Introduction to Computer Networking, Architectures, and Topologies

Comprehensive Guide to Layer 2 Switching and VLANs

| Security |

| Switching VLAN STP Port |

10. VLAN Continued

Inter-VLAN communication is only possible via a router or Layer 3 switch
Each VLAN has a unique ID (between 1–4094)
Switch ports can be manually assigned to specific VLANs (Access Ports)
Ports that carry traffic from multiple VLANs are called Trunk ports and use tagging protocols like IEEE 802.1Q

11. Port Security Features

Port Security

Restricts the number of allowed MAC addresses per port


Switch(config-if)#switchport port-security  
Switch(config-if)#switchport port-security maximum 2  
Switch(config-if)#switchport port-security violation shutdown  
Switch(config-if)#switchport port-security mac-address 0000.1111.2222

DHCP Snooping

Blocks rogue DHCP servers
Designates trusted ports for legitimate DHCP responses

ARP Inspection

Prevents spoofing and ARP poisoning attacks
Uses DHCP Snooping tables for verification

Flood Guard

Protects the switch from broadcast storms and MAC flooding
Helps prevent denial-of-service (DoS) attacks

BPDU Guard & Root Guard

BPDU Guard: Prevents BPDU frames on access ports
Root Guard: Prevents undesired switches from becoming Root Bridge

12. Advanced Switching Features

Port Bonding (Link Aggregation)

Combines multiple physical links into a single logical link
Follows the IEEE 802.3ad standard
Boosts bandwidth and redundancy

Power over Ethernet (PoE)

Delivers electrical power through Ethernet cables
Supports IP cameras, VoIP phones, and other powered devices
Complies with IEEE 802.3af and IEEE 802.3at standards

Port Mirroring / SPAN

Copies traffic from one or more ports to a monitoring port
Used for network analysis and intrusion detection


Switch(config)#monitor session 1 source interface Fa0/1  
Switch(config)#monitor session 1 destination interface Fa0/10

13. Conclusion

Layer 2 switching combined with VLANs and advanced security features forms the backbone of modern network architecture. A solid understanding of STP, RSTP, and security protocols such as Port Security and DHCP Snooping is essential for building flexible, scalable, and secure networks. Mastering these concepts is a powerful advantage for both the Network+ exam and professional implementation.