Documenti di Didattica
Documenti di Professioni
Documenti di Cultura
LAN Switching
Tariq Bader
CCIE # 35627
Security/VPN team
Cisco TAC
Presentation_ID © 2010 Cisco Systems, Inc. All rights reserved. Cisco Confidential 1
Agenda
Introduction to Switched Networks
Frame Forwarding
Switching Domains
Presentation_ID © 2009 Cisco Systems, Inc. All rights reserved. Cisco Confidential 3
Borderless Switched Networks
Presentation_ID © 2009 Cisco Systems, Inc. All rights reserved. Cisco Confidential 4
Hierarchy in the Borderless Switched Network
Presentation_ID © 2009 Cisco Systems, Inc. All rights reserved. Cisco Confidential 5
Core, Distribution, Access
Presentation_ID © 2009 Cisco Systems, Inc. All rights reserved. Cisco Confidential 6
Role of Switched Networks
Presentation_ID © 2009 Cisco Systems, Inc. All rights reserved. Cisco Confidential 7
LAN
Switching
Frame Forwarding
Presentation_ID © 2009 Cisco Systems, Inc. All rights reserved. Cisco Confidential 8
Frame Forwarding – General Concept
Presentation_ID © 2009 Cisco Systems, Inc. All rights reserved. Cisco Confidential 9
MAC Address Table
Presentation_ID © 2009 Cisco Systems, Inc. All rights reserved. Cisco Confidential 10
MAC Address Table
Presentation_ID © 2009 Cisco Systems, Inc. All rights reserved. Cisco Confidential 11
Switch Forwarding Methods
Presentation_ID © 2009 Cisco Systems, Inc. All rights reserved. Cisco Confidential 12
Store-and-Forward Switching
Presentation_ID © 2009 Cisco Systems, Inc. All rights reserved. Cisco Confidential 13
Store-and-Forward Switching
Presentation_ID © 2009 Cisco Systems, Inc. All rights reserved. Cisco Confidential 14
Cut-Through Switching
Presentation_ID © 2009 Cisco Systems, Inc. All rights reserved. Cisco Confidential 15
Cut-Through Switching
Presentation_ID © 2009 Cisco Systems, Inc. All rights reserved. Cisco Confidential 16
LAN
Switching
Switching Domains
Presentation_ID © 2009 Cisco Systems, Inc. All rights reserved. Cisco Confidential 17
Collision Domains
Presentation_ID © 2009 Cisco Systems, Inc. All rights reserved. Cisco Confidential 18
Broadcast Domains
Presentation_ID © 2009 Cisco Systems, Inc. All rights reserved. Cisco Confidential 19
Switching Domains – Alleviating Network Congestion
Presentation_ID © 2009 Cisco Systems, Inc. All rights reserved. Cisco Confidential 20
LAN
Switching
Basic Cisco Switch Configuration
Presentation_ID © 2009 Cisco Systems, Inc. All rights reserved. Cisco Confidential 21
Configure Switch for Operation in a Network
Presentation_ID © 2009 Cisco Systems, Inc. All rights reserved. Cisco Confidential 22
Switch Configuration – Cisco IOS Commands
Presentation_ID © 2009 Cisco Systems, Inc. All rights reserved. Cisco Confidential 23
Preparing for Basic Switch Management
Presentation_ID © 2009 Cisco Systems, Inc. All rights reserved. Cisco Confidential 24
Preparing for Basic Switch Management
Presentation_ID © 2009 Cisco Systems, Inc. All rights reserved. Cisco Confidential 25
Preparing for Basic Switch Management
Configuring the management SVI interface:
Note: By default, the switch is configured to have the management of the switch
controlled through VLAN 1. All ports are assigned to VLAN 1 by default. For security
purposes, it is considered a best practice to use a VLAN other than VLAN 1 for the
management VLAN.
