Survey
* Your assessment is very important for improving the workof artificial intelligence, which forms the content of this project
* Your assessment is very important for improving the workof artificial intelligence, which forms the content of this project
IEEE 802.1aq wikipedia , lookup
Zero-configuration networking wikipedia , lookup
Power over Ethernet wikipedia , lookup
Network tap wikipedia , lookup
Telephone exchange wikipedia , lookup
Cracking of wireless networks wikipedia , lookup
Parallel port wikipedia , lookup
Nonblocking minimal spanning switch wikipedia , lookup
Cisco Systems wikipedia , lookup
Switching in an Enterprise Network Introducing Routing and Switching in the Enterprise – Chapter 3 ITE I Chapter 6 © 2006 Cisco Systems, Inc. All rights reserved. Cisco Public 1 Objectives Compare the types of switches used in an enterprise network. Explain how Spanning Tree Protocol prevents switching loops. Describe and configure VLANs on a Cisco switch. Describe and configure trunking and Inter-VLAN routing. Maintain VLANs in an enterprise network. ITE 1 Chapter 6 © 2006 Cisco Systems, Inc. All rights reserved. Cisco Public 2 Compare the Types of Switches Used in an Enterprise Network Switching and network segmentation Content addressable memory (CAM) - MAC address table in high-speed memory, recreates every time switch is activated Virtual circuits Broadcast vs Collision ITE 1 Chapter 6 © 2006 Cisco Systems, Inc. All rights reserved. Cisco Public 3 Aging timer - deletes entries from the MAC address table if they are not used within a certain period of time If a source MAC address is not in the table, it is added Checks for the destination MAC address, forwards the frame out the port or floods the frame out every active port except the port upon which it was received. ITE 1 Chapter 6 © 2006 Cisco Systems, Inc. All rights reserved. Cisco Public 4 Hardware-based Layer 2 switching Software-based Layer-3 (multilayer) switching ITE 1 Chapter 6 © 2006 Cisco Systems, Inc. All rights reserved. Cisco Public 5 Store and forward switching entire frame is read and stored in memory checks the integrity of the bits in the frame by recalculating the cyclic redundancy check (CRC) value Cut-through switching Fast-forward - forwards the frames out the destination port as soon as it reads the destination MAC address Fragment-free - reads the first 64 bytes of the frame before it begins to forward it out the destination port. ITE 1 Chapter 6 © 2006 Cisco Systems, Inc. All rights reserved. Cisco Public 6 Adaptive Cut Through uses Threshold Value ITE 1 Chapter 6 © 2006 Cisco Systems, Inc. All rights reserved. Cisco Public 7 Compare the Types of Switches Used in an Enterprise Network Switch physical security Switch access security ITE 1 Chapter 6 © 2006 Cisco Systems, Inc. All rights reserved. Cisco Public 8 Recording….. https://ciscosales.webex.com/ciscosales/lsr.php?AT=pb& SP=EC&rID=28306537&rKey=5E5C4B5D39A215FD (password: NetAcad) ITE 1 Chapter 6 © 2006 Cisco Systems, Inc. All rights reserved. Cisco Public 9 Redundancy required in the network design to maintain a high degree of reliability and eliminate any single point of failure Accomplished by installing duplicate equipment and network links for critical areas Reduce congestion & support high availability & load balancing Dangers of switching loops & broadcast storms ITE 1 Chapter 6 © 2006 Cisco Systems, Inc. All rights reserved. Cisco Public 10 Explain How Spanning Tree Protocol Prevents Switching Loops Create a loop-free logical topology Potential loop detection and port blocking Redundancy without switching loops ITE 1 Chapter 6 © 2006 Cisco Systems, Inc. All rights reserved. Cisco Public 11 Explain How Spanning Tree Protocol Prevents Switching Loops ITE 1 Chapter 6 © 2006 Cisco Systems, Inc. All rights reserved. Cisco Public 12 As a switch powers on, each port cycles through a series of four states: • • • • • ITE 1 Chapter 6 Blocking Listening Learning Forwarding Disabled (indicates that the administrator has shut down the switch port) © 2006 Cisco Systems, Inc. All rights reserved. Cisco Public 13 ITE 1 Chapter 6 © 2006 Cisco Systems, Inc. All rights reserved. Cisco Public 14 ITE 1 Chapter 6 © 2006 Cisco Systems, Inc. All rights reserved. Cisco Public 15 BRIDGE Root Bridge is the primary switch or focal point in the STP topology. Root bridge communicates with the other switches using Bridge Protocol Data Units (BPDUs). BPDUs are frames that multicast every 2 seconds to all other switches. BPDUs contain information such as: Identity of the source switch Identity of the source port Cumulative cost of path to root bridge Value of aging timers Value of the hello timer ITE 1 Chapter 6 © 2006 Cisco Systems, Inc. All rights reserved. Cisco Public 16 Explain How Spanning Tree Protocol Prevents Switching Loops Determining a root bridge Bridge ID (BID) Root ports, designated ports, and blocked ports ITE 1 Chapter 6 © 2006 Cisco Systems, Inc. All rights reserved. Cisco Public 17 One root bridge on each network, and