Ethernet StandardEthernet hub operates at half-duplex, which allows a device to either transmit or receive data, but not at the same time. Ethernet utilizes carrier sensemultiple access with collision detect to control media access.For Example: if two devices transmit a frame at the same time, a collision will occur. If a collision is detected, the hub will discard the frame and generate thesignal for the host devices. Both devices will wait for a random time then afterEthernet switches build MAC-address tables through a dynamic learning process. When a switch first powered on then switch will flood frame out every port.Switching: Switching is a process, using MAC address on LAN segment and It make a decision based on MAC address, that is called Switching.Functions:-Address Learning: - A switch learns MAC address based of source MAC frame which is received ingress port.Forward Filtering:-A switch forward MAC address based of destination MAC frame which is received egress port.Loop Avoidance: - Switches utilize the spanning Tree protocol to maintain a loop free environmentFlood: - Flood is a process in which a switch transmits a copy of frame to its all ports except that port on it was received.Flooding:-z 1. Broadcast 2. Multicast 3. Unknown unicastThe layer 2 Switching processWhen a switch receives a copy of frame on a port it puts that frame in one of the port’s ingress.When a switch make a decision which port that frame should sent out, it puts the frame in that port’s egress.Note: - if the destination Mac address in the frame is not stored in CAM table, the frame is placed in the egress queue of the all ports. this process is calledflooding.Catalyst switches maintain several types of tables:- 1. CAM 2. TCAM 3. ARPCAM(Contain Addressable Memory) —All Catalyst switch models use a CAM table for Layer 2 switching. As frames arrive on switch ports, the source MACaddresses are learned and recorded in the CAM table. The port of arrival and the VLAN are both recorded in the table, along with a timestamp. If a MACaddress learned on one switch port has moved to a different port, the MAC address and timestamp are recorded for the most recent arrival port. Then, theprevious entry is deleted. If a MAC address is found already present in the table for the correct arrival port, only its timestamp is updated.Ternary Content Addressable Memory (TCAM)—In multilayer switches, all the processes that access control lists (ACLs) provide in traditional routing, such asmatching, filtering, or control specific traffic, are implemented in hardware. TCAM allows a packet to be evaluated against an entire access list in a single tablelookup. Most switches have multiple TCAMs so that both inbound and outbound security, as well as QoS ACLs, can be evaluated simultaneously or entirely inparallel with a Layer 2 or Layer 3 forwarding decision.ARP(Address Resolution Protocol) —Maps an IP address to a MAC address in order to provide IP communication within a Layer 2 broadcast domain. Forexample, Host B wants to send information to Host A, but does not have the MAC address of Host A in its ARP cache. Host B generates a broadcast message forall hosts within the broadcast domain to obtain the MAC address associated with the IP address of Host A. All hosts within the broadcast domain receive theARP request, and only Host A responds with its MAC addressNote CAM & TCAM table stored in RAM, the switch only put the source MAC address of a frame in the CAM table. By default dynamically learned MAC addressare stored for 300 seconds in the CAM table. If no activity is received from the that MAC address, switch removed its entry from CAM table. Basic Switch configurationSwitch Port Configuration -To enter interface configuration mode for interface Fast Ethernet 0/10:Switch(config)#interface fa0/10Network Bulls (A unit of Network Bullstudy Pvt. Ltd.) Email: email@example.com, http://networkbulls.com.
