Cisco TAC Entry Training

Cisco TAC Entry Training
LAN Switching
Tariq Bader
CCIE # 35627
Security/VPN team
Cisco TAC
Presentation_ID © 2010 Cisco Systems, Inc. All rights reserved. Cisco Confidential 1
Agenda
Introduction to Switched Networks
Frame Forwarding
Switching Domains
Basic Cisco Switch Configuration
Virtual LANs (VLANs)
VLAN Trunking Protocol (VTP)
Spanning Tree Protocol (STP)

Introduction
to Switched
Networks
Borderless Switched Networks
Borderless Switched Networks
 The Cisco Borderless Network is a network architecture that

allows organizations to connect anyone, anywhere, anytime,
and on any device securely, reliably, and seamlessly.
 Cisco Borderless Network is designed to address IT and
business challenges, such as supporting the converged
network and changing work patterns.
Hierarchy in the Borderless Switched Network
Core, Distribution, Access
Role of Switched Networks
 Switching technologies are crucial to network design.

 Switching allow traffic to be sent only where it is needed in
most cases, using fast methods.
 A switched LAN:
o Allows more flexibility
o Allows more traffic management
o Supports quality of service, additional security, wireless, IP
telephony, and mobility services
LAN
Switching
Frame Forwarding
Frame Forwarding – General Concept
 A switch makes a decision based on ingress and a

destination port.
 A LAN switch keeps a table that it uses to determine how to
forward traffic through the switch.
 Cisco LAN switches forward Ethernet frames based on the
destination MAC address of the frames.
MAC Address Table
 A switch must first learn which devices exist on each port

before it can transmit a frame.
 It builds a table called a MAC address or content
addressable memory (CAM) table.
 The mapping device <-> port is stored in the CAM table.
 CAM is a special type of memory used in high-speed
searching applications.
 The information in the MAC address table used to send
frames.
 When a switch receives an incoming frame with a MAC
address that is not found in the CAM table, it floods it to all
ports, but the one that received the frame.
MAC Address Table
Switch Forwarding Methods
Store-and-Forward Switching
Allows the switch to:

o Check for errors (via FCS check)
o Perform automatic buffering
Slower forwarding process
Store-and-Forward Switching
Cut-Through Switching
 Allows the switch to start forwarding in

about 10 microseconds
 No FCS check
 No automatic buffering
Cut-Through Switching
LAN
Switching
Switching Domains
Collision Domains
 A collision domain is the segment where devices

must compete to communicate.
o All ports of a hub belong to the same collision domain.
o Every port of a switch is a collision domain on its own.
o A switch break the segment into smaller collision
domains, easing device competition.
Broadcast Domains
 A broadcast domain is the extend of the network

where a broadcast frame can be heard.
o Switches forward broadcast frames to all ports;
therefore, switches do not break broadcast domains.
o All ports of a switch, with its default configuration,
belong to the same broadcast domain.
o If two or more switches are connected, broadcasts are
forwarded to all ports of all switches, except for the
port that originally received the broadcast.
Switching Domains – Alleviating Network Congestion
 Switches help alleviating network congestion by:

o Facilitating the segmentation of a LAN into separate
collision domains
o Providing full-duplex communication between devices
o Taking advantage of their high-port density
o Buffering large frames
o Employing high-speed ports
o Taking advantage of their fast internal switching process
o Having a low, per-port cost
LAN
Switching
Basic Cisco Switch Configuration
Configure Switch for Operation in a Network
Switch Configuration – Cisco IOS Commands
Preparing for Basic Switch Management
 To remotely manage a Cisco switch, it must be configured to