it is elected based on the bridge ID (BID) The bridge priority value plus the MAC address creates the BID. Bridge priority has a default value of 32,768. If a switch has a MAC address of AA-11-BB-22-CC-33, the BID for that switch would be: 32768: AA-11-BB-22-CC-33. ITE 1 Chapter 6 © 2006 Cisco Systems, Inc. All rights reserved. Cisco Public 18 The root bridge = the lowest BID value If same default priority value, the switch with the lowest MAC address becomes the root bridge As each switch powers on, it assumes that it is the root bridge, and sends out BPDUs containing its BID STP designates three types of ports: root ports, designated ports, and blocked ports Root port - provides the least cost path back to the root bridge Designated Port - forwards traffic toward the root bridge but does not connect to the least cost path Blocked Port - does not forward traffic ITE 1 Chapter 6 © 2006 Cisco Systems, Inc. All rights reserved. Cisco Public 19 STP designates three types of ports: root ports, designated ports, and blocked ports Root port - provides the least cost path back to the root bridge Designated Port - forwards traffic toward the root bridge but does not connect to the least cost path Blocked Port - does not forward traffic ITE 1 Chapter 6 © 2006 Cisco Systems, Inc. All rights reserved. Cisco Public 20 To specify the root bridge - configured with the lowest priority value Range for the priority is from 0 to 65535, but values are in increments of 4096. Default value = 32768. To set priority: S3(config)#spanning-tree vlan 1 priority 4096 To restore priority to default: S3(config)#no spanning-tree vlan 1 priority ITE 1 Chapter 6 © 2006 Cisco Systems, Inc. All rights reserved. Cisco Public 21 STP Enhancements Cisco proprietary - PortFast, UplinkFast, and BackboneFast PortFast causes an access port to enter the forwarding state immediately, bypassing the listening and learning states - use PortFast on access ports that are connected to a single workstation or server UplinkFast accelerates the choice of a new root port when a link or switch fails or when STP reconfigures itself - root port transitions to the forwarding state immediately without going through the listening and learning states BackboneFast provides fast convergence after a spanning tree topology change occurs - used at the Distribution and Core Layers, where multiple switches connect ITE 1 Chapter 6 © 2006 Cisco Systems, Inc. All rights reserved. Cisco Public 22 Spanning-tree verification commands show spanning-tree - Displays root ID, bridge ID, and port states show spanning-tree summary - Displays a summary of port states show spanning-tree root - Displays the status and configuration of the root bridge show spanning-tree detail - Displays detailed port information show spanning-tree interface - Displays STP interface status and configuration show spanning-tree blocked ports - Displays blocked ports ITE 1 Chapter 6 © 2006 Cisco Systems, Inc. All rights reserved. Cisco Public 23 Rapid Spanning Tree Protocol – requires a full-duplex, point-to-point connection between switches to achieve the highest reconfiguration speed occurs in less than 1 second, as compared to 50 seconds in STP reduces the number of port states to three: discarding, learning and forwarding all ports that are not discarding are part of the active topology and will immediately transition to the forwarding state. ITE 1 Chapter 6 © 2006 Cisco Systems, Inc. All rights reserved. Cisco Public 24 Describe and Configure VLANs on a Cisco Switch Virtual LANs A VLAN is a logical broadcast domain that can span multiple physical LAN segments. Logical networks Broadcast control Transparent to end-users Network design best practice broadcast traffic is contained to the area of the network in which it is required ITE 1 Chapter 6 © 2006 Cisco Systems, Inc. All rights reserved. Cisco Public 25 Describe and Configure VLANs on a Cisco Switch VLAN functions VLAN membership Static – manually assigned Dynamic – server based VLAN has two major functions: Contains broadcasts. Groups devices. Devices located on one VLAN are not visible to devices located on another VLAN. Traffic requires a Layer 3 device to move between VLANs. ITE 1 Chapter 6 © 2006 Cisco Systems, Inc. All rights reserved. Cisco Public 26 Describe and Configure VLANs on a Cisco Switch VLAN 1: management VLAN - used to exchange information, such as Cisco Discovery Protocol (CDP) traffic and VLAN Trunking Protocol (VTP) traffic, with other networking devices. VLAN numbers & names Port assignment ITE 1 Chapter 6 © 2006 Cisco Systems, Inc. All rights reserved. Cisco Public 27 Describe and Configure VLANs on a Cisco Switch VLAN verification commands Deleting a VLAN - Switch(config)#no vlan vlan_number Removing a port from a VLAN – Switch(config)#interface fa0/port_number Switch(config-if)#no switchport access vlan vlan_number Lab 3.3.2.5 ITE 1 Chapter 6 © 2006 Cisco Systems, Inc. All rights reserved. Cisco Public 28 Describe and Configure VLANs on a Cisco Switch VLAN ID Frame tagging: IEEE 802.1Q A switch associates each port with a specific VLAN number. As a frame enters that port, the switch inserts the VLAN ID (VID) into the Ethernet frame. The addition of the VLAN ID number into the Ethernet frame is called frame tagging. The most commonly used frame tagging standard is IEEE 802.1Q. ITE 1 Chapter 6 © 2006 Cisco Systems, Inc. All rights reserved. Cisco Public 29 Describe and Configure VLANs on a Cisco Switch VLAN ID Frame tagging: IEEE 802.1Q Tag field increases the minimum Ethernet frame from 64 to 68 bytes. The switch recalculates the FCS because the number of bits in the frame has been modified. 