SWITCHING IN NETWORKING Before a switch can make this decision it must learn

what interface the destination is located.

Two terms are associated with frames entering or
leaving an interface:
● Ingress – entering the interface
● Egress – exiting the interface
A switch builds a MAC address table, also known as a
Content Addressable Memory (CAM) table, by recording
the source MAC address into the table along with the
port it was received.

A switch forwards based on the ingress interface

and the destination MAC address. THE SWITCH LEARN AND FORWARD METHOD

A switch uses its MAC address table to make The switch uses a two step process:

forwarding decisions. Step 1. Learn – Examines Source Address

Note: A switch will never allow traffic to be ● Adds the source MAC if not in table

forwarded out the interface it received the traffic ● Resets the time out setting back to 5 minutes if
source is in the table

Step 2. Forward – Examines Destination Address

● If the destination MAC is in the MAC address

Port Table
table it is forwarded out the specified port.

Destination Addresses Port ● If a destination MAC is not in the table, it is

flooded out all interfaces except the one it was
EE 1 received.

AA 2
SWITCH FORWARDING METHODS

BA 3 Switches use software on application-specific-integrated

circuits (ASICs) to make very quick decisions.
EA 4
A switch will use one of two methods to make
forwarding decisions after it receives a frame:
AC 5
● Store-and-forward switching - Receives the
entire frame and ensures the frame is valid.
AB 6 Store-and-forward switching is Cisco’s preferred
switching method.

● Cut-through switching – Forwards the frame

THE SWITCH MAC ADDRESS TABLE immediately after determining the destination
A switch will use the destination MAC address to MAC address of an incoming frame and the
determine the egress interface. egress port.
STORE-AND-FORWARD SWITCHING

Store-and-forward has two primary characteristics:

● Error Checking – The switch will check the

Frame Check Sequence (FCS) for CRC errors. Bad
frames will be discarded.

● Buffering – The ingress interface will buffer the

frame while it checks the FCS. This also allows
the switch to adjust to a potential difference in
speeds between the ingress and egress ports. Frames can begin to be forwarded as soon as the
Destination MAC is received.

COLLISION DOMAINS

Switches eliminate collision domains and reduce

congestion.

• When there is full duplex on the link the collision

domains are eliminated.
Store-and-forward switching entails receipt of the entire
• When there is one or more devices in half-duplex
frame (up to about 9,200 bytes for jumbo frames)
there will now be a collision domain.
before a forwarding decision is made.
• There will now be contention for the bandwidth.

• Collisions are now possible.

CUT-THROUGH SWITCHING
• Most devices, including Cisco and Microsoft use auto-
● Cut-through forwards the frame immediately
negotiation as the default setting for duplex and speed.
after determining the destination MAC.

● Fragment (Frag) Free method will check the

destination and ensure that the frame is at least
64 Bytes. This will eliminate runts.

Concepts of Cut-Through switching:

● Is appropriate for switches needing latency to

be under 10 microseconds

● Does not check the FCS, so it can propagate

errors

● May lead to bandwidth issues if the switch

propagates too many errors
BROADCAST DOMAINS
● Cannot support ports with differing speeds
going from ingress to egress ● A broadcast domain extends across all Layer 1
or Layer 2 devices on a LAN.
 ● Only a layer 3 device (router) will break the OVERVIEW OF VLANs
broadcast domain, also called a MAC broadcast
domain.

● The broadcast domain consists of all devices on

the LAN that receive the broadcast traffic.

● When the layer 2 switch receives the broadcast

it will flood it out all interfaces except for the
ingress interface.

● Too many broadcasts may cause congestion and

poor network performance.

● Increasing devices at Layer 1 or layer 2 will

cause the broadcast domain to expand.

ALLEVIATED NETWORK CONGESTION

Switches use the MAC address table and full-duplex to

eliminate collisions and avoid congestion.

Features of the switch that alleviate congestion are as VLAN DEFINITIONS

follows:

Protocol Function

Fast Port Depending on the model, switches

Speeds may have up to 100Gbps port speeds.

Fast Internal This uses fast internal bus or shared

Switching memory to improve performance.
VLANs are logical connections with other similar
Large Frame This allows for temporary storage devices.
Buffers while processing large quantities of
Placing devices into various VLANs have the following
frames. characteristics:

● Provides segmentation of the various groups of

High Port This provides many ports for devices
Density to be connected to LAN with less cost.
This also provides for more local
traffic with less congestion.
devices on the same switches
● Provide organization that is more manageable
● Broadcasts, multicasts and unicasts are isolated
in the individual VLAN
 ● Each VLAN will have its own unique range of IP
addressing

● Smaller broadcast domains

BENEFITS OF A VLAN DESIGN

Benefits of using VLANs are as follows:

Default VLAN

VLAN 1 is the following:

Benefits Description
● The default VLAN
Smaller Dividing the LAN reduces the ● The default Native VLAN
Broadcast number of broadcast domains
Domains ● The default Management VLAN

● Cannot be deleted or renamed

Improved Only users in the same VLAN can
Security communicate together Note: While we cannot delete VLAN1 Cisco will
recommend that we assign these default features to
other VLANs
Improved IT VLANs can group devices with
Efficiency similar requirements, e.g. faculty
vs. students

Reduced Cost One switch can support multiple Data VLAN

groups or VLANs
● Dedicated to user-generated traffic (email and
web traffic).
Better Small broadcast domains reduce
Performance traffic, improving bandwidth ● VLAN 1 is the default data VLAN because all
interfaces are assigned to this VLAN.
Simpler Similar groups will need similar
Management applications and other network
resources Native VLAN

● This is used for trunk links only.

● All frames are tagged on an 802.1Q trunk link

TYPES OF VLANs
except for those on the native VLAN.

Management VLAN

● This is used for SSH/Telnet VTY traffic and

should not be carried with end user traffic.
 ● Typically, the VLAN that is the SVI for the Layer
2 switch.

Voice VLAN

● A separate VLAN is required because Voice

traffic requires:

○ Assured bandwidth
A trunk is a point-to-point link between two network
○ High QoS priority devices.
○ Ability to avoid congestion Cisco trunk functions:
○ Delay less that 150 ms from source to ● Allow more than one VLAN
destination
● Extend the VLAN across the entire network
● The entire network must be designed to
support voice. ● By default, supports all VLANs

● Supports 802.1Q trunking

NETWORKS WITHOUT VLANs

Without VLANs, all devices connected to the switches

will receive all unicast, multicast, and

broadcast traffic.

Switch configured to support voice traffic:

● Uses VLAN 150 for voice VLAN

● Prioritizes voice traffic

Switch port configured to support voice traffic:

PC1 sends out a local Layer 2 broadcast. The switches
● Port sends CDP frames to provide information forward the broadcast frame out all available ports.
used by the IP phone

● Port forwards frames associated with VLAN 150

NETWORKS WITH VLANs
VLANs IN A MULTI-SWITCHED ENVIRONMENT
With VLANs, unicast, multicast, and broadcast traffic is
DEFINING VLAN TRUNKS confined to a VLAN. Without a Layer
3 device to connect the VLANs, devices in different
VLAN ID (VID) • 12-bit VLAN identifier that can
VLANs cannot communicate.
support up to 4096 VLANs

802.3 = Ethernet/Wired

802.11 = Wireless

802.1q = Trunk

VLAN trunks configured to support: VLAN 10 and 20

NATIVE VLANs AND 802.1Q TAGGING
PC1 sends out a local Layer 2 broadcast. The switches
802.1Q trunk basics:
forward the broadcast frame only out ports configured
for VLAN10. ● Tagging is typically done on all VLANs.

● The use of a native VLAN was designed for

legacy use, like the hub in the example.
VLAN IDENTIFICATION WITH A TAG
● Unless changed, VLAN1 is the native VLAN.
● The IEEE 802.1Q header is 4 Bytes
● Both ends of a trunk link must be configured
● When the tag is created the FCS must be
with the same native VLAN.
recalculated.
● Each trunk is configured separately, so it is
● When sent to end devices, this tag must be
possible to have a different native VLANs on
removed and the FCS recalculated back to its
separate trunks.
original number.

802.1Q VLAN Function

Tag Field

Type • 2-Byte field with hexadecimal

0x8100

• This is referred to as Tag Protocol

ID (TPID)

User Priority • 3-bit value that supports

Canonical • 1-bit value that can support token VOICE VLAN TAGGING
Format ring frames on Ethernet
The VoIP phone is a three port switch:
Identifier (CFI)
● The switch will use CDP to inform the phone of
the Voice VLAN.
 ● The phone will tag its own traffic (Voice) and The show interfaces fa0/18 switchport command can
can set Cost of Service (CoS). CoS is QoS for show us both data and voice VLANs assigned to the
layer 2. interface.

● The phone may or may not tag frames from the

PC.

Traffic Tagging Function

Voice tagged with an appropriate Layer 2 class

VLAN of service (CoS) priority value

Access can also be tagged with a Layer 2 CoS

VLAN priority value

VLAN CONFIGURATION
Access is not tagged (no Layer 2 CoS priority
VLAN value) VLAN RANGES ON CATALYST SWITCHES

Catalyst switches 2960 and 3650 support over 4000

VLANs.

