Presentation is loading. Please wait.

Presentation is loading. Please wait.

CISCO SWITCHING Hussein Salameh Network Administrator

Published by斟 霍 Modified over 5 years ago

Similar presentations

Presentation on theme: "CISCO SWITCHING Hussein Salameh Network Administrator"— Presentation transcript:

1 CISCO SWITCHING Hussein Salameh Network Administrator
ATS Automation Tooling Systems Inc.

2 AGENDA Cisco Switching Switch Operation VLANs and Trunks
Link Aggregation Multilayer Switching IP Telephony Quality of Service Voice QoS Securing Switches Demo Questions

3 Layer 2 Switch Operation
Cisco Switching Layer 2 Switch Operation CAM Table D. MAC Port VLAN Node A (VLAN 20) Node B (VLAN 20) Node C (VLAN 30) Node D (VLAN 30) FOLLOW THE FRAME! Switch learns the source MAC and add it to CAM table Switch makes decisions based on destination MAC and finds VLAN and port Found: Forwards the frame on specific port Not Found: Floods the frame on access & trunk ports Ingress Queues Egress L2 Forwarding Table (CAM) Security ACLs (TCAM) QoS ACLs

4 Layer 3 Switch Operation
Cisco Switching Layer 3 Switch Operation CAM Table FIB Table D. MAC Port VLAN D. IP Next IP Next MAC Port Node A (VLAN 20) Node B (VLAN 20) Node C (VLAN 30) Node D (VLAN 30) FOLLOW THE PACKET! Layer 3 engine maintains routing information which is reformatted and copied into FIB table An update is sent to FIB if there is a change in the routing table If frame contains layer 3 packet to be forwarded, consult FIB In FIB, longest match is found and next IP is obtained Entire Ethernet frame is rewritten (TTL & Header Checksum) Ingress Queues Egress Routing Table ARP Table Packet Rewrite FIB Table Adjacency Table Layer 3 Forwarding Engine Layer 3 Engine Reorder entries according to longest prefix match Resolve MAC of each next hop in the FIB Control Plane Data Plane

5 VLANS & TRUNKS Cisco Switching A VLAN is a broadcast domain
All devices connected to the VLAN receive broadcasts from members on the same VLAN Static VLANS offer port-based membership, devices assume VLAN connectivity VLAN Numbers 1 to 1005 (VLAN 1, 1002 to 1005 are used for special cases) Extended range of VLANs: 1006 to 4094 Port Configuration (Access Mode) Create a VLAN Configure the interface for layer 2 operation Force the port to be assigned to only a single VLAN Assign a static VLAN membership to the port

6 VLANS & TRUNKS Cisco Switching
A trunk link can transport more than one VLAN through a single port Beneficial when switches are connected to other switches, routers or servers VLAN Identification (Encapsulation): ISL (Inter-Switch Link) Cisco Proprietary; referred as Double Tagging Switch adds a header and a trailer (VLAN id in the header) IEEE 802.1Q Open Standard Embeds its tagging within the layer 2 frame (Single Tagging) Concept of native VLAN Port Configuration (Trunk Mode) Create VLANs Configure the interface for layer 2 operation Configure the trunk encapsulation Configure the native VLAN (no tagging) Define which VLANs to be trunked over the link Force the port to be in the trunk mode

7 Negotiation Packets Sent?
LINK AGGREGATION Cisco Switching Aggregation means scaling link bandwidth by bundling parallel links also called EtherChannel Technology Bundled ports must have the same speed/duplex, belong to the same VLAN (Access) or pass the same VLANs (Trunk) Frames are forwarded on specific link as a result of a hashing algorithm (using IP address, MAC address, TCP/UDP port numbers) EtherChannel Negotiation Protocols: Port Aggregation Protocol (PAgP) – Cisco Proprietary Link Aggregation Control Protocol (LACP) – Open Standard Negotiation Mode Negotiation Packets Sent? Characteristics LACP PAgP On No Port-Channeling Passive Auto Yes Waits until asked Active Desirable Actively asks

8 Layer 2 EtherChannel Layer 3 EtherChannel
LINK AGGREGATION Cisco Switching Layer 2 EtherChannel Layer 3 EtherChannel Layer 2 Interfaces PortChannel Interface Configure as Access or Trunk Create Portchannel Hashing Algorithm src-mac Layer 2 Interfaces Convert to Layer 3 + Create Portchannel PortChannel Interface Configure IP Address Hashing Algorithm src-dst-IP

