SlideShare ist ein Scribd-Unternehmen logo

Switching vla ns_secugenius_harksh_mikemclain_secugenius security solutions

Als PPT, PDF herunterladen
Mike McLain
Mike McLain
1 von 57
Switching & VLANs
   Switch act as a multiport bridge and its basic duty is to break collision domain. Layer 2 switches and bridges are faster than routers because they don’t take up time looking at the Network layer header information. Switches look at frame’s hardware addresses before deciding to either forward the frame or drop it. Switching Basics
Switching Basics    Switches create private dedicated collision domain. They provide independent bandwidth on each port. Layer 2 switching provide the following:     Hardware based bridging (Application Specific Integrated Circuit – ASIC) Wire Speed Low latency Low cost.
Switching Basics    Switches do not do any modification to the data packet. They only read the frame encapsulating the packet. This makes the switching process considerably faster and less error-pron than routing process.
Switches create private domain
Bridging Vs. LAN Switching     Bridges are software based, while switches are hardware based because switches use ASIC chips to help make filtering decisions. A switch is basically a multiport bridge. Bridges can only have one spanning tree instance per bridge, while switches can have many. Switches have more number of ports.
Bridges and Switches    Both poses multiple COLLISION DOMAIN but one BROADCAST DOMAIN. Both learn MAC addresses by examining the source address of each frame received. Both make forwarding decisions based on layer 2 addresses.
Functions of Switch  Address Learning:    Layer 2 switches remember the source hardware address of each frame received on an interface . Switches enter this information into a MAC database called a forward/filter table. Forward/Filter Decision:   When a frame is received on an interface, the switch looks at the destination hardware address and fields the exit interface in the MAC database. The frame is only forwarded out the specified destination port.
Functions of Switch  Loop Avoidance:   If multiple connections between switches are created for redundancy purpose, network loops can occur. Spanning Tree Protocol (STP) is used to stop network loops while still permitting redundancy.
   When switch is first powered on, the MAC forward/filter table is empty. When an interface receives a frame, the switch places the frame’s source address in MAC forward/filter table, allowing it to remember which interface the sending device is located on. Switch then floods the network with this frame out of every port except the source port because it has no idea where the destination device actually located. Address Learning
Address Learning  If a device answers this flooded frame and sends a frame back, then:    Switch takes the source address from that frame and place the mac address in the database as well. Switch associates this address with the interface that received the frame. Since the switch now has both the relevant MAC address in its filtering table, the two devices can now make a point-t0-pont connection
Forward/Filter Decisions    When a frame arrives at a switch interface, the destination hardware address in compared to the MAC forward/filter table. If the destination hardware is known and listed in the database, the frame is only sent out the correct exit interface. This preserves bandwidth and is called as frame filtering.
Forward/Filter Decisions   If destination hardware address is not listed in the MAC database, then the frame is flooded out all active interfaces except the interface the frame was received on. If a device answers the flooded frame, the MAC database is updated with the device interface.
Loop Avoidance  Redundant links between switches are a good idea because they help prevent complete network failure in the event one link stops working.  But in a redundant link frames can be flooded down all redundant links simultaneously, resulting in network loops.
Redundant links may invite following set of problems:  If no loop avoidance schemes are put in place, the switches will flood broadcast endlessly. Following figure illustrates it: Broadcast Storm
A device can receive multiple copies of the same frame, since that frame can arrive from multiple segments simultaneously. Following figure demonstrates it best.  The server in this figure sends a unicast frame to router C.  Since it’s a unicast frame, switch A forwards the frame and switch B provides the same service – it forwards the broadcast.  This is not good because now route C will receive unicast frame twice, causing additional overhead on 
 The MAC address filter table will be totally confused about the devices location because the switch can receive the frame from more than one links.  Multiple loops could be generated. This mean a loop can occur within other loop.
Spanning Tree Protocol     Its main task is to stop routing loops from occurring on layer 2. (Bridges or Switches) It monitors the network to find all links making sure that no loops occur by shutting down the redundant link. It uses Spanning Tree Algorithm (STA), to first create a topology database, then search out and destroy redundant links. With STP running, frames are only forwarded on the STP, picked links.
LAN Switch Types    LAN Switch Types decide how a frame is handled when it’s received on a switch port. Latency: The time switch takes for a frame to be sent out an exit port once the switch receives the frame. There are three switching modes:    Cut – through (Fast Forward) Fragment Free (Modified cut-through) Store-and-forward
 Cut-through (Fast Forward):   Fragment Free (Modified cut-through):    In this mode, the switch only waits for the destination hardware address to be received before it looks up the destination address in the MAC filter table. In this mode, the switch checks the first 64 bytes of a frame before forwarding it for fragmentation. This is the default mode for catalyst 1900 series switch. Store-and-forward:  In this mode, the complete frame is received on the switch’s buffer, a CRC is run and then the switch looks up the destination address in the MAC forward/filter table.
Different switching modes within a frame
Cut - Through With cut-through switching method, the LAN switch reads only the destination.  That is it looks at the first six bytes following the preamble.  It then:      Looks up the hardware destination address in the MAC switching table. Determines the outgoing interface. Proceeds to forward the frame towards its destination. A cut-through switch helps in reducing latency, because its begins to forward the frame as soon as it reads the destination address and determines the outgoing interface.
Fragment Free Through) (Modified Cut – It is a modified form of cut-through switching in which the switch waits for the collision window (64 bytes) to pass before forwarding.  This is because if a packet has a collision error, it almost always occurs within the first 64 bytes.  This means each frame will be checked into the data field to make sure no fragmentation has occurred.  Fragment Free mode provides better error checking than the cut-through mode with practically no increase in latency.  It is the default switching mode for 1900 switches. 
Store – and – Forward It is CISCO’s primary LAN switching method.  In this method, the LAN switch copies the entire frame onto its onboard buffers and then computes the CRC (Cyclic Redundancy Check).  Since it copies the entire frame, latency through the switch varies with frame length.  The frame is discarded if it contains a CRC error:     If it is too short (Less then 64 bytes including the CRC) If it is too long (More than 1518 bytes, including the CRC) If the frame doesn’t contain any error, the LAN switch looks up the destination hardware address in its MAC forward/filter table to find the correct outgoing interface.
Spanning Tree Terms  STP:    It is a bridge protocol that uses the STA to find redundant links dynamically. It creates a spanning tree topology database. Bridges exchange BPDU messages with other bridges
Configuring 1900 & 2950 catalyst switches  We will cover following list of tasks:          Setting the password Setting the hostname Configuring the ip address and subnet masks Setting a description on the interface Erasing the switch configuration Configuring VLANs Adding VLAN membership to switch port. Creating VTP domain. Configuring trunking.
Setting the password  1900 Series:     It uses same command to set both user level password as well as privileged password, but with different level numbers. Level is 1 for user level and 15 for privilege level. Password length should be from 4 to 8 characters. Setting user password:   switch(config)# enable password level 1 cisco Setting privileged level password  switch(config)# enable password level 15 cisco
Setting the password  2950 Series:   To set user mode password for the 2950 switch, we configure the line just as we would do on a router. Console:   Telnet:   switch(config)# line console 0 switch(config-line)# password cisco switch(config-line)# login switch(config)# line vty 0 15 switch(config-line)# password cisco switch(config-line)# login Enable secret password is set in the same way as we would do for a router.  switch(config)# enable secret cisco
Setting hostname    The hostname on a switch is only locally significant. This means it doesn’t have any function on the network or with the name resolution. (Though it has an exception with PPP authentication) 1900 Series:   switch(config)# hostname LAN1 2950 Series:  switch(config)# hostname LAN1
