Click to edit Master subtitle style Chapter 11: Switching and VLANs
Chapter 11 Objectives The Following CompTIA Network+ Exam Objectives Are Covered in This Chapter: 2.6 Given a scenario, configure a switch using proper features VLAN o Native VLAN/Default VLAN o VTP Spanning tree (802.1d)/rapid spanning tree (802.1w) o Flooding o Forwarding/blocking o Filtering Interface configuration o Trunking/802.1q o Tag vs untag VLANs o Port bonding (LACP) o Port mirroring (local vs remote) o Speed and duplexing o IP address assignment o VLAN assignment 2
Chapter 11 Objectives The Following CompTIA Network+ Exam Objectives Are Covered in This Chapter: Default gateway PoE and PoE+ (802.3af, 802.3at) Switch management o User/passwords o AAA configuration o Console o Virtual terminals o In-band/Out-of-band management Managed vs unmanaged 3.3 Given a scenario, implement network hardening techniques o Network-based Switch port security o MAC address filtering o VLAN assignments Network segmentation 3
Switching and Virtual LANs (VLANs) 4 Switching breaks up large collision domains into smaller ones and that a collision domain is a network segment with two or more devices sharing the same bandwidth. Switched design is properly implemented, it will result in a clean, cost-effective, and resilient internetwork.
The first LAN 5 The first LAN had each hub placed into a router port. Server Farm CorporateRemote Branch Hubs Token Ring
Chapter 11 The first switched LAN Figure 11.2 Token Ring Hubs Server Farm Corporate Remote Branch Switches
Switched network design 7 A typical, contemporary, and complete switched network design/implementation would look something like this. There is a router implemented. The router creates and handles logical segmentation. What makes Layer 2 switching so efficient is that no modification to the data packet takes place.
Switching Services 8 Layer 2 switching provides the following benefits: –Hardware-based bridging (ASIC) –Wire speed –Low latency –Low cost 100 Mbps Full-Duplex Links Server
Switch Functions at Layer 2 9 There are three distinct functions of Layer 2 switching –Address learning –Forward/filter decisions –Loop avoidance
Address Learning 10 Layer 2 switches and bridges are capable of address learning; they remember the source hardware address of each frame received on an interface and enter this information into a MAC database known as a forward/filter table. Initially there is no address information in the table. MAC Forward/Filter Table E0/0: E0/1: E0/2: E0/3: E0/0E0/3 E0/1E0/2 Host AHost B Host CHost D
Forwarding/Filter Table 11 When the hosts start communicating, the switch places the source hardware address of each frame in the table along with the corresponding port MAC Forward/Filter Table E0/0: c01.000A Step 2 E0/1: c01.000B Step 4 E0/2: E0/3: E0/0 E0/3 E0/1E0/2 Step Host AHost BHost CHost D
Forwarding/Filter Table Evaluation 12 Host A is sending a data frame to Host D. What will the switch do when it receives the frame from Host A? A B C D Fa0/3Fa0/4 Fa0/5 Fa0/6 Switch#sh mac address-table VLAN Mac Address Ports dccb.d74b Fa0/ a.f467.9e80 Fa0/ a.f467.9e8b Fa0/6
Broadcast Storm 13 Redundant links between switches can be a wise thing to implement because they help prevent complete network failures in the event that one link stops working. There is a drawback; frames can be flooded down all redundant links simultaneously creating network loops. Broadcast Switch A Switch B Segment 1 Segment 2
Multiple Frame Copies 14 The MAC address filter table could be totally confused about the device’s location because the switch can receive the frame from more than one link. The switch could get so caught up in constantly updating the MAC filter table with source hardware-address locations that it may fail to forward a frame. This is called thrashing the MAC table. Unicast Router C Switch B Segment 1 Switch A Segment 2
Spanning Tree Protocol (STP) 15 STP’s main task is to stop network loops from occurring on your Layer 2 network (bridges or switches). It achieves this feat by vigilantly monitoring the network to find all links and making sure that no loops occur by shutting down any redundant ones. STP uses the spanning-tree algorithm (STA) to first create a topology database and then search out and destroy redundant links. With STP running, frames will be forwarded only on the premium, STP-picked links. Switches transmit Bridge Protocol Data Units (BPDUs) out all ports so that all links between switches can be found.
Switching Loops 16 Switched network with a redundant topology (switching loops) without some type of Layer 2 mechanism to stop network loops will fail.
Spanning-Tree Port States 17 The ports on a bridge or switch running STP can transition through five different states: Blocking –A blocked port won’t forward frames; it just listens to BPDUs and will drop all other frames. Listening –The port listens to BPDUs to make sure no loops occur on the network before passing data frames without populating the MAC address table. Learning –A port in learning state populates the MAC address table but doesn’t forward data frames. Forwarding –The port sends and receives all data frames on the bridged port. If the port is still a designated or root port at the end of the learning state, it enters the forwarding state. Disabled –A port in the disabled state (administratively) does not participate in the frame forwarding or STP.
