Unit 9 LANs Chapters 24-26 NT2640.U9.PS1 IP Networking: Unit 9: Slide 1
Class Agenda 11/14/15 Learning Objectives Unit 8: Discussions and Video Lab Activities will be done in class. Assignments will be given in class. Break Times. 10 Minutes break in every 1 Hour. Note: Submit all Assignment and labs due today.
Objectives In this unit, students will demonstrate an: Understanding of Bridge and Switching Forwarding Process including Filtering and Flooding Understanding Spanning Tree Protocol including Processes Phases Understanding of Switch Frame Processing Methods Understanding of Cisco Switch Configuration including Interfaces, VLANs, and Security Features Understanding of VLANs including Trunking IP Networking: Unit 9: Slide 3
Ethernet LAN Switching and Concepts Chapter 24 NT2640.U9.PS1 IP Networking: Unit 9: Slide 4 4 4
Historical Progression: Hubs, Bridges, and Switches Ethernet started out with standards that used a physical electrical bus created with coaxial cabling. 10BASE-T Ethernet came next. It offered improved LAN availability, because a problem on a single cable did not affect the rest of the LAN—a common problem with 10BASE2 and 10BASE5 networks. 10BASE-T allowed the use of unshielded twisted-pair (UTP) cabling, which is much cheaper than coaxial cable. Also, many buildings already had UTP cabling installed for phone service, so 10BASE-T quickly became a popular alternative to 10BASE2 and 10BASE5 Ethernet networks. IP Networking: Unit 9: Slide 5
Ethernet Bus Compared to Ethernet Hub IP Networking: Unit 9: Slide 6
10BASE-T with a hub Although using 10BASE-T with a hub improved Ethernet as compared to the older standards, several drawbacks continued to exist, even with 10BASE-T using hubs: Any device sending a frame could have the frame collide with a frame sent by any other device attached to that LAN segment. Only one device could send a frame at a time, so the devices shared the (10-Mbps) bandwidth. Broadcasts sent by one device were heard by, and processed by, all other devices on the LAN. IP Networking: Unit 9: Slide 7
Bridge Creates Two Collision Domains and Two Shared Ethernets Adding a bridge between two hubs really creates two separate 10BASE-T networks—one on the left and one on the right. The 10BASE-T network on the left has its own 10 Mbps to share, as does the network on the right. IP Networking: Unit 9: Slide 8
Switch Creates Four Collision Domains and Four Ethernet Segments Now connected to a switch, each interface also uses full duplex. This is possible because only one device is connected to each port, essentially eliminating collisions for the network shown. IP Networking: Unit 9: Slide 9
Switching Logic Ultimately, the role of a LAN switch is to forward Ethernet frames. To achieve that goal, switches use logic—logic based on the source and destination MAC address in each frame’s Ethernet header. To help you appreciate how switches work, first a review of Ethernet addresses is in order. The IEEE defines three general categories of Ethernet MAC addresses: Unicast addresses: MAC addresses that identify a single LAN interface card. Broadcast addresses: A frame sent with a destination address of the broadcast address (FFFF.FFFF.FFFF) implies that all devices on the LAN should receive and process the frame. Multicast addresses: Multicast MAC addresses are used to allow a dynamic subset of devices on a LAN to communicate. IP Networking: Unit 9: Slide 10
Switch Decision Making The primary job of a LAN switch is to receive Ethernet frames and then make a decision: either forward the frame out some other port(s), or ignore the frame. To accomplish this primary mission, transparent bridges perform three actions: 1. Deciding when to forward a frame or when to filter (not forward) a frame, based on the destination MAC address 2. Learning MAC addresses by examining the source MAC address of each frame received by the bridge 3. Creating a (Layer 2) loop-free environment with other bridges by using Spanning Tree Protocol (STP) IP Networking: Unit 9: Slide 11
Sample Switch Forwarding and Filtering Decision IP Networking: Unit 9: Slide 12
LAN Switching Summary Switches provide many additional features not offered by older LAN devices such as hubs and bridges. In particular, LAN switches provide the following benefits: Switch ports connected to a single device microsegment the LAN, providing dedicated bandwidth to that single device. Switches allow multiple simultaneous conversations between devices on different ports. Switch ports connected to a single device support full duplex, in effect doubling the amount of bandwidth available to the device. Switches support rate adaptation, which means that devices that use different Ethernet speeds can communicate through the switch (hubs cannot). IP Networking: Unit 9: Slide 13
Collision Domains A collision domain is a set of network interface cards (NIC) for which a frame sent by one NIC could result in a collision with a frame sent by any other NIC in the same collision domain. IP Networking: Unit 9: Slide 14
Broadcast Domains A broadcast domain is a set of NICs for which a broadcast frame sent by one NIC is received by all other NICs in the same broadcast domain. IP Networking: Unit 9: Slide 15
Benefits of Segmenting Ethernet Devices Using Hubs, Switches, and Routers Feature Hub Switch Router Greater cabling distances are allowed Yes Creates multiple collision domains No Increases bandwidth Creates multiple broadcast domains IP Networking: Unit 9: Slide 16
