The documentation set for this product strives to use bias-free language. For the purposes of this documentation set, bias-free is defined as language that does not imply discrimination based on age, disability, gender, racial identity, ethnic identity, sexual orientation, socioeconomic status, and intersectionality. Exceptions may be present in the documentation due to language that is hardcoded in the user interfaces of the product software, language used based on RFP documentation, or language that is used by a referenced third-party product. Learn more about how Cisco is using Inclusive Language.
Configuring STP
Spanning Tree Protocol (STP) is a network protocol that builds a logical loop-free topology for Ethernet networks.
To learn the topology of the network, STP-enabled switches communicate with each other using standardized data messages called BPDUs. Using BPDUs, the switch with the smallest bridge priority number is automatically elected as the root bridge. If the bridge priority is the same on all the switches then the switch with the smaller MAC address is elected as the root bridge. Each switch then elects ports that are designated and that can communicate with the root bridge and forward traffic. Non-designated ports block traffic.
A port normally starts in Blocking state, and then immediately moves through to the Listening state. In the Listening state, the device determines if the port is part of a physical loop. If it is, the port state is changed back to Blocking, and no data is sent or received on the port. If the port is not part of a loop, the port proceeds to the Learning state, and learns the MAC addresses in the frame. The port then moves into Forwarding state ready to send and receive data.
You device supports the following STP modes:
RPVST
PVST
MST
Configuring Device Ports
Step 1 | On thePort Settings tab. page. All the ports on your device are displayed. Choose the port you want to configure, and click the |
Step 2 | Choose a switch
mode.
Access ports transport traffic to and from only the VLAN assigned to it. Trunk ports carry traffic for multiple VLANs, using a process called trunking. Trunk ports mark frames with unique identifying IEEE 802.1Q tags (when configured), to direct each frame to its designated VLAN. When a port is in dynamic auto mode, it passively listens for and receives Dynamic Trunking Protocol (DTP) messages generated by a port in dynamic desirable mode, on another switch on the other side. A trunk link is formed between the two interfaces and all frames are tagged. |
Step 3 | If you choose access mode, assign a VLAN to the port, in the Access VLAN field. By default, all ports assigned to VLAN 1 are assigned as access ports. |
Step 4 | If you choose trunk as the switch mode, assign a range of VLANs to the port. To assign all VLANs to carry port traffic, select All VLANs, or select VLAN IDs and specify a range of VLANs that can carry traffic for the port. |
Step 5 | If you choose dynamic auto or dynamic desirable, assign a range of VLANs to the port. To assign all VLANs to carry port traffic, select All VLANs, or select VLAN IDs and specify a range of VLANs that can carry traffic for the port. If DTP negotiation fails, the dynamic auto and dynamic desirable ports become access ports. Assign an access VLAN to the ports, in the Access VLAN field. |
Step 6 | In the Voice VLAN field, specify a VLAN to carry voice traffic. |
Step 7 | For network security reasons, specify a VLAN other than VLAN 1 in the Native VLAN field. When your device receives untagged frames on a trunk port, they are sent to the native VLAN. By default, this is VLAN 1. |
Step 8 | If your device
connects to endpoints (for example, to phones and computers and not to other
switches or hubs), set the
Port
Fast field to
on, to
enable PortFast on the interface.
Devices that connect to PortFast enabled ports can connect to the network immediately, instead of waiting for the port to transition from the listening and learning states to the forwarding state. For more information on Spanning Tree Protocol modes, see Understanding Spanning Tree Protocol. |
Step 9 | To activate DHCP snooping on the port, set DHCP Snooping to enable. DHCP snooping acts like a firewall between untrusted hosts and trusted DHCP servers, validating DHCP messages received from untrusted sources and filtering out invalid messages. The DHCP snooping binding database maintains information about untrusted hosts with leased IP addresses, and validates subsequent requests from untrusted hosts. |
Step 10 | Click Apply to save your changes. |
To troubleshoot network reachability, communication delays, and packet loss, use the Configuration > Troubleshooting screens.
On the Troubleshooting > Ping screen, choose the interface from which to send ping packets to the specified destination, and click Ping.
On the Troubleshooting > Tracroute screen, enter the destination address for which you want to run traceroute, and click Traceroute. Traceroute discovers the route, and the number of hops that packets take when traveling to their destination and helps you identify potential link bottlenecks throughout the transmission path.
On the Troubleshooting > Diagnostics screen, choose the type of tests to run on the switch, and click Start. Running some diagnostic tests may be disruptive to the switch.
Restart Switch - Click to reboot the switch. The switch restarts with your saved configuration.
Factory Reset - Click to erase the startup configuration in the persistent memory on the switch and all its stack members, and reboot the switches with the initial factory default configuration. After you reset a switch, there is no way to recover the erased configuration.
Configuring VLANs
A VLAN or a virtual LAN is a group of devices on one or more LANs, which are configured to communicate as if they were physically connected, despite being located across LAN segments. Because VLANs are based on logical instead of physical connections, they are extremely flexible.
Using VLANs you can partition your network based on functional and security requirements within your organization, without investing in new cables and without making major changes to current network infrastructure. For example, VLANs can be created to divide your network into logical groups, and secure traffic to and from departments such as Finance or Marketing. VLANs could also be created to restrict the use of resources such as file servers and printers to a logical group of users on your network.
As defined by the IEEE 802.1Q standard, the VLAN identifier or tag consists of 12 bits in the Ethernet frame, creating an inherent limit of 4,096 VLANs on a LAN.
The Services > NetFlow screen is not displayed, if your device does not support NetFlow.