Setting IP information    Generally a switch doesn’t need any ip address at all to manager a LAN. There are exceptions though. We have got two reasons where we probably do want to set IP address information on the switch.   To manage the switch via TELNET or other management software. To configure the switch with different VLANs and other network functions.
Setting IP information  1900 Switch:   By default no ip address or default gateway information is set. We can verify this by using the command sh ip at privileged mode.   Switch#sh ip IP address and default gateway are set through GCM.  Switch(config)# ip address 172.16.10.16 255.255.255.0 Switch(config)# ip default-gateway 172.16.10.1
Setting IP information  2950 Switch :     In 2950 switch , we consider a default VLAN with the switch. This VLAN is called as VLAN1. Every port on switch is a member of VLAN1 by default. We always set ip address for VLAN1.  Switch(config)# interface vlan1 Switch(config-if)# ip address 172.16.10.17 255.255.255.0 Switch(config-if)#exit Switch(config)# ip default-gateway 172.16.10.1
Configuring Interface Description    We can administratively set a name for each interface on the switches. These descriptions are only locally significant. 1900 Switch:    Description command is used from interface configuration mode. Spaces can't be used within description. Switch(config)# int e0/1 Switch(config-if)# description Finance_VLAN Switch(config)# int f0/26 Switch(config-if)# description trunk_to_building_4
Configuring Interface Description  2950 Switch:    Description command is used from interface configuration mode. Spaces can be used within description. Switch(config)# int fastEthernet 0/1 Switch(config-if)# description Sales Printer Switch(config)# int f0/12 Switch(config-if)# description trunk_to_building_4
Erasing the Switch Configuration  1900 Switch:     We can’t see the content of NVRAM. We can only view RAM’s content. When we make changes to switch’s running configuration, it automatically copies it to the NV RAM. Following syntax helps us in deleting NVRAM’s contents.  Switch# delete nvram
Erasing the Switch Configuration  2950 Switch:   Concepts of startup config and running config holds exactly same as they do with routers over here. Following syntax helps us in deleting NVRAM’s contents.  Switch# erase startup-config
Virtual LANs (VLANs)    A VLAN is a logical grouping of network users and resources connected to administratively defined ports on a switch. VLANs allow us to break broadcast domain in a pure switched internetwork. VLANs allow us to create smaller broadcast domains within a layer 2 switched based internetwork.
How VLANs simplify management? network Network adds, moves and changes are achieved by configuring a port into the appropriate VLAN.  A group of users needing high security can be put into a VLAN so that no users outside of the VLAN can communicate with them.  VLANs are independent from their physical or logical locations.  VLANs can enhance network security.  VLANs increase no. of broadcast domains and decrease the size of each broadcast domain. 
Broadcast Control    All devices in a VLAN are member of same broadcast domain and receive all broadcasts. The broadcasts, by default, are filtered from all ports on a switch that are not member of the same VLAN. This is one of the prime benefit that we get with a VLAN based switched network, otherwise we would have faced serious problem if all our users were in same broadcast domain.
Security       In a flat network anyone connecting to the physical network could access the network resources located that physical LAN. In order to observe any/all traffic happening in that network one has to simply plug a network analyzer into the hub. Users can join any workgroup by just plugging their workstations into the existing hub. By building VLANs and creating multiple broadcast groups, administrators can now have control over each port and user. Since VLANs can be created in accordance with the network resources a user requires, a switch can be configured to inform a network management station of any unauthorized access to network resources. During inter VLAN communication, we can implement restrictions on a router to achieve it.
Flexibility and Scalability  By assigning switch ports or users to VLAN groups on a switch or group of switches, we gain flexibility to add only the users we want into that broadcast domain regardless of their physical location.  When a VLAN becomes to big, we can create more VLANs to keep broadcasts from consuming too much bandwidth.
Physical LAN connected to a Router
Switches removing physical boundary
Static VLAN    These VLANs are created by administrators. An administrator creates static VLANs and then assigns switch port to each VLAN. Static VLANs are:     Most secure Comparatively easy to set up and monitor. Works well in a network where the movement of users within the network is controlled. Switch port that is assigned a VLAN association to always maintains the association until an administrator changes that port assignment.
Dynamic VLAN When network administrator assigns, all the host device's hardware addresses into a database, the switches can be configured to assign VLANs dynamically whenever a host is plugged into a switch.  These are called as dynamic VLANs. A dynamic VLAN determines node’s VLAN assignment automatically.  Using intelligent management software, we can base VLAN assignment on hardware address (MAC address), protocols, or even applications to create dynamic VLANs. 
Dynamic VLAN Suppose MAC addresses have been entered into centralized VLAN management application.  If a node is then attached to an unassigned switch port, the VLAN management database can look up the hardware address and assign and configure the switch port to the correct VLAN.  Its make management and configuration easier because if a user moves, the switch will assign them to the correct VLAN automatically.  CISCO allows us to use the VLAN Management Policy Server (VMPS) service to set up a database of MAC addresses that can be used for dynamic addressing of VLANs.  A VMPS database maps MAC addresses to VLANs. 
VLAN links   Frames are handled differently according to the type of link they are traversing in a switch. Following two links are available in a switched network:   Access Link Trunk Link
Access Link This type of link is only part of one VLAN, and it’s referred to as the native VLAN of the port.  Any device attached to an access link is unaware of a VLAN membership. The device just assumes it’s part of a broadcast domain, but it has no understanding of the physical network.  Switches remove any VLAN information from the frame before it’s sent to an access-link device.  Access-link devices cannot communicate with devices outside their VLAN unless the packet is routed. 
Trunk Link  A trunk line is a 100 or 1000 Mbps point-to-point link between:         Two switches A switch and a router A switch and a server Trunk lines carry traffic of VLANs from 1 to 1005 at a time. Trunking allows us to make a single port part of multiple VLANs at the same time. We can actually set things up to have a server in two broadcast domains simultaneously, so that users don’t have to cross the router to log in and access it. Another advantage of trunking is when we are connecting switches. Trunk links can carry some or all VLAN information across the link, but if the links between switches aren’t trunked, only VLAN 1 information will be switched across the link by default.
Access and Trunk Links in a switched network
Creating & Verifying VLANs switch  Creating VLANs:    Mode: GCM Syntax: Switch(config)# VLAN VLAN number name VLAN name E.g. switch(config)# VLAN 2 name sales Verifying VLANs:   Mode: Privileged Syntax: Switch# show VLAN 1900
Creating & Verifying VLANs 2950 switch  Creating VLANs: Mode: Privileged and switch config  Syntax: Switch# VLAN database Switch(VLAN)# VLAN VLAN number name VLAN name Switch(VLAN)# apply E.g. Switch(VLAN)# VLAN 2 name sales Switch(VLAN)# VLAN 3 name mkt Switch(VLAN)# apply   Verifying VLANs:   Mode privileged Syntax: Switch# show VLAN brief
Assigning switch ports to VLANs 1900 switch Mode: Interface Specific  Syntax: Switch(config)# int interface no. Switch(config – if)# VLAN-membership static VLAN no. Example 1: Switch(config)# int e0/2 Switch(config – if)# VLAN-membership static 2 Example 2: Switch(config)# int e0/3 Switch(config – if)# VLAN-membership static 3 Example 3: Switch(config)# int e0/4 Switch(config – if)# VLAN-membership static 2 
Assigning switch ports to VLANs 2950 switch Mode: Interface Specific  Syntax: Switch(config)# int interface no. Switch(config – if)#switchport access VLAN VLAN no. Example 1: Switch(config)# int f0/2 Switch(config – if)# switchport access VLAN 2 Example 2: Switch(config)# int f0/3 Switch(config – if)# switchport access VLAN 3 Example 3: Switch(config)# int f0/4 Switch(config – if)# switchport access VLAN 2 
Frame Tagging Switch fabric: It is a group of switches sharing the same VLAN information.  Frame tagging is a frame identification method, which uniquely assigns a user-defined ID to each frame.  It is also called as VLAN id or color.  How does it work?      Each switch that the frame reaches must first identify the VLAN ID from the frame tag. Then it finds out what to do with the frame by looking at the information in the filter table. If the frame reaches a switch that has another trunked link, the frame will be forwarded out the trunk-link port. Once the frame reaches an exit to an access link matching the frames VLAN ID, the switch removes the VLAN identifier so that the destination device receive the frames without having to understand their VLAN identification.