Multiple individual ports can be configured simultaneously: Switch(config)#interface range fa0/10 , fa0/12 , fa0/14The above command selects ports fa0/10, fa0/12, and fa0/14. Please note the space on either side of the commas.A contiguous range of interfaces can be specified:Switch(config)#interface range fa0/10 - 15The above command selects ports fa0/10 through fa0/15. Please note the space on either side of the dash.Macros can be created for groups of ports that are configured often: Switch(config)#define interface-range NETWORKBULLS fa0/10 – 15 Switch(config)#interface range macro NETWORKBULLSThe first command creates a macro, or “group,” of interfaces called NETWORKBULLS. The second command actually selects those interfaces for configuration.For documentation purposes, we can apply descriptions on interfaces: Switch(config)#interface fa0/0 Switch(config-if)#description DESCRIPTIONTEXTTo view the status of an interface (example, Fast Ethernet 0/10): Switch#show interface fa0/10This will also display duplex, speed, and packet errors on this particular interface. To view the errdisable state (explained shortly) of an interface: Switch#show interface status err-disabledSwitch Port Configuration – Speed and DuplexTo specify the port speed of an interface: Switch(config)# interface fa0/10 Switch(config-if)#speed 10 Switch(config-if)#speed 100 Switch(config-if)#speed 1000 Switch(config-if)#speed autoTo specify the duplex of an interface: Switch(config)#interface fa0/10 Switch(config-if)#duplex half Switch(config-if)#duplex full Switch(config-if)#duplex auto VLAN (Virtual Local Area Network)By default a switch considered it’s all ports in a single broadcast domain, but switch has ability to create multiple broadcast domains and it has ability to put itsport in a separate broadcast domain, these multiple broadcast domain is called VLAN.A switch forwards broadcast or multicast all its ports, but except originating port. A switch can be logically segmented into multiple broadcast domains, whichare called VLAN (Virtual Local Area Network). Each VLAN represents a separate broadcast domain.VLANs are typically from VLAN 1 through VLAN 1005. (VLAN 0 is reserved by 802.1Q. The IEEE 802.1Q standard provides for support of up to 4096 VLANs.VLANs 0 and 4095 are reserved by the IEEE 802.1Q standard and you cannot create, delete, or modify them (not displayed).Note: Traffic passed between more than two devices within the same VLAN its required layer-2 device to communicate.Traffic passed between more than two devices in different VLAN it’s required Layer -3 device for communicate.Advantage of VLAN:- 1. Broadcast ControlNetwork Bulls (A unit of Network Bullstudy Pvt. Ltd.) Email: firstname.lastname@example.org, http://networkbulls.com.
2. Security 3. Flexibility and ScalabilityVLAN MembershipStatically: - In static VLAN membership provides port based VLAN membership. A network administrator manually configured port based VLAN membership ona switch, an administrator put that any port in single VLAN. When any device connects to the switch port, then device automatically becomes a member ofthat VLAN.Dynamically: - Cisco developed a dynamic VLAN product that is called VLAN Membership Policy Server (VMPS). Dynamic VLAN provides MAC basedmembership. When any device connects to the switch port then switch learns the MAC address of the device and it makes a request to VMPS server. Switchtransmits the MAC information to VMPS server then VMPS server decided that which VLAN id provides for that MAC.Static VLAN ConfigurationThe first step in configuring VLANs is to create the VLAN:Switch(config)#vlan 100Switch(config-vlan)#name MY_VLANSwitch(config-vlan)#exitSwitch(config)#The first command creates VLAN 100, and enters VLAN configuration mode. The second command assigns the name MY_VLAN to this VLANOrSwitch(config)#vlan 100, 200, 300, 400OrSwitch(config)#vlan 2-10How can assign the interface to specific VLAN.Switch(config)#interface fa0/10Switch(config-if)#switchport mode accessSwitch(config-if)#switchport access vlan 100OrSwitch(config)#interface range fa0/10 – 15Switch(config-if)#switchport mode accessSwitch(config-if)#switchport access vlan 100OrSwitch(config)#define interface-range NETWORKBULLS fa0/10 – 15Switch(config)#interface range macro NETWORKBULLSSwitch(config-if)#switchport mode accessSwitch(config-if)#switchport access vlan 100orSwitch(config)#interface range fa0/10,fa0/12,fa0/14Switch(config-if)#switchport mode accessSwitch(config-if)#switchport access vlan 100Note: The switch will automatically create a VLAN that does not yet exist.VLAN Port Types:There are two types of port available.Access port: - An access port belong only one VLAN. When a host device connects to the access port it will become automatically a member of this VLAN. Bydefault all switch ports are access ports.Trunk Port: - Trunk port does not belong to a single VLAN. All VLAN can travel on trunk link to reach other switch.Network Bulls (A unit of Network Bullstudy Pvt. Ltd.) Email: email@example.com, http://networkbulls.com.
VLAN Frame Tagging: -When we utilize trunk link between two switches. Switches need mechanism to indentify which VLAN frame belongs to. Frame tagging inserts a VLAN ID ineach frame. When a switch sends a frame to another switch, then it adds an extra header with the frame this header content VLAN ID and Frame. This processis called VLAN Tagging & Trunking.Cisco switch support two types of frame tagging protocols.ISL: - ISL (Inter Switch Link) is Cisco proprietary frame tagging protocol, and it supports Ethernet, Token Ring, FDDI, and ATM frame. ISL encapsulates a framewith an additional header (26 bytes) and trailer (4 bytes), increasing the size of an Ethernet frame up to 30 bytes. The header contains the 10 byte VLAN ID.The trailer contains an additional 4-byte CRC for data-integrity purposes.Trunking with ISLIEEE802.1Q: - IEEE802.1Q is open standard protocol. 802.1Q actually inserts a 4-byte VLAN ID into the Layer-2 frame header.Configuring Trunk Links.Trunking with 802.1QTo manually configure a trunk port, for either ISL or 802.1Q tagging:Comparing ISL and 802.1Q:ISL 802.1QProprietary NonproprietaryEncapsulated TaggedProtocol independent Protocol dependentEncapsulates the old Adds a field toframe in a new frame the frame header Question : - What happens when we use the switchport mode trunk command without specifying the encapsulation on switches that support both protocols?Network Bulls (A unit of Network Bullstudy Pvt. Ltd.) Email: firstname.lastname@example.org, http://networkbulls.com.
