in the figure below. In it, Switch C does not have any ports configured on VLAN99. As such, it doesn’t make much sense for traffic destined for VLAN99 to be sent over the trunk link between switches A and C. In order to control traffic destined for VLAN99 from being forwarded to Switch C, you can enable VTP pruning. Once enabled, VTP pruning will stop unnecessary traffic from being forwarded to a switch with no configured ports on that VLAN. If VTP pruning were enabled in this example, traffic for VLAN 99 would not be forwarded to Switch C by Switch A, thus conserving bandwidth and switch resources.

Figure: With VTP pruning enabled, traffic for VLAN99 is not forwarded to Switch C.

By default, all switches have VTP pruning disabled. When enabled, VTP pruning enables the function for the entire VTP management domain. If you do choose to use VTP pruning, note that you also have the option to go a step further and define which VLANs are eligible to be pruned and which are not.

VTP Modes

Switches can operate in three different VTP modes, which affect the way in which they share or interact with VTP advertisements. Once configured, VTP information is stored in their VTP database. The three modes include:

Server. By default, every Catalyst switch configured to use VTP will be configured as a server. In any VTP domain, at least one server must exist. When in server mode, a switch can be used to add, modify or delete VLAN related information, which will be passed to all other switches in the VTP management domain.

Client. In client mode, a switch receives VTP advertisements and makes changes according to their contents. Note that a VTP client cannot change VLAN information.

Transparent. In transparent mode, a VTP switch will forward VTP messages, but will not actually use the configuration information it receives. VLANs that are added, modified or deleted on a VTP switch in transparent mode will only apply to that particular switch.

When a switch receives a VTP update, it checks the VTP domain name and revision number information stored in the advertisement. If the information is for a different VTP domain, it is ignored. If the revision number of the advertisement is below the number currently stored in its database, it is similarly ignored.

VLAN Trunking Protocol VTP

In large networks, configuring VLAN information on each and every switch would be incredibly time consuming. In order to deal with this issue, Cisco created a protocol referred to as the VLAN Trunking Protocol (VTP). VTP actually has very little to do with trunking. Instead, its responsibility is propagating information about the configuration of VLANs across trunk links. For example, let’s say that you’ve defined a new VLAN on a switch, VLAN 99. Instead of having to manually create that VLAN on each and every switch, you could instead use VTP – it would automatically make VLAN 99 available on every switch after it was defined on the first. This information is sent to other switches in the form of VTP advertisements. These are multicasts that provide update information to neighboring switches over trunk links. VTP can be used to add, modify or delete VLANs across what is known as a VTP management domain. For example, you might add a new VLAN, change the name of a VLAN, or delete a VLAN that you no longer require.

By default, VTP is not configured on Catalyst switches. You first have to define what is known as a VTP management domain, the group of switches among which you want VLAN information passed and shared. You can actually define multiple VTP domains for different groups of switches that require different configurations. However, you can only make any given switch part of a single VTP management domain.

InterSwitch Link ISL

VLAN tagging is not a difficult concept – just remember that its purpose is to allow frames from multiple VLANs to be transferred across a trunk link and properly identified at the other end.

Recall that ISL only works on 100Mbps ports and faster. As such, if your switch only has 10 Mbps ports available, using ISL will not be an option. One other limitation of ISL is that only ISL-aware devices will understand ISL frames – all others will not consider the frame to be valid.

Some network interface cards include ISL capabilities. If installed in a server, the server could then be part of two (or more) VLANs concurrently. This would allow systems from different VLANs to connect to the server without needing to route between different broadcast domains. In this way, the connection between the server and the ISL-configured switch port acts as a trunk link. In an even more common example, imagine if you connected a router to your switch in order to route between different VLANs. If that router had a 100Mb port that was ISL-capable (as many Cisco routers do), it could be connected to a trunk port on the switch, and provide routing between your VLANs. In this case, the router would add VLAN identification tags before forwarding a frame to the switch (and vice versa). The switch interface would strip away the tagging, and be sure that the frame is forwarded onto the proper VLAN.

Note that there is a downside to this configuration. By making a system (the router in this case) part of multiple VLANs, it will receive broadcast traffic from each of the VLANs for which its switch port is configured.

Trunking and VLAN Identification

Setting up VLANs on a single switch is relatively simple. First you define different VLANs, and then make ports members of those VLANs. However, when you interconnect or link switches across a network (referred to as trunking), you’ll need a way for switches to know on what VLAN a frame belongs. There are two main types of trunk links, as described below.

