Try our training for free.

Gain instant access to our entire IT training library for 1 week. Train anytime on your desktop, tablet, or mobile devices.

Cisco CCNA certification proves your professional worth. It tells prospective employers that you can handle the day-to-day work of running a mid- to large-sized Cisco network....
Cisco CCNA certification proves your professional worth. It tells prospective employers that you can handle the day-to-day work of running a mid- to large-sized Cisco network.

The two-exam CCNA process covers lots of innovative features, which better reflect the skills and knowledge you'll need on the job. Passing both exams is your first step towards higher-level Cisco certification, and trainer Jeremy Cioara has mapped these CCNA training videos to the 640-816 test. This CCNA training is not to be missed.

Here's how one user described Jeremy's training: "By the way, Jeremy Cioara has to be by far one of the BEST Cisco trainers I have ever had the privilege to learn from overall. He not only keeps your attention but his energy is contagious and he provides the information at a level where you grasp it rather easily."

The last day to take the 640-816 exam is Sept. 30, 2013. After that date, the only ICND2 exam available will be 200-101. CBT Nuggets has a training course for the 200-101 exam here.

All trademarks and copyrights are the property of their respective holders.
1. Review: Rebuilding the Small Office Network, Part 1 (33 min)
2. Review: Rebuilding the Small Office Network, Part 2 (28 min)
3. Review: Rebuilding the Small Office Network, Part 3 (23 min)
4. Switch VLANs: Understanding VLANs (16 min)
5. Switch VLANs: Understanding Trunks and VTP (39 min)
6. Switch VLANs: Configuring VLANs and VTP, Part 1 (35 min)
7. Switch VLANs: Configuring VLANs and VTP, Part 2 (39 min)
8. Switch STP: Understanding the Spanning-Tree Protocol (28 min)
9. Switch STP: Configuring Basic STP (21 min)
10. Switch STP: Enhancements to STP (29 min)
11. General Switching: Troubleshooting and Security Best Practices (29 min)
12. Subnetting: Understanding VLSM (18 min)
13. Routing Protocols: Distance Vector vs. Link State (26 min)
14. Routing Protocols: OSPF Concepts (30 min)
15. Routing Protocols: OSPF Configuration and Troubleshooting (39 min)
16. Routing Protocols: EIGRP Concepts and Configuration (32 min)
17. Access-Lists: The Rules of the ACL (27 min)
18. Access-Lists: Configuring ACLs (34 min)
19. Access-Lists: Configuring ACLs, Part 2 (48 min)
20. NAT: Understanding the Three Styles of NAT (20 min)
21. NAT: Command-line NAT Configuration (35 min)
22. WAN Connections: Concepts of VPN Technology (33 min)
23. WAN Connections: Implementing PPP Authentication (34 min)
24. WAN Connections: Understanding Frame Relay (28 min)
25. WAN Connections: Configuring Frame Relay (30 min)
26. IPv6: Understanding Basic Concepts and Addressing (34 min)
27. IPv6: Configuring, Routing, and Interoperating (23 min)
28. Certification: Some Last Words for Test Takers (13 min)
29. Advanced TCP/IP: Working with Binary (25 min)
30. Advanced TCP/IP: IP Subnetting, Part 1 (55 min)
31. Advanced TCP/IP: IP Subnetting, Part 2 (22 min)
32. Advanced TCP/IP: IP Subnetting, Part 3 (19 min)

Review: Rebuilding the Small Office Network, Part 1

Review: Rebuilding the Small Office Network, Part 2

Review: Rebuilding the Small Office Network, Part 3

Switch VLANs: Understanding VLANs

Switch VLANs: Understanding Trunks and VTP

Switch VLANs: Configuring VLANs and VTP, Part 1

Switch VLANs: Configuring VLANs and VTP, Part 2

Switch STP: Understanding the Spanning-Tree Protocol

Switch STP: Configuring Basic STP


Now that we've talked about the concepts behind spanning tree protocol, let's get it set up. We're gonna take a look first off at our new network diagram. We're going to enhance what our network diagram looks like, add some redundant connections, then we will look at the, in the current spanning tree protocol configuration, because it's already running on all CISCO devices. Let's see


how it ran, by default. Then we'll tweak it, we'll tune it, we'll make it more efficient, and then we'll do some tests. I'm gonna do some ping tests and pull some links and see what happens, and how long spanning tree takes to fail over. Now before we get going


