Switching.pdf

Full Transcript

SWITCHING

Understanding Switches and their limitations
While switches are multiport bridges, these two devices have a significant difference.
Bridges use software to build and maintain the switching and filtering tables while Switches
use the hardware – more specifically application specific integrated circuits (ASICs) to build
and maintain their tables. Both of these devices provide a dedicated collision domain on
each of their ports but switches go a little further by providing the following features:

 Lower latency – Since switches used hardware based bridging using ASICs, they work faster than
software based bridges.

 Wire Speed – Hardware based switching allows for a near wire speed functionality due to low
processing time.

 Low cost – Cost of switches is very low, making cost connecting each host cost very low.

While switches increase the efficiency of the network, they still have the limitations
discussed below:

1. While switches break collision domains, they do not break broadcast domains. The
entire layer 2 network still remains a single broadcast domain. This makes the network susceptible to
broadcast storms and related problems. Routers have to be used to break the broadcast domains.

2. When redundancy is introduced in the switched network, the possibility of loops
becomes very high. Dedicated protocols need to be run to ensure that the network remains loop
free. This increases burden on the switches. The convergence time of these protocols is also a concern
since the network will not be useable during convergence.

Due to the above limitations, routers cannot be eliminated from the network. To design a good switched or
bridged network, the following two important points must be considered:

1. Collision domain should be broken as much as possible.

2. The users should spend 80 percent of their time on the local segment.

Bridging v/s switching

While switches are just multiport bridges, there are many differences between them:

1. Bridges are software based while switches are hardware based since they use ASICs
for building and maintaining their tables.

2. Switches have higher number of ports than bridges

3. Bridges have a single spanning tree instance while switches can be multiple
instances.
While different in some aspects, switches and bridges share the following chara cteristics:

1. Both look at hardware address of the frame to make a decision.

2. Both learn MAC address from frames received.

3. Both forward layer two broadcasts.

Three functions of a switch
A switch at layer 2 has the following three distinct functions:

1. Learning MAC addresses

2. Filtering and forwarding frames

3. Preventing loops on the network

It is important to understand and remember each of these three functions. The following sections explain
these three functions in depth.

How switches work (Learning MAC address)

Each network card has a unique identifier called a Media Access Control (MAC) address. This address
is used in LANs for communication between devices on the same network segment. Devices that want to
communicate need to know each other MAC address before s ending out packets. They use a process
called ARP (Address Resolution Protocol) to find out the MAC address of another device. When the hardware
address of the destination host is known, the sending host has all the required information to communicate
with the remote host.

To better understand the concept of ARP, let’s take a look at the following example:

Let’s say that host A wants to communicate with host B for the first time. Host A knows the IP address
of host B, but since this is the first time the two hosts communicate, the hardware (MAC) addresses are not
known. Host A uses the ARP process to find out the MAC address of host B. The switch forwards the ARP
request out all ports except the port the host A is connected to. Host B receives the ARP request and responds
with its MAC address. Host B also learns the MAC address of host A (because host A sent its MAC address in
the ARP request). The switch learns which MAC addresses are associated with which port. For example,
because host B responded with the ARP reply that included its MAC address, the switch knows the MAC
address of host B and stores that address in its MAC addr ess table. The same is with host A, the switch knows
the MAC address of the host A because of the ARP request.

Now, when host A sends a packet to host B, the switch looks up in its MAC address table and forwards
the frame only out fa0/1 port, the port on which host B is connected. Other hosts on the network will not be
involved in the communication.

You can display the MAC address table of the switch by using the show mac-address-
table command.

MAC address table
A MAC address table is made up of the following columns:

VLAN MAC address Type(dynamic or static) Ports

Static entries will persist through a reboot. Dynamic entries will not.

Filtering and Forwarding frames

When a frame arrives at a switch port, the switch examines its database of MAC addresses. If the
destination address is in the database the frame will only be sent out of the interface the destination host is
attached to. This process is known as frame filtering. Frame filtering helps preserve the bandwidth since the
frame is only sent out the interface on which the destination MAC address is connected. This also adds a layer
of security since no other host will ever receive the frame.

