Download Describe and Configure VLANs on a Cisco Switch

Survey
yes no Was this document useful for you?
   Thank you for your participation!

* Your assessment is very important for improving the workof artificial intelligence, which forms the content of this project

page
1
page
2
page
3
page
4
page
5
page
6
page
7
page
8
page
9
page
10
page
11
page
12
page
13
page
14
page
15
page
16
page
17
page
18
page
19
page
20
page
21
page
22
page
23
page
24
page
25
page
26
page
27
page
28
page
29
page
30
page
31
page
32
page
33
page
34
page
35
page
36
page
37
page
38
page
39
page
40
page
41
Document related concepts

IEEE 802.1aq wikipedia , lookup

Zero-configuration networking wikipedia , lookup

Power over Ethernet wikipedia , lookup

Network tap wikipedia , lookup

Telephone exchange wikipedia , lookup

Cracking of wireless networks wikipedia , lookup

Parallel port wikipedia , lookup

Nonblocking minimal spanning switch wikipedia , lookup

Cisco Systems wikipedia , lookup

Spanning Tree Protocol wikipedia , lookup

Virtual LAN wikipedia , lookup

Transcript 
Switching in an
Enterprise Network
Introducing Routing and Switching in the Enterprise –
Chapter 3
ITE I Chapter 6
© 2006 Cisco Systems, Inc. All rights reserved.
Cisco Public
1
Objectives

Compare the types of switches used in an enterprise
network.

Explain how Spanning Tree Protocol prevents
switching loops.

Describe and configure VLANs on a Cisco switch.

Describe and configure trunking and Inter-VLAN
routing.

