Escolar Documentos
Profissional Documentos
Cultura Documentos
Layer 2 Switching
Switching breaks up large collision domains into
smaller ones
3
How Switches and Bridges
Learn Addresses
Bridges and switches learn in the following ways:
5
Ethernet Access with Switches
6
Ethernet Switches and Bridges
Address learning
Forward/filter decision
Loop avoidance
Switch Features
There are three conditions in which a switch will flood a
frame out on all ports except to the port on which the
frame came in, as follows:
Unknown unicast address
Broadcast frame
Multicast frame
8
MAC Address Table
9
Learning Addresses
14
Learning Mac Address
15
Learning Mac Address
16
Learning Mac Address
17
Learning Mac Address
18
Learning Mac Address
19
Learning Mac Address
20
Learning Mac Address
21
Forward/Filter PC3 to PC1
22
Forward/Filter PC3 to PC2
23
Loop Avoidance
• Redundant links between
switches are a good idea
because they help prevent
complete network failures
in the event one link stops
working
• However, they often cause
more problems because
frames can be flooded
down all redundant links
simultaneously
• This creates network loops
24
Network Broadcast Loops
A manufacturing floor PC sent a
network broadcast to request a
boot loader
The broadcast was first received
by switch sw1 on port 2/1
The topology is redundantly
connected; therefore, switch sw2
receives the broadcast frame as
well on port 2/1
Switch sw2 is also receiving a
copy of the broadcast frame
forwarded to the LAN segment
from port 2/2 of switch sw1.
In a small fraction of the time,
we have four packets. The
problem grows exponentially until
the network bandwidth is
saturated
25
Multiple Frame Copies
26
27
Overview
Redundancy in a network is extremely important
because redundancy allows networks to be fault tolerant.
29
Spanning Tree Protocol
30
Spanning-Tree Port States
• Spanning-tree transits each port through several different states:
31
Disabled
Selecting the Root Bridge
The first decision that all switches in the network make, is to identify the
root bridge.
When a switch is turned on, the spanning-tree algorithm is used to identify
the root bridge. BPDUs are sent out with the Bridge ID (BID).
The BID consists of a bridge priority that defaults to 32768 and the switch
base MAC address.
When a switch first starts up, it assumes it is the root switch and sends
BPDUs. These BPDUs contain BID.
All bridges see these and decide that the bridge with the smallest BID
value will be the root bridge.
A network administrator may want to influence the decision by setting the
switch priority to a smaller value than the default.
32
Spanning Tree Protocol Terms
BPDU Bridge Protocol Data Unit (BPDU) - All the switches exchange information to use in the
selection of the root switch
Bridge ID - The bridge ID is how STP keeps track of all the switches in the network. It is determined by
a combination of the bridge priority (32,768 by default on all Cisco switches) and the base MAC address.
Root Bridge -The bridge with the lowest bridge ID becomes the root bridge in the network.
Nonroot bridge - These are all bridges that are not the root bridge.
Root port - The root port is always the link directly connected to the root bridge or the shortest path to
the root bridge. If more than one link connects to the root bridge, then a port cost is determined by
checking the bandwidth of each link.
Designated port - A designated port is one that has been determined as having the best (lowest) cost.
A designated port will be marked as a forwarding port
Nondesignated Port - A nondesignated port is one with a higher cost than the designated port.
Nondesignated ports are put in blocking mode
Blocked Port - A blocked port is the port that will not forward frames, in order to prevent loops 33
Spanning-Tree Protocol
Root Bridge Selection
34
• In the example, which switch has the lowest bridge ID?
Spanning-Tree Operation
• One root bridge per network
• One root port per nonroot bridge
• One designated port per segment
• Nondesignated ports are unused
35
Selecting the Root Port
The STP cost is an accumulated total path cost based on the rated
bandwidth of each of the links
This information is then used internally to select the root port for that
device
36
Spanning-Tree Operation
• One root bridge per network
• One root port per nonroot bridge
• One designated port per segment
• Nondesignated ports are unused
37
Switching Methods
1. Cut-Through (Fast Forward)
The frame is forwarded through the switch before the entire frame is
received. At a minimum the frame destination address must be read before
the frame can be forwarded. This mode decreases the latency of the
transmission, but also reduces error detection.
