CCNA Dis3 - Chapter 3 - Switching in a Enterprise Network_ppt [Compatibility Mode]

8/3/2019 CCNA Dis3 - Chapter 3 - Switching in a Enterprise Network_ppt [Compatibility Mode]

1/93

Chapter 3 Switching in an EnterpriseNetwork

CCNA Discovery 4.0


2/93

Intruduction

Hc vin cng ngh thng tin Bach Khoa - Website: www.bkacad.com
http://www.bkacad.com/http://www.bkacad.com/


3/93

Intruduction



4/93

Intruduction



5/93

Intruduction



6/93

Intruduction



7/93


Objectives

Compare the types of switches used in anenterprise network.

Explain how Spanning Tree Protocol

prevents switching loops. Describe and configure VLANs on a Cisco

switch.

Describe and configure trunking and Inter-VLAN routing. Maintain VLANs in an enterprise networks.


8/93


DescribingEnterprise Level

Switching


9/93


Switching and Network Segmentation

A switch is a very adaptable Layer 2 device. Each switch maintains a MAC address table in high-

speed memory, called content addressable memory(CAM).


10/93



The switch deletes entries from the MAC address table ifthey are not used within a certain period of time.

The name given to this period of time is the aging timer; Removal of an entry is called aging out.


11/93




12/93



When two connected hosts communicate with each other,the switch consults the switching table and establishes avirtual connection, or microsegment, between the ports.

Switches can support either symmetric or asymmetricswitching.


13/93


Multilayer Switching


14/93



Layer 3 switching, or multilayer switching, combineshardware-based switching and hardware-based routing inthe same device.

A multilayer switch combines the features of a Layer 2switch and a Layer 3 router.

Layer 3 switching occurs in special application-specificintegrated circuit (ASIC) hardware.

Multilayer switches often save, or cache, source anddestination routing information from the first packet of a

conversation. Subsequent packets do not have to execute a routing

lookup, because they find the routing information inmemory.


15/93




16/93


Types of Switching


17/93


Types of Switching


18/93


Types of Switching


19/93


Types of Switching

There are two variants of cut-through switching:

Fast-forward switching: Fast-forward switching offers the lowest level oflatency. Fast-forward switching immediately forwards a packet after readingthe destination address. Because fast-forward switching starts forwardingbefore the entire packet has been received, there may be times whenpackets are relayed with errors. This occurs infrequently, and the destinationnetwork adapter discards the faulty packet upon receipt. In fast-forward

mode, latency is measured from the first bit received to the first bittransmitted. Fast-forward switching is the typical cut-through method ofswitching.

Fragment-free switching: In fragment-free switching, the switch stores thefirst 64 bytes of the frame before forwarding. Fragment-free switching can beviewed as a compromise between store-and-forward switching and cut-

through switching. The reason fragment-free switching stores only the first 64bytes of the frame is that most network errors and collisions occur during thefirst 64 bytes. Fragment-free switching tries to enhance cut-through switchingby performing a small error check on the first 64 bytes of the frame to ensurethat a collision has not occurred before forwarding the frame. Fragment-freeswitching is a compromise between the high latency and high integrity ofstore-and-forward switching, and the low latency and reduced integrity of cut-throu h switchin .


20/93


Types of Switching


21/93


Switch Security


22/93


Switch Security


23/93


PreventingSwitching Loops


24/93


Redundancy in a Switched Network


25/93



Redundant links in a switched network reduce congestionand support high availability and load balancing. however, can cause problems:

The broadcast nature of Ethernet traffic createsswitching loops.

The broadcast frames go around and around in alldirections, causing a broadcast storm.


26/93



Broadcast storms are not the only problem created byredundant links in a switched network. Unicast frames sometimes produce problems, such as

multiple frame transmissions and MAC databaseinstability.

Multiple Frame Transmissions


27/93



MAC Database Instability


28/93


Spanning Tree Protocol (STP)

Spanning Tree Protocol (STP) provides a mechanism fordisabling redundant links in a switched network. STPprovides the redundancy required for reliability withoutcreating switching loops.

STP is an open standard protocol, used in a switchedenvironment to create a loop-free logical topology.

Switches detecting a potential loop block some of theconnecting ports, while leaving other ports active toforward frames.


29/93



With STPWithout STP


30/93



To prevent switching loops, STP:Forces certain interfaces into a standby or blocked

state

Leaves other interfaces in a forwarding state

Reconfigures the network by activating the appropriatestandby path, if the forwarding path becomesunavailable.

In STP terminology, the term bridge is frequently used torefer to a switch.

The Root Bridge is the primary switch or focal point in theSTP topology.

