CCIE EI v1.

1.0 Network Infrastructure 30%

2.0 Software Defined Infrastructure 25%
3.0 Transport Technologies and Solutions 15%
4.0 Infrastructure Security & Services 15%
5.0 Infrastructure Automation and programmability 15%

Content Creation by:-

Ratnesh K
CCIE x3
1.0 Network Infrastructure 30%
1.1 Switched campus
1.1.d EtherChannel
1.1.a Switch administration
1.1.d (i) LACP, static
1.1.a (i) Managing MAC address table
1.1.d (ii) Layer 2, Layer 3
1.1.a (ii) Errdisable recovery
1.1.d (iii) Load balancing
1.1.a (iii) L2 MTU
1.1.d (iv) EtherChannel misconfiguration guard
1.1.b Layer 2 protocols
1.1.b (i) CDP, LLDP 1.1.d (v) Identify multichassis EtherChannel use
cases
1.1.b (ii) UDLD
1.1.e Spanning Tree Protocol
1.1.c VLAN technologies
1.1.e (i) PVST+, Rapid PVST+, MST
1.1.c (i) Access ports 1.1.e (ii) Switch priority, port priority, tuning
1.1.c (ii) Trunk ports (802.1Q) port/path cost, STP timers
1.1.c (iii) Native VLAN 1.1.e (iii) PortFast, BPDU guard, BPDU filter
1.1.c (iv) Manual VLAN pruning 1.1.e (iv) Loop guard, root guard
1.1.c (v) Normal range and extended
range VLANs
1.1.c (vi) Voice VLAN
1.1.a Switch administration
1.1.a (i) Managing MAC address table
1.1.a (ii) Errdisable recovery
1.1.a (iii) L2 MTU

Topology
sw110

0 -1 e1
1/
/2
e -3

3 e1
2- /2
1/ - 3
e
e2/0-1 e2/0-1

sw101 sw102
 1.1.a (i) Managing MAC Address Table

The MAC address table (also known as the CAM table) on a switch
stores the mapping between MAC addresses and the switch ports. This
table is essential for forwarding frames to the correct destination.

Commands to Manage MAC Address Table

Viewing the MAC Address Table:
show mac address-table
This command displays the current entries in the MAC address table.
Clearing the MAC Address Table:
clear mac address-table dynamic
This command clears all dynamic entries in the MAC address table.
 Configuring Static MAC Addresses:

To add a static entry to the MAC address table, use the following
command in global configuration mode:

mac address-table static <MAC-address> vlan <VLAN-id> interface <interface-id>

Example:
mac address-table static 0000.aaaa.bbbb vlan 10 interface GigabitEthernet0/1

This command statically maps the MAC address 0000.aaaa.bbbb to VLAN

10 on the interface GigabitEthernet0/1.
 Monitoring MAC Address Table Aging

The aging time for dynamic MAC addresses determines how long an entry
remains in the table before it is aged out if no traffic is seen from
that address.

Viewing the MAC Address Table Aging Time:

show mac address-table aging-time

Configuring the MAC Address Table Aging Time:

mac address-table aging-time <seconds>

Example:

mac address-table aging-time 300

This sets the aging time for dynamic MAC address entries to 300 seconds.
 1.1.a (ii) Errdisable Recovery
Errdisable is a feature on Cisco switches that automatically disables a
port when certain events occur, such as port security violations, BPDU
guard violations, and more.
Configuring Errdisable Recovery
Viewing the Current Errdisable Recovery Settings:

show errdisable recovery

Enabling Errdisable Recovery for Specific Causes:

errdisable recovery cause <cause>

Example:
errdisable recovery cause bpduguard

This command enables recovery for ports disabled due to BPDU guard
violations.
 Configuring the Errdisable Recovery Interval:
errdisable recovery interval <seconds>
Example:
errdisable recovery interval 300

