1. Ethernet Standard
Ethernet hub operates at half-duplex, which allows a device to either transmit or receive data, but not at the same time. Ethernet utilizes carrier sense
multiple access with collision detect to control media access.
For Example: if two devices transmit a frame at the same time, a collision will occur. If a collision is detected, the hub will discard the frame and generate the
signal for the host devices. Both devices will wait for a random time then after
Ethernet switches build MAC-address tables through a dynamic learning process. When a switch first powered on then switch will flood frame out every port.
Switching: Switching is a process, using MAC address on LAN segment and It make a decision based on MAC address, that is called Switching.
Functions:-
Address Learning: - A switch learns MAC address based of source MAC frame which is received ingress port.
Forward Filtering:-A switch forward MAC address based of destination MAC frame which is received egress port.
Loop Avoidance: - Switches utilize the spanning Tree protocol to maintain a loop free environment
Flood: - Flood is a process in which a switch transmits a copy of frame to its all ports except that port on it was received.
Flooding:-z
1. Broadcast
2. Multicast
3. Unknown unicast
The layer 2 Switching process
When a switch receives a copy of frame on a port it puts that frame in one of the port’s ingress.
When a switch make a decision which port that frame should sent out, it puts the frame in that port’s egress.
Note: - if the destination Mac address in the frame is not stored in CAM table, the frame is placed in the egress queue of the all ports. this process is called
flooding.
Catalyst switches maintain several types of tables:-
1. CAM
2. TCAM
3. ARP
CAM(Contain Addressable Memory) —All Catalyst switch models use a CAM table for Layer 2 switching. As frames arrive on switch ports, the source MAC
addresses are learned and recorded in the CAM table. The port of arrival and the VLAN are both recorded in the table, along with a timestamp. If a MAC
address learned on one switch port has moved to a different port, the MAC address and timestamp are recorded for the most recent arrival port. Then, the
previous entry is deleted. If a MAC address is found already present in the table for the correct arrival port, only its timestamp is updated.
Ternary Content Addressable Memory (TCAM)—In multilayer switches, all the processes that access control lists (ACLs) provide in traditional routing, such as
matching, filtering, or control specific traffic, are implemented in hardware. TCAM allows a packet to be evaluated against an entire access list in a single table
lookup. Most switches have multiple TCAMs so that both inbound and outbound security, as well as QoS ACLs, can be evaluated simultaneously or entirely in
parallel with a Layer 2 or Layer 3 forwarding decision.
ARP(Address Resolution Protocol) —Maps an IP address to a MAC address in order to provide IP communication within a Layer 2 broadcast domain. For
example, Host B wants to send information to Host A, but does not have the MAC address of Host A in its ARP cache. Host B generates a broadcast message for
all hosts within the broadcast domain to obtain the MAC address associated with the IP address of Host A. All hosts within the broadcast domain receive the
ARP request, and only Host A responds with its MAC address
Note CAM & TCAM table stored in RAM, the switch only put the source MAC address of a frame in the CAM table. By default dynamically learned MAC address
are stored for 300 seconds in the CAM table. If no activity is received from the that MAC address, switch removed its entry from CAM table.
Basic Switch configuration
Switch Port Configuration -
To enter interface configuration mode for interface Fast Ethernet 0/10:
Switch(config)#interface fa0/10
Network Bulls (A unit of Network Bullstudy Pvt. Ltd.) Email: info@networkbulls.com, http://networkbulls.com.
2. Multiple individual ports can be configured simultaneously:
Switch(config)#interface range fa0/10 , fa0/12 , fa0/14
The above command selects ports fa0/10, fa0/12, and fa0/14. Please note the space on either side of the commas.
A contiguous range of interfaces can be specified:
Switch(config)#interface range fa0/10 - 15
The above command selects ports fa0/10 through fa0/15. Please note the space on either side of the dash.
Macros can be created for groups of ports that are configured often:
Switch(config)#define interface-range NETWORKBULLS fa0/10 – 15
Switch(config)#interface range macro NETWORKBULLS
The first command creates a macro, or “group,” of interfaces called NETWORKBULLS. The second command actually selects those interfaces for configuration.
