CCNA Dis3 - Chapter 3 - Switching in A Enterprise Network - PPT (Compatibility Mode)

Chapter 3 Switching in an Enterprise Network
CCNA Discovery 4.0
Intruduction
Hc vin cng ngh thng tin Bach Khoa - Website: www.bkacad.com
Intruduction
Intruduction
Intruduction
Intruduction
Objectives
Compare the types of switches used in an
enterprise network. Explain how Spanning Tree Protocol prevents switching loops. Describe and configure VLANs on a Cisco switch. Describe and configure trunking and InterVLAN routing. Maintain VLANs in an enterprise networks.
Describing Enterprise Level Switching

Switching and Network Segmentation

A switch is a very adaptable Layer 2 device. Each switch maintains a MAC address table in highspeed memory, called content addressable memory (CAM).

The switch deletes entries from the MAC address table if they are not used within a certain period of time. The name given to this period of time is the aging timer; Removal of an entry is called aging out.

When two connected hosts communicate with each other, the switch consults the switching table and establishes a virtual connection, or microsegment, between the ports. Switches can support either symmetric or asymmetric switching.
Multilayer Switching

Layer 3 switching, or multilayer switching, combines hardware-based switching and hardware-based routing in the same device. A multilayer switch combines the features of a Layer 2 switch and a Layer 3 router. Layer 3 switching occurs in special application-specific integrated circuit (ASIC) hardware. Multilayer switches often save, or cache, source and destination routing information from the first packet of a conversation. Subsequent packets do not have to execute a routing lookup, because they find the routing information in memory.
Types of Switching
Types of Switching
Types of Switching
Types of Switching
There are two variants of cut-through switching: Fast-forward switching: Fast-forward switching offers the lowest level of latency. Fast-forward switching immediately forwards a packet after reading the destination address. Because fast-forward switching starts forwarding before the entire packet has been received, there may be times when packets are relayed with errors. This occurs infrequently, and the destination network adapter discards the faulty packet upon receipt. In fast-forward mode, latency is measured from the first bit received to the first bit transmitted. Fast-forward switching is the typical cut-through method of switching. Fragment-free switching: In fragment-free switching, the switch stores the first 64 bytes of the frame before forwarding. Fragment-free switching can be viewed as a compromise between store-and-forward switching and cutthrough switching. The reason fragment-free switching stores only the first 64 bytes of the frame is that most network errors and collisions occur during the first 64 bytes. Fragment-free switching tries to enhance cut-through switching by performing a small error check on the first 64 bytes of the frame to ensure that a collision has not occurred before forwarding the frame. Fragment-free switching is a compromise between the high latency and high integrity of store-and-forward switching, and the low latency and reduced integrity of cutHc through switching. vin cng ngh thng tin Bach Khoa - Website: www.bkacad.com
Types of Switching
Switch Security
Switch Security
Preventing Switching Loops
Redundancy in a Switched Network

Redundant links in a switched network reduce congestion and support high availability and load balancing. however, can cause problems: The broadcast nature of Ethernet traffic creates switching loops. The broadcast frames go around and around in all directions, causing a broadcast storm.

Broadcast storms are not the only problem created by redundant links in a switched network. Unicast frames sometimes produce problems, such as multiple frame transmissions and MAC database instability. Multiple Frame Transmissions

MAC Database Instability
Spanning Tree Protocol (STP)
Spanning Tree Protocol (STP) provides a mechanism for disabling redundant links in a switched network. STP provides the redundancy required for reliability without creating switching loops. STP is an open standard protocol, used in a switched environment to create a loop-free logical topology. Switches detecting a potential loop block some of the connecting ports, while leaving other ports active to forward frames.
Without STP
With STP
To prevent switching loops, STP: Forces certain interfaces into a standby or blocked state Leaves other interfaces in a forwarding state Reconfigures the network by activating the appropriate standby path, if the forwarding path becomes unavailable. In STP terminology, the term bridge is frequently used to refer to a switch. The Root Bridge is the primary switch or focal point in the STP topology. The root bridge communicates with the other switches using Bridge Protocol Data Units (BPDUs).

