1 / 37

Switching in an Enterprise Network

Switching in an Enterprise Network. Introducing Routing and Switching in the Enterprise – Chapter 3. Objectives. Compare the types of switches used in an enterprise network. Explain how Spanning Tree Protocol prevents switching loops. Describe and configure VLANs on a Cisco switch.

hiroko
Download Presentation

Switching in an Enterprise Network

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript


  1. Switching in an Enterprise Network Introducing Routing and Switching in the Enterprise– Chapter 3

  2. Objectives • Compare the types of switches used in an enterprise network. • Explain how Spanning Tree Protocol prevents switching loops. • Describe and configure VLANs on a Cisco switch. • Describe and configure trunking and Inter-VLAN routing. • Maintain VLANs in an enterprise network.

  3. Compare the Types of Switches Used in an Enterprise Network • Switching and network segmentation • Content addressable memory (CAM)—uses MAC address to decide where to move traffic • Virtual circuits

  4. Compare the Types of Switches Used in an Enterprise Network • Switch deletes old MAC address entries from CAM table as the aged out (after being idle for a certain period of time) • Switch checks the MAC address table to know where to forward the entry • If the SOURCE address is not in the table, it is added • If the Source ADDRESS is already there, the aging timer is reset • Switch forwards to the destination MAC address (if it has an entry in the table) • Otherwise, the switch will flood the frame out every active port (except the port upon which it was received)

  5. Switching and Network Segmentation • Broadcast domain—area bounded by routers, set of devices that receive broadcast frames originating from any of the devices • Broadcasts are flooded out every active interface • Collision domain—area where frames collide • Hubs have collisions • Switches, bridges, and routers, do not • Switches use a feature called microsegmentation

  6. Switching and Network Segmentation • Switch creates a virtual circuits which it maintains until the session terminates • Symmetric switching—all the same port speed • Asymmetric switching—some are higher speed ports, usually used for uplinks

  7. Compare Types of Switches—Enterprise Network • Hardware-based Layer 2 switching • Forward traffic at wire-speeds • Filters traffic Based on MAC address (which must be in the MAC table) • Limits forwarding of traffic to a network segment • Software-based Layer-3 (multilayer) switching • Based on IP address • Can forward traffic between different networks and subnets

  8. Cut-through switching Fast-forward fastest method—forwards immediately Low latency Most errors Fragment-free switch reads first 64 bytes before forwarding Less latency than store/forward More latency than fast forward Adaptive Cut-through Adapt their switching method to changing network conditions when number of errors exceeds threshold For instances, starts forwarding all traffic and then switches to store and forward Store and forward switching—entire frame is read and stored before sending Highest amount of latency No errors Used where there is high EMI Types of Switches

  9. Compare Switches Used in Enterprise Network • Switch physical security—mounting on racks, locked room with limited access by authorized personnel • Switch access security—use secure passwords, enable SSH access, monitor access and traffic, disable http access, disable unused ports, enable port security, disable Telnet • Port-security mac-address sticky—makes the first device connected to the port work but all others won’t

  10. Explain How Spanning Tree Protocol Prevents Switching Loops • Redundancy in network equipment • Redundant network links • Dangers of switching loops—more than one path between two switches • Broadcast storms—when many broadcasts are sent simultaneously across all network segments

  11. Explain How Spanning Tree Protocol Prevents Switching Loops • Redundancy—installing duplicate equipment network links for critical areas • Reduces congestion and supports high availability and load balancing • Broadcasting frames causes the frames to go around and around in all directions if you have switching loops • Broadcast storms use up the available bandwidth

  12. Explain How Spanning Tree Protocol Prevents Switching Loops • Spanning Tree Protocol (STP) • Creates redundant links without creating switching loops • Requires little configuration • STP is enable, and it detects potential loops and blocks some links, while leaving other ports active • Create a loop-free logical topology • Potential loop detection and port blocking • Redundancy without switching loops

  13. Explain How Spanning Tree Protocol Prevents Switching Loops • First step in convergence is to determine a root bridge (which is really a switch) • Primary switch in the STP topology • Root bridge communicates with the other switches using Bridge Protocol Data Units (BPDUs) • BPDUs contain • Identity of root bridge, identity of source port, cumulative costs of path to root bridge, value of aging timers, value of the hello timer • Bridge ID (BID) • Root ports, designated ports, and blocked ports