Empfohlen

CCNA - Switching Concepts made easy
CCNA - Switching Concepts made easyCCNA - Switching Concepts made easy
CCNA - Switching Concepts made easysushmil123
 
CCNA- Router on stick, VLAN and Trunking
CCNA- Router on stick, VLAN and TrunkingCCNA- Router on stick, VLAN and Trunking
CCNA- Router on stick, VLAN and TrunkingRafat Khandaker
 
Packet Tracer: WAN, point to point links.
Packet Tracer: WAN, point to point links.Packet Tracer: WAN, point to point links.
Packet Tracer: WAN, point to point links.Rafat Khandaker
 
Ccna3 mod9-vtp
Ccna3 mod9-vtpCcna3 mod9-vtp
Ccna3 mod9-vtpMilton Bengui
 
Switching
SwitchingSwitching
SwitchingNetwax Lab
 
Ccna 3 v 4.0 final-exam-17-07-2010
Ccna 3 v 4.0 final-exam-17-07-2010Ccna 3 v 4.0 final-exam-17-07-2010
Ccna 3 v 4.0 final-exam-17-07-2010irbas
 
Switching
SwitchingSwitching
SwitchingCYBERINTELLIGENTS
 
Www ccnav5 net_ccna_1_chapter_5_v5_0_exam_answers_2014
Www ccnav5 net_ccna_1_chapter_5_v5_0_exam_answers_2014Www ccnav5 net_ccna_1_chapter_5_v5_0_exam_answers_2014
Www ccnav5 net_ccna_1_chapter_5_v5_0_exam_answers_2014Đồng Quốc Vương
 

Empfohlen

CCNA - Switching Concepts made easy
CCNA - Switching Concepts made easyCCNA - Switching Concepts made easy
CCNA - Switching Concepts made easysushmil123
 
CCNA- Router on stick, VLAN and Trunking
CCNA- Router on stick, VLAN and TrunkingCCNA- Router on stick, VLAN and Trunking
CCNA- Router on stick, VLAN and TrunkingRafat Khandaker
 
Packet Tracer: WAN, point to point links.
Packet Tracer: WAN, point to point links.Packet Tracer: WAN, point to point links.
Packet Tracer: WAN, point to point links.Rafat Khandaker
 
Ccna3 mod9-vtp
Ccna3 mod9-vtpCcna3 mod9-vtp
Ccna3 mod9-vtpMilton Bengui
 
Switching
SwitchingSwitching
SwitchingNetwax Lab
 
Ccna 3 v 4.0 final-exam-17-07-2010
Ccna 3 v 4.0 final-exam-17-07-2010Ccna 3 v 4.0 final-exam-17-07-2010
Ccna 3 v 4.0 final-exam-17-07-2010irbas
 
Switching
SwitchingSwitching
SwitchingCYBERINTELLIGENTS
 
Www ccnav5 net_ccna_1_chapter_5_v5_0_exam_answers_2014
Www ccnav5 net_ccna_1_chapter_5_v5_0_exam_answers_2014Www ccnav5 net_ccna_1_chapter_5_v5_0_exam_answers_2014
Www ccnav5 net_ccna_1_chapter_5_v5_0_exam_answers_2014Đồng Quốc Vương
 
Final exam ccna exploration 3 lan switching and wireless
Final exam ccna exploration 3 lan switching and wirelessFinal exam ccna exploration 3 lan switching and wireless
Final exam ccna exploration 3 lan switching and wirelesskratos2424
 
Switching
SwitchingSwitching
SwitchingCYBERINTELLIGENTS
 
STP (spanning tree protocol)
STP (spanning tree protocol)STP (spanning tree protocol)
STP (spanning tree protocol)Netwax Lab
 
CCNA Routing Fundamentals - EIGRP, OSPF and RIP
CCNA Routing Fundamentals - EIGRP, OSPF and RIPCCNA Routing Fundamentals - EIGRP, OSPF and RIP
CCNA Routing Fundamentals - EIGRP, OSPF and RIPsushmil123
 
Expl sw chapter_02_switches_part_1
Expl sw chapter_02_switches_part_1Expl sw chapter_02_switches_part_1
Expl sw chapter_02_switches_part_1aghacrom
 
Inter VLAN Routing
Inter VLAN RoutingInter VLAN Routing
Inter VLAN RoutingNetwax Lab
 
