Full Transcript

SWITCHING Understanding Switches and their limitations While switches are multiport bridges, these two devices have a significant difference. Bridges use software to build and maintain the switching and filtering tables while Switches use the hardwar...

SWITCHING Understanding Switches and their limitations While switches are multiport bridges, these two devices have a significant difference. Bridges use software to build and maintain the switching and filtering tables while Switches use the hardware – more specifically application specific integrated circuits (ASICs) to build and maintain their tables. Both of these devices provide a dedicated collision domain on each of their ports but switches go a little further by providing the following features:  Lower latency – Since switches used hardware based bridging using ASICs, they work faster than software based bridges.  Wire Speed – Hardware based switching allows for a near wire speed functionality due to low processing time.  Low cost – Cost of switches is very low, making cost connecting each host cost very low. While switches increase the efficiency of the network, they still have the limitations discussed below: 1. While switches break collision domains, they do not break broadcast domains. The entire layer 2 network still remains a single broadcast domain. This makes the network susceptible to broadcast storms and related problems. Routers have to be used to break the broadcast domains. 2. When redundancy is introduced in the switched network, the possibility of loops becomes very high. Dedicated protocols need to be run to ensure that the network remains loop free. This increases burden on the switches. The convergence time of these protocols is also a concern since the network will not be useable during convergence. Due to the above limitations, routers cannot be eliminated from the network. To design a good switched or bridged network, the following two important points must be considered: 1. Collision domain should be broken as much as possible. 2. The users should spend 80 percent of their time on the local segment. Bridging v/s switching While switches are just multiport bridges, there are many differences between them: 1. Bridges are software based while switches are hardware based since they use ASICs for building and maintaining their tables. 2. Switches have higher number of ports than bridges 3. Bridges have a single spanning tree instance while switches can be multiple instances. While different in some aspects, switches and bridges share the following chara cteristics: 1. Both look at hardware address of the frame to make a decision. 2. Both learn MAC address from frames received. 3. Both forward layer two broadcasts. Three functions of a switch A switch at layer 2 has the following three distinct functions: 1. Learning MAC addresses 2. Filtering and forwarding frames 3. Preventing loops on the network It is important to understand and remember each of these three functions. The following sections explain these three functions in depth. How switches work (Learning MAC address) Each network card has a unique identifier called a Media Access Control (MAC) address. This address is used in LANs for communication between devices on the same network segment. Devices that want to communicate need to know each other MAC address before s ending out packets. They use a process called ARP (Address Resolution Protocol) to find out the MAC address of another device. When the hardware address of the destination host is known, the sending host has all the required information to communicate with the remote host. To better understand the concept of ARP, let’s take a look at the following example: Let’s say that host A wants to communicate with host B for the first time. Host A knows the IP address of host B, but since this is the first time the two hosts communicate, the hardware (MAC) addresses are not known. Host A uses the ARP process to find out the MAC address of host B. The switch forwards the ARP request out all ports except the port the host A is connected to. Host B receives the ARP request and responds with its MAC address. Host B also learns the MAC address of host A (because host A sent its MAC address in the ARP request). The switch learns which MAC addresses are associated with which port. For example, because host B responded with the ARP reply that included its MAC address, the switch knows the MAC address of host B and stores that address in its MAC addr ess table. The same is with host A, the switch knows the MAC address