As a switch powers on, each port cycles through a series of four states: blocking, listening, learning, and forwarding. As the port cycles through these states, the LEDs on the switch change from flashing orange to steady green It can take as long as 50 seconds for a port to cycle through all of these states and be ready to forward frames. When a switch powers on, it first goes into a blocking state to immediately prevent the formation of a loop. It then changes to listening mode, so that it receives BPDUs from neighbor switches After processing this information the switch determines which ports can forward frames without creating a loop

Access ports do not create loops in a switched network and always transition to forwarding if they have a host attached Trunking ports potentially create a looped network and transition to either a forwarding or blocking state.
Root Bridges

STP uses this focal point, called a root bridge or root switch, to determine which ports to block and which ports to put into forwarding state. The root bridge sends out BPDUs containing network topology information to all other switches There is only one root bridge on each network. The root bridge is based on the lowest BID value.
Root Bridges

STP designates three types of ports: root ports, designated ports, and blocked ports. Root Port: The port that provides the least cost path back to the root bridge becomes the root port. Switches calculate the least cost path using the bandwidth cost of each link required to reach the root bridge. Designated Port: A designated port is a port that forwards traffic toward the root bridge but does not connect to the least cost path. Blocked Port: A blocked port is a port that does not forward traffic.
Root Bridges
Root Bridges

To set priority: S3(config)#bridge priority 4096 To restore priority to default: S3(config)#no bridge priority
Spanning Tree in a Hierarchical network
PortFast STP PortFast causes an access port to enter the forwarding state immediately, bypassing the listening and learning states.
Uplink Fast: STP UplinkFast accelerates the choice of a new root port when a link or switch fails or when STP reconfigures itself. The root port transitions to the forwarding state immediately without going through the listening and learning states, as it would do with normal STP procedures. BackboneFast BackboneFast provides fast convergence after a spanning tree topology change occurs. It quickly restores backbone connectivity. BackboneFast is used at the Distribution and Core Layers, where multiple switches connect.
There are several useful commands used to verify spanning tree operation. show spanning-tree - Displays root ID, bridge ID, and port states show spanning-tree summary - Displays a summary of port states show spanning-tree root - Displays the status and configuration of the root bridge show spanning-tree detail - Displays detailed port information show spanning-tree interface - Displays STP interface status and configuration show spanning-tree blockedports - Displays blocked ports
Rapid Spanning Tree Protocol (RSPT)

Rapid Spanning Tree Protocol (RSTP), defined in IEEE 802.1w, significantly speeds the recalculation of the spanning tree. RSTP requires a full-duplex, point-to-point connection between switches to achieve the highest reconfiguration speed. RSTP eliminates the requirements for features such as PortFast and UplinkFast. To speed up the recalculation process, RSTP reduces the number of port states to three: discarding, learning and forwarding. The discarding state is similar to three of the original STP states: blocking, listening, and disabled.
Rapid Spanning Tree Protocol (RSPT)
Configuring VLANs
Virtual LAN
A VLAN is a logical broadcast domain that can span multiple physical LAN segments.
Virtual LAN
Virtual LAN
A VLAN has two major functions: A VLAN contains broadcasts. A VLAN groups devices. Devices located on one VLAN are not visible to devices located on another VLAN. Traffic requires a Layer 3 device to move between VLANs.
Static VLAN membership requires an administrator to manually assign each switch port to a specific VLAN.
Virtual LAN

Dynamic VLAN membership requires a VLAN management policy server (VMPS). The VMPS contains a database that maps MAC addresses to VLAN assignments. When a device plugs into a switch port, the VMPS searches the database for a match of the MAC address and temporarily assigns that port to the appropriate VLAN.
Virtual LAN
Configuring a Virtual LAN

Whether VLANs are created statically or dynamically, the maximum number of VLANs depends on the type of switch and the IOS. By default, VLAN1 is the management VLAN. An administrator will use the IP address of the management VLAN to configure the switch remotely. When a VLAN is created, it is assigned a number and a name. The VLAN number is any number from the range available on the switch, except for VLAN1 Some switches support approximately 1000 VLANs; others support more than 4000.