Switching Types
Switching TypesSwitching Types
Switching TypesKishore Kumar
 
Ccna 3 chapter 3 v4.0 answers 2011
Ccna 3 chapter 3 v4.0 answers 2011Ccna 3 chapter 3 v4.0 answers 2011
Ccna 3 chapter 3 v4.0 answers 2011Dân Chơi
 
Basic switching concepts and configuration
Basic switching concepts and configurationBasic switching concepts and configuration
Basic switching concepts and configurationMohammedseleim
 
Layer 2 & layer 3 switching
Layer 2 & layer 3 switchingLayer 2 & layer 3 switching
Layer 2 & layer 3 switchingMuhd Mu'izuddin
 
Mlag invisibile layer 2 redundancy
Mlag invisibile layer 2 redundancyMlag invisibile layer 2 redundancy
Mlag invisibile layer 2 redundancyCumulus Networks
 
Lab view the switch mac address table lab - view the switch
Lab view the switch mac address table lab - view the switchLab view the switch mac address table lab - view the switch
Lab view the switch mac address table lab - view the switchADDY50
 
Ch3 ccna exploration 3 lan switching and wireless
Ch3 ccna exploration 3 lan switching and wirelessCh3 ccna exploration 3 lan switching and wireless
Ch3 ccna exploration 3 lan switching and wirelesskratos2424
 
第15讲 Stp
第15讲 Stp第15讲 Stp
第15讲 StpF.l. Yu
 
Spanning tree protocol
Spanning tree protocolSpanning tree protocol
Spanning tree protocolhazimalghalayini
 
Ccna 3 chapter 2 v4.0 answers 2011
Ccna 3 chapter 2 v4.0 answers 2011Ccna 3 chapter 2 v4.0 answers 2011
Ccna 3 chapter 2 v4.0 answers 2011Dân Chơi
 
VLAN
VLANVLAN
VLANAnuj Kumar
 
CCNA Exam 200-120 pdf
CCNA Exam 200-120 pdfCCNA Exam 200-120 pdf
CCNA Exam 200-120 pdfMadhan Banda
 
VTP
VTPVTP
VTPHaidar-Mohammed
 
Packet Tracer: Cisco, Spanning tree protocol
Packet Tracer: Cisco, Spanning tree protocolPacket Tracer: Cisco, Spanning tree protocol
Packet Tracer: Cisco, Spanning tree protocolRafat Khandaker
 
Ceh v5 module 10 session hijacking
Ceh v5 module 10 session hijackingCeh v5 module 10 session hijacking
Ceh v5 module 10 session hijackingVi Tính Hoàng Nam
 
Ce hv6 module 60 firewall technologies
Ce hv6 module 60 firewall technologiesCe hv6 module 60 firewall technologies
Ce hv6 module 60 firewall technologiesVi Tính Hoàng Nam
 

Weitere ähnliche Inhalte

Was ist angesagt?

Final exam ccna exploration 3 lan switching and wireless
Final exam ccna exploration 3 lan switching and wirelessFinal exam ccna exploration 3 lan switching and wireless
Final exam ccna exploration 3 lan switching and wirelesskratos2424
 
STP (spanning tree protocol)
STP (spanning tree protocol)STP (spanning tree protocol)
STP (spanning tree protocol)Netwax Lab
 
CCNA Routing Fundamentals - EIGRP, OSPF and RIP
CCNA Routing Fundamentals - EIGRP, OSPF and RIPCCNA Routing Fundamentals - EIGRP, OSPF and RIP
CCNA Routing Fundamentals - EIGRP, OSPF and RIPsushmil123
 
Expl sw chapter_02_switches_part_1
Expl sw chapter_02_switches_part_1Expl sw chapter_02_switches_part_1
Expl sw chapter_02_switches_part_1aghacrom
 
Inter VLAN Routing
Inter VLAN RoutingInter VLAN Routing
Inter VLAN RoutingNetwax Lab
 
Ccna 3 chapter 3 v4.0 answers 2011
Ccna 3 chapter 3 v4.0 answers 2011Ccna 3 chapter 3 v4.0 answers 2011
Ccna 3 chapter 3 v4.0 answers 2011Dân Chơi
 
Basic switching concepts and configuration
Basic switching concepts and configurationBasic switching concepts and configuration
Basic switching concepts and configurationMohammedseleim
 
Layer 2 & layer 3 switching
Layer 2 & layer 3 switchingLayer 2 & layer 3 switching
Layer 2 & layer 3 switchingMuhd Mu'izuddin
 
Mlag invisibile layer 2 redundancy
Mlag invisibile layer 2 redundancyMlag invisibile layer 2 redundancy
Mlag invisibile layer 2 redundancyCumulus Networks
 
Lab view the switch mac address table lab - view the switch
Lab view the switch mac address table lab - view the switchLab view the switch mac address table lab - view the switch
Lab view the switch mac address table lab - view the switchADDY50
 
Ch3 ccna exploration 3 lan switching and wireless
Ch3 ccna exploration 3 lan switching and wirelessCh3 ccna exploration 3 lan switching and wireless
Ch3 ccna exploration 3 lan switching and wirelesskratos2424
 
第15讲 Stp
第15讲 Stp第15讲 Stp
第15讲 StpF.l. Yu
 
Ccna 3 chapter 2 v4.0 answers 2011
Ccna 3 chapter 2 v4.0 answers 2011Ccna 3 chapter 2 v4.0 answers 2011
Ccna 3 chapter 2 v4.0 answers 2011Dân Chơi
 
CCNA Exam 200-120 pdf
CCNA Exam 200-120 pdfCCNA Exam 200-120 pdf
CCNA Exam 200-120 pdfMadhan Banda
 
Packet Tracer: Cisco, Spanning tree protocol
Packet Tracer: Cisco, Spanning tree protocolPacket Tracer: Cisco, Spanning tree protocol
Packet Tracer: Cisco, Spanning tree protocolRafat Khandaker
 

Was ist angesagt? (20)

Final exam ccna exploration 3 lan switching and wireless
Final exam ccna exploration 3 lan switching and wirelessFinal exam ccna exploration 3 lan switching and wireless
Final exam ccna exploration 3 lan switching and wireless
 
Switching
SwitchingSwitching
Switching
 
STP (spanning tree protocol)
STP (spanning tree protocol)STP (spanning tree protocol)
STP (spanning tree protocol)
 
CCNA Routing Fundamentals - EIGRP, OSPF and RIP
CCNA Routing Fundamentals - EIGRP, OSPF and RIPCCNA Routing Fundamentals - EIGRP, OSPF and RIP
CCNA Routing Fundamentals - EIGRP, OSPF and RIP
 
Expl sw chapter_02_switches_part_1
Expl sw chapter_02_switches_part_1Expl sw chapter_02_switches_part_1
Expl sw chapter_02_switches_part_1
 