Presentation_ID © 2009 Cisco Systems, Inc. All rights reserved. Cisco Confidential 26
Preparing for Basic Switch Management
Presentation_ID © 2009 Cisco Systems, Inc. All rights reserved. Cisco Confidential 27
Configuring Switch Ports
Configuring Switch Ports at the Physical Layer
Presentation_ID © 2009 Cisco Systems, Inc. All rights reserved. Cisco Confidential 28
Switch Verification Show Commands
Presentation_ID © 2009 Cisco Systems, Inc. All rights reserved. Cisco Confidential 29
Manage the Cisco IOS configuration files
Presentation_ID © 2009 Cisco Systems, Inc. All rights reserved. Cisco Confidential 30
Secure Remote Access (SSH)
Secure Shell (SSH) is a
protocol that provides a
secure (encrypted),
command-line based
connection to a remote
device.
SSH is commonly used in
UNIX-based systems.
The Cisco IOS software also
supports SSH.
Because its strong
encryption features, SSH
should replace Telnet for
management connections.
SSH uses TCP port 22, by
default. Telnet uses TCP
port 23.
Presentation_ID © 2009 Cisco Systems, Inc. All rights reserved. Cisco Confidential 31
Configuring SSH on Cisco Switch
Presentation_ID © 2009 Cisco Systems, Inc. All rights reserved. Cisco Confidential 32
Verifying SSH
Presentation_ID © 2009 Cisco Systems, Inc. All rights reserved. Cisco Confidential 33
LAN
Switching
Virtual LANs (VLANs)
Presentation_ID © 2009 Cisco Systems, Inc. All rights reserved. Cisco Confidential 34
VLAN Definitions
Presentation_ID © 2009 Cisco Systems, Inc. All rights reserved. Cisco Confidential 36
VLAN Definitions
Presentation_ID © 2009 Cisco Systems, Inc. All rights reserved. Cisco Confidential 37
Benefits of VLANs
Security
Cost reduction
Better performance
Shrink broadcast domains
Improved IT staff efficiency
Simpler project and application management
Physical topology independence
Presentation_ID © 2009 Cisco Systems, Inc. All rights reserved. Cisco Confidential 38
Types of VLANs
Data VLAN
Default VLAN
Native VLAN
Management
VLAN
Presentation_ID © 2009 Cisco Systems, Inc. All rights reserved. Cisco Confidential 39
VLAN Port Membership Modes
Presentation_ID © 2009 Cisco Systems, Inc. All rights reserved. Cisco Confidential 40
VLAN Port Membership Modes
Presentation_ID © 2009 Cisco Systems, Inc. All rights reserved. Cisco Confidential 41
VLAN Trunks
Presentation_ID © 2009 Cisco Systems, Inc. All rights reserved. Cisco Confidential 42
VLAN Trunks
Presentation_ID © 2009 Cisco Systems, Inc. All rights reserved. Cisco Confidential 43
VLAN Trunks – Role of Trunk
Trunk is like a big divided switchport, each division is for a VLAN
Presentation_ID © 2009 Cisco Systems, Inc. All rights reserved. Cisco Confidential 44
Controlling Broadcast Domains with VLANs
Presentation_ID © 2009 Cisco Systems, Inc. All rights reserved. Cisco Confidential 45
Tagging Ethernet Frames for VLAN Identification
Presentation_ID © 2009 Cisco Systems, Inc. All rights reserved. Cisco Confidential 46
Tagging Ethernet Frames for VLAN Identification
Presentation_ID © 2009 Cisco Systems, Inc. All rights reserved. Cisco Confidential 47
Native VLANs and 802.1Q Tagging
Presentation_ID © 2009 Cisco Systems, Inc. All rights reserved. Cisco Confidential 48
VLAN Ranges on Catalyst Switches
Cisco Catalyst 2960 and 3560 Series switches support over 4,000
VLANs.
