SRE
VLAN: Virtual Local Area Network
VLAN is a logical segmentation of a physical network into multiple virtual networks.
The primary purpose of VLAN is to create isolated network segments within a
larger network.
Advantages of Using VLAN
❖ Smaller Broadcast Range: Dividing the LAN reduces the broadcast domains.
❖ Improved Security: Only users on the same VLAN can communicate with each
other.
❖ Reduced Cost: One switch can support multiple or VLANs.
Types of VLAN:
Data VLAN:
❖ Handles email and web traffic
❖ All interfaces are automatically assigned VLAN 1.
Native VLAN:
❖ Used specifically on Trunk Links
❖ Tagging on 802.1Q Trunk Links
❖ Frames on Native VLAN are untagged
Management VLAN:
❖ Designated for SSH/Telnet VTY traffic
❖ Should not carry end-user traffic.
❖ Typically is the VLAN serving for SVI layer 2 switch.
Voice VLAN:
❖ A separate VLAN is required because Voice traffic requires: Accurate
bandwidth; High Qos priority; ability to avoid congestion.
VLAN Creation Command:
❖ Switch (Config): Vlan vlan id
❖ Switch (Config-vlan): name vlan name
Trunking
Trunks are layer two and carry traffic for all VLANs.
Commands: Switchport mode trunk; set the port to permanent trunking mode.
Dynamic Trunking Protocol
❖ It is a Cisco protocol that is used to negotiate trunking between two switches.
❖ DTP has two modes: Dynamic Desirable & Dynamic Auto
❖ Dynamic Desirable: The interface actively waits to become a trunk.
❖ Dynamic Auto: The interface waits passively for other to initiate trunk
negotiation.
❖ To disable DTP use “Switchport non negotiate”.
Verify VLAN and DTP
Show Vlan & Show interfaces trunk.
Inter VLAN Routing & Configuration
It is the process of forwarding network traffic from one VLAN to another VLAN.
Legacy Inter-Vlan Configuration
❖ Each VLAN has/requires a dedicated physical interface on the router.
❖ Provides strict isolation between VLAN due to dedicated physical interfaces.
❖ Resource-Intensive as each VLAN requires a separate physical connection.
❖ Limited Scalability as number of VLAN increases.
Router-on-a-Stick Configuration
❖ Uses a single router interface for routing between Multiple VLANS
❖ Requires the use of sub-interfaces each associated with a specific VLAN.
❖ Enables the router to distinguish between different VLANs on a single interface.
❖ More resource efficient as compared to legacy because it reduces number of
physical connections needed.
❖
L3 (Layer 3) Switch Configuration
❖ The switch itself performs routing functions between VLANs
❖ Each VLAN has a switched virtual interface (SVI) for routing purposes.
❖ Improved Performances as compared to traditional routers.
❖ Combines switching and routing in a single device; simplifies network architecture.
Spanning Tree Protocol (STP)
The main purpose of STP is to prevent loops in ethernet networks.
These loops lead to broadcast storms and network instability.
Broadcast Storms
Broadcast storms are a phenomenon in which the broadcast or multicast traffic is
allowed to endlessly circulate across the network, causing the consumption of
available bandwidth and reducing network performance.
STP prevents broadcast storms by blocking these redundant paths and forcing the
traffic to follow a loop free path, preventing the possibility of a loop.
Root Bridge Election
Root bridge the central point of the network through which all spanning tree
calculations are taken place.
Port Roles:
Root port is the port that is connected to the root bridge, Designated port is the
most optimal path and Blocked port prevents loops.
Rapid Spanning Tree Protocol (RSTP)
RSTP is an evolution of the classic STP protocol which has a fast convergence rate.
RSTP ensures faster convergence after network changes, reducing downtime.
It improves edge port functionality with Portfast.
Commands for STP
Switch(config): spanning-tree mode STP
Switch(config): Spanning-tree vlan *vlan id* port priority *priority value*
Timers in STP:
Hello timer:
❖ It is the interval between transmission of BPDU (Bridge protocol data units) to
the switches participating in STP.
❖ Default timer is 2 seconds.
❖ Can be adjust to 1-10 seconds.
