Chapter 7 Layer 2 Switching by gagan27

VIEWS: 5 PAGES: 68

									Chapter 7 Layer 2 Switching




                              1
Before Layer 2 Switching




                           2
The first switched LAN




                         3
The typical switched network design




                                  4
Layer 2 switching provides the
          following:


 • Hardware-based bridging (ASIC
   (application specific IC))
 • Wire speed
 • Low latency
 • Low cost


                                   5
 Limitations of Layer 2 Switching


• the two most important considerations are:
  – We absolutely must break up the collision
    domains correctly.
  – The right way to create a functional bridged
    network is to make sure that its users spend
    80 percent of their time on the local segment.



                                                     6
• Bridged networks break up collision
  domains
• one large broadcast domain (still in
  collision domain with huge no of device)




                                             7
  Bridging vs. LAN Switching

• Bridges are software based, while switches are
  hardware based because they use ASIC chips to
  help make filtering decisions.
• A switch can be viewed as a multiport bridge.
• Bridges can have only one spanning-tree
  instance per bridge, while switches can have
  many.(I’m going to tell you all about spanning
  trees in a bit.)


                                                   8
• Switches have a higher number of ports than
  most bridges.
• Both bridges and switches forward layer 2
  broadcasts.
• Bridges and switches learn MAC addresses by
  examining the source address of each frame
  received.
• Both bridges and switches make forwarding
  decisions based on layer 2 addresses.

                                                9
Three Switch Functions at Layer 2



• Address learning
• Forward/filter decisions
• Loop avoidance(Spanning Tree Protocol
  STP)



                                          10
Address Learning




                   11
12
Forward/Filter Decisions




                           13
Loop Avoidance




                 14
15
  Spanning Tree Protocol (STP)

• STP’s main task is to stop network loops from
  occurring on your layer 2 network (bridges or
  switches). It vigilantly monitors the network to
  find all links, making sure that no loops occur by
  shutting down any redundant links. STP uses
  the spanning-tree algorithm (STA) to first create
  a topology database, then search out and
  destroy redundant links. With STP running,
  frames will be forwarded only on the premium,
  STP-picked links.

                                                       16
• STP is a layer 2 protocol that is used to
  maintain a loop-free switched network.




                                              17
A switched network with switching
             loops




                                    18
Spanning Tree Terms




                      19
                   STP


• STP is a bridge protocol that uses the STA
  to find redundant links dynamically and
  createa spanning-tree topology database.
  Bridges exchange BPDU messages with
  other bridges to detect loops, and then
  remove them by shutting down selected
  bridge interfaces.

                                               20
              Root bridge




• The root bridge is the bridge with the best
  bridge ID.




                                                21
                  BPDU

• All the switches exchange information to
  use in the selection of the root switch, as
  well as in subsequent configuration of the
  network. Each switch compares the
  parameters in the Bridge Protocol Data
  Unit (BPDU) that they send to one
  neighbor with the one that they receive
  from another neighbor.


                                                22
               Bridge ID


• The bridge ID is how STP keeps track of
  all the switches in the network. It is
  determined by a combination of the bridge
  priority (32,768 by default on all Cisco
  switches) and the base MAC address. The
  bridge with the lowest bridge ID becomes
  the root bridge in the network.

                                              23
           Nonroot bridge


• These are all bridges that are not the root
  bridge. Nonroot bridges exchange BPDUs
  with all bridges and update the STP
  topology database on all switches,
  preventing loopsand providing a measure
  of defense against link failures.


                                                24
              Root port



• The root port is always the link directly
  connected to the root bridge, or the
  shortest path to the root bridge




                                              25
• If more than one link connects to the root
  bridge, then a port cost is determined by
  checking the bandwidth of each link. The
  lowest-cost port becomes the root port.If
  multiple links have the same cost, the
  bridge with the lower advertising bridge ID
  is used.Since multiple links can be from
  the same device, the lowest port number
  will be used.
                                                26
          Designated port



• A designated port is one that has been
  determined as having the best (lowest)
  cost. A designated port will be marked as
  a forwarding port.