This sets the recovery interval to 300 seconds, meaning the switch
will attempt to re-enable the port after 300 seconds if the cause of
the errdisable condition has been cleared.
 1.1.a (iii) L2 MTU
The Layer 2 Maximum Transmission Unit (MTU) refers to the maximum frame
size that can be transmitted over a network interface.
Configuring L2 MTU
Viewing the Current MTU Settings:
show system mtu
Changing the MTU Size:

system mtu <size>

Example:
system mtu 1500

This command sets the MTU size to 1500 bytes. Note that changes to the
MTU size typically require a reboot of the switch to take effect.
 Configuring the Jumbo Frame MTU Size:

For switches that support jumbo frames, you can set a higher MTU size:

system mtu jumbo <size>

Example:

system mtu jumbo 9000

This command sets the MTU size for jumbo frames to 9000 bytes.
 Summary

MAC Address Table: Use show mac address-table to view, clear mac
address-table dynamic to clear, and mac address-table static to
configure static entries.

Errdisable Recovery: Use show errdisable recovery to view settings,

errdisable recovery cause <cause> to enable recovery for specific
causes, and errdisable recovery interval <seconds> to set the
recovery interval.
L2 MTU: Use show system mtu to view, system mtu <size> to change the
MTU, and system mtu jumbo <size> for jumbo frames.

These commands help manage switch functionalities effectively,

ensuring network stability and performance.
1.1.b Layer 2 protocols
1.1.b (i) CDP, LLDP
1.1.b (ii) UDLD
 1.1.b Layer 2 Protocols

Layer 2 protocols play a crucial role in the functioning and management of switches
within a network. Here, we will cover the following protocols:
1.1.b (i) CDP and LLDP
Cisco Discovery Protocol (CDP) and Link Layer Discovery Protocol (LLDP) are network
discovery protocols used to share information about directly connected devices.
CDP (Cisco Discovery Protocol)
CDP is a Cisco proprietary protocol used to discover and share information about
other Cisco devices connected to the same network.

Enabling CDP:
conf t
cdp run

Disabling CDP:

conf t
no cdp run
 Enabling CDP on an Interface:

conf t
interface <interface-id>
cdp enable

Disabling CDP on an Interface:

conf t
interface <interface-id>
no cdp enable

Viewing CDP Information:

show cdp neighbors

This command shows information about directly connected Cisco devices.

 Detailed CDP Information:
show cdp neighbors detail

This command provides detailed information about each neighbor, including

device ID, IP address, platform, and capabilities.

LLDP (Link Layer Discovery Protocol)

LLDP is a vendor-neutral protocol used for network discovery, similar to CDP
but supported by a wide range of network equipment vendors.

Enabling LLDP:
conf t
lldp run

Disabling LLDP:

conf t
no lldp run
 Enabling LLDP on an Interface:
conf t
interface <interface-id>
lldp transmit
lldp receive
Disabling LLDP on an Interface:
conf t
interface <interface-id>
no lldp transmit
no lldp receive

Viewing LLDP Information:

show lldp neighbors

This command shows information about directly connected devices.

 Detailed LLDP Information:
show lldp neighbors detail
This command provides detailed information about each neighbor,
similar to the show cdp neighbors detail command.
1.1.b (ii) UDLD (Unidirectional Link Detection)
UDLD is a Cisco proprietary protocol used to detect unidirectional
links. A unidirectional link occurs when a link is operational in
one direction but not in the other, potentially causing issues in
network topologies like spanning tree.

Enabling UDLD Globally:

conf t
udld enable

This enables UDLD on all fiber-optic interfaces.

 Enabling Aggressive UDLD Globally:
conf t
udld aggressive

This enables aggressive UDLD mode globally, which is more proactive

in detecting and shutting down unidirectional links.

Enabling UDLD on an Interface:

conf t
interface <interface-id>
udld port

This enables UDLD on the specified interface.

 Enabling Aggressive UDLD on an Interface:
conf t
interface <interface-id>
udld port aggressive

Viewing UDLD Information:

show udld neighbors

This command shows the status of UDLD on all interfaces.

Viewing UDLD Status for a Specific Interface:

show udld <interface-id>

This provides detailed UDLD status information for the specified

interface.
 Summary
CDP and LLDP: Use these protocols for network discovery and device
information sharing. Enable/disable globally or per interface and
view neighbor details using show cdp neighbors or show lldp
neighbors.