access the network.
 An IP address and a subnet mask must be configured.
 If managing the switch from a remote network, a default
gateway must also be configured.
 The IP information (address, subnet mask, gateway) is to be
assigned to a switch virtual interface (SVI).
 Although these IP settings allow remote management and
remote access to the switch, they do not allow the switch to
route Layer 3 packets.
 Configuring the management SVI interface:
Note: By default, the switch is configured to have the management of the switch
controlled through VLAN 1. All ports are assigned to VLAN 1 by default. For security
purposes, it is considered a best practice to use a VLAN other than VLAN 1 for the
management VLAN.
 Configuring a default gateway
Configuring Switch Ports
 Configuring Switch Ports at the Physical Layer
Switch Verification Show Commands
Manage the Cisco IOS configuration files
Secure Remote Access (SSH)
 Secure Shell (SSH) is a
protocol that provides a
secure (encrypted),
command-line based
connection to a remote
device.
 SSH is commonly used in
UNIX-based systems.
 The Cisco IOS software also
supports SSH.
 Because its strong
encryption features, SSH
should replace Telnet for
management connections.
 SSH uses TCP port 22, by
default. Telnet uses TCP
port 23.
Configuring SSH on Cisco Switch
Verifying SSH
LAN
Switching
Virtual LANs (VLANs)
VLAN Definitions
 VLAN: Group of devices on one or more LANs that are configured

so that they can communicate as if they were attached to the
same wire, when in fact they are located on a number of different
LAN segments.
 In simple words VLAN is a logical partition of a Layer 2 network.
 Multiple partitions can be created, allowing for multiple VLANs to
co-exist.
 The partitioning of the Layer 2 network takes place inside a Layer
2 device, usually via a switch.
 Each VLAN is a broadcast domain, usually with its own IP network.
Why usually not always ?
 Switches using VLANs separate the broadcast domains but do not
have the latency problems of a router. Switches are also a more
cost-effective solution.
VLAN Definitions
 VLANs are mutually isolated and packets can only pass

between them via a router (L3 device)
 The hosts grouped within a VLAN are unaware of the VLAN’s
existence.
 A VLAN can be named for easier identification
 Different VLANs should have:
o Different VLAN IDs.
o Different VLAN Names.
VLAN Definitions
Benefits of VLANs
 Security
 Cost reduction
 Better performance
 Shrink broadcast domains
 Improved IT staff efficiency
 Simpler project and application management
 Physical topology independence
Types of VLANs
 Data VLAN
 Default VLAN
 Native VLAN
 Management
VLAN
VLAN Port Membership Modes
VLAN Port Membership Modes
 Static VLAN (Port based): Switch ports are manually

configured to be in a certain VLAN.
 Dynamic VLAN (MAC based): PCs connected to a switch port
will be automatically placed into a certain VLAN based on
the MAC address of the PC.
 Voice VLAN: The voice VLAN feature enables access ports to
carry IP voice traffic from an IP phone.
VLAN Trunks
 A VLAN trunk carries more than one VLAN.

 A VLAN trunk is usually established between switches so
same-VLAN devices can communicate, even if physically
connected to different switches.
 A VLAN trunk is not associated to any VLANs; neither is the
trunk ports used to establish the trunk link.
 Cisco IOS supports IEEE802.1q, a popular VLAN trunk
protocol.
VLAN Trunks
VLAN Trunks – Role of Trunk
 Trunk is like a big divided switchport, each division is for a VLAN
Controlling Broadcast Domains with VLANs
 VLANs can be used to limit the reach of broadcast frames.

 A VLAN is a broadcast domain of its own.
 A broadcast frame sent by a device in a specific VLAN is
forwarded within that VLAN only.
 VLANs help control the reach of broadcast frames and their
impact in the network.
 Unicast and multicast frames are forwarded within the
originating VLAN.
Tagging Ethernet Frames for VLAN Identification
 Frame tagging is the process of adding a VLAN identification

header to the frame.
 It is used to properly transmit multiple VLAN frames through a
trunk link.
 Switches tag frames to identify the VLAN to that they belong.
Different tagging protocols exist; IEEE 802.1Q is a vey popular
example.
 The protocol defines the structure of the tagging header added to
the frame.
 Switches add VLAN tags to the frames before placing them into
trunk links and remove the tags before forwarding frames through
nontrunk ports.
 When properly tagged, the frames can transverse any number of
switches via trunk links and still be forwarded within the correct
VLAN at the destination.
Tagging Ethernet Frames for VLAN Identification
Native VLANs and 802.1Q Tagging
 Frames that belong to the native VLAN are not tagged.

