Escolar Documentos
Profissional Documentos
Cultura Documentos
Chapter 13
Chapter Objectives
Chapter 13 2
Recall
Network Address Translation (NAT) is an IETF
(Internet Engineering Task Force) standard that
allows LAN to operate with a single IP address when
connected to the Internet
NAT operates at the Network layer (Layer 3) of the
OSI Reference Model
The Port Address Translation (PAT) is a feature of
any NAT device that translates all the IP addresses
of LAN to a single IP address; however, assigns
different port numbers to each host in the LAN
Set IP PAT is PAT Configuration Commands
Chapter 13 3
LAN Switching
LAN switching solves the problem of high network
traffic in Ethernet, Token Ring and Fiber Distributed
Data Interface (FDDI) by increasing the network
bandwidth
LAN switch is a device that provides higher port
density at low cost than traditional bridges with the
help of existing cable infrastructure
A LAN switch forwards frames based on the frame
layer 2 addresses or layer 3 addresses
It is also called frame switch because it forwards
layer 2 frames
Chapter 13 4
Layer 2 and Layer 3 Switching
Bridge and switches operating at layer 2 of the OSI
model consider either MAC address or layer 2
addresses without influencing the layer 3 or logical
addressing
A layer 3 switch is a network device that forwards
traffic based on the layer 3 addressing at high speed
Routers are considerably slower than layer 2
switches
Chapter 13 5
Switch Operation
A switch is simply a bridge with many ports
There are two types of technologies, Content
Addressable Memory (CAM) and Application-
specific Integrated Circuit (ASIC) used in switches
for better functioning
These two technologies allows the switch to keep
process multiple packets efficiently
Chapter 13 6
Transmitting Data from A to B
Chapter 13 7
Updating the Address Table
Chapter 13 8
Transmitting Data to all the Ports
Chapter 13 9
Response Data from B to A
Chapter 13 10
Symmetric Switching
Chapter 13 11
Asymmetric Switching
Chapter 13 12
Collision Domains within Shared
Environments
Collision is a situation when two or more data
packets travel at the same time on the same
medium in the same direction
This region is referred as collision domain. Collision
domain is a set of NIC’s in which a frame sent by
one NIC could result in a collision with a frame sent
by any other NIC in the same domain
This happens mostly in a shared environment where
devices are shared to transmit data to the
destination network or host
Chapter 13 13
Shared Media Environments
Chapter 13 14
Collision Domain Segmentation
Chapter 13 15
Broadcast Domains
Chapter 13 16
Speed and Autonegotiation
Devices that are capable of different transmission
rates, different duplex modes and different
standards at the same speed can use Ethernet
autonegotiations
Two devices choose the best possible mode of
transmission, where higher speed is preferred over
lower speed and full duplex over half duplex
To support autonegotiations, the switch and the NIC
must support multiple speeds
Chapter 13 17
Spanning Tree Protocol Terms - I
Chapter 13 18
Spanning Tree Protocol Terms - II
Bridge ID The bridge with the lowest Bridge ID is selected as the root.
The 8-byte bridge ID is the combination of the bridge priority
(2-byte) and the MAC address (6-byte). STP keeps the track
of all switches using the Bridge ID
Nonroot Bridge The bridge that is not the root bridge in a network is called
the Nonroot bridge. It exchanges BPDUs with all the
bridges. They update the STP topology on all the switches
that helps in preventing loops and provide measures against
link failures
Root port Root port is the directly connected to the root bridge. If more
than one link is connected to the root bridge, a port cost is
set. The lowest port cost will be the root port
Chapter 13 19
Spanning Tree Protocol Terms - III
Designated port A designated port is one that has been determined to have
the lowest cost. The port will be marked as the forwarding
port
Port cost Port cost decides when multiple links are to be used
between two switches where none of them is a root port.
This cost directly varies with the bandwidth of a link
Nondesignated A nondesignated port is the one, which has higher cost than
port the designated port. They are put in blocking mode only
Blocked port A blocked port will not forward frames in order to prevent
loops. Blocked port will listen to frames
Chapter 13 20
Working of the Spanning Tree
Protocol
Chapter 13 21
Spanning-Tree Port States
The ports on a bridge or switch running STP can
move through five different states:
Blocking
Listening
Learning
Forwarding
Disabled
Chapter 13 22
Support of RSTP in Catalyst Switches
Chapter 13 23
Catalyst 1900 Switches
The 1900 switch available in the standard edition
provide 12 or 24 10BaseT ports in a fixed
configuration
The enterprise edition for the 1900 switches provide
higher rate of flexibility and high performance of
400Mbps between Ethernet switches
The 1900 switch supports an optional external
redundant power supply (RPS) and has the capacity
to support 1024 MAC address
Chapter 13 24
Default setting list for 1900 switches
Command Status
IP address 0.0.0.0
CDP Enabled
switching mode Fragment Free
100BaseT port Autonegotiate duplex mode
10BaseT port Half duplex
spanning Tree Enabled
console password None
Chapter 13 25
IP and Port Duplex Configuration
Every switch, unlike the router, acts as a single IP
host with an IP address and a subnet mask
The IP addresses need not be configured for each
interface of the switch
The duplex can be set to any of the four modes.
