Using Cisco equipment in a computer networks course

linux
cisco
teaching
Author

Emmanuel Jeandel

Published

April 2, 2025

The goal of this post is to share my experience in using Cisco equipment to teach computer networks.

Computer networks is one of the only course in the computer science curriculum that can involve actual lab work, instead of just doing programming, and I think it’s interesting to do it “for real” instead of using simulators, even if some good ones exist (like kathara).

We use Cisco equipment because we have access to it. It’s also likely it will be the equipment students will use on their actual job. However this equipment is not fit for teaching. There are many things that are done by default which are probably very good in a real environment, but that complicates teaching.

The goal is to explain the best configuration of Cisco switches and routers to make them easier to use in a teaching environment.

I want to stress that some of the defaults in the configuration would be very bad in practice, in a real environment.

This article is neither an endorsement nor a criticism of Cisco products.

Introduction

The audience for this article are teachers wanting to use Cisco equipment to teach a computer networking course. Most of it is not applicable in a real environment.

This article is for people that are already familiar with using real equipment (switches, routers) for a computer networking course, and have a basic understanding of how to configure a Cisco equipment.

It assumes that the problem of how to access the equipment at any given moment to configure it is already solved. In my lab, we use a terminal server for that.

Some of this information might relate to old and obsolete equipment.

Switches

VLANs

Even if VLANs are not in your curriculum, it’s still important to know the fundamentals to understand how the switch should be configured. Weird things might happen even with one vlan.

The tl;dr is that every “normal” (access) port in a switch has a vlan number. Only ports with the same vlan number can communicate with each other. By default, all ports are on vlan 1.

If two switches are linked together by a cable, then ports with the same vlan numbers across the two switches can communicate with each other. For this to work, the ports that link the two switches together should be a trunk port.

VTP

Why you should deactivate it: Weirds things might happen if you connect two switches together, unnecessary traffic.

How to deactivate it:

vtp mode transparent
vtp mode off

VTP, for VLAN Trunking Protocol, is a proprietary protocol that makes VLANs consistent accross switches. Specifically, switches can be VTP servers, clients, or transparent. By default all switches are VTP servers. When a switch is connected to a VTP domain, and its VTP revision number is higher than the other switches in the network, his configuration will be propagated. This is very bad if you play with a switch for some time trying to find a good configuration, then connect it to your network of switches: its information will propagate (its revision number certainly went up from all the experiments), even you don’t want it to. Some sites on the Internet call this the “VTP Bomb”.

CDP

Why to deactivate: Weirds things might happen if you connect two switches together, unnecessary traffic.

CDP is a proprietary cisco protocol for equipments to share info, like their name, operating systems, and some configuration parameters. The main reason to deactivate has to do with the configuration parameters. Every time the configuration of a switch changes, the CDP version number goes up. When two switches using the CDP protocol are connected together (I have no idea if the problem also appears with routers), the one with the least CDP version number will take its configuration from the one with the highest CDP version.

no cdp enable

ou

no cdp run

CDP is another proprietary protocol for switches to say hello to each other. It’s a bit of a security risk because you might learn things about the switches (like its OS, its IP address and domain) you don’t want to. It’s also another thing you don’t need if you just want to experiment in a basic networking course.

DTP

Why you should deactivate it: Unnecessary traffic.

How to deactivate it:

This should be done for each port on the switch. For ports that should be trunk ports (usually ports connected to other switches, but not necessarily)

switchport mode trunk
switchport nonnegotiate

For the access ports:

switchport mode access

DTP is another proprietary protocol for switches to agree which port is a trunk port, and which port is an access port. Essentially it tries to guess which port is connected to another switch. Usually, you know when you’re doing an experiment what each port is doing. Better configure it that way.

LOOP

Why you should deactivate it: Unnecessary traffic.

How to deactivate it:

This should be done for each port on the switch.

no keepalive