The root bridge communicates with the other switchesusing Bridge Protocol Data Units (BPDUs).


31/93




32/93



As a switch powers on, each port cycles through a seriesof four states: blocking, listening, learning, andforwarding.

As the port cycles through these states, the LEDs on theswitch change from flashing orange to steady green

It can take as long as 50 seconds for a port to cyclethrough all of these states and be ready to forwardframes.

When a switch powers on, it first goes into a blocking

state to immediately prevent the formation of a loop. It then changes to listening mode, so that it receives

BPDUs from neighbor switches

After processing this information the switch determineswhich ports can forward frames without creating a loop


33/93



Access ports do not create loops in a switched networkand always transition to forwarding if they have a hostattached

Trunking ports potentially create a looped network andtransition to either a forwarding or blocking state.


34/93




35/93




36/93




37/93




38/93


Root Bridges

STP uses this focal point, called a root bridge or rootswitch, to determine which ports to block and which portsto put into forwarding state.

The root bridge sends out BPDUs containing networktopology information to all other switches

There is only one root bridge on each network. The root bridge is based on the lowest BID value.


39/93


Root Bridges

STP designates three types of ports: root ports,designated ports, and blocked ports. Root Port:

The port that provides the least cost path back to theroot bridge becomes the root port.

Switches calculate the least cost path using thebandwidth cost of each link required to reach the rootbridge.

Designated Port:

A designated port is a port that forwards traffic towardthe root bridge but does not connect to the least costpath.

Blocked Port: A blocked port is a port that does notforward traffic.


40/93


Root Bridges


41/93


Root Bridges

To set priority:S3(config)#bridge priority 4096

To restore priority to default:S3(config)#no bridge priority


42/93


Spanning Tree in a Hierarchical network


43/93



PortFastSTP PortFast causes an access port to enter the

forwarding state immediately, bypassing the listeningand learning states.


44/93



Uplink Fast:STP UplinkFast accelerates the choice of a new root

port when a link or switch fails or when STPreconfigures itself.

The root port transitions to the forwarding state

immediately without going through the listening andlearning states, as it would do with normal STPprocedures.

BackboneFast

BackboneFast provides fast convergence after aspanning tree topology change occurs.

It quickly restores backbone connectivity.BackboneFast is used at the Distribution and CoreLayers, where multiple switches connect.


45/93



There are several useful commands used to verifyspanning tree operation.show spanning-tree - Displays root ID, bridge ID, and

port states

show spanning-tree summary - Displays a summary of

port states

show spanning-tree root - Displays the status andconfiguration of the root bridge

show spanning-tree detail - Displays detailed port

informationshow spanning-tree interface - Displays STP interface

status and configuration

show spanning-tree blockedports - Displays blockedports


46/93


Rapid Spanning Tree Protocol (RSPT)

Rapid Spanning Tree Protocol (RSTP), defined in IEEE802.1w, significantly speeds the recalculation of thespanning tree.

RSTP requires a full-duplex, point-to-point connectionbetween switches to achieve the highest reconfiguration

speed. RSTP eliminates the requirements for features such as

PortFast and UplinkFast.

To speed up the recalculation process, RSTP reduces the

number of port states to three: discarding, learning andforwarding.

The discarding state is similar to three of the original STPstates: blocking, listening, and disabled.


47/93


Rapid Spanning Tree Protocol (RSPT)


48/93


ConfiguringVLANs


49/93


Virtual LAN

A VLAN is a logical broadcast domain that can spanmultiple physical LAN segments.


50/93


Virtual LAN


51/93


Virtual LAN

A VLAN has two major functions:A VLAN contains broadcasts.

A VLAN groups devices. Devices located on one VLANare not visible to devices located on another VLAN.

Traffic requires a Layer 3 device to move betweenVLANs.

Static VLAN

membership

requires an

administrator tomanually assign

each switch port

to a specific

VLAN.


52/93


Virtual LAN

Dynamic VLAN membership requires a VLANmanagement policy server (VMPS). The VMPS contains a database that maps MAC

addresses to VLAN assignments.

When a device plugs into a switch port, the VMPSsearches the database for a match of the MAC addressand temporarily assigns that port to the appropriateVLAN.


53/93


Virtual LAN


54/93


Configuring a Virtual LAN

Whether VLANs are created statically or dynamically, themaximum number of VLANs depends on the type ofswitch and the IOS.

By default, VLAN1 is the management VLAN. An administrator will use the IP address of the

management VLAN to configure the switch remotely.

When a VLAN is created, it is assigned a number and aname.

The VLAN number is any number from the range

available on the switch, except for VLAN1 Some switches support approximately 1000 VLANs;

others support more than 4000.