The following are the types of modes:
Auto
Full
Full-flow control
Half
Chapter 13 26
MAC Addresses
Media Access Control (MAC) is a hardware address
that identifies every node in a network uniquely
The different entries in the MAC address table
include:
Dynamic addresses
Restricted-static entries
Chapter 13 27
MAC Address Table
Chapter 13 28
Port Security
Port security is one the features that the MAC
address table possess
This feature limits the number of MAC addresses
associated with the port in the MAC address table
The function of this feature is to limit the number of
sources that can forward frames into that particular
switch port
Port security on 2900 switches can be configured
using the port secure max-mac-count command
Chapter 13 29
Case Study
At the Hyderabad branch of the Blue Diamond Steel
organization, there are four departments, Finance,
Sales, Software Management and Project
Management. Under the Finance department, there
are three more sections named Salary, Clearance
and Receivables. There is a hub for each department
on the network. The network administrator of the
company Robert wants that only the three
department’s salary, clearance and receivables are
able to access the finance department hub.
Chapter 13 30
Problem
Chapter 13 31
Suggested Solution
The administrator can restrict the other departments
to access the Finance hub using the port secure
max-mac-count command. The number 3 should be
taken as a parameter to the command because the
administrator wants to allow only three ports to
connect the hub. The port security feature makes
sure that the finance dept can be accessed only by
these three ports. No other ports can access this hub.
This increases the security of the hub. Therefore, the
main function of the feature is to secure the hub
Chapter 13 32
Configuration Files
The configuration can be stored in many locations
These locations may include the RAM, NVRAM, or a
TFTP server
The commands used for managing the switch
configuration files are similar to the commands for
router configuration file management
You can view the configuration of the switch using
the show startup-config command
The switch software version can be viewed using
the show version command
Chapter 13 33
MAC Addresses
The 2900 series have the capacity to support 8124
switches
Use mac-address-table static 0666.6333.6333 e0/3
to configure static entries
You can configure static entries on a 2900 switch
using the mac-address-table static command
Chapter 13 34
Switch Startup
When the 1900 switch is first switched on, it runs
through a power-on self-test (POST)
Power-On Self Test (POST) is a sequence of steps
to check the functioning of the hardware devices
When a console cable is connected to the switch, a
menu appears on the screen
This menu has different options such as by pressing
K you can use the CLI, pressing M allows you to
configure the switch through menu system and
pressing I allows you to configure the IP
configuration of the switch
Chapter 13 35
Switch LED During POST and its
Interpretation
The following is the list of the 2950 switch LEDs with
their meanings:
System
Mode button
Stat
Util
Duplex
Speed
Chapter 13 36
Accessing Switch CLI
CLI is the acronym for command line interface to
IOS which is the operating system software used by
Cisco products
There are three ways to access the CLI
These methods are to access the router either
through the console, a dial-up or a modem attached
to the auxiliary port or by using Telnet
Chapter 13 37
Setting password
Setting passwords for the switch is important so that
unauthorized users are not able to connect to the
switch
You can set passwords for the user and the
privileged modes
User mode password is used to verify the
authorization on a switch including accessing a
console
The privileged mode password is used for allowing
access to the switch to view and edit the switch
configuration
Chapter 13 38
User and Enable mode Passwords
The following procedure shows the configuration of
user mode and the enable mode passwords:
(config)#enable password ?
level Set exec level password
(config)# enable password level ?
<1-15> level number
Use the level number 1 to enter the user mode
password and level number 15 to enter the enable
mode password
Chapter 13 39
Enable Secret Passwords
The enable secret password provides maximum
security and it replaces the enable password if it is
set
Therefore, if you set the enable secret password,
there is no need of the enable mode password
(config)#enable secret todd2
The enable password and the enable secret
commands can be made same on the 1900 switch,
unlike on a router
Chapter 13 40
Setting Hostname
To set the hostname on a 1900 switch as you would
on a router, perform the following steps:
#config t
Enter configuration commands, one per line.