                                              27
               Port cost



• Port cost determines when multiple links
  are used between two switches and none
  are root ports. The cost of a link is
  determined by the bandwidth of a link.



                                             28
       Nondesignated port



• A nondesignated port is one with a higher
  cost than the designated port.
  Nondesignated ports are put in blocking
  mode—they are not forwarding ports.



                                              29
      Forwarding port




• A forwarding port forwards frames.




                                       30
             Blocked port



• A blocked port is the port that will not
  forward frames, in order to prevent loops.
  However, a blocked port will always listen
  to frames.



                                               31
   Spanning Tree Operations



• STP’s job is to find all links in the network
  and shut down any redundant ones,
  thereby preventing network loops from
  occurring.



                                                  32
• first electing a root bridge
• every bridge must find its one, and only
  one, root port.
• non-root, non-designated port—is placed
  in the blocking state
• thus breaking the switching loop.


                                             33
    Selecting the Root Bridge

• The bridge ID is used to elect the root
  bridge in the STP domain as well as to
  determine the root port for each of the
  remaining devices in the STP domain. This
  ID is 8 bytes long, and includes both the
  priority and the MAC address of the device.
  The default priority on all devices running
  the IEEE STP version is 32,768.

                                                34
• To determine the root bridge, the priority of
  each bridge is combined with its MAC
  address.If two switches or bridges happen
  to have the same priority value, then the
  MAC address becomes the tiebreaker for
  figuring out which one has the lowest (best)
  ID.

                                                  35
• BPDUs are sent every two seconds, by
  default, out all active ports on a
  bridge/switch, and the bridge with the
  lowest (best) bridge ID is elected the root
  bridge. You can change the bridge’s ID by
  lowering its priority so that it will become a
  root bridge automatically. Being able to do
  that is important in a large switched
  network—it ensures that the best paths
  are chosen.
                                                   36
• Changing the default priority is the best
  way to choose a root bridge. This is
  important, since you want your core switch
  in your network to be your root bridge so
  STP will converge quickly.



                                               37
•   Switch#sh spanning-tree
•   VLAN0001
•   Spanning tree enabled protocol ieee
•   Root ID Priority 32768
•   Address 0009.7ccf.a880
•   Hello Time 2 sec Max Age 20 sec Forward
    Delay 15 sec

                                              38
•   Switch#sh spanning-tree
•   VLAN0001
•   Spanning tree enabled protocol ieee
•   Root ID Priority 4096
•   Address 0009.7ccf.a880
•   This bridge is the root
•   Hello Time 2 sec Max Age 20 sec Forward
    Delay 15 sec

                                              39
   Selecting the Root Port


• If more than one link leads to the root
  bridge, then cumulative outbound port
  costs along the path to the root bridge
  becomes the factor used to determine
  which port will be the root port for that
  device.


                                              40
41
Spanning-Tree Port States




                            42
                Blocking


• A blocked port won’t forward frames; it just
  listens to BPDUs. The purpose of the
  blocking state is to prevent the use of
  looped paths. All ports are in blocking
  state by default when the switch is
  powered up.


                                                 43
               Listening


• The port listens to BPDUs to make sure no
  loops occur on the network before passing
  data frames. A port in listening state
  prepares to forward data frames without
  populating the MAC address table.



                                              44
                Learning


• The switch port listens to BPDUs and
  learns all the paths in the switched
  network.A port in learning state populates
  the MAC address table but doesn’t forward
  data frames.



                                               45
               Forwarding



• The port sends and receives all data
  frames on the bridged port. If the port is
  still a designated or root port at the end of
  the learning state, it enters this state.



                                                  46
                Disabled



• A port in the disabled state
  (administratively) does not participate in
  the frame forwarding or STP. A port in the
  disabled state is virtually nonoperational.



                                                47
            Convergence


• Convergence occurs when all ports on
  bridges and switches have transitioned to
  either the forwarding or blocking modes.
  No data is forwarded until convergence is
  complete.