into the material, I have to show you something. I have to show you this most amazing, coolest thing, I've ever owned in my life. You may have heard of the Apple iPhone, right. Well, I got one, and you gotta see it. You gotta see this picture I just took


of it. It is the biggest waste of time I have ever had, but I love it and I can't stop using it. Look at what I'm doing. This is an Apple iPhone, right. It is SSH'ed into a CISCO firewall. Look I went into privilege mode enable. I typed in my password. I got into global


config, from my phone. Isn't that awesome. I could fix a network issue from a red light on, on, on the road, or a green light for that matter. Why not? So, anyway, this, this thing is great. I'm telling you. There's, there's hundreds of programs for it, and you can get all kinds of, like, network sniffers for it.


It's, it's amazing. I haven't figured out how to connect to consul table to it yet, but that's, that's, that's my latest cool thing. Okay. Let's talk about STP. So I've made some slight changes to this network diagram since the previous video. All I did for this configuring and testing spanning


tree, is move the pc's back out of their vlan's. Now don't worry, that's a temporary thing. This is just gonna be the basic STP, before we get into all the enhancements, and to do that, everything is just put back into VLAN one. So you can see these two computers


are out of their vlans. They're a sign. They're, they're a normal vlan 1 IP addresses. They're able to ping each other again. These vlan's are still there. They're just, I guess you, we could put a little, not in use, because everything is currently joining vlan 1. Now, in order to set up redundancy, what I did was, connect a cross over cable between switch two and switch three, on fastEthernet0/24 on both of them. Now what that does, is create a redundant link, so if switch one goes down, switch two and switch three can still communicate, and the pc's can talk, they can still at least get across the WAN links, and so on.


They'll just lose connectivity to whatever switch one was connected to, but when I introduce that link into the picture, we now have a loop in the network, so spanning tree needs to jump in and block one of these connections, but before we can determine which one it's gonna block, we have to Telnet in and do some show commands to find out who the root bridge is, so let's do that. I'm gonna take you to the,


let's, let's just start on switch one, that's our core switch. So I'll take you to switch one and type in the show command. You can just type this in from any switch that's running spanning tree. Just type, show spanning tree. You can also type that from your Apple iPhone


if you wanted to. Alright, I'll stop. You can see, I'm gonna stop the upper right there. You can see we have vlan 1 running right now, and it gives some information about spanning tree. It says, spanning tree is enabled protocol i triple e, meaning, its industry standard. Underneath here, you'll see it divided into two sections,


Root ID and Bridge ID. This, right here, is the information about the root, meaning, the root switch currently has the priority 32769. It It currently has the mac address 008, you know, there's a mac address. It currently costs 19 to reach the root and I'm going out port FastEthernet0/11 to get there. As a matter of fact, if you glance down under interfaces, you can see


FastEthernet0/11 is designated as the root port. Okay. So all of this information right here, is information about the root bridge. This, is information about switch one, the switch that you're currently on. You can see the bridge ID is the mac address is this. The hello timing, and how often it is saying hello


and, and checking the spanning tree topology. This is actually how often it's sending out BPD use, to say, hey, is there a loop in the network, once every two seconds, because to a switch, that's, that's not a problem. There's tons of bandwidth to use, so it's always


checking to see if there's a new loop in the network. So this is the divide between the two. Now, you might remember, that I said the default priority on every switch is 32768. That was from the previous video when we talked about the concepts. Now CISCO switches run a special version of spanning


tree we're going to talk about in the enhancements called per VLAN spanning tree. So what it actually does to enhance it, is that the vlan number. They call it a system ID extension to the priority, and so all the switches that are in vlan 1, have 32769 as their priority. If you were in vlan 10, you would have 32778, which would be the priority plus ten more. So it always adds the vlan number, but it's, it's


the same thing. All the switches are tied on their priorities, so it's using the mac address to find out the, or to, to break the tie and, and determine the root bridge. So, while it's all fine and dandy that this has told us, hey, this is the root bridge, I mean, how do you know who has that mac address? Well it's time to trace some cables. You look at your network diagram and find


find out on switch one, what does port 11 or FastEthernet0/11 connect to. We jump back here, FastEthernet0/11 connects to switch two. So chances are, if you follow that link, you're gonna find the root bridge, and as a matter of fact, you can also notice, notice right here FastEthernet0/12 is blocked. So that gives us a big clue, choonk, choonk, that that link is disabled, because that is the least efficient connection. So


the two active links right now, are these two, so you can kind of see and diagnose what spanning tree is doing. Now the problem is, the thirty our core. We want that to be our root. It's the bigger switch, but switch two became the root, just because it has an older mac address, an older manufacturing date, so that's the one that is currently active right now as the root bridge.