of the host A because of the ARP request. Now, when host A sends a packet to host B, the switch looks up in its MAC address table and forwards the frame only out fa0/1 port, the port on which host B is connected. Other hosts on the network will not be involved in the communication. You can display the MAC address table of the switch by using the show mac-address- table command. MAC address table A MAC address table is made up of the following columns: VLAN MAC address Type(dynamic or static) Ports Static entries will persist through a reboot. Dynamic entries will not. Filtering and Forwarding frames When a frame arrives at a switch port, the switch examines its database of MAC addresses. If the destination address is in the database the frame will only be sent out of the interface the destination host is attached to. This process is known as frame filtering. Frame filtering helps preserve the bandwidth since the frame is only sent out the interface on which the destination MAC address is connected. This also adds a layer of security since no other host will ever receive the frame. On the other hand, if the switch does not know the destination MAC address, it will flood the frame out all active interfaces expect the interface where the frame was received on. Another situation where the switch will flood out a frame is when a host sends a broadcast message. Remember that a switched network is a single broadcast domain. Preventing loops in the network Having redundant links between switches can be very useful. If one path breaks, the traffic can take an alternative path. Though redundant paths are extremely useful, they often cause a lot of problems. Some of the problems associated wi th such loops are broadcast storms, endless looping, duplicate frames and faulty CAM tables. The spanning tree protocol is a solution to the problem of loops in a switched network. MAC learning and aging, Frame switching, Frame flooding, MAC address table MAC learning  To switch frames between LAN ports efficiently, the switch maintains an address table called the MAC table.  When the switch receives a frame, it associates the media access control (MAC) address of the sending network device with the LAN port on which it was received.  MAC address learning is enabled on all VLANs by default.  The switch dynamically builds the address table by using the MAC source address of the frames received.  When the switch receives a frame for a MAC destination address not li sted in its address table, it floods the frame to all LAN ports of the same VLAN except the port that received the frame.  When the destination station replies, the switch adds its relevant MAC source address and port ID to the address table.  The switch then forwards subsequent frames to a single LAN port without flooding all LAN ports.  You can also enter a MAC address, which is termed a static MAC address, into the table.  These static MAC entries are retained across a reboot of the switch. MAC aging  You can also configure MAC aging time in interface configuration mode or VLAN configuration mode.  The MAC aging time specifies the time before an entry ages out and is discarded from the MAC address table.  The range is from 0 to 1000000; the default is 300 seconds.  Entering the value 0 disables the MAC aging. Frame switching  LAN switches are characterized by the forwarding method that they support, such as a store - and-forward switch, cut-through switch, or fragment-free switch.  Store-and-forward switches store the entire frame in internal memory and check the frame for errors before forwarding the frame to its destination.  Store-and-forward switch operation ensures a high level of error-free network traffic, because bad data frames are discarded rather than forwarded across the network  With cut-through switching, the LAN switch copies into its memory only the destination MAC address, which is located in the first 6 bytes of the frame following the preamble.  The switch looks up the destination MAC address in its switching table, determines the outgoing interface port, and forwards the frame on to its destination through the designated switch port.  A cut-through switch reduces delay because the switch begins to forward the frame as soon as it reads the destination MAC address and determines the outgoing switch port  Fragment-free switching works like cut-through switching with the exception that a switch in fragment-free mode stores the first 64 bytes of the frame before forwarding.  Fragment-free switching can be viewed as a compromise between store-and-forward switching and cut-through switching.  