CBT IT Certification Training

Unlimited IT Certification Courses via Streaming Video

Login to this site requires ssl communication.
Click here to reload the page over ssl.

  • Lost your password?

  • Back to login
Loading
Login to this site requires ssl communication.
Click here to reload the page over ssl.

  • Lost your password?

  • Back to login
Loading
  • Home
  • Courses
        • Amazon
          • Solutions Architect
          • SysOps Associate
        • CompTIA
          • CASP+
          • Cloud Essentials
          • CySA+
          • Data+
          • Linux+
          • Network+
          • PenTest+
          • Project+
          • Security+
        • Juniper
          • JNCIA-Junos
          • JNCIA-SEC
          • JNCIS-ENT
          • JNCIS-SEC
        • Wireshark
          • WCNA
        • Career
          • How to Break into IT
          • IT Freelancing
          • Ace Your IT Exams
        • DevOps
          • DevOps Foundations
          • Docker Basics
        • Linux
          • CompTIA Linux+
          • Linux LPI Essentials
          • Linux LPIC-1
          • Linux LPIC-2
          • Linux LPIC-3 Security
          • Red Hat RHCSA
        • TCP-IP
          • IP Subnetting
          • IPv6 Associate
          • IPv6 Professional
          • IPv6 Expert
        • Python
          • PCEP
          • PCAP
        • Cisco
          • CCNA Primer
          • CCNA Exam Coaching
          • CCNA
          • CCNA CyberOps
          • DevNet Associate
          • CCNP – ENARSI
          • CCNP ENCOR Primer
          • CCNP – ENCOR
        • Google
          • Cloud Architect
        • Microsoft
          • Microsoft SQL Server
          • Windows 10
          • Windows Server 2016
          • Microsoft Security
          • Azure Fundamentals
          • Azure Administrator
          • Azure Developer
        • ITIL
          • ITIL Foundations
        • Coding Academy
          • PhP Fundamentals
          • MySQL Fundamentals
          • Web Development
          • Python For Beginners
        • EC Council
          • Certified Ethical Hacker
        • ISC2
          • SSCP
        • VMware
          • VCA Data Center
        • Wireless
          • CWNA
          • CWSP
  • Racks
    • GNS3 VM – Virtual Cisco Rack
    • Live Cisco Racks
  • Tour
  • Blog
  • Join
  • Join
  • Free IT Training
    • Free CCNA Study and Lab Guide
    • CCNA Security Study and Lab Guide
    • CompTIA Network+ Study Guide
    • CompTIA Security+ Study Guide
    • Network Design Workbook
    • Free IT Webinars
    • Free IT Exams
    • Free Labs
  • Meet the Trainers
  • Help
    • Helpdesk
    • FAQ
    • Contact Us
    • Privacy
    • Meet the Trainers
  • Products
    • IT Study Guides
  • Start $1 Trial
  • Login
  • Members
    • Account
    • Exam Coaching
    • Exams
    • Forum
    • Live Cisco Rack Training
    • Members Training
    • Member Bonuses
    • My Courses
    • Nuggets
  • Home
  • Courses
        • Amazon
          • Solutions Architect
          • SysOps Associate
        • CompTIA
          • CASP+
          • Cloud Essentials
          • CySA+
          • Data+
          • Linux+
          • Network+
          • PenTest+
          • Project+
          • Security+
        • Juniper
          • JNCIA-Junos
          • JNCIA-SEC
          • JNCIS-ENT
          • JNCIS-SEC
        • Wireshark
          • WCNA
        • Career
          • How to Break into IT
          • IT Freelancing
          • Ace Your IT Exams
        • DevOps
          • DevOps Foundations
          • Docker Basics
        • Linux
          • CompTIA Linux+
          • Linux LPI Essentials
          • Linux LPIC-1
          • Linux LPIC-2
          • Linux LPIC-3 Security
          • Red Hat RHCSA
        • TCP-IP
          • IP Subnetting
          • IPv6 Associate
          • IPv6 Professional
          • IPv6 Expert
        • Python
          • PCEP
          • PCAP
        • Cisco
          • CCNA Primer
          • CCNA Exam Coaching
          • CCNA
          • CCNA CyberOps
          • DevNet Associate
          • CCNP – ENARSI
          • CCNP ENCOR Primer
          • CCNP – ENCOR
        • Google
          • Cloud Architect
        • Microsoft
          • Microsoft SQL Server
          • Windows 10
          • Windows Server 2016
          • Microsoft Security
          • Azure Fundamentals
          • Azure Administrator
          • Azure Developer
        • ITIL
          • ITIL Foundations
        • Coding Academy
          • PhP Fundamentals
          • MySQL Fundamentals
          • Web Development
          • Python For Beginners
        • EC Council
          • Certified Ethical Hacker
        • ISC2
          • SSCP
        • VMware
          • VCA Data Center
        • Wireless
          • CWNA
          • CWSP
  • Racks
    • GNS3 VM – Virtual Cisco Rack
    • Live Cisco Racks
  • Tour
  • Blog
  • Join
  • Join
  • Free IT Training
    • Free CCNA Study and Lab Guide
    • CCNA Security Study and Lab Guide
    • CompTIA Network+ Study Guide
    • CompTIA Security+ Study Guide
    • Network Design Workbook
    • Free IT Webinars
    • Free IT Exams
    • Free Labs
  • Meet the Trainers
  • Help
    • Helpdesk
    • FAQ
    • Contact Us
    • Privacy
    • Meet the Trainers
  • Products
    • IT Study Guides
  • Start $1 Trial
  • Login
  • Members
    • Account
    • Exam Coaching
    • Exams
    • Forum
    • Live Cisco Rack Training
    • Members Training
    • Member Bonuses
    • My Courses
    • Nuggets

