Definition
Performs the same basic core functions as a but at much faster speeds and with enhanced features. If the network has no hub, each single link is considered its own collision domain

Types

By Layer

Collision domains

Loop prevention

Using .

Example

Internal frame processing

Segmenting Ethernet devices

Port security

Port security has several flexible options, but all operate with the same core concepts. First, switches enable port security per port, with different settings available per port. Each port has a maximum number of allowed MAC addresses, meaning that for all frames entering that port, only that number of different source MAC addresses can be used in different incoming frames before port security thinks a violation has occurred. When a frame with a new source MAC address arrives, pushing the number of MAC addresses past the allowed maximum, a port security violation occurs. At that point, the switch takes action—by default, discarding all future incoming traffic on that port.

Steps:

Example

Actions

There are links between switches. There are 2 types of links:

Access links/ports


Belong to only one VLAN at a time

Commands

Create VLAN

1
2
3
4
sw1 (config)# vlan 150
sw1 (config-vlan)# name ccna
sw1 (config-vlan)# exit
sw1 (config-vlan)# do show vlan brief

Apply VLAN to a port

<!– –>

1
2
3
4
5
6
7
8
sw1# configure terminal
sw1 (config)# interface fastEthernet 0/24

# Tell the port to be an access port
sw1 (config-if)# switchport mode access

# Tell the port to be part of VLAN 150
sw1 (config-if) switchport access vlan 150

<!– –>

1
2
sw 2 (config)# interface f0/24
sw 2 (config-if)# switchport access vlan 150

Show interfaces

1
2
3
# 0 is the slot number
sw1# show interfaces fastEthernet 0/24
sw1# show interfaces fastEthernet 0/24 switchport

Trunk links/ports


These will carry more then one VLAN at a time.

Frame tagging
Each Frame between SW1 and SW2 will have an ID to identify the VLAN Using 2 protocols: ISL () and (dot1q).
ISL
Only between Cisco Devices Encapsulates the original frame into a new one Has an ID field
dot1q
Insert information into original frame 4 Bytes of additional information
Native VLAN
Transverses the link w/o tagging

Dynamic trunking protocol (DTP)

Commands

<!– –>

 1
 2
 3
 4
 5
 6
 7
 8
 9
10
11
12
13
sw1 (config)# interface fastEthernet 0/24
sw1 (config-if)# do show interface fastEthernet 0/1 switchport
sw1 (config-if)# do show interface trunk

# Change mode
sw1 (config-if)# switchport mode dynamic desirable
sw1 (config-if)# do show interface trunk

# Specify which VLANs should be allowed on a trunk
sw1 (config-if)# switchport allowed vlan 1,150,200-200

# Change native VLAN on the trunk
sw1 (config-if)# switchport trunk native vlan 150

<!– –>

1
2
3
4
sw1 (config-if)# switchport mode trunk encapsulation dot1q

# Disable sending DTP frames between the switches
sw1 (config-if)# switchport nonegotiate