The reason fragment-free switching stores only the first 64 bytes of the frame is that most network errors and collisions occur during the first 64 bytes of a frame. Frame flooding  Switches determine which port a frame must be sent out to reach its destination.  If the address is known, the frame is forwarded only on that port  If the layer 2 MAC address is unknown, the frame is flooded to all ports except the one from which it originated. Classification of Switching Techniques Circuit Switching  Circuit switched network consists of a set of switches connected by physical links.  In circuit switched network, two nodes communicate with each other over a dedicated communication path.  There is a need of pre-specified route from which data will travel and no other data is permitted.  Before starting communication, the nodes must make a reservation for the resources to be used during the communication.  In this type of switching, once a connection is established, a dedicated path exists between both ends until the connection is terminated. Packet Switching  In packet switching, messages are divided into packets of fixed or variable size.  The size of packet is decided by the network and the governing protocol.  Resource allocation for a packet is not done in packet switching.  Resources are allocated on demand.  The resource allocation is done on first-come, first-served basis. Message Switching  In message switching, it is not necessary to establish a dedicated path between transmitter and receiver.  In this, each message is routed independently through the network.  Each message carries a header that contains the full information about the destination.  Each intermediate device receives the whole message and buffers it until there are resources available to transfer it to the next hop.  If the next hop does not have enough resources to accommodate large size message, the message is stored and switch waits.  For this reason a message switching is sometimes called as Store and Forward Switching. Spanning tree protocol (STP) STP is a protocol, which helps in preventing loops that occur in a switched network. It is defined by IEE 802.1d standard. Spanning-Tree Terms Root Bridge: In a LAN network, Spanning Tree Algorithm elects a switch to be used as a central point in all the calculations, this is called the root bridge. This switch is ultimately responsible for the proper STP operation. Non-Root Bridge: Except the Root Bridge, all remaining switches of the network are considered as the Non-Root Bridges. Bridge ID: This is a unique identification number of each switch in the network. It consists of bridge priority and the base MAC Address of the switch. The default bridge priority of a Cisco Switch is 32768. This is a configurable value between 0 to 61440 but the value has to be in increments of 4096. 4096, 8192, 12288, so on and so forth are acceptable values. Priority plays a very big role in STP and how well the network will function. BPDU: Bridge Protocol Data Unit (BPDU) is the information exchanged between switches to select the Root Bridge as well as configure the network after that. A decision on which port to block is taken after examining BPDUs from the neighbors. Cisco Switches send BPDUs every 2 seconds by default. This value can be configured from 1 second to 10 seconds. Port Cost: Each port has a cost that is determined by the bandwidth of the link. Port cost determines which of the redundant links will not be blocked. The lower the cost, the better it is. Port Cost also determines which port will become the root port if multiple paths to the root bridge exist. Default port costs are shown below. Root Port: Once the Root Bridge (Switch) is elected, every other Switch in the network must select a single port on it to reach the Root Bridge (Switch). The single selected port on a Switch with least Path Cost to the Root Bridge is called the Root Port. Root Bridge (Switch) will never have a Root Port. Root Bridge (Switch) is at the Root and therefore there is no need of a Root Port to reach the root. Designated Ports: A designated port is the port that has the lowest port cost value to get on a given network, compared to other ports on that segment. STP marks the designated ports as the forwarding ports. Forwarding ports are used to forward the frames. Non-Designated Ports: A non-designated port is a port that has the higher port cost than the designated port. STP marks the non-designated port as the blocking port. Blocking ports are used to remove loops. Port States in Spanning Tree Switch ports running STP can be in one of five states.  