Please enable JavaScript.
Coggle requires JavaScript to display documents.
CCNP SWITCH (Spanning Tree Protocol (Spanning Tree Types (802.1w RSTP…
CCNP SWITCH
Spanning Tree Protocol
Elections
Root Port Election
-
- Lowest upstream bridge ID
-
-
Root Bridge Election
-
Default bridge priority of 32,768
switchport host
macro that sets a port to "host" mode. Sets port to access mode, enables portfast, disables etherchannel.
-
Spanning Tree Types
802.1D CST STP
IEEE Standard
States
-
-
Disabled
Faulty, admin down, etc. Not part of the typical STP progression.
Blocking
Receives BPDU's, cannot do anything else.
Listening
Send and receives BPDU's, cannot do anything else.
-
-
PVST+
Cisco Proprietary
Allows CST, PVST, and PVST+ to work in tandem.
-
-
802.1w RSTP
IEEE Standard
New Port Roles
"Alternate" - An Alternate path to the root bridge, designed to take over in the event of root port failure.
-
-
-
Introduces the concept of the network "edge": ports that have a single host connected, which are in PortFast mode.
-
-
-
Timers
-
-
Max Age Timer
-
Expiration signals that topology change must have occurred, root bridge is considered unreachable.
-
-
-
-
-
FlexLinks
An alternative to STP, allows manually configuring a primary and failover link.
-
Switch Security
Port Security
Enabled Per-interface
Violation Modes
Restrict
Port stays up, violating packets dropped, violations logged
Protect
Port stays up, violating packets are dropped, no logs
-
Clearing violations
clear port-security {all |configured | dynamic | sticky } [address mac-addr | interface type member/mod/num]
-
Private VLAN's
Types
Isolated
Can only reach primary VLAN. Cannot talk to other hosts, even in same VLAN
Community
Can communicate with other ports in community VLAN, as well as primary VLAN
Private VLAN's do not use VTP, are only locally significant
Port Types
Promiscuous
Port mode for firewalls and devices that need to communicate with everything. Breaches the rules of private VLAN's, will communicate with everything
-
Host
Regular settings, acts based on the VLAN it is in
-
Protected ports
-
Protected ports can communicate with unprotected ports, but not with other protected ports.
-
-
-
-
-
-
-
Multilayer Switching
-
-
Switching Fabric
CEF
States
Punt
Sent to L3 engine for processing, for various reasons.
-
-
-
-
Types
-
dCEF
CEF is distributed among multiple devices, and managed centrally
-
-
TCAM
Contains inbound and outbound access lists, including RACL's & VACL's.
-
Feature Manager (FM): merges ACE's into TCAM entries, thus allowing the TCAM to be consulted at full forwarding speed
Switching Database Manager (SDM): On some switches, partitions TCAM tables for various functions
-
-
-
Routing with a switch
-
Routed Port
Is an actual Layer 3 routed port. As such, it can use routing protocols.
-
-
Management
-
-
Port Mirroring
SPAN
-
VSPAN
Sets a source as a VLAN instead of a port, essentially operating in the opposite fashion. All ports that are assigned to that VLAN will become part of the SPAN session.
Source can be physical port or etherchannel. Can have multiple sources for one session, and they can be in different VLAN's. All VLANs that are part of a port will become SPAN sessions.
-
-
You cannot monitor SVI's. You also cannot mix and match VLAN and physical ports within the same session. Instead, you must create a separate session for this.
A SPAN destination can only be the destination for one session. Also, sessions cannot go to multiple destinations.
-
Layer 2 Protocols
VTP
Modes
-
-
Transparent
-
-
Can forward VTP advertisements to other devices, but cannot forward its own.
-
Off
Will not participate in VTP in any fashion, other than relaying advertisements.
-
Advertisements
-
Advertisements generally originate from servers, but can originate from clients requesting them.
Summary Advertisements
Sent out every 300sec, or whenever a database
change occurs.
-
-
-
-
-
Versions
-
-
Version 3
Capable of supporting VLAN's 1-4094, where other versions are only capable of supporting 1-1005.
-
DTP
-
Modes
Trunk (Not DTP, technically)
-
-
-
-
Switching Fabric
CAM
-
Holds MAC's, VLAN ID's, ingress port, and timestamp.
New updates age out old ones. If new update is identical, only timestamp is updated
-
-
-
-
-
Design
-
Switch Block
A group of access layer switches and their distribution switches. Also called an access distribution block
-
Link Aggregation
EtherChannel
-
-
-
Load Balancing
-
Can use source/ destination IP, source/ destination MAC, UDP/TCP ports, or a combination of these.
-
-
-