FastSysAdmin

Basic Switching Practical Tasks List

This comprehensive list covers all practical aspects of switching with detailed tasks to ensure hands-on learning.

🟒 Section 1: Basic Switch Configuration

  • Task 1.1 – Connect to the switch using a console cable
  • Task 1.2 – Set hostname and configure privileged EXEC mode password
  • Task 1.3 – Configure console, VTY (Telnet/SSH) access passwords
  • Task 1.4 – Configure banner message (MOTD) for security warning
  • Task 1.5 – Enable service password-encryption for securing passwords
  • Task 1.6 – Save the configuration permanently (write memory)
  • Task 1.7 – Reload the switch and verify saved configuration
  • Task 1.8 – Set the clock and time zone on the switch
  • Task 1.9 – Configure Syslog and logging levels
  • Task 1.10 – Configure and verify the switch’s IP address and default gateway
  • Task 1.11 – Configure and verify CDP (Cisco Discovery Protocol) settings
  • Task 1.12 – Disable unused services (e.g., HTTP server, small services) for security
  • Task 1.13 – Configure and verify NTP (Network Time Protocol) synchronization
  • Task 1.14 – Use the show running-config and show startup-config commands to understand the difference and the importance of saving configurations.

🟒 Section 2: VLAN Configuration & Management

  • Task 2.1 – Create multiple VLANs (e.g., VLAN 10 – HR, VLAN 20 – IT, VLAN 30 – Finance)
  • Task 2.2 – Assign ports to specific VLANs (switchport mode access)
  • Task 2.3 – Verify VLAN assignments using show vlan brief
  • Task 2.4 – Change VLAN assignment and test connectivity
  • Task 2.5 – Delete a VLAN and observe the impact
  • Task 2.6 – Configure VLAN trunking between two switches (switchport mode trunk)
  • Task 2.7 – Configure allowed VLANs on a trunk (switchport trunk allowed vlan 10,20)
  • Task 2.8 – Use DTP (Dynamic Trunking Protocol) for trunk negotiation
  • Task 2.9 – Disable DTP on access ports for security
  • Task 2.10 – Configure and verify Voice VLANs for IP phones
  • Task 2.11 – Configure and verify Native VLAN on a trunk port
  • Task 2.12 – Troubleshoot VLAN misconfigurations (e.g., mismatched native VLANs)
  • Task 2.13 – Configure and verify VLAN pruning to optimize traffic
  • Task 2.14 – Configure VTP (VLAN Trunking Protocol) in different modes (Server, Client, Transparent).
  • Task 2.15 – Configure VLAN access lists (VACLs) for basic traffic filtering between VLANs

🟒 Section 3: Inter-VLAN Routing (Using Layer 3 Switch)

  • Task 3.1 – Enable IP routing on a Layer 3 switch (ip routing)
  • Task 3.2 – Create SVIs (Switch Virtual Interfaces) for VLANs
  • Task 3.3 – Assign IP addresses to VLANs and enable routing
  • Task 3.4 – Test communication between VLANs with ping
  • Task 3.5 – Configure Inter-VLAN Routing using Router-on-a-Stick
  • Task 3.6 – Implement HSRP (Hot Standby Router Protocol) for redundancy
  • Task 3.7 – Configure and verify static routes on a Layer 3 switch
  • Task 3.8 – Configure and verify default routes on a Layer 3 switch
  • Task 3.9 – Troubleshoot Inter-VLAN routing issues
  • Task 3.10 – Configure and verify DHCP relay for VLANs

🟒 Section 4: Spanning Tree Protocol (STP)

  • Task 4.1 – View default STP settings (show spanning-tree)
  • Task 4.2 – Change STP priority to make a switch the root bridge
  • Task 4.3 – Configure Rapid Spanning Tree Protocol (RSTP)
  • Task 4.4 – Configure Per VLAN Spanning Tree (PVST)
  • Task 4.5 – Enable PortFast on access ports (spanning-tree portfast)
  • Task 4.6 – Enable BPDU Guard to prevent rogue switch attacks
  • Task 4.7 – Configure Root Guard on specific ports
  • Task 4.8 – Configure and verify MSTP (Multiple Spanning Tree Protocol)
  • Task 4.9 – Troubleshoot STP convergence issues
  • Task 4.10 – Configure and verify UplinkFast and BackboneFast
  • Task 4.11 – Configure and verify Loop Guard for additional STP security
  • Task 4.12 – Understand and configure STP timers (hello time, max age, forward delay). Explain the impact of adjusting these.

