{"id":25526304,"url":"https://github.com/eugeniogiusti/Layer-2","last_synced_at":"2026-01-05T21:30:16.008Z","repository":{"id":273927326,"uuid":"920138535","full_name":"eugeniogiusti/Layer_2","owner":"eugeniogiusti","description":"Talking about switching | my notes","archived":false,"fork":false,"pushed_at":"2025-02-08T20:25:30.000Z","size":97,"stargazers_count":0,"open_issues_count":0,"forks_count":0,"subscribers_count":1,"default_branch":"main","last_synced_at":"2025-02-08T21:24:54.039Z","etag":null,"topics":["cisco","layer2","switching"],"latest_commit_sha":null,"homepage":"https://www.cisco.com/c/en/us/td/docs/switches/datacenter/sw/5_x/nx-os/layer2/configuration/guide/Cisco_Nexus_7000_Series_NX-OS_Layer_2_Switching_Configuration_Guide_Release_5-x_chapter3.html","language":null,"has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":null,"status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/eugeniogiusti.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":null,"funding":null,"license":null,"code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null,"governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null}},"created_at":"2025-01-21T16:21:45.000Z","updated_at":"2025-02-08T20:25:32.000Z","dependencies_parsed_at":null,"dependency_job_id":"f74b9771-50ce-4f0b-8f69-4f4626ddba1f","html_url":"https://github.com/eugeniogiusti/Layer_2","commit_stats":null,"previous_names":["eugeniogiusti/layer_2"],"tags_count":0,"template":false,"template_full_name":null,"repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/eugeniogiusti%2FLayer_2","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/eugeniogiusti%2FLayer_2/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/eugeniogiusti%2FLayer_2/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/eugeniogiusti%2FLayer_2/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/eugeniogiusti","download_url":"https://codeload.github.com/eugeniogiusti/Layer_2/tar.gz/refs/heads/main","host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":239735249,"owners_count":19688262,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["cisco","layer2","switching"],"created_at":"2025-02-19T21:17:19.339Z","updated_at":"2026-01-05T21:30:15.956Z","avatar_url":"https://github.com/eugeniogiusti.png","language":null,"funding_links":[],"categories":[],"sub_categories":[],"readme":"# Layer_2 Notes\n\n# VLAN: Virtual Local Area Network\n\n## Overview\n\nA **VLAN (Virtual Local Area Network)** is a technology that allows for logical segmentation of networks within the same physical infrastructure. It separates network traffic into distinct virtual domains, enabling better performance, security, and flexibility in network management.\n\n---\n\n## Purpose of VLANs\n\n### 1. **Traffic Segmentation**\n\n- Separate network traffic by group or function (e.g., HR, IT, and Finance).\n- Prevent devices in different VLANs from communicating directly, reducing congestion.\n\n### 2. **Enhanced Security**\n\n- Isolate sensitive resources in dedicated VLANs to limit access.\n- Minimize risks of unauthorized access.\n\n### 3. **Improved Performance**\n\n- Reduce broadcast traffic by confining it to specific VLANs.\n- Avoid unnecessary flooding of packets across the entire network.\n\n### 4. **Flexibility in Network Design**\n\n- Reconfigure logical network segmentation without changing physical cabling.\n- Easily move devices between VLANs by modifying configurations.\n\n---\n\n## Key Concepts\n\n### Broadcast Domain\n\nA broadcast domain encompasses all devices that receive a broadcast frame sent by one of the devices. VLANs reduce the size of broadcast domains, ensuring that broadcast traffic is limited to devices within the same VLAN.\n\n### Port Modes\n\n#### 1. **Access Port**\n\n- Assigned to a single VLAN.\n- Used to connect endpoint devices (e.g., PCs, printers, servers).\n- Traffic on access ports is **untagged**, meaning no VLAN information is added to the Ethernet frame.\n\n#### 2. **Trunk Port**\n\n- Carries traffic for multiple VLANs between network devices (e.g., switches, routers).\n- Traffic on trunk ports is **tagged** using the **IEEE 802.1Q** standard.\n\n### IEEE 802.1Q Tagging\n\n802.1Q is the standard for VLAN tagging in Ethernet frames. It adds a 4-byte VLAN tag to the Ethernet header:\n\n#### VLAN Tag Structure\n\n- **Tag Protocol Identifier (TPID)**: Indicates the frame is tagged.\n- **Priority Code Point (PCP)**: Used for Quality of Service (QoS).