Training Cisco Certified Network Associate CCNA 640802

1
Training Cisco Certified Network Associate (CCNA
640-802)

• Mr.Kriangsak Namkot
• jodoi_at_jodoi.com
• jodoi1819_at_hotmail.com
• http//www.jodoi.com

2
Day 2

• Layer 2 Switching and Spanning Tree Protocol
  (STP)
• Virtual LANs (VLANs) , VTP , inter-VLAN routing
• Wide Area Networks , PPP connection LAB
  Configuration

3
Ethernet Switches and Bridges

• Address learning
• Forward/filter decision
• Loop avoidance

4
Transmitting Frames

• Cut-Through
• Switch checks destination address and immediately
  begins forwarding frame.

• Store and Forward
• Complete frame is received and checked before
  forwarding.

• Fragment-Free
• Switch checks the first 64 bytes, then
  immediately begins forwarding frame.

5
MAC Address Table

• Initial MAC address table is empty.

6
Learning Addresses

• Station A sends a frame to station C.
• Switch caches the MAC address of station A to
  port E0 by learning the source address of data
  frames.
• The frame from station A to station C is flooded
  out to all ports except port E0 (unknown unicasts
  are flooded).

7
Learning Addresses (Cont.)

• Station D sends a frame to station C.
• Switch caches the MAC address of station D to
  port E3 by learning the source address of data
  frames.
• The frame from station D to station C is flooded
  out to all ports except port E3 (unknown unicasts
  are flooded).

8
Filtering Frames

• Station A sends a frame to station C.
• Destination is known frame is not flooded.

9
Filtering Frames (Cont.)

• Station A sends a frame to station B.
• The switch has the address for station B in the
  MAC address table.

10
Broadcast and Multicast Frames

• Station D sends a broadcast or multicast frame.
• Broadcast and multicast frames are flooded to all
  ports other than the originating port.

11
Forward/Filter Decisions
12
Forward/Filter Decisions
13
Port Security

• Switch(config)interface fastEthernet 0/1
• Switch(config-if)switchport port-security ?
• mac-address Secure mac address
• maximum Max secure addresses
• violation Security violation mode
• ltcrgt
• Switch(config-if)switchport port-security
  maximum 1
• Switch(config-if)switchport port-security
  violation shutdown

14
Loop Avoidance

• Redundant topology eliminates single points of
  failure.
• Redundant topology causes broadcast storms,
  multiple frame copies, and MAC address table
  instability problems.

15
Broadcast Storms

• Host X sends a broadcast.
• Switches continue to propagate broadcast traffic
  over and over.

16
Multiple Frame Copies

• Host X sends a unicast frame to router Y.
• MAC address of router Y has not been learned by
  either switch yet.
• Router Y will receive two copies of the same
  frame.

17
MAC Database Instability

• Host X sends a unicast frame to router Y.
• MAC address of router Y has not been learned by
  either switch.
• Switches A and B learn the MAC address of host X
  on port 0.
• The frame to router Y is flooded.
• Switches A and B incorrectly learn the MAC
  address of host X on port 1.

18
Spanning-Tree Protocol

• Provides a loop-free redundant network topology
  by placing certain ports in the blocking state.

19
Spanning-Tree Operation

• One root bridge per network
• One root port per nonroot bridge
• One designated port per segment
• Nondesignated ports are unused

20
Spanning-Tree Protocol Root Bridge Selection

• Bpdu Bridge Protocol Data Unit (default
  sent every two seconds)
• Root bridge Bridge with the lowest bridge ID
• Bridge ID
• In the example, which switch has the lowest
  bridge ID?

21
Spanning-Tree Port States

• Spanning-tree transits each port through several
  different states

22
Spanning-Tree Port States (Cont.)
23
Spanning-Tree Path Cost
24
Spanning-Tree Example
25
Spanning-Tree Recalculation
26
Spanning-Tree Convergence

• Convergence occurs when all the switch and bridge
  ports have transitioned to either the forwarding
  or the blocking state.
• When the network topology changes, switches and
  bridges must recompute the Spanning-Tree
  Protocol, which disrupts user traffic.

27
Rapid Spanning-Tree Protocol
???????? ??? Listening ?????
28
Rapid Transition to Forwarding
29
Spanning-Tree

• Switchshow spanning-tree vlan 1
• VLAN0001
• Spanning tree enabled protocol ieee
• Root ID Priority 32769
• Address 0001.96DC.1A62
• Hello Time 2 sec Max Age 20 sec
  Forward Delay 15 sec
• Bridge ID Priority 32769 (priority 32770
  sys-id-ext 1)
• Address 0010.1116.A3A4
• Aging Time 300
• Interface Role Sts Cost Prio.Nbr Type
• ---------------- ---- --- --------- --------
  --------------------------------
• Fa0/1 Desg FWD 19 128.3 Shr
• Fa0/2 Root FWD 19 128.3 Shr
• Switch(config)spanning-tree vlan 1 priority 4096

30
VTP Modes

• Creates VLANs
• Modifies VLANs
• Deletes VLANs
• Sends/forwards advertisements
• Synchronizes
• Saved in NVRAM

• Creates VLANs
• Modifies VLANs
• Deletes VLANs
• Forwards advertisements
• Does not synchronize
• Saved in NVRAM

• Forwards advertisements
• Synchronizes
• Not saved in NVRAM

31
VTP Operation

• VTP advertisements are sent as multicast frames.
• VTP servers and clients are synchronized to the
  latest revision number.
• VTP advertisements are sent every 5 minutes or
  when there is a change.

