Ethernet Standard

Ethernet hub operates at half-duplex, which allows a device to either transmit or receive data, but not at the same time. Ethernet utilizes carrier sense multiple access with collision detect to control media access. For Example: if two devices transmit a frame at the same time, a collision will occur. If a collision is detected, the hub will discard the frame and generate the signal for the host devices. Both devices will wait for a random time then after Ethernet switches build MAC-address tables through a dynamic learning process. When a switch first powered on then switch will flood frame out every port.

Switching: Switching is a process, using MAC address on LAN segment and It make a decision based on MAC address, that is called Switching.
Functions:Address Learning: - A switch learns MAC address based of source MAC frame which is received ingress port. Forward Filtering:-A switch forward MAC address based of destination MAC frame which is received egress port. Loop Avoidance: - Switches utilize the spanning Tree protocol to maintain a loop free environment Flood: - Flood is a process in which a switch transmits a copy of frame to its all ports except that port on it was received. Flooding:-z 1. 2. 3. Broadcast Multicast Unknown unicast

The layer 2 Switching process When a switch receives a copy of frame on a port it puts that frame in one of the ports ingress. When a switch make a decision which port that frame should sent out, it puts the frame in that ports egress. Note: - if the destination Mac address in the frame is not stored in CAM table, the frame is placed in the egress queue of the all ports. this process is called flooding. Catalyst switches maintain several types of tables:1. 2. 3. CAM TCAM ARP

CAM(Contain Addressable Memory) All Catalyst switch models use a CAM table for Layer 2 switching. As frames arrive on switch ports, the source MAC addresses are learned and recorded in the CAM table. The port of arrival and the VLAN are both recorded in the table, along with a timestamp. If a MAC address learned on one switch port has moved to a different port, the MAC address and timestamp are recorded for the most recent arrival port. Then, the previous entry is deleted. If a MAC address is found already present in the table for the correct arrival port, only its timestamp is updated. Ternary Content Addressable Memory (TCAM)In multilayer switches, all the processes that access control lists (ACLs) provide in traditional routing, such as matching, filtering, or control specific traffic, are implemented in hardware. TCAM allows a packet to be evaluated against an entire access list in a single table lookup. Most switches have multiple TCAMs so that both inbound and outbound security, as well as QoS ACLs, can be evaluated simultaneously or entirely in parallel with a Layer 2 or Layer 3 forwarding decision. ARP(Address Resolution Protocol) Maps an IP address to a MAC address in order to provide IP communication within a Layer 2 broadcast domain. For example, Host B wants to send information to Host A, but does not have the MAC address of Host A in its ARP cache. Host B generates a broadcast message for all hosts within the broadcast domain to obtain the MAC address associated with the IP address of Host A. All hosts within the broadcast domain receive the ARP request, and only Host A responds with its MAC address Note CAM & TCAM table stored in RAM, the switch only put the source MAC address of a frame in the CAM table. By default dynamically learned MAC address are stored for 300 seconds in the CAM table. If no activity is received from the that MAC address, switch removed its entry from CAM table.

Basic Switch configuration

Switch Port Configuration To enter interface configuration mode for interface Fast Ethernet 0/10: Switch(config)#interface fa0/10

Network Bulls (A unit of Network Bullstudy Pvt. Ltd.) Email: [email protected], http://networkbulls.com.

Multiple individual ports can be configured simultaneously: Switch(config)#interface range fa0/10 , fa0/12 , fa0/14 The above command selects ports fa0/10, fa0/12, and fa0/14. Please note the space on either side of the commas. A contiguous range of interfaces can be specified: Switch(config)#interface range fa0/10 - 15 The above command selects ports fa0/10 through fa0/15. Please note the space on either side of the dash. Macros can be created for groups of ports that are configured often: Switch(config)#define interface-range NETWORKBULLS fa0/10 15 Switch(config)#interface range macro NETWORKBULLS The first command creates a macro, or group, of interfaces called NETWORKBULLS. The second command actually selects those interfaces for configuration. For documentation purposes, we can apply descriptions on interfaces: Switch(config)#interface fa0/0 Switch(config-if)#description DESCRIPTIONTEXT To view the status of an interface (example, Fast Ethernet 0/10): Switch#show interface fa0/10 This will also display duplex, speed, and packet errors on this particular interface. To view the errdisable state (explained shortly) of an interface: Switch#show interface status err-disabled Switch Port Configuration Speed and Duplex To specify the port speed of an interface: Switch(config)# interface fa0/10 Switch(config-if)#speed 10 Switch(config-if)#speed 100 Switch(config-if)#speed 1000 Switch(config-if)#speed auto To specify the duplex of an interface: Switch(config)#interface Switch(config-if)#duplex Switch(config-if)#duplex Switch(config-if)#duplex fa0/10 half full auto