On switches that support multiple trunking encapsulations (802.1Q and ISL), you must first configure the trunking encapsulation before setting the interface to trunk mode. The switchport trunk encapsulation command must be configured before the switchport mode trunk. Switch(config)# interface fa0/24 Switch(config-if)#switchport trunk encapsulation isl Switch(config-if)#switchport mode trunk Switch(config)#interface fa0/24 Switch(config-if)#switchport trunk encapsulation dot1q Switch(config-if)#switchport mode trunkNote: - Always remember, both sides of the trunk line must be configured with the same tagging protocol.By default, trunk ports allow all VLANs to traverse the trunk linkSwitch(config)#interface fa0/19Switch(config-if)#switchport trunk allowed vlan remove 10-100Switch(config-if)#switchport trunk allowed vlan add 20-35Note: - The first switchport command will prevent the trunk port from passing traffic from VLANs 50-100. The second switchport command will re-allow thetrunk port to pass traffic from VLANs 60-65. In both cases, the switchport trunk allowed commands are adding/subtracting from the current list of allowedVLANs, and not replacing that list.Switch(config)#interface fa0/24Switch(config-if)#switchport trunk allowed vlan allSwitch(config-if)#switchport trunk allowed vlan except 2-99Note: -Certain VLANs are reserved and cannot be removed from a trunk link, including VLAN 1 and system VLANs 1002-1005.Management VLAN The Management VLAN is the VLAN used to reach (ping, telnet) devices. Configure VLAN 1 Default: Management VLAN is VLAN 1 Allows us to communicate with the switch over the network (ping, telnet if privilege and vty passwords configured)Switch#configure terminalEnter configuration commands, one per line. End with CNTL/Z.Switch(config)#hostname networknetwork(config)#interface vlan 1network(config-if)#ip address 10.1.1.101 255.255.255.0network(config-if)#no shutdownnetwork(config)#exitnetwork#Default, Native and Management VLANs: -Network Bulls (A unit of Network Bullstudy Pvt. Ltd.) Email: email@example.com, http://networkbulls.com.
By default all traffic is carried across VLAN 1. VLAN 1 is the default VLAN (all user traffic)Frames from the native VLAN are not tagged when sent out trunk ports. A trunking interface can only be assigned one native VLAN. Only 802.1Q supportsnative VLANs. The native VLAN should be configured on both sides of the 802.1Q trunk)Note: -By default on all trunking interfaces, the Native VLAN is VLAN 1.A native VLAN can also be configured on trunk ports.Switch(config)#interface fa0/24Switch(config-if)#switchport mode trunkSwitch(config-if)#switchport trunk native vlan 42Dynamic Trunking Protocol (DTP) Configuration:DTP (Dynamic Trunking Protocol) and Switchport Mode Interactions Dynamic Auto Dynamic Desirable Trunk Access VTP (VLAN TruningDynamic Auto Access Trunk Trunk Access Protocol) VLAN TrunkDynamic Desirable Trunk Trunk Trunk Access Protocol (VTP) reduces administration in aTrunk Trunk Trunk Trunk Not recommended switched network. VLAN information can be configuredAccess Access Access Not recommended Access on a VTP server, which is distributedthrough all switches in the same domain. Do not have to configure VALN on each switch individually. VTP is a Cisco-proprietary protocol.VTP Modes: Server Can create, modify, and delete VLANs Configure VTP version and VTP pruning. Advertise their VLAN configuration to other switches in the same VTP domain VTP advertisements sent/received over trunk links. Default mode. Client Behave the same way as VTP servers, but you cannot create, change, or delete VLANs on a VTP client. Transparent Does not participate in VTP. Does not advertise its VLAN configuration in VTP. Does not synchronize its VLAN configuration based on received advertisements VTP Version 1 – the transparent switch will only pass updates from the same VTP domain.Network Bulls (A unit of Network Bullstudy Pvt. Ltd.) Email: firstname.lastname@example.org, http://networkbulls.com.