\n- **VLAN ID (VID)**: Identifies the VLAN to which the frame belongs (range: 1-4094).\n\nUntagged frames are typically assigned to the **native VLAN** (default VLAN for untagged traffic on trunk ports).\n\n---\n\n## Routing Between VLANs\n\nDevices in separate VLANs cannot communicate directly. To enable communication, **inter-VLAN routing** is required. This can be achieved using:\n\n1. **Router-on-a-Stick**\n\n   - A router with a single interface configured as a trunk.\n   - Routes traffic between VLANs based on tagging.\n\n2. **Layer 3 Switch**\n\n   - Combines switching and routing capabilities.\n   - Routes traffic between VLANs without needing an external router.\n\n---\n\n## Importance of VLANs\n\n- **Security**: Protect sensitive data by isolating critical resources.\n- **Efficiency**: Minimize unnecessary broadcast traffic.\n- **Scalability**: Adapt to growing and complex networks.\n- **Ease of Management**: Simplify logical segmentation without physical changes.\n\n\n---\n\n## Diagram: Example VLAN Setup\n\n```\n+-----------+      Trunk Port       +-----------+\n|   Switch  |=======================|   Switch  |\n|           |                       |           |\n| VLAN 10   |                       | VLAN 10   |\n| VLAN 20   |                       | VLAN 20   |\n+-----------+                       +-----------+\n```\n![image](https://github.com/user-attachments/assets/03b3dfce-985c-4252-959f-916b8d852ffa)\n\n![image](https://github.com/user-attachments/assets/7ce4ef11-ed62-49ab-bdd9-1ad3476c5b0d)\n\n- Useful Videos:\n- https://www.youtube.com/watch?v=fRuBHSf3Hac\n\n## Basic VLAN Configuration\n\n### Creating VLANs\n```cisco\nSwitch\u003e enable\nSwitch# configure terminal\nSwitch(config)# vlan 80\nSwitch(config-vlan)# name Marketing\nSwitch(config-vlan)# exit\n```\n\n### Assigning Ports to VLANs\n```cisco\nSwitch(config)# interface fastethernet 0/1\nSwitch(config-if)# switchport mode access\nSwitch(config-if)# switchport access vlan 80\n```\n\n## Interface Configuration\n\n### View Interface Configuration\n```cisco\n# Show specific interface config\nSwitch# show running-config interface fastethernet 0/1\n\n# Show all interfaces\nSwitch# show running-config | section interface\n\n# Show interface status\nSwitch# show interfaces status\n```\n\n### Adding Interface Descriptions\n```cisco\nSwitch(config)# interface fastethernet 0/1\nSwitch(config-if)# description Marketing\n```\n\n## Trunk Configuration\n\n### Firewall Trunk (All VLANs)\n```cisco\nSwitch(config)# interface fastethernet 0/1\nSwitch(config-if)# description Firewall Trunk\nSwitch(config-if)# switchport mode trunk\nSwitch(config-if)# switchport trunk allowed vlan all\n```\n\n### Server Trunk (Specific VLANs)\n```cisco\nSwitch(config)# interface fastethernet 0/2\nSwitch(config-if)# description vmware_trunk\nSwitch(config-if)# switchport mode trunk\nSwitch(config-if)# switchport trunk allowed vlan 90,99\n```\n\n### Access Points Trunk (IT and Marketing VLANs)\n```cisco\nSwitch(config)# interface fastethernet 0/3\nSwitch(config-if)# description AP1_Trunk\nSwitch(config-if)# switchport mode trunk\nSwitch(config-if)# switchport trunk allowed vlan 90,99\n```\n\n## Security Configuration\n\n### Management VLAN Setup\n```cisco\nSwitch(config)# vlan 30\nSwitch(config-vlan)# name Management\nSwitch(config-vlan)# exit\nSwitch(config)# interface vlan80\nSwitch(config-if)# ip address 192.168.80.10 255.255.255.0\nSwitch(config-if)# no shutdown\n```\n\n### Add a vlan on an interface configured in trunk\n```\nswitchport trunk allowed vlan add 80\n```\n\n\n### Show the trunk on the interface\n```\nshow interfaces FastEthernet0/1 trunk\n```\n\n\n### Reset an interface of its configurations\n```cisco\ndefault interface FastEthernet0/1\n```\n\n## General Configuration Commands\n\n### View Full Configuration\n```cisco\nSwitch# show running-config\n# or\nSwitch# show run brief\n```\n### show active trunk\n```cisco\nSwitch# show interfaces trunk\n```\n### View all vlan configured on interfaces\n\n```cisco\nSwitch# show vlan brief\n```\n\n\n\n\n### Save Configuration\n```cisco\nSwitch# write memory\n# or\nSwitch# copy running-config startup-config\n```\n\n\n# Spanning Tree and PortFast Configuration Documentation for Cisco Switches\n\nThis documentation explains how to configure and manage **Spanning Tree Protocol (STP)** and **PortFast** on Cisco switches. It covers various network scenarios, necessary configurations, and commands for managing these features.