Inter VLAN Routing
Inter VLAN RoutingInter VLAN Routing
Inter VLAN Routing
 
Switching Types
Switching TypesSwitching Types
Switching Types
 
Ccna 3 chapter 3 v4.0 answers 2011
Ccna 3 chapter 3 v4.0 answers 2011Ccna 3 chapter 3 v4.0 answers 2011
Ccna 3 chapter 3 v4.0 answers 2011
 
Basic switching concepts and configuration
Basic switching concepts and configurationBasic switching concepts and configuration
Basic switching concepts and configuration
 
Layer 2 & layer 3 switching
Layer 2 & layer 3 switchingLayer 2 & layer 3 switching
Layer 2 & layer 3 switching
 
Mlag invisibile layer 2 redundancy
Mlag invisibile layer 2 redundancyMlag invisibile layer 2 redundancy
Mlag invisibile layer 2 redundancy
 
Lab view the switch mac address table lab - view the switch
Lab view the switch mac address table lab - view the switchLab view the switch mac address table lab - view the switch
Lab view the switch mac address table lab - view the switch
 
Ch3 ccna exploration 3 lan switching and wireless
Ch3 ccna exploration 3 lan switching and wirelessCh3 ccna exploration 3 lan switching and wireless
Ch3 ccna exploration 3 lan switching and wireless
 
第15讲 Stp
第15讲 Stp第15讲 Stp
第15讲 Stp
 
Spanning tree protocol
Spanning tree protocolSpanning tree protocol
Spanning tree protocol
 
Ccna 3 chapter 2 v4.0 answers 2011
Ccna 3 chapter 2 v4.0 answers 2011Ccna 3 chapter 2 v4.0 answers 2011
Ccna 3 chapter 2 v4.0 answers 2011
 
VLAN
VLANVLAN
VLAN
 
CCNA Exam 200-120 pdf
CCNA Exam 200-120 pdfCCNA Exam 200-120 pdf
CCNA Exam 200-120 pdf
 
VTP
VTPVTP
VTP
 
Packet Tracer: Cisco, Spanning tree protocol
Packet Tracer: Cisco, Spanning tree protocolPacket Tracer: Cisco, Spanning tree protocol
Packet Tracer: Cisco, Spanning tree protocol
 

Andere mochten auch

Ceh v5 module 10 session hijacking
Ceh v5 module 10 session hijackingCeh v5 module 10 session hijacking
Ceh v5 module 10 session hijackingVi Tính Hoàng Nam
 
Ce hv6 module 60 firewall technologies
Ce hv6 module 60 firewall technologiesCe hv6 module 60 firewall technologies
Ce hv6 module 60 firewall technologiesVi Tính Hoàng Nam
 
0407 ceh certificate
0407 ceh certificate0407 ceh certificate
0407 ceh certificateWayne Parton
 
Ceh v5 module 01 introduction to ethical hacking
Ceh v5 module 01 introduction to ethical hackingCeh v5 module 01 introduction to ethical hacking
Ceh v5 module 01 introduction to ethical hackingVi Tính Hoàng Nam
 
CATALOGUE QUESTEK (Tiếng Việt)
CATALOGUE QUESTEK (Tiếng Việt)CATALOGUE QUESTEK (Tiếng Việt)
CATALOGUE QUESTEK (Tiếng Việt)Vi Tính Hoàng Nam
 
Ce hv6 module 54 proxy server technologies
Ce hv6 module 54 proxy server technologiesCe hv6 module 54 proxy server technologies
Ce hv6 module 54 proxy server technologiesVi Tính Hoàng Nam
 

Andere mochten auch (7)

Ceh v5 module 10 session hijacking
Ceh v5 module 10 session hijackingCeh v5 module 10 session hijacking
Ceh v5 module 10 session hijacking
 
Ce hv6 module 60 firewall technologies
Ce hv6 module 60 firewall technologiesCe hv6 module 60 firewall technologies
Ce hv6 module 60 firewall technologies
 
0407 ceh certificate
0407 ceh certificate0407 ceh certificate
0407 ceh certificate
 
Spanning tree
Spanning treeSpanning tree
Spanning tree
 
Ceh v5 module 01 introduction to ethical hacking
Ceh v5 module 01 introduction to ethical hackingCeh v5 module 01 introduction to ethical hacking
Ceh v5 module 01 introduction to ethical hacking
 
CATALOGUE QUESTEK (Tiếng Việt)
CATALOGUE QUESTEK (Tiếng Việt)CATALOGUE QUESTEK (Tiếng Việt)
CATALOGUE QUESTEK (Tiếng Việt)
 
Ce hv6 module 54 proxy server technologies
Ce hv6 module 54 proxy server technologiesCe hv6 module 54 proxy server technologies
Ce hv6 module 54 proxy server technologies
 

Ähnlich wie Switching vla ns_secugenius_harksh_mikemclain_secugenius security solutions

Cisco switching and spanning tree protocol (stp) basics
Cisco switching and spanning tree protocol (stp) basicsCisco switching and spanning tree protocol (stp) basics
Cisco switching and spanning tree protocol (stp) basicsIT Tech
 
Networking interview questions and answers
Networking interview questions and answersNetworking interview questions and answers
Networking interview questions and answersAmit Tiwari
 
Ccna day4-140715152437-phpapp01
Ccna day4-140715152437-phpapp01Ccna day4-140715152437-phpapp01
Ccna day4-140715152437-phpapp01Sachin Morya
 
Ccna free chapter
Ccna free chapterCcna free chapter
Ccna free chapterkvs062003
 
LAYER 2 SWITCHING
LAYER 2 SWITCHINGLAYER 2 SWITCHING
LAYER 2 SWITCHINGanilinvns
 
Day 4 LAYER 2 SWITCHING
Day 4 LAYER 2 SWITCHINGDay 4 LAYER 2 SWITCHING
Day 4 LAYER 2 SWITCHINGanilinvns
 
Ccna 3 chapter 5 v4.0 answers 2011
Ccna 3 chapter 5 v4.0 answers 2011Ccna 3 chapter 5 v4.0 answers 2011
Ccna 3 chapter 5 v4.0 answers 2011Dân Chơi
 
Lecture 2 Connecting LANs, Backbone Networks, and Virtual LANs.ppt
Lecture 2 Connecting LANs, Backbone Networks, and Virtual LANs.pptLecture 2 Connecting LANs, Backbone Networks, and Virtual LANs.ppt
Lecture 2 Connecting LANs, Backbone Networks, and Virtual LANs.pptabdnazar2003
 
Networks-part17-Bridges-RP1.pptjwhwhsjshh
Networks-part17-Bridges-RP1.pptjwhwhsjshhNetworks-part17-Bridges-RP1.pptjwhwhsjshh
Networks-part17-Bridges-RP1.pptjwhwhsjshhVijayKaran7
 