VLANs are split into two categories:
o Normal range VLANs
• VLAN numbers from 1 to 1,005
• Configurations stored in the vlan.dat (in the flash
memory)
• VTP can only learn and store normal range VLANs
o Extended Range VLANs
• VLAN numbers from 1,006 to 4,096
• Configurations stored in the running configuration
(NVRAM)
• VTP does not learn extended range VLANs
Presentation_ID © 2009 Cisco Systems, Inc. All rights reserved. Cisco Confidential 49
Configuring VLANs and Trunks
Presentation_ID © 2009 Cisco Systems, Inc. All rights reserved. Cisco Confidential 50
VLAN Configuration – Creating a VLAN
Presentation_ID © 2009 Cisco Systems, Inc. All rights reserved. Cisco Confidential 51
VLAN Configuration – Assigning Ports to VLANs
Presentation_ID © 2009 Cisco Systems, Inc. All rights reserved. Cisco Confidential 52
VLAN Configuration – Assigning Ports to VLANs
Presentation_ID © 2009 Cisco Systems, Inc. All rights reserved. Cisco Confidential 53
VLAN Configuration – Changing VLAN Port Membership
Presentation_ID © 2009 Cisco Systems, Inc. All rights reserved. Cisco Confidential 54
VLAN Configuration – Changing VLAN Port Membership(cont)
Presentation_ID © 2009 Cisco Systems, Inc. All rights reserved. Cisco Confidential 55
VLAN Configuration – Deleting VLANs
Presentation_ID © 2009 Cisco Systems, Inc. All rights reserved. Cisco Confidential 56
VLAN Configuration – Verifying VLAN Information
Presentation_ID © 2009 Cisco Systems, Inc. All rights reserved. Cisco Confidential 57
VLAN Configuration – Verifying VLAN Information
Presentation_ID © 2009 Cisco Systems, Inc. All rights reserved. Cisco Confidential 58
VLAN Configuration – Configuring IEEE 802.1q Trunk Links
Presentation_ID © 2009 Cisco Systems, Inc. All rights reserved. Cisco Confidential 59
VLAN Configuration – Resetting the Trunk To Default State
Presentation_ID © 2009 Cisco Systems, Inc. All rights reserved. Cisco Confidential 60
VLAN Configuration – Resetting the Trunk To Access Mode
Presentation_ID © 2009 Cisco Systems, Inc. All rights reserved. Cisco Confidential 61
VLAN Configuration – Verifying Trunk Configuration
Presentation_ID © 2009 Cisco Systems, Inc. All rights reserved. Cisco Confidential 62
Dynamic Trunking Protocol (DTP)
Presentation_ID © 2009 Cisco Systems, Inc. All rights reserved. Cisco Confidential 64
Dynamic Trunking Protocol (DTP)
Presentation_ID © 2009 Cisco Systems, Inc. All rights reserved. Cisco Confidential 65
Design Best Practices for VLANs & Switches
Move all ports from VLAN 1 and assign them to a not-in-use
VLAN
Shut down all unused switch ports.
Separate management and user data traffic.
Change the management VLAN to a VLAN other than VLAN 1.
(The same goes to the native VLAN.)
Ensure that only devices in the management VLAN can
connect to the switches.
The switch should only accept SSH connections.
Disable auto negotiation on trunk ports.
Do not use the auto or desirable switch port modes.
Presentation_ID © 2009 Cisco Systems, Inc. All rights reserved. Cisco Confidential 66
LAN
Switching
VLAN Trunking Protocol (VTP)
Presentation_ID © 2009 Cisco Systems, Inc. All rights reserved. Cisco Confidential 67
VTP Definition
VTP is a Cisco proprietary protocol used to exchange VLAN
information across trunk links, so it synchronizes information
about VLANs that are configured throughout a switched
network.
VTP simplifies VLAN configuration.
VTP allows an administrator to add, delete, and rename
VLANs, then these modifications are propagated to all other
switches in the VTP domain.
VTP provides consistent VLAN configuration across all
switches in the network.
Switches transmit VTP messages only on 802.1Q and ISL
trunks.
Presentation_ID © 2009 Cisco Systems, Inc. All rights reserved. Cisco Confidential 68
VTP helps to have End-to-End VLAN
Presentation_ID © 2009 Cisco Systems, Inc. All rights reserved. Cisco Confidential 71
VTP Operation
VTP advertisements are sent as multicast frames.
VTP servers and clients are synchronized to the latest revision number.
VTP advertisements are sent every 5 minutes or when there is a change.
