Cisco ICND2 – Describe enhanced switching technologies (including: VTP, RSTP, VLAN, PVSTP, 802.1q)

VTP – VLAN Trunking Protocol:

VLAN Trunking Protocol allows you to create/delete and modify existing VLANs. This information can then be propagated to other switches that use the same VTP domain. When VTP is first configured it defaults to server mode. VTP information is sent via a trunk port. Uses revision numbers to determine whether the switch needs to update its VTP information.

A few requirements:

  1. Cannot be used on non-Cisco switches
  2. VTP domain must be the same
  3. One switch must be configured in server mode
  4. If a VTP password is used, must be configured on all switches

Three VTP modes:

  • Server

Can create, add and modify VTP information to other switches.

  • Transparent

Can create, add and modify VLANs but this isn’t advertised to other switches in the VTP domain, instead these are only local to that switch but a transparent switch will forward VTP advertisements out of trunk ports.

  • Client

Client mode only receives and forwards VTP updates. Can not create, delete or modify existing VLANs

VTP Pruning:

Do not use on transparent switches.

VTP Pruning stops broadcasts of VLANs to other switches that isn’t necessarily.

For example, Switch A forwards a broadcast for VLAN20, Switch B and switch C do not have any access ports for VLAN 20, Switch B and Switch C have let switch A know this information, if VTP pruning is enabled Switch A will not forward the broadcast as it has been informed that switch B and Switch C do not have any hosts on VLAN 20. This helps to preserve bandwidth.

Saving bandwidth with VTP Pruning by Keith Barker explains this perfectly.

STP – Spanning Tree Protocol 802.1d

Spanning Tree Protocol prevents switching loops at layer 2. It elects a root bridge and a root port and does this by sending out BPDUs (bridge protocol data units), a blocked port will still receive BPDUs and needs to receive them in case it needs to come out of the blocked state (link failure, bandwidth changes).


  • BPDU – Bridge Protocol Data Unit  – Ethernet frame sent across the switch network to select the root switch. Each switch compares the BPDUs that it receives from other switches to determine if it should be the root bridge.
  • Root – Switch with the lowest BID
  • BID/Bridge ID – Bridge priority (32768 by default) + MAC address

STP Election

  • Root bridge determined by lowest BID (priority + MAC)
  • All root bridge ports that are connected are placed into designated forwarding state
  • Switches will elect one root port to the root bridge. This is calculated by speed cost, if a tie break then the port with the lowest port ID will be the root port.
  • Root ports can not be designated ports
  • If more than one switch connected to the root bridge, one will be elected the designated bridge based on cost to the root or lowest BID
  • The ports on the designated bridge will forward whilst the port on the non designated bridge will block

STP Port Stats

  • Blocking – Does not forward frames, receives BPDUs. When a switch is first powered on, all ports are in the blocking state.
  • Listening – Receives BPDUs and checks to ensure no loops occur. Prepares to forward frames. Mac address table not built yet.
  • Learning – Receives BPDUs and learns all the paths of the network. Builds the MAC address table but doesn’t forward any frames.
  • Forwarding – Starts forwarding frames if it is the designated port or root port.
  • Disabled – Not really a state, but if the switch is in administratively down (shutdown) then it will not forward frames or receive BPDUs updates.

Port Speeds cost

  • 10Mbps = 100
  • 100Mbps = 19
  • 1Gbps = 4
  • 10Gbps = 2


  • Hello Timer: 2 seconds
  • Max Age: 20 seconds by default
  • Forward Delay: 15 seconds

STP Selects a root bridge with the lowest bridge ID, this calculation is based on bridge priority + MAC address, by default the bridge priority is 32768 unless changed. So if Switch A has a bridge priority of 32768 and mac address 01111.1111.1111 and Switch B has a bridge priority of 32768 and mac address 0000.0000.0000. Switch B would be elected the root bridge as it has the lowest value. It may be good practice to manually change the bridge priority on a switch to a much lower value to ensure that is always the root bridge. The bridge priority can only be set in increments of 4096.

Next STP will elect root ports and designated ports. All connected ports on the root bridge are designated ports. One root port is elected on each switch except for the root bridge. The root port is the port that has the best path to the root bridge, this is calculated by speed cost, if a tie break then the port with the lower port numbers wins.

A designated bridge is elected if there are two or more switches connected to the root bridge, this is based on the lower BID or lower port number. All ports on the designated bridge are put into designated mode. The ports on the non-designated bridge except the root port are put into non-designated mode (blocking) this is to prevent switching loops.