Blocked  Listening  Learning  Forwarding  Disabled Blocked: None of the ports will transmit or receive any data, but they will listen to BPDUs. The BPDU carries various pieces of information that are used by STP to determine what state the ports should be in and what the STP topology should be. Listening: The switch listens for frames but doesn’t learn or act on them. The switch does receive the frames but discards them before any action is taken. MAC addresses are not placed into the CAM table while the port is listening. Learning: The switch will start to learn MAC addresses it can see and will populate its CAM table with the addresses and the ports on which they were found. In this state, the switch will start to transmit its own BPDUs. Forwarding: The switch has learned MAC addresses and corresponding ports and populates its CAM table with this. The switch can now forward traffic. Disabled: In the Disabled state, the port will receive BPDUs but will not forward them to the switch processor. It discards all incoming frames from both the port and other forwarding ports on the switch. The port states are transitional and allow other BPDUs to arrive in good time from other switches. Port transition times are typically:  Initialization to blocking  Blocking to listening (20 secs)  Listening to learning (15 secs)  Learning to forwarding (15 secs)  Forwarding to disabled (if there is a failure) All ports start at the blocking state (there are a few exceptions discussed later). After STP convergence, some ports will transition to listening, learning, and finally forwarding while the rest would remain in a blocked state. Thus the time needed to transition from one stage to another; we find that a layer 2 network running STP takes 50 seconds to start switching data! This is known as the convergence time. In STP, there are three timers that are used. These determine the state of the switch or port in the STP topology.  The Hello timer – by default transmitted every 2 seconds  The Forward delay – by default 15 seconds before transitioning to forwarding  Maximum age – by default 20 seconds The hello timer is usually a message that determines if a link is still alive. The ports in the topology will receive a BPDU every 2 seconds. This is a keep-alive mechanism to determine if a port is still active in the STP topology. This value can be modified to a value ranging from 1 second to 10 seconds. The forward delay is the duration that is spent by a switch in the listening state and the learning state, this value by default on CISCO switches is equivalent to 15 seconds for each state but an administrator can tune it to a value between 4 and 30 seconds. The maximum length of time that a switch port can save the BPDU information is the max age time. This timer is usually 20 seconds but it can be changed to a value of between 6 and 40 seconds. When a switch port has not received BPDUs by the end of the maximum age, STP re-converges by finding an alternative path. STP operation in nutshell  All switches of the STP domain first elect a root bridge. The root bridge acts as a point of reference for all other switches in the network. All ports of the root bridge remain in the forwarding mode. The bridge with the lowest Bridge ID (BID) becomes the root bridge.  Once the root bridge is elected, all remaining switches select a single port that has the shortest path cost to reach the root bridge and marked it as the root port.  After selecting the root port, switches determine a single designated port for each connection.  If multiple ports are connected with the same switch or LAN segment, the switch select only one port that has the lowest path cost and marks it as the designated port.  Once the root port and designated ports are selected, the switch blocks all remaining ports to remove any possible or existing loop from the network. To view the information about the STP operation, you can use the show spanning-tree command from the privileged-exec mode. Cisco’s additions to STP (Portfast, UplinkFast, BackboneFast) UplinkFast, Backbone Fast and Portfast are Cisco’s proprietary extensions to the Classic Spanning Tree Protocol (STP 802.1 D) algorithm. The purpose UplinkFast, Backbone Fast and Portfast are to reduce the time it takes Spanning Tree Protocol (STP) to converge after a link failure. Portfast: The CISCO portfast, technology is a proprietary technology that allows such ports to transition immediately from blocking state to forwarding state, bypassing