Skip to content
CQ
CertifyQuiz

Quick review

Quick review: Switching – CCNA

This review sheet helps you go over the fundamental Cisco CCNA switching concepts before taking the quiz.

🚀 Start quiz← Back to topic

What you really need to know

Switching is one of the most important areas of the CCNA certification. It concerns the operation of Ethernet switches, segmentation with VLANs, trunk links, loop prevention with STP, link aggregation with EtherChannel and several Layer 2 security controls.

For CCNA, you need to understand not only the definitions, but also why these mechanisms exist: to separate traffic, reduce broadcast domains, prevent loops, improve reliability and control access to the network.

Key concepts

  • Layer 2 switch: forwards Ethernet frames using the MAC address table.
  • MAC address table: maps MAC addresses to switch ports.
  • VLAN: logically separates a Layer 2 network into multiple broadcast domains.
  • Access port: a port assigned to a single VLAN.
  • Trunk port: a port that carries traffic for multiple VLANs using 802.1Q tagging.
  • Native VLAN: untagged VLAN on an 802.1Q trunk.
  • STP: protocol that prevents Layer 2 loops by blocking redundant paths.
  • Root bridge: reference switch selected by STP.
  • EtherChannel: combines multiple physical links into one logical link.
  • Port security: limits which MAC addresses can use a port.
  • DHCP snooping: protects against unauthorized DHCP servers.
  • DAI: Dynamic ARP Inspection, protects against ARP spoofing attacks.

Differences not to confuse

ConceptMain meaning
Access portPort for one VLAN
Trunk portPort that carries multiple VLANs
VLANLogical broadcast domain
Native VLANUntagged VLAN on a trunk
MAC tableTable used by the switch to forward frames
STPPrevents Layer 2 loops
Root bridgeCentral switch in the STP topology
EtherChannelAggregates multiple physical links
Port securityLimits MAC addresses on a port
DHCP snoopingBlocks unauthorized DHCP servers
DAIProtects against ARP spoofing

How a switch works

An Ethernet switch forwards frames based on MAC addresses.

When it receives a frame, the switch reads:

  • source MAC;
  • destination MAC;
  • ingress port;
  • associated VLAN.

The switch learns the source MAC and adds it to the MAC address table. If it knows the port associated with the destination MAC, it forwards the frame only out that port. If it does not know it, it floods the frame within the correct VLAN.

For CCNA, you need to remember that a switch does not forward based on IP addresses when it operates as a Layer 2 switch. Layer 2 forwarding is based on MAC addresses.

VLAN

A VLAN logically separates a Layer 2 network. Each VLAN represents a separate broadcast domain.

Example:

  • VLAN 10 = users;
  • VLAN 20 = servers;
  • VLAN 30 = voice;
  • VLAN 99 = management.

The advantage of VLANs is that they allow traffic separation without requiring separate physical switches for each network.

VLANs help to:

  • reduce broadcast traffic;
  • separate departments or services;
  • improve security and organization;
  • apply different policies;
  • simplify troubleshooting and management.

Access port

An access port normally belongs to a single VLAN. It is used to connect end devices such as PCs, printers, IP phones or endpoints.

Conceptual example:

  • a port connected to a PC can be access in VLAN 10;
  • a port connected to a printer can be access in VLAN 20.

An access port normally does not carry VLAN tags toward the end device.

Trunk port

A trunk port carries traffic for multiple VLANs between switches, routers, firewalls or other network devices.

The trunk normally uses the IEEE 802.1Q standard, which adds a tag to the Ethernet frame to indicate which VLAN it belongs to.

Typical trunk examples:

  • switch to switch;
  • switch to router for router-on-a-stick;
  • switch to firewall;
  • switch to hypervisor;
  • switch to access point managing multiple SSIDs/VLANs.

For CCNA, you must clearly distinguish access ports from trunk ports.

Native VLAN

The native VLAN is the VLAN that travels untagged on an 802.1Q trunk.

This concept often appears in quizzes because it can create security or configuration problems if it is not consistent on both sides of the trunk.

Common best practices:

  • avoid using VLAN 1 as the native VLAN;
  • use an unused VLAN as the native VLAN;
  • keep the native VLAN the same on both sides of the trunk;
  • do not use the native VLAN for important user traffic.

Inter-VLAN routing

VLANs separate Layer 2 traffic. To allow devices in different VLANs to communicate, routing is required.

The most common solutions are:

  • router-on-a-stick;
  • Layer 3 switch with SVI;
  • firewall or router routing between VLANs.

Example:

  • a PC in VLAN 10 does not communicate directly with a server in VLAN 20;
  • a Layer 3 device is required to route between VLANs.

For CCNA, it is important to remember that a Layer 2 switch separates VLANs, but routing between VLANs requires Layer 3 functionality.

STP

STP, Spanning Tree Protocol, is used to prevent Layer 2 loops.

Layer 2 loops are dangerous because Ethernet does not have a TTL like IP. A loop can generate:

  • broadcast storm;
  • frame duplication;
  • MAC address table instability;
  • slow or completely unusable network.