 Frames received untagged remain untagged and are placed
in the native VLAN when forwarded.
 If there are no ports associated to the native VLAN and no
other trunk links, an untagged frame is dropped.
 In Cisco switches, the native VLAN is VLAN 1, by default.
VLAN Ranges on Catalyst Switches
 Cisco Catalyst 2960 and 3560 Series switches support over 4,000
VLANs.
 VLANs are split into two categories:
o Normal range VLANs
• VLAN numbers from 1 to 1,005
• Configurations stored in the vlan.dat (in the flash
memory)
• VTP can only learn and store normal range VLANs
o Extended Range VLANs
• VLAN numbers from 1,006 to 4,096
• Configurations stored in the running configuration
(NVRAM)
• VTP does not learn extended range VLANs
Configuring VLANs and Trunks
VLAN Configuration – Creating a VLAN
VLAN Configuration – Assigning Ports to VLANs
VLAN Configuration – Assigning Ports to VLANs
VLAN Configuration – Changing VLAN Port Membership
VLAN Configuration – Changing VLAN Port Membership(cont)
VLAN Configuration – Deleting VLANs
VLAN Configuration – Verifying VLAN Information
VLAN Configuration – Verifying VLAN Information
VLAN Configuration – Configuring IEEE 802.1q Trunk Links
VLAN Configuration – Resetting the Trunk To Default State
VLAN Configuration – Resetting the Trunk To Access Mode
VLAN Configuration – Verifying Trunk Configuration
Dynamic Trunking Protocol (DTP)
 Switch ports can be manually configured to form trunks.

 Switch ports can also be configured to negotiate and
establish a trunk link with a connected peer.
 The Dynamic Trunking Protocol (DTP) manages trunk
negotiation.
 DTP is a Cisco proprietary protocol and is enabled, by
default, in Cisco Catalyst 2960 and 3560 switches.
 If the port on the neighbor switch is configured in a trunk
mode that supports DTP, it manages the negotiation.
 The default DTP configuration for Cisco Catalyst 2960 and
3560 switches is dynamic auto.
 Cisco Catalyst 2960 and 3560 support the following trunk
modes:
o Switchport mode dynamic auto
o Switchport mode dynamic desirable
o Switchport mode trunk
o Switchport nonegotiate
Design Best Practices for VLANs & Switches
 Move all ports from VLAN 1 and assign them to a not-in-use
VLAN
 Shut down all unused switch ports.
 Separate management and user data traffic.
 Change the management VLAN to a VLAN other than VLAN 1.
(The same goes to the native VLAN.)
 Ensure that only devices in the management VLAN can
connect to the switches.
 The switch should only accept SSH connections.
 Disable auto negotiation on trunk ports.
 Do not use the auto or desirable switch port modes.
LAN
Switching
VLAN Trunking Protocol (VTP)
VTP Definition
 VTP is a Cisco proprietary protocol used to exchange VLAN
information across trunk links, so it synchronizes information
about VLANs that are configured throughout a switched
network.
 VTP simplifies VLAN configuration.
 VTP allows an administrator to add, delete, and rename
VLANs, then these modifications are propagated to all other
switches in the VTP domain.
 VTP provides consistent VLAN configuration across all
switches in the network.
 Switches transmit VTP messages only on 802.1Q and ISL
trunks.
VTP helps to have End-to-End VLAN
 End-to-End means that users are grouped into VLANs

