Switching in an Enterprise Network Introducing Routing and Switching in the Enterprise – Chapter 3

Objectives Compare the types of switches used in an enterprise network. Explain how Spanning Tree Protocol prevents switching loops. Describe and configure VLANs on a Cisco switch. Describe and configure trunking and Inter-VLAN routing. Maintain VLANs in an enterprise network.

Compare the Types of Switches Used in an Enterprise Network Switching and network segmentation Content addressable memory (CAM) - MAC address table in high-speed memory, recreates every time switch is activated Virtual circuit Broadcast vs Collision Microsegmentation – reduce the size of a collision domain to a single switch port Graphic: 3.1.1.1

Compare the Types of Switches Used in an Enterprise Network Graphic: 3.1.1.1

If a source MAC address is not in the table, it is added Aging timer - deletes entries from the MAC address table if they are not used within a certain period of time If a source MAC address is not in the table, it is added Checks for the destination MAC address, forwards the frame out the port or floods the frame out every active port except the port upon which it was received. Graphic: 3.1.2.1 Activity 3.1.1.5

Hardware-based Layer 2 switching Software-based Layer-3 (multilayer) switching Graphic: 3.1.2.1

Store and forward switching entire frame is read and stored in memory checks the integrity of the bits in the frame by recalculating the cyclic redundancy check (CRC) value Cut-through switching Fast-forward - forwards the frames out the destination port as soon as it reads the destination MAC address Fragment-free - reads the first 64 bytes of the frame before it begins to forward it out the destination port. Graphic: 3.1.3.2—fast-forward about halfway through the animation, until “64 bytes” and the frames are both visible

Adaptive Cut Through uses Threshold Value graphic: 3.1.4.1

Compare the Types of Switches Used in an Enterprise Network Switch physical security Switch access security graphic: 3.1.4.1

Recording….. https://ciscosales.webex.com/ciscosales/lsr.php?AT=pb&SP=EC&rID=28306537&rKey=5E5C4B5D39A215FD (password: NetAcad) graphic: 3.1.4.1

Reduce congestion & support high availability & load balancing Redundancy required in the network design to maintain a high degree of reliability and eliminate any single point of failure Accomplished by installing duplicate equipment and network links for critical areas Reduce congestion & support high availability & load balancing Dangers of switching loops & broadcast storms Graphic: 3.2.1.1

Explain How Spanning Tree Protocol Prevents Switching Loops Create a loop-free logical topology Potential loop detection and port blocking Redundancy without switching loops 3.2.2.1, graphic from right side, with both bridges visible to show how the redundant bridge takes over

Explain How Spanning Tree Protocol Prevents Switching Loops 3.2.2.1, graphic from right side, with both bridges visible to show how the redundant bridge takes over

As a switch powers on, each port cycles through a series of four states: Blocking Listening Learning Forwarding Disabled (indicates that the administrator has shut down the switch port) Graphic: 3.2.3.1

Graphic: 3.2.3.1

Graphic: 3.2.3.1

Root Bridge is the primary switch or focal point in the STP topology. Root bridge communicates with the other switches using Bridge Protocol Data Units (BPDUs). BPDUs are frames that multicast every 2 seconds to all other switches. BPDUs contain information such as: Identity of the source switch Identity of the source port Cumulative cost of path to root bridge Value of aging timers Value of the hello timer Graphic: 3.2.3.1

Explain How Spanning Tree Protocol Prevents Switching Loops Determining a root bridge Bridge ID (BID) Root ports, designated ports, and blocked ports Graphic: 3.2.3.1

The bridge priority value plus the MAC address creates the BID. One root bridge on each network, and it is elected based on the bridge ID (BID) The bridge priority value plus the MAC address creates the BID. Bridge priority has a default value of 32,768. If a switch has a MAC address of AA-11-BB-22-CC-33, the BID for that switch would be: 32768: AA-11-BB-22-CC-33. Graphic: 3.2.3.1

The root bridge = the lowest BID value If same default priority value, the switch with the lowest MAC address becomes the root bridge As each switch powers on, it assumes that it is the root bridge, and sends out BPDUs containing its BID STP designates three types of ports: root ports, designated ports, and blocked ports Root port - provides the least cost path back to the root bridge Designated Port - forwards traffic toward the root bridge but does not connect to the least cost path Blocked Port - does not forward traffic Graphic: 3.2.3.1

Root port - provides the least cost path back to the root bridge STP designates three types of ports: root ports, designated ports, and blocked ports Root port - provides the least cost path back to the root bridge Designated Port - forwards traffic toward the root bridge but does not connect to the least cost path Blocked Port - does not forward traffic Graphic: 3.2.3.1

To specify the root bridge - configured with the lowest priority value Range for the priority is from 0 to 65535, but values are in increments of 4096. Default value = 32768. To set priority: S3(config)#spanning-tree vlan 1 priority 4096 To restore priority to default: S3(config)#no spanning-tree vlan 1 priority Graphic: 3.2.3.1

STP Enhancements Cisco proprietary - PortFast, UplinkFast, and BackboneFast PortFast causes an access port to enter the forwarding state immediately, bypassing the listening and learning states - use PortFast on access ports that are connected to a single workstation or server UplinkFast accelerates the choice of a new root port when a link or switch fails or when STP reconfigures itself - root port transitions to the forwarding state immediately without going through the listening and learning states BackboneFast provides fast convergence after a spanning tree topology change occurs - used at the Distribution and Core Layers, where multiple switches connect Graphic: 3.2.4.3—stop animation while yellow frame is visible

