Catalyst Switch Operation

Chapter 13
Chapter Objectives

 Explain the Spanning Tree Protocol

 Explain the catalyst 1900 switch operation
 Explain the catalyst 2900 switch operation

Chapter 13 2
Recall
 Network Address Translation (NAT) is an IETF
(Internet Engineering Task Force) standard that
allows LAN to operate with a single IP address when
connected to the Internet
 NAT operates at the Network layer (Layer 3) of the
OSI Reference Model
 The Port Address Translation (PAT) is a feature of
any NAT device that translates all the IP addresses
of LAN to a single IP address; however, assigns
different port numbers to each host in the LAN
 Set IP PAT is PAT Configuration Commands
Chapter 13 3
LAN Switching
 LAN switching solves the problem of high network
traffic in Ethernet, Token Ring and Fiber Distributed
Data Interface (FDDI) by increasing the network
bandwidth
 LAN switch is a device that provides higher port
density at low cost than traditional bridges with the
help of existing cable infrastructure
 A LAN switch forwards frames based on the frame
layer 2 addresses or layer 3 addresses
 It is also called frame switch because it forwards
layer 2 frames
Chapter 13 4
Layer 2 and Layer 3 Switching
 Bridge and switches operating at layer 2 of the OSI
model consider either MAC address or layer 2
addresses without influencing the layer 3 or logical
addressing
 A layer 3 switch is a network device that forwards
traffic based on the layer 3 addressing at high speed
 Routers are considerably slower than layer 2
switches

Chapter 13 5
Switch Operation
 A switch is simply a bridge with many ports
 There are two types of technologies, Content
Addressable Memory (CAM) and Application-
specific Integrated Circuit (ASIC) used in switches
for better functioning
 These two technologies allows the switch to keep
process multiple packets efficiently

Chapter 13 6
Transmitting Data from A to B

Chapter 13 7
Updating the Address Table

Chapter 13 8
Transmitting Data to all the Ports

Chapter 13 9
Response Data from B to A

Chapter 13 10
Symmetric Switching

Chapter 13 11
Asymmetric Switching

Chapter 13 12
Collision Domains within Shared
Environments
 Collision is a situation when two or more data
packets travel at the same time on the same
medium in the same direction
 This region is referred as collision domain. Collision
domain is a set of NIC’s in which a frame sent by
one NIC could result in a collision with a frame sent
by any other NIC in the same domain
 This happens mostly in a shared environment where
devices are shared to transmit data to the
destination network or host
Chapter 13 13
Shared Media Environments

Chapter 13 14
Collision Domain Segmentation

Chapter 13 15
Broadcast Domains

Chapter 13 16
Speed and Autonegotiation
 Devices that are capable of different transmission
rates, different duplex modes and different
standards at the same speed can use Ethernet
autonegotiations
 Two devices choose the best possible mode of
transmission, where higher speed is preferred over
lower speed and full duplex over half duplex
 To support autonegotiations, the switch and the NIC
must support multiple speeds

Chapter 13 17
Spanning Tree Protocol Terms - I

STP Terms Description

STP STP is bridge protocol that uses STA to search for links and
creates the topology base
Root Bridge Root Bridge is the focal point with the best bridge ID in the
network that decides as to which port is to be blocked and
which is to be put in forwarding mode
BPDU Switches exchange information used for selection of the root
bridge and configuration network. This information exists in
Bridge Protocol Data Unit (BPDU) that are special data
frames being exchanged at every two seconds. A switch
compares the parameters in BPDUs and sends these
parameters to another switch along with the parameters
received from the former switch

Chapter 13 18
Spanning Tree Protocol Terms - II
Bridge ID The bridge with the lowest Bridge ID is selected as the root.
The 8-byte bridge ID is the combination of the bridge priority
(2-byte) and the MAC address (6-byte). STP keeps the track
of all switches using the Bridge ID

Nonroot Bridge The bridge that is not the root bridge in a network is called
the Nonroot bridge. It exchanges BPDUs with all the
bridges. They update the STP topology on all the switches
that helps in preventing loops and provide measures against
link failures

Root port Root port is the directly connected to the root bridge. If more
than one link is connected to the root bridge, a port cost is
set. The lowest port cost will be the root port

Chapter 13 19
Spanning Tree Protocol Terms - III
Designated port A designated port is one that has been determined to have
the lowest cost. The port will be marked as the forwarding
port
Port cost Port cost decides when multiple links are to be used
between two switches where none of them is a root port.
This cost directly varies with the bandwidth of a link
Nondesignated A nondesignated port is the one, which has higher cost than
port the designated port. They are put in blocking mode only