Configure Routers and Switches

Given a scenario, install and configure routers and switches. This section will cover the basic configuration of both routers and switches, including interface configuration (duplex, speed, and addressing), routing configuration, Network Address Translation (NAT), VLAN configuration, PoE, traffic filtering, VTP configuration, QoS, and port mirroring. Learn more in our Cisco CCNA lab and video training course.

Back to book index.

Contents hide
Router Configuration
Interface Configuration
Routing Protocols
Network Address Translation
Traffic Filtering
Quality of Service
Switch Configuration
Managed versus Unmanaged Switches
VLAN Configuration
VTP
Port Mirroring
MAC Filtering
PoE
Summary

Router Configuration

Router configuration can be very complex, and it requires knowledge about many technologies, depending on the functions that router must accomplish. However, there are some basic configuration steps that are often used in enterprise environments once a clean install has been performed on such a device:

  • Interface configuration:
    • Duplex settings
    • Speed settings
    • IP addressing
  • Static/dynamic routing configuration
  • NAT/PAT configuration
  • Traffic filtering (access control lists)
  • Quality of Service configuration

Interface Configuration

Router interfaces can be of different types, based on the following two factors:

  • Underlying technology used (e.g., Ethernet)
  • Interface bandwidth

The following are the most common router and switch interfaces used in modern enterprise networks:

  • 10Mbps (Ethernet, which is rarely used nowadays)
  • 100Mbps (FastEthernet)
  • 1Gbps (GigabitEthernet)
  • 10Gbps (TenGigabitEthernet)

In order to address a specific router interface and enter Interface Configuration mode to configure specific parameters, you must know the interface notation. This can vary based on the router manufacturer but the interface notation is usually made up of two parts:

  • Interface type (Ethernet, FastEthernet, etc.)
  • Interface slot/module and port number

For example, here are some common interface notations:

  • Ethernet1/0 (slot 1, port 0)
  • FastEthernet0/3 (slot 0, port 3)
  • GigabitEthernet0/1/1 (slot 1, module 1, port 1)
Note:     Slot 0 usually represents the built-in ports and the other slots represent extension slots that can be added at any time. Slot and port numbering usually starts at 0.