On the other hand, if the switch does not know the destination MAC address, it will flood the frame
out all active interfaces expect the interface where the frame was received on. Another situation where the
switch will flood out a frame is when a host sends a broadcast message. Remember that a switched network is
a single broadcast domain.

Preventing loops in the network

Having redundant links between switches can be very useful. If one path breaks, the traffic can take
an alternative path. Though redundant paths are extremely useful, they often cause a lot of problems. Some of
the problems associated wi th such loops are broadcast storms, endless looping, duplicate frames and faulty
CAM tables. The spanning tree protocol is a solution to the problem of loops in a switched
network.

MAC learning and aging, Frame switching, Frame flooding, MAC address table

MAC learning

 To switch frames between LAN ports efficiently, the switch maintains an address table called
the MAC table.
 When the switch receives a frame, it associates the media access control (MAC) address of
the sending network device with the LAN port on which it was received.
 MAC address learning is enabled on all VLANs by default.
  The switch dynamically builds the address table by using the MAC source address of the
frames received.
 When the switch receives a frame for a MAC destination address not li sted in its address
table, it floods the frame to all LAN ports of the same VLAN except the port that received the
frame.
 When the destination station replies, the switch adds its relevant MAC source address and
port ID to the address table.
 The switch then forwards subsequent frames to a single LAN port without flooding all LAN
ports.
 You can also enter a MAC address, which is termed a static MAC address, into the table.
 These static MAC entries are retained across a reboot of the switch.

MAC aging

 You can also configure MAC aging time in interface configuration mode or VLAN
configuration mode.
 The MAC aging time specifies the time before an entry ages out and is discarded from the
MAC address table.
 The range is from 0 to 1000000; the default is 300 seconds.
 Entering the value 0 disables the MAC aging.

Frame switching

 LAN switches are characterized by the forwarding method that they support, such as a store -
and-forward switch, cut-through switch, or fragment-free switch.
 Store-and-forward switches store the entire frame in internal memory and check the frame
for errors before forwarding the frame to its destination.
 Store-and-forward switch operation ensures a high level of error-free network traffic,
because bad data frames are discarded rather than forwarded across the network
 With cut-through switching, the LAN switch copies into its memory only the destination MAC
address, which is located in the first 6 bytes of the frame following the preamble.
 The switch looks up the destination MAC address in its switching table, determines the
outgoing interface port, and forwards the frame on to its destination through the designated
switch port.
 A cut-through switch reduces delay because the switch begins to forward the frame as soon
as it reads the destination MAC address and determines the outgoing switch port
 Fragment-free switching works like cut-through switching with the exception that a switch in
fragment-free mode stores the first 64 bytes of the frame before forwarding.
 Fragment-free switching can be viewed as a compromise between store-and-forward
switching and cut-through switching.
 The reason fragment-free switching stores only the first 64 bytes of the frame is that most
network errors and collisions occur during the first 64 bytes of a frame.

Frame flooding

 Switches determine which port a frame must be sent out to reach its destination.
 If the address is known, the frame is forwarded only on that port
 If the layer 2 MAC address is unknown, the frame is flooded to all ports except the one from
which it originated.

Classification of Switching Techniques
 Circuit Switching

 Circuit switched network consists of a set of switches connected by physical links.
 In circuit switched network, two nodes communicate with each other over a dedicated
communication path.
 There is a need of pre-specified route from which data will travel and no other data is permitted.
 Before starting communication, the nodes must make a reservation for the resources to be used
during the communication.
 In this type of switching, once a connection is established, a dedicated path exists between both
ends until the connection is terminated.

Packet Switching

 In packet switching, messages are divided into packets of fixed or variable size.
 The size of packet is decided by the network and the governing protocol.
 Resource allocation for a packet is not done in packet switching.
 Resources are allocated on demand.
 The resource allocation is done on first-come, first-served basis.

