Document Sample
Switching Powered By Docstoc
Layer 2 Switching
   By: Mohand
For: arabhardware
                                        Layer 2 Switching

Purposes for using switching:
- Breaks up collision domains
- Cost – effective – resilient internetworking
Switching services:
- Hardware – based bridging (ASIC)
- Wire speed
- Low cost and latency
Switching limitations:
- Must break up collision domains correctly
- Make sure that users spend 80 percent of their time on the local segment
- Switches do not break broadcast domains by default
Bridging VS. LAN Switching:
Bridge                                        Switch
Software based                              Hardware based ASIC chips
Have one STP per bridge                   Have many
Low number of ports                       Many numbers of ports
- Both make forwarding decisions based on layer 1 address
Switching functions at layer 2:
- address learning: enter this info into a MAC database

-   Station A sends a frame to station C
-   Switch caches the MAC address of station A to port E0 by learning the source address of data
    ‎ rames
-   The frame from station A to station C is flooded out to all ports except port E0‎
-   Forward/filter decisions

-   Station A sends a frame to station C
-   Destination is know : frame is not flooded
-   Station A sends a frame to station B
-   The switch has the address for station B in the MAC address table

-   Loop avoidance: if multiple connections between the switches are created for redundancy
    network loops can occur , STP used to stop network loops

-   Redundant topology:

-   Redundant topology: eliminates single points of failure
-   Redundant topology causes: broadcast storms - multiple frame copies and MAC
    Database instability
                               Common Spanning-tree protocol:
-   Used to make the switches communicate
-   Prevent redundant paths
-   Prevent loops
-   Create from the block path a backup
- One root bridge per network
- One root port per non root bridge
- One designated port per segment
- Non designated port unused

Spanning-tree path cost:
Link speed                          Cost by IEEE
10 Gbps                                     2
1 Gbps                                      4
100 Mbps                                  19
10 Mbps                                   100

Root Bridge: (DF)
- BPDU : bridge protocol data unit
- Root bridge = bridge with lowest bridge id
- Bridge id = bridge priority (2byte) |Mac address (6byte)
- All ports at the root bridge are designated forward

Root port: (RF)
- The lowest cost to root bridge
- If equal  the lowest bridge id
- If equal  the low port number

Designated port: (DF)
- The lowest cost to root bridge
- If equal  the lowest bridge id
- If equal  the low port number

Spanning-tree port state:
- Blocking 20 seconds
- Listening 15 seconds
- Learning 15 seconds
- Forwarding
- Disable: by administrator manually

A logical grouping of network users and resources connected to administratively ports on a switch

VLANs Features:
- Simplify network management (Segmentation)
- Provides a level of security over a flat network
- Flexibility and scalability
VLAN Operation:

-   Each logical VLAN is like a separate physical bridge
-   VLANS can span across multiple switches
-   Trunks carry traffic for multiple VLANS
-   Trunks use special encapsulation distinguish between different VLANs

VLAN Memberships:
- Static VLANs : typical and most secure
- Dynamic VLAN's : automatic  (VMPS) VLAN management policy server

VLAN Identifying:
- Access links : a link that is part of only one VLAN
- Truck links : carries multiple VLANs

Frame Tagging:
- Inter-switch link (ISL) : Cisco proprietary | Fast Ethernet & Giga Ethernet only
- IEEE 802.1Q Trucking : used for Cisco and non-Cisco switch

VLAN 1 native VLAN untagged traffic (Save size for another application like voip)
Per-VLAN Spanning-Tree:

                                 VLAN Trunking protocol:
(VTP) Manage all configuration VLANs, allow an administrator to add, delete and rename VLANs

VTP Modes:

VTP Operation:
- VTP advertisements are sent as multicast frames
- VTP servers and clients are synchronized to the latest revision number
- VTP advertisements are sent every 5 minutes or when there is a change
   This topic describes the features that VLAN Trunking Protocol (VTP) offers to support VLANs. To help you
                        understand the basic concept, this is a summary of what VTP is:

“VTP allows a network manager to configure a switch so that it will propagate VLAN configurations to
other switches in the network”

VTP minimizes misconfigurations and configuration inconsistencies that can cause problems, such as duplicate
VLAN names or incorrect VLAN-type specifications. VTP helps you simplify management of the VLAN database
across multiple switches.

