2.
Switch act as a multiport bridge and its basic
duty is to break collision domain.
Layer 2 switches and bridges are faster than
routers because they don’t take up time looking
at the Network layer header information.
Switches look at frame’s hardware addresses
before deciding to either forward the frame or
drop it.
Switching Basics
3. Switching Basics
Switches create private dedicated collision domain.
They provide independent bandwidth on each port.
Layer 2 switching provide the following:
Hardware based bridging (Application Specific Integrated Circuit –
ASIC)
Wire Speed
Low latency
Low cost.
4. Switching Basics
Switches do not do any modification to the data packet.
They only read the frame encapsulating the packet.
This makes the switching process considerably faster and
less error-pron than routing process.
6. Bridging Vs. LAN Switching
Bridges are software based, while switches are hardware based
because switches use ASIC chips to help make filtering decisions.
A switch is basically a multiport bridge.
Bridges can only have one spanning tree instance per bridge, while
switches can have many.
Switches have more number of ports.
7. Bridges and Switches
Both poses multiple COLLISION DOMAIN but one BROADCAST
DOMAIN.
Both learn MAC addresses by examining the source address of
each frame received.
Both make forwarding decisions based on layer 2 addresses.
8. Functions of Switch
Address Learning:
Layer 2 switches remember the source hardware address of each frame
received on an interface .
Switches enter this information into a MAC database called a
forward/filter table.
Forward/Filter Decision:
When a frame is received on an interface, the switch looks at the
destination hardware address and fields the exit interface in the MAC
database.
The frame is only forwarded out the specified destination port.
9. Functions of Switch
Loop Avoidance:
If multiple connections between switches are created for
redundancy purpose, network loops can occur.
Spanning Tree Protocol (STP) is used to stop network loops while
still permitting redundancy.
10.
When switch is first powered on, the
MAC forward/filter table is empty.
When an interface receives a frame, the
switch places the frame’s source address
in MAC forward/filter table, allowing it
to remember which interface the sending
device is located on.
Switch then floods the network with this
frame out of every port except the source
port because it has no idea where the
destination device actually located.
Address Learning
11. Address Learning
If a device answers this flooded frame and sends a frame back, then:
Switch takes the source address from that frame and place the mac
address in the database as well.
Switch associates this address with the interface that received the frame.
Since the switch now has both the relevant MAC address in its
filtering table, the two devices can now make a point-t0-pont
connection
12.
13.
14. Forward/Filter Decisions
When a frame arrives at a switch interface, the destination
hardware address in compared to the MAC forward/filter table.
If the destination hardware is known and listed in the database,
the frame is only sent out the correct exit interface.
This preserves bandwidth and is called as frame filtering.
15. Forward/Filter Decisions
If destination hardware address is not listed in the MAC
database, then the frame is flooded out all active interfaces except
the interface the frame was received on.
If a device answers the flooded frame, the MAC database is
updated with the device interface.
16. Loop Avoidance
Redundant links between switches are a good idea because they
help prevent complete network failure in the event one link stops
working.
But in a redundant link frames can be flooded down all
redundant links simultaneously, resulting in network loops.
17. Redundant links may invite following set
of problems:
If no loop avoidance schemes are put in place,
the switches will flood broadcast endlessly.
Following figure illustrates it:
Broadcast Storm
18. A device can receive multiple copies of the same
frame, since that frame can arrive from multiple
segments
simultaneously.
Following
figure
demonstrates it best.
The server in this figure
sends a unicast frame to
router C.
Since it’s a unicast frame,
switch A forwards the
frame and switch B
provides
the
same
service – it forwards the
broadcast.
This is not good because now route C will receive
unicast frame twice, causing additional overhead on
19.
The MAC address filter table will be totally confused about the
devices location because the switch can receive the frame from
more than one links.
Multiple loops could be generated. This mean a loop can occur
within other loop.
20. Spanning Tree Protocol
Its main task is to stop routing loops from occurring on layer 2.
(Bridges or Switches)
It monitors the network to find all links making sure that no loops
occur by shutting down the redundant link.
It uses Spanning Tree Algorithm (STA), to first create a topology
database, then search out and destroy redundant links.
With STP running, frames are only forwarded on the STP, picked
links.
