3. lan switching
TRANSCRIPT
-
8/13/2019 3. LAN Switching
1/75
2011 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 1
Cisco Confidential 2011 Cisco and/or its affiliates. All rights reserved. 1
Module 3:LAN Switching
-
8/13/2019 3. LAN Switching
2/75
2011 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 2
Distribution
Layer
Core Layer
AccessLayer
-
8/13/2019 3. LAN Switching
3/75
2011 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 3
-
8/13/2019 3. LAN Switching
4/75
2011 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 4
-
8/13/2019 3. LAN Switching
5/75
2011 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 5
-
8/13/2019 3. LAN Switching
6/75
2011 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 6
Cut-ThroughSwitch checks destinationaddress and immediatelybegins forwarding frame.
Fragment-Free Switch checks the first 64
bytes, then immediatelybegins forwarding frame.
Store and ForwardComplete frame isreceived and checkedbefore forwarding.
-
8/13/2019 3. LAN Switching
7/75 2011 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 7
Initial MAC address table is empty.
-
8/13/2019 3. LAN Switching
8/75 2011 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 8
Station A sends a frame to station C. Switch caches the MAC address of station A to port E0 by
learning the source address of data frames. The frame from station A to station C is flooded out to all
ports except port E0 (unknown unicasts are flooded).
-
8/13/2019 3. LAN Switching
9/75 2011 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 9
Station D sends a frame to station C. Switch caches the MAC address of station D to port E3 by
learning the source address of data frames. The frame from station D to station C is flooded out to all ports
except port E3 (unknown unicasts are flooded).
-
8/13/2019 3. LAN Switching
10/75 2011 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 10
Station A sends a frame to station C. Destination is known; frame is not flooded.
-
8/13/2019 3. LAN Switching
11/75 2011 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 11
Station D sends a broadcast or multicast frame. Broadcast and multicast frames are flooded to all ports
other than the originating port.
-
8/13/2019 3. LAN Switching
12/75 2011 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 12Cisco Confidential 2011 Cisco and/or its affiliates. All rights reserved. 12
-
8/13/2019 3. LAN Switching
13/75 2011 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 13
Unbounded failure domains
Large broadcast domains
Large amount of unknownMAC unicast traffic
Unbounded multicast traffic
Management andsupport challenges
Possible securityvulnerabilities
-
8/13/2019 3. LAN Switching
14/75
2011 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 14
VLAN = Broadcast Domain = Logical Network (Subnet)
Segmentation
Flexibility
Security
-
8/13/2019 3. LAN Switching
15/75
2011 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 15
-
8/13/2019 3. LAN Switching
16/75
2011 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 16
Each logical VLAN is like a separate physical bridge.
VLANs can span across multiple switches. Trunks carry traffic for multiple VLANs. Trunks use special encapsulation to distinguish between
different VLANs.
-
8/13/2019 3. LAN Switching
17/75
2011 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 17
-
8/13/2019 3. LAN Switching
18/75
2011 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 18
-
8/13/2019 3. LAN Switching
19/75
2011 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 19
-
8/13/2019 3. LAN Switching
20/75
2011 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 20
-
8/13/2019 3. LAN Switching
21/75
-
8/13/2019 3. LAN Switching
22/75
2011 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 22
Cannot create,change, or deleteVLANs
Sends andforwardsadvertisementsSynchronizes
Create VLANs
Modify VLANs
Delete VLANs
Sends and forwardsadvertisements
Synchronizes
Create local VLANs only
Modify local VLANs only
Delete local VLANs only
Forwards advertisements
Does notsynchronize
-
8/13/2019 3. LAN Switching
23/75
2011 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 23
VTP advertisements are sent as multicast frames.VTP servers and clients are synchronized to thelatest revision number.
VTP advertisements are sent every 5 minutes orwhen there is a change.
