10-Switching & VLANs

8/10/2019 10-Switching & VLANs

1/33

6/8/20

Switching and VLANs

Basic Switch Functions


2/33

6/8/20

Agenda

Address Learning

Forwarding

Filtering

Spanning Tree Protocol

Switches & Bridges have Three MainFunctions

Address Learning

Forwarding/Filtering

Loop Avoidance


3/33

6/8/20

ADDRESS LEARNING

Switch keeps a Table mapping MACAddress to Port

Port MAC Address

1

2

3

4

bbbb

1

2

3

4

aaaa

ddddcccc

MAC Address Table

Table is initiallyEmpty


4/33

6/8/20

Switch learns the Address and

Connected Port of Transmitting Device

Port MAC Address

1 aaaa

2

3

4

bbbb

1

2

3

4

aaaa

ddddcccc

MAC Address Table

I want to send to

cccc

Switch does not have destinationaddress in its MAC table

Port MAC Address

1 aaaa

2

3

4

bbbb

1

2

3

4

aaaa

ddddcccc

MAC Address Table

I want to send to

cccc

Switch Floods frame out of every port except the oneit came in on.


5/33

6/8/20

Switch learns the Address and

Connected Port of Transmitting Device

Port MAC Address

1 aaaa

2

3

4 cccc

bbbb

1

2

3

4

aaaa

ddddcccc

MAC Address Table

Switch learns the address of another device.

Reply to

aaaa

Switch finds Destination MAC address in itsTable

Port MAC Address

1 aaaa

2

3

4 cccc

bbbb

1

2

3

4

aaaa

ddddcccc

MAC Address Table

Switch forwards the frame out ONLY the correct

Port.

Reply to

aaaa


6/33

6/8/20

Process continues until switch learns the

Address and Port of all nodes

Port MAC Address

1 aaaa

2 dddd

3 bbbb

4 cccc

bbbb

1

2

3

4

aaaa

ddddcccc

MAC Address Table

LAYER 2 FORWARDING


7/33

6/8/20

Forwarding device wants to send

message to another device

bbbb

1

2

3

4

aaaa

dddd cccc

Port MAC Address

1 aaaa

2 dddd

3 bbbb

4 cccc

MAC Address Table

I want to

send to

bbbb

Forwarding switch looks for

destination address in MAC Address

Table

bbbb

1

2

3

4

aaaa

dddd cccc

Port MAC Address

1 aaaa

2 dddd

3 bbbb

4 cccc

MAC Address Table

I want to

send to

bbbb

1. Lookup bbbb in MAC Table

2. Finds it

3. Forward Frame out ONLY the

associated port


8/33

6/8/20

LAYER 2 SWITCH FILTERING

Multiple Nodes on the Same Port

bbbb

13

4

aaaa

dddd

cccc

Hub

Port MAC Address

1 aaaa, dddd

2

3 bbbb

4 cccc

MAC Address Table


9/33

6/8/20

Frames destined out the same port

they entered are dropped - Filtered

bbbb

13

4

aaaa

dddd

cccc

Hub

Port MAC Address

1 aaaa, dddd

2

3 bbbb

4 cccc

MAC Address Table

Sending to

dddd

I dont need to

do anything

LOOP AVOIDANCE


10/33

6/8/20

Networks with a Single Point of Failure

are not as Reliable

Failure at any of these point

will disrupt communication

between clients and servers

An additional Switch adds Redundancy

No more Single Point of

Failure


11/33

6/8/20

However, Loops can now occur

Frames can nowloop indefinitelyaround the network

Spanning Tree Protocol to the Rescue


12/33

6/8/20

STP Blocks Layer-2 Loops even when

Physical loops exists

Spanning Tree Protocol (STP)blocks some ports, tomaintain a loop-free network

At what point of the frame does the switchstart to forward the frame

Switches:

Cut-through

Store-and-forward

Bridges:Store-and-

forward


13/33

6/8/20

Cut-through Switching

The fastest way to forward frames

Looks at only the first 6 bytes (destination

MAC address) before forwarding

No error checking

Rest of Frame

Forwarding Decision

Destination

MAC Address

Fragment-free Switching

Waits for the first 64 bytes before forwarding

Catches most collisions

Limited error checking

Rest of Frame

Forwarding Decision

Destination

MAC Address

64

Bytes


14/33

6/8/20

Store-and-Forward Switching

Slower but more reliable than the cut-through

Reads entire frame and performs a CRC check

If CRC check fails discard frame

Forwarding Decision

Complete Frame CRC

Review

Address Learning

Forwarding

Filtering

Spanning Tree Protocol

Frame Switching


15/33

6/8/20

Advanced Switch Features

At the end of this lesson we will beable to

Explain the advanced features of a switch

Network+2009 Objective 3.3


16/33

6/8/20

What we will cover

Basic Layer-2 Switching

Power over Ethernet

The Spanning Tree Protocol

VLAN and VLAN Trunking

Port mirroringPort authentication

BASIC LAYER-2 SWITCHING


17/33

6/8/20

Bridging Function

Bridges Switches

Breakup Collision Domain

Address Learning

Forwarding

Filtering

Loop Avoidance

Switches vs. Bridges

Bridges Switches


18/33

6/8/20

Power over Ethernet or PoE

Safely transfers electrical power, along with

data, to remote devices

Use standard UTP cables.