🟒 Section 5: EtherChannel (Link Aggregation)

  • Task 5.1 – Configure EtherChannel using LACP (802.3ad)
  • Task 5.2 – Configure EtherChannel using PAgP (Cisco proprietary)
  • Task 5.3 – Verify EtherChannel status using show etherchannel summary
  • Task 5.4 – Test load balancing across links
  • Task 5.5 – Configure and verify Layer 3 EtherChannel
  • Task 5.6 – Troubleshoot EtherChannel misconfigurations
  • Task 5.7 – Configure and verify load-balancing algorithms for EtherChannel

🟒 Section 6: Security Features on Switches

  • Task 6.1 – Enable Port Security to restrict MAC addresses
  • Task 6.2 – Configure Port Security violation actions (Shutdown, Restrict, Protect)
  • Task 6.3 – Enable Sticky MAC Addresses on a port
  • Task 6.4 – Implement DHCP Snooping to block rogue DHCP servers
  • Task 6.5 – Enable Dynamic ARP Inspection (DAI) for ARP security
  • Task 6.7 – Disable unused ports for security
  • Task 6.6 – Configure IP Source Guard to prevent spoofing
  • Task 6.7 – Detect a Rogue Switch with CDP & LLDP
  • Task 6.8 – Configure and verify 802.1X port-based authentication
  • Task 6.9 – Configure and verify VLAN ACLs (VACLs) for traffic filtering
  • Task 6.10 – Configure and verify Storm Control to limit broadcast/multicast traffic
  • Task 6.11 – Configure and verify MAC address filtering

🟒 Section 7: Switch Management & Remote Access

  • Task 7.1 – Configure SSH for secure access
  • Task 7.2 – Disable Telnet and allow only SSH
  • Task 7.3 – Create local user accounts for authentication
  • Task 7.4 – Enable AAA authentication using a RADIUS server
  • Task 7.5 – Configure SNMP (Simple Network Management Protocol)
  • Task 7.6 – Implement SPAN (Port Mirroring) for traffic monitoring
  • Task 7.7 – Configure and verify SCP (Secure Copy Protocol) for file transfers
  • Task 7.8 – Configure and verify NetFlow for traffic analysis
  • Task 7.9 – Configure and verify logging to a syslog server
  • Task 7.10 – Configure and verify backup and restore of switch configurations
  • Task 7.11 – Configure and verify Role-Based CLI Access Control (RBAC).

🟒 Section 8: Quality of Service (QoS)

  • Task 8.1 – Enable QoS on a switch
  • Task 8.2 – Configure DSCP-based QoS marking
  • Task 8.3 – Implement QoS priority queues for voice traffic
  • Task 8.4 – Configure and verify Class-Based Weighted Fair Queuing (CBWFQ)
  • Task 8.5 – Configure and verify Policing and Shaping for traffic control
  • Task 8.6 – Configure and verify Auto-QoS for simplified QoS deployment
  • Task 8.7 – Troubleshoot QoS misconfigurations
  • Task 8.8 – Implement and verify queuing mechanisms (e.g., PQ, CQ, WFQ, LLQ).

🟒 Section 9: Redundancy & High Availability

  • Task 9.1 – Configure HSRP (Hot Standby Router Protocol)
  • Task 9.2 – Configure VRRP (Virtual Router Redundancy Protocol)
  • Task 9.3 – Configure GLBP (Gateway Load Balancing Protocol)
  • Task 9.4 – Configure and verify StackWise for switch stacking
  • Task 9.5 – Configure and verify VSS (Virtual Switching System)
  • Task 9.6 – Troubleshoot HSRP/VRRP/GLBP misconfigurations
  • Task 9.7 – Understand and configure FHRP (First Hop Redundancy Protocol).

🟒 Section 10: Private VLANs (PVLANs)

  • Task 10.1 – Create Primary and Secondary VLANs
  • Task 10.2 – Configure Isolated, Community, and Promiscuous Ports
  • Task 10.3 – Test PVLAN communication restrictions
  • Task 10.4 – Configure and verify PVLANs with Layer 3 switches
  • Task 10.5 – Troubleshoot PVLAN communication issues

🟒 Section 11: Troubleshooting & Performance Monitoring

  • Task 11.1 – Use show commands for VLAN and trunk troubleshooting
  • Task 11.2 – Troubleshoot Port Security violations
  • Task 11.3 – Diagnose STP topology changes
  • Task 11.4 – Use SPAN for packet capture
  • Task 11.5 – Test connectivity using Ping and Traceroute
  • Task 11.6 – Use debug commands for advanced troubleshooting
  • Task 11.7 – Analyze and interpret switch logs for issue resolution
  • Task 11.8 – Use NetFlow or SPAN to monitor and analyze traffic patterns
  • Task 11.9 – Troubleshoot EtherChannel and STP convergence delays