Message Switching

 In message switching, it is not necessary to establish a dedicated path between transmitter and
receiver.
 In this, each message is routed independently through the network.
 Each message carries a header that contains the full information about the destination.
 Each intermediate device receives the whole message and buffers it until there are resources
available to transfer it to the next hop.
 If the next hop does not have enough resources to accommodate large size message, the message
is stored and switch waits.
 For this reason a message switching is sometimes called as Store and Forward Switching.

Spanning tree protocol (STP)
STP is a protocol, which helps in preventing loops that occur in a switched network.

It is defined by IEE 802.1d standard.

Spanning-Tree Terms
Root Bridge: In a LAN network, Spanning Tree Algorithm elects a switch to be used as a central point
in all the calculations, this is called the root bridge. This switch is ultimately responsible for the
proper STP operation.

Non-Root Bridge: Except the Root Bridge, all remaining switches of the network are considered as
the Non-Root Bridges.

Bridge ID: This is a unique identification number of each switch in the network. It consists of bridge
priority and the base MAC Address of the switch. The default bridge priority of a Cisco Switch is
32768. This is a configurable value between 0 to 61440 but the value has to be in increments of
4096. 4096, 8192, 12288, so on and so forth are acceptable values. Priority plays a very big role in
STP and how well the network will function.

BPDU: Bridge Protocol Data Unit (BPDU) is the information exchanged between switches to select
the Root Bridge as well as configure the network after that. A decision on which port to block is
taken after examining BPDUs from the neighbors. Cisco Switches send BPDUs every 2 seconds by
default. This value can be configured from 1 second to 10 seconds.

Port Cost: Each port has a cost that is determined by the bandwidth of the link. Port cost determines
which of the redundant links will not be blocked. The lower the cost, the better it is. Port Cost also
determines which port will become the root port if multiple paths to the root bridge exist. Default
port costs are shown below.

Root Port: Once the Root Bridge (Switch) is elected, every other Switch in the network must
select a single port on it to reach the Root Bridge (Switch). The single selected port on a
Switch with least Path Cost to the Root Bridge is called the Root Port. Root Bridge (Switch)
will never have a Root Port. Root Bridge (Switch) is at the Root and therefore there is no
need of a Root Port to reach the root.

Designated Ports: A designated port is the port that has the lowest port cost value to get on
a given network, compared to other ports on that segment. STP marks the designated ports
as the forwarding ports. Forwarding ports are used to forward the frames.

Non-Designated Ports: A non-designated port is a port that has the higher port cost than the
designated port. STP marks the non-designated port as the blocking port. Blocking ports are
used to remove loops.

Port States in Spanning Tree

Switch ports running STP can be in one of five states.
  Blocked
 Listening
 Learning
 Forwarding
 Disabled

Blocked: None of the ports will transmit or receive any data, but they will listen to BPDUs. The BPDU carries
various pieces of information that are used by STP to determine what state the ports should be in and what
the STP topology should be.

Listening: The switch listens for frames but doesn’t learn or act on them. The switch does receive the frames
but discards them before any action is taken. MAC addresses are not placed into the CAM table while the port
is listening.

Learning: The switch will start to learn MAC addresses it can see and will populate its CAM table with the
addresses and the ports on which they were found. In this state, the switch will start to transmit its own
BPDUs.

Forwarding: The switch has learned MAC addresses and corresponding ports and populates its CAM table with
this. The switch can now forward traffic.

Disabled: In the Disabled state, the port will receive BPDUs but will not forward them to the switch processor.
It discards all incoming frames from both the port and other forwarding ports on the switch.

The port states are transitional and allow other BPDUs to arrive in good time from other
switches. Port transition times are typically:

 Initialization to blocking
 Blocking to listening (20 secs)
 Listening to learning (15 secs)
 Learning to forwarding (15 secs)
 Forwarding to disabled (if there is a failure)

All ports start at the blocking state (there are a few exceptions discussed later). After STP
convergence, some ports will transition to listening, learning, and finally forwarding while
the rest would remain in a blocked state. Thus the time needed to transition from one stage
to another; we find that a layer 2 network running STP takes 50 seconds to start switching
data! This is known as the convergence time. In STP, there are three timers that are used.
These determine the state of the switch or port in the STP topology.

