Data Communication and

Network Management

Lecture

Switching

Switch vs. Bridge

Functions of a Switch

Finding the MAC address of a web server

Finding the MAC address of a web server when

there is a switch in the network

Internal Switching Paths

Port Security

Secure MAC Addresses

Outline

Switches and Bridges are both Layer 2 devices (Data Link Layer )

Packet forwarding in Bridges are performed using software while

in Switches it is performed using ASICs (Application Specific

Integrated Circuits).

Switches operate comparatively higher speeds that Bridges.

Method of switching of a Bridge is store and forward while in a

switch it can be store and forward, cut-through or fragment-free.

A switch has more ports than a Bridge.

Bridges can operate only in half duplex mode, but a Switch can

operate both in half duplex or full duplex mode.

Switch vs. Bridge

Address Learning

Forward / Filter Decisions

Loop Avoidance

Functions of a Switch

Address Learning

Address Learning Cont.

Address Learning cont.

Forward / Filter Decisions Cont.

If multiple connections between switches are

created for redundancy purposes, network loops

can occur

Spanning Tree Protocol (STP) is used to stop

network loops while still permitting redundancy

Loop Avoidance

Internal Switching Paths

Port security feature can be used to restrict input to an interface by

limiting and identifying MAC addresses of the workstations that are

allowed to access the port.

When you assign secure MAC addresses to a secure port, the port does

not forward packets with source addresses outside the group of

defined addresses.

Port Security

Limits the number of MAC addresses associated with a port

- Limits number of sources that can forward frames into that switch port

Port Security Cont.

Restrict port Ethernet 0/1 so that only three MAC addresses can be learned on the port

Port Security Cont.

Port Security Cont.

Static secure MAC addresses

Dynamic secure MAC addresses

Secure MAC Address Types

Statically configured on a switch port and stored in an address

table and in the running configuration.

Static Secure MAC Addresses

Learned dynamically from traffic that is sent through switch

port and kept only in an address table, not in running

configuration.

Dynamic Secure MAC Addresses

A switchport violation occurs in one of two situations:

When the maximum number of secure MAC addresses

has been reached

An address learned or configured on one secure interface

is seen on another secure interface in the same VLAN

When a port security address violation occurs, the options for

action to be taken on a port include

shutdown | restrict | protect (The default is shutdown)

Address Violation

Protect—When a violation occurs, this mode permits traffic from

known MAC addresses to continue to be forwarded while dropping

traffic from unknown MAC addresses and no notification action is

taken.

Restrict—When a violation occurs, this mode permits traffic from

known MAC addresses to continue to be forwarded while dropping

traffic from unknown MAC addresses, syslog message is logged, SNMP

trap is sent

Shutdown—This mode is the default violation mode and when a

violation occurs, switch will automatically force the switchport into a

disabled state and forwards no traffic.

Address Violation Cont.

Address Violation Configurations

Address Violation Configurations Cont.