Download Configuring the switch port.

Survey
yes no Was this document useful for you?
   Thank you for your participation!

* Your assessment is very important for improving the workof artificial intelligence, which forms the content of this project

page
1
page
2
page
3
page
4
page
5
page
6
page
7
page
8
Document related concepts

IEEE 802.1aq wikipedia , lookup

Asynchronous Transfer Mode wikipedia , lookup

Piggybacking (Internet access) wikipedia , lookup

Recursive InterNetwork Architecture (RINA) wikipedia , lookup

Computer network wikipedia , lookup

Distributed firewall wikipedia , lookup

Zero-configuration networking wikipedia , lookup

Net bias wikipedia , lookup

Airborne Networking wikipedia , lookup

Deep packet inspection wikipedia , lookup

Wake-on-LAN wikipedia , lookup

Parallel port wikipedia , lookup

Network tap wikipedia , lookup

Telephone exchange wikipedia , lookup

Cracking of wireless networks wikipedia , lookup

Spanning Tree Protocol wikipedia , lookup

Virtual LAN wikipedia , lookup

Transcript 
Configuring Switches
Lesson overview.
In this lesson, we will cover.
●
●
●
●
Switch overview.
Spanning Tree Protocol.
Switch installation considerations.
Configuring the switch port.
Switch overview.
Most switches operate at Layer 2—the data link layer—of the OSI (Open Systems
Interconnection) reference model. What makes a switch a switch is an application specific
integrated circuit (ASIC) chip. The ASIC chip is used to make switching decisions in place of
software based on media access control (MAC) addresses. This ability allows switches to break
up collision domains, this allows switches to run in full duplex mode, and this allows switches to
make faster decisions than either bridges or routers.
When a switch receives a packet on a port, it makes some simple decisions based on its MAC
table. It will make one of three decisions. It may decide to forward the packet, which is where
the packet is directed out the port on which the destination MAC address resides. It may decide
to filter the packet, which is where the packet is not directed out of ports that are not associated
with the destination MAC address. The final decision that it may make is to flood the packet,
which is where the packet is sent out all of the ports on the switch—except for the port on which
it came in.
Unmanaged vs. managed switches.
An unmanaged switch is a simple switch—plug it in and it works. There is no method provided
for configuration. An unmanaged switch is designed with ease of installation as its main
attribute.
Managed switches, on the other hand, can be configured through either the command line or a
browser based interface. Managed switches provide for a high degree of network customization
and control. A managed switch can also be set up so that an administrator can monitor its
performance remotely and use protocols, such as SNMPv3 (Simple Network Management
Protocol version 3), to make some modifications to its configuration.
Highlights:
●
●
●
Most switches operate at Layer 2 of the OSI model and have an ASIC chip used to make
switching decisions in place of software.
Switches break-up collision domains and run in full-duplex mode.
When a switch receives a packet on a port, it makes one of three decisions based on its
MAC table:
○
●
●
Forward: the packet is directed out the port that is associated with the destination
MAC address.
○ Filter: the packet is not directed out ports that are not associated with the
destination MAC address.
○ Flood: the packet is flooded out all ports (except the port that received the
packet).
An unmanaged switch is a simple switch designed with ease of installation as its main
attribute.
Managed switches can be configured to provide a high degree of network customization
and control.
Spanning Tree Protocol.
Spanning Tree Protocol (STP) is a loop avoidance technology. A switching loop can occur on
networks where there are multiple paths to reach destination MAC addresses. DEC (Digital
Equipment Corporation) created STP to reduce the possibility of switching loops. With STP, the
switches elect a root bridge to control the switched network. The switches will shut down ports
that are not the best path to the root bridge, reducing the risk of loops.
In an STP-enabled network, no network traffic can flow until after the STP process has taken
place and a stable state has been achieved. The stable state is called convergence and it can
take a significant amount of time with STP, up to 50 seconds. After convergence, the STPselected switch ports send out bridge protocol data unit (BPDU) packets to help maintain the
stable state.
Highlights:
●
●
●
●
A switching loop can occur on networks where there are multiple paths to reach
destination MAC addresses, which can be created when switches are connected
together.
The switches elect a root bridge to control the switched network and shut down ports
that are not the best path to the root bridge.
STP can take up to 50 seconds to achieve a stable state (convergence).
After convergence, the STP selected switch ports send out BPDU packets to help
maintain the stable state.
STP port states.
