Day 4: VLANs, Trunking, and STP

Today's Objective

802.1Q trunks, inter-VLAN routing, Spanning Tree Protocol, RSTP, and the loop prevention that keeps switched networks from melting under broadcast storms.

What You'll Cover Today

Day 4 of CCNA Prep in 5 Days pushes into advanced territory. You have enough foundation now to tackle real-world complexity. Today's exercise is more open-ended than earlier days — that's intentional.

ℹ️

Topics today: port security, DHCP snooping, AAA. Each section has code you can copy and run immediately.

port security

Understanding port security is the core goal of Day 4. The concept is straightforward once you see it in practice — most confusion comes from skipping the mental model and jumping straight to implementation. Start with the model, then write the code.

port security

# port security — Working Example
# Study this pattern carefully before writing your own version

class portsecurityExample:
    """
    Demonstrates core port security concepts.
    Replace placeholder values with your real implementation.
    """
    
    def __init__(self, config: dict):
        self.config = config
        self._validate()
    
    def _validate(self):
        required = ['name', 'type']
        for field in required:
            if field not in self.config:
                raise ValueError(f"Missing required field: {field}")
    
    def process(self) -> dict:
        # Core logic goes here
        result = {
            'status': 'success',
            'topic': 'port security',
            'data': self.config
        }
        return result


# Usage
example = portsecurityExample({
    'name': 'my-implementation',
    'type': 'port security'
})
output = example.process()
print(output)

💡

Key insight: When working with port security, always start with the simplest possible case that works end-to-end. Complexity is easier to add than simplicity is to recover.

DHCP snooping

DHCP snooping is the practical application of port security in real projects. Once you understand the underlying model, DHCP snooping becomes the natural next step.

💡

Pro tip: When working with DHCP snooping, always read the official documentation for the exact version you're using. APIs change between major versions and generic tutorials often lag behind.

AAA

AAA rounds out today's lesson. It connects port security and DHCP snooping into a complete picture. You'll use all three concepts together in the exercise below.

Common Mistakes on Day 4

Skipping the fundamentals — port security requires understanding the underlying model before you can apply it correctly. Read the section twice if needed.
Ignoring error messages — error messages for DHCP snooping are usually precise. Read them carefully before searching online.
Hard-coding values — anything that might change between environments belongs in configuration, not in your source code.
Not testing edge cases — the happy path is not enough. What happens with empty input? With unexpected types? With network failures?

📝 Day 4 Exercise

Security Fundamentals — Hands-On

Set up your environment for today's topic: install required tools and verify the basics work before writing any logic.
Implement a minimal working version of port security using the code example in this lesson as your starting point.
Extend your implementation to incorporate DHCP snooping — this is where the two concepts connect.
Test your implementation with both valid and invalid inputs. What happens at the boundaries?
Review your code: is there anything you'd name differently? Any function doing more than one thing? Refactor one thing.

Day 4 Summary

port security is the foundation of today's lesson — understand it before moving on.
DHCP snooping is how you apply it in real projects.
AAA ties the day's concepts together into a complete pattern.
Error handling and input validation belong in the first version, not as an afterthought.
Read error messages carefully — they usually tell you exactly what's wrong.

Challenge

Extend today's exercise by adding one feature that wasn't in the instructions. Document what you built in a comment at the top of the file. This habit of going one step further is what separates engineers who grow fast from those who stay stuck.

←

← Previous

Day 3: IP Services

Day 5: Automation & Exam Strategy

→

What's Next

The foundations from today carry directly into Day 5. In the next session the focus shifts to Network Security and ACLs — building directly on everything covered here.

Supporting Videos & Reading

Go deeper with these external references.

YouTube

VLANs, Trunking, and STP — Video Walkthroughs Community tutorials and walkthroughs covering the concepts in this lesson.

→

YouTube

VLANs, Trunking, and STP Explained Deep-dive explanations and live-coding sessions from top educators.

→

Official Docs

Official Documentation Primary reference documentation for the technologies covered in this lesson.

→

GitHub

Open Source Examples Real-world codebases demonstrating the patterns taught in this lesson.

→

Day 4 Checkpoint

Before moving on, verify you can answer these without looking:

What is the core concept introduced in this lesson, and why does it matter?
What are the two or three most common mistakes practitioners make with this topic?
Can you explain the key code pattern from this lesson to a colleague in plain language?
What would break first if you skipped the safeguards or best practices described here?
How does today's topic connect to what comes in Day 5?

Live Bootcamp

Learn this in person — 2 days, 5 cities

Thu–Fri sessions in Denver, Los Angeles, New York, Chicago, and Dallas. $1,490 per seat. June–October 2026.

Reserve Your Seat →

Continue To Day 5

Day 5: Automation & Exam Strategy

→