9 MULTILAYER SWITCHING Cisco Switching
Transporting packets between VLANs requires a layer 3 device -> interVLAN Routing VLAN 30 VLAN 10 VLAN 20 Trunk Link ROAS VLANs 10, 20, 30 Gi0/1 Gi0/1.10 Gi0/1.20 Gi0/1.30 Layer 2 Access Ports Layer 3 Port Trunk Port SVI VLAN 20 /24 SVI VLAN 10 /24 Layer 2 Switch Multilayer Switch Multilayer Switch

10 IP TELEPHONY Cisco Switching Detecting a Powered Device:
Power is always disabled when a switch port is down A switch continually detects whether a powered device is connected to a port IEEE 802.3af – Open Standard: Switch supplies small voltage across the Tx and Rx pairs and measures the resistance If resistance = 25K ohm -> Power device is detected Power budget can be changed by detecting the device’s power class Cisco Inline Power (ILP) – Cisco Proprietary: Switch sends out a 340 kHz test tone on the Tx pair If a PoE device is connected then the switch can hear its test tone looped back Power budget can be changed by receiving CDP information from the PoE device Power Class Max Power at 48V DC 15.4 W (Default Class) 1 4.0 W 2 7.0 W 3 15.4 W 4 Up to 50 W

11 IP TELEPHONY Cisco Switching Data VLAN Special Case 802.1Q Trunk
Distribution - Core Layers Data VLAN Special Case 802.1Q Trunk Data VLAN: Untagged Data Packets Voice VLAN: Tagged Voice Packets VLAN Isolation: Security, QoS Voice VLAN Call Manager Interface Gi1/0/1 switchport access vlan 20 switchport voice vlan 25 Switch CDP Packets Data VLAN Scope - DHCP Voice VLAN Scope - DHCP Voice VLAN Call Manager IP Non-Cisco Phone Phone PC

12 QUALITY OF SERVICE QoS Cisco Switching
Typical Network: Best effort delivery and equal chance of packets being dropped Protect and prioritize time-critical or important traffic Voice Packets must be delivered with little delay, jitter and loss Types of QoS: Best Effort Integrated services model (per flow basis) Differentiated services model (per hop basis) QoS Basic Model Classification Policing Marking Queueing & Scheduling Inspect packet and determine QoS label based on ACL or config. Compare incoming traffic with configured policer Determine whether to pass through, mark down or drop the packet Determine into which of the egress Queues to place the packet and schedule Generate QoS label In profile or out of profile Based on QoS Label

13 Layer 2 QoS (CoS) Layer 3 QoS (DSCP)
QUALITY OF SERVICE Cisco Switching Layer 2 QoS (CoS) Layer 3 QoS (DSCP) Inter-Switch Link (ISL) User Field: CoS Value IEEE 802.1Q Priority Field: CoS Value 0 ….. Low Priority 1 2 3 4 5 6 7 …… High Priority CoS DS5 DS4 DS3 DS2 DS1 DS0 Class Selector Drop Precedence CoS – DSCP Map

14 VOICE QoS Cisco Switching
Switch can decide whether to trust CoS and DSCP values and use them to make QoS decisions Classify the traffic at the edge of the QoS Domain by using Trust State on ports Extend the trust boundary Switchport priority extend {cos value | trust} Trust Boundary I see you are an IP Phone So I will trust your CoS Phone VLAN 110 PC VLAN 10 Voice=5; Signaling=3 PC Sets CoS to 5 for all traffic All PC traffic is reset to CoS 0 CoS 5 = DSCP 46 CoS 3 = DSCP 24 CoS 0 = DSCP 0

15 SECURING SWITCHES Cisco Switching Best Practices for Securing Switches
Enable port security: Identify a set of allowed MAC addresses & violation type Enable 802.1x Port-Based Authentication Configure secure passwords Use system banners: warn unauthorized users Secure the web interface Secure the switch console Use SSH instead of Telnet Secure SNMP access Secure unused switch ports Secure STP operation

16 DEMO Cisco Switching Create VLANs Configure Access interfaces
Configure security on Access ports Configure EtherChannel Configure Trunk interfaces Configure interVLAN Routing Configure DHCP Server Configure QoS trust boundary Test the topology Erase configuration

17 QUESTIONS THANK YOU!

Download ppt "CISCO SWITCHING Hussein Salameh Network Administrator"

Similar presentations

Mitigating Layer 2 Attacks

Mitigating Layer 2 Attacks
LAN Segmentation Virtual LAN (VLAN).

LAN Segmentation Virtual LAN (VLAN).
© 2006 Cisco Systems, Inc. All rights reserved. ICND v2.3—2-1 Extending Switched Networks with Virtual LANs Introducing VLAN Operations.