\n\n## Table of Contents\n\n1. [Introduction to Spanning Tree](#introduction-to-spanning-tree)\n2. [Spanning Tree Configuration](#spanning-tree-configuration)\n3. [PortFast](#portfast)\n4. [Verification and Disabling Commands](#verification-and-disabling-commands)\n5. [Network Scenarios](#network-scenarios)\n6. [Conclusion](#conclusion)\n\n## Introduction to Spanning Tree\n\n![image](https://github.com/user-attachments/assets/a1396a39-e82d-4fbf-9538-a31d04171be5)\n\n![image](https://github.com/user-attachments/assets/c9074de7-5195-498a-99ea-5515ed90a01a)\n\n- Useful video:\n- https://www.youtube.com/watch?v=6MW5P6Ci7lw\n\nThe **Spanning Tree Protocol (STP)** is used to prevent network loops in a topology with multiple switches. When multiple switches are connected, without STP control, packets could get trapped in an infinite cycle, creating a loop.\n\n### STP Types\n\nThere are several STP modes, including:\n\n- **PVST (Per VLAN Spanning Tree)**: Each VLAN has its own spanning tree. This is useful for better managing networks with multiple VLANs.\n- **Rapid PVST (R-PVST)**: A faster version of PVST that reduces convergence times.\n- **MST (Multiple Spanning Tree)**: Allows multiple STP instances for groups of VLANs.\n\n## Spanning Tree Configuration\n\nTo configure **PVST mode** (which is useful for networks with multiple VLANs), use the following command:\n\n```bash\nspanning-tree mode pvst\n```\n\n### Useful Commands:\n\n- **Check STP mode**:\n  ```bash\n  show spanning-tree summary\n  ```\n\n- **Disable STP (not recommended in production)**:\n  ```bash\n  conf t\n  no spanning-tree mode pvst\n  end\n  ```\n\n## PortFast\n\nThe **PortFast** command is used to speed up the activation process for **access** ports (connected to end devices like PCs, printers, etc.). Without PortFast, a port may stay in the **Listening** and **Learning** state for 30 seconds before transitioning to **Forwarding**, causing delays in device connectivity.\n\n### Command to enable PortFast:\n\n```bash\nspanning-tree portfast\n```\n\n- **Verify PortFast on an interface**:\n  ```bash\n  show running-config interface FastEthernet0/1\n  ```\n\n- **Disable PortFast on an interface**:\n  ```bash\n  conf t\n  interface FastEthernet0/1\n   no spanning-tree portfast\n  end\n  ```\n\n## Verification and Disabling Commands\n\nHere are the commands to **verify** and **disable** the configuration of Spanning Tree and PortFast.\n\n### Verify Spanning Tree\n\n- **Display Spanning Tree status**:\n  ```bash\n  show spanning-tree summary\n  ```\n\n- **Display Spanning Tree status on an interface**:\n  ```bash\n  show spanning-tree interface FastEthernet0/1\n  ```\n\n### Verify PortFast\n\n- **Verify PortFast on an interface**:\n  ```bash\n  show running-config interface FastEthernet0/1\n  show spanning-tree interface FastEthernet0/1\n  ```\n\n### Disable PortFast\n\nTo disable PortFast on a port, use:\n\n```bash\nconf t\ninterface FastEthernet0/1\n no spanning-tree portfast\nend\n```\n\n### Disable Spanning Tree\n\nIf you want to disable Spanning Tree (not recommended in a complex network), use:\n\n```bash\nconf t\nno spanning-tree mode pvst\nend\n```\n\n## Network Scenarios\n\n### Scenario 1: **Single Switch Network**\n\nIn the case of a single switch network, there are no possible loops, but it is still important to configure **Spanning Tree** for future expansion.\n\n- Configure **Spanning Tree** with the command `spanning-tree mode pvst`.\n- Enable **PortFast** on **access** ports (connected to PCs and end devices) to reduce connection times.\n\n### Scenario 2: **Multiple Switches Network**\n\nIn a network with multiple switches, **Spanning Tree** is essential to prevent loops and ensure a stable network topology.\n\n- Configure **Spanning Tree** with the command `spanning-tree mode pvst`.\n- Ensure the **root bridge** is configured properly to manage traffic flow.\n- Enable **PortFast** on **access** ports and use **trunking** for the ports connecting switches.\n\n## Conclusion\n\nConfiguring **Spanning Tree** and **PortFast** is crucial to ensure a stable and performant network. In your scenario with a single switch, **PVST** is a good choice for managing VLANs in the future, while **PortFast** speeds up the activation process for access ports.\n\nMake sure to **verify** the status of Spanning Tree and PortFast regularly using the appropriate commands to avoid misconfigurations.