In order for a router interface to have basic functionality, you must configure the following parameters:

  • Speed
  • Duplex
  • IP address

We will exemplify these basic configuration settings on a Cisco router, as they are commonly used in modern enterprise networks. To see the available interfaces and their current state, you can issue the show ip interface brief command, as shown in the output below:

Router#show ip interface brief

Interface                  IP-Address      OK? Method Status                Protocol

FastEthernet0/0            unassigned      YES unset  administratively down down

FastEthernet0/1            unassigned      YES unset  administratively down down

From the output above, you can see that the router has two FastEthernet (100Mbps) interfaces on slot 0 and neither is configured (no IP address), and they are both administratively disabled (status: administratively down).

Before you configure interface parameters, you must enter Router Configuration mode, using the configure terminal command on Cisco devices, and then Interface Configuration mode, using the interface <interface name> command. The first step in the interface configuration process is enabling the interface. For our purposes, we will focus on interface FastEthernet0/0, which can be enabled using the no shutdown command.

Router#configure terminal

Enter configuration commands, one per line.  End with CNTL/Z.

Router(config)#interface Fast

Router(config)#interface FastEthernet0/0

Router(config-if)#no shut

Router(config-if)#no shutdown

Router(config-if)#

*Mar  1 00:32:05.199: %LINK-3-UPDOWN: Interface FastEthernet0/0, changed state to up

*Mar  1 00:32:06.199: %LINEPROTO-5-UPDOWN: Line protocol on Interface FastEthernet0/0, changed state to up

The next configuration step involves setting up speed and duplex settings. These parameters must match at both ends of the link, and they can also be auto-negotiated by the device. A Gigabit interface can usually work at 10Mbps, 100Mbps, or 1000Mbps, depending on the device it connects to. Speed is configured using the speed command in Interface Configuration mode. In order to see the command’s available parameters, you can use the ? symbol after the first part of the command, as shown in the output below:

Router(config-if)#speed ?

10    Force 10Mbps operation

100   Force 100Mbps operation

auto  Enable AUTO speed configuration

From the configuration output above, you can see that there are three speed configuration options for the FastEthernet interface:

  • Operating at 10Mbps
  • Operating at 100Mbps
  • Auto-negotiation (selects maximum bandwidth based on the capabilities at both ends of the link)

Duplex configuration describes the router interface’s capability to send and receive traffic. Full-duplex interfaces can send and receive traffic at the same time, on different copper cable pairs, because the traffic is separated so there is no need for collision detection which is required when using hubs. Half-duplex is usually used when connecting to a hub, and it involves sending or receiving traffic but not at the same time. As with interface speed configuration, duplex can be auto-negotiated between the two ends of a link. The duplex configuration options on a Cisco router interface can be seen in the output below:

Router(config-if)#duplex ?

auto  Enable AUTO duplex configuration

full  Force full duplex operation

half  Force half-duplex operation

Because a router is a Layer 3 device, each interface must be assigned an IP address using the ip address <ip> <subnet> interface configuration command, as exemplified below:

Router(config)#interface FastEthernet0/0

Router(config-if)#ip address 192.168.1.1 255.255.255.00

After the router interface configuration is complete, you can verify the settings by inspecting the full interface-configured parameters using the show interfaces [name] command on Cisco routers, as shown in the output below:

Router#show interfaces FastEthernet0/0

FastEthernet0/0 is up, line protocol is up

Hardware is Gt96k FE, address is c200.0814.0000 (bia c200.0814.0000)

Internet address is 192.168.1.1/24

MTU 1500 bytes, BW 10000 Kbit/sec, DLY 1000 usec,

reliability 255/255, txload 1/255, rxload 1/255

Encapsulation ARPA, loopback not set

Keepalive set (10 sec)

Half-duplex, 10Mb/s, 100BaseTX/FX

ARP type: ARPA, ARP Timeout 04:00:00

Last input never, output 00:00:06, output hang never

Last clearing of “show interface” counters never

Input queue: 0/75/0/0 (size/max/drops/flushes); Total output drops: 0

Queueing strategy: fifo

<output missing>

Routing Protocols

Comprehensive details about different routing techniques and protocols were presented in Chapter 4 of this book. Routing is a two-step process that involves learning information about available networks and then making Layer 3 forwarding decisions for different packets.