VLAN (Virtual Local Area Network) By default a switch considered its all ports in a single broadcast domain, but switch has ability to create multiple broadcast domains and it has ability to put its port in a separate broadcast domain, these multiple broadcast domain is called VLAN. A switch forwards broadcast or multicast all its ports, but except originating port. A switch can be logically segmented into multiple broadcast domains, which are called VLAN (Virtual Local Area Network). Each VLAN represents a separate broadcast domain. VLANs are typically from VLAN 1 through VLAN 1005. (VLAN 0 is reserved by 802.1Q. The IEEE 802.1Q standard provides for support of up to 4096 VLANs. VLANs 0 and 4095 are reserved by the IEEE 802.1Q standard and you cannot create, delete, or modify them (not displayed). Note: Traffic passed between more than two devices within the same VLAN its required layer-2 device to communicate. Traffic passed between more than two devices in different VLAN its required Layer -3 device for communicate. Advantage of VLAN:-

1.

Broadcast Control

Network Bulls (A unit of Network Bullstudy Pvt. Ltd.) Email: [email protected], http://networkbulls.com.

2. 3.

Security Flexibility and Scalability

VLAN Membership
Statically: - In static VLAN membership provides port based VLAN membership. A network administrator manually configured port based VLAN membership on a switch, an administrator put that any port in single VLAN. When any device connects to the switch port, then device automatically becomes a member of that VLAN. Dynamically: - Cisco developed a dynamic VLAN product that is called VLAN Membership Policy Server (VMPS). Dynamic VLAN provides MAC based membership. When any device connects to the switch port then switch learns the MAC address of the device and it makes a request to VMPS server. Switch transmits the MAC information to VMPS server then VMPS server decided that which VLAN id provides for that MAC. Static VLAN Configuration

The first step in configuring VLANs is to create the VLAN: Switch(config)#vlan 100 Switch(config-vlan)#name MY_VLAN Switch(config-vlan)#exit Switch(config)# The first command creates VLAN 100, and enters VLAN configuration mode. The second command assigns the name MY_VLAN to this VLAN Or Switch(config)#vlan 100, 200, 300, 400 Or Switch(config)#vlan 2-10 How can assign the interface to specific VLAN. Switch(config)#interface fa0/10 Switch(config-if)#switchport mode access Switch(config-if)#switchport access vlan 100 Or Switch(config)#interface range fa0/10 15 Switch(config-if)#switchport mode access Switch(config-if)#switchport access vlan 100 Or Switch(config)#define interface-range NETWORKBULLS fa0/10 15 Switch(config)#interface range macro NETWORKBULLS Switch(config-if)#switchport mode access Switch(config-if)#switchport access vlan 100 or Switch(config)#interface range fa0/10,fa0/12,fa0/14 Switch(config-if)#switchport mode access Switch(config-if)#switchport access vlan 100

Note: The switch will automatically create a VLAN that does not yet exist. VLAN Port Types: There are two types of port available. Access port: - An access port belong only one VLAN. When a host device connects to the access port it will become automatically a member of this VLAN. By default all switch ports are access ports. Trunk Port: - Trunk port does not belong to a single VLAN. All VLAN can travel on trunk link to reach other switch.

Network Bulls (A unit of Network Bullstudy Pvt. Ltd.) Email: [email protected], http://networkbulls.com.

VLAN Frame Tagging: When we utilize trunk link between two switches. Switches need mechanism to indentify which VLAN frame belongs to. Frame tagging inserts a VLAN ID in each frame. When a switch sends a frame to another switch, then it adds an extra header with the frame this header content VLAN ID and Frame. This process is called VLAN Tagging & Trunking. Cisco switch support two types of frame tagging protocols. ISL: - ISL (Inter Switch Link) is Cisco proprietary frame tagging protocol, and it supports Ethernet, Token Ring, FDDI, and ATM frame. ISL encapsulates a frame with an additional header (26 bytes) and trailer (4 bytes), increasing the size of an Ethernet frame up to 30 bytes. The header contains the 10 byte VLAN ID. The trailer contains an additional 4-byte CRC for data-integrity purposes. Trunking with ISL

IEEE802.1Q: - IEEE802.1Q is open standard protocol. 802.1Q actually inserts a 4-byte VLAN ID into the Layer-2 frame header. Configuring Trunk Links. Trunking with 802.1Q

To manually configure a trunk port, for either ISL or 802.1Q tagging: Comparing ISL and 802.1Q: ISL 802.1Q

Proprietary

Nonproprietary

Encapsulated

Tagged

Protocol independent

Protocol dependent

Encapsulates the old frame in a new frame

Adds a field to the frame header

Question : - What happens when we use the switchport mode trunk command without specifying the encapsulation on switches that support both protocols?