Access Link. When a link connects a single VLAN between switches, and no traffic for other VLANs is passed over that link, it is considered an access link. The only traffic that moves across an access link is traffic belonging the VLAN defined for the ports that are connected.

Trunk Link. If a link connects two switches, and the switches have 2 or more VLANs defined, it wouldn’t make much sense to set up a separate access link for each VLAN. Instead, it would be great if we could have traffic from multiple VLANs move across a single link. If a VLAN identification (frame tagging) technique is used, this is possible. The link is then known as a trunk link.

Consider the figure below, which outlines both access and trunk links.

Figure: Access and Trunk Links.

Remember that switches are always connected together using a crossover cable.

If you remember back to Chapter 2, none of the Ethernet frames we looked at had any field used to identify the VLAN membership of frame. In order for VLANs to work properly between switches, we’ll need some way to be able to let switches know what VLAN a frame is meant for.

Enter frame tagging. Frame tagging is a technique where additional VLAN identification information is added to a frame. Two main protocols exists for the purpose of Ethernet frame tagging – Inter Switch Linking (ISL) and IEEE 802.1q. Both modify a frame in different ways to add VLAN identifiers. Once implemented, VLAN tagging allows ports on the same VLAN (but on different switches) to communicate as though they were part of a single physical switch.

Adding more information to a frame creates a slight dilemma. Remember that an Ethernet frame has a maximum size of 1518 bytes. How can we add information to a large frame without making it appear oversized and thus invalid to network devices? Well, we need to configure the ports that link switches to use a VLAN identification protocol. When configured with VLAN tagging, a switch port will tag a frame with VLAN information when sending it out a trunk port. This tagging will be stripped away by the switch at the receiving end of the link. In this way, end devices need not be aware that any special framing or tagging took place. It also helps avoid end systems seeing these frames as being invalid. A VLAN tagged frame has a maximum size of 1522 bytes. The figure below illustrates the process by which a frame is tagged to include VLAN identification information. Note that the special tagging is added before it leaves the Switch 1 trunk port, and is removed once it enters the trunk port on Switch 2.

Figure: Frame tagging over a trunk link.

A number of different protocols exist for the purpose of adding VLAN identification to frames. These include:

InterSwitch Link (ISL). ISL is a Cisco proprietary VLAN identification protocol that can be used only on Fast Ethernet and Gigabit Ethernet trunk ports. Because the protocol is proprietary, it can only be used to trunk between Cisco devices. ISL actually re-encapsulates the entire original frame with a new header and a new CRC value.

IEEE 802.1q. The IEEE 802.1q is the industry standard method of VLAN identification. This protocol doesn’t entirely re-encapsulate a frame, but instead adds VLAN identification information into Ethernet frames. This in turn can make Ethernet frames as large as 1522 bytes. When you want to use VLAN identification on a network that includes equipment from different vendors, 802.1q should be used.

Dynamic Trunking Protocol (DTP). An enhancement of Cisco’s Dynamic ISL (DISL) protocol, DTP dynamically negotiates both ends of a trunk link to use a common VLAN identification protocol, such as ISL or 802.1q.

FDDI 802.10. While trunking protocols such as ISL are meant to create a trunk link between only two switches, 802.10 encapsulation allows VLAN tagging to be used on a shared FDDI backbone. It does this by adding a 4-byte Security Association Identifier (SAID) field to the FDDI frame header.

ATM Lane. When Ethernet or Token Ring networks connect over ATM, LAN Emulation (LANE) must be used to emulate their native environments (since ATM doesn’t support broadcasts, for example). In cases where VLANs are required over ATM connections, Emulated LANs (ELANs) need to be defined. Each ATM ELAN maps to a single VLAN.

Tip: VLAN tagging methods like ISL allow VLAN membership information to be transported with a frame across trunk links.

VLAN Types

VLAN membership can be configured in two different ways, known as static and dynamic.

Static VLANs. With a static VLAN, an administrator defines VLANs on a switch and then assigns ports to them. This is the most common way in which VLANs are configured.

Dynamic VLANs. A dynamic VLAN is one in which a switch port automatically configures itself to be part of a particular VLAN, based on the MAC address of a connected system. Think of a scenario where a laptop user uses different connections within an office building. In this case, she could plug into a given jack (which is connected to a switch) and automatically be made part of her native VLAN. In order to accomplish this, a management database needs to be created that maps MAC addresses to VLANs, which requires additional administrative effort. Cisco has a product that provides this functionality – VLAN Management Policy Server (VMPS).