Switch(config)#vlan vlan_number Switch(config-vlan)#name vlan_name Switch(config-vlan)#exit Switch(config)#interface fa#/# Switch(config-if)#switchport access vlan vlan_number Switch(config-if)# exit Switch(config)#interface range fa#/start_of_range end_of_range Switch(config-if)#switchport access vlan vlan_number Switch(config-if)#exit
The following commands are used to verify and maintain VLANs: show vlan Displays a detailed list of all of the VLAN numbers and names currently active on the switch, along with the ports associated with each one Displays STP statistics if configured on a per VLAN basis show vlan brief Displays a summarized list showing only the active VLANs and the ports associated with each one show vlan id id_number: Displays information pertaining to a specific VLAN, based on ID number show vlan name vlan_name www.bkacad.com Hc vin cng ngh thng tin Bach Khoa - Website:
To delete a VLAN: Switch(config)#no vlan vlan_number To disassociate a port from a specific VLAN: Switch(config)#interface fa#/# Switch(config-if)#no switchport access vlan vlan_number
Identifying VLANs

As a frame enters that port, the switch inserts the VLAN ID (VID) into the Ethernet frame. The addition of the VLAN ID number into the Ethernet frame is called frame tagging. The most commonly used frame tagging standard is IEEE 802.1Q.
Identifying VLANs
Frames contain fields such as:
Identifying VLANs

An access port belongs to only one VLAN. A trunk port is a point-to-point link between the switch and another networking device. Trunks carry the traffic of multiple VLANs over a single link and allow VLANs to reach across an entire network.
Identifying VLANs
No Trunking
Trunking
Identifying VLANs
To configure a switch port as a trunk port, use the following commands: Switch(config)#interface fa(controler # / port #) Switch(config-if)#switchport mode trunk Switch(config-if)#switchport trunk encapsulation {dot1q | isl | negotiate}
The negotiate parameter is the default mode on many Cisco switches. This parameter automatically detects the encapsulation type of the neighbor switch.
Identifying VLANs
Based on the attached device, the link configures itself as either a trunk port or an access port. Switch(config-if)#switchport mode dynamic {desirable | auto} In desirable mode, the port becomes a trunk port if the other end is set to either trunk, desirable, or auto. In auto mode, the port becomes a trunk port if the other end is set to either trunk or desirable. To return a trunk port to an access port, issue either of the following commands: Switch(config)#interface fa(controler # / port #) Switch(config-if)#no switchport mode trunk Or Switch(config-if)#switchportWebsite: www.bkacad.com mode access Hc vin cng ngh thng tin Bach Khoa -
Trunking and InterVLAN Routing
Trunk Ports
Switch ports can be configured for two different roles Access Port An access port belongs to only one VLAN. Typically, single devices such as PCs or servers connect to this type of port. If a hub connects multiple PCs to the single access port, each device connected to the hub is a member of the same VLAN. Trunk Port A trunk port is a point-to-point link between the switch and another networking device. Trunks carry the traffic of multiple VLANs over a single link and allow VLANs to reach across an entire Hc vin cng ngh thng tin Bach Khoa - Website: www.bkacad.com network.
Trunk Ports
Trunk Ports
No VLAN Tagging
VLAN Tagging is used when a link needs to carry traffic for more than one VLAN.
Trunk Ports
There are two major methods of frame tagging, Cisco proprietary Inter-Switch Link (ISL) and IEEE 802.1Q. ISL used to be the most common, but is now being replaced by 802.1Q frame tagging. Cisco recommends using 802.1Q. VLAN Tagging and Trunking will be discussed in the next chapter.
Trunk Ports
Trunk Ports
Extending VLANs across Swithes

Traffic with no VLAN ID is called untagged. Examples of untagged traffic are Cisco Discovery Protocol (CDP), VTP, and certain types of voice traffic.
Extending VLANs across Swithes
To accommodate untagged traffic, a special VLAN called a native VLAN is available.
Inter-VLAN Routing

A Layer 3 device provides connectivity between different VLANs. One method of accomplishing the inter-VLAN routing requires a separate interface connection to the Layer 3 device for each VLAN.
Inter-VLAN Routing

