Implementing Cisco IP Switched Networks (SWITCH) Foundation Learning Guide

Cisco Press
Richard Froom / Erum Frahim  
Total pages
May 2015
Related Titles

Product detail

Product Price CHF Available  
Implementing Cisco IP Switched Networks (SWITCH) Foundation Learning Guide
82.30 approx. 7-9 days


As part of the Cisco Press Self-Study series, Implementing Cisco IP Switched Networks (SWITCH) Foundation Learning Guide provides early and comprehensive foundation learning for the CCNP SWITCH 300-115 exam. The book is an intermediate-level text, which assumes that readers have been exposed to beginner-level networking concepts contained in the CCNA (ICND1 and ICND2) certification curriculum. No previous exposure to the CCNP level subject matter is required, so the book provides a great deal of detail on the topics covered.


  • An introduction to switched network construction, support, and security for the CCNP SWITCH 300-115
  • Unique content developed in conjunction with Learning@Cisco, the developers of the new CCNP Implementing Cisco Switched Networks recommended course and CCNP SWITCH exam
  • Includes self-assessment review questions, chapter objectives and summaries, key term definitions, and case studies

New to this Edition

This revision to the popular Authorized Self-Study Guide format for Advanced Switching at the Professional level is fully updated to include complete coverage of the new Implementing Cisco Switched Networks (SWITCH) course.