independent of physical location.
 If users are moved within the campus, their VLAN membership
remains the same.
VTP Modes
 VTP Server:
o This has a default VTP mode. VLANs can be created, modified, and
deleted.
o At least one VTP server must exist in the VTP domain.
o A switch must be in server mode to be able to create, delete, add, and
modify VLANs.
o Any change made to a switch in server mode will be advertised to the
entire VTP domain.
 VTP Client:
o This behaves like a VTP server without the ability to create, change, or
delete VLANs.
o Receives information from VTP server and modifies VLAN configuration
accordingly.
 VTP Transparent:
o Switches in the VTP Transparent mode do not participate in VTP.
o Will forward VTP information received from VTP server through trunk links
but will not modify its VLAN configuration
o It will keep its own configuration, and can create, modify, & delete LOCAL
VLAN
VTP Modes
VTP Operation
 VTP advertisements are sent as multicast frames.
 VTP servers and clients are synchronized to the latest revision number.
 VTP advertisements are sent every 5 minutes or when there is a change.
VTP Operation – Default Switch VTP Settings
VTP Operation – VTP Domains
VTP Operation – VTP Domains
VTP Operation – VTP Advertisements
VTP Operation – VTP Modes
VTP Pruning
 Uses bandwidth more efficiently by reducing unnecessary flooded traffic
 Limits unnecessary dissemination of VLAN information.
 Example: Station A sends broadcast; broadcast flooded only toward any
switch with ports assigned to the red VLAN
 Switch(config)# vtp pruning
Pruning Disabled Pruning Enabled

VTP Configuration
 In order to make switches participate in VTP, they should

have the following:
o Same VTP Domain.
o Same VTP Password.
o Same VTP version.
o A trunk must be configured between the switches.
 Configure the VTP server first.
VTP Configuration on the Switch
 VLAN Database Mode:

Switch#vlan database
Switch(vlan)#vtp v2-mode
Switch(vlan)#vtp domain cisco
Switch(vlan)#vtp password cisco123
Switch(vlan)#vtp {client | server | transparent}
 Global Configuariton Mode:

Switch(config)#vtp mode {client | server | transparent}
Switch(config)#vtp version <1-3>
Switch(config)#vtp domain cisco
Switch(config)#vtp password cisco123
VTP Server – Verifying Default Settings
 Since no VLAN configurations were made, all settings will be the defaults. Notice
the VTP mode is Server.
 The number of existing VLANs is the five built-in (reserved) VLANs.
VLAN 1, 1002, 1003, 1004, 1005
DLSwitchA#show vtp status
VTP Version : 2
Configuration Revision : 0
Maximum VLANs supported locally : 1005
Number of existing VLANs : 5
VTP Operating Mode : Server
VTP Domain Name :
VTP Pruning Mode : Disabled
VTP V2 Mode : Disabled
VTP Traps Generation : Disabled
MD5 digest : 0xB7 0x5D 0xB6 0x6D 0xE0 0xC0 0x3E 0x2E
Configuration last modified by 0.0.0.0 at 0-0-00 00:00:00
Local updater ID is 10.1.1.250 on interface Vl1 (lowest numbered VLAN
interface found)
VTP Verifying Commands
 show vtp status