 The Hello timer – by default transmitted every 2 seconds
 The Forward delay – by default 15 seconds before transitioning to forwarding
 Maximum age – by default 20 seconds

The hello timer is usually a message that determines if a link is still alive. The ports in the topology will receive
a BPDU every 2 seconds. This is a keep-alive mechanism to determine if a port is still active in the STP
topology. This value can be modified to a value ranging from 1 second to 10 seconds.
The forward delay is the duration that is spent by a switch in the listening state and the learning state, this
value by default on CISCO switches is equivalent to 15 seconds for each state but an administrator can tune it
to a value between 4 and 30 seconds.

The maximum length of time that a switch port can save the BPDU information is the max age time. This timer
is usually 20 seconds but it can be changed to a value of between 6 and 40 seconds. When a switch port has
not received BPDUs by the end of the maximum age, STP re-converges by finding an alternative path.

STP operation in nutshell

 All switches of the STP domain first elect a root bridge. The root bridge acts as a point of
reference for all other switches in the network. All ports of the root bridge remain in the
forwarding mode. The bridge with the lowest Bridge ID (BID) becomes the root bridge.
 Once the root bridge is elected, all remaining switches select a single port that has the
shortest path cost to reach the root bridge and marked it as the root port.
 After selecting the root port, switches determine a single designated port for each
connection.
 If multiple ports are connected with the same switch or LAN segment, the switch select only
one port that has the lowest path cost and marks it as the designated port.
 Once the root port and designated ports are selected, the switch blocks all remaining ports
to remove any possible or existing loop from the network.

To view the information about the STP operation, you can use the show spanning-tree
command from the privileged-exec mode.

Cisco’s additions to STP (Portfast, UplinkFast, BackboneFast)

UplinkFast, Backbone Fast and Portfast are Cisco’s proprietary extensions to the
Classic Spanning Tree Protocol (STP 802.1 D) algorithm. The purpose UplinkFast, Backbone
Fast and Portfast are to reduce the time it takes Spanning Tree Protocol (STP) to converge
after a link failure.

Portfast: The CISCO portfast, technology is a proprietary technology that allows such ports
to transition immediately from blocking state to forwarding state, bypassing the listening
and learning states.When you configure a switchport as portfast, STP will be disabled on
that port and it will transition to forwarding state when it comes up and will never be
blocked.

UplinkFast: UplinkFast extension is useful for Direct Link failures (a link connected directlly
to the same Switch). The UplinkFast extension can dramatically decrease the convergence
time of the Spanning Tree Protocol (STP) in the event of the Direct link (a link connected
directlly to the same Switch) failure of an uplink on an Access Layer switch.

Backbonefast: The BackboneFast extension can dramatically decrease the convergence time
of the Spanning Tree Protocol (STP) in the event of an Indirect link (a link in any other
switch, which is not connected directly) failure, anywhere in the Spanning Tree Protocol
(STP) Topology.

Varieties of Spanning Tree Protocols
  STP—Defined in IEEE 802.1D, this is the original standard that provided a loop-free
topology in a network with redundant links. Also called Common Spanning Tree
(CST), it assumed one spanning-tree instance for the entire bridged network,
regardless of the number of VLANs.
 Per-VLAN Spanning Tree (PVST+)—PVST+ is a Cisco enhancement of STP that
provides a separate 802.1D spanning-tree instance for each VLAN configured in the
network.
 Rapid Spanning Tree Protocol (RSTP)—RSTP is defined in IEEE 802.1w. It is an
evolution of STP that provides faster convergence than STP.
 Rapid Per-VLAN Spanning Tree (Rapid PVST+)—Rapid PVST+ is a Cisco enhancement
of RSTP that uses PVST+ and provides a separate instance of 802.1w for each VLAN.
 Multiple Spanning Tree Protocol (MSTP)—MSTP, defined in IEEE 802.1s, maps
multiple VLANs into the same spanning-tree instance. The Cisco implementation of
MSTP is often referred to as Multiple Spanning Tree (MST).

