M2 20% of exam domain 2.0 (20%)

Network Access - Switching, VLANs, STP

VLANs, trunking, discovery, EtherChannel and Spanning Tree. The layer-2 heart of the exam.

1.4 Interface & cable troubleshooting

show interfaces counters: CRC/input errors → cable/noise; runts/giants → framing; late collisions → duplex mismatch.
Fix duplex mismatch with auto/auto on BOTH ends. "show ip interface brief" gives up/up status fast.

A VLAN is a separate broadcast domain. Normal range 1–1005. Default VLAN is 1.
Access port carries ONE data VLAN (plus optionally a voice VLAN). Inter-VLAN traffic needs a router or L3 switch.
config: switchport mode access ; switchport access vlan 10.

CDP = Cisco proprietary, ON by default. LLDP = 802.1AB open standard, OFF by default (needs "lldp run").
"show cdp neighbors detail" reveals neighbor IP, platform and IOS - directly connected devices only.

Bundles 2–8 physical links into one logical port; STP treats it as a single link (no blocking).
LACP (802.3ad) negotiation: active/passive - at least one side must be active. PAgP is Cisco. "on" = no negotiation.
All member ports must match speed, duplex, and VLAN/trunk config. L3 EtherChannel = "no switchport" + IP on the port-channel.

STP prevents L2 loops by blocking redundant paths. Rapid PVST+ runs a separate RSTP (802.1w) instance per VLAN.
Root bridge = lowest bridge priority (default 32768, set in multiples of 4096), tie-break lowest MAC. The root has NO root ports - all its ports are designated.
RSTP roles: root, designated, alternate (blocked backup to root), backup. States: discarding, learning, forwarding.
PortFast on END-DEVICE access ports only (skips listening/learning). Never on a switch-to-switch link.

STP protection (v1.1 additions)
Feature	Does	Where
BPDU guard	err-disables a PortFast port that receives a BPDU	access ports
Root guard	blocks a port that would become root	toward access/other domains
Loop guard	guards against unidirectional-link loops	non-designated ports
BPDU filter	stops sending/processing BPDUs	use with care