  14. Explain How Spanning Tree Protocol Prevents Switching Loops • As the switch powers on, each port cycles through a series of four states • LEDs on switch change as it cycles through these states • Can take up to 50 seconds to go through all the states and be ready to forward frames • Here are the states • Blocking—steady amber • Receives BPDUs • Discards data frames received from the attached segment • Listening—blinking amber • Learning—blinking amber • Forwarding—blinkinggreen • Disabled (administrator shut down the switch port)

  15. HOW IS ROOT BRIDGE DETERMINED • Based on Bridge ID (BID) • Consists of Bridge Priority and MAC • Default bridge priority is 32,768 • LOWEST PRIORITY WINS • To set priority • S3(CONFIG)#SPANNING-TREE VLAN 1 PRIORITY 4096 • Root Port—port that provides the least cost path (based on bandwidth cost) • Designated port—port set up to forward traffic to the root bridge but doesn’t connect to the least cost path • Blocked Port—one that does not forward traffic

  16. Minimizing downtime • PortFast—forwarding immediately • Causes access port to enter the spanning-tree forwarding state immediately • UplinkFast—accelerates choice of a new Root port when a link or switch fails • BackboneFast—fast convergence after • a spanning tree topology change occurs • These are all Cisco proprietary Explain How Spanning Tree Protocol Prevents Switching Loops • STP recalculations are infrequent in an stable network • Faulty power supply or power feed can cause the device to reboot unexpectedly causing recalculations

  17. Explain How Spanning Tree Protocol Prevents Switching Loops • Spanning-tree verification commands

  18. Rapid Spanning Tree Protocol—significantly speeds up the recalculation of the spanning tree (this is not proprietary Only three states Discarding Learning Forwarding Explain How Spanning Tree Protocol Prevents Switching Loops • Active topology—all ports that are not discarding are part of the active topology and will immediately transition to the forwarding state

  19. Configure VLANs on a Cisco Switch • Virtual LANs (vlans)—contain broadcasts and group hosts together logically. Can span multiple physical LAN segments REQUIRES A ROUTER • Allows an administrator to group together stations by logical function, project teams, applications • Doesn’t matter if they are physically attached • Accounting members only one with access to accounting server • Logical networks rather than Physical networks • Broadcast control—don’t forward between VLANS • Routers and VLANs prevent broadcasts from being sent throughout a network • Transparent to end-user

  20. 3.3.1 Configure VLANs on a Cisco Switch • VLAN functions--Contains broadcasts and groups users • VLAN membership is based on either • Static—requires administrator to manually assign each port to a VLAN • Dynamic—requires more organization because when the device plugs into a switch the database is searched for a match of the MAC address

  21. 3.3.2 Configure VLANs on a Cisco Switch • Dynamic VLAN membership requires a VLAN management policy server (VMPS) • Contains a database that maps MAC addresses to the VLAN assignments • VMPS requires more organization but VMPS also provides flexible dynamic assignments of VLAN memberships

  22. Configure VLANs on a Cisco Switch VLAN 1: management VLAN—used by administrator to configure the switch remotely Exchanges CDP traffic and VLAN Trunking Protocol (VTP) traffic VLAN numbers and names assigned when created Port assignment

  23. 3.3.2 Describe/Configure VLANs on a Cisco Switch • VLAN verification commands • Deleting a VLAN—use the NO command in front • You cannot delete VLAN 1 • Removing a port from a VLAN

  24. 3.3.3 Configure VLANs on a Cisco Switch • VLAN ID • Frame tagging: IEEE 802.1Q (abbreviated to dot1q) • Inserts a 4-byte tag field into the Ethernet frame can be up to 1522 bytes in size • Contains the destination and source MAC address • Length of the frame • Payload data • Frame check sequence (FCS)

  25. 3.4.1Configure Trunking and Inter-VLAN Routing • 3 main functions of VLAN, requiring them to cross multiple switches • Limits the size of broadcast domains • Improves network performance • Provides a level of security • Access Port (default switch setup) • Belongs to only one VLAN • Trunk port characteristics (see little video in 3.4.1 page 2) • Point-to-point link between switch and another network device • Carry multiple-VLAN traffic over single link (saving links) • Allowing a VLAN to reach across an entire network • Support for frame tagging • This is used to identify the VLAN • 802.1Q is the standardized frame tagging • ISL--Cisco proprietary frame tagging protocol • To change to trunk port • Switch(config)#interface fa0/port_number • Switch(config-if)#switchport mode trunk • Switch(config-if)#switchport trunk encapsulation {dot1q | isl | negotiate} Negotiate automatically detects type of the neighbor switch