55/93



Switch(config)#vlan vlan_number Switch(config-vlan)#name vlan_name Switch(config-vlan)#exit

Switch(config)#interface fa#/# Switch(config-if)#switchport access vlan vlan_number Switch(config-if)# exit

Switch(config)#interface range fa#/start_of_range -end_of_range Switch(config-if)#switchport access vlan vlan_number Switch(config-if)#exit


56/93



The following commands are used to verify and maintainVLANs:show vlan

Displays a detailed list of all of the VLAN numbersand names currently active on the switch, along with

the ports associated with each one

Displays STP statistics if configured on a per VLANbasis

show vlan brief

Displays a summarized list showing only the activeVLANs and the ports associated with each one

show vlan id id_number: Displays informationpertaining to a specific VLAN, based on ID number

show vlan name vlan_name


57/93



To delete a VLAN:Switch(config)#no vlan vlan_number

To disassociate a port from a specific VLAN:

Switch(config)#interface fa#/#Switch(config-if)#no switchport access vlan

vlan_number


58/93


Identifying VLANs

As a frame enters that port, the switch inserts the VLANID (VID) into the Ethernet frame. The addition of the VLAN ID number into the Ethernet

frame is called frame tagging.

The most commonly used frame tagging standard is IEEE802.1Q.


59/93


Identifying VLANs

Frames contain fields such as:


60/93


Identifying VLANs

An access port belongs to only one VLAN. A trunk port is a point-to-point link between the switch andanother networking device.

Trunks carry the traffic of multiple VLANs over a singlelink and allow VLANs to reach across an entire

network.


61/93


Identifying VLANs

No Trunking

Trunking


62/93


Identifying VLANs

To configure a switch port as a trunk port, use thefollowing commands:Switch(config)#interface fa(controler # / port #)

Switch(config-if)#switchport mode trunk

Switch(config-if)#switchport trunk encapsulation {dot1q| isl | negotiate}

The negotiate parameter is the default mode on manyCisco switches. This parameter automatically detects theencapsulation type of the neighbor switch.


63/93


Identifying VLANs

Based on the attached device, the link configures itself aseither a trunk port or an access port.Switch(config-if)#switchport mode dynamic {desirable |

auto}

In desirable mode, the port becomes a trunk port if theother end is set to either trunk, desirable, or auto.

In auto mode, the port becomes a trunk port if the otherend is set to either trunk or desirable.

To return a trunk port to an access port, issue either of the

following commands:Switch(config)#interface fa(controler # / port #)

Switch(config-if)#no switchport mode trunk

Or

Switch(config-if)#switchport mode access
http://www.bkacad.com/http://www.bkacad.com/http://www.bkacad.com/


64/93


Trunking and Inter-VLAN Routing


65/93


Trunk Ports

Switch ports can be configured for two different rolesAccess Port An access port belongs to only one VLAN.

Typically, single devices such as PCs or serversconnect to this type of port.

If a hub connects multiple PCs to the single accessport, each device connected to the hub is a memberof the same VLAN.

Trunk Port

A trunk port is a point-to-point link between theswitch and another networking device.

Trunks carry the traffic of multiple VLANs over asingle link and allow VLANs to reach across anentire network.


66/93


Trunk Ports


67/93


Trunk Ports

VLAN Tagging is used when a link needs to carry traffic formore than one VLAN.

No VLAN Tagging


68/93


Trunk Ports

There are two major methods of frame tagging, Cisco proprietary Inter-Switch Link

(ISL) and IEEE 802.1Q.

ISL used to be the most common, but is now being replaced by 802.1Q frametagging.

Cisco recommends using 802.1Q.

VLAN Tagging and Trunking will be discussed in the next chapter.


69/93


Trunk Ports


70/93


Trunk Ports


71/93


Extending VLANs across Swithes

Traffic with no VLAN ID is called untagged. Examples of untagged traffic are Cisco DiscoveryProtocol (CDP), VTP, and certain types of voice traffic.


72/93


Extending VLANs across Swithes

To accommodate untagged traffic, a special VLAN calleda native VLAN is available.


73/93


Inter-VLAN Routing

A Layer 3 device provides connectivity between differentVLANs. One method of accomplishing the inter-VLAN routing

requires a separate interface connection to the Layer 3device for each VLAN.


74/93


Inter-VLAN Routing

SwitchConfigure the switch interface as an 802.1Q trunk link. Router

Select a router interface with a minimum of a 100MbpsFastEthernet

Configure

subinterfaces

that support 802.1Q

encapsulation.

Configure one

subinterface

for each VLAN.


