Escolar Documentos
Profissional Documentos
Cultura Documentos
I. Foundation Topics
II. VLAN and Trunking Fundamentals
1.
2.
3.
4.
5.
6.
7.
8.
What Is a VLAN?
Trunking with 802.1Q
Following the Frame, Step by Step
The Native VLAN on a Trunk
So, What Do You Want to Be? (Says the Port)
Inter-VLAN Routing
The Challenge of Using Physical Interfaces Only
Using Virtual Sub Interfaces
BPDU guard
If BPDUs show up where they should not, the switch protects itself, as covered in
this chapter
Root guard
Controls which ports are not allowed to become root ports to remote root
switches
Dynamic ARP
inspection
IP source guard
802.1x
Authenticates users before allowing their data frames into the network
DHCP snooping
Storm control
Limits the amount of broadcast or multicast traffic flowing through the switch
Access control lists Traffic control to enforce policy. Access control is covered in another chapter
2. f
5.
6.
7.
8.
1, 6-7
Spanning-Tree Fundamentals
3-5, 8-10
1. Which is the primary Layer 2 mechanism that allows multiple devices in the same
VLAN to communicate with each other even though those devices are physically
connected to different switches?
a. IP address
b. Default Gateway
c. Trunk
d. 802.1D
Page
Number
Text
What is a VLAN? -
178
Example 8-1
Creating a new VLAN and placing switch ports into that VLAN -
179
Text
180
Example 8-2
180
Text
181
Text
182
Example 8-3
182
Example 8-5
188
List
189
Example 8-6
189
Table 8-2
190
Text
BPDU guard
191
Text
Root guard
192
Text
Port security
192
193
BPDU guard
If BPDUs show up where they should not, the switch protects itself.
Root guard
Control which ports are not allowed to become root ports to remote
root switches.
Dynamic ARP
inspection
Authenticates users before allowing their data frames into the network.
DHCP snooping Prevents rogue DHCP servers from impacting the network.
Storm control
Access control
lists
VIII.
access port trunk port inter-VLAN routing router on a stick STP root guard port security BPDU guard -
Control the VLAN assignment for the device connecting to this port,
and associate that device with a single specific VLAN of 10
Switchport trunk
encapsulation dot1q
Switchport nonegotiate
Disable negotiation between the switch and the device connected to the
device related to trunking
Spanning-tree bpduguard
enable
Protect the switch port against being connected on this port to another
device that is generating any type of BPDUs
Protect this switch port against believing the root bridge is reachable
via this port
Switchport port-security
Protect the switch (on this port at least) against a MAC address table
flooding attack (CAM table overflow) and prevent a DHCP starvation
attack from being launched from the device connected to this point