Table of Contents

Introduction xx

Chapter 1 Fundamentals Review 1

Switching Introduction 2

  Hubs and Switches 2

  Bridges and Switches 2

  Switches of Today 3

  Broadcast Domains 3

  MAC Addresses 4

  The Basic Ethernet Frame Format 4

  Basic Switching Function 5

  VLANs 6

  The Spanning Tree Protocol 6

  Trunking 7

  Port Channels 7

  Multilayer Switching 8

Summary 8

Chapter 2 Network Design Fundamentals 9

Campus Network Structure 9

  Hierarchical Network Design 10

  Access Layer 12

  Distribution Layer 13

  Core Layer (Backbone) 14

  Layer 3 in the Access Layer 17

  The Cisco Enterprise Campus Architecture 19

  The Need for a Core Layer 20

Types of Cisco Switches 22

  Comparing Layer 2 and Multilayer Switches 24

  MAC Address Forwarding 24

  Layer 2 Switch Operation 25

  Layer 3 (Multilayer) Switch Operation 26

  Useful Commands for Viewing and Editing Catalyst Switch MAC Address Tables 27

  Frame Rewrite 28

  Distributed Hardware Forwarding 28

  Cisco Switching Methods 29

  Route Caching 30

  Topology-Based Switching 31

  Hardware Forward Details 33

Study Tips 34

Summary 34

Review Questions 35

Chapter 3 Campus Network Architecture 41

Implementing VLANs and Trunks in Campus Environment 41

  VLAN Overview 42

  VLAN Segmentation 44

  End-to-End VLANs 44

  Local VLANs 45

  Comparison of End-to-End VLANs and Local VLANs 46

  Mapping VLANs to a Hierarchical Network 47

  Implementing a Trunk in a Campus Environment 49

  Understanding Native VLAN in 802.1Q Trunking 52

  Understanding DTP 53

VLAN Ranges and Mappings 54

  Configuring, Verifying, and Troubleshooting VLANs and Trunks 55

  Verifying the VLAN Configuration 57

  Configuring VLANs and Trunks 61

  Best Practices for VLANs and Trunking 65

  Voice VLAN Overview 67

Switch Configuration for Wireless Network Support 69

VLAN Trunking Protocol 70

  VTP Overview 70

  VTP Modes 71

  VTP Versions 73

  VTP Pruning 74

  VTP Authentication 75

  VTP Advertisements 75

  VTP Messages Types 77

  Summary Advertisements 77

  Subset Advertisements 77

  Configuring and Verifying VTP 78

  Overwriting VTP Configuration (Very Common Issue with VTP) 87

  Best Practices for VTP Implementation 93

Implementing EtherChannel in a Switched Network 94

  The Need for EtherChannel 94

  EtherChannel Mode Interactions 97

  LACP 97

  PAgP 98

  Layer 2 EtherChannel Configuration Guidelines 99

  EtherChannel Load-Balancing Options 100

  Configuring EtherChannel in a Switched Network 102

  EtherChannel Configuration and Load Balancing 103

  EtherChannel Guard 108

Study Tips 109

Summary 110

Review Questions 110

Chapter 4 Spanning Tree in Depth 119

Spanning Tree Protocol Overview 120

  STP Need 120

  STP Standards 121

  STP Operations 122

  Bridge Protocol Data Units 124

  Root Bridge Election 124

  Root Port Election 126

  Designated Port Election 128

  STP Port States 129

  Per-VLAN STP Plus (PVST+) 130

  STP Topology Changes 131

Rapid Spanning Tree Protocol 133

  RSTP Port Roles 134

  Comparison of RSTP and STP Port States 135

  RSTP Topology Changes 136

  RSTP Link Types 138

  Configuring and Modifying STP Behavior 140

  Changing STP Priority 143

  STP Path Manipulation 145

  STP Timers 148

Implementing STP Stability Mechanisms 151

  Use UplinkFast 153

  Use BackboneFast 154

  Use PortFast 156

  Securing PortFast Interface with BPDU Guard 158

  Disabling STP with BPDU Filter 159

  Use Root Guard 161

  Loop Guard Overview 164

  Use UDLD 166

  UDLD Recommended Practices 170

  Use FlexLinks 171

  STP Stability Mechanisms Recommendations 175

Configuring Multiple Spanning Tree Protocol 179

  Introducing MST 179

  MST Regions 182

  STP Instances with MST 183

  Extended System ID for MST 185

  Configuring and Verifying MST 185

  Configuring MST Path Cost 192

  Configuring MST Port Priority 193

  MST Protocol Migration 194

  MST Recommended Practices 194

Troubleshooting STP 196

  Potential STP Problems 196

  Duplex Mismatch 196

  Unidirectional Link Failure 197

  Frame Corruption 197

Resource Errors 198

  PortFast Configuration Errors 198

Study Tips 198

Summary 199

Review Questions 200

Chapter 5 Inter-VLAN Routing 203

Describing Inter-VLAN Routing 204

  Introduction to Inter-VLAN Routing 204

  Inter-VLAN Routing Using an External Router 206

  Configuring Inter-VLAN Routing Using an External Router 207

  Routing with an External Router 208

  External Routers: Advantages Disadvantages 211

  Inter-VLAN Routing Using Switch Virtual Interfaces 212

  SVI: Advantages and Disadvantages 214

  Routing with Routed Ports 214

  Routed Ports: Advantages 215

  Configuring Inter-VLAN Routing Using SVI and Routed Ports 216

  Routing on a Multilayer Switch 217

  Using the SVI autostate exclude Command 220

  SVI Configuration Checklist 221

  Troubleshooting Inter-VLAN Problems 222

  Example of a Troubleshooting Plan 223

Layer 2 Versus Layer 3 EtherChannel 225

  Layer 3 EtherChannel Configuration 226

  Verifying Routing Protocols 229

Implementing DHCP 231

  DHCP Overview 231

  Configuring DHCP in Multilayer Switched Network 233

  Configuring a DHCP Relay 239

  Configuring DHCP Options 239

Study Tips 240

Summary 241

Review Questions 242

Chapter 6 First-Hop Redundancy 247

Overview of FHRP and HSRP 247

  The Need for First-Hop Redundancy 248

  HSRP Overview 250

  HSRP State Transition 253

  Aligning HSRP with STP Topology 254

  Configuring and Tuning HSRP 255

  Forwarding Through the Active Router 257

  Load Sharing with HSRP 263

  The Need for Interface Tracking with HSRP 265

  HSRP Interface Tracking 266

  HSRP and Object Tracking 268

  Configuring HSRP Authentication 271

  Tuning HSRP Timers 272

  HSRP Versions 274

Configuring Layer 3 Redundancy with VRRP 274

  About VRRP 275

