How to configure and verify switch administration and Layer 2 Protocols

When the switch is taken out of box, first thing a network will do is secure it by assigning it with an IP address, a default gateway and subnet mask so that the switch is under control even from a remote location. These are the functions of switch administration; following are the features of it:

1. SDM templates

Concept of SDM templates:

SDM templates are used for the configuration of switch system resources for support optimization of particular features, depending on the way switch is being used in a network. You can choose templates for maximum usage of system for specific functions; for instance, for balance resources using the default templates, and for highest ACL usage using access template. To distribute the hardware resources for various usages, switch SDM template ranks system resources for optimizing support for specific features. You can choose a SDM template for IPV4 feature optimization on the switches running IP services and IP base set:

  • VLANs- VLAN template is used to disable routing and supporting maximum unicast MAC addresses. It is specifically selected for layer 2 switching.
  • Routing- Routing templates are used for using maximum number for system resources for unicast routing, specifically used for aggregator or router in the middle of a network
  • Access- Access template is used for maximum system resources for the ACLs to manage high numbers of access control lists.
  • Default- Default template is used for balancing all the functions

Dual IPv6 and IPv4 Templates:

The dual IPv6 and IPv4 templates are used to allow switches to work in double stack environments, assisting both IPv6 and IPv4 traffic. IPv6 multicast routing is not supported by this software. PBR is also not supported during IPv6 traffic forwarding. PBR is only supported during the configuration of dual IPv6 and IPv4 routing template. Dual stack template usage results in lower hardware capacity permissible for every resource. It is recommended to not use them while IPv4 traffic forwarding. These templates of SDM support IPv6 and IPv4 environments on the switches running IP services and IP base feature set:

  • Dual IPv6 and IPv4 default template- supports multicast, layer2, ACL and routing, ACL for IPv6 and IPv4 layer 2
  • Dual IPv6 and Ipv4 routing template- supports multicast, layer 2, Qos, routing and ACls for layer 2 and IPv4
  • Dual IPv6 and IPv4 VLAN template- supports multicast, layer 2, ACLs for layer 2 and IPv4.

Switch stacks and SDM templates:

In mixed hardware switch stack and catalyst 3750, all the stack members should deploy similar SDM template that is hoarded on stack master. During the adding of new switch to the stack, SDM configuration which is collected on stack master dominates the template that is configured on a particular switch. EXEC command is used to check for mismatch made stack members in SDM. This example shows the output derived from EXEC command after finding a mismatch in SDM.

Configuration Guidelines for SDM template:

  • After the configuration of a fresh SDM template, you should reload switch for effect configuration
  • On the switches that are running IP service or IP base set, use the SDM Vlan global command of configuration on the intended switches only for no routing layer 2 switching.
  • While using VLAN template, there should be no system resources reserved for the routing entries, and the routing is performed through software. This highly reduces and performance of routing and overloads CPU.
  • While the switch is performing LAN base function set, do not choose a routing template. Although it is listen in the command help, routing is not supported by the LAN base feature. On LAN base feature switches, values of routing shown are not valid.
  • If you don't have on your switch, routing enabled, avoid using the routing template. It prevents the other features from exploiting the memory designed to unicast routing, use SDM prefer global configuration commands.
  • A warning message will appear if you configure IPv6 without selecting first a dual IPv6 and IPv4 template.

2. Managing Mac Address table:

MAC address table consists of the information of address which the switch uses for traffic forwarding between different ports. In the address table, all the MAC addresses are linked with one and more ports. The address table also includes the following types of addresses:

Static address- This kind of address is manually added unicast address which cannot be lost at switch resets and does not age.

Dynamic address: It is a resource MAC address which a switch learns and after that it ages when not being used.