No modification of existing Ethernet cabling

infrastructure required

Power over Ethernet (PoE) suppliespower to devices over UTP

IEEE 802.3af

Supplies power to Wireless AP, IPTelephone, IP Cameras, etc.

Power supplied by Switch or Mid-Span Power Injector

Maximum power supplied15.4 W


19/33

6/8/20

PoE Power Supplies

PoE Switch Mid-Span Power Injector

Some PoE Devices

IP

Telephone

IP Camera

Wireless AP

(with Power

Injector)


20/33

6/8/20

THE SPANNING TREE PROTOCOL

Redundant Topology eliminates singlepoints of failure

Redundant topology can cause broadcast storms, multipleframe copies, and MAC address table instability problems.


21/33

6/8/20

Station D sends a broadcast frame.

Broadcast frames are flooded to all ports

except the originating port.

Broadcast Frames

Broadcast Storms

Host X sends a broadcast.

Switches continue to propagate

broadcast traffic over and over.


22/33

6/8/20

Multiple Frame Copies

Host X sends a unicast frame to router Y. The MAC address of router Y has not been

learned by either switch.

Router Y will receive two copies of the same frame.

Host X sends a unicast frame to router Y.

The MAC address of router Y has not been learned by either switch.

Switches A and B learn the MAC address of host X on port 1.

The frame to router Y is flooded.

Switches A and B incorrectly learn the MAC address of host X on port 2.

MAC Database Instability


23/33

6/8/20

Provides a loop-free redundant network topology

by placing certain ports in the blocking state

Published in the IEEE 802.1D specification

The Spanning Tree Protocol prevents

layer-2 loops

Spanning-Tree Operation

One root bridge per broadcast domain.

One root port per nonroot bridge.

One designated port per segment.

Nondesignated ports are unused.


24/33

6/8/20

STP Root Bridge Selection

BPDU (default = sent every 2 seconds)

Root bridge = bridge with the lowest bridge ID

Bridge ID =Bridge

Priority

MAC

Address

Spanning tree transits each port through several different states:

Spanning-Tree Port States


25/33

6/8/20

VIRTUAL LOCAL AREA NETWORKS

(VLAN)

As a Switched Network grows manyissues may arise

Unbounded failure domains

Large broadcast domains

Large amount of unknown

MAC unicast traffic

Unbounded multicast traffic

Management and

support challenges Possible security

vulnerabilities


26/33

6/8/20

VLANs to the Rescue!

VLANs allow you to structure yournetwork Logically

VLAN = Broadcast Domain = Logical Network (Subnet)

Segmentation

Flexibility

Security


27/33

6/8/20

VLAN Operation

Access Access

Default all interfaces belong to thesame VLAN

1 2 3 4 5 6 7 8 9 10 11 12

VLAN 1

The Default Virtual LAN (VLAN) is

usually VLAN 1


28/33

6/8/20

Interfaces can be assigned to different

VLANs

1 2 3 4 5 6 7 8 9 10 11 12

VLAN 1VLAN 10 VLAN 15 VLAN 33

VLAN 1

Interface not reassigned remain in VLAN 1

Layer3 device (Router) is required forinter-VLAN communication

1 2 3 4 5 6 7 8 9 10 11 12

VLAN 10 VLAN 15 VLAN 33

VLAN 1


29/33

6/8/20

VLAN Membership Modes

VLAN TRUNKING


30/33

6/8/20

802.1Q Trunking

802.1Q Frame

16-Bits 3-Bits 12-Bits1


31/33

6/8/20

Native VLANs are untagged on the

Trunk

Port Mirroring copies frames forMonitoring

IDS

Mirrored

Ports

Copies frames from one or more ports or

VLAN to another switch port


32/33

6/8/20

Port Security controls Access to the

network based on MAC address

Allowed

Denied

Port Authentication allows networkaccess only after validation

1). May I access

the Network?

2). I will

check3). Can Suzy

access the

network

Minicomputer

Authentication

Server


33/33

10-Switching & VLANs

Documents

Transcript of 10-Switching & VLANs