38. Switching Methods 1. Cut-Through (Fast Forward) The frame is forwarded through the switch before the entire frame is received. At a minimum the frame destination address must be read before the frame can be forwarded. This mode decreases the latency of the transmission, but also reduces error detection. 2. Fragment-Free (Modified Cut-Through) Fragment-free switching filters out collision fragments before forwarding begins. Collision fragments are the majority of packet errors. In Fragment-Free mode, the switch checks the first 64 bytes of a frame. 3. Store-and-Forward The entire frame is received before any forwarding takes place. Filters are applied before the frame is forwarded. Most reliable and also most latency especially when frames are large.
64. LAB – Deleting VLAN port1 port5 To delete VLAN Sw(config)# no vlan 2 Sw(config)# no vlan 3 To bring port back to VLAN 1 Sw(config-if)#switchport mode acces Sw(config-if)#switch port access vlan1 For a Range Sw(config)#int range fastethernet 0/1 - 5 Sw(config-if)#switch port access vlan1
89. New Addressing Concepts Fig. 2 Address shortage and possible solutions (TI1332EU02TI_0003 New Address Concepts, 5) Problems with IPv4 Shortage of IPv4 addresses Allocation of the last IPv4 addresses was for the year 2005 Address classes were replaced by usage of CIDR, but this is not sufficient Short term solution NAT: Network Address Translator Long term solution IPv6 = IPng (IP next generation) Provides an extended address range
90. NAT: Network Address Translator Fig. 4 How does NAT work? (TI1332EU02TI_0003 New Address Concepts, 9) NAT Translates between local addresses and public ones Many private hosts share few global addresses Public Network Uses public addresses Public addresses are globally unique Private Network Uses private address range (local addresses) Local addresses may not be used externally
Emphasize: The next few slides discuss the basic function of a bridge/switch: 1. How it learns the location of the hosts by reading the source MAC address of incoming frames. 2. How it makes forwarding/filtering decisions. There are three conditions in which a switch will flood a frame out on all ports except to the port on which the frame came in, as follows: Unknown unicast address Broadcast frame Multicast frame 3. How STP is used to avoid loops in a switched/bridged network.
Slide 1 of 3 Emphasize: The 1900en max MAC address table size is 1024. Once the table is full, it will flood all new addresses until existing entries age out. The command to change the MAC address table aging time is, as follows: wg_sw_a(config)# mac-address-table aging-time ? <10-1000000> Aging time value The default is 300 sec. The MAC address table is also referred to as the CAM table (Content Address Memory) on some switches.
Slide 2 of 3
Slide 3 of 3 Emphasize: Once C replies, the switch will also cache station C’s MAC address to port E2, as shown in the next slide.
The server in the figure sends a unicast frame to Router C. Since it’s a unicast frame, Switch A forwards the frame, and Switch B provides the same service—it forwards the unicast. This is bad because it means that Router C receives that unicast frame twice, causing additional overhead on the network.one: The MAC address filter table will be totally confused about the device’s location because the switch can receive the frame from more than one link.
Emphasize: A looped topology is often desired to provide redundancy, but looped traffic is undesirable. The Spanning-Tree protocol was originally designed for bridges. Today, it is also applied to LAN switches and routers operating as a bridge. Spanning-Tree protocol ensures that all bridged segments are reachable but any points where loops occur will be blocked.
a company called Digital Equipment Corporation (DEC) created the original version of Spanning Tree Protocol (STP) . The IEEE later created its own version of STP called 802.1D. All Cisco switches run the IEEE 802.1D version of STP, which isn’t compatible with the DEC version. STP uses the spanning-tree algorithm (STA) to first create a topology database, then search out and destroy redundant links.
Emphasize: Using the default Spanning-Tree protocol timers setting, the times it takes to go from the blocking state to the forwarding state is 50 sec (20 + 15 + 15). Blocking A blocked port won’t forward frames; it just listens to BPDUs. The purpose of the blocking state is to prevent the use of looped paths. All ports are in blocking state by default when the switch is powered up. Listening The port listens to BPDUs to make sure no loops occur on the network before passing data frames. A port in listening state prepares to forward data frames without populating the MAC address table. Learning The switch port listens to BPDUs and learns all the paths in the switched network. A port in learning state populates the MAC address table but doesn’t forward data frames. Forwarding The port sends and receives all data frames on the bridged port. If the port is still a designated or root port at the end of the learning state, it enters this state. Disabled A port in the disabled state (administratively) does not participate in the frame forwarding or STP. A port in the disabled state is virtually nonoperational. Switch ports are most often in either the blocking or forwarding state. A forwarding port is one that has been determined to have the lowest (best) cost to the root bridge. But when and if the network experiences a topology change (because of a failed link or because someone adds in a new switch), you’ll find the ports on a switch in listening and learning states.
BPDUs are sent every two seconds, BPDUs are sent every two seconds, If more than one link connects to the root bridge, then a port cost is determined by checking the bandwidth of each link.The lowest-cost port becomes the root port. If multiple links have the same cost, the bridge with the lower advertising bridge ID is used. Since multiple links can be from the same device, the lowest port number will be used.
