Switching Questions & Answers

Switching is as important as Routing. I have prepared few questions and answers. These will certainly help anyone who is willing to learn these important things.

Q: Define the role of access and trunk ports.

Access port means port will have only one vlan while trunk can carry multiple VLANs.

Use the command “Switchport mode access” to change the mode to Access.

Use the command “Switchport mode trunk” to make it trunk.

Q: Why do we use VTP and what is the transparent mode in VTP?

VTP means VLAN trunking protocol. It is used to advertise the VLAN information in the VTP domain. VTP password should match along with VTP domain. There are three modes in VTP, first is Server, Second is Client , Third is transparent. Server has the right to advertise the VLAN information, Client will only receive and update its local Vlan.dat file while transparent does not participate in VTP. It will just relay the VLAN advertisement but not accept it. In VTP transparent, we can create and delete VLAN. In Server mode, we can also make changes like creating and deleting VLANs while its not possible in Client mode.

Q: What is Spanning Tree Protocol and root bridge election?

STP is used to stop Layer2 loops. It elects Root Bridge , then selects Designated Ports, Root Ports, Blocking Port to stop Layer 2 loops.

Root Bridge will be the Bridge with Superior BID i.e. Bridge ID. BID is combination of Bridge Priority and Mac address. Switch with Lowest Bridge Priority is the Root Bridge, however, in case of Tie, lowest MAC address is picked.

Q: What is the difference between STP, PVST, PVST+ and RPVST?

In STP, there will be One root bridge for all vlans.

In PVST- there will be one root bridge per VLAN so very high CPU overhead.

PVST+ has support for 802.1q trunk encapsulation

RPVST+ means Rapid Peer VLAN Spanning Tree with 802.1q support.

MST means Multiple Spanning Tree. We can create one root bridge for some VLANs rather than all or single. So it has less CPU overheard compared to PVST or PVST+.

Nowadays we use PVST+ mode in conjuction with STP. However, the mode can be changed,

Q. What is Root Guard?

This feature is implemented on Root Bridge to protect it from losing the tag of “Root Bridge”. It is also a security feature to protect your ROOT Bridge from MIM i.e. Man in the Middle Attack. Sometime attacker connects their own switch and tries to make it Root Bridge. So if you have Root Guard on Root Bridge ports implemented, then ports will go in to “Root Inconsistency State” if superior BPDU is received. Once Superior BPDUs stop coming, then ports will auto-recover.

Q What is BPDUGuard? How can you enable it globally versus at interface and its impact

BPDU Guard is also a security feature which makes port go in error-disable if any BPDU is received.

If it is enabled at Global level, then it will work in conjuction with portfast. So it will only work on portfast enabled ports.

On interface level, it can be configured on any kind of switchport. No requirement of port to be portfast.

Q. What is Layer3 Port Channel? 

You can configure IP in Layer 3 Port channel interface. It is like SVI.

Q. What is BPDUFilter? What happens when you enable it globally

Bpdufilter will ignore the BPDUs coming on the interface if enabled at interface level.

However, if its enabled at global level, then as soon as it receives bpdu then it will remove portfast and bpdufilter from the port i.e. port will become normal port.

Q. What is protected Port?

This feature works only within the VLAN and within the Switch. If you want exchange of data to be stopped between two ports, then use this feature. Command is very simple, “switchport protected”

Q. What are the ways for capturing Traffic of Ports.

You can use SPA, RSPAN or ERSPAN for capturing packets.

Q. How different is RSPAN from SPAN

SPAN needs both source and destination to be in same switch.

RSPAN can be run if source and destination ports are in different switches in the LAN.

ERSPAN runs on high end switches. It can copy the capture over LAYER 3 domain by forming GRE encapsulation.

Q. What is VTP pruning

All switches in the network receive all broadcasts, even in situations in which few users are connected in that VLANVTP pruning is a feature that you use in order to eliminate or prune this unnecessary traffic. Broadcast traffic in a switched network without pruning

Q. What are the differences between Version 2 and Version 3 of VTP

Version 3 has support for Extended vlan advertisement, MST configuration, Private VLAN and also has the feature to make VTP password hidden.

Version 2 does not have above support.