Forwarding port A forwarding port forwards frames

Blocked port A blocked port will not forward frames in order to prevent
loops. Blocked port will listen to frames

Chapter 13 20
Working of the Spanning Tree
Protocol

Chapter 13 21
Spanning-Tree Port States
 The ports on a bridge or switch running STP can
move through five different states:
 Blocking

 Listening

 Learning

 Forwarding

 Disabled

Chapter 13 22
Support of RSTP in Catalyst Switches

Catalyst Platform MST w/RSTP RPVST+(also known as

PVRST)
Catalyst 2900 XL/3500 Not available Not available
XL
Catalyst 2940 Not available Not available

Catalyst 3560 12.1(19)EA 1 12.1(19)EA 1

Catalyst 3750 Metro 12.1(14)AX 12.1(14)AX

Catalyst 6000/6500 7.1 7.5

Chapter 13 23
Catalyst 1900 Switches
 The 1900 switch available in the standard edition
provide 12 or 24 10BaseT ports in a fixed
configuration
 The enterprise edition for the 1900 switches provide
higher rate of flexibility and high performance of
400Mbps between Ethernet switches
 The 1900 switch supports an optional external
redundant power supply (RPS) and has the capacity
to support 1024 MAC address

Chapter 13 24
Default setting list for 1900 switches

Command Status
IP address 0.0.0.0
CDP Enabled
switching mode Fragment Free
100BaseT port Autonegotiate duplex mode
10BaseT port Half duplex
spanning Tree Enabled
console password None

Chapter 13 25
IP and Port Duplex Configuration
 Every switch, unlike the router, acts as a single IP
host with an IP address and a subnet mask
 The IP addresses need not be configured for each
interface of the switch
 The duplex can be set to any of the four modes.
The following are the types of modes:
 Auto

 Full

 Full-flow control

 Half

Chapter 13 26
MAC Addresses
 Media Access Control (MAC) is a hardware address
that identifies every node in a network uniquely
 The different entries in the MAC address table
include:
 Dynamic addresses

 Permanent MAC addresses

 Restricted-static entries

Chapter 13 27
MAC Address Table

Chapter 13 28
Port Security
 Port security is one the features that the MAC
address table possess
 This feature limits the number of MAC addresses
associated with the port in the MAC address table
 The function of this feature is to limit the number of
sources that can forward frames into that particular
switch port
 Port security on 2900 switches can be configured
using the port secure max-mac-count command

Chapter 13 29
Case Study
At the Hyderabad branch of the Blue Diamond Steel
organization, there are four departments, Finance,
Sales, Software Management and Project
Management. Under the Finance department, there
are three more sections named Salary, Clearance
and Receivables. There is a hub for each department
on the network. The network administrator of the
company Robert wants that only the three
department’s salary, clearance and receivables are
able to access the finance department hub.

Chapter 13 30
Problem

All the departments can access the Finance

department hub that threatens data confidentiality

Chapter 13 31
Suggested Solution
The administrator can restrict the other departments
to access the Finance hub using the port secure
max-mac-count command. The number 3 should be
taken as a parameter to the command because the
administrator wants to allow only three ports to
connect the hub. The port security feature makes
sure that the finance dept can be accessed only by
these three ports. No other ports can access this hub.
This increases the security of the hub. Therefore, the
main function of the feature is to secure the hub

Chapter 13 32
Configuration Files
 The configuration can be stored in many locations
 These locations may include the RAM, NVRAM, or a
TFTP server
 The commands used for managing the switch
configuration files are similar to the commands for
router configuration file management
 You can view the configuration of the switch using
the show startup-config command
 The switch software version can be viewed using
the show version command

Chapter 13 33
MAC Addresses
 The 2900 series have the capacity to support 8124
switches
 Use mac-address-table static 0666.6333.6333 e0/3
to configure static entries
 You can configure static entries on a 2900 switch
using the mac-address-table static command

Chapter 13 34
Switch Startup
 When the 1900 switch is first switched on, it runs
through a power-on self-test (POST)
 Power-On Self Test (POST) is a sequence of steps
to check the functioning of the hardware devices
 When a console cable is connected to the switch, a
menu appears on the screen
 This menu has different options such as by pressing
K you can use the CLI, pressing M allows you to
configure the switch through menu system and
pressing I allows you to configure the IP
configuration of the switch
Chapter 13 35
Switch LED During POST and its
Interpretation
 The following is the list of the 2950 switch LEDs with
their meanings:
 System

 Redundant power supply (RPS)