So, well actually, let's jump on over to switch two, and just verify from there. I'm going to type in, show spanning tree Look at that. VLAN 1, Root ID, this is the root information, and it says right there, it's very blatant, this bridge is the root. You can look below and see that the mac


address of the bridge ID, which is this switch, matches the mac address of the Root ID, because they're one and the same, same priority, same mac address. Notice every single port is considered designated, because the root bridge never blocks its ports.


So as of right now, this switch, switch two, is our root, and that's why it makes sense that this link over here ended up being blocked. Now when comparing switch three and switch one, switch one must have an older mac address then switch three, because it blocked its side of the connection. Let me show you what I'm talking about. I'll jump over switch


switch three and do a show spanning tree, and you can see, you know, from switch three's perspective, it's like, ay, everything's great. Root port, we've got designated ports all down here. This is what I was talking about in the previous video, that sometimes it's difficult to determine who's blocking their interface, because from switch three's end of the picture, it's saying, hey, I'm great, because only switch one has blocked its interface. Okay. So that's the idea. We verify that spanning


tree is operating. It's not operating efficiency, because the wrong switch got elected as the root. So how do we change that? Let me show you the one major command of spanning tree. If you wanna run nothing but standard spanning tree, this is the only command that you'll need. However, in modern times,


most people will apply some of the spanning tree enhancements, so we'll talk about in the next video, but this is it. We want switch one to be our root, right? So I'm gonna go up to switch one Let's do a show spanning tree there one more time, just to verify that as of right now, we have somebody else as the root, and we know that's, that is currently switch two, so I'm gonna go into global config mode and type in, spanning tree, followed by vlan 1, because we're modifying spanning tree for vlan 1. Everything in this network is running vlan 1 as of right now, so spanning tree vlan 1, I heard the question mark. The key that I'm looking for, well


I can do it one of two ways. I can type in root space, and then choose my primary, primary or secondary. If I type in primary, it will lower my switch priority to the i triple e recommended value. The i triple e is the standards body who created spanning tree, They're gonna set it to a recommended value that they say should be the primary root. The secondary root could be a


backup. For instance, if I had two core switches, or two major switches in my network that I wanted to be redundant for each other, I could set the secondary one as a backup for vlan 1. So, I'll show you the other method in just a second, but let's go back and do a show spanning tree and hit enter, and notice what happened The priority, not the mac address, the priority on my switch was decreased.


It went down to 24577. Again there's that nice dart on the dart board, right, and just, that's a good recommendation. So that is below the 32769, that everything else is in the network. So immediately, this which now becomes the root. Notice, we have designated ports


on every single one. All of them are forwarding, except for the one that was blocked. It's currently in a state of learning. If I hit the up arrow, again, now you can see it's forwarding. I'm actually gonna show you what all the states are in just a moment too.


So, this is now the root, which means, the switch two over here, let's, let's adjust our diagram. This is now the root. Switch two must have been bumped down, so let's hop over to switch two, do a show spanning tree, and sure enough, you can see switch two is no longer the root.


It's pointing to the root bridge, which has that better priority right there, which is currently switch one. Notice it It has one root port, two designated ports, so just guessing, well, very, very confident guessing, I can say that switch three must have blocked that interface, fastEthernet0/24 on that side, because, since this one has all forwarding ports, there has to be a blocked port in the networks, so switch from switch must have been it, and you can see it right there, that fastEthernet0/24 is currently in a blocked state. So that is setting the, the root bridge to switch one,


and that's what you want to do in any one of your networks. Spanning tree is so easy to forget about. You get involved in all kinds of, you know, complex configurations, and you're setting things up, and things aren't working, and you're working through the night on this brand new network, and you get everything set up and you're like, aah, I'm going home, and you forget all about spanning tree.


It's one command, but if you forget it, the, the network will never really run as well as it could, because it's not gonna be set up using the most efficient root bridge possible, and they'll just be running slow, and sure, everybody's gonna get used to it, and they're gonna be like, well, I guess the network is just that slow, and, and life goes on, not realizing all along that you could have a much faster network if you would just have the root bridge set correctly.