Normal Range VLAN 1 – Extended Range VLAN

1005 1006 - 4095

Used in Small to Medium Used by Service Providers

sized businesses

1002 – 1005 are reserved Are in Running-Config

for legacy VLANs
Switch port configured to support voice traffic:

● Instructs phone to tag voice frames with VLAN 1, 1002 – 1005 are auto Supports fewer VLAN
150 created and cannot be features
deleted
● Prioritizes voice frames

● Forwards data frame for VLAN 20 Stored in the vlan.dat file Requires VTP
in flash configurations
Configured to tag voice traffic frames with VLAN 150.

VTP can synchronize

between switches
VOICE VLAN VERIFICATION EXAMPLE
VLAN CREATION COMMANDS
S1# Configure terminal
VLAN details are stored in the vlan.dat file. You create
VLANs in the global configuration mode. S1(config)# vlan 20

S1(config-vlan)# name student

Task IOS Command
S1(config-vlan)# end
Enter global Switch# configure
configuration mode. terminal

VLAN PORT ASSIGNMENT COMMANDS

Create a VLAN with a Switch(config)# vlan
valid ID number. vlan-id Once the VLAN is created, we can then assign it to the
correct interfaces.

Specify a unique name to Switch(config-vlan)#

identify the name vlan-name
Task Command
VLAN.

Enter global Switch# configure

Return to the privileged Switch(config-vlan)# end
configuration mode. terminal
EXEC mode.

Enter interface Switch(config)# interface

Enter global Switch# configure
configuration mode. interface-id
configuration mode. terminal

Set the port to access Switch(config-if)#

mode. switchport mode access
VLAN CREATION EXAMPLE

● If the Student PC is going to be in VLAN 20, we Assign the port to a Switch(config-if)#

will create the VLAN first and then name it. VLAN. switchport access vlan
vlan-id
● If you do not name it, the Cisco IOS will give it a
default name of vlan and the four digit number
Return to the privileged Switch(config-if)# end
of the VLAN. E.g. vlan0020 for VLAN 20
EXEC mode.

VLAN PORT ASSIGNMENT EXAMPLE

We can assign the VLAN to the port interface.

• Once the device is assigned the VLAN, then the end

device will need the IP address information for that
Prompt Command VLAN
• Here, Student PC receives 172.17.20.22

DATA AND VOICE VLAN EXAMPLE

● We will want to create and name both Voice

and Data VLANs.

● In addition to assigning the data VLAN, we will

also assign the Voice VLAN and turn on QoS for
the voice traffic to the interface.
Prompt Command
● The newer catalyst switch will automatically
S1# Configure terminal create the VLAN, if it does not already exist,
when it is assigned to an interface.

S1(config)# Interface fa0/18 Note: QoS is beyond the scope of this course.

Here we do show the use of the mls qos trust

S1(config-if)# Switchport mode access
[cos | device cisco-phone | dscp | ip-
S1(config-if)# Switchport access vlan 20 precedence] command.

S1(config-if)# end

DATA AND VOICE VLANs

An access port may only be assigned to one data VLAN.

However it may also be assigned to one Voice VLAN for
when a phone and an end device are off of the same
switchport.

VERIFY VLAN INFORMATION

Use the show vlan command. The complete syntax is:

show vlan [brief | id vlan-id | name vlan-name |

summary]

Switchport must support VLAN traffic for: Task Command Option

● Voice traffic to the IP phone
Display VLAN name, brief
● Data traffic to PC5 status, and its ports one
 VLAN per line.

Display information id vlan-id

about the identified VLAN
ID number.

Display information name vlan-name

about the identified VLAN
name. The vlan-name

is an ASCII string from 1

to 32 characters.

Display VLAN summary summary

information.

DELETE VLANs

Delete VLANs with the no vlan vlan-id command.

Caution: Before deleting a VLAN, reassign all member

ports to a different VLAN.

● Delete all VLANs with the delete flash:vlan.dat

or delete vlan.dat commands.

● Reload the switch when deleting all VLANs.

CHANGE VLAN PORT MEMBERSHIP Note: To restore to factory default – unplug all data
There are a number of ways to change VLAN cables, erase the startup-configuration and delete the
membership: vlan.dat file, then reload the device.

● re-enter switchport access vlan vlan-id

command VLAN TRUNKS
● use the no switchport access vlan to place TRUNK CONFIGURATION COMMANDS
interface back in VLAN 1
Configure and verify VLAN trunks. Trunks are layer 2
Use the show vlan brief or the show interface fa0/18 and carry traffic for all VLANs.
switchport commands to verify the correct VLAN
association.