Lan switching technologies
Lan switching technologiesLan switching technologies
Lan switching technologiesMohammedseleim
 
CCNP Switching Chapter 1
CCNP Switching Chapter 1CCNP Switching Chapter 1
CCNP Switching Chapter 1Chaing Ravuth
 
Ch5 ccna exploration 3 lan swtching and wireless
Ch5 ccna exploration 3 lan swtching and wirelessCh5 ccna exploration 3 lan swtching and wireless
Ch5 ccna exploration 3 lan swtching and wirelesskratos2424
 

Ähnlich wie Switching vla ns_secugenius_harksh_mikemclain_secugenius security solutions (20)

C C N A Day4
C C N A Day4C C N A Day4
C C N A Day4
 
6.switching vla ns
6.switching vla ns6.switching vla ns
6.switching vla ns
 
Cisco switching and spanning tree protocol (stp) basics
Cisco switching and spanning tree protocol (stp) basicsCisco switching and spanning tree protocol (stp) basics
Cisco switching and spanning tree protocol (stp) basics
 
Networking interview questions and answers
Networking interview questions and answersNetworking interview questions and answers
Networking interview questions and answers
 
Ccna day4-140715152437-phpapp01
Ccna day4-140715152437-phpapp01Ccna day4-140715152437-phpapp01
Ccna day4-140715152437-phpapp01
 
Ccna day4
Ccna day4Ccna day4
Ccna day4
 
Ccna day4
Ccna day4Ccna day4
Ccna day4
 
CCNA PPT
CCNA PPTCCNA PPT
CCNA PPT
 
Ccna day4
Ccna day4Ccna day4
Ccna day4
 
Ccna free chapter
Ccna free chapterCcna free chapter
Ccna free chapter
 
LAYER 2 SWITCHING
LAYER 2 SWITCHINGLAYER 2 SWITCHING
LAYER 2 SWITCHING
 
Day 4 LAYER 2 SWITCHING
Day 4 LAYER 2 SWITCHINGDay 4 LAYER 2 SWITCHING
Day 4 LAYER 2 SWITCHING
 
Ccna 3 chapter 5 v4.0 answers 2011
Ccna 3 chapter 5 v4.0 answers 2011Ccna 3 chapter 5 v4.0 answers 2011
Ccna 3 chapter 5 v4.0 answers 2011
 
Lecture 2 Connecting LANs, Backbone Networks, and Virtual LANs.ppt
Lecture 2 Connecting LANs, Backbone Networks, and Virtual LANs.pptLecture 2 Connecting LANs, Backbone Networks, and Virtual LANs.ppt
Lecture 2 Connecting LANs, Backbone Networks, and Virtual LANs.ppt
 
Networks-part17-Bridges-RP1.pptjwhwhsjshh
Networks-part17-Bridges-RP1.pptjwhwhsjshhNetworks-part17-Bridges-RP1.pptjwhwhsjshh
Networks-part17-Bridges-RP1.pptjwhwhsjshh
 
Lan switching technologies
Lan switching technologiesLan switching technologies
Lan switching technologies
 
CCNP Switching Chapter 1
CCNP Switching Chapter 1CCNP Switching Chapter 1
CCNP Switching Chapter 1
 
Networkdevices by Jetarvind kumar madhukar
Networkdevices by Jetarvind kumar madhukarNetworkdevices by Jetarvind kumar madhukar
Networkdevices by Jetarvind kumar madhukar
 
Bridging.ppt
Bridging.pptBridging.ppt
Bridging.ppt
 
Ch5 ccna exploration 3 lan swtching and wireless
Ch5 ccna exploration 3 lan swtching and wirelessCh5 ccna exploration 3 lan swtching and wireless
Ch5 ccna exploration 3 lan swtching and wireless
 