Network Bulls (A unit of Network Bullstudy Pvt. Ltd.) Email: [email protected], http://networkbulls.com.

On switches that support multiple trunking encapsulations (802.1Q and ISL), you must first configure the trunking encapsulation before setting the interface to trunk mode. The switchport trunk encapsulation command must be configured before the switchport mode trunk.

Switch(config)# interface fa0/24 Switch(config-if)#switchport trunk encapsulation isl Switch(config-if)#switchport mode trunk Switch(config)#interface fa0/24 Switch(config-if)#switchport trunk encapsulation dot1q Switch(config-if)#switchport mode trunk Note: - Always remember, both sides of the trunk line must be configured with the same tagging protocol. By default, trunk ports allow all VLANs to traverse the trunk link Switch(config)#interface fa0/19 Switch(config-if)#switchport trunk allowed vlan remove 10-100 Switch(config-if)#switchport trunk allowed vlan add 20-35 Note: - The first switchport command will prevent the trunk port from passing traffic from VLANs 50-100. The second switchport command will re-allow the trunk port to pass traffic from VLANs 60-65. In both cases, the switchport trunk allowed commands are adding/subtracting from the current list of allowed VLANs, and not replacing that list. Switch(config)#interface fa0/24 Switch(config-if)#switchport trunk allowed vlan all Switch(config-if)#switchport trunk allowed vlan except 2-99 Note: -Certain VLANs are reserved and cannot be removed from a trunk link, including VLAN 1 and system VLANs 1002-1005.

Management VLAN The Management VLAN is the VLAN used to reach (ping, telnet) devices. Configure VLAN 1 Default: Management VLAN is VLAN 1 Allows us to communicate with the switch over the network (ping, telnet if privilege and vty passwords configured) Switch#configure terminal Enter configuration commands, one per line. End with CNTL/Z. Switch(config)#hostname network network(config)#interface vlan 1 network(config-if)#ip address 10.1.1.101 255.255.255.0 network(config-if)#no shutdown network(config)#exit network#

Default, Native and Management VLANs: -

Network Bulls (A unit of Network Bullstudy Pvt. Ltd.) Email: [email protected], http://networkbulls.com.

By default all traffic is carried across VLAN 1. VLAN 1 is the default VLAN (all user traffic) Frames from the native VLAN are not tagged when sent out trunk ports. A trunking interface can only be assigned one native VLAN. Only 802.1Q supports native VLANs. The native VLAN should be configured on both sides of the 802.1Q trunk) Note: -By default on all trunking interfaces, the Native VLAN is VLAN 1. A native VLAN can also be configured on trunk ports. Switch(config)#interface fa0/24 Switch(config-if)#switchport mode trunk Switch(config-if)#switchport trunk native vlan 42 Dynamic Trunking Protocol (DTP) Configuration: DTP (Dynamic Trunking Protocol) and Switchport Mode Interactions Dynamic Auto Dynamic Desirable Trunk Access

Dynamic Auto

Access

Trunk

Trunk

Access

Dynamic Desirable

Trunk

Trunk

Trunk

Access

Trunk

Trunk

Trunk

Trunk

Not recommended

Access

Access

Access

Not recommended

Access

VTP (VLAN Truning Protocol) VLAN Trunk Protocol (VTP) reduces administration in a switched network. VLAN information can be configured on a VTP server, which is distributed

through all switches in the same domain. Do not have to configure VALN on each switch individually. VTP is a Cisco-proprietary protocol. VTP Modes: Server Can create, modify, and delete VLANs Configure VTP version and VTP pruning. Advertise their VLAN configuration to other switches in the same VTP domain VTP advertisements sent/received over trunk links. Default mode. Client Behave the same way as VTP servers, but you cannot create, change, or delete VLANs on a VTP client. Transparent Does not participate in VTP. Does not advertise its VLAN configuration in VTP. Does not synchronize its VLAN configuration based on received advertisements VTP Version 1 the transparent switch will only pass updates from the same VTP domain.