UDLD: Use UDLD to detect and prevent unidirectional links, which can
cause network issues. Enable globally or per interface, and use
aggressive mode for more proactive detection. Monitor using show
udld neighbors.

These protocols help in managing and maintaining the network,

ensuring efficient communication and reducing potential issues in
the Layer 2 network.
1.1.c VLAN technologies
1.1.c (i) Access ports
1.1.c (ii) Trunk ports (802.1Q)
1.1.c (iii) Native VLAN
1.1.c (iv) Manual VLAN pruning
1.1.c (v) Normal range and extended range VLANs
1.1.c (vi) Voice VLAN
 1.1.c (i) Access Ports
An access port is a switch port that is assigned to a single VLAN.
It carries traffic for that VLAN only.
Configuring an Access Port:
conf t
interface <interface-id>
switchport mode access
switchport access vlan <vlan-id>

Example:
conf t
interface GigabitEthernet0/1
switchport mode access
switchport access vlan 10
This command configures interface GigabitEthernet0/1 as an access port
in VLAN 10.
 Verifying Access Port Configuration:
show interfaces <interface-id> switchport

Example:
show interfaces GigabitEthernet0/1 switchport

This command shows the configuration of the specified interface,

including its VLAN assignment.

1.1.c (ii) Trunk Ports (802.1Q)

A trunk port is a switch port that carries traffic for multiple

VLANs. It uses the IEEE 802.1Q standard to tag VLAN traffic.
 Configuring a Trunk Port:

conf t
interface <interface-id>
switchport mode trunk
switchport trunk encapsulation dot1q
switchport trunk allowed vlan <vlan-list>
Example:
conf t
interface GigabitEthernet0/2
switchport mode trunk
switchport trunk encapsulation dot1q
switchport trunk allowed vlan 10,20,30

This command configures interface GigabitEthernet0/2 as a trunk port

allowing VLANs 10, 20, and 30.
 Verifying Trunk Port Configuration:
show interfaces trunk

This command shows the trunk ports on the switch and the VLANs they carry.
 1.1.c (iii) Native VLAN
The native VLAN on a trunk port is the VLAN for untagged traffic. By
default, the native VLAN is VLAN 1.
Configuring the Native VLAN:
conf t
interface <interface-id>
switchport trunk native vlan <vlan-id>
Example:
conf t
interface GigabitEthernet0/2
switchport trunk native vlan 99

This command sets VLAN 99 as the native VLAN on interface GigabitEthernet0/2.

 Verifying Native VLAN Configuration:
show interfaces <interface-id> switchport

Example:

show interfaces GigabitEthernet0/2 switchport

This command shows the native VLAN configuration for the specified
interface.
1.1.c (iv) Manual VLAN Pruning
Manual VLAN pruning is the process of manually specifying which
VLANs are allowed on a trunk link to optimize network traffic and
security.
Pruning VLANs on a Trunk Port:

conf t
interface <interface-id>
switchport trunk allowed vlan remove <vlan-list>
 Example:
conf t
interface GigabitEthernet0/2
switchport trunk allowed vlan remove 30

This command removes VLAN 30 from the allowed VLANs on the trunk port
GigabitEthernet0/2.

1.1.c (v) Normal Range and Extended Range VLANs

Normal Range VLANs:
VLAN IDs 1 to 1005.

Configuration is stored in the VLAN database file (vlan.dat).

