Training Cisco Certified Network

Associate (CCNA 640-802)

Mr.Kriangsak Namkot
jodoi@jodoi.com
jodoi1819@hotmail.com
http://www.jodoi.com
 Day 2

• Layer 2 Switching and Spanning Tree

Protocol (STP)
• Virtual LANs (VLANs) , VTP , inter-VLAN
routing
• Wide Area Networks , PPP connection ,
Frame Relay , xDSL
• LAB Configuration
Ethernet Switches and Bridges

– Address learning
– Forward/filter decision
– Loop avoidance
Transmitting Frames
Cut-Through Store and Forward
• Switch checks destination Complete frame is received
address and immediately and checked before
begins forwarding frame. forwarding.

Fragment-Free
• Switch checks the first 64 bytes,
then immediately
begins forwarding frame.
 MAC Address Table

• Initial MAC address table is empty.

 Learning Addresses

• Station A sends a frame to station C.

• Switch caches the MAC address of station A to port E0 by
learning the source address of data frames.
• The frame from station A to station C is flooded out to all
ports except port E0 (unknown unicasts are flooded).
 Learning Addresses (Cont.)

• Station D sends a frame to station C.

• Switch caches the MAC address of station D to port E3 by
learning the source address of data frames.
• The frame from station D to station C is flooded out to all ports
except port E3 (unknown unicasts are flooded).
 Filtering Frames

• Station A sends a frame to station C.

• Destination is known; frame is not flooded.
 Filtering Frames (Cont.)

• Station A sends a frame to station B.

• The switch has the address for station B in the MAC
address table.
Broadcast and Multicast Frames

• Station D sends a broadcast or multicast frame.

• Broadcast and multicast frames are flooded to all ports
other than the originating port.
Forward/Filter Decisions
Forward/Filter Decisions
 Port Security
Switch(config)#interface fastEthernet 0/1

Switch(config-if)#switchport port-security ?
mac-address Secure mac address
maximum Max secure addresses
violation Security violation mode
<cr>

Switch(config-if)#switchport port-security maximum 1

Switch(config-if)#switchport port-security violation shutdown
 Loop Avoidance

– Redundant topology eliminates single points of failure.

– Redundant topology causes broadcast storms, multiple
frame copies, and MAC address table instability
problems.
Broadcast Storms

• Host X sends a broadcast.

• Switches continue to propagate broadcast traffic
over and over.
Multiple Frame Copies

• Host X sends a unicast frame to router Y.

• MAC address of router Y has not been learned by
either switch yet.
• Router Y will receive two copies of the same frame.
MAC Database Instability

• Host X sends a unicast frame to router Y.

• MAC address of router Y has not been learned by either switch.
• Switches A and B learn the MAC address of host X on port 0.
• The frame to router Y is flooded.
• Switches A and B incorrectly learn the MAC address of host X on port 1.
 Spanning-Tree Protocol

• Provides a loop-free redundant network topology by

placing certain ports in the blocking state.
Spanning-Tree Operation

• One root bridge per network

• One root port per nonroot bridge
• One designated port per segment
• Nondesignated ports are unused
Spanning-Tree Protocol
Root Bridge Selection

• Bpdu = Bridge Protocol Data Unit

(default = sent every two seconds)
• Root bridge = Bridge with the lowest bridge ID
• Bridge ID =

• In the example, which switch has the lowest bridge ID?

 Spanning-Tree Port States
• Spanning-tree transits each port through
several different states:
Spanning-Tree Port States (Cont.)
Spanning-Tree Path Cost
Spanning-Tree Example
Spanning-Tree Recalculation
Spanning-Tree Convergence

• Convergence occurs when all the switch and

bridge ports have transitioned to either the
forwarding or the blocking state.
• When the network topology changes,
switches and bridges must recompute the
Spanning-Tree Protocol, which disrupts user
traffic.
Rapid Spanning-Tree Protocol

** หมายเหตุ ตัด Listening ออกไป

Rapid Transition to Forwarding
 Spanning-Tree
Switch#show spanning-tree vlan 1

VLAN0001
Spanning tree enabled protocol ieee
Root ID Priority 32769
Address 0001.96DC.1A62
Hello Time 2 sec Max Age 20 sec Forward Delay 15 sec
Bridge ID Priority 32769 (priority 32770 sys-id-ext 1)
Address 0010.1116.A3A4
Aging Time 300

Interface Role Sts Cost Prio.Nbr Type

---------------- ---- --- --------- -------- --------------------------------
Fa0/1 Desg FWD 19 128.3 Shr
Fa0/2 Root FWD 19 128.3 Shr

Switch(config)#spanning-tree vlan 1 priority 4096

 VTP Modes
• Creates VLANs
• Modifies VLANs
• Deletes VLANs
• Sends/forwards
advertisements
• Synchronizes
• Saved in NVRAM

• Creates VLANs
• Forwards • Modifies VLANs
advertisements • Deletes VLANs
• Synchronizes • Forwards
• Not saved in advertisements
NVRAM • Does not
synchronize
• Saved in NVRAM
30
VTP Operation

• VTP advertisements are sent as multicast frames.