  26. 3.4.1 Configure Trunking and Inter-VLAN Routing • Newer switches can detect the type of link based on the type of link configured at the other end • Based on the device that is attached, the link configures itself as either a trunk port or an access port • Frame tag contains the VLAN ID on the trunk link • Trunking enables VLANs to forward traffic between switches using only a single port • Switch receives a “tagged frame” on a trunk port, removes theVLAN ID tag and sends to the access port • Some traffic needs to cross the link untagged inorder to minimize the delays --CDP, VTP, VOICE TRAFFIC

  27. 3.4.2 Configure Trunking and Inter-VLAN Routing • Extending VLANs across switches • Only members of the same VLAN can communicate • To communicate between different VLANs, you need a ROUTER • Configuring a native VLAN to accommodate untagged traffic • Must be the same native VLAN on both ends or might have a loop On an 802.1Q trunk, use the following command to assign the native VLAN ID on a physical interface: Switch(config-if)#dot1q native vlanvlan-id

  28. 3.4.3 Configure Trunking and Inter-VLAN Routing • Connectivity between different VLANs requires a router or you can use Subinterfaces • Subinterfaces can logically divide the physical interface into multiple logical pathways • Router—needs 100 Mbps FastE • Configure subinterfaces that support 802.1Q encapsulation • Configure one subinterface for each VLAN • This allows each VLAN to have its own logical pathway and default gateway to the router • Switch—configure the switch interface as 802.1Q trunk line • Router on a stick—when the destination VLAN is on the same switch as the source VLAN • See little video 3.4.3 pg. 3

  29. Configure Trunking and Inter-VLAN Routing • 1. Configure a trunk port on the switch. • Switch(config)#interface fa0/2 • Switch(config-if)#switchport mode trunk • 2. On the router, configure a FastEthernet interface with no IP address or subnet mask. • Router(config)#interface fa0/1 • Router(config-if)#no ip address • Router(config-if)#no shutdown • 3. On the router, configure one subinterface with an IP address and subnet mask for each VLAN. Must have a compatible trunking protocol. In this example, I used 802.1Q encapsulation. • Router(config)#interface fa0/0.10 • Router(config-subif)#encapsulation dot1q 10 • Router(config-subif)#ip address 192.168.10.1 255.255.255.0 • 4. Use the following commands to verify the inter-VLAN routing configuration and functionality. • Switch#show trunk • Router#show ip interfaces • Router#show ip interfaces brief • Router#show ip route

  30. 3.5.1 Maintain VLAN Structure on an Enterprise Network • VLAN Trunking Protocol (VTP) uses a centralized server to distribute and manage the VLAN database from a centralized server • Maintains consistency in VLAN configuration across the network • Two versions (they are not compatible) • Switches must use the same VTP version • Management domain • VTP modes: server, client, transparent • (explained in next slide) • VLAN database • Configuration revision number

  31. VTP modes: server, client, transparent (KNOW THESE) 3.5.1 Maintain VLAN Structure on an Enterprise Network

  32. 3.5.1 Maintain VLAN Structure on an Enterprise Network • VTP messages Summary advertisements—issued every 5 minutes or whenever a change occurs Subset advertisements—follows the summary and contains new VLAN info based on the summary advertisement Advertisement requests—are used to ask for VLAN information. These are required if the switch has been reset or the VTP domain name has been changed Revision number begins at zero and increases by 1

  33. Maintain VLAN Structure on an Enterprise Network start at 3.5.1 • Configuring VTP • Verifying VTP configuration

  34. Maintain VLAN Structure on an Enterprise Network • VLANs and IP phones • VLANs and wireless security

  35. Maintain VLAN Structure on an Enterprise Network • VLAN best practices • VLAN security

  36. Summary • Switches forward traffic using store and forward or cut-through techniques • Basic security features should be applied to switches • A VLAN is a way to group hosts on the same logical network even though they may be physically separated • Frame tagging allows a switch to identify the source VLAN of an Ethernet frame. • A Layer 3 device is needed to move traffic between different VLANs. • Subinterfaces allow router interfaces to support multiple VLANs. • VLAN Trunking Protocol provides centralized control, distribution and maintenance of VLANs.

More Related