the listening and learning states.When you configure a switchport as portfast, STP will be disabled on that port and it will transition to forwarding state when it comes up and will never be blocked. UplinkFast: UplinkFast extension is useful for Direct Link failures (a link connected directlly to the same Switch). The UplinkFast extension can dramatically decrease the convergence time of the Spanning Tree Protocol (STP) in the event of the Direct link (a link connected directlly to the same Switch) failure of an uplink on an Access Layer switch. Backbonefast: The BackboneFast extension can dramatically decrease the convergence time of the Spanning Tree Protocol (STP) in the event of an Indirect link (a link in any other switch, which is not connected directly) failure, anywhere in the Spanning Tree Protocol (STP) Topology. Varieties of Spanning Tree Protocols  STP—Defined in IEEE 802.1D, this is the original standard that provided a loop-free topology in a network with redundant links. Also called Common Spanning Tree (CST), it assumed one spanning-tree instance for the entire bridged network, regardless of the number of VLANs.  Per-VLAN Spanning Tree (PVST+)—PVST+ is a Cisco enhancement of STP that provides a separate 802.1D spanning-tree instance for each VLAN configured in the network.  Rapid Spanning Tree Protocol (RSTP)—RSTP is defined in IEEE 802.1w. It is an evolution of STP that provides faster convergence than STP.  Rapid Per-VLAN Spanning Tree (Rapid PVST+)—Rapid PVST+ is a Cisco enhancement of RSTP that uses PVST+ and provides a separate instance of 802.1w for each VLAN.  Multiple Spanning Tree Protocol (MSTP)—MSTP, defined in IEEE 802.1s, maps multiple VLANs into the same spanning-tree instance. The Cisco implementation of MSTP is often referred to as Multiple Spanning Tree (MST). RSTP – Rapid Spanning Tree Protocol The features discussed in the previous section – PortFast, UplinkFast and BackboneFast were added by Cisco and because of this they worked only on Cisco switches. IEEE added these features in a new STP protocol called Rapid Spanning Tree Protocol (RSTP) under the 802.1w standard. The main difference between Rapid Spanning Tree Protocol (RSTP IEEE 802.1W) and Spanning Tree Protocol (STP IEEE 802.1D) is that Rapid Spanning Tree Protocol (RSTP IEEE 802.1W) assumes the three Spanning Tree Protocol (STP) ports states Listening, Blocking, and Disabled are same (these states do not forward Ethernet frames and they do not learn MAC addresses). Hence Rapid Spanning Tree Protocol (RSTP IEEE 802.1W) places them all into a new called Discarding state. Learning and forwarding ports remain more or less the same. Etherchannel Etherchannel is a port link aggregation technology in which multiple physical port links are grouped into one logical link. It is used to provide high speed links and redundancy. Maximum of 8 links can be aggregated to form a single logical link. Criteria – To form an Etherchannel, all ports should have: 1. Same duplex 2. Same speed 3. Same VLAN configuration (i.e., native VLAN and allowed VLAN should be same) 4. Switch port modes should be same (access or trunk mode) Etherchannel protocols Port Aggregation Protocol (PAgP) – is a Cisco proprietary EtherChannel protocol where we can combine a maximum of 8 physical links into a single virtual link. Link Aggregation Control Protocol (LACP) – is an IEEE 802.3ad standard where we can combine up to 8 ports that can be active and another 8 ports that can be in standby mode. Switched Network Without EtherChannel In this example, we connected 2 switches, Switch1 and Switch2, using four links. What do you think will happen without EtherChannel? You can see in the network topology below the link states, only one link is being utilized. If we issue the ‘show spanning-tree’ command on both switches, we can see that all interfaces of Switch1 are in forwarding state but only one interface is forwarding in Switch2, and the other interfaces are in blocking state. Switched Network With EtherChannel If we enable EtherChannel on the links of the switches, you can see that the link states for all of the links are up. Meaning, we can utilize all of the 4 links and reap the benefits of EtherChann el namely, load balancing, redundancy, and increased bandwidth. If we enter ‘show running-config interface ’ on both switches, we’ll see the ‘switchport mode trunk’ and ‘channel-group 1 mode’ commands issued on the interfaces. These commands are used to enable EtherChannel. If we enter the ‘show spanning-tree’ command, we should see a single logical