21. LAN Switch Types
LAN Switch Types decide how a frame is handled when it’s received
on a switch port.
Latency: The time switch takes for a frame to be sent out an exit port
once the switch receives the frame.
There are three switching modes:
Cut – through (Fast Forward)
Fragment Free (Modified cut-through)
Store-and-forward
22.
Cut-through (Fast Forward):
Fragment Free (Modified cut-through):
In this mode, the switch only waits for the destination hardware address to be
received before it looks up the destination address in the MAC filter table.
In this mode, the switch checks the first 64 bytes of a frame before forwarding
it for fragmentation.
This is the default mode for catalyst 1900 series switch.
Store-and-forward:
In this mode, the complete frame is received on the switch’s buffer, a CRC is
run and then the switch looks up the destination address in the MAC
forward/filter table.
24. Cut - Through
With cut-through switching method, the LAN switch
reads only the destination.
That is it looks at the first six bytes following the
preamble.
It then:
Looks up the hardware destination address in the MAC
switching table.
Determines the outgoing interface.
Proceeds to forward the frame towards its destination.
A cut-through switch helps in reducing latency,
because its begins to forward the frame as soon as it
reads the destination address and determines the
outgoing interface.
25. Fragment Free
Through)
(Modified Cut –
It is a modified form of cut-through switching in
which the switch waits for the collision window (64
bytes) to pass before forwarding.
This is because if a packet has a collision error, it
almost always occurs within the first 64 bytes.
This means each frame will be checked into the data
field to make sure no fragmentation has occurred.
Fragment Free mode provides better error checking
than the cut-through mode with practically no
increase in latency.
It is the default switching mode for 1900 switches.
26. Store – and – Forward
It is CISCO’s primary LAN switching method.
In this method, the LAN switch copies the entire
frame onto its onboard buffers and then computes
the CRC (Cyclic Redundancy Check).
Since it copies the entire frame, latency through the
switch varies with frame length.
The frame is discarded if it contains a CRC error:
If it is too short (Less then 64 bytes including the CRC)
If it is too long (More than 1518 bytes, including the CRC)
If the frame doesn’t contain any error, the LAN
switch looks up the destination hardware address in
its MAC forward/filter table to find the correct
outgoing interface.
27. Spanning Tree Terms
STP:
It is a bridge protocol that uses the STA to find redundant links
dynamically.
It creates a spanning tree topology database.
Bridges exchange BPDU messages with other bridges
28. Configuring 1900 & 2950 catalyst
switches
We will cover following list of tasks:
Setting the password
Setting the hostname
Configuring the ip address and subnet masks
Setting a description on the interface
Erasing the switch configuration
Configuring VLANs
Adding VLAN membership to switch port.
Creating VTP domain.
Configuring trunking.
29. Setting the password
1900 Series:
It uses same command to set both user level password as well as
privileged password, but with different level numbers.
Level is 1 for user level and 15 for privilege level.
Password length should be from 4 to 8 characters.
Setting user password:
switch(config)# enable password level 1 cisco
Setting privileged level password
switch(config)# enable password level 15 cisco
30. Setting the password
2950 Series:
To set user mode password for the 2950 switch, we configure the line just
as we would do on a router.
Console:
Telnet:
switch(config)# line console 0
switch(config-line)# password cisco
switch(config-line)# login
switch(config)# line vty 0 15
switch(config-line)# password cisco
switch(config-line)# login
Enable secret password is set in the same way as we would do for a
router.
switch(config)# enable secret cisco
31. Setting hostname
The hostname on a switch is only locally significant.
This means it doesn’t have any function on the network or with the
name resolution. (Though it has an exception with PPP
authentication)
1900 Series:
switch(config)# hostname LAN1
2950 Series:
switch(config)# hostname LAN1
32. Setting IP information
Generally a switch doesn’t need any ip address at all to manager a
LAN.
There are exceptions though.
We have got two reasons where we probably do want to set IP
address information on the switch.
To manage the switch via TELNET or other management software.
To configure the switch with different VLANs and other network
functions.
33. Setting IP information
1900 Switch:
By default no ip address or default gateway information is set.
We can verify this by using the command sh ip at privileged mode.
Switch#sh ip
IP address and default gateway are set through GCM.