• VTP servers and clients are synchronized to the latest revision number.
• VTP advertisements are sent every 5 minutes or when there is a change.
Catalyst Default Configuration

• IP address: 0.0.0.0
• CDP: enabled
• 100baseT port: autonegotiate duplex mode
• Spanning tree: enabled
• Console password: none
 Configuration Switch
ลบ config
# erase start up
# reload
ตรวจสอบ config
#show running-config
#show spanning-tree
#show vlan
#show interfaces status
#show mac-address-table
#show ip int brief
Configuration Switch 2950
Vlan 1 default
จะใช้ Vlan ได้ ตั้งแต่ vlan 2 – 4096
การ config
Switch#show vlan
Switch#vlan database
Switch(vlan)#vlan 2 name aaa
Switch(vlan)#vlan 3 name bbb
Switch#config terminal
Switch(config)#interface FastEthernet 0/1-24
Switch(config-if)#switchport mode access
Switch(config-if)#switchport access vlan 2
Configuration Switch 2960
Vlan 1 default
การ config
Switch#config t
Switch(config)#vlan 2
Switch(config-vlan)#name Sales
Switch (config-vlan)#vlan 3
Switch (config-vlan)#name Marketing
Switch(config)#interface FastEthernet 0/1-24
Switch(config-if)#switchport mode access
Switch(config-if)#switchport access vlan 2
 Configuration Switch 2950,2960
Config trunk
Switch#config terminal
Switch(config)#interface fastethernet 0/3
Switch(config-if)#switchport mode trunk
Switch(config-if)#switchport trunk encapsulation dot1q ,isl

Cisco only

หมายเหตุ Switch 2960 เมื่อ set เป็น trunk ค่า encapsulation จะเป็น
dot1q อยู่แล้ว จึงไม่ต้อง set #switchport trunk
encapsulation dot1q
Configuration Switch 2950,2960
VLAN Trunking Protocol (VTP)
Switch#vlan database
Switch(vlan)#vtp server, client , transparent
Switch(vlan)#vtp domain jodoi
Switch(vlan)#vtp password password
หรือ
Switch#config ter
Switch(vlan)#vtp mode server, client , transparent
Switch(vlan)#vtp domain jodoi
Switch(vlan)#vtp password password

Switch#show vtp status

 Configuring IP Phone Voice Traffic
Switch#configure t
Switch(config)#mls qos
Switch(config)#interface f0/1
Switch(config-if)#switchport priority extend ?
cos Override 802.1p priority of devices on
appliance
trust Trust 802.1p priorities of devices on
appliance
Switch(config-if)#switchport priority extend trust
Switch(config-if)#mls qos trust cos
Switch(config-if)#switchport voice vlan do1p
Switch(config-if)#switchport mode access
Switch(config-if)#switchport access vlan 3
ตัวอย่าง config ใน router
 Lab 1

PC1 ip 192.168.1.1/24 in vlan2 PC5 ip 192.168.1.5/24 in vlan2

PC2 ip 192.168.1.2/24 in vlan3 PC6 ip 192.168.1.6/24 in vlan3
PC3 ip 192.168.1.3/24 in vlan4 PC7 ip 192.168.1.7/24 in vlan4
PC4 ip 192.168.1.4/24 in vlan5 PC8 ip 192.168.1.8/24 in vlan5
 Lab 2

PC1 ip 192.168.1.1/24 in vlan2 PC5 ip 192.168.1.5/24 in vlan2

PC2 ip 192.168.1.2/24 in vlan3 PC6 ip 192.168.1.6/24 in vlan3
PC3 ip 192.168.1.3/24 in vlan4 PC7 ip 192.168.1.7/24 in vlan4
PC4 ip 192.168.1.4/24 in vlan5 PC8 ip 192.168.1.8/24 in vlan5
 Wide Area Networks

Wan Connection 2 ฝัง่ เป็น cisco

- lease line  HDLC ,PPP  Sync
- Circuit Switch (isdn)  HDLC ,PPP  Async
- Packet Switch  Frame Relay  Sync
- Cell Switch  ATM  Async

DTE  Data terminal equipment ตัวผู้

DCE  Data Circuit equipment ตัวเมีย

#Show controller Serial 0 เพื่อตรวจสอบว่าเป็น DTE หรือ DCE

 Configuration Router

router DTE DCE CSU DSU

Config#interface serial 0 Config#interface serial 0

config#ip address 10.10.10.1 255.255.255.0 config#ip address 10.10.10.2 255.255.255.0
config#bandwidth 64 config#clock rate 64000
config#encapsulation hdlc config#encapsulation hdlc

#Show controller Serial 0 เพือ่ ตรวจสอบว่าเป็น DTE หรือ DCE

PPP Authentication Protocols

• Passwords sent in clear text

• Peer in control of attempts
 Challenge Handshake
Authentication Protocol

• Hash values, not actual passwords, are sent

across link.
• The local router or external server is in control of
attempts.
 Configuration Router
S0 pap
R1 S0 R2