-
8/13/2019 3. LAN Switching
24/75
2011 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 24
-
8/13/2019 3. LAN Switching
25/75
2011 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 25
1. Configure and verify VTP.2. Configure and verify 802.1Q trunks.
3. Create or modify a VLAN on the VTP server switch.
4. Assign switch ports to a VLAN and verify.
5. Execute adds, moves, and changes.
6. Save the VLAN configuration.
-
8/13/2019 3. LAN Switching
26/75
2011 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 26
VTP defaults for the Cisco Catalyst switch:VTP domain name: None
VTP mode: Server mode
VTP pruning: Enabled or disabled (model specific)
VTP password: NullVTP version: Version 1
A new switch can automatically become part of a domain oncereceives an advertisement from a server.
A VTP client can overwrite a VTP server database if the client has a
higher revision number. A domain name cannot be removed after it is assigned; it can only bereassigned.
-
8/13/2019 3. LAN Switching
27/75
2011 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 27
SwitchX# configure terminalSwitchX(config)# vtp mode [ server | client | transparent ]SwitchX(config)# vtp domain domain-name SwitchX(config)# vtp password passwordSwitchX(config)# vtp pruningSwitchX(config)# end
-
8/13/2019 3. LAN Switching
28/75
2011 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 28
SwitchX(config)# vtp domain ICNDChanging VTP domain name to ICNDSwitchX(config)# vtp mode transparentSetting device to VTP TRANSPARENT mode.SwitchX(config)# end
SwitchX# show vtp status VTP Version : 2
Configuration Revision : 0 Maximum VLANs supported locally : 64 Number of existing VLANs : 17 VTP Operating Mode : Transparent VTP Domain Name : ICND VTP Pruning Mode : Disabled VTP V2 Mode : Disabled VTP Traps Generation : Disabled MD5 digest : 0x7D 0x6E 0x5E 0x3D 0xAF 0xA0 0x2F 0xAA
Configuration last modified by 10.1.1.4 at 3-3-93 20:08:05SwitchX#
-
8/13/2019 3. LAN Switching
29/75
2011 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 29
Configures the port as a VLAN trunk
SwitchX(config-if)#switchport mode trunk
switchport mode {access | dynamic {auto | desirable} | trunk}SwitchX(config-if)#
Configures the trunking characteristics of the port
-
8/13/2019 3. LAN Switching
30/75
2011 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 30
SwitchX# show interfaces fa0/11 trunk
Port Mode Encapsulation Status Native vlan
Fa0/11 desirable 802.1q trunking 1
Port Vlans allowed on trunkFa0/11 1-4094
Port Vlans allowed and active in management domainFa0/11 1-13
SwitchX# show interfaces fa0/11 switchport Name: Fa0/11
Switchport: Enabled Administrative Mode: trunk
Operational Mode: down Administrative Trunking Encapsulation: dot1q
Negotiation of Trunking: On Access Mode VLAN: 1 (default)Trunking Native Mode VLAN: 1 (default)
. . .
SwitchX# show interfaces interface [switchport | trunk]
-
8/13/2019 3. LAN Switching
31/75
2011 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 31
The maximum number of VLANs is switch-dependent.
Most Cisco Catalyst desktop switches support 128 separate spanning-tree instances, one per VLAN.
VLAN 1 is the factory default Ethernet VLAN.
Cisco Discovery Protocol and VTP advertisements are sent on VLAN 1.The Cisco Catalyst switch IP address is in the management VLAN (VLAN1 by default).
If using VTP, the switch must be in VTP server or transparent mode toadd or delete VLANs.