Extended Range VLANs:
VLAN IDs 1006 to 4094.
Available on switches that support VTP (VLAN Trunking Protocol)
transparent mode or no VTP.
 Creating Normal Range VLANs:
conf t
vlan <vlan-id>
name <vlan-name>
Example:

conf t
vlan 10
name Sales
This command creates VLAN 10 named Sales.
Creating Extended Range VLANs:
conf t
vlan <vlan-id>
name <vlan-name>
 Example:
conf t
vlan 2000
name R&D

This command creates VLAN 2000 named R&D. Note that VTP mode must be set to transparent to
support extended VLANs.
1.1.c (vi) Voice VLAN
A Voice VLAN is a special VLAN configured to carry voice traffic from IP phones.
Configuring a Voice VLAN:

conf t
interface <interface-id>
switchport voice vlan <vlan-id>

Example:

conf t
interface GigabitEthernet0/1
switchport voice vlan 20
This command configures VLAN 20 as the voice VLAN on interface GigabitEthernet0/1.
 Verifying Voice VLAN Configuration:
show interfaces <interface-id> switchport

Example:

show interfaces GigabitEthernet0/1 switchport

This command shows the voice VLAN configuration for the specified
interface.
 Summary
Access Ports: Configured to carry traffic for a single VLAN. Use switchport
mode access and switchport access vlan <vlan-id>.
Trunk Ports: Carry traffic for multiple VLANs using 802.1Q tagging. Use
switchport mode trunk and switchport trunk allowed vlan <vlan-list>.
Native VLAN: The VLAN for untagged traffic on a trunk port. Use switchport
trunk native vlan <vlan-id>.

Manual VLAN Pruning: Manually control which VLANs are allowed on trunk
ports. Use switchport trunk allowed vlan remove <vlan-list>.
Normal Range and Extended Range VLANs: Normal range (1-1005) and extended
range (1006-4094) VLANs. Use vlan <vlan-id> to create VLANs.
Voice VLAN: Configured to carry voice traffic from IP phones. Use
switchport voice vlan <vlan-id>.

These VLAN technologies are fundamental to segmenting and managing

network traffic effectively in a Layer 2 network.
 1.1.d EtherChannel

1.1.d (i) LACP, static

1.1.d (ii) Layer 2, Layer 3
1.1.d (iii) Load balancing
1.1.d (iv) EtherChannel misconfiguration guard
1.1.d (v) Identify multichassis EtherChannel use cases
 1.1.d EtherChannel

EtherChannel is a port link aggregation technology used to combine

multiple physical links into a single logical link to increase
bandwidth and provide redundancy.
1.1.d (i) LACP and Static
LACP (Link Aggregation Control Protocol):

LACP is a dynamic protocol defined by IEEE 802.3ad that

automatically negotiates the formation of an EtherChannel.
Configuring EtherChannel with LACP:

conf t
interface range <interface-id-range>
channel-group <group-number> mode active
 Example:
conf t
interface range GigabitEthernet0/1 - 2
channel-group 1 mode active

This command configures interfaces GigabitEthernet0/1 and

GigabitEthernet0/2 to form an EtherChannel group 1 in active mode.

Modes:

active: Actively tries to form an EtherChannel.

passive: Forms an EtherChannel if the other end is active.
 Static (Manual) EtherChannel:

Static EtherChannel is configured manually without using a protocol

like LACP.
Configuring Static EtherChannel:

conf t
interface range <interface-id-range>
channel-group <group-number> mode on

Example:
conf t
interface range GigabitEthernet0/1 - 2
channel-group 1 mode on

This command configures interfaces GigabitEthernet0/1 and

GigabitEthernet0/2 to form an EtherChannel group 1 statically.
 1.1.d (ii) Layer 2 and Layer 3

Layer 2 EtherChannel:

Layer 2 EtherChannel is used to aggregate multiple switch ports to another switch,

creating a single logical connection.
Configuring Layer 2 EtherChannel:
conf t
interface Port-channel <number>
switchport
switchport mode trunk
switchport trunk allowed vlan <vlan-list>
Example:
conf t
interface Port-channel 1
switchport
switchport mode trunk
switchport trunk allowed vlan 10,20,30
This command configures Port-channel 1 as a Layer 2 trunk carrying VLANs 10, 20, and 30.
 Layer 3 EtherChannel:
Layer 3 EtherChannel aggregates multiple routed ports, allowing for
routing between different subnets.
Configuring Layer 3 EtherChannel:
conf t
interface Port-channel <number>
no switchport
ip address <ip-address> <subnet-mask>
Example:
conf t
interface Port-channel 1
no switchport
ip address 192.168.1.1 255.255.255.0
This command configures Port-channel 1 as a Layer 3 interface with
the specified IP address.
 1.1.d (iii) Load Balancing