Maintain VLANs in an enterprise network.
ITE 1 Chapter 6
© 2006 Cisco Systems, Inc. All rights reserved.
Cisco Public
2
Compare the Types of Switches Used in an
Enterprise Network
 Switching and network segmentation
 Content addressable memory (CAM) - MAC address table
in high-speed memory, recreates every time switch is
activated
 Virtual circuits
 Broadcast vs Collision
ITE 1 Chapter 6
© 2006 Cisco Systems, Inc. All rights reserved.
Cisco Public
3
 Aging timer - deletes entries from the MAC address table
if they are not used within a certain period of time
 If a source MAC address is not in the table, it is added
 Checks for the destination MAC address, forwards the
frame out the port or floods the frame out every active port
except the port upon which it was received.
ITE 1 Chapter 6
© 2006 Cisco Systems, Inc. All rights reserved.
Cisco Public
4
 Hardware-based Layer 2 switching
 Software-based Layer-3 (multilayer) switching
ITE 1 Chapter 6
© 2006 Cisco Systems, Inc. All rights reserved.
Cisco Public
5
 Store and forward switching
entire frame is read and stored in memory
checks the integrity of the bits in the frame by recalculating the cyclic
redundancy check (CRC) value
 Cut-through switching
Fast-forward - forwards the frames out the destination port as soon
as it reads the destination MAC address
Fragment-free - reads the first 64 bytes of the frame before it begins
to forward it out the destination port.
ITE 1 Chapter 6
© 2006 Cisco Systems, Inc. All rights reserved.
Cisco Public
6
Adaptive Cut Through uses Threshold Value
ITE 1 Chapter 6
© 2006 Cisco Systems, Inc. All rights reserved.
Cisco Public
7
Compare the Types of Switches Used in an
Enterprise Network
 Switch physical security
 Switch access security
ITE 1 Chapter 6
© 2006 Cisco Systems, Inc. All rights reserved.
Cisco Public
8
Recording…..
https://ciscosales.webex.com/ciscosales/lsr.php?AT=pb&
SP=EC&rID=28306537&rKey=5E5C4B5D39A215FD
(password: NetAcad)
ITE 1 Chapter 6
© 2006 Cisco Systems, Inc. All rights reserved.
Cisco Public
9
 Redundancy required in the network design to maintain a
high degree of reliability and eliminate any single point of
failure
 Accomplished by installing duplicate equipment and
network links for critical areas
 Reduce congestion & support high availability & load
balancing
 Dangers of switching loops & broadcast storms
ITE 1 Chapter 6
© 2006 Cisco Systems, Inc. All rights reserved.
Cisco Public
10
Explain How Spanning Tree Protocol Prevents
Switching Loops
 Create a loop-free logical topology
 Potential loop detection and port blocking
 Redundancy without switching loops
ITE 1 Chapter 6
© 2006 Cisco Systems, Inc. All rights reserved.
Cisco Public
11
Explain How Spanning Tree Protocol Prevents
Switching Loops
ITE 1 Chapter 6
© 2006 Cisco Systems, Inc. All rights reserved.
Cisco Public
12
As a switch powers on, each port cycles through a
series of four states:
•
•
•
•
•
ITE 1 Chapter 6
Blocking
Listening
Learning
Forwarding
Disabled (indicates that the administrator has
shut down the switch port)
© 2006 Cisco Systems, Inc. All rights reserved.
Cisco Public
13
ITE 1 Chapter 6
© 2006 Cisco Systems, Inc. All rights reserved.
Cisco Public
14
ITE 1 Chapter 6
© 2006 Cisco Systems, Inc. All rights reserved.
Cisco Public
15
BRIDGE
 Root Bridge is the primary switch or focal point in the
STP topology.
 Root bridge communicates with the other switches using
Bridge Protocol Data Units (BPDUs).
 BPDUs are frames that multicast every 2 seconds to all
other switches. BPDUs contain information such as:
Identity of the source switch
Identity of the source port
Cumulative cost of path to root bridge
Value of aging timers
Value of the hello timer
ITE 1 Chapter 6
© 2006 Cisco Systems, Inc. All rights reserved.
Cisco Public
16
Explain How Spanning Tree Protocol Prevents
Switching Loops
 Determining a root bridge
 Bridge ID (BID)
 Root ports, designated ports, and blocked ports
ITE 1 Chapter 6
© 2006 Cisco Systems, Inc. All rights reserved.
Cisco Public
17
 One root bridge on each network, and it is elected
based on the bridge ID (BID)
 The bridge priority value plus the MAC address creates
the BID.
 Bridge priority has a default value of 32,768. If a switch
has a MAC address of AA-11-BB-22-CC-33, the BID for
that switch would be: 32768: AA-11-BB-22-CC-33.
ITE 1 Chapter 6
© 2006 Cisco Systems, Inc. All rights reserved.
Cisco Public
18
 The root bridge = the lowest BID value
 If same default priority value, the switch with the lowest
MAC address becomes the root bridge
 As each switch powers on, it assumes that it is the root
bridge, and sends out BPDUs containing its BID
 STP designates three types of ports: root ports,
designated ports, and blocked ports
 Root port - provides the least cost path back to the root
bridge
 Designated Port - forwards traffic toward the root bridge
but does not connect to the least cost path
 Blocked Port - does not forward traffic
ITE 1 Chapter 6
© 2006 Cisco Systems, Inc. All rights reserved.