All switch ports in an STP-enabled network can be in one of five states. The disabled state is
when the port is administratively shut down and it is not receiving or sending packets; it's just
completely disabled. In the blocking state, the port will not forward packets, but it is still
receiving BPDU packets and will drop all other packets. In the listening state, the port will not
forward packets, but listens to BPDU packets to make sure that no loops can occur in
preparation for the next state. The learning state is a state in which the port will not forward
packets, but it is learning all of the paths in the network. It is populating its MAC address table in
preparation for the next state. The last state in STP is the forwarding state. In this state, the port
will forward and receive all packets that are flowing across the network that are directed to that
port.
The five states of STP:
●
●
●
●
●
Disabled: administratively shut down.
Blocking: will not forward packets, but is still receiving BPDU packets and will drop all
other packets.
Listening: will not forward packets, but listens to BPDU packets to make sure no loops
can occur in preparation for the next state.
Learning: will not forward packets, but is learning all of the paths in the network; it is
populating its MAC address table.
Forwarding: it will forward (send) and receive all packets.
802.1d.
The IEEE liked STP so much that it created the 802.1d standard. This is their version of STP.
All modern Layer 2 switches run the 802.1d standard by default. The 802.1d standard suffers
from the same time constraints (slow convergence time) as STP.
Highlights:
●
●
802.1d is the IEEE version of STP.
Suffers from same time constraints as STP.
Rapid Spanning Tree Protocol.
The slow convergence time of 802.1d led to the creation of Rapid Spanning Tree Protocol
(RSTP), which is also known as 802.1w. RSTP has a much faster convergence time than
802.1d. With RSTP enabled on all switches, a network can achieve its stable state in
approximately five seconds. RSTP is not turned on by default on Layer 2 switches; it must be
enabled by an administrator.
802.1w defines three possible port states. The first of these states is discarding. In this state,
the port may be administratively disabled or it may be in a blocking mode or a listening mode.
The next state is learning. In this state, the port is populating its MAC address table in
preparation for forwarding packets. The final state is forwarding. In this state the port is actively
forwarding packets.
Highlights:
●
●
With RSTP enabled on all switches, a network can achieve its stable state in
approximately five seconds.
RSTP is not turned on by default on Layer 2 switches and must be enabled by an
administrator.
The three states of RSTP:
●
●
Discarding: the port may be administratively disabled or it may be in a blocking mode or
listening mode.
Learning: the port is populating its MAC address table in preparation for forwarding
packets.
●
Forwarding: the port is actively forwarding packets.
Switch installation considerations.
The business or enterprise network is more complex than the SOHO (small office/home office)
network. A SOHO network may be able to get by with using one or more unmanaged switches
and still operate adequately. Once beyond the level of a SOHO though, more thought and
planning is required—as unmanaged switches are no longer up to the job.
There are multiple issues to consider when installing a managed switch and it is wise to plan for
those in advance to save time and reduce frustration. Some of the important considerations are
outlined below.
Will VLANs (Virtual Local Area Networks) be required?
One of the first things to consider is whether or not there will be VLANs (virtual local area
networks). While switches may break up collision domains, they do not break up broadcast
domains. VLANs, on the other hand, will. VLANs take a single network environment and create
smaller network segments by subnetting the network address range, effectively breaking up the
broadcast domains of that network.
VLANs are used in a switched network environment for a variety of reasons. Besides breaking
up broadcast domains, using VLANs can also increase security by allowing administrators to
limit access to network resources. The administrator can configure the VLANs and then assign
users, nodes, or ports to a specific VLAN. All managed switches come with a native VLAN,
which is determined by the manufacturer. This native VLAN is used to help manage the switch.
As long as the VLAN information matches, VLAN traffic is allowed to cross between different
ports on the same switch. For example, a host on VLAN2 can send traffic to another host on
VLAN2 if they reside on the same switch. If multiple switches are connected together, in order
for VLAN traffic to cross between the switches, trunk ports must be configured. Trunk ports are
special ports that allow VLAN traffic to flow between different switches. For example, a host on
VLAN2 can send traffic across a trunk port to another host on VLAN2 (on a different switch).
VTP (virtual trunk port protocol) is a Cisco proprietary method of creating a virtual trunk port,
