LogoفارسیFA

Part of the series

Introduction to Computer Networking, Architectures, and Topologies

~2 min read • Updated Aug 4, 2025

10. VLAN Continued


  • Inter-VLAN communication is only possible via a router or Layer 3 switch
  • Each VLAN has a unique ID (between 1–4094)
  • Switch ports can be manually assigned to specific VLANs (Access Ports)
  • Ports that carry traffic from multiple VLANs are called Trunk ports and use tagging protocols like IEEE 802.1Q

11. Port Security Features


Port Security


Restricts the number of allowed MAC addresses per port



Switch(config-if)#switchport port-security  
Switch(config-if)#switchport port-security maximum 2  
Switch(config-if)#switchport port-security violation shutdown  
Switch(config-if)#switchport port-security mac-address 0000.1111.2222

DHCP Snooping


  • Blocks rogue DHCP servers
  • Designates trusted ports for legitimate DHCP responses

ARP Inspection


  • Prevents spoofing and ARP poisoning attacks
  • Uses DHCP Snooping tables for verification

Flood Guard


  • Protects the switch from broadcast storms and MAC flooding
  • Helps prevent denial-of-service (DoS) attacks

BPDU Guard & Root Guard


  • BPDU Guard: Prevents BPDU frames on access ports
  • Root Guard: Prevents undesired switches from becoming Root Bridge

12. Advanced Switching Features


Port Bonding (Link Aggregation)


  • Combines multiple physical links into a single logical link
  • Follows the IEEE 802.3ad standard
  • Boosts bandwidth and redundancy

Power over Ethernet (PoE)


  • Delivers electrical power through Ethernet cables
  • Supports IP cameras, VoIP phones, and other powered devices
  • Complies with IEEE 802.3af and IEEE 802.3at standards

Port Mirroring / SPAN


  • Copies traffic from one or more ports to a monitoring port
  • Used for network analysis and intrusion detection
    • 
Switch(config)#monitor session 1 source interface Fa0/1  
Switch(config)#monitor session 1 destination interface Fa0/10

13. Conclusion


Layer 2 switching combined with VLANs and advanced security features forms the backbone of modern network architecture. A solid understanding of STP, RSTP, and security protocols such as Port Security and DHCP Snooping is essential for building flexible, scalable, and secure networks. Mastering these concepts is a powerful advantage for both the Network+ exam and professional implementation.


Written & researched by Dr. Shahin Siami

Next SubArticle