Switch(config)# ip address 172.16.10.16 255.255.255.0
Switch(config)# ip default-gateway 172.16.10.1
34. Setting IP information
2950 Switch :
In 2950 switch , we consider a default VLAN with the switch.
This VLAN is called as VLAN1.
Every port on switch is a member of VLAN1 by default.
We always set ip address for VLAN1.
Switch(config)# interface vlan1
Switch(config-if)# ip address 172.16.10.17 255.255.255.0
Switch(config-if)#exit
Switch(config)# ip default-gateway 172.16.10.1
35. Configuring Interface Description
We can administratively set a name for each interface on the switches.
These descriptions are only locally significant.
1900 Switch:
Description command is used from interface configuration mode.
Spaces can't be used within description.
Switch(config)# int e0/1
Switch(config-if)# description Finance_VLAN
Switch(config)# int f0/26
Switch(config-if)# description trunk_to_building_4
36. Configuring Interface Description
2950 Switch:
Description command is used from interface configuration mode.
Spaces can be used within description.
Switch(config)# int fastEthernet 0/1
Switch(config-if)# description Sales Printer
Switch(config)# int f0/12
Switch(config-if)# description trunk_to_building_4
37. Erasing the Switch Configuration
1900 Switch:
We can’t see the content of NVRAM.
We can only view RAM’s content.
When we make changes to switch’s running configuration, it automatically
copies it to the
NV RAM.
Following syntax helps us in deleting NVRAM’s contents.
Switch# delete nvram
38. Erasing the Switch Configuration
2950 Switch:
Concepts of startup config and running config holds exactly same as
they do with routers over here.
Following syntax helps us in deleting NVRAM’s contents.
Switch# erase startup-config
39. Virtual LANs (VLANs)
A VLAN is a logical grouping of network users and resources
connected to administratively defined ports on a switch.
VLANs allow us to break broadcast domain in a pure switched
internetwork.
VLANs allow us to create smaller broadcast domains within a
layer 2 switched based internetwork.
40. How VLANs simplify
management?
network
Network adds, moves and changes are achieved by
configuring a port into the appropriate VLAN.
A group of users needing high security can be put
into a VLAN so that no users outside of the VLAN
can communicate with them.
VLANs are independent from their physical or
logical locations.
VLANs can enhance network security.
VLANs increase no. of broadcast domains and
decrease the size of each broadcast domain.
41. Broadcast Control
All devices in a VLAN are member of same broadcast domain and
receive all broadcasts.
The broadcasts, by default, are filtered from all ports on a switch that
are not member of the same VLAN.
This is one of the prime benefit that we get with a VLAN based
switched network, otherwise we would have faced serious problem if
all our users were in same broadcast domain.
42. Security
In a flat network anyone connecting to the physical network
could access the network resources located that physical
LAN.
In order to observe any/all traffic happening in that
network one has to simply plug a network analyzer into the
hub.
Users can join any workgroup by just plugging their
workstations into the existing hub.
By building VLANs and creating multiple broadcast
groups, administrators can now have control over each port
and user.
Since VLANs can be created in accordance with the network
resources a user requires, a switch can be configured to
inform a network management station of any unauthorized
access to network resources.
During inter VLAN communication, we can implement
restrictions on a router to achieve it.
43. Flexibility and Scalability
By assigning switch ports or users to VLAN groups on a switch or
group of switches, we gain flexibility to add only the users we want
into that broadcast domain regardless of their physical location.
When a VLAN becomes to big, we can create more VLANs to keep
broadcasts from consuming too much bandwidth.
46. Static VLAN
These VLANs are created by administrators.
An administrator creates static VLANs and then assigns switch port to
each VLAN.
Static VLANs are:
Most secure
Comparatively easy to set up and monitor.
Works well in a network where the movement of users within the network is
controlled.
Switch port that is assigned a VLAN association to always maintains the
association until an administrator changes that port assignment.
47. Dynamic VLAN
When network administrator assigns, all the host
device's hardware addresses into a database, the
switches can be configured to assign VLANs
dynamically whenever a host is plugged into a
switch.
These are called as dynamic VLANs.
A
dynamic VLAN determines node’s VLAN
assignment automatically.