VTP is a Cisco-proprietary protocol and is available on most of the Cisco switches.

Why we need VTP?

To answer this question, let’s discuss a real and popular network topology.

Suppose you are working in a medium company in a 5-floor office. You assigned each floor to a switch for easy
management and of course they can be assigned to different VLANs. For example, your bosses can sit in any floor
and still access Manage VLAN (VLAN 7). Your technical colleagues can sit anywhere on the floors to access
Technical VLAN (VLAN 4). This is the best design because each person’s permission is not limited by the physical

Now let’s discuss about VTP role in this topology! Suppose VTP is not running on these switches. One day, your
boss decides to add a new department to your office, the Support Department, and you are tasked to add a new
SUPPORT VLAN for this department. How will you do that? Well, without VTP you have to go to each switch to
enable this new VLAN. Fortunately your office only has 5 floors so you can finish this task in some hours :)

But just imagine if your company was bigger with 100-floor office and some VLANs needed to be added every
month! Well, it will surely become a daunting task to add a new VLAN like this. Luckily, Cisco always “thinks big”
to create a method for you to just sit at the “Main Sw”, adding your new VLANs and magically, other switches
automatically learn about this VLAN, sweet, right? It is not a dream, it is what VTP does for you!

How VTP Works

To make switches exchange their VLAN information with each other, they need to be configured in the same VTP
domain. Only switches belonging to the same domain share their VLAN information. When a change is made to
the VLAN database, it is propagated to all switches via VTP advertisements.
To maintain domain consistency, only one switch should be allowed to create (or delete, modify) new VLAN. This
switch is like the “master” of the whole VTP domain and it is operated in Server mode. This is also the default

Other switches are only allowed to receive and forward updates from the “server” switch. They are operated
in Client mode.

In some cases, the network manager doesn’t want a switch to learn VTP information from other switches. He can
set it toTransparent mode. In this mode, a switch maintains its own VLAN database and never learn VTP
information from other switches (even the server). However, it still forwards VTP advertisements from the server
to other switches (but doesn’t read that update). A transparent switch can add, delete and modify VLAN database

Now return to the example above, we can configure any switches as the “server” but for our convenience, the
“Main Sw” should be assigned this function and we should place it in a safe place.

As said above, VTP advertisements bring VLAN information to all the switches in a VTP domain. Each VTP
advertisement is sent with a Revision number. This number is used in order to determine whether the VTP
advertisement is more recent than the current version of that switch. Because each time you make a VLAN
change in a switch, the configuration revision is incremented by one. So the higher the revision number, the
better your VTP advertisement.

For example, the first time the Main Sw sends a VTP advertisement, its Revision number is 1. When you add a
new VLAN to the Main Sw, it will send a VTP advertisement with the Revision number of 2. Client switches first
receive the VTP advertisement with the Revision number of 1, which is bigger than its current Revision number
(0) so it updates its VLAN database. Next it receives the VTP advertisement with the Revision number of 2, it
continues comparing with its current Revision number (1) -> it continues update its VLAN database.

One important thing you must know is when a switch receives a better VTP advertisement, it deletes its whole
VTP information and copy the new information from the better VTP advertisement to its VLAN database. A switch
does not try to compare its own VLAN database with information from the received VTP advertisements to find out
and update the difference!

Note: VTP advertisements are sent as multicast frames and all neighbors in that domain receive the frames.

The “show vtp status” command analysis

The most important command to view the status of VTP on Cisco switches that each CCNA learners must grasp is
the “show vtp status” command. Let’s have a look at the output of this command:

+ VTP Version: displays the VTP version the switch is running. By default, the switch runs version 1 but can be set
to version 2. Within a domain, the two VTP versions are not interoperable so make sure to configure the same
VTP version on every switch in a domain.
+ Configuration Revision: current Revision number on this switch.
+ Maximum VLANs Supported Locally: maximum number of VLANs supported locally.
+ Number of Existing VLANs: Number of existing VLANs.
+ VTP Operating Mode: can be server, client, or transparent.
+ VTP Domain Name: name that identifies the administrative domain for the switch.

