Implementing Cisco Switched Networks Chapter 2 Review

This is my review and notes of Chapter 2 of “Implementing Cisco Switched Networks Foundation Learning Guide”.


Chapter 2

Chapter is a pretty good refresher for a lot of things around VLANs. Having not used Cisco switches for a while, the show commands are a pretty helpful reminder of some available commands other vendors may not have. The chapter also somewhat applies some of the models discussed in chapter 1 in terms of the VLAN implementation around PPDIOO.

Later the chapter covers Private VLANs and EtherChannel. Personally felt the Private VLAN explanation was too confusing and instead resorted to an explanation from How to Master CCNP Switch.

In terms of the CCNP exam, probably need to know:
– Understand VLAN configuration and show commands
– Correct trunking configuration
– Different modes of DTP. Possibly some VTP.
– Private VLANs
– EtherChannel

– End to End VLAN, and Local VLAN models
– VLAN configuration and show commands
– Trunking – briefly ISL, which doesn’t matter, and 802.1Q
– DTP – Dynamic Trunking Protocol
– VTP – VLAN Trunking Protocol
– Private VLANs
– EtherChannel covering PAgp, LACP, and includes load balancing techniques.

VLAN Models

End to End VLAN
– Each VLAN spans the network geographically.
– Users are grouped into each VLAN regardless of physical location
– As users move througout the campus, the VLAN membership of that user remains the same (probably through 802.1x)
– Users are typically associated with a given VLAN for network management reason hence why they are kept in the same VLAN.
→ Switches typically use VTP in server/client mode.

Local VLAN – Choice for Campus Enterprise Architechture.
– VLANs are configured for each floor or building
→ In other words, local VLANs are created with physical boundries in mind rather than the job function of the user.
– Generally local VLANs exist between the access and distribution levels.
– Traffic is routed at Distribution and Core to reach other destinations on the network.
– Usual reccommendation is max of 3 VLANs per access layer switch.
→ VTP configured in transparent mode as no vlans should be advertised to other switches, nor need to be created on any other switches.

=> A network that consists of entirely locla VLANs can benefit from increased convergence times offered via routing protocols, instead of spanning-tree for layer 2 networks.

Helpful VLAN configuration commands:

Switchport mode host
– This is a macro for enabling spanning-tree PortFast and disabling etherchannel on a per port basis.

Show vlan
Show vlan br
Show vlan id X
Show vlan name X
– Pretty helpful generic vlan command

Show run int fa0/0
Display current config on a particular port

Show interfaces
Show int fa0/0 switchport
– Switchport characteristics
– Private VLAN and trunking info

Show mac-address-table interface __ vlan __
– Displays MAC address table info for specified interface in specified vlan.
– Very helpful in determining if attached devices are sending packets to the correct VLAN.

DTP – Dynamic Trunking Protocol
– Cisco proprietary point-to-point protocol for switches to negotiate trunk links

Access – Port is permanently configured for nontrucking.
Trunk – Port is permanently configured for trunking.
– Other End of link needs to be trunk/dynamic desirable, or dynamic auto.
Nonegotiate – Puts port in permanent trunking mode BUT port will not send out DTP frames.
– Other end of link needs to be either trunk or nonegotiate.
Dynamic Desirable – Interface activel attempts to convert the link to a trunk link.
– Trunk forms if neighbor interface is set to trunk/desirable, or auto
Dynamic Auto – Interface willing to convert the link to a trunk link.
– Trunk only form if neighbor set to desirable or trunk.

Trunking verification commands
Show run int X
Show int X switchport
Show int X trunk

VTP – VLAN Trunking Protocol
– Cisco proprietary protocol that is used to synchronise and distribution VLAN databases throughout a switched network.
– Cisco switches transmit VTP info only on trunk links.
– VTP info is multicast.

VTP Modes and operation
– Can’t create,change, or delete VLANs
– Forwards advertisements to other switches
– Synchronizes VLAN config with latest info received from other switches in management domain.
– Does not save VLAN config in NVRAM.

– Creates, modifies, and deletes VLANs.
– Sends and forwards advertisements to other switches.
– Synchronizes VLAN config with latest info received from other switches in VTP domain
– Saves VLAN config in NVRAM.

– Creates, deletes, and modifies VLANs only from and on the local switch
– Fowards VTP advertisements received from other switches in same VTP domain.
– Saves VLAN config in NVRAM.