Using intelligent management software, we can
base VLAN assignment on hardware address
(MAC address), protocols, or even applications to
create dynamic VLANs.
48. Dynamic VLAN
Suppose MAC addresses have been entered into
centralized VLAN management application.
If a node is then attached to an unassigned switch
port, the VLAN management database can look up
the hardware address and assign and configure the
switch port to the correct VLAN.
Its make management and configuration easier
because if a user moves, the switch will assign them
to the correct VLAN automatically.
CISCO allows us to use the VLAN Management
Policy Server (VMPS) service to set up a database of
MAC addresses that can be used for dynamic
addressing of VLANs.
A VMPS database maps MAC addresses to VLANs.
49. VLAN links
Frames are handled differently according to the type of link they
are traversing in a switch.
Following two links are available in a switched network:
Access Link
Trunk Link
50. Access Link
This type of link is only part of one VLAN, and
it’s referred to as the native VLAN of the port.
Any device attached to an access link is unaware
of a VLAN membership. The device just assumes
it’s part of a broadcast domain, but it has no
understanding of the physical network.
Switches remove any VLAN information from the
frame before it’s sent to an access-link device.
Access-link devices cannot communicate with
devices outside their VLAN unless the packet is
routed.
51. Trunk Link
A trunk line is a 100 or 1000 Mbps point-to-point link
between:
Two switches
A switch and a router
A switch and a server
Trunk lines carry traffic of VLANs from 1 to 1005 at a time.
Trunking allows us to make a single port part of multiple
VLANs at the same time.
We can actually set things up to have a server in two
broadcast domains simultaneously, so that users don’t have
to cross the router to log in and access it.
Another advantage of trunking is when we are connecting
switches.
Trunk links can carry some or all VLAN information across
the link, but if the links between switches aren’t trunked,
only VLAN 1 information will be switched across the link by
default.
53. Creating & Verifying VLANs
switch
Creating VLANs:
Mode: GCM
Syntax:
Switch(config)# VLAN VLAN number name
VLAN name
E.g. switch(config)# VLAN 2 name sales
Verifying VLANs:
Mode: Privileged
Syntax:
Switch# show VLAN
1900
54. Creating & Verifying VLANs
2950 switch
Creating VLANs:
Mode: Privileged and switch config
Syntax:
Switch# VLAN database
Switch(VLAN)# VLAN VLAN number name VLAN name
Switch(VLAN)# apply
E.g. Switch(VLAN)# VLAN 2 name sales
Switch(VLAN)# VLAN 3 name mkt
Switch(VLAN)# apply
Verifying VLANs:
Mode privileged
Syntax:
Switch# show VLAN brief
55. Assigning switch ports to VLANs 1900
switch
Mode: Interface Specific
Syntax:
Switch(config)# int interface no.
Switch(config – if)# VLAN-membership static
VLAN no.
Example 1: Switch(config)# int e0/2
Switch(config – if)# VLAN-membership static 2
Example 2: Switch(config)# int e0/3
Switch(config – if)# VLAN-membership static 3
Example 3: Switch(config)# int e0/4
Switch(config – if)# VLAN-membership static 2
56. Assigning switch ports to VLANs 2950
switch
Mode: Interface Specific
Syntax:
Switch(config)# int interface no.
Switch(config – if)#switchport access VLAN VLAN no.
Example 1: Switch(config)# int f0/2
Switch(config – if)# switchport access VLAN 2
Example 2: Switch(config)# int f0/3
Switch(config – if)# switchport access VLAN 3
Example 3: Switch(config)# int f0/4
Switch(config – if)# switchport access VLAN 2
57. Frame Tagging
Switch fabric: It is a group of switches sharing the
same VLAN information.
Frame tagging is a frame identification method, which
uniquely assigns a user-defined ID to each frame.
It is also called as VLAN id or color.
How does it work?
Each switch that the frame reaches must first identify the
VLAN ID from the frame tag.
Then it finds out what to do with the frame by looking at the
information in the filter table.
If the frame reaches a switch that has another trunked link,
the frame will be forwarded out the trunk-link port.
Once the frame reaches an exit to an access link matching the
frames VLAN ID, the switch removes the VLAN identifier so
that the destination device receive the frames without having
to understand their VLAN identification.