Virtual LANs (VLAN) Most every Enterprise network today uses the concept of virtual LANs (VLAN). Before understanding VLANs, you must have a very specific understanding of the definition of a LAN. Although you can think about and define the term “LAN” from many perspectives, one perspective in particular will help you understand VLANs: A LAN consists of all devices in the same broadcast domain. Without VLANs, a switch considers all interfaces on the switch to be in the same broadcast domain. In other words, all connected devices are in the same LAN. (Cisco switches accomplish this by putting all interfaces in VLAN 1 by default.) So, instead of all ports on a switch forming a single broadcast domain, the switch separates them into many, based on configuration. IP Networking: Unit 9: Slide 17
Sample Network with Two VLANs Using One Switch Or you can create multiple VLANs on a single switch. IP Networking: Unit 9: Slide 18
Motivations for using VLANs There are many motivations for using VLANs, including the following: To create more flexible designs that group users by department, or by groups that work together, instead of by physical location To segment devices into smaller LANs (broadcast domains) to reduce overhead caused to each host in the VLAN To reduce the workload for STP by limiting a VLAN to a single access switch To enforce better security by keeping hosts that work with sensitive data on a separate VLAN To separate traffic sent by an IP phone from traffic sent by PCs connected to the phones IP Networking: Unit 9: Slide 19
Ethernet Types, Media, and Segment Lengths (Per IEEE) Maximum Segment Length 10BASE-T TIA/EIA CAT3 or better, two pair 100 m (328 feet) 100BASE-TX TIA/EIA CAT5 UTP or better, two pair 100BASE-FX 62.5/125-micron multimode fiber 400 m (1312.3 feet) 1000BASE-CX STP 25 m (82 feet) 1000BASE-T TIA/EIA CAT5e UTP or better, four pair 1000BASE-SX Multimode fiber 275 m (853 feet) for 62.5-micron fiber 550 m (1804.5 feet) for 50-micron fiber 1000BASE-LX 550 m (1804.5 feet) for 50- and 62.5- micron fiber 9-micron single-mode fiber 5 km (3.1 miles) IP Networking: Unit 9: Slide 20
Ethernet Switch Configuration Chapter 25 © 2011 ITT Educational Services Inc. NT-2640 Advanced Networking: Unit 9: Slide 21 21 21
Comparing Cisco Router and Switch Configuration Cisco switches use the same switch IOS CLI for routers. However, because routers and switches perform different functions, the actual commands differ in some cases. IP Networking: Unit 9: Slide 22
Commands Used on both Routers and Switches User and Enable (privileged) mode Entering and exiting configuration mode, using the configure terminal, end, and exit commands, and the Ctrl-Z key sequence Configuration of console, Telnet, and enable secret passwords Configuration of SSH encryption keys and username/password login credentials Configuration of the host name and interface description Configuration of Ethernet interfaces that can negotiate speed, using the speed and duplex commands Configuring an interface to be administratively disabled (shutdown) and administratively enabled (no shutdown) Navigation through different configuration mode contexts using commands like line console 0 and interface CLI help, command editing, and command recall features The meaning and use of the startup-config (in NVRAM), running-config (in RAM), and external servers (like TFTP), along with how to use the copy command to copy the configuration files and IOS images The process of reaching setup mode either by reloading the router with an empty startup-config or by using the setup command IP Networking: Unit 9: Slide 23
LAN Switch Configuration and Operation Switches work without any configuration. Cisco switches ship from the factory with all interfaces enabled (a default configuration of no shutdown) and with autonegotiation enabled for ports that run at multiple speeds and duplex settings (a default configuration of duplex auto and speed auto). All you have to do is connect the Ethernet cables and plug in the power cord to a power outlet, and the switch is ready to work—learning MAC addresses, making forwarding/filtering decisions, and even using STP by default. IP Networking: Unit 9: Slide 24
Port Security If the network engineer knows what devices should be cabled and connected to particular interfaces on a switch, the engineer can use port security to restrict that interface so that only the expected devices can use it. This reduces exposure to some types of attacks in which the attacker connects a laptop to the wall socket that connects to a switch port that has been configured to use port security. When that inappropriate device attempts to send frames to the switch interface, the switch can issue informational messages, discard frames from that device, or even discard frames from all devices by effectively shutting down the interface. IP Networking: Unit 9: Slide 25
Securing Unused Switch Interfaces Cisco originally chose the default interface configuration settings on Cisco switches so that the interfaces would work without any overt configuration. The interfaces automatically negotiate the speed and duplex, and each interface begins in an enabled (no shutdown) state, with all interfaces assigned to VLAN 1. Additionally, every interface defaults to negotiate to use VLAN features called VLAN trunking and VLAN Trunking Protocol (VTP). IP Networking: Unit 9: Slide 26