Cisco Public
19
 STP designates three types of ports: root ports, designated
ports, and blocked ports
 Root port - provides the least cost path back to the root bridge
 Designated Port - forwards traffic toward the root bridge but
does not connect to the least cost path
 Blocked Port - does not forward traffic
ITE 1 Chapter 6
© 2006 Cisco Systems, Inc. All rights reserved.
Cisco Public
20
 To specify the root bridge - configured with the lowest priority
value
 Range for the priority is from 0 to 65535, but values are in
increments of 4096.
 Default value = 32768.
 To set priority:
S3(config)#spanning-tree vlan 1 priority 4096
 To restore priority to default:
S3(config)#no spanning-tree vlan 1 priority
ITE 1 Chapter 6
© 2006 Cisco Systems, Inc. All rights reserved.
Cisco Public
21
STP Enhancements
 Cisco proprietary - PortFast, UplinkFast, and BackboneFast
 PortFast causes an access port to enter the forwarding state immediately,
bypassing the listening and learning states - use PortFast on access ports
that are connected to a single workstation or server
 UplinkFast accelerates the choice of a new root port when a link or switch
fails or when STP reconfigures itself - root port transitions to the forwarding
state immediately without going through the listening and learning states
 BackboneFast provides fast convergence after a spanning tree topology
change occurs - used at the Distribution and Core Layers, where multiple
switches connect
ITE 1 Chapter 6
© 2006 Cisco Systems, Inc. All rights reserved.
Cisco Public
22
Spanning-tree verification commands
 show spanning-tree - Displays root ID, bridge ID, and
port states
 show spanning-tree summary - Displays a summary of
port states
 show spanning-tree root - Displays the status and
configuration of the root bridge
 show spanning-tree detail - Displays detailed port
information
 show spanning-tree interface - Displays STP interface
status and configuration
 show spanning-tree blocked ports - Displays blocked
ports
ITE 1 Chapter 6
© 2006 Cisco Systems, Inc. All rights reserved.
Cisco Public
23
 Rapid Spanning Tree Protocol –
requires a full-duplex, point-to-point connection between
switches to achieve the highest reconfiguration speed
occurs in less than 1 second, as compared to 50 seconds in STP
reduces the number of port states to three: discarding, learning
and forwarding
all ports that are not discarding are part of the active topology
and will immediately transition to the forwarding state.
ITE 1 Chapter 6
© 2006 Cisco Systems, Inc. All rights reserved.
Cisco Public
24
Describe and Configure VLANs on a Cisco Switch
 Virtual LANs
A VLAN is a logical broadcast
domain that can span multiple
physical LAN segments.
 Logical networks
 Broadcast control
 Transparent to end-users
Network design
best practice broadcast traffic
is contained to
the area of the
network in which
it is required
ITE 1 Chapter 6
© 2006 Cisco Systems, Inc. All rights reserved.
Cisco Public
25
Describe and Configure VLANs on a Cisco
Switch
 VLAN functions
 VLAN membership
Static – manually assigned
Dynamic – server based
VLAN has two major functions:
Contains broadcasts.
Groups devices.
Devices located on one VLAN are not visible to devices located on another VLAN.
Traffic requires a Layer 3 device to move between VLANs.
ITE 1 Chapter 6
© 2006 Cisco Systems, Inc. All rights reserved.
Cisco Public
26
Describe and Configure VLANs on a Cisco
Switch
 VLAN 1: management VLAN - used to exchange
information, such as Cisco Discovery Protocol (CDP) traffic
and VLAN Trunking Protocol (VTP) traffic, with other
networking devices.
 VLAN numbers & names
 Port assignment
ITE 1 Chapter 6
© 2006 Cisco Systems, Inc. All rights reserved.
Cisco Public
27
Describe and Configure VLANs on a Cisco Switch
 VLAN verification commands
 Deleting a VLAN - Switch(config)#no vlan vlan_number
 Removing a port from a VLAN –
 Switch(config)#interface fa0/port_number
 Switch(config-if)#no switchport access vlan vlan_number
Lab
3.3.2.5
ITE 1 Chapter 6
© 2006 Cisco Systems, Inc. All rights reserved.
Cisco Public
28
Describe and Configure VLANs on a Cisco Switch
 VLAN ID
 Frame tagging: IEEE 802.1Q
A switch associates each
port with a specific VLAN
number. As a frame
enters that port, the
switch inserts the VLAN
ID (VID) into the
Ethernet frame. The
addition of the VLAN ID
number into the Ethernet
frame is called frame
tagging. The most
commonly used frame
tagging standard is IEEE
802.1Q.
ITE 1 Chapter 6
© 2006 Cisco Systems, Inc. All rights reserved.
Cisco Public
29
Describe and Configure VLANs on a Cisco Switch
 VLAN ID
 Frame tagging: IEEE 802.1Q
Tag field increases the
minimum Ethernet frame
from 64 to 68 bytes. The
switch recalculates the FCS
because the number of bits
in the frame has been
modified.
802.1Q-compliant port is
connected to another
802.1Q-compliant port ??? YES - VLAN tagging
information passes between
them
NO - VLAN tag is removed
before the frame is placed
on the media.
ITE 1 Chapter 6