There’s a bit more to VTP such as importance of sequence number etc but this isn’t stuff I feel I personally need notes on.

VTP Pruning
– Probably one of the main advantages to using VTP.
– VTP pruning uses VLAN advertisements to determine when a trunk connection is flooding traffic over trunk links needlessly. By default, a trunk connection carries traffic for all VLANs in the VTP management domain.
– VTP pruning increases available bandwidth by restricting flooded traffic to those turnk links that the traffic must use to access the appropriate network devices.

VTP has 3 versions. Version 2 is most commonly used.

If all switches in a domain are capable of running VTP version 2, enable VTP version 2 on one VTP server. The VTP server propogates the version number to the other VTP version 2 capable switches in the VTP domain.

Private VLANs

I found the implementing switch chapter pretty confusing on this subject, and instead looked at How to Master CCNP Switch. From the brief look I’ve had at this book, I think it’s pretty good, and avoids a lot of the waffle that you find in the Cisco press books. If I had more time before my exam, I would have liked to read this book in more detail. Anywho on to private VLANs!

A private VLAN is simply a vlan that has limited communication with other ports on the switch, depending on configuration.

A private VLAN always has one primary VLAN. Within the primary VLAN you will find the promiscuous port.

Secondary VLANs can always communicate with the promiscuous port but they can never communicate with other secondary VLANs.

Private VLANs can also be carried over 802.1Q trunk links. Configuration is basically the same on the other switch. You only need to add the vlans to the trunk link.

Private VLAN port types:

Complete layer 2 separation from other ports within the same private VLAN, except promiscuous ports.

– Can communicate with all ports within the private VLAN, including community and isoldate ports.
– Only part of 1 primary VLAN, but each promiscuous port can map to more than one secuary private VLAN.
– Promiscuous ports are generally router ports, backup or shared servers, or VLAN interfaces.

– Community ports communicates among themselves and with their promiscuous ports.
– Isolated at layer 2 from other interfaces in other communities, or in isolated ports within their private VLAN.

Private VLAN configuration

Using an example borrowed from Renés Mastering CCNP Switch book:

Firstly configure the switch to VTP mode transparent.

– Primary VLAN of 500
– Secondary Community VLAN is 501
– Secondary Isolated VLAN is 502

####### Configuring Primary VLAN and Secondary Community VLAN ########
S1(config)#vtp mode transparent
S1(config)#vlan 501
S1(config-vlan)#private-vlan community
S1(config-vlan)#vlan 500
S1(config-vlan)#private-vlan primary
S1(config-vlan)#private-vlan association add 501

##### Assigning private vlan, along with primary to switch ports ##########
S1(config)#interface range fa0/1 – 2
S1(config-if)#switchport mode private-vlan host
S1(config-if)#switchport private-vlan host-association 500 501

##### Configuring Promiscuous port #####
S1(config)#interface fa0/24
S1(config-if)#switchport mode private-vlan promiscuous
S1(config-if)#switchport private-vlan mapping 500 501

####### Configuring Isolated VLAN ########
S1(config)#vlan 502
S1(config-vlan)#private-vlan isolated
S1(config-vlan)#vlan 500
S1(config-vlan)#private-vlan primary
S1(config-vlan)#private-vlan assocation add 502

##### Assigning private vlan, along with primary to switch ports ##########
S1(config)#interface range fa0/3 – 4
S1(config-if)#switchport mode private-vlan host
S1(config-if)#switchport private-vlan host-association 500 502

##### Configuring Promiscuous port #####
S1(config)#interface fa0/24
S1(config-if)#switchport mode private-vlan promiscuous
S1(config-if)#switchport private-vlan mapping 500 502

##### Verification #####
S1#show interfaces fa0/1 switchport
S1#show interfaces fa0/24 switchport
S1#show vlan private-vlan
S1#show vlan private-vlan type

Cisco Port Protect Feature
– Very simple version of private-vlans for lower end switches
– Traffic can only flow between a protected and unprotected port
– If two ports are port protected, they can not communicate with eachother.
EtherChannel – Pagp and LACP

Apologies if this section lacks more detail. It’s not an area I personally need many notes on.

PAgP – Port Aggregation Protocol
– Cisco Propritary
– Packets sent every 30 seconds. PagP checks for config consistency and manages link additions and failures between two switches.


– Default
– Passive state in which the ports respond to PagP packets that it receives but does not initiate PagP negotiation.