RSTP – Rapid Spanning Tree Protocol

The features discussed in the previous section – PortFast, UplinkFast and
BackboneFast were added by Cisco and because of this they worked only on Cisco switches.
IEEE added these features in a new STP protocol called Rapid Spanning Tree Protocol (RSTP)
under the 802.1w standard.

The main difference between Rapid Spanning Tree Protocol (RSTP IEEE
802.1W) and Spanning Tree Protocol (STP IEEE 802.1D) is that Rapid Spanning Tree Protocol
(RSTP IEEE 802.1W) assumes the three Spanning Tree Protocol (STP) ports states Listening,
Blocking, and Disabled are same (these states do not forward Ethernet frames and they do
not learn MAC addresses). Hence Rapid Spanning Tree Protocol (RSTP IEEE 802.1W) places
them all into a new called Discarding state. Learning and forwarding ports remain more or
less the same.

Etherchannel

Etherchannel is a port link aggregation technology in which multiple physical port
links are grouped into one logical link. It is used to provide high speed links and redundancy.
Maximum of 8 links can be aggregated to form a single logical link.
Criteria – To form an Etherchannel, all ports should have:
1. Same duplex
2. Same speed
3. Same VLAN configuration (i.e., native VLAN and allowed VLAN should be same)
4. Switch port modes should be same (access or trunk mode)

Etherchannel protocols

Port Aggregation Protocol (PAgP) – is a Cisco proprietary EtherChannel protocol where we
can combine a maximum of 8 physical links into a single virtual link.
Link Aggregation Control Protocol (LACP) – is an IEEE 802.3ad standard where we can
combine up to 8 ports that can be active and another 8 ports that can be in standby mode.

Switched Network Without EtherChannel

In this example, we connected 2 switches, Switch1 and Switch2, using four links. What do you think
will happen without EtherChannel? You can see in the network topology below the link states, only
one link is being utilized.

If we issue the ‘show spanning-tree’ command on both switches, we can see that all interfaces of
Switch1 are in forwarding state but only one interface is forwarding in Switch2, and the other
interfaces are in blocking state.

Switched Network With EtherChannel

If we enable EtherChannel on the links of the switches, you can see that the link states for all of the
links are up. Meaning, we can utilize all of the 4 links and reap the benefits of EtherChann el namely,
load balancing, redundancy, and increased bandwidth.

If we enter ‘show running-config interface ’ on both switches, we’ll see the
‘switchport mode trunk’ and ‘channel-group 1 mode’ commands issued on the interfaces. These
commands are used to enable EtherChannel.

If we enter the ‘show spanning-tree’ command, we should see a single logical
interface, Port Channel 1 (Po1), instead of four separate physical interfaces.

EtherChannel Port Aggregation Protocol (PAgP)
Port Aggregation Protocol or PAgP is an EtherChannel technology that is a Cisco proprietary
protocol. It is a form of logical aggregation of Cisco Ethernet switch ports, and it enables data/traffic
load balancing. PAgP EtherChannel can combine a maximum of 8 physical links into a single virtual
link.

There are two Cisco EtherChannel Port Aggregation Protocol modes, which we can implement as a
part of the port configuration:

Auto mode– interface can respond to PAgP packet negotiation but will never start one on its own.

Desirable mode– interface actively attempts a negotiating state for PAgP packet negotiation.

Next, ‘show etherchannel summary’ will show us a quick overview of the EtherChannel status.
EtherChannel Link Aggregation Control Protocol (LACP)
Link Aggregation Control Protocol or LACP is an IEEE standard and a part of the IEEE 802.3ad
specification that allows you to combine several physical Ethernet links in our network devices to
form a single logical link and enable load balancing in our interfaces.

We can configure LACP EtherChannel with a maximum of 16 Ethernet interfaces of the same type. In
a LAG or Link Aggregation Group, up to eight member links can be in active mode, and the other
eight links can be in standby mode.

We have two Link Aggregation Control Protocol (LACP) modes, and these are the following:

Active – The interface actively sends LACP packets in its attempt to form an LACP connection.