Network Bulls (A unit of Network Bullstudy Pvt. Ltd.) Email: [email protected], http://networkbulls.com.

VTP Version 2 the transparent switch will pass updates from any VTP domain. Does forward VTP advertisements that they receive out their trunk ports in VTP Version 2.

Note: Switches transmit VTP messages only over 802.1Q and ISL trunks. By default, VTP updates are sent out every 300 seconds, or anytime a change to the database occurs. Note: A VTP server without a VTP domain name cannot send or receive VLAN information using VTP.

There are three versions of VTP. VTP Version 1 VTP Version 2 VTP Version 3 VTP Messages: VTP Summary advertisements VTP Subset advertisements Advertisement Request

VTP Summary advertisements By default sent every five-minute. Inform adjacent switches of the current VTP domain name and the configuration revision number. Receiving switch compares the VTP domain name to its own VTP domain name. If the name is different, the switch simply ignores the packet. If the name is the same, the switch then compares the configuration revision to its own revision. If its own configuration revision is higher or equal, the packet is ignored. Own Configuration Rev higher or equal than senders? Otherwise, it is lower and a VTP Advertisement Request is sent. VTP Subset advertisements Sent in response to a VTP Advertisement Request. Also, sent whenever there is a change to VLAN information on a VTP server. First the server sends a VTP Summary Advertisement, and then the server sends a VTP Subset Advertisement. One or several subset advertisements follow the summary advertisement. A subset advertisement contains a list of VLAN information. A Subset Advertisement will contain the following fields: VTP Version VTP Domain VTP Configuration Revision VLAN IDs for each VLAN in the database VLAN-specific information, such as the VLAN name and MTU

Example: VTP works only over trunk links. Switch A (Server) sends summary advertisement over trunk links on VLAN 1 Includes Domain and Revision Number Multicast 01-00-0C-CC-CC-CC Switch B updates its Domain Because of the higher revision number in the Summary, B replies with Advertisement Request

Network Bulls (A unit of Network Bullstudy Pvt. Ltd.) Email: [email protected], http://networkbulls.com.

Switch A sends a VTP Subset advertisement Switch B updates its VLAN configuration revision number and VLANs. (May be preceded by another Summary advertisement.)

Example: VTP advertisements sent to Transparent switch. (Shown together) Switch C does not make any changes based on these advertisements. Now, lets say Switch C is configured with: Domain name Cisco VLANs 2, 3, 4, 5, 6 Even though in same domain, Switch C does not advertise these VLANs to other switches. The Configuration Revision number remains at 0 even when VLAN configuration is changed. Transparent switches will relay VTP messages it receives to other switches if it is in the same domain or in a null domain.

Now lets see VTP Client Switch D added to the network. Switch A (Server) sends summary advertisement over trunk links on VLAN 1. Switch D updates its Domain Replies with Advertisement Request Switch A sends a VTP Subset advertisement Switch D updates its VLAN configuration revision number and VLANs Both switches are VTP Servers and in the same Domain, but different VLAN information. Lets see what happens when trunking is enabled between the switches

When two switches with same Domain Name and same Configuration Revision Numbers exchange VTP information: there is No change on both switch. In case Switch A adds a new VLAN, Configuration revision is increased by 1. Switch A will send VTP information to Switch B who will synchronize its VLAN information with Switch A, losing current local VLANs

Configuring VTP To configure the VTP domain (the domain name is case sensitive):

Network Bulls (A unit of Network Bullstudy Pvt. Ltd.) Email: [email protected], http://networkbulls.com.

Switch(config)#vtp domain MYDOMAIN To configure the VTP mode: Switch(config)#vtp mode server Switch(config)#vtp mode client Switch(config)#vtp mode transparent The VTP domain can be further secured using a password: Switch(config)#vtp password PASSWORD All switches participating in the VTP domain must be configured with the same password. The password will be hashed into a 16-byte MD5 value. By default, a Catalyst switch uses VTP version 1. Switch(config)#vtp version 2 Verify configurations: show vlan show vtp status show interfaces interface switchport show interfaces trunk show running-config

Note: - The switch in VTP server mode with the highest revision number propagates VLAN information over trunked ports. Question: What is the default VTP version? 2 What is the starting configuration revision? 0 What is the default VTP Mode? Server What is the default VTP domain name? none

Network Bulls (A unit of Network Bullstudy Pvt. Ltd.) Email: [email protected], http://networkbulls.com.