STP creates a loop-free logical topology by blocking some redundant paths. Redundant links remain useful because they can become active if a failure occurs.

Root bridge

The root bridge is the reference switch in the STP topology.

STP selects the root bridge based on the Bridge ID, mainly composed of:

  • bridge priority;
  • MAC address.

The lowest Bridge ID wins.

To control the STP topology, the priority of the switch that should become root bridge is often configured manually.

STP ports

In CCNA, you should know at least the general meaning of the main roles:

  • Root port: best port toward the root bridge.
  • Designated port: port that forwards traffic on a segment.
  • Blocked/alternate port: port blocked to prevent loops.

The important point is not to memorize every advanced detail, but to understand that STP decides which ports forward and which are blocked to avoid loops.

EtherChannel

EtherChannel allows multiple physical links to be combined into one logical link.

Advantages:

  • increased aggregated bandwidth;
  • redundancy;
  • better link utilization;
  • STP sees the bundle as a single logical connection.

EtherChannel can be configured:

  • statically;
  • with PAgP;
  • with LACP.

For CCNA, you need to remember that member links must have consistent configurations: speed, duplex, VLANs, trunk/access mode and compatible parameters.

Port security

Port security limits which MAC addresses can use a switch port.

It can be useful to prevent unauthorized devices from being connected to access ports.

It can use:

  • static MAC addresses;
  • dynamic MAC addresses;
  • sticky MAC addresses.

Typical violation actions include:

  • protect;
  • restrict;
  • shutdown.

In CCNA quizzes, shutdown is often the most severe default behavior: the port can go into err-disabled state.

DHCP snooping

DHCP snooping protects the network from unauthorized DHCP servers.

The key concept is the distinction between:

  • trusted ports;
  • untrusted ports.

Ports toward legitimate DHCP servers or controlled uplinks can be trusted. Ports toward end users normally remain untrusted.

DHCP snooping can block DHCP responses coming from unauthorized ports.

Dynamic ARP Inspection

Dynamic ARP Inspection, or DAI, helps protect against ARP spoofing and ARP poisoning.

DAI checks ARP messages and verifies that they are consistent with trusted information, often derived from the DHCP snooping table.

The key point is that DHCP snooping and DAI often work together: DHCP snooping builds a trust base, and DAI uses it to validate ARP.

Common quiz mistakes

  • Confusing access ports and trunk ports.
  • Thinking that a VLAN automatically allows communication with other VLANs.
  • Forgetting that routing is required to communicate between VLANs.
  • Confusing native VLAN and management VLAN.
  • Thinking that STP increases network speed.
  • Forgetting that STP is used to prevent loops.
  • Thinking that EtherChannel is only redundancy and not also logical aggregation.
  • Configuring EtherChannel with inconsistent parameters between ports.
  • Confusing port security with ACLs.
  • Thinking that DHCP snooping blocks all DHCP, including legitimate DHCP.
  • Forgetting that DAI protects against ARP attacks, not against all Layer 2 attacks.

Mini exam scenario

A company has two switches connected with multiple physical links. Without a protection mechanism, the topology can create Layer 2 loops and cause broadcast storms. The main solution to prevent loops is STP.

If instead the objective is to use multiple physical links as a single logical connection, increasing bandwidth and redundancy, the most appropriate solution is EtherChannel.

Mini checklist before the quiz

Before starting the quiz, you should be able to explain:

  • how a switch uses the MAC address table;
  • what VLAN means;
  • the difference between access port and trunk port;
  • what the native VLAN is used for;
  • why routing is required between different VLANs;
  • why STP prevents Layer 2 loops;
  • what root bridge means;
  • what EtherChannel is used for;
  • why EtherChannel ports must have consistent configurations;
  • what port security does;
  • what DHCP snooping is used for;
  • why DAI protects against ARP spoofing.

FAQ

What is switching in CCNA?

Switching concerns the operation of Ethernet switches, frame forwarding through the MAC address table, VLANs, trunks, STP, EtherChannel and Layer 2 controls.

What is the difference between an access port and a trunk port?

An access port normally belongs to one VLAN and is used for end devices. A trunk port carries traffic for multiple VLANs using 802.1Q tagging.

What is a VLAN used for?

A VLAN logically separates a Layer 2 network into different broadcast domains. It helps organize traffic, reduce broadcasts and separate users or services.

Why is STP needed?

STP is used to prevent Layer 2 loops. Without STP, redundant links between switches can cause broadcast storms and network instability.

What is EtherChannel used for?

EtherChannel aggregates multiple physical links into one logical link, providing more bandwidth, redundancy and cleaner STP handling.

What does port security do?

Port security limits which MAC addresses can use a switch port and can block or disable the port in case of a violation.

What is DHCP snooping used for?

DHCP snooping protects against unauthorized DHCP servers by distinguishing trusted and untrusted ports.

What is Dynamic ARP Inspection used for?

Dynamic ARP Inspection helps prevent ARP spoofing by checking that ARP messages are consistent with trusted information.

Now test what you reviewed

After the review, start the quiz to check whether you really understand the key concepts.

🚀 Start quiz