Switching vla ns_secugenius_harksh_mikemclain_secugenius security solutions

  • 2.    Switch act as a multiport bridge and its basic duty is to break collision domain. Layer 2 switches and bridges are faster than routers because they don’t take up time looking at the Network layer header information. Switches look at frame’s hardware addresses before deciding to either forward the frame or drop it. Switching Basics
  • 3. Switching Basics    Switches create private dedicated collision domain. They provide independent bandwidth on each port. Layer 2 switching provide the following:     Hardware based bridging (Application Specific Integrated Circuit – ASIC) Wire Speed Low latency Low cost.
  • 4. Switching Basics    Switches do not do any modification to the data packet. They only read the frame encapsulating the packet. This makes the switching process considerably faster and less error-pron than routing process.
  • 6. Bridging Vs. LAN Switching     Bridges are software based, while switches are hardware based because switches use ASIC chips to help make filtering decisions. A switch is basically a multiport bridge. Bridges can only have one spanning tree instance per bridge, while switches can have many. Switches have more number of ports.
  • 7. Bridges and Switches    Both poses multiple COLLISION DOMAIN but one BROADCAST DOMAIN. Both learn MAC addresses by examining the source address of each frame received. Both make forwarding decisions based on layer 2 addresses.
  • 8. Functions of Switch  Address Learning:    Layer 2 switches remember the source hardware address of each frame received on an interface . Switches enter this information into a MAC database called a forward/filter table. Forward/Filter Decision:   When a frame is received on an interface, the switch looks at the destination hardware address and fields the exit interface in the MAC database. The frame is only forwarded out the specified destination port.
  • 9. Functions of Switch  Loop Avoidance:   If multiple connections between switches are created for redundancy purpose, network loops can occur. Spanning Tree Protocol (STP) is used to stop network loops while still permitting redundancy.
  • 10.    When switch is first powered on, the MAC forward/filter table is empty. When an interface receives a frame, the switch places the frame’s source address in MAC forward/filter table, allowing it to remember which interface the sending device is located on. Switch then floods the network with this frame out of every port except the source port because it has no idea where the destination device actually located. Address Learning
  • 11. Address Learning  If a device answers this flooded frame and sends a frame back, then:    Switch takes the source address from that frame and place the mac address in the database as well. Switch associates this address with the interface that received the frame. Since the switch now has both the relevant MAC address in its filtering table, the two devices can now make a point-t0-pont connection
  • 12.
  • 13.
  • 14. Forward/Filter Decisions    When a frame arrives at a switch interface, the destination hardware address in compared to the MAC forward/filter table. If the destination hardware is known and listed in the database, the frame is only sent out the correct exit interface. This preserves bandwidth and is called as frame filtering.
  • 15. Forward/Filter Decisions   If destination hardware address is not listed in the MAC database, then the frame is flooded out all active interfaces except the interface the frame was received on. If a device answers the flooded frame, the MAC database is updated with the device interface.
  • 16. Loop Avoidance  Redundant links between switches are a good idea because they help prevent complete network failure in the event one link stops working.  But in a redundant link frames can be flooded down all redundant links simultaneously, resulting in network loops.
  • 17. Redundant links may invite following set of problems:  If no loop avoidance schemes are put in place, the switches will flood broadcast endlessly. Following figure illustrates it: Broadcast Storm
  • 18. A device can receive multiple copies of the same frame, since that frame can arrive from multiple segments simultaneously. Following figure demonstrates it best.  The server in this figure sends a unicast frame to router C.  Since it’s a unicast frame, switch A forwards the frame and switch B provides the same service – it forwards the broadcast.  This is not good because now route C will receive unicast frame twice, causing additional overhead on 
  • 19.  The MAC address filter table will be totally confused about the devices location because the switch can receive the frame from more than one links.  Multiple loops could be generated. This mean a loop can occur within other loop.
  • 20. Spanning Tree Protocol     Its main task is to stop routing loops from occurring on layer 2. (Bridges or Switches) It monitors the network to find all links making sure that no loops occur by shutting down the redundant link. It uses Spanning Tree Algorithm (STA), to first create a topology database, then search out and destroy redundant links. With STP running, frames are only forwarded on the STP, picked links.
  • 21. LAN Switch Types    LAN Switch Types decide how a frame is handled when it’s received on a switch port. Latency: The time switch takes for a frame to be sent out an exit port once the switch receives the frame. There are three switching modes:    Cut – through (Fast Forward) Fragment Free (Modified cut-through) Store-and-forward
  • 22.  Cut-through (Fast Forward):   Fragment Free (Modified cut-through):    In this mode, the switch only waits for the destination hardware address to be received before it looks up the destination address in the MAC filter table. In this mode, the switch checks the first 64 bytes of a frame before forwarding it for fragmentation. This is the default mode for catalyst 1900 series switch. Store-and-forward:  In this mode, the complete frame is received on the switch’s buffer, a CRC is run and then the switch looks up the destination address in the MAC forward/filter table.
  • 23. Different switching modes within a frame
  • 24. Cut - Through With cut-through switching method, the LAN switch reads only the destination.  That is it looks at the first six bytes following the preamble.  It then:      Looks up the hardware destination address in the MAC switching table. Determines the outgoing interface. Proceeds to forward the frame towards its destination. A cut-through switch helps in reducing latency, because its begins to forward the frame as soon as it reads the destination address and determines the outgoing interface.
  • 25. Fragment Free Through) (Modified Cut – It is a modified form of cut-through switching in which the switch waits for the collision window (64 bytes) to pass before forwarding.  This is because if a packet has a collision error, it almost always occurs within the first 64 bytes.  This means each frame will be checked into the data field to make sure no fragmentation has occurred.  Fragment Free mode provides better error checking than the cut-through mode with practically no increase in latency.  It is the default switching mode for 1900 switches. 
  • 26. Store – and – Forward It is CISCO’s primary LAN switching method.  In this method, the LAN switch copies the entire frame onto its onboard buffers and then computes the CRC (Cyclic Redundancy Check).  Since it copies the entire frame, latency through the switch varies with frame length.  The frame is discarded if it contains a CRC error:     If it is too short (Less then 64 bytes including the CRC) If it is too long (More than 1518 bytes, including the CRC) If the frame doesn’t contain any error, the LAN switch looks up the destination hardware address in its MAC forward/filter table to find the correct outgoing interface.
  • 27. Spanning Tree Terms  STP:    It is a bridge protocol that uses the STA to find redundant links dynamically. It creates a spanning tree topology database. Bridges exchange BPDU messages with other bridges
  • 28. Configuring 1900 & 2950 catalyst switches  We will cover following list of tasks:          Setting the password Setting the hostname Configuring the ip address and subnet masks Setting a description on the interface Erasing the switch configuration Configuring VLANs Adding VLAN membership to switch port. Creating VTP domain. Configuring trunking.
  • 29. Setting the password  1900 Series:     It uses same command to set both user level password as well as privileged password, but with different level numbers. Level is 1 for user level and 15 for privilege level. Password length should be from 4 to 8 characters. Setting user password:   switch(config)# enable password level 1 cisco Setting privileged level password  switch(config)# enable password level 15 cisco
  • 30. Setting the password  2950 Series:   To set user mode password for the 2950 switch, we configure the line just as we would do on a router. Console:   Telnet:   switch(config)# line console 0 switch(config-line)# password cisco switch(config-line)# login switch(config)# line vty 0 15 switch(config-line)# password cisco switch(config-line)# login Enable secret password is set in the same way as we would do for a router.  switch(config)# enable secret cisco
  • 31. Setting hostname    The hostname on a switch is only locally significant. This means it doesn’t have any function on the network or with the name resolution. (Though it has an exception with PPP authentication) 1900 Series:   switch(config)# hostname LAN1 2950 Series:  switch(config)# hostname LAN1