Passive – The interface can respond to LACP negotiation but will never initiate on its own.

CONFIGURATION

The first requirement for link aggregation is at least one side should be in Active mode. For our
example, we will configure Switch1 to be in Active Mode and the other network switch, Switch2, to
be in Passive Mode.

Now, using our sample network topology below, let’s configure LACP on our network switches:

Switch 1 – Active Mode

Switch1#conf t
Switch1(config)#interface range fa0/1 - 2
Switch1(config-if-range)#duplex full
Switch1(config-if-range)#channel-group 1 mode active

Switch 2 – Passive Mode

Switch2#conf t
Switch2(config)#interface range fa0/1 - 2
Switch2(config-if-range)#duplex full
Switch2(config-if-range)#channel-group 1 mode passive

The logs on our switch shows that Port-Channel1 came up and link aggregation is working:

*Sep 5 15:30:06.378: %LINK-3-UPDOWN: Interface Port-channel1, changed state to up

*Sep 5 15:30:07.378: %LINEPROTO-5-UPDOWN: Line protocol on Interface Port-channel1, changed state to
up

VERIFICATION
We can use the ‘show etherchannel port-channel’ command to verify link
aggregation and our port channel status:

Cisco Layer 3 EtherChannel – Explanation and Configuration
One use case on why we would want to configure EtherChannel on Layer 3 switches is when we are
forming redundancy between Core and Distribution Layers and implementing a routing protocol.
Instead of learning two IP routes with the same neighboring switch (but two different next hops), we
now can have a single next-hop IP address of the neighboring switch for each IP route learned.

Another use case is to avoid Spanning Tree Protocol (STP) and use Layer 3 links between your Core
and Distribution Layers instead. We can enable routing protocols where we can have more control
on load balancing and failover and can be much faster than STP.

Layer 3 EtherChannel Configuration

For the Layer 3 Etherchannel configuration, we will use the topology below as an
example. We have two Layer 3 switches, Switch1 and Switch2, and we will configure
the two links connecting them as EtherChannels.

Switch1 Configuration:
Switch1(config)#interface range FastEthernet 0/1 - 2
Switch1(config-if-range)#channel-group 1 mode desirable

Switch2 Configuration:
Switch2(config)#interface range FastEthernet 0/1 - 2
Switch2(config-if-range)#channel-group 1 mode desirable

Layer 3 EtherChannel Verification

First, let’s check if we can ping between point-to-point links.

Pings from Switch1 to Switch2

Switch1#ping 192.168.1.2
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 192.168.1.2, timeout is 2 seconds:.!!!!
Success rate is 80 percent (4/5), round-trip min/avg/max = 2/3/5 ms

Pings from Switch2 to Switch1
Switch2#ping 192.168.1.1
Type escape sequence to abort.
Sending 5, 100-byte ICM P Echos to 192.168.1.1, timeout is 2 seconds:
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 3/3/4 ms

We can also check the Group state using the ‘show etherchannel‘ command in the global
configuration mode:

Switch1#show etherchannel
Channel-group listing:
----------------------
Group: 1
----------
Group state = L3
Ports: 2 M axports = 4
Port-channels: 1 M ax Port-channels = 1
Protocol: PAgP
M inimum Links: 0

To check the Port-channel status, we can use the ‘show etherchannel port-channel‘ command:

VLAN (Virtual LAN)
VLAN is a logical grouping of networking devices.

VLANs are a way in which we can divide the switch into smaller broadcast domains and
therefore make it possible to implement many subnets on one switch.

VLAN provides following advantages:-

 Solve broadcast problem
 Reduce the size of broadcast domains
 Allow us to add additional layer of security
 Make device management easier
 Allow us to implement the logical grouping of devices by function instead of location

VLANs separate a layer-2 switch into multiple broadcast domains. Each VLAN is its own individual
broadcast domain. Individual ports of groups of ports can be assigned to a specific VLAN. Only ports
belonging to the same VLAN can freely communicate to each other. A router or a layer-3 switch is
needed for inter-VLAN communication. Broadcasts from one VLAN will never be sent out to ports
belonging to another VLAN. By default on cisco catalyst switches, all interfaces belong to VLAN 1.