Task IOS Command

 Enter global Switch# configure
configuration mode. terminal

Enter interface Switch(config)# interface

configuration mode. interface-id

Set the port to Switch(config-if)#

permanent trunking switchport mode trunk
mode.
Prompt Command

Sets the native VLAN to Switch(config-if)#

S1(config)# Interface fa0/1
something other than switchport trunk native
VLAN 1. vlan vlan-id
S1(config-if)# Switchport mode trunk

Specify the list of VLANs Switch(config-if)#

to be allowed on the switchport trunk allowed S1(config-if)# Switchport trunk native vlan 99
trunk link. vlan vlan-list
S1(config-if)# Switchport trunk allowed vlan
Return to the privileged Switch(config-if)# end 10,20,30,99
EXEC mode.
S1(config-if)# end

TRUNK CONFIGURATION EXAMPLE

VERIFY TRUNK CONFIGURATION
The subnets associated with each VLAN are:
Set the trunk mode and native vlan.
● VLAN 10 - Faculty/Staff - 172.17.10.0/24
Notice sh int fa0/1 switchport command:
● VLAN 20 - Students - 172.17.20.0/24
● Is set to trunk administratively
● VLAN 30 - Guests - 172.17.30.0/24
● Is set as trunk operationally (functioning)
● VLAN 99 - Native - 172.17.99.0/24
● Encapsulation is dot1q
F0/1 port on S1 is configured as a trunk port.
● Native VLAN set to VLAN 99
Note: This assumes a 2960 switch using 802.1q tagging.
Layer 3 switches require the encapsulation to be ● All VLANs created on the switch will pass traffic
configured before the trunk mode. on this trunk
 Reset the trunk to an access mode with the switchport
mode access command:
RESET THE TRUNK TO THE DEFAULT STATE
● Is set to an access interface administratively
● Reset the default trunk settings with the no
● Is set as an access interface operationally
command.
(functioning)
○ All VLANs allowed to pass traffic

○ Native VLAN = VLAN 1

● Verify the default settings with a sh int fa0/1

switchport command.

DYNAMIC TRUNKING PROTOCOL

INTRODUCTION TO DTP

Dynamic Trunking Protocol (DTP) is a proprietary Cisco

protocol.

DTP characteristics are as follows:

● On by default on Catalyst 2960 and 2950

switches
 ● Dynamic-auto is default on the 2960 and 2950
switches
RESULTS OF A DTP CONFIGURATION
● May be turned off with the nonegotiate
DTP configuration options are as follows:
command

● May be turned back on by setting the interface Dynami Dynamic Trunk Access
to dynamic-auto c Auto Desirabl
e
● Setting a switch to a static trunk or static access
will avoid negotiation issues with the
switchport mode trunk or the switchport mode Dynamic Access Trunk Trunk Access
access commands. Auto

Dynamic Trunk Trunk Trunk Access

Desirable

Trunk Trunk Trunk Trunk Limited

connecti
vity
NEGOTIATED INTERFACE MODES

The switchport mode command has additional options. Access Access Access Limited Access
connec
Use the switchport nonegotiate interface configuration
tivity
command to stop DTP negotiation.

VERIFY DTP MODE

Option Description
The default DTP configuration is dependent on the Cisco
access Permanent access mode and IOS version and platform.
negotiates to convert the neighboring
▪ Use the show dtp interface command to determine
link into an access link
the current DTP mode.

dynamic Will becomes a trunk interface if the ▪ Best practice recommends that the interfaces be set to
auto neighboring interface is set to trunk or access or trunk and to turnoff DTP
desirable mode

dynamic Actively seeks to become a trunk by

desirable negotiating with other auto or
desirable interfaces

trunk Permanent trunking mode and

negotiates to convert the neighboring
link into a trunk link
 Normal range VLAN configurations are stored in the
vlan.dat file in flash.
SUPPLEMENTARY
An access port can belong to one data VLAN at a time,
Frame Forwarding but may also have a Voice VLAN.
Ingress is the entry port, egress is the exit port.

The switch builds a MAC address table to forward A trunk is a Layer 2 link between two switches that
frames on the LAN. carries traffic for all VLANs.
The switch can use either the store-and-forward or cut- Trunks will need tagging for the various VLANs, typically
through method of switch forwarding. 802.1q .

IEEE 802.1q tagging makes provision for one native

Switching Domains VLAN that will remain untagged.

Ethernet ports in half-duplex will be a part of a collision An interface can be set to trunking or nontrunking.
domain. Trunk negotiation is managed by the Dynamic Trunking
Full-duplex will eliminate collision domains. Protocol (DTP).

A switch will flood out all interfaces except the ingress DTP is a Cisco proprietary protocol that manages trunk
port if the frame is a broadcast or if the unicast negotiations.
destination MAC is unknown.

Broadcast domains may be broken up by a layer 3

device, like a router.

Switches extend broadcast domains, but can eliminate

collision domains and relieve congestion.

VLANs

VLANs are based on logical instead of physical

connections.

VLANs can segment networks based on function, team,

or application.

Each VLAN is considered a separate logical network.

A trunk is a point-to-point link that carries more than

one VLAN.

VLAN tag fields include the type, user priority, CFI and
VID.

A separate voice VLAN is required to support VoIP.