On VLAN or Interface, Disabling MAC Address Learning

Mac address understanding and learning is enabled by default on all the VLANs and interfaces on router. MAC address learning can be controlled on VLAN or interface to manage the space of available address table by controlling the fact that which VLAN or interface can learn the MAC addresses. It is important to be familiar with the router system and network topology configuration before disabling the MAC address learning. To disable the MAC address learning on VLAN or an interface can result in network flooding. Following are some related guidelines:

  • Before you disable the MAC address learning on VLAN or on an interface with SVI, use caution. This results in the switch flooding in layer 2 domain and all IP packets.

  • MAC address learning can be disabled on single VLAN ID or on a range of IDs, differentiated by comma or hyphen (for instance Mac address table learning 1-10,15 Vlan)

  • It is recommended to only disable in VLAN that has two ports the MAC address learning. Disabling MAC address learning on single port VLAN results in flooded packets that are entering VLAN domain switches.

  • To reenable the MAC address learning on VLAN or on an interface, it is recommended to use the default mac address table. Re enabling on the VLAN the MAC address learning is also possible by using global configuration command.

  • The first command will return to default condition which means it will not appear in the results of output that show running commands. The second command results in showing the configuration running EXEC command.

2.Troubleshoot Err-disable recovery

Errdisable functions:

If there is a port to be enabled shown by the configuration, but the software detects an error on the switch port, the software will shut down the port. In simple words, the port if disabled automatically by the operating system software due to any error detected on port.

Once the port is disabled, it shuts down with no traffic being sent or received on that specific port.

There are two major functions of the err disable:

  • Allow the administrator to know about the port problem
  • Remove the possibility of a troublesome port to affect the other ports on module.

Err disable platforms:

The feature of Err disable is supported by the following Catalyst switches:

  • 2940/2960/2950
  • 4000/4500
  • 6000/6500
  • 294BG

Layer 2 technologies

1. Configure CDP:

CDP is used for obtaining protocol addresses of the neighboring devices and to explore the platform for these devices. It is also used for the display for information related to the interfaces which your router uses. CDP is protocol and media independent and is able to run on all Cisco produced devices including, access servers, routers, switches and bridges.

Task List of CDP configuration:

  • Setting the CDP hold time and transmission timer
  • On a local router, re enabling the CDP
  • On an interface, re able the CDP
  • Maintaining and monitoring CDP

Setting the CDP Hold Time and Transmission Timer

The following commands should be used for hold time and CDP transmission frequency.




Step 1 

Router(config)# cdp timer seconds

This explains the transmission frequency of CDP updates

Step 2 

Router(config)# cdp holdtime seconds

This explains the required time at which devices must hold information that is sent by your device

Reenabling CDP on a Local Router

CDP, by default is enabled on the devices by cisco. To disable it you can use the no CDP command. However, the following process is described to re enable the CDP.


Router(config)# cdp run

Reenabling CDP on an Interface

It is also enabled on all the interfaces by default. You can disable it by using no CDP enable command. To re enable it on the interface, use any of the below mentioned command:


Router(config-if)# cdp enable

Maintaining and monitoring CDP

To maintain and monitor CDP , you can use more than one of the below mentioned commands:



Router# clear cdp counters

It resets to zero the traffic counters

Router# clear cdp table

CDP Information related to neighbors is deleted

Router# show cdp

Shows the interval among transmissions of CDP advertisements, version and number of seconds the advertisement of CDP is valid for a provided port.

Router# show cdp entrydevice-name[protocol |version]

Shows information about some particular neighbor.

Router# show cdp interface[type number]

Shows information about the interfaces on which the CDP is enabled.

Router# show cdp traffic

Shows CDP counters, also including the number of received and sent packets and checksum errors.

Router# show debugging

Information of Debugging enabled for routers is displayed.



3. LLDP:

LLDP is regarded as a neighbor finding protocol used for the network devices for information advertisement about themselves to the related devices in the network. LLDP is used to run over data link layer, it allows two systems working on different network layers to learn about one another. LLDP supports a range of characteristics that are used to discover about the neighbor devices. These characteristics include value description, and length referred as TLVs.