Implementing VLANs
Implementing VLANs is done in three steps:

1. Create the VLAN.
2. Name the VLAN (this is optional but expected).
3. Assign switch ports to the VLAN.

VLAN Membership
 One of the tasks that a system administrator has to perform while creating VLANs is to
assign switch ports or interfaces to each VLAN. There are two ways switch interfaces can be assigned
to VLANs and this gives rise to two different types of VLANs: static and dynamic. In the case of static
VLANs, each switch port is statically assigned to a specific VLAN and any host connected to that
switchport would automatically be a part of that VLAN. This kind of VLANs is static because
individual switch ports are permanently allocated to specific VLANs. VLANs in this case are tied to
switch ports and not to what is connected to those switch ports. In the case of dynamic VLANs
however, all the host devices’ hardware addresses are assigned into a database so the switch can be
configured to assign VLANs dynamically any time a host is connected to a switch.. Cisco switches also
support a dynamic method of assigning devices to VLANs, based on the device’s MAC addresses,
using a tool called VLAN Management Policy Server (VMPS). In this case VLAN is tied to the hardware
addresses or MAC addresses of hosts and not to switch ports. A host whose MAC address is tied to a
certain VLAN would be part of that VLAN regardless of which switch port it is connected to. Static
VLANs are easier to create than dynamic VLANs because there is no need to document the hardware
addresses of all hosts that would possibly be connected to the LAN and then to store them in a
database on the switch.

Types of VLANs

Data VLAN: Configured to carry only user-generated traffic, ensuring that voice and
management traffic is separated from data traffic.

Default VLAN: All the ports on a switch are members of the default VLAN when the switch
is reset to factory defaults. The default VLAN for Cisco switches is VLAN 1. VLAN 1 has all the
features of any VLAN, except that you cannot rename it, and you cannot delete it.

Native VLAN: This VLAN type serves as a common identifier on opposing ends of a trunk
link. The native VLAN is not used for any traffic in the switched network unless legacy
bridging devices happen to be present in the network or a multiaccess interconnection
exists between switches joined by a hub.

Management VLAN: The network administrator defines this VLAN as a means to access
the management capabilities of a switch. By default, VLAN 1 is the management VLAN. It is a
security best practice to define the management VLAN to be a VLAN distinct from all other
VLANs defined in the switched LAN. You do this by configuring and activating a new VLAN
interface.

Voice VLANs: A voice VLAN enables switch ports to carry IP voice traffic from an IP phone.
The network administrator configures a voice VLAN and assigns it to access ports. Then
when an IP phone is connected to the switch port, the switch sends CDP messages that
instruct the attached IP phone to send voice traffic tagged with the voice VLAN ID.

STP Verification Commands
Dynamic Trunking Protocol (DTP): Can be used to automatically establish trunks between capable
ports (insecure method!).

Switched Virtual Interface (SVI): A virtual interface which provides a routed gateway into and out of
a VLAN.

Router on a Stick (ROAS): Method used for communicating Inter-VLAN's using a router.

There are two trunking protocols we can use:

IEEE 802.1Q *dot1Q+: An open standard that is supported on switches from many vendors
and most NICs.

Cisco ISL (Inter-Switch Link): An old Cisco proprietary protocol that is only supported on
some Cisco switches.

IEEE 802.1Q ISL (Inter-Switch Link)

Open Standard Cisco Proprietary

Native VLAN is not tagged Native Vlan is tagged

Tags Ethernet Frame Encapsulate Ethernet Frame

Maximum VLANs : 4094 Maximum VLANs 1000

*VLAN Trunking Protocol (VTP)

Switches use VLAN trunking protocol (VTP) to communicate among themselves about VLAN
configuration.

There are some requirements for VTP to communicate VLAN information between switches.