\n\n\n\n\n# Basic Port Security Configuration\n\n### Enable Port Security on an Interface\n```cisco\nSwitch# configure terminal\nSwitch(config)# interface fastethernet 0/1\nSwitch(config-if)# switchport mode access\nSwitch(config-if)# switchport port-security\nSwitch(config-if)# end\n```\n\n### Configure Maximum MAC Addresses\n```cisco\nSwitch(config-if)# switchport port-security maximum 1\n```\n\n### Configure Violation Mode\n```cisco\nSwitch(config-if)# switchport port-security violation {shutdown | restrict | protect}\n```\n- shutdown: Disables interface upon violation (default)\n- restrict: Drops packets with unknown source addresses\n- protect: Drops packets but does not increment violation counter\n\n### Configure Static MAC Address\n```cisco\nSwitch(config-if)# switchport port-security mac-address mac-address\n```\n\n### Configure Sticky Learning\n```cisco\nSwitch(config-if)# switchport port-security mac-address sticky\n```\n\n## Monitoring and Verification Commands\n\n### View Port Security Configuration\n```cisco\nSwitch# show port-security interface fastethernet 0/1\n```\n\n### View MAC Address Table\n```cisco\nSwitch# show mac address-table\n```\n\n### View Security Violations\n```cisco\nSwitch# show port-security\n```\n\n### View Detailed Interface Status\n```cisco\nSwitch# show interfaces fastethernet 0/1 status\n```\n\n## Common Troubleshooting Commands\n\n### Check Port Security Status\n```cisco\nSwitch# show port-security address\n```\n\n### View Interface Error Status\n```cisco\nSwitch# show interfaces fastethernet 0/1 status err-disabled\n```\n\n### Recovery from Security Violation\n```cisco\nSwitch# configure terminal\nSwitch(config)# interface fastethernet 0/1\nSwitch(config-if)# shutdown\nSwitch(config-if)# no shutdown\nSwitch(config-if)# end\n```\n\n\n# Access Point Configuration Guide for Trunk Mode\n\n## Prerequisites\n- Access Point with VLAN support\n- Local network access\n- Administrative rights to the Access Point\n\n## 1. Static IP Configuration for Management\n1. Access the Access Point administration interface\n2. Navigate to \"Network Settings\"\n3. Disable DHCP\n4. Configure the following parameters:\n   - Static IP address: [INSERT_IP]\n   - Subnet mask: [INSERT_SUBNET]\n   - Default gateway: [INSERT_GATEWAY]\n   - Primary DNS: [INSERT_DNS]\n\n![ip](https://github.com/user-attachments/assets/19f3881d-1409-413c-a2f9-ecfbddfb2aca)\n\n\n## 2. Management VLAN Configuration\n1. Navigate to \"VLAN Settings\"\n2. Configure the Management VLAN:\n   - Management VLAN ID: [INSERT_VLAN_ID]\n   - Ensure this VLAN is tagged on the trunk port\n  \n![vlan](https://github.com/user-attachments/assets/1491f510-cce8-48d5-acd4-faf6e13ce971)\n\n\n## 3. VLAN and SSID Configuration\n1. For each required wireless network, configure:\n   - VLAN ID: [INSERT_VLAN_ID]\n   - Corresponding SSID: [INSERT_SSID]\n   - Security settings for each SSID:\n     - Authentication type\n     - Security key/password\n     - Encryption (WPA2/WPA3)\n\n### Configuration Example\n```\nManagement VLAN: 99\nGuest VLAN: 55 - SSID: Guest_Network\nStaff VLAN: 60 - SSID: IT\nVoIP VLAN: 100 - SSID: VoIP_Network\n```\n\n## 4. Configuration Verification\n1. Verify AP is accessible through the management IP\n2. Test connectivity for each configured SSID\n3. Verify clients connect to the appropriate VLAN\n\n## Important Notes\n- Ensure VLANs configured on the AP match the upstream switch configuration\n- Document all VLAN IDs and SSIDs for future reference\n- Create a backup of the configuration after setup is complete\n- Verify the trunk port on the upstream switch is properly configured to allow all necessary VLANs\n\n## Troubleshooting\n- If AP is not accessible after static IP configuration:\n  - Check physical connectivity\n  - Verify configured IP is in the correct subnet\n  - Check management VLAN is properly configured on the switch\n- If an SSID is not visible:\n  - Verify corresponding VLAN is correctly tagged on the trunk\n  - Check if SSID is enabled and broadcasting is active\n\n## Best Practices\n- Use meaningful SSID names that align with their purpose\n- Implement appropriate security measures for each SSID\n- Keep detailed documentation of all configurations\n- Regularly backup the AP configuration\n- Test all SSIDs after configuration changes\n- Monitor AP performance and client connectivity\n\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Feugeniogiusti%2FLayer-2","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Feugeniogiusti%2FLayer-2","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Feugeniogiusti%2FLayer-2/lists"}