 show vtp counters
 show interfaces trunk
VTP Common Configuration Problems
LAN
Redundancy
Spanning Tree Protocol (STP)
STP Overview – Purpose of the STP
 Spanning Tree Protocol (STP) is used to prevent loops from
being formed on redundant networks
 Ethernet switches must forward unknown unicast and
broadcast Ethernet frames to all physical ports.
 Ethernet frames do not have a time to live (TTL) attribute.
 So frames continue to propagate between switches
endlessly, or until a link is disrupted and breaks the loop.
 If there is more than one path for the frame to be forwarded
out, an endless loop can result.
STP Overview – Purpose of the STP (Cont.)
 Therefore Ethernet networks require a loop-free topology,
otherwise more and more broadcast and unknown unicast
frames would swamp the network (creation of frame
duplicates resulting in a broadcast storm).
o Unknown unicast frame: Frame with a target Ethernet
address that is not known by the receiving bridge.
o Broadcast frame: Ethernet frame with a broadcast target
Ethernet address, e.g. for protocols such as ARP or BOOTP /
DHCP
 This also results in MAC database instability.
o When a loop occurs, it is possible for the MAC address table
on a switch to constantly change with the updates from the
broadcast frames, resulting in MAC database instability
Redundant LAN Design
Loops in the Redundant LAN
Redundant LAN Issues – Broadcast Storms
Redundant LAN Issues – Duplicate Unicast Frames
STP Operation – STP Algorithm
 STP ensures that there is only one logical path between all
destinations on the network by intentionally blocking
redundant paths that could cause a loop.
 A port is considered blocked when user data is prevented
from entering or leaving that port. This does not include
bridge protocol data unit (BPDU) frames that are used by
STP to prevent loops.
 The physical paths still exist to provide redundancy, but
these paths are disabled to prevent the loops from
occurring.
 If the path is ever needed to compensate for a network
cable or switch failure, STP recalculates the paths and
unblocks the necessary ports to allow the redundant path to
become active.
 Assume PC1 has sent a broadcast
STP Operation – Port Roles
STP Operation – Port States
STP Operation – Port States vs Port Roles
STP Operation – Root Bridge & BID
STP Operation – BID
STP was enhanced to include support for VLANs, requiring the

VLAN ID to be included in the BPDU frame through the use of the
extended system ID
STP Operation – Root Bridge & BID
STP Operation – Path Cost & Preference
STP Operation – STP Convergence Process (BPDU Process)
STP Operation – BPDU Format
STP Operation – BPDU Format
STP Operation – BPDU Timers
STP Standards & Enhancements
 The first STP standard was IEEE 802.1D  Slow convergence (up to 50
seconds)  has been enhanced with variant standards over time
Q&A

Cisco TAC Entry Training - 4 - LAN Switching PDF

Caricato da

Informazioni sul documento

Titolo originale

Copyright

Formati disponibili

Condividi questo documento

Condividi o incorpora il documento

Opzioni di condivisione

Hai trovato utile questo documento?

Questo contenuto è inappropriato?

Copyright:

Formati disponibili

Cisco TAC Entry Training - 4 - LAN Switching PDF

Caricato da

Copyright:

Formati disponibili

Basic Cisco Switch Configuration

Virtual LANs (VLANs)

VLAN Trunking Protocol (VTP)

Spanning Tree Protocol (STP)

Borderless Switched Networks

 The Cisco Borderless Network is a network architecture that

 Switching technologies are crucial to network design.

 A switch makes a decision based on ingress and a

 A switch must first learn which devices exist on each port

Allows the switch to:

 Allows the switch to start forwarding in

 A collision domain is the segment where devices

 A broadcast domain is the extend of the network

 Switches help alleviating network congestion by:

 To remotely manage a Cisco switch, it must be configured to

 Configuring a default gateway

 VLAN: Group of devices on one or more LANs that are configured

 VLANs are mutually isolated and packets can only pass

 Static VLAN (Port based): Switch ports are manually

 A VLAN trunk carries more than one VLAN.

 VLANs can be used to limit the reach of broadcast frames.

 Frame tagging is the process of adding a VLAN identification

 Frames that belong to the native VLAN are not tagged.

 Switch ports can be manually configured to form trunks.

 End-to-End means that users are grouped into VLANs

Pruning Disabled Pruning Enabled

 In order to make switches participate in VTP, they should

 Configure the VTP server first.

 VLAN Database Mode:

 Global Configuariton Mode:

 show vtp status

Spanning Tree Protocol (STP)

STP was enhanced to include support for VLANs, requiring the

Potrebbero piacerti anche