Routing information can be learned in the following two ways:

  • Static routing
  • Dynamic routing

Static routing involves manually entering information about available networks. On Cisco routers, this is done using the ip route command, as exemplified below:

Router(config)#ip route 10.10.10.0 255.255.255.0 192.168.1.2

The command above basically indicates that the router can reach the 10.10.10.0/24 network using the next hop of 192.168.1.2. Another form of the command involves using an output interface rather than a next-hop IP address, as shown below:

Router(config)#ip route 10.10.10.0 255.255.255.0 FastEthernet0/1

A special case of a static route is the default route, which sets a next hop for all traffic that does not have a more explicit route present in the routing table. A sample default route configuration is presented below:

Router(config)#ip route 0.0.0.0 0.0.0.0 192.168.1.2

On the other hand, using dedicated routing protocols allows dynamic learning of network prefixes from neighbor routers by exchanging routing protocol messages. A sample OSPF configuration is presented below:

Router(config)#router ospf 10

Router(config-router)#router-id 192.168.1.100

Router(config-router)#network 192.168.1.0 0.0.0.255 area 0

Router(config-router)#passive-interface FastEthernet0/1

The configuration above enabled routing protocol OSPF with the process number 10, assigned a router id, enabled OSPF functionality on the interfaces that are part of the 192.168.1.0/24 network for OSPF Area 0, and disabled OSPF functionality on interface FastEthernet0/1 by configuring it as a passive interface.

After the router is configured with static or default routing, the routing table begins to populate; you can see the learned or manually configured routes by issuing the show ip route command, as illustrated in the output below:

Router#show ip route

Codes: C – connected, S – static, R – RIP, M – mobile, B – BGP

D – EIGRP, EX – EIGRP external, O – OSPF, IA – OSPF inter area

N1 – OSPF NSSA external type 1, N2 – OSPF NSSA external type 2

E1 – OSPF external type 1, E2 – OSPF external type 2

i – IS-IS, su – IS-IS summary, L1 – IS-IS level-1, L2 – IS-IS level-2

ia – IS-IS inter area, * – candidate default, U – per-user static route

o – ODR, P – periodic downloaded static route

 

Gateway of last resort is 192.168.1.2 to network 0.0.0.0

 

10.0.0.0/24 is subnetted, 1 subnets

S       10.10.10.0 [1/0] via 192.168.1.2

C    192.168.1.0/24 is directly connected, FastEthernet0/0

S*   0.0.0.0/0 [1/0] via 192.168.1.2

In the configuration sample above, there are three routes present in the routing table:

  • Static route 10.10.10.0, reachable via 192.168.1.2
  • Connected route 192.168.1.0/24, assigned to the FastEthernet0/0 interface
  • Static default route pointing to 192.168.1.2
Note:     The default route on a Cisco router is also called the gateway of last resort and its functionality is similar to a default gateway on a PC.

Network Address Translation

Network Address Translation (NAT) is a technique used to modify IP address information in the IP header while the packet traverses a router. This is often done in conjunction with using a private addressing space (RFC 1918) on the Local Area Network (LAN). Service providers do not allow packets that come from the private address ranges to reach the Internet because the same address can be used by multiple enterprise networks.

A solution to this issue and to allow machines that have private addresses to access Internet resources is allocating a public IP address (or a pool of addresses) to the specific enterprise and translate the internal addresses into a public address as traffic leaves the network, as depicted in Figure 8.1 below:

NAT Example

Figure 8.1 – NAT Example 

PC 1 cannot access the Internet unless specific NAT policies are configured on the router to translate the internal address into a public allocated address (80.80.80.2 in this case).

