Top 5 Hardest Topics on the CCNP SWITCH Exam (and how to prepare for them)

- select the contributor at the end of the page -
Like any Cisco professional level exam, the CCNP SWITCH (642-813) exam covers a number of different topics that you are expected to be familiar with. For the SWITCH exam, the main points are features that are run on a number of the Cisco switching platforms. The purpose of this article is to review a few of the more difficult SWITCH topics and how to prepare for them; this list is of course rather subjective.

The five topics I selected for this article are based on an informal review of the SWITCH exam topics and include the Spanning Tree Protocol (STP), Switch Virtual Interface (SVI), Virtual LANs (VLAN), VLAN Trunking Protocol (VTP) and Switch port security.

5. Spanning Tree Protocol (STP)

The thing about studying spanning tree is that it really depends on how deep you are looking to understand it. A good amount of the STP topics covered on most exams can be learned without doing an extensive amount of STP testing on live equipment. This includes a general understanding of what STP does (prevents loops) and generally how this is done in terms of root switches and forwarding and blocking links. A true understanding of how STP really works is needed for those looking to get into a position where the configuration of a switched network is a main part of their duties.  

To understand STP, you must take a number of Cisco switches (cheap ones work, 2950s are really cheap) connect them together and modify the different spanning tree priorities to see how the different paths are calculated depending on the switch acting as the root switch. It is best to do this following a single VLAN at a time at first to ensure a good understanding before looking at how STP works over multiple VLANs (this is assuming default Cisco VLAN behavior).

It is also important to understand the differences between STP and Rapid STP (RSTP). RSTP was developed as a standard to accelerate the state changes of switchports when a change occurs; one common complaint about STP is that an interface can take a long time to transition from blocking to forwarding states. This should also be simulated in the lab and is supported on 2950s as well.

To learn more about STP, checkout these articles on preventing loops with STP and Cisco switching and STP basics.

4. VLANs

While the concept of a Virtual LAN is not that hard to understand once a person has had the ability to see it in action, it can be a hard concept to visualize without actually putting it into action. Like STP, VLANs are supported on cheap switches like the 2950s and can be setup in a number of different scenarios. What can't be done with only these switches is routing between VLANs; for this either a routing device is required (connected via an 802.1q trunk) or a multilayer switch like a 3550 or greater is required.

Essentially a VLAN provides the ability to have multiple LAN segments that exist outside the physical switchports on a device. For example, a single 24 port could be configured into 24 different separate logical networks which could not communicate without the assistance of a layer 3 device (whether that be a router or a multilayer switch). Typically, these are used to separate the different administrative parts of a network, for example, an accounting department and a marketing department; they can also be used on service provider's networks to separate customer traffic.

To learn more about VLANs, here's a couple of articles to get you started: congiguring a Cisco IOS VLAN, private VLAN concepts and private VLAN configuration.

3. VTP

The VLAN Trunking Protocol (VTP) provides a method of configuring VLANs across a number of different connected switches. Each of the switches is connected via a trunking protocol (typically 802.1q).  Via these trunks the different switches communicate to a single database of the VLANs. For example, if switch A is connected to switch B and VTP has been configured, a user on switch A could create a new VLAN 50 which would then be propagated to switch B, and a similar action would occur if a VLAN was deleted.

This feature, like the other ones mentioned, can be tested and practiced with on 2950s. The one big caveat that commonly gets new engineers is the way that switches determine which switch has the most updated version of the VLAN database. This is done via a configuration revision number; the switch with the highest number is considered to have the most recent database. The problem that can occur is when an engineer pulls a switch from a testing environment and inserts it into a live environment, typically in this situation the revision number has been incremented many more times than the live network; once this switch is inserted it can potentially overwrite the contents of the live networks VTP database. Make sure that when inserting a new switch using VTP onto a live network to clear the configuration and reset the revision number before plugging it into the network.

If you're new to VTP, take a look at these free videos on VTP basics, VTP pruning and how to authenticate VTP updates.

2. Switch Virtual Interfaces (SVI)

The general theme that will be shown throughout this article is that hands-on is really the best way to learn any of these technologies; the majority of these can be covered on very cheap equipment like Cisco's 2950s. SVIs and multilayer switching are not one of these features; to test these features a Cisco 3550 or greater is required. An SVI can be created on these devices when routing between VLANs is required.

The concept behind a SVI is that each VLAN can be configured as an interface and those switchports that are inserted into that VLAN are treated like a physical LAN segment. This way the device is able to route traffic between VLANs at layer 3 with the switch itself both switching and routing. This feature is not all that hard to comprehend if the candidate is familiar with routing interfaces, but practice on live equipment will always help in a better understanding of what is possible.

1. Port Security

A big part of any modern switched infrastructure is security; one of the features that can be configured on switches is port security. Port security offers the network designer the ability to limit who and how many devices are allowed on specific switchports. For example, it could be limited to only allow a single device with a specific MAC address. When studying this feature it is best to have a clear idea of what the options are, this includes the three different types of violation actions (shutdown, restrict and protect), the different types of learning (static, dynamic and sticky) and what the default settings are. Port security is also supported on 2950 switches and can be tested with only them if needed.

If you'd like to read up on Port Security, then check out my articles on Switchport Security concepts and Switchport Security configuration.


The real purpose of this article is to give the SWITCH exam candidates an idea of which topics most (but not all) other candidates have trouble with. Hopefully the content of this article is able to help you study for these topics and have a successful voyage towards your CCNP certification.

Pass the 642-813 Exam with TrainSignal's CCNP SWITCH Training

Cisco CCNP SWITCH TrainingTrainSignal's new CCNP SWITCH Training is taught by by CCIE (#14256) Joe Rinehart and offers complete exam coverage of the challenging 642-813 SWITCH exam.

Developing top-notch networking skills is not easy. It requires a solid learning blueprint and a great instructor. Joe's new course offers both and it will help you master STP, VLANs, VTP, SVI, Port Security and more.

Open doors to new career opportunities and get started on your CCNP certification with TrainSignal's CCNP SWITCH Training.

Get our content first. In your inbox.

Loading form...

If this message remains, it may be due to cookies being disabled or to an ad blocker.


Sean Wilkins

Sean Wilkins is an accomplished networking consultant who has been in the IT field for more than 20 years, working with several large enterprises. He is a writer for infoDispersion and his educational accomplishments include: a Master’s of Science in Information Technology with a focus in Network Architecture and Design, and a Master’s of Science in Organizational Management. Sean holds certifications with Cisco (CCNP/CCDP), Microsoft (MCSE) and CompTIA (A+ and Network+).