© 2006 Cisco Systems, Inc. All rights reserved. ICND v2.3—2-1 Extending Switched Networks with Virtual LANs Introducing VLAN Operations.
© 2008 Cisco Systems, Inc. All rights reserved.Cisco ConfidentialPresentation_ID 1 Chapter 3: VLANs Routing & Switching.

© 2008 Cisco Systems, Inc. All rights reserved.Cisco ConfidentialPresentation_ID 1 Chapter 3: VLANs Routing & Switching.
Chapter 3: Link Aggregation

Chapter 3: Link Aggregation
© 2006 Cisco Systems, Inc. All rights reserved.Cisco ConfidentialPresentation_ID 1 Common Layer 2 Attacks and Countermeasures.

© 2006 Cisco Systems, Inc. All rights reserved.Cisco ConfidentialPresentation_ID 1 Common Layer 2 Attacks and Countermeasures.
Switching Topic 4 Inter-VLAN routing. Agenda Routing process Routing VLANs – Traditional model – Router-on-a-stick – Multilayer switches EtherChannel.

Switching Topic 4 Inter-VLAN routing. Agenda Routing process Routing VLANs – Traditional model – Router-on-a-stick – Multilayer switches EtherChannel.
Cisco 3 - Switch Perrine. J Page 15/8/2015 Chapter 8 What happens to the member ports of a VLAN when the VLAN is deleted? 1.They become inactive. 2.They.

Cisco 3 - Switch Perrine. J Page 15/8/2015 Chapter 8 What happens to the member ports of a VLAN when the VLAN is deleted? 1.They become inactive. 2.They.
© 2008 Cisco Systems, Inc. All rights reserved.Cisco ConfidentialPresentation_ID 1 Chapter 3: VLANs Routing & Switching.

© 2008 Cisco Systems, Inc. All rights reserved.Cisco ConfidentialPresentation_ID 1 Chapter 3: VLANs Routing & Switching.
© 2008 Cisco Systems, Inc. All rights reserved.CIPT1 v6.0—3-1 Enabling Single-Site On-Net Calling Configuring Cisco Catalyst Switches for Endpoints.

© 2008 Cisco Systems, Inc. All rights reserved.CIPT1 v6.0—3-1 Enabling Single-Site On-Net Calling Configuring Cisco Catalyst Switches for Endpoints.
VLANs- Chapter 3 CCNA Exploration Semester 3 Modified by Profs. Ward

VLANs- Chapter 3 CCNA Exploration Semester 3 Modified by Profs. Ward
Layer 2: Redundancy and High Availability Part 1: General Overview on Assignment 1.

Layer 2: Redundancy and High Availability Part 1: General Overview on Assignment 1.
1 © 2012 Cisco Systems, Inc. All rights reserved. Cisco confidential.Cisco Networking Academy, US/Canada Is It Routing or Is It Layer 3 Switching? YES!

1 © 2012 Cisco Systems, Inc. All rights reserved. Cisco confidential.Cisco Networking Academy, US/Canada Is It Routing or Is It Layer 3 Switching? YES!
(part 3).  Switches, also known as switching hubs, have become an increasingly important part of our networking today, because when working with hubs,

(part 3).  Switches, also known as switching hubs, have become an increasingly important part of our networking today, because when working with hubs,
Virtual LANs. VLAN introduction VLANs logically segment switched networks based on the functions, project teams, or applications of the organization regardless.

Virtual LANs. VLAN introduction VLANs logically segment switched networks based on the functions, project teams, or applications of the organization regardless.
VLANs.ppt CCNA Exploration Semester 3 Chapter 3

VLANs.ppt CCNA Exploration Semester 3 Chapter 3
CCENT Study Guide Chapter 11 VLANs and Inter-VLAN Routing.

CCENT Study Guide Chapter 11 VLANs and Inter-VLAN Routing.
InterVLAN Routing Design and Implementation. What Routers Do Intelligent, dynamic routing protocols for packet transport Packet filtering capabilities.

InterVLAN Routing Design and Implementation. What Routers Do Intelligent, dynamic routing protocols for packet transport Packet filtering capabilities.
Voice VLANs Lecture 7 VLANs.ppt 21/04/ Apr-17

Voice VLANs Lecture 7 VLANs.ppt 21/04/ Apr-17
© 2008 Cisco Systems, Inc. All rights reserved.Cisco ConfidentialPresentation_ID 1 Chapter 3: Implementing VLAN Security Routing And Switching.

© 2008 Cisco Systems, Inc. All rights reserved.Cisco ConfidentialPresentation_ID 1 Chapter 3: Implementing VLAN Security Routing And Switching.

Similar presentations

Ads by Google