EtherChannel can use various methods for load balancing traffic

across the member links. The load balancing method can be based on
source and destination IP addresses, MAC addresses, or port numbers.
Configuring Load Balancing:
conf t
port-channel load-balance <method>
Example:
conf t
port-channel load-balance src-dst-ip

This command sets the load balancing method to use both source and
destination IP addresses.
 Common Methods:

src-mac: Source MAC address.

dst-mac: Destination MAC address.
src-dst-mac: Source and destination MAC addresses.
src-ip: Source IP address.
dst-ip: Destination IP address.
src-dst-ip: Source and destination IP addresses.
src-port: Source port number.
dst-port: Destination port number.
src-dst-port: Source and destination port numbers.
 1.1.d (iv) EtherChannel Misconfiguration Guard
EtherChannel misconfiguration guard detects and prevents
misconfigurations that could lead to loops or other network issues.
Enabling EtherChannel Misconfiguration Guard:
conf t
spanning-tree etherchannel guard misconfig
This command enables the EtherChannel misconfiguration guard
feature.

1.1.d (v) Identify Multichassis EtherChannel Use Cases

Multichassis EtherChannel (MEC) allows for the aggregation of links
across multiple switches, providing increased redundancy and
bandwidth. This is typically used in environments with stacked or
virtualized switches (e.g., Cisco VSS or Cisco StackWise).
 Use Cases for Multichassis EtherChannel:

Redundancy: Links can terminate on different physical switches,

providing redundancy in case one switch fails.
Increased Bandwidth: Aggregates bandwidth across multiple switches.
Simplified Management: Treated as a single logical link, simplifying
network management and configuration.
High Availability: Critical for environments requiring high
availability and uptime.
 Summary
LACP and Static: Configure EtherChannel using LACP (channel-group
<number> mode active) or statically (channel-group <number> mode on).
Layer 2 and Layer 3: Configure Layer 2 EtherChannel for trunk links
and Layer 3 EtherChannel for routed interfaces.
Load Balancing: Set load balancing methods using port-channel load-
balance <method>.
EtherChannel Misconfiguration Guard: Enable to prevent
misconfigurations (spanning-tree etherchannel guard misconfig).
Multichassis EtherChannel: Use for increased redundancy and
bandwidth across multiple switches.

These configurations help enhance network performance, provide

redundancy, and ensure efficient utilization of network resources through
link aggregation.
 1.1.e Spanning Tree Protocol

1.1.e (i) PVST+, Rapid PVST+, MST

1.1.e (ii) Switch priority, port priority, tuning port/path cost,
STP timers
1.1.e (iii) PortFast, BPDU guard, BPDU filter
1.1.e (iv) Loop guard, root guard
 1.1.e Spanning Tree Protocol

Spanning Tree Protocol (STP) is used to prevent loops in network

topologies by creating a loop-free logical topology. Below, we cover
different STP variants and related configurations.
1.1.e (i) PVST+, Rapid PVST+, MST
PVST+ (Per-VLAN Spanning Tree Plus):

PVST+ is a Cisco proprietary protocol that runs a separate instance

of STP for each VLAN. This allows for VLAN-specific optimizations
and load balancing.
Enabling PVST+:

conf t
spanning-tree mode pvst
 Rapid PVST+ (Rapid Per-VLAN Spanning Tree Plus):

Rapid PVST+ is an enhancement of PVST+ that uses RSTP (Rapid

Spanning Tree Protocol, IEEE 802.1w) for faster convergence.
Enabling Rapid PVST+:

conf t
spanning-tree mode rapid-pvst

MST (Multiple Spanning Tree):