interface, Port Channel 1 (Po1), instead of four separate physical interfaces. EtherChannel Port Aggregation Protocol (PAgP) Port Aggregation Protocol or PAgP is an EtherChannel technology that is a Cisco proprietary protocol. It is a form of logical aggregation of Cisco Ethernet switch ports, and it enables data/traffic load balancing. PAgP EtherChannel can combine a maximum of 8 physical links into a single virtual link. There are two Cisco EtherChannel Port Aggregation Protocol modes, which we can implement as a part of the port configuration: Auto mode– interface can respond to PAgP packet negotiation but will never start one on its own. Desirable mode– interface actively attempts a negotiating state for PAgP packet negotiation. Next, ‘show etherchannel summary’ will show us a quick overview of the EtherChannel status. EtherChannel Link Aggregation Control Protocol (LACP) Link Aggregation Control Protocol or LACP is an IEEE standard and a part of the IEEE 802.3ad specification that allows you to combine several physical Ethernet links in our network devices to form a single logical link and enable load balancing in our interfaces. We can configure LACP EtherChannel with a maximum of 16 Ethernet interfaces of the same type. In a LAG or Link Aggregation Group, up to eight member links can be in active mode, and the other eight links can be in standby mode. We have two Link Aggregation Control Protocol (LACP) modes, and these are the following: Active – The interface actively sends LACP packets in its attempt to form an LACP connection. Passive – The interface can respond to LACP negotiation but will never initiate on its own. CONFIGURATION The first requirement for link aggregation is at least one side should be in Active mode. For our example, we will configure Switch1 to be in Active Mode and the other network switch, Switch2, to be in Passive Mode. Now, using our sample network topology below, let’s configure LACP on our network switches: Switch 1 – Active Mode Switch1#conf t Switch1(config)#interface range fa0/1 - 2 Switch1(config-if-range)#duplex full Switch1(config-if-range)#channel-group 1 mode active Switch 2 – Passive Mode Switch2#conf t Switch2(config)#interface range fa0/1 - 2 Switch2(config-if-range)#duplex full Switch2(config-if-range)#channel-group 1 mode passive The logs on our switch shows that Port-Channel1 came up and link aggregation is working: *Sep 5 15:30:06.378: %LINK-3-UPDOWN: Interface Port-channel1, changed state to up *Sep 5 15:30:07.378: %LINEPROTO-5-UPDOWN: Line protocol on Interface Port-channel1, changed state to up VERIFICATION We can use the ‘show etherchannel port-channel’ command to verify link aggregation and our port channel status: Cisco Layer 3 EtherChannel – Explanation and Configuration One use case on why we would want to configure EtherChannel on Layer 3 switches is when we are forming redundancy between Core and Distribution Layers and implementing a routing protocol. Instead of learning two IP routes with the same neighboring switch (but two different next hops), we now can have a single next-hop IP address of the neighboring switch for each IP route learned. Another use case is to avoid Spanning Tree Protocol (STP) and use Layer 3 links between your Core and Distribution Layers instead. We can enable routing protocols where we can have more control on load balancing and failover and can be much faster than STP. Layer 3 EtherChannel Configuration For the Layer 3 Etherchannel configuration, we will use the topology below as an example. We have two Layer 3 switches, Switch1 and Switch2, and we will configure the two links connecting them as EtherChannels. Switch1 Configuration: Switch1(config)#interface range FastEthernet 0/1 - 2 Switch1(config-if-range)#channel-group 1 mode desirable Switch2 Configuration: Switch2(config)#interface range FastEthernet 0/1 - 2 Switch2(config-if-range)#channel-group 1 mode desirable Layer 3 EtherChannel Verification First, let’s check if we can ping between point-to-point links. Pings from Switch1 to Switch2 Switch1#ping 192.168.1.2 Type escape sequence to abort. Sending 5, 100-byte ICMP Echos to 192.168.1.2, timeout is 2 seconds:.!!!! Success rate is 80 percent (4/5), round-trip min/avg/max = 2/3/5 ms Pings from Switch2 to Switch1 Switch2#ping 192.168.1.1 Type escape sequence to abort. Sending 5, 100-byte ICM P Echos to 192.168.1.1, timeout is 2 seconds: !!!!! Success rate is 100 percent (5/5), round-trip min/avg/max = 3/3/4 ms We can also check the Group state using the ‘show etherchannel‘ command in the global configuration mode: Switch1#show etherchannel Channel-group listing: ---------------------- Group: 1 ---------- Group state = L3 Ports: 2 M axports = 4 Port-channels: 1 M ax Port-channels = 1 Protocol: PAgP M inimum Links: 0 To check the Port-channel status, we can use the ‘show etherchannel port-channel‘ command: VLAN (Virtual LAN) VLAN is a logical grouping of networking devices. VLANs are a way in which we can divide the switch into smaller broadcast domains and therefore make it possible to implement many subnets on one switch. VLAN provides following advantages:-  Solve broadcast problem  Reduce the size of broadcast domains  Allow us to add additional layer of security  Make device management easier  Allow us to implement the logical grouping of devices by function instead of location VLANs separate a layer-2 switch into multiple broadcast domains. Each VLAN is its own individual broadcast domain. Individual ports of groups of ports can be assigned to a specific VLAN. Only ports belonging to the same VLAN can freely communicate to each other. A router or a layer-3 switch is needed for inter-VLAN communication. Broadcasts from one VLAN will never be sent out to ports belonging to another VLAN. By default on cisco catalyst switches, all interfaces belong to VLAN 1. Implementing VLANs Implementing VLANs is done in three steps: 1. Create the VLAN. 2. Name the VLAN (this is optional but expected). 3. Assign switch ports to the VLAN. VLAN Membership One of the tasks that a system administrator has to perform while creating VLANs is to assign switch ports or interfaces to each VLAN. There are two ways switch interfaces can be assigned to VLANs and this gives rise to two different types of VLANs: static and dynamic. In the case of static VLANs, each switch port is statically assigned to a specific VLAN and any host connected to that switchport would automatically be a part of that VLAN. This kind of VLANs is static because individual switch ports are permanently allocated to specific VLANs. VLANs in this case are tied to switch ports and not to what is connected to those switch ports. In the case of dynamic VLANs however, all the host devices’ hardware addresses are assigned into a database so the switch can be configured to assign VLANs dynamically any time a host is connected to a switch.. Cisco switches also support a dynamic method of assigning devices to VLANs, based on the device’s MAC addresses, using a tool called VLAN Management Policy Server (VMPS). In this case VLAN is tied to the hardware addresses or MAC addresses of hosts and not to switch ports. A host whose MAC address is tied to a certain VLAN would be part of that VLAN regardless of which switch port it is connected to. Static VLANs are easier to create than dynamic VLANs because there is no need to document the hardware addresses of all hosts that would possibly be connected to the LAN and then to store them in a database on the switch. Types of VLANs Data VLAN: Configured to carry only user-generated traffic, ensuring that voice and management traffic is separated from data traffic. Default VLAN: All the ports on a switch are members of the default VLAN when the switch is reset to factory defaults. The default VLAN for Cisco switches is VLAN 1. VLAN 1 has all the features of any VLAN, except that you cannot rename it, and you cannot delete it. Native VLAN: This VLAN type serves as a common identifier on opposing ends of a trunk link. The native VLAN is not used for any traffic in the switched network unless legacy bridging devices happen to be present in the network or a multiaccess interconnection exists between switches joined by a hub. Management VLAN: The network administrator defines this VLAN as a means to access the management capabilities of a switch. By default, VLAN 1 is the management VLAN. It is a security best practice to define the management VLAN to be a VLAN distinct from all other VLANs defined in the switched LAN. You do this by configuring and activating a new VLAN interface. Voice VLANs: A voice VLAN enables switch ports to carry IP voice traffic from an IP phone. The network administrator configures a voice VLAN and assigns it to access ports. Then when an IP phone is connected to the switch port, the switch sends CDP messages that instruct the attached IP phone to send voice traffic tagged with the voice VLAN ID. STP Verification Commands Dynamic Trunking Protocol (DTP): Can be used to automatically establish trunks between capable ports (insecure method!). Switched Virtual Interface (SVI): A virtual interface which provides a routed gateway