Config#username R2 password 3com Config#username R1 password cisco

Config#interface S0 Config#interface S0
Config-if#encapsulation ppp Config-if#encapsulation ppp
Config-if#ppp pap sent-username R1 Config-if#ppp pap sent-username R2
password cisco password 3com

#debug ppp authen

#no debug all

Username ตัวเล็กใหญ่ไม่มีผล แต่ password มีผล

 Configuration Router
chap
S0
R1 S0 R2
Chap password ต้องตรงกัน

Config#username R2 password cisco Config#username R1 password cisco

Config#interface S0 Config#interface S0
Config-if#encapsulation ppp Config-if#encapsulation ppp
Config-if#ppp authen chap Config-if#ppp authen chap

Chap username ใส่เป็นชื่อ hostname และ password ทั้ง 2 ฝั่งต้องตรงกัน

Frame Relay Overview

– Connections made by virtual circuits

– Connection-oriented service
 Frame Relay Stack
OSI Reference Model Frame Relay
Application

Presentation

Session
Transport
Network IP/IPX/AppleTalk, etc.
Data-Link Frame Relay
EIA/TIA-232,
Physical EIA/TIA-449, V.35,
X.21, EIA/TIA-530
Frame Relay Terminology
 Selecting a Frame Relay
Topology

• Frame Relay default: nonbroadcast, multiaccess (NBMA)

 Configuration Router
Frame Relay
Point-to-point (no sub interface)
Config#interface S0
Config-if#encapsulation frame-relay cisco , ietf
Config-if#ip address 10.10.10.1 255.255.255.252
Config-if#bandwidth 256
Config-if#frame-relay lmi-type cisco , ansi , q933a
 Configuration Router
Frame Relay
Point-to-point ( sub interface)
Config#interface S0
Config-if#no ip address
Config-if#encapsulation frame-relay cisco , ietf

Config#interface S0.2 point-to-point Config#interface S0.3 point-to-point

Config-if#ip address 10.10.10.1 255.255.255.0 Config-if#ip address 20.20.20.1 255.255.255.0
Config-if#bandwidth 128 Config-if#bandwidth 128
Config-if#frame-relay interface-dlci 110
Config-if#frame-relay interface-dlci 120
 Configuration Router
Frame Relay
Point-to-multipoint ( sub interface)
Config#interface S0
Config-if#no ip address
Config-if#encapsulation frame-relay

Config#interface S0.2 multipoint

Config-if#ip address 10.10.10.1 255.255.255.0
Config-if#bandwidth 256
Config-if#frame-relay map ip 10.10.10.2 120 broadcast
Config-if#frame-relay map ip 10.10.10.3 110 broadcast
Digital Subscriber Line
Digital Subscriber Line
Digital Subscriber Line
Digital Subscriber Line
Digital Subscriber Line
ค่า VPI และ VCI ในการตัง้ ค่าของ ADSL
PPPoE Configuration
!
interface FastEthernet4
pppoe enable group global
pppoe-client dial-pool-number 1
!
interface Dialer 0
ip address negotiated
ip mtu1452
encapsulation ppp
dialer pool 1
dialer-group 1
ppp authentication chap callin
ppp chap hostname Todd
ppp chap password 0 lammle
!
 Virtual Private Networks
Types of VPNs
There are three different categories of VPNs:

• Remote access VPNs Remote access VPNs allow remote users like
telecommuters to securely access the corporate network wherever an
d whenever they need to.

• Site-to-site VPNs Site-to-site VPNs, or intranet VPNs, allow a

company to connect its remote sites to the corporate backbone secur
ely over a public medium like the Internet instead of requiring more ex
pensive WAN connections like Frame Relay.

• Extranet VPNs Extranet VPNs allow an organization’s suppliers,

partners, and customers to be connected to the corporate network in
a limited way for business-to-business (B2B) communications.
 Virtual Private Networks
four of the most common tunneling protocols
• Layer 2 Forwarding (L2F) Layer 2 Forwarding (L2F) is a Cisco-
proprietary tunneling protocol, and it was their first tunneling protocol
created for virtual private dial-up networks (VPDNs). VPDN allows a
device to use a dial-up connection to create a secure connection to
a corporate network. L2F was later replaced by L2TP, which is back
ward compatible with L2F.

• Point-to-Point Tunneling Protocol (PPTP) Point-to-Point

Tunneling Protocol (PPTP) was created by Microsoft to allow the se
cure transfer of data from remote networks to the corporate network.

• Layer 2 Tunneling Protocol (L2TP) Layer 2 Tunneling Protocol

(L2TP) was created by Cisco and Microsoft to replace L2F and PPT
P. L2TP merged the capabilities of both L2F and PPTP into one tun
neling protocol.

• Generic Routing Encapsulation (GRE) Generic Routing

Encapsulation (GRE) is another Cisco-proprietary tunneling protoco
l. It forms virtual point-to-point links, allowing for a variety of protocol
s to be encapsulated in IP tunnels.
Virtual Private Networks
Virtual Private Networks
Virtual Private Networks