Switch Configuration

Intermediate Networking
Cisco IOSSTPMAC tablePortFastBPDU Guard

Objective

Configure managed switch basics: VLANs, Spanning Tree Protocol, port security, and EtherChannel.

Tools & Technologies

  • Cisco IOS
  • STP
  • MAC table
  • PortFast
  • BPDU Guard

Key Commands

show spanning-tree
spanning-tree portfast
spanning-tree bpduguard enable
show mac address-table
channel-group 1 mode active

Architecture Overview

stateDiagram-v2 [*] --> Blocking: Port starts Blocking --> Listening: Root port or Designated Listening --> Learning: 15 sec forward delay Learning --> Forwarding: 15 sec forward delay Forwarding --> Blocking: Topology change Blocking --> Disabled: Admin shutdown note right of Blocking: STP prevents loops\nby blocking redundant paths

Step-by-Step Process

01
Spanning Tree Protocol

STP prevents Layer 2 loops by blocking redundant paths and electing a Root Bridge.

show spanning-tree
show spanning-tree vlan 10

! Set bridge priority (lower = more likely root)
conf t
spanning-tree vlan 10 priority 4096

! Force this switch as root
spanning-tree vlan 10 root primary
02
PortFast and BPDU Guard

PortFast skips STP convergence on access ports. BPDU Guard shuts the port if a switch connects.

! On access ports only
interface Fa0/1
 spanning-tree portfast
 spanning-tree bpduguard enable

! Global (all access ports)
spanning-tree portfast default
spanning-tree portfast bpduguard default
03
Port Security

Limit MAC addresses per port to prevent unauthorized device connection.

interface Fa0/1
 switchport mode access
 switchport port-security
 switchport port-security maximum 1
 switchport port-security mac-address sticky
 switchport port-security violation shutdown

show port-security interface Fa0/1
04
EtherChannel (LACP)

Bundle multiple physical links into one logical link for increased bandwidth and redundancy.

! On both switches
interface range Gi0/1-2
 channel-group 1 mode active  ! LACP

interface Port-channel1
 switchport mode trunk

show etherchannel summary

Challenges & Solutions

  • PortFast on trunk ports causes temporary broadcast storms during topology change
  • BPDU Guard violation error-disables the port — must manually recover

Key Takeaways

  • STP convergence takes 30-50 seconds — PortFast eliminates this on access ports
  • EtherChannel requires identical config on both ends