Emphasize: By default, the switch with the lowest MAC address will be the root bridge. Note: The Catalyst switches support an instance of spanning tree per VLAN. Each VLAN will use a unique MAC address for spanning tree purposes. On the Catalyst 1900, the address it uses for spanning tree is the MAC address on the various ports. VLAN is discussed in the next chapter. The IEEE 802.1d specification specifies for a 16-bit priority field. The Catalyst 1900 switch only supports the 802.1d Spanning-Tree protocol. The default priority on the Catalyst 1900 is 32768 in decimal or 8000 in hex, the midrange value. BPDU contain the following fields: Protocol ID version Message type Flags Root ID Cost of path Bridge ID Port ID Message age Max age Hello time Forward delay
Emphasize: The three general rules when dealing with STP are as follows: 1. One root bridge per network. The root is the bridge with the lowest bridge ID. All the ports on the root bridge are designated ports (forwarding). 2. For every non-root bridge, there is a root port (forwarding). The root port is the port with the lowest accumulated path cost to the root bridge. 3. For every segment, there is only one designated port. The designated port forwards traffic for the segment. The designated port has the lowest accumulated path cost to the root bridge.
Selecting the Root Port If more than one link leads to the root bridge, then cumulative outbound port costs along the path to the root bridge becomes the factor used to determine which port will be the root port
Emphasize: The three general rules when dealing with STP are as follows: 1. One root bridge per network. The root is the bridge with the lowest bridge ID. All the ports on the root bridge are designated ports (forwarding). 2. For every non-root bridge, there is a root port (forwarding). The root port is the port with the lowest accumulated path cost to the root bridge. 3. For every segment, there is only one designated port. The designated port forwards traffic for the segment. The designated port has the lowest accumulated path cost to the root bridge.
Series – 1900 – Stopped 2900 – Will be used in LAB 3500 – layer 3 Switch
When the 1900 switch is first powered on, it runs through a power-on self-test (POST). At first, all port LEDs are green, and if upon completion the POST determines that all ports are in good shape, all the LEDs blink and then turn off. But if the POST finds a port that has failed, both the System LED and the port’s LED turn amber.
There are several benefits to using VLANs, including: 1. Increased performance 2. Improved manageability 3. Network tuning and simplification of software configurations 4. Physical topology independence 5. Increased security options Increased performance Switched networks by nature will increase performance over shared media devices in use today, primarily by reducing the size of collision domains. Grouping users into logical networks will also increase performance by limiting broadcast traffic to users performing similar functions or within individual workgroups. Additionally, less traffic will need to be routed, and the latency added by routers will be reduced.
Purpose: Emphasize: A VLAN is a broadcast domain. Note: In order to have inter-VLAN communications, a router is required.
Note: Once a port has been assigned to a VLAN, it cannot send or receive traffic from devices in another VLAN without the intervention of a Layer 3 device like a router. The 1900 can’t be configure as the VMPS. A CiscoWorks 2000 or CWSI management station or a Catalyst 5000 switch can be configured as the VMPS. In the future, dynamic VLANs may also offer membership based on other criteria such as protocol or application. Dynamic VLANs are covered in the Managing Cisco Switched Internetworks class.
VMPS VMP S is a server process that supports dynamic ports. Dynamic ports enable end-user nodes to remain on the same VLAN after being moved and plugged into another physical port without the intervention of manual port reconfiguration. To support dynamic ports, there must be at least one Catalyst 5000 switch running VMPS per domain on the network. When a workstation or other end-user node is attached to a dynamic port, the switch uses VMPS information to assign that port to a particular VLAN based on the MAC address of the network interface card in the device. When the device is moved and plugged into another port, VMPS provides configuration information from the MAC-VLAN mapping that allows the device to remain on the same VLAN as before without manual reconfiguration. Without VMPS, each port is statically assigned to a single VLAN. Changing the VLAN assigned to a static port requires manually changing the VLAN assignment of the port. Thus, when you most a device and connect it to a different port, you need to manually reconfigure the port. You can use VlanDirector, CiscoView, or the command-line interface to do this reconfiguration; with VMPS, however, it is automatic.
Layer 3 of 3 Emphasize: A trunk is used to connect two switches together. A trunk carries traffic for multiple VLANs. Only the Fast Ethernet ports on the 1900 can be configured as trunk port. Trunking is off by default on the 1900 Fast Ethernet ports (fa 0/26 and fa 0/27). Note: The 1900 supports DISL. At the time of the beta, the core switch (2900xl) doesn’t support DISL.
Access port – single VLAN Trunk – Between switches and cannot be part of only one VLAN Trunk port can carry multiple VLANS Creating VLAN on each port should be consistent Port can be anything Trunk port is a fastethernet port Since trunk need to carry this to all VLAN’s there should be an ID This ID is frame Tagging
Trunking allows you to make a single port part of multiple VLANs at the same time. This can be a real advantage. For instance, you can actually set things up to have a server in two broadcast domains simultaneously, so that your users won’t have to cross a layer 3 device (router) to log in and access it.
The basic purpose of ISL and 802.1Q frame-tagging methods is to provide inter-switch VLAN communication..