VTP Version 2 – the transparent switch will pass updates from any VTP domain. Does forward VTP advertisements that they receive out their trunk ports in VTP Version 2. Note: Switches transmit VTP messages only over 802.1Q and ISL trunks. By default, VTP updates are sent out every 300 seconds, or anytime a change to the database occurs. Note: A VTP server without a VTP domain name cannot send or receive VLAN information using VTP.There are three versions of VTP.VTP Version 1VTP Version 2VTP Version 3 VTP Messages: - VTP Summary advertisements VTP Subset advertisements Advertisement RequestVTP Summary advertisementsBy default sent every five-minute. Inform adjacent switches of the current VTP domain name and the configuration revision number.Receiving switch compares the VTP domain name to its own VTP domain name. If the name is different, the switch simply ignores the packet.If the name is the same, the switch then compares the configuration revision to its own revision. If its own configuration revision is higher or equal, the packetis ignored. Own Configuration Rev higher or equal than senders? Otherwise, it is lower and a VTP Advertisement Request is sent.VTP Subset advertisementsSent in response to a VTP Advertisement Request. Also, sent whenever there is a change to VLAN information on a VTP server. First the server sends a VTPSummary Advertisement, and then the server sends a VTP Subset Advertisement. One or several subset advertisements follow the summary advertisement. Asubset advertisement contains a list of VLAN information.A Subset Advertisement will contain the following fields:• VTP Version• VTP Domain• VTP Configuration Revision• VLAN IDs for each VLAN in the database• VLAN-specific information, such as the VLAN name and MTUExample: - VTP works only over trunk links. Switch A (Server) sends summary advertisement over trunk links on VLAN 1 Includes Domain and Revision Number Multicast 01-00-0C-CC-CC-CC Switch B updates its Domain Because of the higher revision number in the Summary, B replies with Advertisement RequestNetwork Bulls (A unit of Network Bullstudy Pvt. Ltd.) Email: email@example.com, http://networkbulls.com.
Switch A sends a VTP Subset advertisement Switch B updates its VLAN configuration revision number and VLANs. (May be preceded by another Summary advertisement.)Example: - VTP advertisements sent to Transparent switch. (Shown together) Switch C does not make any changes based on these advertisements. Now, let’s say Switch C is configured with: Domain name Cisco VLANs 2, 3, 4, 5, 6 Even though in same domain, Switch C does not advertise these VLANs to other switches. The Configuration Revision number remains at 0 even when VLAN configuration is changed.Transparent switches will relay VTP messages it receives to other switches if it is in the same domain or in a null domain.Now let’s see VTP Client Switch D added to the network. Switch A (Server) sends summary advertisement over trunk links on VLAN 1. Switch D updates its Domain Replies with Advertisement Request Switch A sends a VTP Subset advertisement Switch D updates its VLAN configuration revision number and VLANsBoth switches are VTP Servers and in the same Domain, but different VLAN information. Let’s see what happens when trunking is enabled between theswitches… When two switches with same Domain Name and same Configuration Revision Numbers exchange VTP information: there is No change on both switch. In case Switch A adds a new VLAN, Configuration revision is increased by 1. Switch A will send VTP information to Switch B who will synchronize its VLAN information with Switch A, losing current “local” VLANs Configuring VTP To configure the VTP domain (the domain name is case sensitive):Network Bulls (A unit of Network Bullstudy Pvt. Ltd.) Email: firstname.lastname@example.org, http://networkbulls.com.
Switch(config)#vtp domain MYDOMAIN To configure the VTP mode: Switch(config)#vtp mode server Switch(config)#vtp mode client Switch(config)#vtp mode transparent The VTP domain can be further secured using a password: Switch(config)#vtp password PASSWORD All switches participating in the VTP domain must be configured with the same password. The password will be hashed into a 16-byte MD5 value. By default, a Catalyst switch uses VTP version 1. Switch(config)#vtp version 2 Verify configurations: show vlan show vtp status show interfaces interface switchport show interfaces trunk show running-config Note: - The switch in VTP server mode with the highest revision number propagates VLAN information over trunked ports. Question: - What is the default VTP version? 2 What is the starting configuration revision? 0 What is the default VTP Mode? Server What is the default VTP domain name? noneNetwork Bulls (A unit of Network Bullstudy Pvt. Ltd.) Email: email@example.com, http://networkbulls.com.