  • 32. Setting IP information    Generally a switch doesn’t need any ip address at all to manager a LAN. There are exceptions though. We have got two reasons where we probably do want to set IP address information on the switch.   To manage the switch via TELNET or other management software. To configure the switch with different VLANs and other network functions.
  • 33. Setting IP information  1900 Switch:   By default no ip address or default gateway information is set. We can verify this by using the command sh ip at privileged mode.   Switch#sh ip IP address and default gateway are set through GCM.  Switch(config)# ip address 172.16.10.16 255.255.255.0 Switch(config)# ip default-gateway 172.16.10.1
  • 34. Setting IP information  2950 Switch :     In 2950 switch , we consider a default VLAN with the switch. This VLAN is called as VLAN1. Every port on switch is a member of VLAN1 by default. We always set ip address for VLAN1.  Switch(config)# interface vlan1 Switch(config-if)# ip address 172.16.10.17 255.255.255.0 Switch(config-if)#exit Switch(config)# ip default-gateway 172.16.10.1
  • 35. Configuring Interface Description    We can administratively set a name for each interface on the switches. These descriptions are only locally significant. 1900 Switch:    Description command is used from interface configuration mode. Spaces can't be used within description. Switch(config)# int e0/1 Switch(config-if)# description Finance_VLAN Switch(config)# int f0/26 Switch(config-if)# description trunk_to_building_4
  • 36. Configuring Interface Description  2950 Switch:    Description command is used from interface configuration mode. Spaces can be used within description. Switch(config)# int fastEthernet 0/1 Switch(config-if)# description Sales Printer Switch(config)# int f0/12 Switch(config-if)# description trunk_to_building_4
  • 37. Erasing the Switch Configuration  1900 Switch:     We can’t see the content of NVRAM. We can only view RAM’s content. When we make changes to switch’s running configuration, it automatically copies it to the NV RAM. Following syntax helps us in deleting NVRAM’s contents.  Switch# delete nvram
  • 38. Erasing the Switch Configuration  2950 Switch:   Concepts of startup config and running config holds exactly same as they do with routers over here. Following syntax helps us in deleting NVRAM’s contents.  Switch# erase startup-config
  • 39. Virtual LANs (VLANs)    A VLAN is a logical grouping of network users and resources connected to administratively defined ports on a switch. VLANs allow us to break broadcast domain in a pure switched internetwork. VLANs allow us to create smaller broadcast domains within a layer 2 switched based internetwork.
  • 40. How VLANs simplify management? network Network adds, moves and changes are achieved by configuring a port into the appropriate VLAN.  A group of users needing high security can be put into a VLAN so that no users outside of the VLAN can communicate with them.  VLANs are independent from their physical or logical locations.  VLANs can enhance network security.  VLANs increase no. of broadcast domains and decrease the size of each broadcast domain. 
  • 41. Broadcast Control    All devices in a VLAN are member of same broadcast domain and receive all broadcasts. The broadcasts, by default, are filtered from all ports on a switch that are not member of the same VLAN. This is one of the prime benefit that we get with a VLAN based switched network, otherwise we would have faced serious problem if all our users were in same broadcast domain.
  • 42. Security       In a flat network anyone connecting to the physical network could access the network resources located that physical LAN. In order to observe any/all traffic happening in that network one has to simply plug a network analyzer into the hub. Users can join any workgroup by just plugging their workstations into the existing hub. By building VLANs and creating multiple broadcast groups, administrators can now have control over each port and user. Since VLANs can be created in accordance with the network resources a user requires, a switch can be configured to inform a network management station of any unauthorized access to network resources. During inter VLAN communication, we can implement restrictions on a router to achieve it.
  • 43. Flexibility and Scalability  By assigning switch ports or users to VLAN groups on a switch or group of switches, we gain flexibility to add only the users we want into that broadcast domain regardless of their physical location.  When a VLAN becomes to big, we can create more VLANs to keep broadcasts from consuming too much bandwidth.
  • 44. Physical LAN connected to a Router
  • 46. Static VLAN    These VLANs are created by administrators. An administrator creates static VLANs and then assigns switch port to each VLAN. Static VLANs are:     Most secure Comparatively easy to set up and monitor. Works well in a network where the movement of users within the network is controlled. Switch port that is assigned a VLAN association to always maintains the association until an administrator changes that port assignment.
  • 47. Dynamic VLAN When network administrator assigns, all the host device's hardware addresses into a database, the switches can be configured to assign VLANs dynamically whenever a host is plugged into a switch.  These are called as dynamic VLANs. A dynamic VLAN determines node’s VLAN assignment automatically.  Using intelligent management software, we can base VLAN assignment on hardware address (MAC address), protocols, or even applications to create dynamic VLANs. 
  • 48. Dynamic VLAN Suppose MAC addresses have been entered into centralized VLAN management application.  If a node is then attached to an unassigned switch port, the VLAN management database can look up the hardware address and assign and configure the switch port to the correct VLAN.  Its make management and configuration easier because if a user moves, the switch will assign them to the correct VLAN automatically.  CISCO allows us to use the VLAN Management Policy Server (VMPS) service to set up a database of MAC addresses that can be used for dynamic addressing of VLANs.  A VMPS database maps MAC addresses to VLANs. 
  • 49. VLAN links   Frames are handled differently according to the type of link they are traversing in a switch. Following two links are available in a switched network:   Access Link Trunk Link
  • 50. Access Link This type of link is only part of one VLAN, and it’s referred to as the native VLAN of the port.  Any device attached to an access link is unaware of a VLAN membership. The device just assumes it’s part of a broadcast domain, but it has no understanding of the physical network.  Switches remove any VLAN information from the frame before it’s sent to an access-link device.  Access-link devices cannot communicate with devices outside their VLAN unless the packet is routed. 
  • 51. Trunk Link  A trunk line is a 100 or 1000 Mbps point-to-point link between:         Two switches A switch and a router A switch and a server Trunk lines carry traffic of VLANs from 1 to 1005 at a time. Trunking allows us to make a single port part of multiple VLANs at the same time. We can actually set things up to have a server in two broadcast domains simultaneously, so that users don’t have to cross the router to log in and access it. Another advantage of trunking is when we are connecting switches. Trunk links can carry some or all VLAN information across the link, but if the links between switches aren’t trunked, only VLAN 1 information will be switched across the link by default.
  • 52. Access and Trunk Links in a switched network
  • 53. Creating & Verifying VLANs switch  Creating VLANs:    Mode: GCM Syntax: Switch(config)# VLAN VLAN number name VLAN name E.g. switch(config)# VLAN 2 name sales Verifying VLANs:   Mode: Privileged Syntax: Switch# show VLAN 1900
  • 54. Creating & Verifying VLANs 2950 switch  Creating VLANs: Mode: Privileged and switch config  Syntax: Switch# VLAN database Switch(VLAN)# VLAN VLAN number name VLAN name Switch(VLAN)# apply E.g. Switch(VLAN)# VLAN 2 name sales Switch(VLAN)# VLAN 3 name mkt Switch(VLAN)# apply   Verifying VLANs:   Mode privileged Syntax: Switch# show VLAN brief
  • 55. Assigning switch ports to VLANs 1900 switch Mode: Interface Specific  Syntax: Switch(config)# int interface no. Switch(config – if)# VLAN-membership static VLAN no. Example 1: Switch(config)# int e0/2 Switch(config – if)# VLAN-membership static 2 Example 2: Switch(config)# int e0/3 Switch(config – if)# VLAN-membership static 3 Example 3: Switch(config)# int e0/4 Switch(config – if)# VLAN-membership static 2 
  • 56. Assigning switch ports to VLANs 2950 switch Mode: Interface Specific  Syntax: Switch(config)# int interface no. Switch(config – if)#switchport access VLAN VLAN no. Example 1: Switch(config)# int f0/2 Switch(config – if)# switchport access VLAN 2 Example 2: Switch(config)# int f0/3 Switch(config – if)# switchport access VLAN 3 Example 3: Switch(config)# int f0/4 Switch(config – if)# switchport access VLAN 2 
  • 57. Frame Tagging Switch fabric: It is a group of switches sharing the same VLAN information.  Frame tagging is a frame identification method, which uniquely assigns a user-defined ID to each frame.  It is also called as VLAN id or color.  How does it work?      Each switch that the frame reaches must first identify the VLAN ID from the frame tag. Then it finds out what to do with the frame by looking at the information in the filter table. If the frame reaches a switch that has another trunked link, the frame will be forwarded out the trunk-link port. Once the frame reaches an exit to an access link matching the frames VLAN ID, the switch removes the VLAN identifier so that the destination device receive the frames without having to understand their VLAN identification.