Spanning-tree verification commands show spanning-tree - Displays root ID, bridge ID, and port states show spanning-tree summary - Displays a summary of port states show spanning-tree root - Displays the status and configuration of the root bridge show spanning-tree detail - Displays detailed port information show spanning-tree interface - Displays STP interface status and configuration show spanning-tree blocked ports - Displays blocked ports Graphic: 3.2.4.4

Rapid Spanning Tree Protocol – requires a full-duplex, point-to-point connection between switches to achieve the highest reconfiguration speed occurs in less than 1 second, as compared to 50 seconds in STP reduces the number of port states to three: discarding, learning and forwarding all ports that are not discarding are part of the active topology and will immediately transition to the forwarding state. Graphic: 3.2.5.1—go all the way to the end of the animation

Describe and Configure VLANs on a Cisco Switch Virtual LANs Logical networks Broadcast control Transparent to end-users A VLAN is a logical broadcast domain that can span multiple physical LAN segments. Network design best practice - broadcast traffic is contained to the area of the network in which it is required Graphic: 3.3.1.2

Describe and Configure VLANs on a Cisco Switch VLAN functions VLAN membership Static – manually assigned Dynamic – server based Graphic: 3.3.1.3 with one VLAN highlighted VLAN has two major functions: Contains broadcasts. Groups devices. Devices located on one VLAN are not visible to devices located on another VLAN. Traffic requires a Layer 3 device to move between VLANs.

Describe and Configure VLANs on a Cisco Switch VLAN 1: management VLAN - used to exchange information, such as Cisco Discovery Protocol (CDP) traffic and VLAN Trunking Protocol (VTP) traffic, with other networking devices. VLAN numbers & names Port assignment Graphic: 3.3.2.2

Describe and Configure VLANs on a Cisco Switch VLAN verification commands Deleting a VLAN - Switch(config)#no vlan vlan_number Removing a port from a VLAN – Switch(config)#interface fa0/port_number Switch(config-if)#no switchport access vlan vlan_number Graphic: 3.3.2.3 Lab 3.3.2.5

Describe and Configure VLANs on a Cisco Switch VLAN ID Frame tagging: IEEE 802.1Q A switch associates each port with a specific VLAN number. As a frame enters that port, the switch inserts the VLAN ID (VID) into the Ethernet frame. The addition of the VLAN ID number into the Ethernet frame is called frame tagging. The most commonly used frame tagging standard is IEEE 802.1Q. Graphic: 3.3.3.2

Describe and Configure VLANs on a Cisco Switch VLAN ID Frame tagging: IEEE 802.1Q Tag field increases the minimum Ethernet frame from 64 to 68 bytes. The switch recalculates the FCS because the number of bits in the frame has been modified. 802.1Q-compliant port is connected to another 802.1Q-compliant port ??? - YES - VLAN tagging information passes between them NO - VLAN tag is removed before the frame is placed on the media. Graphic: 3.3.3.2

Describe and Configure Trunking & Inter-VLAN Routing Trunk port characteristics Point-to-point link Carry multiple-VLAN traffic over single link Support for frame tagging Trunk modes - Trunk ports are necessary to carry the traffic from multiple VLANs between devices when connecting either two switches together, a switch to a router, or a host NIC that supports 802.1Q trunking. Graphic: 3.4.1.2, with “Trunking” button highlighted

Describe and Configure Trunking and Inter-VLAN Routing Traffic may need to cross the 802.1Q configured link without VLAN ID No VLAN ID is called untagged. Examples of untagged traffic are Cisco Discovery Protocol (CDP), VTP, and certain types of voice traffic. Untagged traffic minimizes the delays associated with inspection of the VLAN ID tag. Graphic: 3.4.2.2

Describe and Configure Trunking and Inter-VLAN Routing To accommodate untagged traffic, a special VLAN called a native VLAN is available Configuring a native VLAN Graphic: 3.4.2.2

Describe and Configure Trunking & Inter-VLAN Routing A Layer 3 device provides connectivity between different VLANs. Subinterfaces - logically divide one physical interface into multiple logical pathways Router-on-a-stick – Allows each VLAN to have its own logical pathway and default gateway Graphic: 3.4.3.2

Maintain VLAN Structure on an Enterprise Network VLAN Trunking Protocol (VTP) purpose and goals – automate many of the VLAN configuration functions, ensures that VLAN configuration is consistently maintained across the network Management domain - reduces the task of VLAN management and monitoring VTP modes: server, client, transparent VLAN database – saved in NVRAM, contains a revision number, if a VTP receives an update message that has a higher revision number than the one stored in the database, the switch updates its VLAN database with this new information Configuration revision number - begins at zero, as changes occur, the configuration revision number increases by one. Graphic: 3.5.1.3

Maintain VLAN Structure on an Enterprise Network VTP messages Summary advertisements – contain the current VTP domain name and the configuration revision number , if the domain name is the same, the switch compares the configuration revision number to its own number, lower or equal, the switch ignores the packet, If the revision number is higher, an advertisement request is sent. Subset advertisements – follows the summary advertisement, contains a list of VLAN info Advertisement requests – required if the switch has been reset or the VTP domain name has been changed Graphic: 3.5.1.4

Maintain VLAN Structure on an Enterprise Network Configuring VTP Verifying VTP configuration Graphic: 3.5.2.1

Summary Switches forward traffic using store and forward or cut-through techniques Basic security features should be applied to switches A VLAN is a way to group hosts on the same logical network even though they may be physically separated Frame tagging allows a switch to identify the source VLAN of an Ethernet frame. A Layer 3 device is needed to move traffic between different VLANs. Subinterfaces allow router interfaces to support multiple VLANs. VLAN Trunking Protocol provides centralized control, distribution and maintenance of VLANs.