Switch Configure the switch interface as an 802.1Q trunk link. Router Select a router interface with a minimum of a 100Mbps FastEthernet Configure subinterfaces that support 802.1Q encapsulation. Configure one subinterface for each VLAN.
Inter-VLAN Routing
If the destination VLAN is on the same switch as the source VLAN, the router forwards the traffic back down to the source switch using the subinterface parameters of the destination VLAN ID. This type of configuration is often referred to as a routeron-a-stick.
Inter-VLAN Routing
To configure inter-VLAN routing, use the following steps: 1. Configure a trunk port on the switch. Switch(config)#interface fa0/2 Switch(config-if)#switchport mode trunk 2. On the router, configure a FastEthernet interface with no IP address or subnet mask. Router(config)#interface fa0/1 Router(config-if)#no ip address Router(config-if)#no shutdown 3. On the router, configure one subinterface with an IP address and subnet mask for each VLAN. Each subinterface has an 802.1Q encapsulation.
Inter-VLAN Routing
Router(config)#interface fa0/0.10 Router(config-subif)#encapsulation dot1q 10 Router(config-subif)#ip address 192.168.10.1 255.255.255.0 4. Use the following commands to verify the interVLAN routing configuration and functionality. Switch#show trunk Router#show ip interfaces Router#show ip interfaces brief Router#show ip route
Maintaining VLANs on an Enterprise Network

VLAN Trunking Protocol (VTP)

VTP allows a network manager to makes changes on a switch that is configured as a VTP server. Basically, the VTP server distributes and synchronizes VLAN information to VTP-enabled switches throughout the switched network, which minimizes the problems caused by incorrect configurations and configuration inconsistencies. VTP stores VLAN configurations in the VLAN database called vlan.dat. VTP only learns about normal-range VLANs (VLAN IDs 1 to 1005). Extended-range VLANs (IDs greater than 1005) are not supported by VTP.
VTP Domain-Consists of one or more interconnected switches. All switches in a domain share VLAN configuration details using VTP advertisements. A router or Layer 3 switch defines the boundary of each domain.

The VTP configuration revision number begins at zero. As changes occur, the configuration revision number increases by one. The revision number continues to increment until it reaches 2,147,483,648 When it reaches that point, the counter resets back to zero. Rebooting the switch also resets the revision number to zero.

VTP messages come in three varieties: summary advertisements, subset advertisements, and advertisement requests. Summary Advertisements Catalyst switches issue summary advertisements every 5 minutes or whenever a change to the VLAN database occurs. Summary advertisements contain the current VTP domain name and the configuration revision number. Subset Advertisements A subset advertisement follows the summary advertisement. A subset advertisement contains a list of VLAN information. Advertisement Requests VTP clients use advertisement requests to ask for VLAN information. Detail in 3.5.1
Configuring VTP

Step 1: Configure VTP off-line (version 1) Step 2: Verify the VTP configuration. Step 3: Reboot the switch.
VLAN Support for IP telephony and Wireless

Voice traffic must be given priority over normal data traffic to avoid jerky or jittery conversations. Providing a dedicated VLAN for voice traffic prevents voice traffic from having to compete with data for available bandwidth. An IP phone usually has two ports, one for voice and one for data. Packets traveling to and from the PC and the IP phone share the same physical link to the switch and the same switch port. To segment the voice traffic, enable a separate voice VLAN on the switch.
VLAN Support for IP telephony and Wireless

Wireless is another type of traffic that benefits from VLANs. Wireless is, by nature, very insecure and prone to attacks by hackers. Most wireless deployments place the user in a VLAN on the outside of the firewall for added security. In addition, many organizations provide guest access to their wireless network. Guest accounts provide anyone, within a limited range, temporary wireless services such as web access, e-mail, ftp, and SSH.
VLAN best practices
Some best practices for configuring VLANs in an enterprise network are: Organizing server placement Disabling unused ports Configuring the management VLAN as a number other than 1 Using VLAN Trunking Protocol Configuring VTP Domains Reboot any new switch entering an established network
Summary
Switch forward traffic. Spanning Tree Protocol STP). Rapid STP. VLAN. Inter-VLAN. VLAN Trunking Protocol (VTP).

CCNA Dis3 - Chapter 3 - Switching in A Enterprise Network - PPT (Compatibility Mode)

Hochgeladen von

Dokumentinformationen

Originalbeschreibung:

Originaltitel

Copyright

Verfügbare Formate

Dieses Dokument teilen

Dokument teilen oder einbetten

Freigabeoptionen

Stufen Sie dieses Dokument als nützlich ein?

Sind diese Inhalte unangemessen?