Basic NAT functionality works by mapping a single internal address to an external address, like in the configuration example below:

Router(config)#interface FastEthernet0/0

Router(config-if)#ip address 192.168.1.1 255.255.255.0

Router(config-if)#ip nat inside

Router(config)#interface FastEthernet0/1

Router(config-if)#ip address 80.80.80.2 255.255.255.252

Router(config-if)#ip nat outside

Router(config)#ip nat inside source static 192.168.1.11 interface fastEthernet0/1

The output above defines interface FastEthernet0/0 as an inside interface and interface FastEthernet0/1 as an outside interface from the NAT mechanism’s perspective. The last statement defines the translation of the single inside private address (PC 1) to the interface FastEthernet0/1 public address (80.80.80.2).

Although standard NAT functionality performs its intended use, it does not help to conserve public IP space, as multiple internal hosts require multiple public IP addresses to access the Internet. Port Address Translation (PAT) overcomes this issue by allowing multiple private internal addresses to be associated with a single public address. The traffic session tracking is accomplished by associating each traffic flow with a unique port number. A PAT configuration example is shown below. Note the overload command which tells the router to use PAT:

Router(config)#interface FastEthernet0/0

Router(config-if)#ip address 192.168.1.1 255.255.255.0

Router(config-if)#ip nat inside

Router(config)#interface FastEthernet0/1

Router(config-if)#ip address 80.80.80.2 255.255.255.252

Router(config-if)#ip nat outside

Router(config)#access-list 100 permit ip 192.168.1.0 0.0.0.255 any

Router(config)#ip nat inside source list 100 interface fastEthernet0/1 overload

The configuration above mirrors the standard NAT example, with an important difference: the NAT statement does not reference a single internal private address but instead an access control list, which permits the entire internal subnet (192.168.1.0/24). This way, all internal hosts (including PC 1 and PC 2) can access the Internet by having their private addresses translated to the single 80.80.80.2 public address and keeping track of the sessions using port numbers.

After traffic is generated, you can inspect the NAT rules being applied by issuing the show ip nat translations command on Cisco routers.

Note:     PAT is also called NAT overload.

Traffic Filtering

Traffic filtering configuration on routers allows you to restrict certain traffic types from passing through the device. Those traffic types can be selected based on multiple factors, including:

  • Traffic source
  • Traffic destination
  • Protocol

The first step in traffic filtering configuration is defining what type of traffic you want to block and then applying the rule on a specific interface. On Cisco routers this is accomplished using access control lists (ACLs). The configuration example below restricts any ICMP traffic from exiting the router on interface FastEthernet0/1:

Router(config)#ip access-list extended 100

Router(config-ext-nacl)#deny icmp any any

Router(config-ext-nacl)#permit ip any any

Router(config-ext-nacl)#exit

Router(config)#interface fastEthernet0/1

Router(config-if)#ip access-group 100 out

The configuration example above creates an ACL that denies ICMP traffic from any source to any destination (meaning all possible combinations) and then allows any other IP traffic. The order of the statements is important because they are executed from top to bottom. If you inversed the statements, first permitting any IP traffic and then denying ICMP traffic, the rule would have no effect because all the traffic would have matched the first statement. The last step is applying the ACL on an interface in the desired direction.

Note:     A router interface can be configured with a single ACL per direction per protocol.

Quality of Service

Quality of Service (QoS) techniques are often used in Wide Area Networks (WANs) because the bandwidth characteristics are usually low compared to those present on the LAN side. This bandwidth difference that packets experience when traffic is sent from a high-bandwidth LAN environment to a low-bandwidth WAN environment can cause congestion, which leads to the application not behaving the way it should (e.g., dropped packets, latency issues, etc.).