Now let me show you the other way to do it. That was using a handy keyword, which was the spanning tree vlan 1 root primary. The other way that you can set the root bridge, is to type in spanning tree vlan 1, and set the priority. This will manually allow you to type in the priority of spanning tree, which this is the value, right here, that it came up for us with, when we went in and, and typed in the primary. So notice right here, it's saying you can


use any value from zero, or zero is obviously the best, all the way up to 61440, but you have to use increments of 4096. I don't know. I know you're thinking why, why did they do it that way, just, because, because they did. So that is the, the range of the, the priorities that you can have, all in increments of 4096. So you could use 04096 8192, and, you know, just keep adding 4096 to find out all the different values. So if you wanted to, you could actually set it down to zero, to make sure that this one always becomes the root. By


the way, that is a known hacking method. I should mention this. You can set up, you know, so let's say, let's say this guy in his cubicle's, a very angry person who wants to try and destroy his, destroy your network. He could plug a managed switch, meaning a high end


switch into the network cubicle wall jack, and type in spanning tree vlan 1 priority zero, to where his switch becomes the root bridge, and then everybody points to that cubicle as the center of the network, and the whole thing just starts going really slow, because it's going through a cubicle wall jack to do most of its connectivity. So there are actually methods


out there that you can put in. It's actually known as root guard, and, and BPDU Guard, and things like that. Those are security systems that you can turn on, that if somebody plugs in an unauthorized switch that tries to do that, it will shut their port right down. Ha, take that. Alright, so we've got the root bridge set up.


Now I want to show you a fail over. Actually, let's jump back to the topology here. I'm gonna show you what I'm gonna do. As of right now, we know we've determined that switch one is the root bridge, because that's what we set it to. This port and this port are forwarding. This link is blocked. It's set as


the backup connection, should any one of those links fail, that spanning tree is managing. So here's what I want to do. I want to initiate a ping, a continual ping from, let's see, I'm sitting on this pc right now, so I'll do a ping from this pc to this pc that's constantly going. Once that ping is going, I'm going


to disable, we'll just say this link right here, shut it down, so that it, it is no longer operational. I wanna see how long spanning tree takes to detect that problem, and then activate this switch link. You're ready. to watch. Here we go. Let me bring up the command prompt first, and I'm gonna type in ping. Actually let me just verify which


one I'm on, IP config. This is, let me just scroll go back up. The pc, which is the smiling pc down here, and shrink his window down, about that big, so we can have the config window at the same time. Now I'm gonna type in ping, - t, which is a repetitive thing, meaning, it's gonna go nonstop. It's just gonna keep on pinging. Alright.


So that's going where we're now actively pinging network station. Let me bring up, actually, slide it up here this, this configuration window, which is switch one. Now let's see if I can still see my network diagram. Switch one is, I'm going to shut down fastEthernet0/12, which will disable the active link that's currently working for spanning tree. I'm gonna keep these both


in the window, right here, so let me go into interface that fastEthernet0/12 and do a shut down. Alright, it is shut down, the pings have now stopped. Notice, the, the connections timing out below. I'm going to, let me just hop on over to switch three. I'm gonna do a show spanning tree right now. Notice


what, what, oops, notice what mode, I don't know if you caught that before. It was in, and look at this. We're down. The networks down right now. It was in listening mode on that back up port, then it went to learning mode, and look at that. Wham. We're now back on line. The, the switch is pinging.


Now that was, I'm, I'm sure you know with my kind of banter, talking and so on, that was about 30 to 50 seconds of a network outage that occurred, just to allow spanning tree to fail over. Now that may sound like, okay, that's, no worries, life is good, but remember, our networks nowadays, are running connections like voice over IP. You have phones running on the network. You have active


file transfers. You have replications. You have airline schedules. You have credit card transactions. You have stock quotes. All of this stuff is happening real-time, step step, step, step, step, flying across your network. If you have a network outage of two seconds,


that's something more people are like, whoa, what just happened? Phone calls drop everywhere, stock quotes get kind of, you know, off in, in off shift. If you go for 30 to 50 seconds in, and let me, let me revise my excitedness here, 30 to 50 seconds in a production network, in a critical business network, you're gonna have a major crisis on your hands. What I just demonstrated,


