Quiz and Flashcards





Switches traditionally operate at layer-2, although many are capable of layer-3 (routing) functions as well. At layer-2, they primarily work with Ethernet frames and MAC addresses.

When frames are sent through the network, they are rewritten by layer-3 devices. That is, the router updates the source MAC as it’s own, and the destination MAC as the next-hop.

Frame switching is the switches ability to find the right layer-2 path, and send a frame across it.

To do this, switches learn MAC addresses of devices in the network segment. These are stored in the MAC address table, along with the best interface to reach it.

The switch consults the MAC address table when it needs to forward a frame. If a MAC is not in the table, the frame is flooded, and positive results are recorded.

If entries in the MAC address table are not refreshed, they age out, meaning that they are removed from the table.

Most traffic is unicast (sent to one specific destination). Some is broadcast (sent to all endpoints in the network segment), or multicast (sent to some endpoints).



VLANs are used to divide the network into logical parts. Think of this like mini-virtual switches.

There are many reasons to use VLANs, including security, traffic separation, and organization.

There can be up to 4094 VLANs. Cisco reserve a few VLANs for special purposes. They also break VLANs into two ranges (1-1001 is the normal range, 1006-4094 is the extended range).

VLAN 1 is the default VLAN on Cisco switches.



NOTE: VTP is not in the current CCNA exam.

VTP is a technology that you may see in the real world. It’s a protocol on Cisco switches that makes it easier to configure VLANs across many switches.

This uses a client/server model, where server switches give client switches a list of VLANs that they need to add.

For practical purposes, it’s recommended to disable VTP (set it to transparent mode).


Access vs Trunking

Layer-2 interfaces can be configured as access ports or trunk ports.

Access ports are where we connect endpoints, like workstations, printers, and some servers. The access port is configured with a single VLAN.

We also connect phones to access ports, and workstations to the phones. In this case, a special Voice VLAN is added to the port.

A trunk port is used when connecting switches together. Their purpose is to carry traffic for multiple VLANs. This is done by adding an 802.1Q tag in the Ethernet frame header. For this reason, trunking is also known as tagging.

If desired, the list of VLANs allowed on the trunk can be restricted to a specific list. This is called pruning. This is recommended for security reasons.

Trunk links have a special VLAN called the Native VLAN. This is also known as the untagged VLAN, as any traffic that doesn’t have a VLAN tag will be considered part of this VLAN. This is VLAN 1 by default.



Trunk links can be configured manually, or through Dynamic Trunking Protocol. This is a Cisco only protocol.

When used, and interface can be set to either desirable or auto mode. Desirable actively tries to build a trunk link between devices, while auto will only try if the other end tries first.

Two connected interfaces in auto mode will not form a trunk.


Command Summary

Command Mode Description
show mac-address-table Privileged Exec Show all learned MAC addresses
vlan <id> Global Config Create a new VLAN
name <VLAN-name> VLAN Sub-Config Name a VLAN
show vlan brief Privileged Exec Display a list of VLANs
show vtp status Privileged Exec Show the current VTP config
vtp mode transparent Global Config Disable VTP
switchport mode access Interface Config Set a port to access mode
switchport access vlan <id> Interface Config Set an access mode VLAN
switchport voice vlan <id> Interface Config Set a voice VLAN on a port
show interfaces <int> switchport Privileged Exec Verify switchport settings
switchport mode trunk Interface Config Set a port to trunk mode
show interface <int> trunk Privileged Exec Verify trunk settings
switchport trunk allowed vlans <id> Interface Config Set a list of allowed VLANs on a trunk
switchport trunk native vlan <id> Interface Config Set an interface’s native VLAN
switchport mode dynamic desirable Interface Config Enable DTP in desirable mode
switchport mode dynamic auto Interface Config Enable DTP in auto mode
show dtp interface <int> Privileged Exec Show DTP details for an interface
switchport trunk nonegotiate Interface Config Disable DTP on an interface