QoS mechanisms will be covered in detail in Chapter 26 but briefly they include the following:

  • Traffic shaping and policing: Traffic shaping is a process that tries to control the way in which traffic is sent by buffering excess packets. Traffic policing, on the other hand, will drop or re-mark (penalize) packets that exceed a given rate.
  • Congestion management: This QoS mechanism involves queuing. Applying queuing techniques means using other techniques than the default FIFO (First In First Out) method, including priority queuing, custom queuing, and weighted fair queuing.
  • Congestion avoidance: When both the hardware and the software queues fill up, you will have a tail drop at the end of the queue, which can lead to voice traffic starvation and/or to TCP global synchronization. Using congestion avoidance techniques guard against global synchronization problems. The most popular congestion avoidance mechanism is called Random Early Detection (RED).
  • Link efficiency mechanisms: These include compression and link fragmentation and interleaving (LFI).

QoS techniques are most effective on bursty WAN connections, typically in Frame Relay environments where committed information rates and burst rates are usually specified in the contract. Traffic bursts occur when large packets are sent over the network or when the network is very busy during certain periods of the day. QoS techniques should be mandatory if the enterprise uses any kind of delay-sensitive applications, for example, applications that must function in real-time (e.g., presentations over the Internet or video training sessions).

QoS mechanisms are most often applied on links that carry VoIP traffic, because that type of traffic is very sensitive to latency variations and can be influenced by other larger packets when the link experiences congestion.

Basically, QoS involves unfair treatment of packets on the network, based on the priority and importance you assign on different traffic flows. To exemplify a QoS configuration, consider the topology depicted in Figure 8.2 below:

QoS Topology Example

Figure 8.2 – QoS Topology Example 

The objective is to prioritize critical traffic from the application server going out to the Internet by guaranteeing 70% of the available bandwidth in case of congestion. The configuration that achieves this is presented below:

Router(config)#access-list 100 permit ip host 192.168.1.11 any

Router(config-cmap)#class-map APP_SRV

Router(config-cmap)#match access-group 100

Router(config)#policy-map POLICY_APP_SRV

Router(config-pmap)#class APP_SRV

Router(config-pmap-c)#bandwidth percent 70

Router(config)#interface FastEthernet0/1

Router(config-if)#service-policy out POLICY_APP_SRV

The proposed configuration starts by defining the traffic that is subject to preferential QoS treatment and this is accomplished using an ACL that matches any IP traffic originated by 192.168.1.11 (the application server).  Then, a class map is created that matches the previously defined ACL. The class map is referenced into a policy map, which is where the QoS mechanism is defined, in this case guaranteeing 70% of interface bandwidth to traffic originating from the application server if there is any congestion. The defined policy map is applied outbound on the FastEthernet0/1 interface (facing the Internet) as the last step of the configuration process, thus completing the scenario and ensuring that the application server traffic is treated with preference outbound from the Internet connection.

Note:     QoS policies should be designed and configured based on application requirements.

Switch Configuration

Basic switch interface configuration is similar in many ways to router interface configuration, as defined previously in this chapter. However, switches offer Layer 2 functionalities that routers do not, including:

  • Separating traffic using VLANs
  • VTP technology
  • Port mirroring
  • MAC filtering
  • Power over Ethernet (PoE)

Managed versus Unmanaged Switches

There are two types of switches that you can purchase: unmanaged and managed. Unmanaged switches have the following characteristics:

  • Low cost
  • All ports are placed in the same VLAN
  • You cannot configure anything on them
  • Generally used by home users and small companies
  • Usually “plug and play”

On the other hand, managed switches have the following properties:

  • Usually more expensive than unmanaged switches
  • Can be configured via either a command line interface or a Web console
  • Can be remotely managed
  • Can support advanced features like VLAN, port mirroring, Layer 2 traffic filtering, and QoS mechanisms
  • Usually used in enterprise-level networks

VLAN Configuration

Virtual LAN (VLAN) switching logic and mechanisms have been covered in detail in Chapter 2 and Chapter 4 so we will not go into much detail here. We will instead focus on the configuration aspects of a regular managed switch, taking as an example a Cisco switch, which is commonly used in enterprise networks.