– Active negotiating state

– Forces interface to channel without PagP
– Does not exchange PagP packets.
– Other side also needs to be configured with ‘on’.

– If a switch is connected to a PAgP capable partner, add this keyword on when configuring auto or desirable. If you do not specify this, silent is assumed. Silent is for connections to file servers or wireshark (why??)

So if doing PAgP, make sure to also add ‘non-silent’

LACP – Link Aggregation Control Protocol
Basically identical to PAgP but IEEE open version.


– Default
– Passive negotiating state (responds to LACP packets, but doesn’t initiate EtherChannel).

– Active negotiating state
– Will form EtherChannel with partner as Active or Passive

– Forces interface to channel without PAgP or LACP.

Additional Parameters

System priority – Each switch running LACP must have a system priority. This is automatic, but user can also manually configure. Switch uses MAC address and system priority to form the system ID.

Port priority – Same as above. Switch uses the port priority to decide which ports to put in standby mode when a hardware limitation prevents all compatible ports from aggregating.

Administrative key – As above, auto but can be manually done. Defines the capability of a port to aggregate with other ports e.g. physical port characterisitcs incl speed/duplex etc.

EtherChannel Load Balancing Options

One thing people often get wrong when it comes to EtherChannel or aggregator links, is they think that because they have two 1gbit links in an aggregator, that they now have 2gbit of bandwidth for any of their traffic. This is only slightly true, as aggregators use a load balancing technique to ‘balance’ traffic over the two links. Depending on source/destination traffic that flows through the link, you may or may not maximise available bandwidth. See below on different balancing techniques.

Cisco offers:

Use “Show etherchannel load-balance” to see what mode is in effect. ‘Conf t > port-channel load-balance’ to change it.

Implementing Cisco Switched Networks Chapter 1 Review

This is my review and notes of Chapter 1 of “Implementing Cisco Switched Networks Foundation Learning Guide”.


Chapter 1

Chapter 1 was incredibly boring to read. As per the covered summary below, the chapter was attempting to get the reader in the mind set of different models Cisco has created that can be used as a guideline when creating a network, whether large or medium, and in either a campus or enterprise network.

In terms of the CCNP exam, probably need to know:
– The 3 campus design best practices
– Be able to successfully identify where different features belong in a network using the Hierarchical Network design mode.
– Know the 3 different layers of SONA
– Be able to successfully identify what happens at each step of the PPDIOO model.

– Different models of Cisco switches e.g. Catalyst, Nexus
– Campus Design best practices
– Hierarchical Network Design Model
– SONA (Serivce-Oriented Network Architecture
– PPDIOO (Prepare Plan Design Implement Operate Optimise)

Campus Design best practises
Basically summed up as create a network that is:
– Modular (like building blocks and scales well)
– Resilient (HA characteristics with uptime nearly 100%)
– Flexibility (Businesses are constatntly changing. Able to adapt to new business structures etc).

Hierarchical Network Design Model

Core Layer
– High Speed
– High Availability
– Adapt to changes quickly

– Basically aggregates all the distribution layer switches together with the remainder of the enterprise network.
– Provides aggregation points with redundancy through fast convergence and HA.
– Designed to scale as the distribtuion and consequently the access layer scale with future growth.

Distribution Layer
– Segment parts of the network and isolate network problems in a campus environment
– Aggregate WAN connections at the edge
– Provide a level of security
– Often acts as a service and control boundry between access and core layers

– Availability, load balancing, QoS
– HA through dual paths to Core and Access
– Provides default GW redundancy via HSRP/GLBP/VRRP
– Connects network resources to the access layer, and implements policies for QoS, Security, traffic loading, and routing.

Access Layer
– Edge devices
– Application of security, access control, filters, management etc.

– Access to default gateway redundancy (so dual links to distribution layer switches with e.g. HSRP)
– Converged – So PoE switch with IP Phones and WLAN devices attached.
– Security through: Port Security, DHCP Snooping, Dynamic ARP Inspection, IP SRC Guard.

SONA (Service-Oriented Network Architechture)

Below is my notes from when reading the book. To be honest it all just sounds like a bunch of buzz words and personally don’t feel it was explained very well. Haven’t looked any further into it.

Application Layer
– E.g. Business Apps
– Layer objective is to meet business requirements and achieve efficencies by leveraging the interactive services layer.