which allows VLAN traffic to pass between switches and to automatically manage the VLAN
environment. In order for different VLANs to communicate with each other, a router—or some
other Layer 3 device—must be installed on the network.
Highlights:
●
●
●
VLANs take a single network environment and create smaller network segments by
subnetting the network address range.
VLANs are used in a switched network environment for a variety of reasons:
○ Break up broadcast domains into smaller pieces.
○ Increase security by limiting access to network resources.
The administrator configures the VLANs and assigns users, nodes, or ports to a specific
VLAN.
●
●
●
●
The native VLAN—which is determined by the manufacturer—is used to help manage
the switch.
VLAN traffic is allowed to cross switch ports—as long as the VLAN information matches.
VTP is a Cisco proprietary method of creating a virtual trunk port, allowing VLAN traffic
to pass between switches.
In order for different VLANs to communicate with each other, a router or other Layer 3
device must be installed.
How will the switches be managed?
A second consideration is how the switches are going to be managed. Switches may be
managed out-of-band, which means that no network connection is required. This is achieved
through the use of the console port on the switch. The console port is a specific port on
managed switches used to connect to and configure or manage a switch. A rollover cable may
be required to make the connection to the console port. Security should also be set on console
ports to prevent unauthorized access through that console port.
The other option for switch management is to use in-band management. With in-band
management, a network connection is used to manage the switch. One of the most common
methods of allowed in-band management is through the use of virtual terminals, or VTY
connections. The most common VTY connections are Telnet or Secure Shell (SSH) sessions.
Security should be set if Telnet is allowed on VTY-type connections. By default, SSH is a
secured connection.
If in-band management is going to be used, a default gateway address will need to be
established. That default gateway address must be placed on an interface that belongs to the
native VLAN (default VLAN). The default gateway on a switch is different than the default
gateway on a router. On a switch, it is only used to manage the switch and not to pass other
network traffic.
As part of the setup and management of the switch, an administrator should configure which
users and passwords are allowed to connect to the switch and what their level of access to the
configuration is going to be. In-band and out-of-band management security settings may be
different. Some users may be allowed in-band management access, while others may not, and
vice versa. If AAA (Authentication, Authorization, and Accounting) protocols are used in the
network, the switch must be configured to use them as well.
Highlights:
●
●
●
Switches may be managed out-of-band—no network connection required—through the
use of the console port on the switch (note: security should be set on console ports).
Switches may be configured to be managed in-band—a network connection is used to
manage the switch—commonly through VTY connections using Telnet or SSH sessions
(note: security should be set if Telnet is used).
A default gateway address must be placed on an interface that belongs to the native
VLAN in order to allow for in-band switch management.
●
An administrator should configure which users and passwords are allowed to connect to
the switch and what their level of access to the configuration is going to be.
Configuring the switch port.
When configuring the switch port, there are a number of vital settings that must be established.
The most important of these are outlined below.
Speed and duplexing.
Most modern switch ports can auto-negotiate both the speed of the link and the duplexing mode
used; however, in some cases, an administrator may need to manually set both the speed and
the duplex in order for a connection to occur. Speed and duplexing errors are the most common
cause for a link not being established between a switch and other devices.
Highlights:
●
●
Most modern switch ports can auto-negotiate the speed of the link and the duplexing
mode used.
Administrators may sometimes need to manually set the speed and the duplex for a
connection to occur.
VLAN assignment.
All switch ports will belong to a VLAN. That VLAN will either be an administratively configured
one or it will be the native VLAN. The most common native VLAN is VLAN 1, which should be
administratively changed to a different VLAN to increase the security level on the switch (e.g.,
change VLAN 1 to VLAN 99).
Highlights:
●
●
All switch ports will belong to a VLAN, either an administratively configured one or the
native VLAN.
The native VLAN should be administratively changed for increased security.
Trunking.
Trunking is used to facilitate VLAN traffic between different switches in a network. Trunk ports
are switch ports that are configured to carry VLAN traffic between switches. The standard
protocol used is 802.1q. The 802.1q protocol strips off the VLAN tag. Actually, it changes that