Forward Delay Timer:
❖ It is duration spent listening and learning during the STP convergence
❖ Default is 15 seconds
❖ Can be adjusted to 4-30 seconds
Max age timer
❖ It is the duration a switch will wait before making changes in the network
topology
❖ Default is 20 seconds
❖ Can be adjusted to 6-40 seconds.
EtherChannel
❖ EtherChannel is a link aggregation technology that is designed to link multiple
ethernet links into a single logical link.
❖ It enables the creation of redundant links between devices without the risk of
STP blocking.
Advantages:
❖ Offers redundancy, ensuring network stability if link fails
❖ Distributes traffic across multiple links, ensuring network optimization.
❖ Increases the capacity of individual links to boost overall communication speed.
Restrictions:
❖ Can’t have one EtherChannel mixed.
❖ One EtherChannel consists of 8 ports.
❖ 2960 layer 2 switch can have 6 EtherChannel only.
❖ EtherChannel must be configured the same on both connected devices.
Common Issues:
Ports with different Native VLAN can’t form EtherChannel.
Trunk must be configured to port channels, not recommended to configure on
individual ports.
If allowed range of VLAN is not same, EtherChannel won’t form.
PAPg: Port Aggregation Protocol:
❖ Used to establish EtherChannel configuration by assessing compatibility on both
sides.
❖ On Mode: Interface forces Etherchannel creation without using PApg mode.
❖ Auto Mode: Interface actively negotiates by initiating PAPg negotiation with out
interfaces.
IPv4 v IPv6
❖ In Ipv4 destination IP address is used for routing decisions.
❖ IPv6 follows a similar approach to IPv4, with routers using the destination IPV6
addressing to make routing decisions.
Static vs Dynamic Routing
❖ Static routing is when network admin manually configure the routing table,
specifying paths to reach destination.
❖ Dynamic Routing protocols automate the process of updating the routing table
based on real-time changes in the network.
Static Routing
Dynamic Routing
Requires Manual Intervention
Automatically adapts to Changes
Suitable for stable Networks
Scalable for Larger Networks
Predictable and Easy to use
Require more configuration
complexity.
DHCP v4
❖ Dynamic Host Configuration Protocol is a network protocol used to assign IP
addresses automatically and related configuration information.
❖ DHCP Server: Assigns and Managers IP address
❖ DHCP Client: Request and Receives IP address
❖ DHCP Relay Agent: Facilitates DHCP client and Server across different subnets.
WLAN Threats:
Eavesdropping:
Unauthorized access to the wireless communication.
Rouge Access Points:
Unauthorized devices posing as legitimate access points.
DOS:
Attempt to disrupt the wireless communication of the network.
Man in the middle:
Intercepting and Altering Communication between 2 parties.
MAC Spoofing:
Spoofing the Media access control address of devices to gain authorized access.
Implement port security to limit Mac Address on a port.
ARP spoofing:
Manipulating ARP to associate fake MAC addresses with an IP address.
Use ARP inspection tools detect and mitigate ARP spoofing attacks.
First Hop Redundancy Protocol (FHRP)
Provides high availability by ensuring redundancy in the default gateway (first hop)
of a local subnet.
Active vs Standby router:
Active router is the one forwarding the packets and serving as default gateway.
Stand by router is in ready state, waiting to take over if the active router fails.
Hot Standby Routing Protocol (HSRP)
HSRP uses a virtual IP address as a default gateway for hosts on the subnet.
Routers have priority value, the router with the highest priority becomes active.
HSRP States:
Initial State: The router is starting and has not determined the status of its HSRP
neighbors yet. The router is aware of the active router’s existence.
Learn State: The router has heard the Hello packets from the active router but it
not yet participating in the forwarding.
Listen State: The router is actively listening for Hello packets to see if it should
translate into speak state.
Speak State: The router is actively participating in HSRP forwarding packets on
behalf of the router.
Stand by state: Router is prepared to take over as active router if current router
fails.
Active state: The router is the current active router in the HSRP group.
Static Routes
Default Static Routes: A default static route is used to send traffic to a specified
next hop address.
Recursive: A recursive static route specifies the next hop IP address to reach
destination network.
Directly Connected: A directly connected static route points to an interface rather
than a next hop IP address.
Fully Specified Static Route: It includes a destination network and subnet mask.
Static Host Route: It is used to specify a route to a host than a network.
0