Copyright:

Verfügbare Formate

CCNA Dis3 - Chapter 3 - Switching in A Enterprise Network - PPT (Compatibility Mode)

Hochgeladen von

Copyright:

Verfügbare Formate

Chapter 3 Switching in an Enterprise Network

CCNA Discovery 4.0

Hc vin cng ngh thng tin Bach Khoa - Website: www.bkacad.com

Hc vin cng ngh thng tin Bach Khoa - Website: www.bkacad.com

Hc vin cng ngh thng tin Bach Khoa - Website: www.bkacad.com

Hc vin cng ngh thng tin Bach Khoa - Website: www.bkacad.com

Hc vin cng ngh thng tin Bach Khoa - Website: www.bkacad.com

Describing Enterprise Level Switching

Switching and Network Segmentation

Hc vin cng ngh thng tin Bach Khoa - Website: www.bkacad.com

Switching and Network Segmentation

Hc vin cng ngh thng tin Bach Khoa - Website: www.bkacad.com

Switching and Network Segmentation

Hc vin cng ngh thng tin Bach Khoa - Website: www.bkacad.com

Switching and Network Segmentation

Hc vin cng ngh thng tin Bach Khoa - Website: www.bkacad.com

Hc vin cng ngh thng tin Bach Khoa - Website: www.bkacad.com

Hc vin cng ngh thng tin Bach Khoa - Website: www.bkacad.com

Hc vin cng ngh thng tin Bach Khoa - Website: www.bkacad.com

Hc vin cng ngh thng tin Bach Khoa - Website: www.bkacad.com

Hc vin cng ngh thng tin Bach Khoa - Website: www.bkacad.com

Hc vin cng ngh thng tin Bach Khoa - Website: www.bkacad.com

Hc vin cng ngh thng tin Bach Khoa - Website: www.bkacad.com

Hc vin cng ngh thng tin Bach Khoa - Website: www.bkacad.com

Preventing Switching Loops

Hc vin cng ngh thng tin Bach Khoa - Website: www.bkacad.com

Redundancy in a Switched Network

Hc vin cng ngh thng tin Bach Khoa - Website: www.bkacad.com

Redundancy in a Switched Network

Hc vin cng ngh thng tin Bach Khoa - Website: www.bkacad.com

Redundancy in a Switched Network

Hc vin cng ngh thng tin Bach Khoa - Website: www.bkacad.com

Redundancy in a Switched Network

Hc vin cng ngh thng tin Bach Khoa - Website: www.bkacad.com

Spanning Tree Protocol (STP)

Hc vin cng ngh thng tin Bach Khoa - Website: www.bkacad.com

Spanning Tree Protocol (STP)

Hc vin cng ngh thng tin Bach Khoa - Website: www.bkacad.com

Spanning Tree Protocol (STP)

Spanning Tree Protocol (STP)

Hc vin cng ngh thng tin Bach Khoa - Website: www.bkacad.com

Spanning Tree Protocol (STP)

Spanning Tree Protocol (STP)

Hc vin cng ngh thng tin Bach Khoa - Website: www.bkacad.com

Spanning Tree Protocol (STP)

Hc vin cng ngh thng tin Bach Khoa - Website: www.bkacad.com

Spanning Tree Protocol (STP)

Hc vin cng ngh thng tin Bach Khoa - Website: www.bkacad.com

Spanning Tree Protocol (STP)

Hc vin cng ngh thng tin Bach Khoa - Website: www.bkacad.com

Spanning Tree Protocol (STP)

Hc vin cng ngh thng tin Bach Khoa - Website: www.bkacad.com

Hc vin cng ngh thng tin Bach Khoa - Website: www.bkacad.com

Hc vin cng ngh thng tin Bach Khoa - Website: www.bkacad.com

Hc vin cng ngh thng tin Bach Khoa - Website: www.bkacad.com

Spanning Tree in a Hierarchical network

Hc vin cng ngh thng tin Bach Khoa - Website: www.bkacad.com

Spanning Tree in a Hierarchical network

Hc vin cng ngh thng tin Bach Khoa - Website: www.bkacad.com

Spanning Tree in a Hierarchical network

Spanning Tree in a Hierarchical network

Rapid Spanning Tree Protocol (RSPT)