Unused Interfaces The recommendations for unused interfaces are as follows: Administratively disable the interface using the shutdown interface subcommand. Prevent VLAN trunking and VTP by making the port a nontrunking interface using the switchport mode access interface subcommand. Assign the port to an unused VLAN using the switchport access vlan number interface subcommand. Frankly, if you just shut down the interface, the security exposure goes away, but the other two tasks prevent any immediate problems if someone else comes around and enables the interface by configuring a no shutdown command. IP Networking: Unit 9: Slide 27
Break 10 Min. © 2011 ITT Educational Services Inc. NT-2640 Advanced Networking: : Unit 1: Slide 28
Virtual LANs Chapter 26 NT2640-U9-PS2 © 2011 ITT Educational Services Inc. NT-2640 Advanced Networking: Unit 9: Slide 29 29 29
Virtual LAN Concepts A LAN includes all devices in the same broadcast domain. A broadcast domain includes the set of all LAN-connected devices that when any of the devices sends a broadcast frame, all the other devices get a copy of the frame. You can think of a LAN and a broadcast domain as being basically the same thing. Without VLANs, a switch considers all its interfaces to be in the same broadcast domain; in others words, all connected devices are in the same LAN. With VLANs, a switch can put some interfaces into one broadcast domain and some into another, creating multiple broadcast domains. These individual broadcast domains created by the switch are called virtual LANs. IP Networking: Unit 9: Slide 30
Sample Network with Two VLANs Using One Switch IP Networking: Unit 9: Slide 31
Reasons for Different VLANs To create more flexible designs that group users by department, or by groups that work together, instead of by physical location To segment devices into smaller LANs (broadcast domains) to reduce overhead caused to each host in the VLAN To reduce the workload for the Spanning Tree Protocol (STP) by limiting a VLAN to a single access switch To enforce better security by keeping hosts that work with sensitive data on a separate VLAN To separate traffic sent by an IP phone from traffic sent by PCs connected to the phones IP Networking: Unit 9: Slide 32
Trunking to Cisco IP Phones Cisco IP phones use Ethernet to connect to the IP network for the purpose of sending Voice over IP (VoIP) packets. Cisco IP phones can send VoIP packets to other IP phones to support voice calls, as well as send VoIP packets to voice gateways, which in turn connect to the existing traditional telephone network, supporting the ability to call most any phone in the world. Cisco anticipated that each desk in an enterprise might have both a Cisco IP phone and a PC on it. To reduce cabling clutter, Cisco includes a small LAN switch in the bottom of each Cisco IP phone. The small switch allows one cable to run from the wiring closet to the desk and connect to the IP phone, and then the PC can connect to the switch by connecting a short Ethernet (straight-through) cable from the PC to the bottom of the IP phone. IP Networking: Unit 9: Slide 33
Typical Connection of a Cisco IP Phone and PC to a Cisco Switch IP Networking: Unit 9: Slide 34
Protecting Unused Switch Ports Cisco makes some recommendations for how to protect unused switch ports. Instead of using default settings, Cisco recommends configuring these interfaces as follows: Administratively disable the unused interface, using the shutdown interface subcommand. Prevent trunking from being negotiated when the port is enabled by using the switchport nonegotiate interface subcommand to disable negotiation, or the switchport mode access interface subcommand to statically configure the interface as an access interface. Assign the port to an unused VLAN, sometimes called a parking lot VLAN, using the switchport access vlan number interface subcommand. IP Networking: Unit 9: Slide 35
VTP Planning Steps Step 1: Configure the VTP mode using the vtp mode {server | client} global configuration command. Step 2: Configure the VTP (case-sensitive) domain name using the vtp domain domain-name global configuration command. Step 3: (Optional) On both clients and servers, configure the same case- sensitive password using the vtp password password-value global configuration command. Step 4: (Optional) Configure VTP pruning on the VTP servers using the vtp pruning global configuration command. Step 5: (Optional) Enable VTP version 2 with the vtp version 2 global configuration command. Step 6: Bring up trunks between the switches. IP Networking: Unit 9: Slide 36
Summary In this unit, students In this unit, we discussed: Bridge and Switching Forwarding Process including Filtering and Flooding Spanning Tree Protocol including Processes Phases Switch Frame Processing Methods Cisco Switch Configuration including Interfaces, VLANs, and Security Features VLANs including Trunking IP Networking: Unit 9: Slide 37
Break 10 Min. IP Networking: Unit 1: Slide 38
All answers to overdue labs should be submitted in the next class. Lab Activities. Complete 9 Lab in class. All answers to overdue labs should be submitted in the next class. © 2011 ITT Educational Services Inc. NT-2640 Wan Technologies: Unit 4: Slide 39
Unit 9 assignment will be given in class. © 2011 ITT Educational Services Inc. NT-2640 Wan Technologies: Unit 4: Slide 40