For documentation purposes, we can apply descriptions on interfaces:
Switch(config)#interface fa0/0
Switch(config-if)#description DESCRIPTIONTEXT
To view the status of an interface (example, Fast Ethernet 0/10):
Switch#show interface fa0/10
This will also display duplex, speed, and packet errors on this particular interface. To view the errdisable state (explained shortly) of an interface:
Switch#show interface status err-disabled
Switch Port Configuration – Speed and Duplex
To specify the port speed of an interface:
Switch(config)# interface fa0/10
Switch(config-if)#speed 10
Switch(config-if)#speed 100
Switch(config-if)#speed 1000
Switch(config-if)#speed auto
To specify the duplex of an interface:
Switch(config)#interface fa0/10
Switch(config-if)#duplex half
Switch(config-if)#duplex full
Switch(config-if)#duplex auto
VLAN (Virtual Local Area Network)
By default a switch considered it’s all ports in a single broadcast domain, but switch has ability to create multiple broadcast domains and it has ability to put its
port in a separate broadcast domain, these multiple broadcast domain is called VLAN.
A switch forwards broadcast or multicast all its ports, but except originating port. A switch can be logically segmented into multiple broadcast domains, which
are called VLAN (Virtual Local Area Network). Each VLAN represents a separate broadcast domain.
VLANs are typically from VLAN 1 through VLAN 1005. (VLAN 0 is reserved by 802.1Q. The IEEE 802.1Q standard provides for support of up to 4096 VLANs.
VLANs 0 and 4095 are reserved by the IEEE 802.1Q standard and you cannot create, delete, or modify them (not displayed).
Note: Traffic passed between more than two devices within the same VLAN its required layer-2 device to communicate.
Traffic passed between more than two devices in different VLAN it’s required Layer -3 device for communicate.
Advantage of VLAN:-
1. Broadcast Control
Network Bulls (A unit of Network Bullstudy Pvt. Ltd.) Email: info@networkbulls.com, http://networkbulls.com.
3. 2. Security
3. Flexibility and Scalability
VLAN Membership
Statically: - In static VLAN membership provides port based VLAN membership. A network administrator manually configured port based VLAN membership on
a switch, an administrator put that any port in single VLAN. When any device connects to the switch port, then device automatically becomes a member of
that VLAN.
Dynamically: - Cisco developed a dynamic VLAN product that is called VLAN Membership Policy Server (VMPS). Dynamic VLAN provides MAC based
membership. When any device connects to the switch port then switch learns the MAC address of the device and it makes a request to VMPS server. Switch
transmits the MAC information to VMPS server then VMPS server decided that which VLAN id provides for that MAC.
Static VLAN Configuration
The first step in configuring VLANs is to create the VLAN:
Switch(config)#vlan 100
Switch(config-vlan)#name MY_VLAN
Switch(config-vlan)#exit
Switch(config)#
The first command creates VLAN 100, and enters VLAN configuration mode. The second command assigns the name MY_VLAN to this VLAN
Or
Switch(config)#vlan 100, 200, 300, 400
Or
Switch(config)#vlan 2-10
How can assign the interface to specific VLAN.
Switch(config)#interface fa0/10
Switch(config-if)#switchport mode access
Switch(config-if)#switchport access vlan 100
Or
Switch(config)#interface range fa0/10 – 15
Switch(config-if)#switchport mode access
Switch(config-if)#switchport access vlan 100
Or
Switch(config)#define interface-range NETWORKBULLS fa0/10 – 15
Switch(config)#interface range macro NETWORKBULLS
Switch(config-if)#switchport mode access
Switch(config-if)#switchport access vlan 100
or
Switch(config)#interface range fa0/10,fa0/12,fa0/14
Switch(config-if)#switchport mode access
Switch(config-if)#switchport access vlan 100
Note: The switch will automatically create a VLAN that does not yet exist.
VLAN Port Types:
There are two types of port available.
Access port: - An access port belong only one VLAN. When a host device connects to the access port it will become automatically a member of this VLAN. By
default all switch ports are access ports.
Trunk Port: - Trunk port does not belong to a single VLAN. All VLAN can travel on trunk link to reach other switch.
Network Bulls (A unit of Network Bullstudy Pvt. Ltd.) Email: info@networkbulls.com, http://networkbulls.com.
4. VLAN Frame Tagging: -
When we utilize trunk link between two switches. Switches need mechanism to indentify which VLAN frame belongs to. Frame tagging inserts a VLAN ID in
each frame. When a switch sends a frame to another switch, then it adds an extra header with the frame this header content VLAN ID and Frame. This process
is called VLAN Tagging & Trunking.
Cisco switch support two types of frame tagging protocols.
ISL: - ISL (Inter Switch Link) is Cisco proprietary frame tagging protocol, and it supports Ethernet, Token Ring, FDDI, and ATM frame. ISL encapsulates a frame
with an additional header (26 bytes) and trailer (4 bytes), increasing the size of an Ethernet frame up to 30 bytes. The header contains the 10 byte VLAN ID.
The trailer contains an additional 4-byte CRC for data-integrity purposes.
Trunking with ISL
IEEE802.1Q: - IEEE802.1Q is open standard protocol. 802.1Q actually inserts a 4-byte VLAN ID into the Layer-2 frame header.