By default, a switch operates in VTP Server mode with a NULL (blank) domain name with no password configured
(the password field is not listed in the output)

+ VTP Pruning Mode: displays whether pruning is enabled or disabled. We will discuss about VTP Pruning later.
+ VTP V2 Mode: displays if VTP version 2 mode is enabled. VTP version 2 is disabled by default.
+ VTP Traps Generation: displays whether VTP traps are sent to a network management station.
+ MD5 Digest: a 16-byte checksum of the VTP configuration.
+ Configuration Last Modified: date and time of the last configuration modification. Displays the IP address of the
switch that caused the configuration change to the database.
VTP Pruning: Increases available bandwidth by reducing unnecessary flooded traffic
To understand what VTP Pruning is, let’s see an example:

When PC A sends a broadcast frame on VLAN 10, it travels across all trunk links in the VTP domain. Switches
Server, Sw2, and Sw3 all receive broadcast frames from PC A. But only Sw3 has user on VLAN 10 and it is a
waste of bandwidth on Sw2. Moreover, that broadcast traffic also consumes processor time on Sw2. The link
between switches Server and Sw2 does not carry any VLAN 10 traffic so it can be “pruned”.

VTP Pruning makes more efficient use of trunk bandwidth by forwarding broadcast and unknown unicast frames
on a VLAN only if the switch on the receiving end of the trunk has ports in that VLAN. In the above example,
Server switch doesn’t send broadcast frame to Sw2 because Sw2 doesn’t have ports in VLAN 10.

When a switch has a port associated with a VLAN, the switch sends an advertisement to its neighbors to inform
that it has active ports on that VLAN. For example, Sw3 sends an advertisement to Server switch to inform that it
has active port for VLAN 10. Sw2 has not advertised about VLAN 10 so Server switch will prune VLAN 10 on the
trunk to Sw2.

You only need to enable pruning on one VTP server switch in the domain.

VTP Configuration

Main   Sw(config)#vtp   version 2
Main   Sw(config)#vtp   domain 9tut
Main   Sw(config)#vtp   mode server
Main   Sw(config)#vtp   password keepitsecret

On client switches

Client(config)#vtp   version 2
Client(config)#vtp   domain 9tut
Client(config)#vtp   password keepitsecret
Client(config)#vtp   mode client

Notice: Before configuring VTP make sure the links between your switches are trunk links. Your trunk link can
automatically be formed if both of your switches are not 2960 or 3560 because ports on the 2960 and 3560
switches are set to dynamic auto by default. If both sides are set to dynamic auto, the link will remain in access
mode. To configure trunk between these ports, use these commands:

Client(config)#interface fa0/1 (or the interface on the link you want to be trunk)
Client(config-if)#switchport mode trunk

These commands only need to be used on one of two switches to form the trunk.

Below summaries important notes about VTP:

+ Whenever a change occurs in the VLAN database, the VTP server increments its configuration revision number
and then advertises the new revision throughout the VTP domain via VTP advertisements.
+ VTP operates in one of three modes: server, transparent, or client.

VTP modes:

* Server: The default mode. When you make a change to the VLAN configuration on a VTP server, the change is
propagated to all switches in the VTP domain. VTP messages are transmitted out of all the trunk connections. In
Server mode we can create, modify, delete VLANs.

* Client: cannot make changes to the VLAN configuration when in this mode; however, a VTP client can send any
VLANs currently listed in its database to other VTP switches. VTP client also forwards VTP advertisements (but
cannot create VTP advertisements).

* Transparent: When you make a change to the VLAN configuration in this mode, the change affects only the local
switch and does not propagate to other switches in the VTP domain. VTP transparent mode does forward VTP
advertisements that it receives within the domain.

VTP Pruning makes more efficient use of trunk bandwidth by forwarding broadcast and unknown unicast frames
on a VLAN only if the switch on the receiving end of the trunk has ports in that VLAN

Tags: Switching