tag to match the native VLAN, which allows the traffic to cross over the port. Once on the other
side, then the 802.1q port on the other side reinserts the original VLAN tag.
Highlights:
●
●
Trunking facilitates VLAN traffic between different switches.
Switch ports configured with 802.1q are the trunk ports that allow traffic to cross between
switches.
Port bonding.
In situations where greater bandwidth is desired, port bonding can be implemented using LACP
(Link Aggregation Control Protocol). LACP is the protocol that is used to create a single logical
channel from redundant connections between switches. It bonds those ports together. This will
increase the bandwidth between the switches.
Highlights:
●
LACP can be used to create a single logical channel from redundant connections
between switches to increase bandwidth between them.
PoE (Power over Ethernet).
Some switches come equipped with PoE (Power over Ethernet) ports. These ports, as well as
carrying data, can also use one of two methods to provide current over the network cable. This
gives these ports the ability to power small network devices, while at the same time
communicating with them. The port itself may provide the current, or the port may instead allow
the use of a power injector to provide the power.
There are multiple PoE standards in place. The two most common are the PoE standard
(802.3AF), which can provide up to 15.4 watts of current and the PoE+ standard (802.3AT),
which can provide up to 30 watts of current.
Highlights:
●
●
Switches that come equipped with PoE ports can carry data and are also able to power
small network devices.
There are multiple PoE standards in place; the most common are:
○ PoE (802.3af): can provide 15.40 W of current.
○ PoE+ (802.3at): can provide 30.0 W of current.
Port mirroring.
Port mirroring may be enabled on a switch port. This allows the configured port to receive all
network traffic going to and from a specific port. By using port mirroring, an administrator can
examine and analyze the traffic going into and coming from a specific host or port.
Port mirroring is most often used in conjunction with a packet analyzer (e.g., a network sniffer or
packet sniffer). Port mirroring can create a significant amount of network overhead, so it should
be used sparingly on an active network.
Highlights:
●
●
●
By using port mirroring, an administrator can examine and analyze the traffic going into
and coming from a specific host or port.
Port mirroring is most often used in conjunction with a packet analyzer.
Port mirroring can create a significant amount of network overhead, so should be used
sparingly on an active network.
What was covered.
Switch overview.
Switches are Layer 2 devices used on networks to move packets (data) from source to
destination based on MAC addresses. Unmanaged switches are simple and don’t provide a
method for configuring their operations. Managed switches can be configured through the
command line or some other interface. SNMP can be used with managed switches to ease the
management process.
Spanning Tree Protocol.
A switching loop can occur on networks when there are redundant paths between nodes. DEC
created STP as a means of preventing switching loops from occurring on networks. STP defines
five port states: disabled, blocking, listening, learning, and forwarding. STP can take up to 50
seconds to reach convergence. The IEEE version of STP is 802.1d. RSTP (802.1w) was
created to decrease the convergence time to approximately five seconds. RSTP defines three
port states: discarding, learning, and forwarding.
Switch installation considerations.
Planning for a managed switch environment can save on time and frustration. Some installation
considerations include: the creation of VLANs; in-band and out-of-band switch management,
including establishing a default gateway address; user settings; and AAA settings, if required.
Configuring the switch port.
An administrator also needs to consider the settings for each individual port on a switch. Some
of these considerations are: the speed and duplex used on the port, the VLAN assignment for
the port, which ports will handle 802.1q trunking, if bandwidth could be increased by using
LACP, and how many PoE or PoE+ ports are available to be used to power devices.
Related documents
Nona*s Homemade * Marketing Project * C Block Marketing Class
Nona*s Homemade * Marketing Project * C Block Marketing Class
Release notes_1.3
Release notes_1.3
Network Designs
Network Designs
Network Components
Network Components
What are the Advantages and Disadvantages of a Policy
What are the Advantages and Disadvantages of a Policy
Chapter 1: Protocols and Layers
Chapter 1: Protocols and Layers
Project brief 2007 COUNTRY: EGYPT PROJECT NAME: DAMIETTA
Project brief 2007 COUNTRY: EGYPT PROJECT NAME: DAMIETTA
Review Questions of Switching Networks
Review Questions of Switching Networks
Network Devices
Network Devices
Basic Configuration of WAP4410N
Basic Configuration of WAP4410N
CCNA3 Chap1 practice testquestions
CCNA3 Chap1 practice testquestions
ZTE ZXR10 5900E Series MPLS Easy
ZTE ZXR10 5900E Series MPLS Easy