Presentation_ID © 2009 Cisco Systems, Inc. All rights reserved. Cisco Confidential 72
VTP Operation – Default Switch VTP Settings
Presentation_ID © 2009 Cisco Systems, Inc. All rights reserved. Cisco Confidential 73
VTP Operation – VTP Domains
Presentation_ID © 2009 Cisco Systems, Inc. All rights reserved. Cisco Confidential 74
VTP Operation – VTP Domains
Presentation_ID © 2009 Cisco Systems, Inc. All rights reserved. Cisco Confidential 75
VTP Operation – VTP Advertisements
Presentation_ID © 2009 Cisco Systems, Inc. All rights reserved. Cisco Confidential 76
VTP Operation – VTP Modes
Presentation_ID © 2009 Cisco Systems, Inc. All rights reserved. Cisco Confidential 77
VTP Pruning
Uses bandwidth more efficiently by reducing unnecessary flooded traffic
Limits unnecessary dissemination of VLAN information.
Example: Station A sends broadcast; broadcast flooded only toward any
switch with ports assigned to the red VLAN
Switch(config)# vtp pruning
Presentation_ID © 2009 Cisco Systems, Inc. All rights reserved. Cisco Confidential 79
VTP Configuration on the Switch
Presentation_ID © 2009 Cisco Systems, Inc. All rights reserved. Cisco Confidential 80
VTP Server – Verifying Default Settings
Since no VLAN configurations were made, all settings will be the defaults. Notice
the VTP mode is Server.
The number of existing VLANs is the five built-in (reserved) VLANs.
VLAN 1, 1002, 1003, 1004, 1005
DLSwitchA#show vtp status
VTP Version : 2
Configuration Revision : 0
Maximum VLANs supported locally : 1005
Number of existing VLANs : 5
VTP Operating Mode : Server
VTP Domain Name :
VTP Pruning Mode : Disabled
VTP V2 Mode : Disabled
VTP Traps Generation : Disabled
MD5 digest : 0xB7 0x5D 0xB6 0x6D 0xE0 0xC0 0x3E 0x2E
Configuration last modified by 0.0.0.0 at 0-0-00 00:00:00
Local updater ID is 10.1.1.250 on interface Vl1 (lowest numbered VLAN
interface found)
Presentation_ID © 2009 Cisco Systems, Inc. All rights reserved. Cisco Confidential 81
VTP Verifying Commands
Presentation_ID © 2009 Cisco Systems, Inc. All rights reserved. Cisco Confidential 82
VTP Common Configuration Problems
Presentation_ID © 2009 Cisco Systems, Inc. All rights reserved. Cisco Confidential 83
LAN
Redundancy
Presentation_ID © 2009 Cisco Systems, Inc. All rights reserved. Cisco Confidential 84
STP Overview – Purpose of the STP
Spanning Tree Protocol (STP) is used to prevent loops from
being formed on redundant networks
Ethernet switches must forward unknown unicast and
broadcast Ethernet frames to all physical ports.
Ethernet frames do not have a time to live (TTL) attribute.
So frames continue to propagate between switches
endlessly, or until a link is disrupted and breaks the loop.
If there is more than one path for the frame to be forwarded
out, an endless loop can result.
Presentation_ID © 2009 Cisco Systems, Inc. All rights reserved. Cisco Confidential 85
STP Overview – Purpose of the STP (Cont.)
Therefore Ethernet networks require a loop-free topology,
otherwise more and more broadcast and unknown unicast
frames would swamp the network (creation of frame
duplicates resulting in a broadcast storm).
o Unknown unicast frame: Frame with a target Ethernet
address that is not known by the receiving bridge.
o Broadcast frame: Ethernet frame with a broadcast target
Ethernet address, e.g. for protocols such as ARP or BOOTP /
DHCP
This also results in MAC database instability.