Configuring Trunk Links.
Trunking with 802.1Q
To manually configure a trunk port, for either ISL or 802.1Q tagging:
Comparing ISL and 802.1Q:
ISL 802.1Q
Proprietary Nonproprietary
Encapsulated Tagged
Protocol independent Protocol dependent
Encapsulates the old Adds a field to
frame in a new frame the frame header
Question : - What happens when we use the switchport mode trunk command without specifying the encapsulation on switches that support
both protocols?
Network Bulls (A unit of Network Bullstudy Pvt. Ltd.) Email: info@networkbulls.com, http://networkbulls.com.
5. On switches that support multiple trunking encapsulations (802.1Q and ISL), you must first configure the trunking encapsulation
before setting the interface to trunk mode.
The switchport trunk encapsulation command must be configured before the switchport mode trunk.
Switch(config)# interface fa0/24
Switch(config-if)#switchport trunk encapsulation isl
Switch(config-if)#switchport mode trunk
Switch(config)#interface fa0/24
Switch(config-if)#switchport trunk encapsulation dot1q
Switch(config-if)#switchport mode trunk
Note: - Always remember, both sides of the trunk line must be configured with the same tagging protocol.
By default, trunk ports allow all VLANs to traverse the trunk link
Switch(config)#interface fa0/19
Switch(config-if)#switchport trunk allowed vlan remove 10-100
Switch(config-if)#switchport trunk allowed vlan add 20-35
Note: - The first switchport command will prevent the trunk port from passing traffic from VLANs 50-100. The second switchport command will re-allow the
trunk port to pass traffic from VLANs 60-65. In both cases, the switchport trunk allowed commands are adding/subtracting from the current list of allowed
VLANs, and not replacing that list.
Switch(config)#interface fa0/24
Switch(config-if)#switchport trunk allowed vlan all
Switch(config-if)#switchport trunk allowed vlan except 2-99
Note: -Certain VLANs are reserved and cannot be removed from a trunk link, including VLAN 1 and system VLANs 1002-1005.
Management VLAN
The Management VLAN is the VLAN used to reach (ping, telnet) devices.
Configure VLAN 1
Default: Management VLAN is VLAN 1
Allows us to communicate with the switch over the network (ping, telnet if privilege and vty passwords configured)
Switch#configure terminal
Enter configuration commands, one per line. End with CNTL/Z.
Switch(config)#hostname network
network(config)#interface vlan 1
network(config-if)#ip address 10.1.1.101 255.255.255.0
network(config-if)#no shutdown
network(config)#exit
network#
Default, Native and Management VLANs: -
Network Bulls (A unit of Network Bullstudy Pvt. Ltd.) Email: info@networkbulls.com, http://networkbulls.com.
6. By default all traffic is carried across VLAN 1. VLAN 1 is the default VLAN (all user traffic)
Frames from the native VLAN are not tagged when sent out trunk ports. A trunking interface can only be assigned one native VLAN. Only 802.1Q supports
native VLANs. The native VLAN should be configured on both sides of the 802.1Q trunk)
Note: -By default on all trunking interfaces, the Native VLAN is VLAN 1.
A native VLAN can also be configured on trunk ports.
Switch(config)#interface fa0/24
Switch(config-if)#switchport mode trunk
Switch(config-if)#switchport trunk native vlan 42
Dynamic Trunking Protocol (DTP) Configuration:
DTP (Dynamic Trunking Protocol) and Switchport Mode Interactions
Dynamic Auto Dynamic Desirable Trunk Access
VTP (VLAN Truning
Dynamic Auto Access Trunk Trunk Access
Protocol)
VLAN Trunk
Dynamic Desirable Trunk Trunk Trunk Access Protocol (VTP)
reduces
administration in a
Trunk Trunk Trunk Trunk Not recommended switched network.
VLAN information
can be configured
Access Access Access Not recommended Access
on a VTP server,
which is distributed
through all switches in the same domain.
Do not have to configure VALN on each switch individually.
VTP is a Cisco-proprietary protocol.
VTP Modes:
Server
Can create, modify, and delete VLANs
Configure VTP version and VTP pruning.
Advertise their VLAN configuration to other switches in the same VTP domain
VTP advertisements sent/received over trunk links.
Default mode.
Client
Behave the same way as VTP servers, but you cannot create, change, or delete VLANs on a VTP client.
Transparent
Does not participate in VTP.
Does not advertise its VLAN configuration in VTP.
Does not synchronize its VLAN configuration based on received advertisements
VTP Version 1 – the transparent switch will only pass updates from the same VTP domain.