-
8/13/2019 3. LAN Switching
32/75
2011 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 32
SwitchX# configure terminalSwitchX(config)# vlan 2SwitchX(config-vlan)# name switchlab99
-
8/13/2019 3. LAN Switching
33/75
2011 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 33
SwitchX# show vlan id 2
VLAN Name Status Ports---- -------------------------------- --------- -------------------------------2 switchlab99 active Fa0/2, Fa0/12
VLAN Type SAID MTU Parent RingNo BridgeNo Stp BrdgMode Trans1 Trans2---- ----- ---------- ----- ------ ------ -------- ---- -------- ------ ------2 enet 100002 1500 - - - - - 0 0
. . .SwitchX#
SwitchX# show vlan [brief | id vlan-id || name vlan-name ]
-
8/13/2019 3. LAN Switching
34/75
2011 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 34
SwitchX# configure terminalSwitchX(config)# interface range fastethernet 0/2 - 4SwitchX(config-if)# switchport access vlan 2
SwitchX# show vlan
VLAN Name Status Ports---- -------------------------------- --------- ----------------------1 default active Fa0/12 switchlab99 active Fa0/2, Fa0/3, Fa0/4
switchport access [vlan vlan# | dynamic]
SwitchX(config-if)#
-
8/13/2019 3. LAN Switching
35/75
2011 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 35
SwitchX# show vlan brief VLAN Name Status Ports
---- -------------------------------- --------- -------------------------------
1 default active Fa0/12 switchlab99 active Fa0/2, Fa0/3, Fa0/4 3 vlan3 active4 vlan4 active1002 fddi-default act/unsup1003 token-ring-default act/unsup
VLAN Name Status Ports---- -------------------------------- --------- -------------------------------1004 fddinet-default act/unsup1005 trnet-default act/unsup
SwitchX# show vlan brief
-
8/13/2019 3. LAN Switching
36/75
2011 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 36
SwitchX# show interfaces fa0/2 switchport Name: Fa0/2
Switchport: Enabled Administrative Mode: dynamic auto
Operational Mode: static access Administrative Trunking Encapsulation: dot1q
Operational Trunking Encapsulation: native Negotiation of Trunking: On Access Mode VLAN: 2 (switchlab99)
Trunking Native Mode VLAN: 1 (default)--- output omitted ----
show interfaces interface switchport
SwitchX(config-if)#
-
8/13/2019 3. LAN Switching
37/75
2011 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 37
When using VTP, the switch must be in VTP server or transparent modeto add, change, or delete VLANs.
When you make VLAN changes from a switch in VTP server mode, thechange is propagated to other switches in the VTP domain.
Changing VLANs typically implies changing IP networks. After a port is reassigned to a new VLAN, that port is automaticallyremoved from its previous VLAN.
When you delete a VLAN, any ports in that VLAN that are not moved toan active VLAN will be unable to communicate with other stations.
-
8/13/2019 3. LAN Switching
38/75
2011 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 38Cisco Confidential 2011 Cisco and/or its affiliates. All rights reserved. 38
-
8/13/2019 3. LAN Switching
39/75
2011 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 39
When using VTP, the switch must be in VTP server or transparent modeto add, change, or delete VLANs.
When you make VLAN changes from a switch in VTP server mode, thechange is propagated to other switches in the VTP domain.
Changing VLANs typically implies changing IP networks. After a port is reassigned to a new VLAN, that port is automaticallyremoved from its previous VLAN.
When you delete a VLAN, any ports in that VLAN that are not moved toan active VLAN will be unable to communicate with other stations.
-
8/13/2019 3. LAN Switching
40/75
2011 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 40
Technology Use
Fast Ethernet Connects end-user devices tothe access layer switch
Gigabit Ethernet Connects access switch to
distribution switch and highuse servers to switches
10-GigabitEthernet
Provides high-speed switch toswitch links, backbones
EtherChannel Provides high-speed switch toswitch links, backbones with
redundancy
-
8/13/2019 3. LAN Switching
41/75
2011 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 41
Each link provides adequatebandwidth for the totalaggregatetraffic over that link.
-
8/13/2019 3. LAN Switching
42/75
2011 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 42
Logical aggregation of similarlinks between switches
Load-shares across links
Viewed as one logical portto STP
Redundancy
-
8/13/2019 3. LAN Switching
43/75
2011 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 43
Redundant topology eliminates single points of failure.
Redundant topology causes broadcast storms, multipleframe copies, and MAC address table instability problems.
-
8/13/2019 3. LAN Switching
44/75
2011 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 44
Station D sends a broadcast frame.
Broadcast frames are flooded to all portsexcept the originating port.
-
8/13/2019 3. LAN Switching
45/75
2011 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 45
Host X sends a broadcast.
Switches continue to propagatebroadcast traffic over and over.