2. Fragment-Free (Modified Cut-Through)
Fragment-free switching filters out collision fragments before forwarding
begins. Collision fragments are the majority of packet errors. In Fragment-
Free mode, the switch checks the first 64 bytes of a frame.
3. Store-and-Forward
The entire frame is received before any forwarding takes place. Filters are
applied before the frame is forwarded. Most reliable and also most latency
especially when frames are large.
38
Switching Methods
39
40
Physical Startup of the Catalyst Switch
41
Verifying Port LEDs During Switch
POST
Once the power cable is connected, the switch initiates a
series of tests called the power-on self test (POST).
43
Switch Command Modes
Switches have several command modes.
45
Tasks
Setting the passwords (Password must be between 4
and 8 characters)
47
Switch Configuration
There are two reasons to set the IP address information on the switch:
To manage the switch via Telnet or other management software
To configure the switch with different VLANs and other network functions
See the default IP configuration = show IP command
Configure IP Address
sw1(config-if)#interface vlan 1
sw1(config-if)#ip address 10.0.0.1 255.0.0.0
sw1(config-if)#no shut
sw1(config-if)#exit
sw1(config)ip default-gateway 10.0.0.254
48
Configuring Interface Descriptions
You can administratively set a name for each interface on the
switches
SW1#config t
Enter configuration commands, one per line. End with CNTL/Z
SW1(config)#int e0/1
SW1(config-if)#description Finance_VLAN
SW1(config-if)#int f0/26
SW1(config-if)#description trunk_to_Building_4
SW1(config-if)#
Now only this one MAC address is allowed on this switch port
49
Switch Configuration
Connect two machine to a switch
This limits the size of the broadcast domains and uses the router to
determine whether one VLAN can talk to another VLAN.
NOTE: This is the only way a switch can break up a broadcast domain!
53
VLAN Overview
• Segmentation
• Flexibility
• Security
56
Security
A Flat internetwork’s security used to be tackled by connecting hubs
and switches together with routers
This arrangement is ineffective because
Anyone connecting physical network could access network resources
located on that physical LAN
Can observe the network traffic by plugging network analyzer into the
HUB
Users could join a workgroup by just plugging their workstations into
the existing hub
By creating VLAN’s administrators have control over each port and
user
57
How VLANs Simplify Network
Management
If we need to break the broadcast domain we need to connect a
router
58
VLAN Memberships
VLAN created based on port is known as Static VLAN.
59
VLAN Membership Modes
60
Static VLANs
Most secure
61
Dynamic VLANs
A dynamic VLAN determines a node’s VLAN assignment
automatically
62
LAB – Creating VLAN
port1 port5
To delete VLAN
Sw(config)# no vlan 2
Sw(config)# no vlan 3
To bring port back to VLAN 1
Sw(config-if)#switchport mode acces
Sw(config-if)#switch port access vlan1
For a Range
Sw(config)#int range fastethernet 0/1 - 5
Sw(config-if)#switch port access vlan1
64
VLAN Operation
Trunk links
Trunks can carry multiple VLANs
These carry the traffic of multiple VLANs
A trunk link is a 100- or 1000Mbps point-to-point link between
two switches, between a switch and router.
66
Access links
67
Trunk links
68
Frame Tagging
Can create VLANs to span more than one connected switch
Hosts are unaware of VLAN
When host A Create a data unit and reaches switch, the switch adds a Frame
tagging to identify the VLAN
Frame tagging is a method to identify the packet belongs to a particular VLAN
Each switch that the frame reaches must first identify the VLAN ID from the
frame tag
It finds out what to do with the frame by looking at the information in the
filter table
Once the frame reaches an exit to an access link matching the frame’s VLAN
ID, the switch removes the VLAN identifier
69
Frame Tagging Methods
There are two frame tagging methods
Inter-Switch Link (ISL)
IEEE 802.1Q
Inter-Switch Link (ISL)
proprietary to Cisco switches
used for Fast Ethernet and Gigabit Ethernet links only
IEEE 802.1Q
Created by the IEEE as a standard method of frame
tagging
it actually inserts a field into the frame to identify the VLAN
If you’re trunking between a Cisco switched link and a
different brand of switch, you have to use 802.1Q for the
trunk to work.
70
ISL Tagging
ISL trunks enable VLANs across a backbone.