On Cisco IOS-based switches, a VLAN is configured using the vlan <id> command and a name can be assigned in vlan Configuration mode, as shown below:

Switch(config)#vlan 10

Switch(config-vlan)#name SERVER_FARM

Switch(config-vlan)#exit

When a switch port is connected to a workstation or a server, that port is usually configured in Access mode and it carries a single VLAN. A sample configuration is presented below:

Switch(config)#interface FastEthernet1/1

Switch(config-if)#switchport mode access

Switch(config-if)#switchport access vlan 10

On the other hand, switch ports that connect to other switches might need to be configured as trunks to carry traffic from multiple VLANs, as presented in the configuration output below:

Switch(config)#interface FastEthernet1/2

Switch(config-if)#switchport mode trunk

Switch(config-if)#switchport trunk encapsulation dot1q

Switch(config-if)#switchport trunk allowed vlan 10,20,30

After defining the port as a trunk, you can define the encapsulation method, which can be dot1q or ISL on Cisco switches (although Cisco are deprecating support for ISL). Dot1q encapsulation is usually used in multivendor environments. The last step is defining the VLANs that are allowed on the particular trunk. If you skip the allowed vlan command, all VLANs will be permitted on the link. All the trunking parameters should match on both sides of the link.

Note:     If you try to assign a VLAN to a port that was not previously defined, the VLAN will usually be created automatically by the switch but this depends on the vendor and the switch software.

VTP

VLAN trunking protocol (VTP) is a Cisco proprietary protocol that is used to reduce administration in a switched network by distributing a VLAN configured on a device throughout the network. This reduces the need to configure the same VLAN on every switch in the network. VTP configuration parameters on a Cisco switch are presented in the output below:

Switch(config)#vtp ?

domain     Set the name of the VTP administrative domain.

file       Configure IFS filesystem file where VTP configuration is stored.

interface  Configure interface as the preferred source for the VTP IP updater

address.

mode       Configure VTP device mode

password   Set the password for the VTP administrative domain

pruning    Set the administrative domain to permit pruning

version    Set the administrative domain to VTP version

Switches that should exchange VLAN information must be configured with the following identical parameters:

  • VTP domain
  • VTP password
  • VTP version

Switches can operate in three VTP modes:

  • Server mode: VLANs for the entire VTP domain can be created, modified, and deleted. Switches in this mode advertise and synchronize their VLAN configuration with other switches in the same domain.
  • Client mode: This is the same as server mode, except that VLANs cannot be created, changed, or deleted.
  • Transparent mode: Switches in VTP transparent mode do not participate in VTP (they do not advertise and synchronize their VLAN information).

A sample VTP configuration is presented below:

Switch(config)#vtp mode server

Switch(config)#vtp domain Network+

Switch(config)#vtp version 2

To verify a Cisco switch VTP configuration, you can issue the show vtp status command, as shown below:

Switch#show vtp status

VTP Version                     : 2

Configuration Revision          : 3

Maximum VLANs supported locally : 36

Number of existing VLANs        : 6

VTP Operating Mode              : Server

VTP Domain Name                 : Network+

VTP Pruning Mode                : Disabled

VTP V2 Mode                     : Enabled

VTP Traps Generation            : Disabled

MD5 digest                      : 0xC3 0xBD 0x67 0x2C 0x5C 0x62 0x66 0xE7

Configuration last modified by 0.0.0.0 at 3-1-02 00:38:00

Local updater ID is 0.0.0.0 (no valid interface found)

An important parameter presented in the output above is the VTP revision number. This number increases each time a VLAN change is made on the device. The switch with the highest revision number dictates the VTP configuration in a network because it is assumed that it has the latest VLAN information.

Note:     When you first install a new Cisco switch into the network, the recommendation is to configure it in VTP transparent mode to avoid possible problems that can happen if that switch has a higher revision number than any other switch (this can lead to VLAN deletion and modification across the network).

Port Mirroring

Port mirroring is a technique that allows a switch port to send a copy of every packet that goes through it to another port. It is generally used either to see the traffic that passes through a switch port or to direct it via another port to a device that collects traffic (e.g., a call recording server in a VoIP environment).