 Mode button

 Stat

 Util

 Duplex

 Speed

Chapter 13 36
Accessing Switch CLI
 CLI is the acronym for command line interface to
IOS which is the operating system software used by
Cisco products
 There are three ways to access the CLI
 These methods are to access the router either
through the console, a dial-up or a modem attached
to the auxiliary port or by using Telnet

Chapter 13 37
Setting password
 Setting passwords for the switch is important so that
unauthorized users are not able to connect to the
switch
 You can set passwords for the user and the
privileged modes
 User mode password is used to verify the
authorization on a switch including accessing a
console
 The privileged mode password is used for allowing
access to the switch to view and edit the switch
configuration
Chapter 13 38
User and Enable mode Passwords
 The following procedure shows the configuration of
user mode and the enable mode passwords:
(config)#enable password ?
level Set exec level password
(config)# enable password level ?
<1-15> level number
 Use the level number 1 to enter the user mode
password and level number 15 to enter the enable
mode password

Chapter 13 39
Enable Secret Passwords
 The enable secret password provides maximum
security and it replaces the enable password if it is
set
 Therefore, if you set the enable secret password,
there is no need of the enable mode password
(config)#enable secret todd2
 The enable password and the enable secret
commands can be made same on the 1900 switch,
unlike on a router

Chapter 13 40
Setting Hostname
 To set the hostname on a 1900 switch as you would
on a router, perform the following steps:
#config t
Enter configuration commands, one per line.
End with CNTL/Z
(config)#hostname Todd1900
Todd1900(config)#
 On the 2950 switch, perform the following steps:
Switch(config)#hostname Todd2950
Todd2950(config)#

Chapter 13 41
Setting IP information
 You should set IP address or default gateway on the
Layer 2 switch as they are not set by default
 The show ip command is used to see the default IP
configuration of the 1900 switch
 To set the ip addresses, you should use the ip
address command and use the ip default-gateway
command to set the default gateway

Chapter 13 42
Configuring IP Address and Default
Gateway on the 1900 Switch

Chapter 13 43
Configuring IP Address and Default
Gateway on the 2950 Switch

Chapter 13 44
Configuring Interface Description on
1900 Switch

Chapter 13 45
Configuring Interface Description on
2950 Switch

Chapter 13 46
Setting Port Security
 For a particular device to be plugged into the switch
port, you should configure the MAC address of that
device as a static entry, which is associated with the
switch port
 This can be accomplished by configuring port
security on the switch port so that it can reject traffic
of MAC address other than that of the particular
device. The command used to set port security is:
 Switch (config-if)#switchport port-security mac-
address mac-address

Chapter 13 47
Erasing Switch Configuration
 NVRAM stores the configurations of the 1900 and
2950 switches
 When a change is made to the switch’s running-
config, it is automatically copied to NVRAM
 In the 2950 switch, you save the configuration using
the copy run start command and clear the contents
of the NVRAM using the erase startup-config
command

Chapter 13 48
Configuring STP
 In order to configure STP we need to configure the
following:
 Root Bridge

 Secondary Root Switch

 STP Port Priority

 STP Path Cost

 Bridge Priority of VLAN

 Hello Time

 Forwarding Delay Time for VLAN

 Maximum Aging Time for VLAN

Chapter 13 49
Configuring the Root Bridge
 The bridge ID is used to select a root bridge in the
STP domain
 It also selects the root port for each of the devices in
the STP domain
 To configure the root bridge, you must change the
priority value of that particular switch, which is 32768
by default
 To do this, use the spanning-tree vlan command to set
the switch priority value for the specified VLAN to
8192. The syntax of the command is given as:
spanning-tree vlan [vlan-id] root primary diameter

Chapter 13 50
Configuring the Secondary Root
Switch
 You must configure a secondary switch to act as the root
bridge, if the root bridge does not function properly
 To configure another switch as the secondary root on
vlan 1002:
Switch2#configure terminal
Switch2(config)#spanning-tree vlan 1002 root secondary
diameter 4
Switch2(config)#exit
 To verify the secondary root bridge configuration:
Switch2#show spanning-tree vlan 1002
Chapter 13 51
Configuring and verifying the spanning
tree port priority of a Fast Ethernet
interface
 To configure and verify the spanning tree port
priority of a Fast Ethernet interface:
Switch1#configure terminal
Switch1(config)#interface fastethernet 5/8
Switch1(config-if)#spanning-tree port-priority 100
Switch1(config-if)#exit
Switch1#show spanning-tree interface fastethernet
5/8