                                              48
Spanning Tree Example




                        49
50
LAN Switch Types




                   51
  Configuring the Catalyst 1900
       and 2950 Switches

• Setting the passwords
• Setting the hostname
• Configuring the IP address and subnet
  mask
• Setting a description on the interfaces
• Setting port security
• Erasing the switch configurations

                                            52
• This output is an example of how to set
  both the user mode and enable mode
  passwords onthe 1900 switch:
  – (config)#enable password level 1 todd
  – (config)#enable password level 15 todd1
  – (config)#exit
  – #exit


                                              53
• To set the user mode passwords for the
  2950 switch, you configure the lines just as
  you would on a router:




                                                 54
• Switch>enable
• Switch#config t
• Enter configuration commands, one per
  line. End with CNTL/Z.
• Switch(config)#line ?
• <0-16> First Line number
• console Primary terminal line
• vty Virtual terminal

                                          55
•   Switch(config)#line vty ?
•   <0-15> First Line number
•   Switch(config)#line vty 0 15
•   Switch(config-line)#login
•   Switch(config-line)#password telnet
•   Switch(config-line)#line con 0
•   Switch(config-line)#login
•   Switch(config-line)#password todd
•   Switch(config-line)#exit
•   Switch(config)#exit

                                          56
• Setting the Enable Secret Password
• Setting the Hostname




                                       57
       Setting IP Information

• Remember, you don’t have to set any IP
  configuration on the switch to make it work.
  You can just plug it in. But there are two
  reasons you probably do want to set the IP
  address information on the switch:
  – To manage the switch via Telnet or other
   management software
  – To configure the switch with different VLANs
   and other network functions

                                                   58
                1900

• Todd1900#config t
• Enter configuration commands, one per
  line. End with CNTL/Z
• Todd1900(config)#ip address
  172.16.10.16 255.255.255.0
• Todd1900(config)#ip default-gateway
  172.16.10.1
• Todd1900(config)#
                                          59
                   2950
• Todd2950#config t
• Enter configuration commands, one per line.
  End with CNTL/Z.
• Todd2950(config)#int vlan1
• Todd2950(config-if)#ip address 172.16.10.17
  255.255.255.0
• Todd2950(config-if)#no shut
• Todd2950(config-if)#exit
• Todd2950(config)#ip default-gateway
  172.16.10.1
• Todd2950(config)#

                                                60
Configuring Interface Descriptions




                                 61
Setting Port Security on a Catalyst
              Switch

• If you want to ensure that only a certain
  device—for example, a server—is plugged
  into a particular switch port, you can
  configure the MAC address of the server
  as a static entry associated with the switch
  port.
• Switch(config-if)#switchport port-security
  mac-address mac-address

                                                 62
63
    1900 (Erasing the Switch Configuration)

• Todd1900#delete ?
• nvram NVRAM configuration
• vtp Reset VTP configuration to defaults
• Todd1900#delete nvram
• This command resets the switch with factory
  defaults. All system
• parameters will revert to their default factory
  settings. All static
• and dynamic addresses will be removed.
• Reset system with factory defaults, [Y]es or [N]o?
  Yes

                                                       64
                  2950


• Todd2950#erase startup-config
• Erasing the nvram filesystem will remove
  all files! Continue? [confirm] [Enter]
• [OK]
• Erase of nvram: complete
• Todd2950#


                                             65
               PORT Security


Switch#config t
Switch(config)#int f0/1
Switch(config-if)#switchport port-security ?
• Aging - Port-security aging commands
• mac-address - Secure mac address (sticky as static address)
• maximum - Max secure addresses
• Violation - Security violation mode (shutdown)




                                                                66
Commands for root bridge priority




Switch B(config)#spanning-tree vlan 1 priority ?
(priority range from 0 to 61440 where 0 means root bridge)




                                                             67
           VLAN membership


•   port numbers,
•   MAC addresses,
•   IP addresses,
•   IP multicast addresses,
•   or a combination of two or more of these.


                                                68

								
To top