Network Bulls (A unit of Network Bullstudy Pvt. Ltd.) Email: info@networkbulls.com, http://networkbulls.com.
7. VTP Version 2 – the transparent switch will pass updates from any VTP domain. Does forward VTP advertisements that they receive out their trunk
ports in VTP Version 2.
Note: Switches transmit VTP messages only over 802.1Q and ISL trunks. By default, VTP updates are sent out every 300 seconds, or anytime a
change to the database occurs.
Note: A VTP server without a VTP domain name cannot send or receive VLAN information using VTP.
There are three versions of VTP.
VTP Version 1
VTP Version 2
VTP Version 3
VTP Messages: -
VTP Summary advertisements
VTP Subset advertisements
Advertisement Request
VTP Summary advertisements
By default sent every five-minute. Inform adjacent switches of the current VTP domain name and the configuration revision number.
Receiving switch compares the VTP domain name to its own VTP domain name. If the name is different, the switch simply ignores the packet.
If the name is the same, the switch then compares the configuration revision to its own revision. If its own configuration revision is higher or equal, the packet
is ignored. Own Configuration Rev higher or equal than senders? Otherwise, it is lower and a VTP Advertisement Request is sent.
VTP Subset advertisements
Sent in response to a VTP Advertisement Request. Also, sent whenever there is a change to VLAN information on a VTP server. First the server sends a VTP
Summary Advertisement, and then the server sends a VTP Subset Advertisement. One or several subset advertisements follow the summary advertisement. A
subset advertisement contains a list of VLAN information.
A Subset Advertisement will contain the following fields:
• VTP Version
• VTP Domain
• VTP Configuration Revision
• VLAN IDs for each VLAN in the database
• VLAN-specific information, such as the VLAN name and MTU
Example: -
VTP works only over trunk links.
Switch A (Server) sends summary advertisement over trunk links on VLAN 1
Includes Domain and Revision Number
Multicast 01-00-0C-CC-CC-CC
Switch B updates its Domain
Because of the higher revision number in the Summary, B replies with Advertisement Request
Network Bulls (A unit of Network Bullstudy Pvt. Ltd.) Email: info@networkbulls.com, http://networkbulls.com.
8. Switch A sends a VTP Subset advertisement Switch B updates its VLAN configuration revision number and VLANs. (May be preceded by another
Summary advertisement.)
Example: -
VTP advertisements sent to Transparent switch. (Shown together)
Switch C does not make any changes based on these advertisements.
Now, let’s say Switch C is configured with:
Domain name Cisco
VLANs 2, 3, 4, 5, 6
Even though in same domain, Switch C does not advertise these VLANs to other switches.
The Configuration Revision number remains at 0 even when VLAN configuration is changed.
Transparent switches will relay VTP messages it receives to other switches if it is in the same domain or in a null domain.
Now let’s see
VTP Client Switch D added to the network.
Switch A (Server) sends summary advertisement over trunk links on VLAN 1.
Switch D updates its Domain
Replies with Advertisement Request
Switch A sends a VTP Subset advertisement Switch D updates its VLAN configuration revision number and VLANs
Both switches are VTP Servers and in the same Domain, but different VLAN information. Let’s see what happens when trunking is enabled between the
switches…
When two switches with same Domain Name and same Configuration Revision Numbers exchange VTP information: there is No change on both
switch.
In case Switch A adds a new VLAN, Configuration revision is increased by 1.
Switch A will send VTP information to Switch B who will synchronize its VLAN information with Switch A, losing current “local” VLANs
Configuring VTP
To configure the VTP domain (the domain name is case sensitive):
Network Bulls (A unit of Network Bullstudy Pvt. Ltd.) Email: info@networkbulls.com, http://networkbulls.com.
9. Switch(config)#vtp domain MYDOMAIN
To configure the VTP mode:
Switch(config)#vtp mode server
Switch(config)#vtp mode client
Switch(config)#vtp mode transparent
The VTP domain can be further secured using a password:
Switch(config)#vtp password PASSWORD
All switches participating in the VTP domain must be configured with the same password. The password will be hashed into a 16-byte MD5 value.
By default, a Catalyst switch uses VTP version 1.
Switch(config)#vtp version 2
Verify configurations:
show vlan
show vtp status
show interfaces interface switchport
show interfaces trunk
show running-config
Note: - The switch in VTP server mode with the highest revision number propagates VLAN information over trunked ports.
Question: -
What is the default VTP version?
2
What is the starting configuration revision?
0
What is the default VTP Mode?
Server
What is the default VTP domain name?
none
Network Bulls (A unit of Network Bullstudy Pvt. Ltd.) Email: info@networkbulls.com, http://networkbulls.com.