Chapter 13 52
Configuring and verifying the spanning
tree VLAN port priority of a Fast
Ethernet interface
 To configure and verify the spanning tree VLAN port
priority of a Fast Ethernet interface:
Switch1#configure terminal
Switch1(config)#interface fastethernet 5/8
Switch1(config-if)#spanning-tree vlan 1002 port-
priority 64
Switch1(config-if)#exit
Switch1#show spanning-tree vlan 1002
Chapter 13 53
Configuring and verifying the spanning
tree path cost of a Fast Ethernet
interface
 To configure and verify the spanning tree path cost
of a Fast Ethernet interface:
Switch1#configure terminal
Switch1(config)#interface fastethernet 5/8
Switch1(config-if)#spanning-tree cost 18
Switch1(config-if)#exit
Switch1# show spanning-tree interface fastethernet
5/8
Chapter 13 54
Configuring the Bridge Priority of
VLAN
 You can configure a switch with the lowest priority value
and thereby, increase the probability to act as the root
bridge in the specified VLAN
 The range for setting the bridge priority is from 1 to
65535.
 To configure and verify the bridge priority of VLAN 1002
to 33792:
Switch1#configure terminal
Switch1(config)#spanning-tree vlan 1002 priority 33792
Switch1(config)#exit
Switch1#show spanning-tree vlan 1002 bridge brief

Chapter 13 55
Configuring Hello Time
 You can decide the time interval after which the root
switch creates messages having configuration
information
 This is done by changing the STP hello time in seconds
 To configure the hello time for VLAN 1002 to 8 seconds:
Switch1#configure terminal
Switch1(config)#spanning-tree vlan 1002 hello-time 8
Switch1(config)#exit
Switch1#show spanning-tree vlan 1002 bridge brief

Chapter 13 56
Configuring Forwarding Delay Time
for VLAN
 The forward delay time refers to time in seconds that a
port takes to enter in forwarding state from the learning
and leaning states
 To configure and verify the forward delay time for 22
seconds:
Switch1# configure terminal
Switch1(config)#spanning-tree vlan 1002 forward-time 22
Switch1(config)#exit
Switch1#show spanning-tree vlan 1002 bridge brief

Chapter 13 57
Configuring the Maximum Aging
Time for VLAN
 To configure and verify the maximum aging time for
VLAN 1002 to 40 seconds:
Switch1#configure terminal
Switch1(config)#spanning-tree vlan 1002 max-age 40
Switch1(config)#exit
Switch1#show spanning-tree vlan 1002 bridge brief

Chapter 13 58
Summary - I

 LAN switching solves the problem of high network traffic

in Ethernet, Token Ring and Fiber Distributed Data
Interface (FDDI) by increasing the network bandwidth
 Spanning Tree Protocol (STP) is used to stop the
network loop that occurs for an indefinite period on the
layer 2 network
 When all ports on the bridges and switches are in the
forwarding or blocking mode, convergence takes place
 The 1900 switch supports an optional external redundant
power supply (RPS) and has the capacity to support
1024 MAC address

Chapter 13 59
Summary - II
 The Catalyst 1900 and 2900 series switches are
available in the two versions:
 Standard

 Enterprise

 The Standard edition of the 1900 switches provides 12

or 24 10BaseT ports in a fixed configuration
 The Enterprise edition of the 1900 switches provide
higher rate of flexibility and high performance of
400Mbps between Ethernet switches
 The command to display the default configuration of the
Cisco series switches is show running-config

Chapter 13 60
Summary - III
 The switches can be configured in any of the three
following methods:
 Menu driven interfaces

 Visual switch manager (VSM)

 Command Line Interface (CLI)

 The two features commonly configured while installing

the switch are:
 TCP/IP

 Setting of duplex on keys

 The command used to the IP configuration and duplex

setting on a switch is show ip or show interface
Chapter 13 61
Summary - I V
 The duplex on the key can be set on any of the following
modes:
 Auto mode

 Full mode

 Full-flow control mode

 Half mode

 The Dynamic addresses concept is when MAC addresses are

added to the MAC address table via normal bridge/switch
processing
 The Permanent MAC addresses concept is when MAC
address is associated with a port just as it would have been
associated as a dynamic address through configuration

Chapter 13 62
Summary - V
 The Restricted-static entries concept is when a MAC
address is configured to be associated only with a
particular port, with an additional restriction
 Port security limits the number of MAC addresses
associated with the port in the MAC address table.
 The Standard version of Catalyst 2900 provides VLAN
capability
 The command used to configure static entries on a 2900
switch is mac-address-table static command
 The command to configure the port security feature is
port security max-mac-count

Chapter 13 63