Note: The 1900 only supports ISL trunking. ISL is Cisco proprietary. 802.1Q is an IEEE standard. Other trunk types: LANE (VLANSs over ATM) 802.10 (FDDI trunk)
Two Switches are connected and there are four hosts machines Configure 4 VM with 10.0.0.1 to 10.0.0.4 Ping and see all are pining Have connected thru switches and connect switches using cross cable Create VLAN red and blue on both Switches Now see only the same VLAN’s can communicate
Notes: VTP is a Cisco proprietary feature. VTP is a Layer 2 messaging protocol that maintains VLAN configuration consistency by managing the addition, deletion, and renaming of VLANs on a network-wide basis. VTP minimizes misconfigurations and configuration inconsistencies that can cause several problems, such as duplicate VLAN names, incorrect VLAN-type specifications, and security violations. A VTP domain (also called a VLAN management domain) is one switch or several interconnected switches sharing the same VTP domain. A switch is configured to be in only one VTP domain. You make global VLAN configuration changes for the domain by using the Cisco IOS command-line interface (CLI), Cisco Visual Switch Manager Software, or Simple Network Management Protocol (SNMP). By default, a 1900 switch is in the no-management-domain state until it receives an advertisement for a domain over a trunk link or you configure a management domain. The default VTP mode is server mode, but VLANs are not propagated over the network until a management domain name is specified or learned. If the switch receives a VTP advertisement over a trunk link, it inherits the management domain name and configuration revision number. The switch then ignores advertisements with a different management domain name or an earlier configuration revision number. When you make a change to the VLAN configuration on a VTP server, the change is propagated to all switches in the VTP domain. VTP advertisements are transmitted out all trunk connections, including Inter-Switch Link (ISL), IEEE 802.1Q, IEEE 802.10, and ATM LAN Emulation (LANE). If you configure a switch from VTP transparent mode, you can create and modify VLANs, but the changes are not transmitted to other switches in the domain, and they affect only the individual switch.
Emphasize: Default VTP mode on the Catalyst switches is server. Be careful when adding new switches into an existing network. This is covered in more detail later.
Layer 2 of 2 Emphasize: The latest revision number is what the switches will synchronize to.
Emphasize: VTP prunning provides optimized flooding. Without VTP prunning, station A’s broadcast will be flooded to all switches whether they have any port in the red VLAN or not. Note: VLAN1 can’t be prunned. STP, CDP, VTP updates are sent on VLAN1. All switches in the switched network must support prunning or prunning will be disabled. Each trunk port maintains a state variable per VLAN indicating if the switch has any port assigned to a particular VLAN or not.
Be cautious when adding a new switch into an existing domain. Add a new switch in a Client mode to get the last up-to-date information from the network then convert it to Server mode. Add all new configurations to switch in transparent mode and check your configuration well then convert it to Server mode to prevent the switch from propagating incorrect VLAN information. Notes: All switches in a VTP domain must run the same VTP version. The password entered with a domain name should be the same for all switches in the domain. If you configure a VTP password, the management domain will not function properly if you do not assign the management domain password to each switch in the domain. A VTP version 2-capable switch can operate in the same VTP domain as a switch running VTP version 1, provided version 2 is disabled on the version 2-capable switch (version 2 is disabled by default). Do not enable VTP version 2 on a switch unless all of the switches in the same VTP domain are version 2-capable. When you enable version 2 on a switch, all of the version 2-capable switches in the domain must have version 2 enabled. If there is a version 1-only switch, it will not exchange VTP information with switches with version 2 enabled. If there are Token Ring networks in your environment, you must enable VTP version 2 for Token Ring VLAN switching to function properly. Enabling or disabling VTP pruning on a VTP server enables or disables VTP pruning for the entire management domain. In the lab, all the switches are set to VTP transparent mode.
Layer 2 of 2 Note: The two commands shown in the slide can also be combined into one command: vtp domain switchlab transparent
What Does NAT Do? NAT is like the receptionist in a large office. Let's say you have left instructions with the receptionist not to forward any calls to you unless you request it. Later on, you call a potential client and leave a message for that client to call you back. You tell the receptionist that you are expecting a call from this client and to put her through. The client calls the main number to your office, which is the only number the client knows. When the client tells the receptionist that she is looking for you, the receptionist checks a lookup table that matches your name with your extension. The receptionist knows that you requested this call, and therefore forwards the caller to your extension.
Like static NAT, the NAT router creates a one-to-one mapping between an inside local and inside global address and changes the IP addresses in packets as they exit and enter the inside network. However, the mapping of an inside local address to an inside global address happens dynamically.
There should be router 2600 configured To verify whether router supports IP NAT static go to config and # IP NAT inside source ? (there should be a static Entry) Configure router 2600 with an IP address on Fastethernet port 10.0.0.254 and Serial 0/0 200.0.0.1, need not to connect any cables, configure IP and no shut then see the above commands
There should be router 2600 configured Configure router 2600 with an IP address on Fastethernet port 10.0.0.254 and Serial 0/0 200.0.0.1, need not to connect any cables, configure IP and no shut then see the above commands
Can have 65000 concurrent connection sharing one connection