 The VTP version must be same on the switches user wants to configure
 VTP domain name must be same on the switches
 One of the switches must be a server
 Authentication should match if applied
VTP modes – There are 3 modes:
1. Server – The switches are set to this mode by default. This mode allows you to create, add and
delete VLANs. The changes you want to made should be done in this mode. Any changes that
is done on this mode(on a particular switch) will be advertised to all the switches that are in
same VTP domain. In this mode, the configuration are saved in NVRAM.
Configuration –
User will first make the switch VTP server
Switch# config terminal
Switch(config)#vtp mode server
Now, User has to make a VTP domain assign a password for authentication.
Switch(config)#vtp domain
Switch(config)#vtp password
User can verify the configuration by:
Switch#show vtp
2. Client – In this mode, the switches receives the updates and can also forward the updates to
other switches(which are in same VTP domain). The updates received here is not saved in
NVRAM so all the configuration will be deleted if the switch is reset or reloaded i. e the
switches will only learn and pass the VTP summary advertisements to the other switches.
Configuration – As the switches are set to server mode by default, therefore user can change it
to client mode by:
Switch(config)#vtp mode client
3. Transparent – This mode only forwards the VTP summary advertisements through trunk link.
The transparent mode switches can make their own local database which keep secret from
other switches. The whole purpose of transparent mode is to forward the VTP summary
advertisements but not to take part in the VLAN assignments.
Configuration – User can change the mode to transparent by
Switch(config)#vtp mode transparent

CONFIGURATIONS:

INTERVLAN COMMUNICATION USING LAYER 2
(ROAS) ROUTER ON A STICK
On switch
Switch(config)#vlan 10
Switch(config-vlan)#name ccna
Switch(config-vlan)#int range f0/1-10
Switch(config-if-range)#switchport mode access
Switch(config-if-range)#switchport access vlan 10
Switch(config-if-range)#ex

Switch(config)#vlan 20
Switch(config-vlan)#name ccnp
Switch(config-vlan)#int range f0/11-20
Switch(config-if-range)#switchport mode access
Switch(config-if-range)#switchport access vlan 20
Switch(config-if-range)#ex
Switch(config-if)#int f0/24
Switch(config-if)#switchport mode trunk

On Router

Router(config)#int f0/0
Router(config- if)#no shutdown
Router(config- if)#int f0/0.10
Router(config-subif)#encapsulation dot1q 10
Router(config-subif)#ip address 192.168.1.1 255.255.255.0

Router(config- if)#int f0/0.20
Router(config-subif)#encapsulation dot1q 20
Router(config-subif)#ip address 192.168.2.1 255.255.255.0

PC0:
IP: 192.168.1.10
MASK: 255.255.255.0
GATEWAY: 192.168.1.1

PC1:
IP: 192.168.1.20
MASK: 255.255.255.0
GATEWAY: 192.168.1.1

PC2:
IP: 192.168.2.10
MASK: 255.255.255.0
GATEWAY: 192.168.2.1

PC3:
IP: 192.168.2.10
MASK: 255.255.255.0
GATEWAY: 192.168.2.1

INTERVLAN COMMUNICATION USING LAYER 3 (MULTI
LAYER SWITCH (SVI-SWITCH VIRTUAL INTERFACE)

On switch
Switch(config)#vlan 10
Switch(config-vlan)#name ccna
Switch(config-vlan)#int range f0/1-10
Switch(config-if-range)#switchport mode access
Switch(config-if-range)#switchport access vlan 10
Switch(config-if-range)#ex

Switch(config)#vlan 20
Switch(config-vlan)#name ccnp
Switch(config-vlan)#int range f0/11-20
Switch(config-if-range)#switchport mode access
Switch(config-if-range)#switchport access vlan 20
Switch(config-if-range)#ex

Switch(config)#int vlan 10
Switch(config-if)#ip address 192.168.1.1 255.255.255.0
Switch(config-if)#ex

Switch(config)#int vlan 20
Switch(config-if)#ip address 192.168.2.1 255.255.255.0
Switch(config-if)#ex

Enabling routing on layer 3 switches
Switch(config)#ip routing