Port mirroring on Cisco devices is called Switched Port Analyzer (SPAN), and it is configured as presented in the output below:

Switch(config)#monitor session 1 source interface FastEthernet1/1

Switch(config)#monitor session 1 destination interface FastEthernet1/2

Specific configuration statements are used to define the source and destination port for a particular monitoring session (defined by a numerical id). The monitoring source can be either a physical interface or a VLAN.

By default, both the transmitted and the received traffic on the source interface is cloned on the destination interface, but you can change this by using a special keyword at the end of the configuration statement, as presented in the output below:

Switch(config)#monitor session 1 source interface FastEthernet1/1 ?

,     Specify another range of interfaces

–     Specify a range of interfaces

both  Monitor received and transmitted traffic

rx    Monitor received traffic only

tx    Monitor transmitted traffic only

  • The both keyword captures both received and transmitted traffic
  • The rx keyword captures received traffic
  • The tx keyword captures transmitted traffic

MAC Filtering

MAC filtering functionality is usually available on high-end switch models and has similar functionality to access control lists on routers, except it functions at Layer 2. A sample MAC filtering configuration on a Cisco switch is presented below:

Switch(config)#mac access-list extended MAC_FILTER

Switch(config-ext-macl)#deny host 0000.0000.1111 any

Switch(config-ext-macl)#permit any any

Switch(config-ext-macl)#exit

Switch(config)#interface FastEthernet1/3

Switch(config-if)#mac access-group MAC_FILTER in

The first step in the configuration output presented above is to define a MAC ACL that denies the MAC addresses that are filtered and permits everything else. In this case, traffic sourced by MAC address 0000.0000.1111 is blocked. After the MAC ACL is defined, you can apply it on an interface in the inbound or outbound direction (inbound in the output above).

PoE

Power over Ethernet (PoE) is a technology that allows switches to pass electrical power along with data on Ethernet cables. This is usually done on the four extra wires in UTP cables, the ones that are not used for data transmission.

PoE is generally used to power up non-critical network devices in order to reduce cabling necessities in the office. Such devices include:

  • IP phones
  • Video conferencing cameras
  • Surveillance cameras
  • Wireless access points

PoE is supported only on special switch models, which are usually more expensive. On a Cisco switch PoE can be configured in Interface Configuration mode using the power inline command (this is on by default but can be disabled using the no power inline command).

Switch(config)#interface FastEthernet4/1

Switch(config-if)#power inline auto

PoE is defined as a standard in IEEE 802.3af.

Summary

Router configuration can be very complex and can require knowledge about many technologies, depending on the functions that router must accomplish. However, there are some basic configuration steps that are often used in enterprise environments once a clean install on such a device is performed:

  • Interface configuration:
    • Duplex settings
    • Speed settings
    • IP addressing
  • Static/dynamic routing configuration
  • NAT/PAT configuration
  • Traffic filtering (access control lists)
  • Quality of Service configuration

Basic switch interface configuration is similar in many ways to router interface configuration. However, switches offer Layer 2 functionalities that routers do not, including:

  • Separating traffic using VLANs
  • VTP technology
  • Port mirroring
  • MAC filtering
  • Power over Ethernet (PoE)

Cisco router configuration guide.

Configure routers and switches in our 101 Labs – CompTIA Network+ book.

comptia network+ lab book - 101 labs

content-filler

ABOUT US

This site has been created to help you make the best out of your IT career. Whether you are trying to get your first job, get promoted, or start your own IT business, we have a course for you.

MOST POPULAR

  • Account
  • Forum
  • Live Cisco Rack Training
  • Members Training
  • Member Bonuses
  • My Courses

Members

  • Account
  • Forum
  • Live Cisco Rack Training
  • Members Training
  • Member Bonuses
  • My Courses

Newsletter

Secure Site

website security secure

Copyright Reality Press Ltd . / Paul Browning

Insert/edit link

Enter the destination URL

Or link to existing content

    No search term specified. Showing recent items. Search or use up and down arrow keys to select an item.