  Configuring VRRP and Spotting the Differences from HSRP 276

  VRRP and Authentication 279

  Tracking and VRRP 280

  Configuring Layer 3 Redundancy with GLBP 282

  Introducing GLBP 282

  Comparing GLPB to HSRP 283

  GLBP States 284

  Configuring and Verifying GLBP 285

  GLBP Load-Balancing Options 294

  GLBP Authentication 295

  GLBP and STP 295

  Tracking and GLBP 296

Study Tips 300

Summary 301

References 301

Review Questions 302

Chapter 7 Network Management 305

AAA 305

  Authentication Options 307

  RADIUS and TACACS+ Overview 308

  RADIUS Authentication Process 309

  TACACS+ Authentication Process 310

  Configuring AAA 311

  Configuring RADIUS for Console and vty Access 311

  Configuring TACACS+ for Console and vty Access 312

  AAA Authorization 313

  AAA Accounting 314

  Limitations of TACACS+ and RADIUS 315

Identity-Based Networking 316

  IEEE 802.1X Port-Based Authentication Overview 316

  IEEE 802.1X Configuration Checklist 318

Network Time Protocols 319

  The Need for Accurate Time 320

  Configuring the System Clock Manually 320

  Network Time Protocol Overview 323

NTP Modes 324

  Other NTP Configuration Options 326

  NTP Example 326

  NTP Design Principles 329

  Securing NTP 331

  NTP Source Address 333

  NTP Versions 333

  SNTP 335

  PTP/IEEE-1588 336

SNMP 336

  SNMP Overview 337

  SNMP Versions 339

  SNMP Best Practices 339

  SNMPv3 Configuration Example 340

Verifying SNMP Version 3 Configuration 342

Study Tips 344

Summary 345

Review Questions 345

Chapter 8 Switching Features and Technologies for the Campus Network 351

Discovery Protocols 352

  Introduction to LLDP 352

  Basic Configuration of LLDP 353

  Discovering Neighbors Using LLDP 355

Unidirectional Link Detection 357

  UDLD Mechanisms and Specifics 358

  UDLD Configuration 358

  Leveraging UDLD and STP Loop Guard Together 360

Power over Ethernet 360

  PoE Components 362

  PoE Standards 362

  PoE Negotiation 362

  Configuring and Verifying PoE 363

SDM Templates 364

  SDM Template Types 365

  Choosing the Right SDM Template 367

  System Resource Configuration on Other Platforms 367

Monitoring Features 368

  SPAN and RSPAN Overview 368

  SPAN Configuration 371

  RSPAN Configuration 372

IP SLA 374

  Introduction to IP SLA 375

  IP SLA Source and Responder 377

  IP SLA Configuration 377

  IP SLA Operation with Responder 379

  IP SLA Time Stamps 381

  Configuring Authentication for IP SLA 382

  IP SLA Example for UDP Jitter 383

Study Tips 384

Summary 385

Review Questions 385

Chapter 9 High Availability 393

The Need for Logical Switching Architectures 394

What Is StackWise? 395

  StackWise Benefits 396

  Verifying StackWise 396

What Is VSS? 397

  VSS Benefits 398

  Verifying VSS 399

Redundant Switch Supervisors 401

  Supervisor Redundancy Modes 402

  Stateful Switchover 403

Nonstop Forwarding 404

Study Tips 405

Summary 405

Review Questions 406

References 406

Chapter 10 Campus Network Security 409

Overview of Switch Security Issues 410

Cisco Switch Security Configuration Best Practices 411

Campus Network Vulnerabilities 414

  Rogue Access 414

  Switch Vulnerabilities 415

  MAC Flooding Attacks 417

Introducing Port Security 419

  Port Security Configuration 420

  Port Error Conditions 422

  Err-Disabled Automatic Recovery 423

  Port Access Lists 424

Storm Control 425

  Introduction to Storm Control 426

  Configuring and Verifying Storm Control on an Interface 427

Mitigating Spoofing Attacks 430

  DHCP Spoofing Attacks 430

  DHCP Snooping 432

  DHCP Option 82 433

  DHCP Snooping Example Configuration 433

  IP Source Guard 436

  IPSG Configuration 438

  ARP Spoofing 439

  Dynamic ARP Inspection 440

  DAI Configuration 441

Securing VLAN Trunks 443

  Switch Spoofing 444

  VLAN Hopping 446

  Protecting Against VLAN Hopping 447

  VLAN Access Lists 448

  VACL Interaction with ACLs and PACLs 449

  Configuring VACLs 450

Private VLANs 451

  Introduction to PVLANs 452

  PVLAN Port Types 453

  PVLAN Configuration 454

  PVLAN Verification 456

  PVLANs Across Multiple Switches 457

  Using the Protected Port Feature 458

Study Tips 458

Summary 459

Review Questions 460

Appendix A Answers to Chapter Review Questions 469

9781587206641 TOC, 4/14/2015


Richard Froom, CCIE No. 5102, is a manager within the Solution Validation Services (SVS) team at Cisco. Richard previously worked as a network engineer in the Cisco TAC and in various customer-facing testing organizations within Cisco. Richard holds CCIEs

in Routing and Switching and in Storage Networking. Richard currently focuses on expanding his team’s validation coverage to new technologies in the data center, including Application Centric Infrastructure (ACI), OpenStack, Intercloud Fabric, and big data solutions with Hadoop.


Erum Frahim, CCIE No. 7549 , is a technical leader working in the Solution Validation Services (SVS) group at Cisco. In her current role, Erum is leading efforts to test data center solutions for several Cisco high-profile customers and leading all the cross-business units interlock. Most recently, she is working on Application Centric Infrastructure (ACI), UCS Director, OpenStack, and big data. Before this, Erum managed the Nexus platform escalation group and served as a team lead for the data center storage-area network (SAN) test lab under the Cisco data center business unit. Erum joined Cisco in 2000 as a technical support engineer. Erum has a Master of Science degree in electrical engineering from Illinois Institute of Technology and also holds a Bachelor of Engineering degree from NED University, Karachi, Pakistan. Erum also authors articles in Certification Magazine and on and has participated in many CiscoLive Events. In her spare time, Erum enjoys her time with her husband and child.