STP detects a link failure between 30-60 seconds this is based on the STP port states.

RSTP – Rapid Spanning Tree 802.1w:

Rapid spanning-tree protocol 802.1w. Faster convergence than spanning-tree protocol hence the ‘rapid’.

RSTP can detect a link failure in 6 seconds (3 hello timers, 2 seconds each)

Port States:

  • Discarding – Compared to disabled/blocking/listening state of STP
  • Listening – Same as STP
  • Forwarding –  Same as STP

PVSTP – Per VLAN Spanning Tree:

Default for catalyst switches. Cisco proprietary protocol, allows for creation of per VLAN spanning tree.


802.1q enables tagging of VLANs over a trunk link.

802.1q and trunking 101 by Keith Barker explains this.


Two types. Cisco version: Port Aggregation Protocol (PAgP) and IEEE 802.3ad Line Aggregation Control Protocol (LCAP).

  • Allows grouping of 2-8 server physical Ethernet links to create one logical Ethernet link. This is to allow fault tolerance and high speed links.
  • EtherChannel seen as one link to STP

Port Fast

Enabls the port to come up much quicker by bypassing the STP process. This can only be used on end user devices (access ports), not for trunk links.

* If there is anything you’d like to add or feel there’s a mistake, please feel free to comment and contribute.

VMware VCP5-DV Resources

As mentioned in a previous blog post, I managed to pass the VCP5-DV exam (second attempt) and thought I would give a list of the resources I used.

Its worth noting before becoming VCP5-DV certified you need to attend a course, see here for my  review on the course I did via the 360gsp college.

The most important place to start studying is checking out the VMware VCP5-DV Exam Blue Print. Be expected to know everything on the blueprint. You get 85 questions with a time limit of 90 minutes for the exam.

When looking at articles/documentation I tend to clip them to Evernote and tag them so I can reference them later. I use Google Chrome with an Evernote plugin to achieve this.

VMware Documentation:


Scott Lowe – Mastering VMware vSphere 5
VMware vSphere 5 Clustering Technical Deepdive by Duncan Epping and Frank Denneman 


TrainSignal – VMware vSphere 5 Training
YouTube has some good videos.



The VMware forums are worth contributing to whilst studying and afterwards.


Whilst I didn’t use the AutoLab, it seems like a great resource. The AutoLab pre-configures a vSphere5 environment.

Practice Questions:

Once you have completed the VMware course, VMware have a mock exam via the VMware learn portal.


I would recommend AnkiDroid as a flashcard app for Android, you can download a VCP5 pack which includes maximums and some practise questions, you can also create your own flashcards. Very useful on the go. I have been using this method of flashcards since my ICND1 stuides. There are other flashcard packs for CCNA etc.

And finally…

Google google google! I found googling topics/errors/etc brought me to loads of VMware blogs, reading articles after articles helped with learning and also the real word stuff.

Most of the people that have blogs are on twitter, I would highly recommend getting into Twitter and following bloggers, its a great way to keep an eye on whats happening quickly. I use Tweetdeck and have multiple lists and columns for bloggers – it’s just a fantastic way to easily filter out the noise on twitter.

You can follow me on twitter @ChrisLStark

So whats next for me? Well, I was studying towards the Cisco ICND2 for the CCNA before I saw the excellent offer by 360gsp college so snapped that up. I shall now continue with my Cisco ICND2 studies and when I have time get more familiar with the vSphere 5 PowerCLI.

Microsoft Access error – You do not have the necessary permissions to use the…

When trying to open an Microsoft Access 2003 database that has security features enabled you may get the following Microsoft Access error displayed “You do not have the necessary permissions” on newer versions of Access:

You do not have the necessary permissions to use the ‘.mdb’ object. Have your system administrator or the person who created this object establish the appropriate permissions for you.

You do not have the necessary permissions

To overcome this slight problem, you need to create a shortcut and link the MDW (Microsoft Access Workgroup information file) with the MDB .

You will need to create a new shortcut Right click New > Shortcut>. When asked type the location of the item. You will need to enter the following, replacing MDB/MDW> to where your files are located and the version of Office you are using. It may be worth opening notepad so you can get the path right and then copy and paste.

* Please note the quotes are required

"C:\Program Files\Microsoft Office\Office14\MSACCESS.EXE" ".mdb" /wrkgrp ".mdw" /user

Replace Office14 with your version of Microsoft Office that is installed. To find this, browse to “C:\Program Files\Microsoft Office\ and note the “Office” folder.