75/93


Inter-VLAN Routing

If the destination VLAN is on the same switch as thesource VLAN, the router forwards the traffic back down tothe source switch using the subinterface parameters ofthe destination VLAN ID.

This type of configuration is often referred to as a router-

on-a-stick.


76/93


Inter-VLAN Routing

To configure inter-VLAN routing, use the following steps:1. Configure a trunk port on the switch.Switch(config)#interface fa0/2

Switch(config-if)#switchport mode trunk

2. On the router, configure a FastEthernet interfacewith no IP address or subnet mask.

Router(config)#interface fa0/1

Router(config-if)#no ip address

Router(config-if)#no shutdown

3. On the router, configure one subinterface with an IPaddress and subnet mask for each VLAN. Eachsubinterface has an 802.1Q encapsulation.


77/93


Inter-VLAN Routing

Router(config)#interface fa0/0.10

Router(config-subif)#encapsulation dot1q 10

Router(config-subif)#ip address 192.168.10.1 255.255.255.0

4. Use the following commands to verify the inter-VLAN routing configuration and functionality.

Switch#show trunk

Router#show ip interfaces

Router#show ip interfaces brief

Router#show ip route


78/93


Maintaining VLANson an Enterprise

Network


79/93


VLAN Trunking Protocol (VTP)


80/93




81/93



VLAN T ki P l (VTP)


82/93



VTP allows a network manager to makes changes on aswitch that is configured as a VTP server.

Basically, the VTP server distributes and synchronizesVLAN information to VTP-enabled switches throughoutthe switched network, which minimizes the problems

caused by incorrect configurations and configurationinconsistencies.

VTP stores VLAN configurations in the VLAN databasecalled vlan.dat.

VTP only learns about normal-range VLANs (VLAN IDs 1to 1005).

Extended-range VLANs (IDs greater than 1005) are notsupported by VTP.

VLAN T ki P l (VTP)


83/93



VLAN T ki P t l (VTP)


84/93



VTP Domain-Consists of one or moreinterconnected switches. All switches ina domain share VLAN configurationdetails using VTP advertisements. A

router or Layer 3 switch defines theboundary of each domain.



85/93





86/93



The VTP configuration revision number begins at zero.

As changes occur, the configuration revision number increases by one. The revision number continues to increment until it reaches

2,147,483,648

When it reaches that point, the counter resets back to zero. Rebootingthe switch also resets the revision number to zero.



87/93



VTP messages come in three varieties: summary advertisements,subset advertisements, and advertisement requests.

Summary Advertisements Catalyst switches issue summary advertisements every 5 minutes

or whenever a change to the VLAN database occurs.

Summary advertisements contain the current VTP domain nameand the configuration revision number.

Subset Advertisements A subset advertisement follows the summary advertisement.

A subset advertisement contains a list of VLAN information.

Advertisement Requests

VTP clients use advertisement requests to ask for VLANinformation.

Detail in 3.5.1

C fi i VTP


88/93


Configuring VTP

Step 1: Configure VTP off-line (version 1)

Step 2: Verify the VTP configuration. Step 3: Reboot the switch.

VLAN Support for IP telephony and


89/93


pp p yWireless Voice traffic must be given priority over normal data traffic to avoid

jerky or jittery conversations. Providing a dedicated VLAN for voice traffic prevents voice traffic from

having to compete with data for available bandwidth.

An IP phone usually has two ports, one for voice and one for data. Packets traveling to and from the PC and the IP phone share the same

physical link to the switch and the same switch port.

To segment the voice traffic, enable a separate voice VLAN on theswitch.

VLAN Support for IP telephony and


90/93


pp p yWireless Wireless is another type of traffic that benefits from VLANs.

Wireless is, by nature, very insecure and prone to attacks by hackers. Most wireless deployments place the user in a VLAN on the outside of

the firewall for added security.

In addition, many organizations provide guest access to their wirelessnetwork.

Guest accounts provide anyone, within a limited range, temporarywireless services such as web access, e-mail, ftp, and SSH.

VLAN best practices


91/93


VLAN best practices

Some best practices for configuring VLANs in an enterprise networkare: Organizing server placement

Disabling unused ports

Configuring the management VLAN as a number other than 1

Using VLAN Trunking Protocol

Configuring VTP Domains Reboot any new switch entering an established network

Summary


92/93


Summary

Switch forward traffic. Spanning Tree Protocol STP). Rapid STP.

VLAN. Inter-VLAN. VLAN Trunking Protocol (VTP).


93/93

CCNA Dis3 - Chapter 3 - Switching in a Enterprise Network_ppt [Compatibility Mode]

Documents

Transcript of CCNA Dis3 - Chapter 3 - Switching in a Enterprise Network_ppt [Compatibility Mode]