is, why spanning tree, as it stands right now, is not used very often in full enterprise networks. There's enhanced versions of it that we use. As a matter of fact, watch this. I'm going to go, let's see, back on to switch one, under fastEthernet0/12, and do a no shut down. Let's power that guy back on, yay, will fix everything, right. What


it's going to do, as, as soon as all the links are detected and, and back on line. Notice, notice, you see my equal signs, they've stopped. The network has gone down again. I'm serious. I'm gonna do a show spanning tree, Look at this. FastEthernet0/12 has gone into it's nice little listening state there. Let's do a spanning tree. Now


it's learning. Meanwhile, imagine people right now going ha, ha network down, phone calls dropping, customer dissatisfaction, airlines are out of wack, credit cards aren't being processed. See, I'm trying to, I'm trying to hype this up here. There's got, you know, there's, there's a major network, and finally, we're, we're still dying here. It looks like the port is forwarding, but


something still hasn't come back online. This is actually known as a blocking timer. Eventually, give it 60 seconds, give it a minute and a half or so, eventually it will renegotiate, and the port will come back on line and go active. Spanning tree, the version that we just saw,


was developed a long time ago. I mean, think when switches came out, that's when spanning tree came with it, because people wanted a redundant connection. So we're talking a, a technology, that a decade ago, it wasn't that big of a deal to have an outage of 30 seconds. That's alright, but nowadays, we have to use enhanced


versions. So there it is, basic spanning tree protocol, essentially a protocol that is necessary in our networks, but needs to be enhanced and upgraded, as we just saw. So, what we first off looked at, was enhancing our network diagram, by adding in a redundant link between the two switches, which spanning tree did its job. It identified it, and it blocked it. So we identified


the current spanning tree configuration, which just the oldest switch that you have in your network, will be elected as the root bridge, and all the switches will find the best way to reach that root bridge, and then block all the redundant connections.


So, what we need to do, is find the best switch in our network, even in the enhanced version. I, I don't mean to hype the enhanced version, like everything's better, everything's changed, although it is a lot better, but in the enhanced version, we still have to elect a root bridge. We still have to make


sure that we have, you know, all the core technology of spanning tree even in, in the enhanced versions is the same. So we have to configure a root bridge and set that up as the core of our network, and all the switches will find the best way to the center and work from there.

Switch STP: Enhancements to STP

General Switching: Troubleshooting and Security Best Practices

Subnetting: Understanding VLSM

Routing Protocols: Distance Vector vs. Link State

Routing Protocols: OSPF Concepts

Routing Protocols: OSPF Configuration and Troubleshooting

Routing Protocols: EIGRP Concepts and Configuration

Access-Lists: The Rules of the ACL

Access-Lists: Configuring ACLs

Access-Lists: Configuring ACLs, Part 2

NAT: Understanding the Three Styles of NAT

NAT: Command-line NAT Configuration

WAN Connections: Concepts of VPN Technology

WAN Connections: Implementing PPP Authentication

WAN Connections: Understanding Frame Relay

WAN Connections: Configuring Frame Relay

IPv6: Understanding Basic Concepts and Addressing

IPv6: Configuring, Routing, and Interoperating

Certification: Some Last Words for Test Takers

Advanced TCP/IP: Working with Binary

Advanced TCP/IP: IP Subnetting, Part 1

Advanced TCP/IP: IP Subnetting, Part 2

Advanced TCP/IP: IP Subnetting, Part 3

Please help us improve by sharing your feedback on training courses and videos. For customer service questions, please contact our support team. The views expressed in comments reflect those of the author and not of CBT Nuggets. We reserve the right to remove comments that do not adhere to our community standards.

comments powered by Disqus
16 hrs 32 videos


Basic Plan Features

Speed Control
Included in this course
Play videos at a faster or slower pace.

Included in this course
Pick up where you left off watching a video.

Included in this course
Jot down information to refer back to at a later time.

Closed Captions
Included in this course
Follow what the trainers are saying with ease.

Files/materials that supplement the video training

Premium Plan Features

Practice Exams
These practice tests help you review your knowledge and prepare you for exams.

Virtual Lab
Use a virtual environment to reinforce what you are learning and get hands-on experience.

Offline Training
Included in this course
Our mobile apps offer the ability to download videos and train anytime, anywhere offline.

Accountability Coaching
Included in this course
Develop and maintain a study plan with assistance from coaches.
Jeremy Cioara
Nugget trainer since 2003