Interactive Services Layer
– Enables efficient allocation of resources to applications and business processes delivered through the networked infrastructure

Network Infrastructure Layer
– Where all IT resources (servers/SANs etc) are interconnected across a converged network foundation.
– Represents how resources exist in different places in the network, e.g. branch, data center, WAN etc.

PPDIOO ( Prepare Plan Design Implement Operate Optimise)

– Establishing organisational requirements
– Developing Network Strategy
– High-level conceptal Network Architechture
– Identifying HW and Costs

– Initial network requirements based on goals, facilities, user needs etc.
– Assessing current network and ensuring it will work with what is being proposed

– Well throught out detailed design that meets current business and techical requirements and incorporates specifications to support availability, reliability, security, scalability, and performance.
– Design is basis for implementation.

– Network is built to design specs, with goal of integrating devices without disrupting existing network.

– Final test of the appropriateness of the design
– Involves maintaining network health through day to day operation.

– Proactive management of the network
– Goal of this is to identify and resolve issues before they affect the organisation.
– Reactive fault detection and correction (Troubleshooting) is needed when proactive management can not predict and mitigate failures.

15 Days till CCNP Switch Exam


On the 20th January 2014 I am sitting the Cisco CCNP Switch Exam. For me this is the first of the 3 CCNP exams.

At the moment I’m pretty stressed out about this. I spent a large chuck of last year trying to study for this exam off and on, so I think I should be okay for it. For me, it’s a case of trying to remember all the stuff I’ve learnt at various points. If I don’t use something, I forget it, as do I imagine most people.

I work for Allied Telesis, which is probably considered a small to medium competitor to Cisco. The Allied Telesis switch operating system, AW+, is a very similar CLI to IOS (read industry standard CLI), which is a fantastic operating system, but I find it a double edge sword in terms of the Cisco exams. It’s great in terms of the fact that I was able to come from all the Cisco NetaCad courses and know how to use the Allied Telesis gear, but there are enough small differences that I’ll need to do a bit of labbing before my switch exam. Along with practicing all the Cisco proprietary features again (PVRST+, HSRP, VTP, DTP etc).

So what should you expect to see on my blog for the next couple of weeks?


I’m currently going through the “Implementing Cisco IP Switched Networks (SWITCH) Foundation Learning Guide” again as a refresher for the exam. Each day I’m hopefully going to post my notes from the book, along with a quick review of each chapter.


So what other material are you using for studying?

– CBT Nuggets CCNP Switch Video course

I’m lucky in the fact that work has a license for CBT Nuggets.

CCNP SWITCH 642-813 Quick Reference Guide

I’ve read this before when I sat my NetaCad Switch exam. I intend on reading this a day or two before the exam as a final refresher.

– CCNP Switch Student Lab Manual

I intend on spending a day going through all the labs. I’ve got 2x 3750 along with 2x 3550 to study with for the exam.

101 CCNP Labs – Labs

Looks like it could be a good refresher in terms of Labs for the exam.

How to master CCNP Switch

From what I’ve initially looked at, this book is great. It avoids the waffle Cisco Press books have, and explains things in the simplest form possible. I’m not sure how much of this book I’ll get the chance to read, but had I had more time before my exam, I would have quite liked to read this whole book.

– ?????????

Any other decent quick material I can get. I think at this point I need to find good labs I can practise.


So how do you intend on studying for this? How much study have you done so far?

2 years ago I did the Cisco CCNP Switch Netacad course and read the Foundation learning guide which I’m going to be blogging about. Last year I read the Official Cert Guide, purely because it was new material. I decided to reread the Foundation Learning Guide purely because it covers more topics that are in the exam. That and the fact that it is a Cisco Press book, so it should have what’s covered in the exam.

In terms of study so far? I actually only started studying 4 days ago. Other than that I hadn’t done any study for this exam for about 3 months. I could be crazy. I hope not. I really struggle to find time to study for this, as I’m generally doing routing at work, and find it hard to focus on two major topics at the same time. I’ve just had a week off work, and will have the week before the exam off work also. I’m hoping although this is a concentrated amount of time to study for an exam like this, that along with my previous knowledge, I’ll be able to cram enough for the exam.

What study have I done this week? I’ve read the first 3 chapters of the Foundation Learning Guide. My blog posts above will be my notes on the first 3 chapters. My goal is roughly 50 pages of the book a day, along with some CBT Nugget watching. I should finish all this a few days before the exam, in which I’ll do some labbing for a few days, and final review of material along with reading the Quick Reference Guide.

Wish me luck!