End with CNTL/Z
(config)#hostname Todd1900
Todd1900(config)#
On the 2950 switch, perform the following steps:
Switch(config)#hostname Todd2950
Todd2950(config)#
Chapter 13 41
Setting IP information
You should set IP address or default gateway on the
Layer 2 switch as they are not set by default
The show ip command is used to see the default IP
configuration of the 1900 switch
To set the ip addresses, you should use the ip
address command and use the ip default-gateway
command to set the default gateway
Chapter 13 42
Configuring IP Address and Default
Gateway on the 1900 Switch
Chapter 13 43
Configuring IP Address and Default
Gateway on the 2950 Switch
Chapter 13 44
Configuring Interface Description on
1900 Switch
Chapter 13 45
Configuring Interface Description on
2950 Switch
Chapter 13 46
Setting Port Security
For a particular device to be plugged into the switch
port, you should configure the MAC address of that
device as a static entry, which is associated with the
switch port
This can be accomplished by configuring port
security on the switch port so that it can reject traffic
of MAC address other than that of the particular
device. The command used to set port security is:
Switch (config-if)#switchport port-security mac-
address mac-address
Chapter 13 47
Erasing Switch Configuration
NVRAM stores the configurations of the 1900 and
2950 switches
When a change is made to the switch’s running-
config, it is automatically copied to NVRAM
In the 2950 switch, you save the configuration using
the copy run start command and clear the contents
of the NVRAM using the erase startup-config
command
Chapter 13 48
Configuring STP
In order to configure STP we need to configure the
following:
Root Bridge
Hello Time
Chapter 13 49
Configuring the Root Bridge
The bridge ID is used to select a root bridge in the
STP domain
It also selects the root port for each of the devices in
the STP domain
To configure the root bridge, you must change the
priority value of that particular switch, which is 32768
by default
To do this, use the spanning-tree vlan command to set
the switch priority value for the specified VLAN to
8192. The syntax of the command is given as:
spanning-tree vlan [vlan-id] root primary diameter
Chapter 13 50
Configuring the Secondary Root
Switch
You must configure a secondary switch to act as the root
bridge, if the root bridge does not function properly
To configure another switch as the secondary root on
vlan 1002:
Switch2#configure terminal
Switch2(config)#spanning-tree vlan 1002 root secondary
diameter 4
Switch2(config)#exit
To verify the secondary root bridge configuration:
Switch2#show spanning-tree vlan 1002
Chapter 13 51
Configuring and verifying the spanning
tree port priority of a Fast Ethernet
interface
To configure and verify the spanning tree port
priority of a Fast Ethernet interface:
Switch1#configure terminal
Switch1(config)#interface fastethernet 5/8
Switch1(config-if)#spanning-tree port-priority 100
Switch1(config-if)#exit
Switch1#show spanning-tree interface fastethernet
5/8
Chapter 13 52
Configuring and verifying the spanning
tree VLAN port priority of a Fast
Ethernet interface
To configure and verify the spanning tree VLAN port
priority of a Fast Ethernet interface:
Switch1#configure terminal
Switch1(config)#interface fastethernet 5/8
Switch1(config-if)#spanning-tree vlan 1002 port-
priority 64
Switch1(config-if)#exit
Switch1#show spanning-tree vlan 1002
Chapter 13 53
Configuring and verifying the spanning
tree path cost of a Fast Ethernet
interface
To configure and verify the spanning tree path cost
of a Fast Ethernet interface:
Switch1#configure terminal
Switch1(config)#interface fastethernet 5/8
Switch1(config-if)#spanning-tree cost 18
Switch1(config-if)#exit
Switch1# show spanning-tree interface fastethernet
5/8
Chapter 13 54
Configuring the Bridge Priority of
VLAN
You can configure a switch with the lowest priority value
and thereby, increase the probability to act as the root
bridge in the specified VLAN
The range for setting the bridge priority is from 1 to
65535.
To configure and verify the bridge priority of VLAN 1002
to 33792:
Switch1#configure terminal
Switch1(config)#spanning-tree vlan 1002 priority 33792
Switch1(config)#exit
Switch1#show spanning-tree vlan 1002 bridge brief
Chapter 13 55
Configuring Hello Time
You can decide the time interval after which the root
switch creates messages having configuration
information
This is done by changing the STP hello time in seconds
To configure the hello time for VLAN 1002 to 8 seconds:
Switch1#configure terminal
Switch1(config)#spanning-tree vlan 1002 hello-time 8
Switch1(config)#exit
Switch1#show spanning-tree vlan 1002 bridge brief
Chapter 13 56
Configuring Forwarding Delay Time
for VLAN
The forward delay time refers to time in seconds that a
port takes to enter in forwarding state from the learning
and leaning states
To configure and verify the forward delay time for 22
seconds:
Switch1# configure terminal
Switch1(config)#spanning-tree vlan 1002 forward-time 22
Switch1(config)#exit
Switch1#show spanning-tree vlan 1002 bridge brief
Chapter 13 57
Configuring the Maximum Aging
Time for VLAN
To configure and verify the maximum aging time for
VLAN 1002 to 40 seconds:
Switch1#configure terminal
Switch1(config)#spanning-tree vlan 1002 max-age 40
Switch1(config)#exit
Switch1#show spanning-tree vlan 1002 bridge brief
Chapter 13 58
Summary - I
Chapter 13 59
Summary - II
The Catalyst 1900 and 2900 series switches are
available in the two versions:
Standard
Enterprise
Chapter 13 60
Summary - III
The switches can be configured in any of the three
following methods:
Menu driven interfaces
Full mode
Half mode
Chapter 13 62
Summary - V
The Restricted-static entries concept is when a MAC
address is configured to be associated only with a
particular port, with an additional restriction
Port security limits the number of MAC addresses
associated with the port in the MAC address table.
The Standard version of Catalyst 2900 provides VLAN
capability
The command used to configure static entries on a 2900
switch is mac-address-table static command
The command to configure the port security feature is
port security max-mac-count
Chapter 13 63