You do not have the necessary permissions

So for example, a correct path would look like:

"C:\Program Files\Microsoft Office\Office14\MSACCESS.EXE" "c:\test.mdb" /wrkgrp "c:\test.mdw" /user

Before creating the shortcut, you can test if this will work by going Start > Run and pasting the path into the run box and clicking ok, if this fails then the shortcut will fail. Check the quotes and path to ensure they’re correct. Once it opens via the run box you can then create the shortcut.

Now when opening the newly created shortcut you should see the database open as normal and presented with a login screen.

London VMUG Thursday 24th January 2013

To start off with I passed the VMware VCP5-DV exam on Tuesday 22nd January 2013 (second attempt) so going to this event with other VCPs felt rather good. 🙂

This was my first VMware user group (VMUG) that I have attended. Some of the meetings I took part in (

  • Nutanix Presentation – Alan Campbell and Rob Tribe, Nutanix
  • Your Journey to the Post-PC Era – Brian Gammage, VMware
  • EUC Panel with VDI Gurus – Brian Gammage, VMware
  • 10Zig Presentation – Thin Client Technology at Its Peak – James Broughton, 10Zig
  • Update – What’s Here and What’s Coming Soon – Spencer Pitts, VMware EUC
  • VMware Certification Update – Gregg Robertson
  • Social beers at The Pavilion End,

It was great meeting people I talk to and follow on twitter, putting a face to a name. I would highly recommend going to one if you can, the social networking, bouncing ideas off each other and asking the pro’s on their thoughts/recommendations is worth the experience. I even got a t-shirt for being a newbie! cool!

In the near future I will be doing a quick summary of the resources I used whilst studying for the VMware VCP5-DV exam.

Review: 360gsp College – VMware vSphere: Install, Configure, Manage [V5.0] course

This post is way overdue.

This is a quick review of the VMware vSphere: Install, Configure, Manage [V5.0] course I attended via 360gsp college.

I attended this course over 4 weekends Saturday – Sunday (8 days) The last couple of days were covering some material that has been cut out of the training material but is on the exam such as host profiles and storage profiles.

The instructor Dai is a fantastic teacher and knows the subject inside out. Any questions we had were answered in confidence.

I was surprised by the level of knowledge of fellow students on the course,  ranging from CCIE to Project Managers, I was not expecting this and this made the course more enjoyable talking to fellow IT professionals.

The facilities and course material were superb, this being my first IT course and self funded I wasn’t disappointed. There is on site parking, although its best calling ahead to ensure a space can be reserved. Across the round from the training centre are a few newsagents and a fast food place (does nice food). There is a pub, but the people hanging outside kinda put as off.. therefore no idea if it’s any good! Be aware there are a couple of cash machines, these do in fact charge. Most of the weekends I took packet lunch as this was cheaper and can just snack in class. There is water (chilled) drinking facilities on site.

I would highly recommend taking the VMware course via the 360gsp college. Other IT Professionals over at certforums have had a similar experience.

I plan on taking the VCP 5 exam sometime early next year. A post will follow with study material I used similar to that of my Cisco ICND 1 post.

VMware vSphere 5 Course via 360gsp college

I have been wanting to do the VMware VCP 5 certification for a while, the main thing that was putting me off was the cost of the course (around £2000+). Thanks to SimonD from Certforums I have come across 360gsp college that had an appealing offer on the VMware vSphere: Install, Configure, Manage [V5.0] course that included a 50% discount. The training company are based in Wembley, London.

The bonus of this training provider is their flexibility of doing the course on weekends – which is great if you can’t take time of during the working week like myself.

I start this weekend 1st September 2012 for the next 4 weekends. I shall be tweeting (@ChrisLStark) my experiences and will try to do a summary up at the end. Android configuration (Exchange)

Since the new has been launched, though still in beta. I have been considering moving from Google Apps to this. Mean reason being, I have a 25GB SkyDrive limit which I’m fully using and seem to prefer SkyDrive to Google Documents and I really like the new interface.

You can configure as an Exchange mail account on Android. To do this fire up the mail app and add a new account.

Enter in your full email “” or if you’re using a personal domain via outlook use “” and your password. When asked what type of account this is, choose Exchange.

For domain/username enter in your full email address, enter in your password and for server change from to and click next and follow the remaining steps (naming account etc).

So that’s emails via delivered to your phone and contacts should also appear in the contacts app via Android.

To export emails if you’re using Google Apps, I found using Thunderbird with IMAP to grab the emails and easy way to do so.

To recap:

Domain/user: or
Password: “Your password”