o When a loop occurs, it is possible for the MAC address table
on a switch to constantly change with the updates from the
broadcast frames, resulting in MAC database instability
Presentation_ID © 2009 Cisco Systems, Inc. All rights reserved. Cisco Confidential 86
Redundant LAN Design
Presentation_ID © 2009 Cisco Systems, Inc. All rights reserved. Cisco Confidential 87
Loops in the Redundant LAN
Presentation_ID © 2009 Cisco Systems, Inc. All rights reserved. Cisco Confidential 88
Redundant LAN Issues – Broadcast Storms
Presentation_ID © 2009 Cisco Systems, Inc. All rights reserved. Cisco Confidential 89
Redundant LAN Issues – Duplicate Unicast Frames
Presentation_ID © 2009 Cisco Systems, Inc. All rights reserved. Cisco Confidential 90
STP Operation – STP Algorithm
STP ensures that there is only one logical path between all
destinations on the network by intentionally blocking
redundant paths that could cause a loop.
A port is considered blocked when user data is prevented
from entering or leaving that port. This does not include
bridge protocol data unit (BPDU) frames that are used by
STP to prevent loops.
The physical paths still exist to provide redundancy, but
these paths are disabled to prevent the loops from
occurring.
If the path is ever needed to compensate for a network
cable or switch failure, STP recalculates the paths and
unblocks the necessary ports to allow the redundant path to
become active.
Presentation_ID © 2009 Cisco Systems, Inc. All rights reserved. Cisco Confidential 91
STP Operation – STP Algorithm
Assume PC1 has sent a broadcast
Presentation_ID © 2009 Cisco Systems, Inc. All rights reserved. Cisco Confidential 92
STP Operation – STP Algorithm
Presentation_ID © 2009 Cisco Systems, Inc. All rights reserved. Cisco Confidential 93
STP Operation – STP Algorithm
Presentation_ID © 2009 Cisco Systems, Inc. All rights reserved. Cisco Confidential 94
STP Operation – Port Roles
Presentation_ID © 2009 Cisco Systems, Inc. All rights reserved. Cisco Confidential 95
STP Operation – Port States
Presentation_ID © 2009 Cisco Systems, Inc. All rights reserved. Cisco Confidential 96
STP Operation – Port States vs Port Roles
Presentation_ID © 2009 Cisco Systems, Inc. All rights reserved. Cisco Confidential 97
STP Operation – Root Bridge & BID
Presentation_ID © 2009 Cisco Systems, Inc. All rights reserved. Cisco Confidential 98
STP Operation – BID
Presentation_ID © 2009 Cisco Systems, Inc. All rights reserved. Cisco Confidential 100
STP Operation – Path Cost & Preference
Presentation_ID © 2009 Cisco Systems, Inc. All rights reserved. Cisco Confidential 101
STP Operation – STP Convergence Process (BPDU Process)
Presentation_ID © 2009 Cisco Systems, Inc. All rights reserved. Cisco Confidential 102
STP Operation – STP Convergence Process (BPDU Process)
Presentation_ID © 2009 Cisco Systems, Inc. All rights reserved. Cisco Confidential 103
STP Operation – STP Convergence Process (BPDU Process)
Presentation_ID © 2009 Cisco Systems, Inc. All rights reserved. Cisco Confidential 104
STP Operation – STP Convergence Process (BPDU Process)
Presentation_ID © 2009 Cisco Systems, Inc. All rights reserved. Cisco Confidential 105
STP Operation – BPDU Format
Presentation_ID © 2009 Cisco Systems, Inc. All rights reserved. Cisco Confidential 106
STP Operation – BPDU Format
Presentation_ID © 2009 Cisco Systems, Inc. All rights reserved. Cisco Confidential 107
STP Operation – BPDU Timers
Presentation_ID © 2009 Cisco Systems, Inc. All rights reserved. Cisco Confidential 108
STP Standards & Enhancements
The first STP standard was IEEE 802.1D Slow convergence (up to 50
seconds) has been enhanced with variant standards over time
Presentation_ID © 2009 Cisco Systems, Inc. All rights reserved. Cisco Confidential 109
Q&A
Presentation_ID © 2009 Cisco Systems, Inc. All rights reserved. Cisco Confidential 110
Presentation_ID © 2009 Cisco Systems, Inc. All rights reserved. Cisco Confidential 111