Performed with ASIC
ISL header not seen
by client
Effective between
switches, and
between routers and
switches
71
LAB-Creating Trunk
24 12
1 2 3 4 1 2 3 4
10.0.0.1 10.0.0.4
10.0.0.2
10.0.0.3
72
Assigning Access Ports to a
VLAN
Switch(config)#interface gigabitethernet 1/1
73
Verifying the VLAN
Configuration
Switch#show vlan [id | name] [vlan_num | vlan_name]
VLAN Type SAID MTU Parent RingNo BridgeNo Stp BrdgMode Trans1 Trans2
---- ----- ---------- ----- ------ ------ -------- ---- -------- ------ ------
1 enet 100001 1500 - - - - - 1002 1003
2 enet 100002 1500 - - - - - 0 0
51 enet 100051 1500 - - - - - 0 0
52 enet 100052 1500 - - - - - 0 0
…
77
VTP Modes
• Creates VLANs
• Modifies VLANs
• Deletes VLANs
• Sends/forwards
advertisements
• Synchronizes
• Saved in NVRAM
• Creates VLANs
• Forwards • Modifies VLANs
advertisements • Deletes VLANs
• Synchronizes • Forwards
• Not saved in advertisements
NVRAM • Does not
synchronize
• Saved in NVRAM
78
VTP Operation
• VTP advertisements are sent as multicast frames.
• VTP servers and clients are synchronized to the latest update identified
revision number.
• VTP advertisements are sent every 5 minutes or when there is a change.
79
VTP Pruning
• VTP pruning provides a way for you to preserve
bandwidth by configuring it to reduce the amount of
broadcasts, multicasts, and unicast packets.
80
VTP Pruning
• Increases available bandwidth by reducing unnecessary flooded traffic
• Example: Station A sends broadcast, and broadcast is flooded only toward
any switch with ports assigned to the red VLAN
81
VTP Configuration Guidelines
– Configure the following:
• VTP domain name
• VTP mode (server mode is the default)
• VTP pruning
• VTP password
82
Creating a VTP Domain
Catalyst 1900
wg_sw_1900(config)#vtp [server | transparent | client] [domain
domain-name] [trap {enable | disable}] [password password]
[pruning {enable | disable}]
wg_sw_1900#configure terminal
Enter configuration commands, one per line. End with CNTL/Z
wg_sw_1900(config)#vtp transparent
wg_sw_1900(config)#vtp domain switchlab
Catalyst 2950
wg_sw_2950#vlan database
wg_sw_2950(vlan)#vtp [ server | client | transparent ]
wg_sw_2950(vlan)#vtp domain domain-name
wg_sw_2950(vlan)#vtp password password
wg_sw_2950(vlan)#vtp pruning
83
Verifying the VTP
Configuration
Switch#show vtp status
VTP Version : 2
Configuration Revision : 247
Maximum VLANs supported locally : 1005
Number of existing VLANs : 33
VTP Operating Mode : Client
VTP Domain Name : Lab_Network
VTP Pruning Mode : Enabled
VTP V2 Mode : Disabled
VTP Traps Generation : Disabled
MD5 digest : 0x45 0x52 0xB6 0xFD 0x63 0xC8 0x49 0x80
Configuration last modified by 0.0.0.0 at 8-12-99 15:04:49
Switch#
84
Verifying the VTP
Configuration (Cont.)