32
Catalyst Default Configuration

• IP address 0.0.0.0
• CDP enabled
• 100baseT port autonegotiate duplex mode
• Spanning tree enabled
• Console password none

33
Configuration Switch

• ?? config
• erase start up
• reload
• ??????? config
• show running-config
• show spanning-tree
• show vlan
• show interfaces status
• show mac-address-table
• show ip int brief

34
Configuration Switch 2950

• Vlan 1 default
• ????? Vlan ??? ??????? vlan 2 4096
• ??? config
• Switchshow vlan
• Switchvlan database
• Switch(vlan)vlan 2 name aaa
• Switch(vlan)vlan 3 name bbb
• Switchconfig terminal
• Switch(config)interface FastEthernet 0/1-24
• Switch(config-if)switchport mode access
• Switch(config-if)switchport access vlan 2

35
Configuration Switch 2960

• Vlan 1 default
• ??? config
• Switchconfig t
• Switch(config)vlan 2
• Switch(config-vlan)name Sales
• Switch (config-vlan)vlan 3
• Switch (config-vlan)name Marketing
• Switch(config)interface FastEthernet 0/1-24
• Switch(config-if)switchport mode access
• Switch(config-if)switchport access vlan 2

36
Configuration Switch 2950,2960

• Config trunk
• Switchconfig terminal
• Switch(config)interface fastethernet 0/3
• Switch(config-if)switchport mode trunk
• Switch(config-if)switchport trunk encapsulation
  dot1q ,isl
• ???????? Switch 2960 ????? set ???? trunk ???
  encapsulation ?????? dot1q ???????? ??????????
  set switchport trunk encapsulation dot1q

Cisco only
37
Configuration Switch 2950,2960

• VLAN Trunking Protocol (VTP)
• Switchvlan database
• Switch(vlan)vtp server, client , transparent
• Switch(vlan)vtp domain jodoi
• Switch(vlan)vtp password password
• ????
• Switchconfig ter
• Switch(vlan)vtp mode server, client ,
  transparent
• Switch(vlan)vtp domain jodoi
• Switch(vlan)vtp password password
• Switchshow vtp status

38
Configuring IP Phone Voice Traffic

• Switchconfigure t
• Switch(config)mls qos
• Switch(config)interface f0/1
• Switch(config-if)switchport priority extend ?
• cos Override 802.1p priority of devices on
  appliance
• trust Trust 802.1p priorities of devices on
  appliance
• Switch(config-if)switchport priority extend
  trust
• Switch(config-if)mls qos trust cos
• Switch(config-if)switchport voice vlan do1p
• Switch(config-if)switchport mode access
• Switch(config-if)switchport access vlan 3
• Switch(config-if)switchport voice vlan 10

39
Configuring Inter-VLAN Routing
40
Configuring Inter-VLAN Routing
41
???????? config ?? router
42
Lab 1
PC1 ip 192.168.1.1/24 in vlan2 PC2 ip
192.168.1.2/24 in vlan3 PC3 ip 192.168.1.3/24
in vlan4 PC4 ip 192.168.1.4/24 in vlan5
PC5 ip 192.168.1.5/24 in vlan2 PC6 ip
192.168.1.6/24 in vlan3 PC7 ip 192.168.1.7/24
in vlan4 PC8 ip 192.168.1.8/24 in vlan5
43
Lab 2
PC1 ip 192.168.1.1/24 in vlan2 PC2 ip
192.168.1.2/24 in vlan3 PC3 ip 192.168.1.3/24
in vlan4 PC4 ip 192.168.1.4/24 in vlan5
PC5 ip 192.168.1.5/24 in vlan2 PC6 ip
192.168.1.6/24 in vlan3 PC7 ip 192.168.1.7/24
in vlan4 PC8 ip 192.168.1.8/24 in vlan5
44
Wide Area Networks

• Wan Connection
• lease line ? HDLC ,PPP ? Sync
• Circuit Switch (isdn) ? HDLC ,PPP ? Async
• Packet Switch ? Frame Relay ? Sync
• Cell Switch ? ATM ? Async
• DTE ? Data terminal equipment ??????
• DCE ? Data Circuit equipment ???????
• Show controller Serial 0 ???????????????????
  DTE ???? DCE

2 ???????? cisco
45
Configuration Router
router
DTE
DCE
CSU
DSU
Configinterface serial 0 configip address
10.10.10.2 255.255.255.0 configclock rate
64000 configencapsulation hdlc
Configinterface serial 0 configip address
10.10.10.1 255.255.255.0 configbandwidth
64 configencapsulation hdlc
Show controller Serial 0 ???????????????????
DTE ???? DCE
46
PPP Authentication Protocols

• Passwords sent in clear text
• Peer in control of attempts

47
Challenge Handshake Authentication Protocol

• Hash values, not actual passwords, are sent
  across link.
• The local router or external server is in control
  of attempts.

48
Configuration Router
pap
R1
R2
S0
S0
Configusername R1 password cisco Configinterface
S0 Config-ifencapsulation ppp Config-ifppp pap
sent-username R2 password 3com
Configusername R2 password 3com Configinterface
S0 Config-ifencapsulation ppp Config-ifppp pap
sent-username R1 password cisco
debug ppp authen no debug all Username
?????????????????? ??? password ????
49
Configuration Router
chap
R1
R2
S0
S0
Chap password ??????????
Configusername R2 password cisco Configinterface
S0 Config-ifencapsulation ppp Config-ifppp
authen chap
Configusername R1 password cisco Configinterface
S0 Config-ifencapsulation ppp Config-ifppp
authen chap
Chap username ??????????? hostname ??? password
???? 2 ??????????????