802.1Q-compliant port is connected to another 802.1Q-compliant port ??? YES - VLAN tagging information passes between them NO - VLAN tag is removed before the frame is placed on the media. ITE 1 Chapter 6 © 2006 Cisco Systems, Inc. All rights reserved. Cisco Public 30 Describe and Configure Trunking & Inter-VLAN Routing Trunk port characteristics Point-to-point link Carry multiple-VLAN traffic over single link Support for frame tagging Trunk modes - Trunk ports are necessary to carry the traffic from multiple VLANs between devices when connecting either two switches together, a switch to a router, or a host NIC that supports 802.1Q trunking. ITE 1 Chapter 6 © 2006 Cisco Systems, Inc. All rights reserved. Cisco Public 31 Describe and Configure Trunking and InterVLAN Routing Traffic may needs to cross the 802.1Q configured link without VLAN ID No VLAN ID is called untagged. Examples of untagged traffic are Cisco Discovery Protocol (CDP), VTP, and certain types of voice traffic. Untagged traffic minimizes the delays associated with inspection of the VLAN ID tag. ITE 1 Chapter 6 © 2006 Cisco Systems, Inc. All rights reserved. Cisco Public 32 Describe and Configure Trunking and InterVLAN Routing To accommodate untagged traffic, a special VLAN called a native VLAN is available Configuring a native VLAN ITE 1 Chapter 6 © 2006 Cisco Systems, Inc. All rights reserved. Cisco Public 33 Describe and Configure Trunking & Inter-VLAN Routing A Layer 3 device provides connectivity between different VLANs. Subinterfaces - logically divide one physical interface into multiple logical pathways Router-on-a-stick – Allows each VLAN to have its own logical pathway and default gateway ITE 1 Chapter 6 © 2006 Cisco Systems, Inc. All rights reserved. Cisco Public 34 Maintain VLAN Structure on an Enterprise Network VLAN Trunking Protocol (VTP) purpose and goals – automate many of the VLAN configuration functions, ensures that VLAN configuration is consistently maintained across the network Management domain - reduces the task of VLAN management and monitoring VTP modes: server, client, transparent VLAN database – saved in NVRAM, contains a revision number, if a VTP receives an update message that has a higher revision number than the one stored in the database, the switch updates its VLAN database with this new information Configuration revision number - begins at zero, as changes occur, the configuration revision number increases by one. ITE 1 Chapter 6 © 2006 Cisco Systems, Inc. All rights reserved. Cisco Public 35 Maintain VLAN Structure on an Enterprise Network VTP messages Summary advertisements – contain the current VTP domain name and the configuration revision number , if the domain name is the same, the switch compares the configuration revision number to its own number, lower or equal, the switch ignores the packet, If the revision number is higher, an advertisement request is sent. Subset advertisements – follows the summary advertisement, contains a list of VLAN info Advertisement requests – required if the switch has been reset or the VTP domain name has been changed ITE 1 Chapter 6 © 2006 Cisco Systems, Inc. All rights reserved. Cisco Public 36 Maintain VLAN Structure on an Enterprise Network Configuring VTP Verifying VTP configuration ITE 1 Chapter 6 © 2006 Cisco Systems, Inc. All rights reserved. Cisco Public 37 Maintain VLAN Structure on an Enterprise Network VLANs and IP phones VLANs and wireless security ITE 1 Chapter 6 © 2006 Cisco Systems, Inc. All rights reserved. Cisco Public 38 Maintain VLAN Structure on an Enterprise Network VLAN best practices VLAN security ITE 1 Chapter 6 © 2006 Cisco Systems, Inc. All rights reserved. Cisco Public 39 Summary Switches forward traffic using store and forward or cut-through techniques Basic security features should be applied to switches A VLAN is a way to group hosts on the same logical network even though they may be physically separated Frame tagging allows a switch to identify the source VLAN of an Ethernet frame. A Layer 3 device is needed to move traffic between different VLANs. Subinterfaces allow router interfaces to support multiple VLANs. VLAN Trunking Protocol provides centralized control, distribution and maintenance of VLANs. ITE 1 Chapter 6 © 2006 Cisco Systems, Inc. All rights reserved. Cisco Public 40 ITE 1 Chapter 6 © 2006 Cisco Systems, Inc. All rights reserved. Cisco Public 41