-
8/13/2019 3. LAN Switching
46/75
-
8/13/2019 3. LAN Switching
47/75
2011 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 47
Provides a loop-free redundant network topologyby placing certain ports in the blocking state
Published in the IEEE 802.1D specification
Enhanced with the Cisco PVST+ implementation
-
8/13/2019 3. LAN Switching
48/75
2011 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 48
One root bridge per broadcast domain.One root port per nonroot bridge.
One designated port per segment.
Nondesignated ports are unused.
-
8/13/2019 3. LAN Switching
49/75
2011 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 49
BPDU (default = sent every 2 seconds)
Root bridge = bridge with the lowest bridge ID
Bridge ID = BridgePriority
MAC Address
-
8/13/2019 3. LAN Switching
50/75
2011 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 50
Spanning tree transits each port through several different states:
-
8/13/2019 3. LAN Switching
51/75
2011 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 51
PortFast is configured on access ports, not trunk ports.
-
8/13/2019 3. LAN Switching
52/75
2011 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 52
spanning-tree portfast
SwitchX(config-if)#
Configures PortFast on an interface
spanning-tree portfast default
SwitchX(config)#
Enables PortFast on all non-trunking interfaces
show running-config interface interface
SwitchX#
Verifies that PortFast has been configured on an interface
OR
-
8/13/2019 3. LAN Switching
53/75
2011 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 53
-
8/13/2019 3. LAN Switching
54/75
2011 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 54
Link Speed Cost (New IEEESpecification)Cost (Old IEEESpecification)
10 Gb/s 2 1
1 Gb/s 4 1
100 Mb/s 19 10
10 Mb/s 100 100
-
8/13/2019 3. LAN Switching
55/75
2011 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 55
-
8/13/2019 3. LAN Switching
56/75
2011 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 56
-
8/13/2019 3. LAN Switching
57/75
2011 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 57
Bridge ID without theextended system ID
Extended bridge IDwith system ID
System ID = VLAN
-
8/13/2019 3. LAN Switching
58/75
2011 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 58
-
8/13/2019 3. LAN Switching
59/75
2011 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 59
Cisco Catalyst switches support three types of STPs:PVST+
PVRST+
MSTP
The default STP for Cisco Catalyst switches is PVST+ : A separate STP instance for each VLAN
One root bridge for all VLANs
No load sharing
-
8/13/2019 3. LAN Switching
60/75
2011 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 60
-
8/13/2019 3. LAN Switching
61/75
2011 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 61
spanning-tree vlan 1 root primary
This command forces this switch to be the root for VLAN 1.
spanning-tree vlan 2 root secondary
This command configures this switch to be the secondary rootfor VLAN 2.
OR
spanning-tree vlan # priority priority
This command statically configures the priority (increments of 4096).
SwitchA(config)#
SwitchA(config)#
SwitchA(config)#
-
8/13/2019 3. LAN Switching
62/75
2011 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 62
spanning-tree vlan 2 root primary
This command forces the switch to be the root for VLAN 2.
spanning-tree vlan 1 root secondary
This command configures the switch to be the secondary root VLAN 1.
OR
spanning-tree vlan # priority priority
This command statically configures the priority (increments of 4096).
SwitchB(config)#
SwitchB(config)#
SwitchB(config)#
-
8/13/2019 3. LAN Switching
63/75
2011 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 63Cisco Confidential 2011 Cisco and/or its affiliates. All rights reserved. 63
-
8/13/2019 3. LAN Switching
64/75
2011 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 64
-
8/13/2019 3. LAN Switching
65/75
2011 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 65
-
8/13/2019 3. LAN Switching
66/75
2011 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 66
-
8/13/2019 3. LAN Switching
67/75
2011 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 67
-
8/13/2019 3. LAN Switching
68/75
2011 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 68
-
8/13/2019 3. LAN Switching
69/75
2011 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 69
-
8/13/2019 3. LAN Switching
70/75
-
8/13/2019 3. LAN Switching
71/75
2011 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 71
-
8/13/2019 3. LAN Switching
72/75
2011 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 72
-
8/13/2019 3. LAN Switching
73/75
2011 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 73
-
8/13/2019 3. LAN Switching
74/75
2011 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 74
-
8/13/2019 3. LAN Switching
75/75
Thank you.