- Half duplex mode
- Single collision and single broadcast domain
Switch
- Operate at layer 2 (processes the data link header)
- Full/Half duplex mode
- Each port in a separate collision domain
- Single broadcast domain
Switches perform address learning and forwarding/filtering
Switches build their MAC address tables using the source address in an Ethernet frame header.
In addition, they base their forwarding decisions on the destination MAC address in an Ethernet frame
header.When a switch receives an Ethernet frame with a broadcast, multicast, or unknown unicast
(destination MAC address of Ethernet frame not in CAM table), it floods that frame out every port
except the one at which it was received.
Switching Loops and Prevention
Through redundant links are desired in an network they could spell disaster by creating loops in n/w.
Some consequences of loop network are,
1. Broadcast storm: Broadcast frame loop in the n/w indefinitely.
2. Multiple frame copies: A receiver process the same frame multiple time due to a frame
arriving to it through a looped network.
3. MAC address Thrashing: Since frame with same source address is receive from different port
the MAC(CAM) table has to be constantly updated
Switching Methods
Cut-through: Forward the frame as soon as the destination MAC address is known. Low latency.
Errors may not be detected.
Fragment Free: Forward the frame after first 64 bytes of the frame is inspected.
Store and Forward: Receive the entire frame and perform CRC and forward. High latency. Errors in
transmission are detected.
Spanning Tree Protocol (STP 802.1.d)
Vigilantly monitors the network to find all the link and removes the loop by shutting down the
redundant links.
STP Terms
Bridge Protocol Data Unit : Sent info betn. switches
Root Bridge: Bridge with best bridge id
Bridge ID: Priority (defult- 32768) + MAC Address (lower is better)
Root Port: Lowest cost path to Root Bridge
Designated Port: Port to forward traffic to other n/w segment
Blocked Port: Blocked in order to avoid loops
Port States
Blocking: Listen to BPDU, default when powered on
Listening: Listen and send BPDU
Learning: Learn paths in n/w, populate the CAM table
Forwarding: Send and receive user data
Disabled: Administratively down, no participation in STP.
Convergence: Occurs when all the ports are either in forwarding or in blocked state. No user data is
sent till the network has converged.
Spanning tree Portfast: Port connected to end devices do not need to participated in stp so they
can be excluded from participating in stp. Should be a non trunking port.
Conf-if# spanning-tree portfast
conf-if# spanning-tree bpduguard enable //receive BPDU change port to err-disable state
conf-if# spanning-tree bpdufileter enable //receive bpdu take port to STP participation
Uplink and Backbone Fast:
Cisco proprietary
Uplink Fast: Bypass learning and listening state
for establishing link to core switch
direct link failure knowledge
Backbone Fast: Similar to uplink fast but
no direct knowledge of link failure
Switch(config)#spanning-tree uplinkfast
Switch(config)#spanning-tree backbonefast
Rapid Spanning Tree Protocol (RSTP 802.1w)
For faster convergence than the STP. Backward
compatible with STP
Port states
Discarding: Same as Blocking, Listening, Disabled in STP
Learning and Forwarding: Similar to STP Learning, Forwarding state
Alternate port: Backup Root Port
Backup Port: Backup DP
conf# spanning-tree mode rapid-pvst
Switch(config)#spanning-tree vlan
Switch(config)#spanning-tree vlan
Switch(config-if)#spanning-tree cost
Switch#show spanning-tree summary
Switch#show spanning-tree vlan
Etherchannel: Bundle multiple port to function as one
Switch(config)#interface range FastEthernet0/1 - 8
Switch(config-if-range)#speed 100
Switch(config-if)#duplex full
Switch(config-if-range)#channel-group 3 mode on
Switch(config)#interface Port-channel 3
Switch(config)# show interface fa0/2 etherchannel
config# hostname
config# banner motd
config# enable secret
conf# interface vlan 1 //configure management vlan
conf-if# ip address
Switch(config)#ip default-gateway 172.16.1.1 //specify the default gateway
Port Security
conf# username
conf# line con 0 || line vty
conf-if# login local //use local database for login
Switch(config-if)# switchport port-security //enable port security
Switch(config-if)# switchport port-security maximum
Switch(config-if)# switchport port-security violation {protect | restrict | shutdown}
//Action in case of violation
// protect- drop the frame
// restrict- drop the frame and log event
// shutdown- shutdown the port
Switch(config-if)# switchport port-security mac-address
Switch(config-if)# switchport port-security mac-address sticky
Switch# show port-security interface fa0/2 //show security parameters of interface fa0/2
Switch# show port-security address //show secure address
Port Cost Values
Interface Cost
10Gbps 2
1Gbps 4
100Mbps 19
10Mbps 100
Virtual Lan (VLAN)
Logical grouping of n/w resources
Each VLAN in separate subnet
Broadcast control and security
Types of Links
Access Port: Only one vlan, no vlan tagging, tagged packet dropped
Voice Access Port: Single port connected to a pc and IP phone
Trunk Port: Port connecting switches, can carry multiple vlan traffic
Frame Tagging: Tag a frame to identify different VLAN traffic.
Untagged traffic identified as native vlan (1 by default)
Inter-Switch Link (ISL): Explicitly tagging vlan information on to an ethernet frame( Encapsulation)
No support for native vlan
Cisco properitary ( for fa and Ge)
IEEE 802.1q: Standard method of frame tagging
Insert a field into the frame to identify VLAN
Vlan Range (1-4096)
1-1005: default vlan. Stored in vlan.dat file in flash
1,1002-1005: reserved
1006-4096: Extended range Vlan. Stored in running-config. Implemented in Transparent mode switch.
Creating Vlan
conf# vlan
conf-vlan# name
conf# show vlan
Configure access port
conf# interface fa
conf-if# switchport mode access //configure the port as access port
conf-if# switchport access vlan
Configure trunk
conf# interface fa0/1
conf-if#switchport trunk encapsulation dot1q or isl //set encapsulation to dot1q or isl
conf-if# switchport mode trunk //configure the port as trunk port
conf-if# switchport trunk native vlan
conf-if# switchport trunk allowed vlan remove 4-8 //don't allow vlan 4 to 8 on this trunk
conf-if# switchport trunk allowed vlan all //allow all vlan traffic
Switch# show interfaces trunk
VLAN Trunking Protocol (VTP)
✗ Dynamic replication of VLAN
✗ Plug and play vlan adding
✗ VTP domain, VTP password must be same in switchs participating in VTP
✗ Sent on all active trunk interface
✗ One switch must be server
✗ Database updated on basis of latest configuration revision no.
✗ VTP sent as multicast frames
✗ VTP summery advertisement is sent every 5 min or when there is a change
VTP Modes
Server: Default mode. Can create,delete,modify vlan.
Client: Receive Vlan information from server. Sets the domain name same as domain of 1st update if
no domain is configured.
Transparent: Pass on the Vtp update but not update own database nor send own database
Configuring VTP
conf# vtp mode {server,client,transparent}
conf# vtp domain
conf# vtp password
conf# show vtp password
conf# show vtp status
VTP Pruning: Only send the vlan information to the trunks that need to know.
Vlan 1 and extended Vlan can't be pruned
conf-if# switchport trunk pruning vlan 3-5 //prune vlan 3-5 on this trunk port
No comments:
Post a Comment