MST (IEEE 802.1s) allows multiple VLANs to be mapped to a single STP

instance, reducing the number of STP instances and thereby improving
scalability.
Enabling MST: Configuring MST:
conf t conf t
spanning-tree mode mst spanning-tree mst configuration
name <name>
revision <number>
instance <instance-number> vlan <vlan-list>
Example: exit
conf t
spanning-tree mst configuration
name MST1
revision 1
instance 1 vlan 10,20
instance 2 vlan 30,40
exit
This command maps VLANs 10 and 20 to MST instance 1, and VLANs 30 and 40 to MST
instance 2.
1.1.e (ii) Switch Priority, Port Priority, Tuning Port/Path Cost,
STP Timers
Switch Priority:
Switch priority determines the root bridge in the STP topology. A
lower priority value increases the likelihood of becoming the root
bridge.
Configuring Switch Priority:
conf t
spanning-tree vlan <vlan-id> priority <priority>

Example:
conf t
spanning-tree vlan 10 priority 4096
 Port Priority:

Port priority affects which port is chosen when there are multiple
equal-cost paths to the root bridge.

Configuring Port Priority:

conf t
interface <interface-id>
spanning-tree vlan <vlan-id> port-priority <priority>

Example:
conf t
interface GigabitEthernet0/1
spanning-tree vlan 10 port-priority 64
 Tuning Port/Path Cost:

Path cost is used to determine the best path to the root bridge. Lower
cost paths are preferred.

Configuring Port Cost:

conf t
interface <interface-id>
spanning-tree vlan <vlan-id> cost <cost>

Example:

conf t
interface GigabitEthernet0/1
spanning-tree vlan 10 cost 19
 STP Timers:
STP timers control various timing aspects of the STP process, such as
hello time, forward delay, and max age.
Configuring STP Timers:
conf t
spanning-tree vlan <vlan-id> hello-time <seconds>
spanning-tree vlan <vlan-id> forward-time <seconds>
spanning-tree vlan <vlan-id> max-age <seconds>

Example:
conf t
spanning-tree vlan 10 hello-time 2
spanning-tree vlan 10 forward-time 15
spanning-tree vlan 10 max-age 20
 1.1.e (iii) PortFast, BPDU Guard, BPDU Filter
PortFast:
PortFast is used on access ports to skip the usual STP
listening and learning states, allowing the port to
transition immediately to the forwarding state.

Enabling PortFast: Example:

conf t conf t
interface <interface-id> interface GigabitEthernet0/1
spanning-tree portfast spanning-tree portfast
 BPDU Guard:
BPDU Guard is used on PortFast-enabled ports to disable the port if
a BPDU is received, protecting against potential loops caused by
erroneous device connections.

Enabling BPDU Guard: Example:

conf t conf t
interface <interface-id> interface GigabitEthernet0/1
spanning-tree bpduguard enable spanning-tree bpduguard enable
 BPDU Filter:

BPDU Filter can be used to prevent a port from sending or receiving

BPDUs.

Enabling BPDU Filter: Example:

conf t conf t

interface <interface-id> interface GigabitEthernet0/1

spanning-tree bpdufilter enable spanning-tree bpdufilter enable

 1.1.e (iv) Loop Guard, Root Guard
Loop Guard:
Loop Guard helps prevent loops by ensuring that a blocked port does
not transition to the forwarding state if BPDUs are not received on
that port.

Enabling Loop Guard: Example:

conf t conf t
interface <interface-id> interface GigabitEthernet0/1
spanning-tree guard loop spanning-tree guard loop
 Root Guard:

Root Guard ensures that the specified port cannot become a root
port, protecting the current root bridge status.

Enabling Root Guard: Example:

conf t conf t
interface <interface-id> interface GigabitEthernet0/1
spanning-tree guard root spanning-tree guard root
 Summary

PVST+, Rapid PVST+, MST: Different STP variants for network

redundancy and optimization.
Switch Priority, Port Priority, Tuning Port/Path Cost, STP Timers:
Parameters for influencing STP topology decisions.

PortFast, BPDU Guard, BPDU Filter: Enhancements for faster port

transitions and protection against loops.

Loop Guard, Root Guard: Additional safeguards to maintain a stable

STP topology and prevent loops.

These configurations ensure a robust and efficient Layer 2 network by

preventing loops, optimizing convergence times, and providing the
necessary safeguards.