Switch#show vtp counters
VTP statistics:
Summary advertisements received : 7
Subset advertisements received : 5
Request advertisements received : 0
Summary advertisements transmitted : 997
Subset advertisements transmitted : 13
Request advertisements transmitted : 3
Number of config revision errors : 0
Number of config digest errors : 0
Number of V1 summary errors : 0
86
Router on Stick
10.0.0.1
20.0.0.1
FA0/0
9
24 12
1 2 3 4 1 2 3 4
10.0.0.2 20.0.0.3
20.0.0.2 10.0.0.3
Router Configuration
Create two VLAN's on each switches Trunk Port Configuration R1#config t
R1(config)#int fastethernet 0/0.1
#vlan database sw#config t R1(config-if)#encapsulation dot1q 2
sw(vlan)#vlan 2 name red sw(config)#int fastethernet 0/24 R1(config-if)#ip address 10..0.0.1 255.0.0.0
sw(vlan)#vlan 3 name blue sw(config-if)#switchport trunk R1(config-if# No shut
sw(vlan)#exit encapsulation dot1q R1(config-Iif)# EXIT
sw#config t sw(config-if)#switchport mode trunk R1(config)#int fastethernet 0/0.2
sw(config)#int fastethernet 0/1 R1(config-if)# encapsulation dot1q 3
sw(config-if)#switch-portaccess vlan 2 R1(config-if)#ip address 20..0.0.1 255.0.0.0
sw(config)#int fastethernet 0/4 R1(config-if# No shut
sw(config-if)#switch-portaccess vlan 3 Router-Switch Port to be made as Trunk
sw(config)#int fastethernet 0/9
To see Interface status sw(config-if)#switchport trunk enacapsulation
#show interface status dot1q
sw(config-if)#switchport mode trunk
87
88
89
Fig. 2 Address shortage and possible solutions (TI1332EU02TI_0003 New Address Concepts, 5)
NAT: Network Address Translator
NAT
Translates between local addresses and public ones
Many private hosts share few global addresses
Inside Global
NAT uses an inside global address to represent the inside host as the
packet is sent through the outside network, typically the Internet.
A NAT router changes the source IP address of a packet sent by an
inside host from an inside local address to an inside global address as
the packet goes from the inside to the outside network.
91
Inside/Outside
92
Inside/Outside
93
NAT Addressing Terms
Outside Global
Outside Local
94
Network Address Translation
96
Static NAT
Static NAT - Mapping an unregistered IP address to a registered IP
address on a one-to-one basis. Particularly useful when a device
needs to be accessible from outside the network.
97
Dynamic NAT
Dynamic NAT - Maps an unregistered IP address to a registered IP
address from a group of registered IP addresses.
98
Overloading NAT with PAT (NAPT)
Overloading - A form of dynamic NAT that maps multiple unregistered IP
addresses to a single registered IP address by using different ports. This is
known also as PAT (Port Address Translation), single address NAT or port-
level multiplexed NAT.
99
Static NAT Configuration
200.0.0.1
10.0.0.2 10.0.0.254 Internet
B E0 S0
10.0.0.3
C
Fig. 2 Address shortage and possible solutions (TI1332EU02TI_0003 New Address Concepts, 5)
INSIDE/OUTSIDE
101
Dynamic NAT
Dynamic NAT sets up a pool of possible inside global
addresses and defines criteria for the set of inside
local IP addresses whose traffic should be translated
with NAT.
102
Fig. 2 Address shortage and possible solutions (TI1332EU02TI_0003 New Address Concepts, 5)
Dynamic NAT
Instead of creating static IP, create a pool of IP
Address, Specify a range
Create an access list and permit hosts
Link Access list to the Pool
103
Fig. 2 Address shortage and possible solutions (TI1332EU02TI_0003 New Address Concepts, 5)
Dynamic NAT Configuration
200.0.0.1/200.0.0.254
10.0.0.2 10.0.0.254 Internet
B E0 S0
10.0.0.3
C
A 10.0.0.1
200.0.0.1:1026
200.0.0.1:1027
10.0.0.2 10.0.0.254 200.0.0.1
B Internet
E0
10.0.0.3
C
Shared Global IP
105
Fig. 2 Address shortage and possible solutions (TI1332EU02TI_0003 New Address Concepts, 5)
PAT
106
PAT
107
PAT
108
PAT
109
PAT
110
PAT
111
PAT
112
Configuration
113
PAT LAB
200.0.0.1 200.0.0.2
S0 E0
E0 S0
192.168.10.1 192.168.20.1
192.168.10.2 192.168.20.2
A B
R1#config t R2#config t
R1(config)# int e 0 R2(config)# int e 0
R1(config-if)# ip nat insde R2(config-if)# ip nat insde
R1(config)# int s 0 R2(config)# int s 0
R1(config-if)# ip nat outside R2(config-if)# ip nat outside
R1(config)#access-list 1 permit 192.168.10.0 0.0.0.255 R2(config)#access-list 1 permit 192.168.20.0 0.0.0.255
R1(config)#ip nat inside source list 1 interface s 0 overload R2(config)#ip nat inside source list 1 interface s 0 overload
To see host to host ping configure static or To see host to host ping configure static or
dynamic routing dynamic routing