© 2006 Cisco Systems, Inc. All rights reserved.
Cisco Public
30
Describe and Configure Trunking & Inter-VLAN
Routing
 Trunk port characteristics
Point-to-point link
Carry multiple-VLAN traffic over single link
 Support for frame tagging
 Trunk modes - Trunk ports are necessary to carry the traffic
from multiple VLANs between devices when connecting
either two switches together, a switch to a router, or a host
NIC that supports 802.1Q trunking.
ITE 1 Chapter 6
© 2006 Cisco Systems, Inc. All rights reserved.
Cisco Public
31
Describe and Configure Trunking and InterVLAN Routing
 Traffic may needs to cross the 802.1Q configured link
without VLAN ID
 No VLAN ID is called untagged.
 Examples of untagged traffic are Cisco Discovery
Protocol (CDP), VTP, and certain types of voice traffic.
 Untagged traffic minimizes the delays associated with
inspection of the VLAN ID tag.
ITE 1 Chapter 6
© 2006 Cisco Systems, Inc. All rights reserved.
Cisco Public
32
Describe and Configure Trunking and InterVLAN Routing
 To accommodate untagged traffic, a special VLAN
called a native VLAN is available
 Configuring a native VLAN
ITE 1 Chapter 6
© 2006 Cisco Systems, Inc. All rights reserved.
Cisco Public
33
Describe and Configure Trunking & Inter-VLAN
Routing
 A Layer 3 device provides connectivity between different VLANs.
 Subinterfaces - logically divide one physical interface into
multiple logical pathways
 Router-on-a-stick – Allows each VLAN to have its own logical
pathway and default gateway
ITE 1 Chapter 6
© 2006 Cisco Systems, Inc. All rights reserved.
Cisco Public
34
Maintain VLAN Structure on an Enterprise Network
 VLAN Trunking Protocol (VTP) purpose and goals – automate
many of the VLAN configuration functions, ensures that VLAN
configuration is consistently maintained across the network
 Management domain - reduces the task of VLAN management
and monitoring
 VTP modes: server, client, transparent
 VLAN database – saved in NVRAM, contains a revision number,
if a VTP receives an update message that has a higher revision
number than the one stored in the database, the switch updates
its VLAN database with this new information
 Configuration revision number - begins at zero, as changes
occur, the configuration revision number increases by one.
ITE 1 Chapter 6
© 2006 Cisco Systems, Inc. All rights reserved.
Cisco Public
35
Maintain VLAN Structure on an Enterprise
Network
 VTP messages
Summary advertisements –
contain the current VTP domain name and the configuration revision
number , if the domain name is the same, the switch compares the
configuration revision number to its own number, lower or equal, the
switch ignores the packet, If the revision number is higher, an
advertisement request is sent.
Subset advertisements –
follows the summary advertisement, contains a list of VLAN info
Advertisement requests –
required if the switch has been reset or the VTP domain name has
been changed
ITE 1 Chapter 6
© 2006 Cisco Systems, Inc. All rights reserved.
Cisco Public
36
Maintain VLAN Structure on an Enterprise
Network
 Configuring VTP
 Verifying VTP configuration
ITE 1 Chapter 6
© 2006 Cisco Systems, Inc. All rights reserved.
Cisco Public
37
Maintain VLAN Structure on an Enterprise
Network
 VLANs and IP phones
 VLANs and wireless security
ITE 1 Chapter 6
© 2006 Cisco Systems, Inc. All rights reserved.
Cisco Public
38
Maintain VLAN Structure on an Enterprise
Network
 VLAN best practices
 VLAN security
ITE 1 Chapter 6
© 2006 Cisco Systems, Inc. All rights reserved.
Cisco Public
39
Summary
 Switches forward traffic using store and forward or cut-through
techniques
 Basic security features should be applied to switches
 A VLAN is a way to group hosts on the same logical network even
though they may be physically separated
 Frame tagging allows a switch to identify the source VLAN of an
Ethernet frame.
 A Layer 3 device is needed to move traffic between different
VLANs.
 Subinterfaces allow router interfaces to support multiple VLANs.
 VLAN Trunking Protocol provides centralized control, distribution
and maintenance of VLANs.
ITE 1 Chapter 6
© 2006 Cisco Systems, Inc. All rights reserved.
Cisco Public
40
ITE 1 Chapter 6
© 2006 Cisco Systems, Inc. All rights reserved.
Cisco Public
41
Related documents
If your staff need to upgrade or re
If your staff need to upgrade or re
Router/Switch Security
Router/Switch Security
JOB DESCRIPTION NETWORK ADMINISTRATOR
JOB DESCRIPTION NETWORK ADMINISTRATOR
Research Scientist – Prague, Czech Republic Cisco Systems
Research Scientist – Prague, Czech Republic Cisco Systems
Cisco PWR-C45-1000AC= power supply unit (PWR
Cisco PWR-C45-1000AC= power supply unit (PWR
Career Highlights - University of the Pacific
Career Highlights - University of the Pacific
Course Overview
Course Overview
Alexander-Ereweles-CV
Alexander-Ereweles-CV
Learning Services
Learning Services
Rex Spell - rabidcat.org
Rex Spell - rabidcat.org
PPT-2 - Convergence Technology Center
PPT-2 - Convergence Technology Center