Download - 10-Switching & VLANs
-
8/10/2019 10-Switching & VLANs
1/33
6/8/20
Switching and VLANs
Basic Switch Functions
-
8/10/2019 10-Switching & VLANs
2/33
6/8/20
Agenda
Address Learning
Forwarding
Filtering
Spanning Tree Protocol
Switches & Bridges have Three MainFunctions
Address Learning
Forwarding/Filtering
Loop Avoidance
-
8/10/2019 10-Switching & VLANs
3/33
6/8/20
ADDRESS LEARNING
Switch keeps a Table mapping MACAddress to Port
Port MAC Address
1
2
3
4
bbbb
1
2
3
4
aaaa
ddddcccc
MAC Address Table
Table is initiallyEmpty
-
8/10/2019 10-Switching & VLANs
4/33
6/8/20
Switch learns the Address and
Connected Port of Transmitting Device
Port MAC Address
1 aaaa
2
3
4
bbbb
1
2
3
4
aaaa
ddddcccc
MAC Address Table
I want to send to
cccc
Switch does not have destinationaddress in its MAC table
Port MAC Address
1 aaaa
2
3
4
bbbb
1
2
3
4
aaaa
ddddcccc
MAC Address Table
I want to send to
cccc
Switch Floods frame out of every port except the oneit came in on.
-
8/10/2019 10-Switching & VLANs
5/33
6/8/20
Switch learns the Address and
Connected Port of Transmitting Device
Port MAC Address
1 aaaa
2
3
4 cccc
bbbb
1
2
3
4
aaaa
ddddcccc
MAC Address Table
Switch learns the address of another device.
Reply to
aaaa
Switch finds Destination MAC address in itsTable
Port MAC Address
1 aaaa
2
3
4 cccc
bbbb
1
2
3
4
aaaa
ddddcccc
MAC Address Table
Switch forwards the frame out ONLY the correct
Port.
Reply to
aaaa
-
8/10/2019 10-Switching & VLANs
6/33
6/8/20
Process continues until switch learns the
Address and Port of all nodes
Port MAC Address
1 aaaa
2 dddd
3 bbbb
4 cccc
bbbb
1
2
3
4
aaaa
ddddcccc
MAC Address Table
LAYER 2 FORWARDING
-
8/10/2019 10-Switching & VLANs
7/33
6/8/20
Forwarding device wants to send
message to another device
bbbb
1
2
3
4
aaaa
dddd cccc
Port MAC Address
1 aaaa
2 dddd
3 bbbb
4 cccc
MAC Address Table
I want to
send to
bbbb
Forwarding switch looks for
destination address in MAC Address
Table
bbbb
1
2
3
4
aaaa
dddd cccc
Port MAC Address
1 aaaa
2 dddd
3 bbbb
4 cccc
MAC Address Table
I want to
send to
bbbb
1. Lookup bbbb in MAC Table
2. Finds it
3. Forward Frame out ONLY the
associated port
-
8/10/2019 10-Switching & VLANs
8/33
6/8/20
LAYER 2 SWITCH FILTERING
Multiple Nodes on the Same Port
bbbb
13
4
aaaa
dddd
cccc
Hub
Port MAC Address
1 aaaa, dddd
2
3 bbbb
4 cccc
MAC Address Table
-
8/10/2019 10-Switching & VLANs
9/33
6/8/20
Frames destined out the same port
they entered are dropped - Filtered
bbbb
13
4
aaaa
dddd
cccc
Hub
Port MAC Address
1 aaaa, dddd
2
3 bbbb
4 cccc
MAC Address Table
Sending to
dddd
I dont need to
do anything
LOOP AVOIDANCE
-
8/10/2019 10-Switching & VLANs
10/33
6/8/20
Networks with a Single Point of Failure
are not as Reliable
Failure at any of these point
will disrupt communication
between clients and servers
An additional Switch adds Redundancy
No more Single Point of
Failure
-
8/10/2019 10-Switching & VLANs
11/33
6/8/20
However, Loops can now occur
Frames can nowloop indefinitelyaround the network
Spanning Tree Protocol to the Rescue
-
8/10/2019 10-Switching & VLANs
12/33
6/8/20
STP Blocks Layer-2 Loops even when
Physical loops exists
Spanning Tree Protocol (STP)blocks some ports, tomaintain a loop-free network
At what point of the frame does the switchstart to forward the frame
Switches:
Cut-through
Store-and-forward
Bridges:Store-and-
forward
-
8/10/2019 10-Switching & VLANs
13/33
6/8/20
Cut-through Switching
The fastest way to forward frames
Looks at only the first 6 bytes (destination
MAC address) before forwarding
No error checking
Rest of Frame
Forwarding Decision
Destination
MAC Address
Fragment-free Switching
Waits for the first 64 bytes before forwarding
Catches most collisions
Limited error checking
Rest of Frame
Forwarding Decision
Destination
MAC Address
64
Bytes
-
8/10/2019 10-Switching & VLANs
14/33
6/8/20
Store-and-Forward Switching
Slower but more reliable than the cut-through
Reads entire frame and performs a CRC check
If CRC check fails discard frame
Forwarding Decision
Complete Frame CRC
Review
Address Learning
Forwarding
Filtering
Spanning Tree Protocol
Frame Switching
-
8/10/2019 10-Switching & VLANs
15/33
6/8/20
Advanced Switch Features
At the end of this lesson we will beable to
Explain the advanced features of a switch
Network+2009 Objective 3.3
-
8/10/2019 10-Switching & VLANs
16/33
6/8/20
What we will cover
Basic Layer-2 Switching
Power over Ethernet
The Spanning Tree Protocol
VLAN and VLAN Trunking
Port mirroringPort authentication
BASIC LAYER-2 SWITCHING
-
8/10/2019 10-Switching & VLANs
17/33
6/8/20
Bridging Function
Bridges Switches
Breakup Collision Domain
Address Learning
Forwarding
Filtering
Loop Avoidance
Switches vs. Bridges
Bridges Switches
-
8/10/2019 10-Switching & VLANs
18/33
6/8/20
Power over Ethernet or PoE
Safely transfers electrical power, along with
data, to remote devices
Use standard UTP cables.