into and out of a VLAN. Router on a Stick (ROAS): Method used for communicating Inter-VLAN's using a router. There are two trunking protocols we can use: IEEE 802.1Q *dot1Q+: An open standard that is supported on switches from many vendors and most NICs. Cisco ISL (Inter-Switch Link): An old Cisco proprietary protocol that is only supported on some Cisco switches. IEEE 802.1Q ISL (Inter-Switch Link) Open Standard Cisco Proprietary Native VLAN is not tagged Native Vlan is tagged Tags Ethernet Frame Encapsulate Ethernet Frame Maximum VLANs : 4094 Maximum VLANs 1000 *VLAN Trunking Protocol (VTP) Switches use VLAN trunking protocol (VTP) to communicate among themselves about VLAN configuration. There are some requirements for VTP to communicate VLAN information between switches.  The VTP version must be same on the switches user wants to configure  VTP domain name must be same on the switches  One of the switches must be a server  Authentication should match if applied VTP modes – There are 3 modes: 1. Server – The switches are set to this mode by default. This mode allows you to create, add and delete VLANs. The changes you want to made should be done in this mode. Any changes that is done on this mode(on a particular switch) will be advertised to all the switches that are in same VTP domain. In this mode, the configuration are saved in NVRAM. Configuration – User will first make the switch VTP server Switch# config terminal Switch(config)#vtp mode server Now, User has to make a VTP domain assign a password for authentication. Switch(config)#vtp domain Switch(config)#vtp password User can verify the configuration by: Switch#show vtp 2. Client – In this mode, the switches receives the updates and can also forward the updates to other switches(which are in same VTP domain). The updates received here is not saved in NVRAM so all the configuration will be deleted if the switch is reset or reloaded i. e the switches will only learn and pass the VTP summary advertisements to the other switches. Configuration – As the switches are set to server mode by default, therefore user can change it to client mode by: Switch(config)#vtp mode client 3. Transparent – This mode only forwards the VTP summary advertisements through trunk link. The transparent mode switches can make their own local database which keep secret from other switches. The whole purpose of transparent mode is to forward the VTP summary advertisements but not to take part in the VLAN assignments. Configuration – User can change the mode to transparent by Switch(config)#vtp mode transparent CONFIGURATIONS: INTERVLAN COMMUNICATION USING LAYER 2 (ROAS) ROUTER ON A STICK On switch Switch(config)#vlan 10 Switch(config-vlan)#name ccna Switch(config-vlan)#int range f0/1-10 Switch(config-if-range)#switchport mode access Switch(config-if-range)#switchport access vlan 10 Switch(config-if-range)#ex Switch(config)#vlan 20 Switch(config-vlan)#name ccnp Switch(config-vlan)#int range f0/11-20 Switch(config-if-range)#switchport mode access Switch(config-if-range)#switchport access vlan 20 Switch(config-if-range)#ex Switch(config-if)#int f0/24 Switch(config-if)#switchport mode trunk On Router Router(config)#int f0/0 Router(config- if)#no shutdown Router(config- if)#int f0/0.10 Router(config-subif)#encapsulation dot1q 10 Router(config-subif)#ip address 192.168.1.1 255.255.255.0 Router(config- if)#int f0/0.20 Router(config-subif)#encapsulation dot1q 20 Router(config-subif)#ip address 192.168.2.1 255.255.255.0 PC0: IP: 192.168.1.10 MASK: 255.255.255.0 GATEWAY: 192.168.1.1 PC1: IP: 192.168.1.20 MASK: 255.255.255.0 GATEWAY: 192.168.1.1 PC2: IP: 192.168.2.10 MASK: 255.255.255.0 GATEWAY: 192.168.2.1 PC3: IP: 192.168.2.10 MASK: 255.255.255.0 GATEWAY: 192.168.2.1 INTERVLAN COMMUNICATION USING LAYER 3 (MULTI LAYER SWITCH (SVI-SWITCH VIRTUAL INTERFACE) On switch Switch(config)#vlan 10 Switch(config-vlan)#name ccna Switch(config-vlan)#int range f0/1-10 Switch(config-if-range)#switchport mode access Switch(config-if-range)#switchport access vlan 10 Switch(config-if-range)#ex Switch(config)#vlan 20 Switch(config-vlan)#name ccnp Switch(config-vlan)#int range f0/11-20 Switch(config-if-range)#switchport mode access Switch(config-if-range)#switchport access vlan 20 Switch(config-if-range)#ex Switch(config)#int vlan 10 Switch(config-if)#ip address 192.168.1.1 255.255.255.0 Switch(config-if)#ex Switch(config)#int vlan 20 Switch(config-if)#ip address 192.168.2.1 255.255.255.0 Switch(config-if)#ex Enabling routing on layer 3 switches Switch(config)#ip routing

Use Quizgecko on...
Browser
Browser