Following are the mandatory TLVS:

  • System description
  • TLV port description
  • TLV management address
  • TLV system capabilities
  • System name

Configuring LLDP Characteristics

Frequency of LLDP can be configured, the time to hold information before removing it, and the delay time. Following are the steps for the configuration of these characteristics.





Step 1 

configure terminal

Entering the global configuration medium

Step 2 

lldp holdtimeseconds

(Optional) It is to Specify the amount of time one receiving device must hold the information that is sent by your device before removing it.

Step 3 

lldp reinit

(Optional) It is to Specify the time delay in seconds for LLDP for initializing on an interface.
Range is 2- 5 seconds; default is 2 seconds.

Step 4 

lldp timer seconds

(Optional) Setting the transmission frequency of the LLDP updates in seconds.
Range is 5- 65534 seconds; default is 30 seconds.

Step 5 ll

lldp tlv-select

(Optional) Specifying LLDP TLVs to receive or send

Step 6 

lldp med-tlv-select

(Optional) Specifying LLDP-MED TLVs to receive or send

Step 7 

copy running-config startup-config

(Optional) Saving your entries in configuration file.

4. UDLD:

Understanding UDLD

UDLD is the layer 2 protocol which enables the devices that are connected through twisted pair Ethernet or fiber optic cables to check the physical configuration and detecting a unidirectional link of the cables. All connected devices should support UDLD so that the protocol can successfully disable and identify unidirectional links. After detecting a unidirectional links, it shuts down that port and warns you. Unidirectional links are the cause of many problems, including the spanning tree topology loops.

Operation Modes:

There are two operation modes supported by UDLD; aggressive and normal mode. The normal mode detects the unidirectional links which are a result of misconnected interfaces on the fiber optic connections. In the aggressive mode, it detects unidirectional links that are cause due to one way traffic on the twisted pair links and fiber optic.

In both of these modes, the UDLD works with the mechanism of layer 1 to identify the status of link. In layer 1 mechanism, the auto negotiation handles the fault detection and physical signaling. UDLD will perform the functions that a auto negotiation is unable to perform, like detecting the neighbor identities and shutting down the misconnected interfaces. After enabling the UDLD and auto negotiation, layer 2 and layer 1 detections start working together to avoid logical and physical unidirectional connections malfunctioning of the other protocols.

Configuration of Default UDLD

Table 23-1 Default UDLD Configuration 


Default Setting

UDLD global permit state

Globally disabled

UDLD  for fibre optic media per-interface enable state

Disabled on every Ethernet fiber-optic interface

UDLD per-interface permit state for the twisted-pair media

Disabled on every Ethernet 1000BASE and10/100 interfaces

UDLD aggressive mode


Configuration Guidelines

Following are the UDLD configuration rules and guidelines:

UDLD not supported on the ATM interfaces.

A UDLD-capable interface cannot detect unidirectional link when connected to UDLD incapable port of the other switch

When in configuring mode (aggressive or normal), it is important to make sure that similar mode is configured on link's both side.


ExamCollection Premium

ExamCollection Premium Files

Pass your Exam with ExamCollection's PREMIUM files!

  • ExamCollection Certified Safe Files
  • Guaranteed to have ACTUAL Exam Questions
  • Up-to-Date Exam Study Material - Verified by Experts
  • Instant Downloads
Enter Your Email Address to Receive Your 10% Off Discount Code
A Confirmation Link will be sent to this email address to verify your login
We value your privacy. We will not rent or sell your email address


Use Discount Code:


A confirmation link was sent to your e-mail.
Please check your mailbox for a message from and follow the directions.


Download Free Demo of VCE Exam Simulator

Experience Avanset VCE Exam Simulator for yourself.

Simply submit your e-mail address below to get started with our interactive software demo of your free trial.

Free Demo Limits: In the demo version you will be able to access only first 5 questions from exam.