No modification of existing Ethernet cabling
infrastructure required
Power over Ethernet (PoE) suppliespower to devices over UTP
IEEE 802.3af
Supplies power to Wireless AP, IPTelephone, IP Cameras, etc.
Power supplied by Switch or Mid-Span Power Injector
Maximum power supplied15.4 W
-
8/10/2019 10-Switching & VLANs
19/33
6/8/20
PoE Power Supplies
PoE Switch Mid-Span Power Injector
Some PoE Devices
IP
Telephone
IP Camera
Wireless AP
(with Power
Injector)
-
8/10/2019 10-Switching & VLANs
20/33
6/8/20
THE SPANNING TREE PROTOCOL
Redundant Topology eliminates singlepoints of failure
Redundant topology can cause broadcast storms, multipleframe copies, and MAC address table instability problems.
-
8/10/2019 10-Switching & VLANs
21/33
6/8/20
Station D sends a broadcast frame.
Broadcast frames are flooded to all ports
except the originating port.
Broadcast Frames
Broadcast Storms
Host X sends a broadcast.
Switches continue to propagate
broadcast traffic over and over.
-
8/10/2019 10-Switching & VLANs
22/33
6/8/20
Multiple Frame Copies
Host X sends a unicast frame to router Y. The MAC address of router Y has not been
learned by either switch.
Router Y will receive two copies of the same frame.
Host X sends a unicast frame to router Y.
The MAC address of router Y has not been learned by either switch.
Switches A and B learn the MAC address of host X on port 1.
The frame to router Y is flooded.
Switches A and B incorrectly learn the MAC address of host X on port 2.
MAC Database Instability
-
8/10/2019 10-Switching & VLANs
23/33
6/8/20
Provides a loop-free redundant network topology
by placing certain ports in the blocking state
Published in the IEEE 802.1D specification
The Spanning Tree Protocol prevents
layer-2 loops
Spanning-Tree Operation
One root bridge per broadcast domain.
One root port per nonroot bridge.
One designated port per segment.
Nondesignated ports are unused.
-
8/10/2019 10-Switching & VLANs
24/33
6/8/20
STP Root Bridge Selection
BPDU (default = sent every 2 seconds)
Root bridge = bridge with the lowest bridge ID
Bridge ID =Bridge
Priority
MAC
Address
Spanning tree transits each port through several different states:
Spanning-Tree Port States
-
8/10/2019 10-Switching & VLANs
25/33
6/8/20
VIRTUAL LOCAL AREA NETWORKS
(VLAN)
As a Switched Network grows manyissues may arise
Unbounded failure domains
Large broadcast domains
Large amount of unknown
MAC unicast traffic
Unbounded multicast traffic
Management and
support challenges Possible security
vulnerabilities
-
8/10/2019 10-Switching & VLANs
26/33
6/8/20
VLANs to the Rescue!
VLANs allow you to structure yournetwork Logically
VLAN = Broadcast Domain = Logical Network (Subnet)
Segmentation
Flexibility
Security
-
8/10/2019 10-Switching & VLANs
27/33
6/8/20
VLAN Operation
Access Access
Default all interfaces belong to thesame VLAN
1 2 3 4 5 6 7 8 9 10 11 12
VLAN 1
The Default Virtual LAN (VLAN) is
usually VLAN 1
-
8/10/2019 10-Switching & VLANs
28/33
6/8/20
Interfaces can be assigned to different
VLANs
1 2 3 4 5 6 7 8 9 10 11 12
VLAN 1VLAN 10 VLAN 15 VLAN 33
VLAN 1
Interface not reassigned remain in VLAN 1
Layer3 device (Router) is required forinter-VLAN communication
1 2 3 4 5 6 7 8 9 10 11 12
VLAN 10 VLAN 15 VLAN 33
VLAN 1
-
8/10/2019 10-Switching & VLANs
29/33
6/8/20
VLAN Membership Modes
VLAN TRUNKING
-
8/10/2019 10-Switching & VLANs
30/33
6/8/20
802.1Q Trunking
802.1Q Frame
16-Bits 3-Bits 12-Bits1
-
8/10/2019 10-Switching & VLANs
31/33
6/8/20
Native VLANs are untagged on the
Trunk
Port Mirroring copies frames forMonitoring
IDS
Mirrored
Ports
Copies frames from one or more ports or
VLAN to another switch port
-
8/10/2019 10-Switching & VLANs
32/33
6/8/20
Port Security controls Access to the
network based on MAC address
Allowed
Denied
Port Authentication allows networkaccess only after validation
1). May I access
the Network?
2). I will
check3). Can Suzy
access the
network
Minicomputer
Authentication
Server
-
8/10/2019 10-Switching & VLANs
33/33