Switching Design 18 There are ways to design really great ways to implement your switched network so that STP converges efficiently Create core switch as STP root for fastest STP convergence STP root Bridge Priority 4096 Bridge Priority 8192
Rapid Spanning Tree Protocol 802.1w 19 The 802.1w is defined in these different port states (compared to 802.1d): Disabled = Discarding Blocking = Discarding Listening = Discarding Learning = Learning Forwarding = Forwarding
VLAN Basics 20 Layer 2 switched networks are typically designed as flat networks. Every broadcast packet transmitted is seen by every device on the network regardless of whether the device needs to receive that data or not. VLANs will let us control our broadcast domains.
Benefits of a Switched Network 21 Host A is sending a frame with Host D as its destination. The frame is only forwarded out of the port where Host D is located. This is a huge improvement over hubbed networks. Host A Host D
Physical LANs Connected to a Router 22 Each network is attached with a hub port to the router (each segment also has its own logical network number. Each department has its own LAN, so if we needed to add new users we would just plug them into the appropriate LAN. Hubs EngineeringSales Marketing Shipping FinanceManagement
Switches Removing the Physical Boundary 23 VLAN2VLAN3VLAN4VLAN2VLAN7VLAN3 VLAN6VLAN5 VLAN6VLAN4 Marketing VLAN /24 Shipping VLAN /24 Engineering VLAN /24 Finance VLAN /24 Management VLAN /24 Sales VLAN /24 Provides inter-VLAN Communication and WAN services
Quality of Service 24 QoS methods focus on one of five problems that can affect data as it traverses network cable: Delay Dropped packets Error Jitter Out-of-order delivery
VLAN Memberships 25 Static VLANs –Creating static VLANs is the most common way to create a VLAN, and one of the reasons for that is because static VLANs are the most secure Dynamic VLANs –On the other hand, a dynamic VLAN determines a host’s VLAN assignment automatically. Using intelligent management software, you can base VLAN assignments on hardware (MAC) addresses, protocols, or even applications that work to create dynamic VLANs.
Access and Trunk Links 26 Trunk Link VLANs can span across multiple switches By using trunk links, which carry traffic For multiple VLANs. Red VLANBlue VLANGreen VLAN Blue VLAN Green VLAN Red VLAN
VLAN Identification Methods 27 Inter-Switch Link (ISL) –Proprietary to Cisco switches, and it’s used for Fast Ethernet and Gigabit Ethernet links only. ISL routing is pretty versatile and can be used on a switch port, on router interfaces, and on server interface cards to trunk a server IEEE 802.1Q –Created by the IEEE as a standard method of frame tagging, IEEE 802.1Q actually inserts a field into the frame to identify the VLAN. If you’re trunking between a Cisco switched link and a different brand of switch, you’ve got to use 802.1Q for the trunk to work.
VLAN Trunking Protocol 28 Consistent VLAN configuration across all switches in the network Accurate tracking and monitoring of VLANs Dynamic reporting of added VLANs to all switches in the VTP domain Adding VLANs using Plug and Play
802.1q Figure 11.17
VTP Modes of Operation 30 Server Client Transparent Server TransparentClient Server Configuration: Saved in NVRAM Client Configuration: Not Saved in NVRAMTransparent Configuration: Saved in NVRAM
Configuring VTP 31 Switch#config t Switch#(config)#vtp mode server Device mode already VTP SERVER. Switch(config)#vtp domain Lammle (ChangesVTP domain name from null to Lammle) Switch(config)#vtp password todd (Sets device VLAN database password to todd)
Port Security Figure 11.19
Port Bonding Figure 11.20
Chapter 11 Switched Ethernet ports can provide power to devices. Figure 11.21
Advanced Features of Switches 35 Switches really expand our flexibility when designing our networks. There are features which enhance the functionality or the switch networks. –Power over Ethernet (PoE) –Port Mirroring/Spanning
Power over Ethernet (PoE) 36 Switches can provide power to end devices by injecting power into the Ethernet cabling. If PoE switches are not implemented, power can be injected into the cabling outside the switch.
Port Mirroring/Spanning 37 Port mirroring, also called Switch Port Analyzer (SPAN), allows you to sniff traffic on a network when using a switch. A problem with this arises when you need to sniff traffic on a switched network. The sniffer cannot see data going from Host A to Host B. To solve this little snag, you could temporarily place a hub between Host A and Host B.
Port Mirroring 38 The port-mirroring option allows you to place a port in spanning mode so that every frame from Host A is captured by both Host B and the sniffer. B Sniffer A Switch
Summary 39 Summary Exam Essentials Section Written Labs Review Questions