Competencies: Networking > Switching

Switching

Body of Knowledge

Topic	Description	Relevance	Career Tracks
Ethernet Fundamentals	MAC addressing, frame formats, half/full duplex, auto-negotiation, jumbo frames, error detection (CRC). Foundation of all LAN technology.	Critical	Network Engineer, Systems Administrator
VLAN Architecture	802.1Q tagged VLANs, trunk configuration, native VLAN security, VLAN pruning, inter-VLAN routing, DHCP relay across VLANs.	Critical	Network Engineer, Security Engineer
Spanning Tree Protocol (STP)	STP/RSTP/MST fundamentals, root bridge election, port roles and states, BPDU guard, root guard, loop guard. Loop prevention.	Critical	Network Engineer, Data Center Engineer
EtherChannel / Link Aggregation	LACP (802.3ad), static channel groups, load balancing algorithms, member port requirements, troubleshooting bundle issues.	High	Network Engineer, Data Center Engineer
Port Security	MAC-based port security, sticky MACs, violation modes (protect, restrict, shutdown), aging. Defense against MAC flooding attacks.	High	Network Engineer, Security Engineer
Storm Control	Broadcast/multicast/unknown unicast storm suppression, threshold configuration, action modes. Prevents network instability from traffic floods.	Medium	Network Engineer, Data Center Engineer
Private VLANs	Primary and secondary VLANs, isolated and community ports, promiscuous ports. Micro-segmentation within a VLAN for multi-tenant environments.	Medium	Network Engineer, Security Engineer
VXLAN Fundamentals	Virtual extensible LAN for overlay networks, VTEP, VNI, encapsulation, multicast vs unicast replication. Data center network virtualization.	High	Data Center Engineer, Cloud Network Architect
EVPN-VXLAN	BGP EVPN control plane for VXLAN, route types 1-5, MAC mobility, ARP suppression, multi-homing. Modern data center fabric.	Medium	Data Center Engineer, Cloud Network Architect
Cisco Fabric (ACI)	Application Centric Infrastructure, EPG/contract model, spine-leaf topology, policy-driven networking. Cisco software-defined DC networking.	Medium	Data Center Engineer, Network Architect
Network Virtualization (VCS/VSS)	Virtual switching systems, StackWise, chassis virtualization, multi-chassis EtherChannel, cross-stack resilience.	Medium	Network Engineer, Data Center Engineer
Layer 2 Security Features	DHCP snooping, dynamic ARP inspection, IP source guard. Defense against L2 attacks (DHCP starvation, ARP spoofing, IP spoofing).	Critical	Network Engineer, Security Engineer

Topic

Description

Relevance

Career Tracks

Ethernet Fundamentals

MAC addressing, frame formats, half/full duplex, auto-negotiation, jumbo frames, error detection (CRC). Foundation of all LAN technology.

Critical

Network Engineer, Systems Administrator

VLAN Architecture

802.1Q tagged VLANs, trunk configuration, native VLAN security, VLAN pruning, inter-VLAN routing, DHCP relay across VLANs.

Critical

Network Engineer, Security Engineer

Spanning Tree Protocol (STP)

STP/RSTP/MST fundamentals, root bridge election, port roles and states, BPDU guard, root guard, loop guard. Loop prevention.

Critical

Network Engineer, Data Center Engineer

EtherChannel / Link Aggregation

LACP (802.3ad), static channel groups, load balancing algorithms, member port requirements, troubleshooting bundle issues.

High

Network Engineer, Data Center Engineer

Port Security

MAC-based port security, sticky MACs, violation modes (protect, restrict, shutdown), aging. Defense against MAC flooding attacks.

High

Network Engineer, Security Engineer

Storm Control

Broadcast/multicast/unknown unicast storm suppression, threshold configuration, action modes. Prevents network instability from traffic floods.

Medium

Network Engineer, Data Center Engineer

Private VLANs

Primary and secondary VLANs, isolated and community ports, promiscuous ports. Micro-segmentation within a VLAN for multi-tenant environments.

Medium

Network Engineer, Security Engineer

VXLAN Fundamentals

Virtual extensible LAN for overlay networks, VTEP, VNI, encapsulation, multicast vs unicast replication. Data center network virtualization.

High

Data Center Engineer, Cloud Network Architect

EVPN-VXLAN

BGP EVPN control plane for VXLAN, route types 1-5, MAC mobility, ARP suppression, multi-homing. Modern data center fabric.

Medium

Data Center Engineer, Cloud Network Architect

Cisco Fabric (ACI)

Application Centric Infrastructure, EPG/contract model, spine-leaf topology, policy-driven networking. Cisco software-defined DC networking.

Medium

Data Center Engineer, Network Architect

Network Virtualization (VCS/VSS)

Virtual switching systems, StackWise, chassis virtualization, multi-chassis EtherChannel, cross-stack resilience.

Medium

Network Engineer, Data Center Engineer

Layer 2 Security Features

DHCP snooping, dynamic ARP inspection, IP source guard. Defense against L2 attacks (DHCP starvation, ARP spoofing, IP spoofing).

Critical

Network Engineer, Security Engineer

Personal Status

Topic	Level	Evidence	Active Projects	Gaps
VLAN Architecture	Advanced	CHLA campus segmentation across Catalyst stacks; home lab VyOS multi-VLAN topology with tagged trunks, inter-VLAN routing, and DHCP relay	VLANs Reference, Infrastructure Operations	No fabric/VXLAN experience at scale
Switching Fundamentals	Advanced	Catalyst 9300/9200 management — STP tuning, EtherChannel, port security, storm control; CHLA switch stack deployments and IOS-XE upgrades	ISE Policy	No Nexus/NX-OS, no data center switching fabric

Topic

Level

Evidence

Active Projects

Gaps

VLAN Architecture

Advanced

CHLA campus segmentation across Catalyst stacks; home lab VyOS multi-VLAN topology with tagged trunks, inter-VLAN routing, and DHCP relay

VLANs Reference, Infrastructure Operations

No fabric/VXLAN experience at scale

Switching Fundamentals

Advanced

Catalyst 9300/9200 management — STP tuning, EtherChannel, port security, storm control; CHLA switch stack deployments and IOS-XE upgrades

ISE Policy

No Nexus/NX-OS, no data center switching fabric